diff options
author | nectar <nectar@FreeBSD.org> | 2003-02-19 23:17:42 +0000 |
---|---|---|
committer | nectar <nectar@FreeBSD.org> | 2003-02-19 23:17:42 +0000 |
commit | 21bb0e5fa958b55498782bb6040051bad9010e66 (patch) | |
tree | a69ee61bbf542766bf3da5184b2fbaec03d0c6fe /crypto/openssl | |
parent | 05d8d6e23fae9150a113e8ab8a8544b981fb7e26 (diff) | |
parent | 6c9986c446b6cf77f5e83d111dbcca682d6fdd71 (diff) | |
download | FreeBSD-src-21bb0e5fa958b55498782bb6040051bad9010e66.zip FreeBSD-src-21bb0e5fa958b55498782bb6040051bad9010e66.tar.gz |
This commit was generated by cvs2svn to compensate for changes in r111147,
which included commits to RCS files with non-trunk default branches.
Diffstat (limited to 'crypto/openssl')
152 files changed, 1661 insertions, 646 deletions
diff --git a/crypto/openssl/CHANGES b/crypto/openssl/CHANGES index 418378f..0ef0122 100644 --- a/crypto/openssl/CHANGES +++ b/crypto/openssl/CHANGES @@ -2,6 +2,87 @@ OpenSSL CHANGES _______________ + Changes between 0.9.7 and 0.9.7a [19 Feb 2003] + + *) In ssl3_get_record (ssl/s3_pkt.c), minimize information leaked + via timing by performing a MAC computation even if incorrrect + block cipher padding has been found. This is a countermeasure + against active attacks where the attacker has to distinguish + between bad padding and a MAC verification error. (CAN-2003-0078) + + [Bodo Moeller; problem pointed out by Brice Canvel (EPFL), + Alain Hiltgen (UBS), Serge Vaudenay (EPFL), and + Martin Vuagnoux (EPFL, Ilion)] + + *) Make the no-err option work as intended. The intention with no-err + is not to have the whole error stack handling routines removed from + libcrypto, it's only intended to remove all the function name and + reason texts, thereby removing some of the footprint that may not + be interesting if those errors aren't displayed anyway. + + NOTE: it's still possible for any application or module to have it's + own set of error texts inserted. The routines are there, just not + used by default when no-err is given. + [Richard Levitte] + + *) Add support for FreeBSD on IA64. + [dirk.meyer@dinoex.sub.org via Richard Levitte, resolves #454] + + *) Adjust DES_cbc_cksum() so it returns the same value as the MIT + Kerberos function mit_des_cbc_cksum(). Before this change, + the value returned by DES_cbc_cksum() was like the one from + mit_des_cbc_cksum(), except the bytes were swapped. + [Kevin Greaney <Kevin.Greaney@hp.com> and Richard Levitte] + + *) Allow an application to disable the automatic SSL chain building. + Before this a rather primitive chain build was always performed in + ssl3_output_cert_chain(): an application had no way to send the + correct chain if the automatic operation produced an incorrect result. + + Now the chain builder is disabled if either: + + 1. Extra certificates are added via SSL_CTX_add_extra_chain_cert(). + + 2. The mode flag SSL_MODE_NO_AUTO_CHAIN is set. + + The reasoning behind this is that an application would not want the + auto chain building to take place if extra chain certificates are + present and it might also want a means of sending no additional + certificates (for example the chain has two certificates and the + root is omitted). + [Steve Henson] + + *) Add the possibility to build without the ENGINE framework. + [Steven Reddie <smr@essemer.com.au> via Richard Levitte] + + *) Under Win32 gmtime() can return NULL: check return value in + OPENSSL_gmtime(). Add error code for case where gmtime() fails. + [Steve Henson] + + *) DSA routines: under certain error conditions uninitialized BN objects + could be freed. Solution: make sure initialization is performed early + enough. (Reported and fix supplied by Ivan D Nestlerode <nestler@MIT.EDU>, + Nils Larsch <nla@trustcenter.de> via PR#459) + [Lutz Jaenicke] + + *) Another fix for SSLv2 session ID handling: the session ID was incorrectly + checked on reconnect on the client side, therefore session resumption + could still fail with a "ssl session id is different" error. This + behaviour is masked when SSL_OP_ALL is used due to + SSL_OP_MICROSOFT_SESS_ID_BUG being set. + Behaviour observed by Crispin Flowerday <crispin@flowerday.cx> as + followup to PR #377. + [Lutz Jaenicke] + + *) IA-32 assembler support enhancements: unified ELF targets, support + for SCO/Caldera platforms, fix for Cygwin shared build. + [Andy Polyakov] + + *) Add support for FreeBSD on sparc64. As a consequence, support for + FreeBSD on non-x86 processors is separate from x86 processors on + the config script, much like the NetBSD support. + [Richard Levitte & Kris Kennaway <kris@obsecurity.org>] + Changes between 0.9.6h and 0.9.7 [31 Dec 2002] *) Fix session ID handling in SSLv2 client code: the SERVER FINISHED @@ -177,7 +258,7 @@ # is assumed to contain the absolute OpenSSL source directory. mkdir -p objtree/"`uname -s`-`uname -r`-`uname -m`" cd objtree/"`uname -s`-`uname -r`-`uname -m`" - (cd $OPENSSL_SOURCE; find . -type f -o -type l) | while read F; do + (cd $OPENSSL_SOURCE; find . -type f) | while read F; do mkdir -p `dirname $F` ln -s $OPENSSL_SOURCE/$F $F done @@ -1677,6 +1758,11 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k be reduced modulo m. [Lenka Fibikova <fibikova@exp-math.uni-essen.de>, Bodo Moeller] +#if 0 + The following entry accidentily appeared in the CHANGES file + distributed with OpenSSL 0.9.7. The modifications described in + it do *not* apply to OpenSSL 0.9.7. + *) Remove a few calls to bn_wexpand() in BN_sqr() (the one in there was actually never needed) and in BN_mul(). The removal in BN_mul() required a small change in bn_mul_part_recursive() and the addition @@ -1685,6 +1771,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k bn_sub_words() and bn_add_words() except they take arrays with differing sizes. [Richard Levitte] +#endif *) In 'openssl passwd', verify passwords read from the terminal unless the '-salt' option is used (which usually means that @@ -1816,6 +1903,18 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k *) Clean old EAY MD5 hack from e_os.h. [Richard Levitte] + Changes between 0.9.6h and 0.9.6i [19 Feb 2003] + + *) In ssl3_get_record (ssl/s3_pkt.c), minimize information leaked + via timing by performing a MAC computation even if incorrrect + block cipher padding has been found. This is a countermeasure + against active attacks where the attacker has to distinguish + between bad padding and a MAC verification error. (CAN-2003-0078) + + [Bodo Moeller; problem pointed out by Brice Canvel (EPFL), + Alain Hiltgen (UBS), Serge Vaudenay (EPFL), and + Martin Vuagnoux (EPFL, Ilion)] + Changes between 0.9.6g and 0.9.6h [5 Dec 2002] *) New function OPENSSL_cleanse(), which is used to cleanse a section of diff --git a/crypto/openssl/Configure b/crypto/openssl/Configure index df29f78..768651f 100755 --- a/crypto/openssl/Configure +++ b/crypto/openssl/Configure @@ -10,7 +10,7 @@ use strict; # see INSTALL for instructions. -my $usage="Usage: Configure [no-<cipher> ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [no-hw-xxx|no-hw] [[no-]threads] [[no-]shared] [[no-]zlib|zlib-dynamic] [no-asm] [no-dso] [no-krb5] [386] [--prefix=DIR] [--openssldir=OPENSSLDIR] [--with-xxx[=vvv]] [--test-sanity] os/compiler[:flags]\n"; +my $usage="Usage: Configure [no-<cipher> ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [no-engine] [no-hw-xxx|no-hw] [[no-]threads] [[no-]shared] [[no-]zlib|zlib-dynamic] [no-asm] [no-dso] [no-krb5] [386] [--prefix=DIR] [--openssldir=OPENSSLDIR] [--with-xxx[=vvv]] [--test-sanity] os/compiler[:flags]\n"; # Options: # @@ -38,6 +38,7 @@ my $usage="Usage: Configure [no-<cipher> ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [- # --test-sanity Make a number of sanity checks on the data in this file. # This is a debugging tool for OpenSSL developers. # +# no-engine do not compile in any engine code. # no-hw-xxx do not compile support for specific crypto hardware. # Generic OpenSSL-style methods relating to this support # are always compiled but return NULL if the hardware @@ -107,7 +108,6 @@ my $tlib="-lnsl -lsocket"; my $bits1="THIRTY_TWO_BIT "; my $bits2="SIXTY_FOUR_BIT "; -my $x86_sol_asm="asm/bn86-sol.o asm/co86-sol.o:asm/dx86-sol.o asm/yx86-sol.o:asm/bx86-sol.o:asm/mx86-sol.o:asm/sx86-sol.o:asm/cx86-sol.o:asm/rx86-sol.o:asm/rm86-sol.o:asm/r586-sol.o"; my $x86_elf_asm="asm/bn86-elf.o asm/co86-elf.o:asm/dx86-elf.o asm/yx86-elf.o:asm/bx86-elf.o:asm/mx86-elf.o:asm/sx86-elf.o:asm/cx86-elf.o:asm/rx86-elf.o:asm/rm86-elf.o:asm/r586-elf.o"; my $x86_out_asm="asm/bn86-out.o asm/co86-out.o:asm/dx86-out.o asm/yx86-out.o:asm/bx86-out.o:asm/mx86-out.o:asm/sx86-out.o:asm/cx86-out.o:asm/rx86-out.o:asm/rm86-out.o:asm/r586-out.o"; my $x86_bsdi_asm="asm/bn86bsdi.o asm/co86bsdi.o:asm/dx86bsdi.o asm/yx86bsdi.o:asm/bx86bsdi.o:asm/mx86bsdi.o:asm/sx86bsdi.o:asm/cx86bsdi.o:asm/rx86bsdi.o:asm/rm86bsdi.o:asm/r586bsdi.o"; @@ -161,7 +161,7 @@ my %table=( # surrounds it with #APP #NO_APP comment pair which (at least Solaris # 7_x86) /usr/ccs/bin/as fails to assemble with "Illegal mnemonic" # error message. -"solaris-x86-gcc","gcc:-O3 -fomit-frame-pointer -m486 -Wall -DL_ENDIAN -DOPENSSL_NO_INLINE_ASM::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_sol_asm}:dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"solaris-x86-gcc","gcc:-O3 -fomit-frame-pointer -m486 -Wall -DL_ENDIAN -DOPENSSL_NO_INLINE_ASM::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", #### Solaris x86 with Sun C setups "solaris-x86-cc","cc:-fast -O -Xa::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_UNROLL BF_PTR::::::::::dlfcn:solaris-shared:-KPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", @@ -262,22 +262,21 @@ my %table=( "hpux64-parisc-gcc","gcc:-DB_ENDIAN -DMD32_XARRAY::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT::::::::::dlfcn:hpux64-shared:-fpic::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", # IA-64 targets -# I have no idea if this one actually works, feedback needed. <appro> -"hpux-ia64-cc","cc:-Ae +DD32 +O3 +ESlit -z -DB_ENDIAN::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT:asm/ia64-cpp.o:::::::::dlfcn:hpux-shared:+Z::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"hpux-ia64-cc","cc:-Ae +DD32 +O3 +Olit=all -z -DB_ENDIAN::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT:asm/ia64-cpp.o:::::::::dlfcn:hpux-shared:+Z::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", # Frank Geurts <frank.geurts@nl.abnamro.com> has patiently assisted with # with debugging of the following config. -"hpux64-ia64-cc","cc:-Ae +DD64 +O3 +ESlit -z -DB_ENDIAN::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT:asm/ia64-cpp.o:::::::::dlfcn:hpux64-shared:+Z::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"hpux64-ia64-cc","cc:-Ae +DD64 +O3 +Olit=all -z -DB_ENDIAN::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT:asm/ia64-cpp.o:::::::::dlfcn:hpux64-shared:+Z::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", # More attempts at unified 10.X and 11.X targets for HP C compiler. # # Chris Ruemmler <ruemmler@cup.hp.com> # Kevin Steves <ks@hp.se> -"hpux-parisc-cc","cc:+O3 +Optrs_strongly_typed +Olibcalls -Ae +ESlit -DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY::-D_REENTRANT::-Wl,+s -ldld:MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT::::::::::dl:hpux-shared:+Z::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"hpux-parisc2-cc","cc:+DA2.0 +DS2.0 +O3 +Optrs_strongly_typed +Olibcalls -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY::-D_REENTRANT::-Wl,+s -ldld:SIXTY_FOUR_BIT MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT:asm/pa-risc2.o:::::::::dl:hpux-shared:+Z::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"hpux64-parisc2-cc","cc:+DD64 +O3 +Optrs_strongly_typed +Olibcalls -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT:asm/pa-risc2W.o:::::::::dlfcn:hpux64-shared:+Z::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"hpux-parisc-cc","cc:+O3 +Optrs_strongly_typed -Ae +ESlit -DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY::-D_REENTRANT::-Wl,+s -ldld:MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT::::::::::dl:hpux-shared:+Z::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"hpux-parisc2-cc","cc:+DA2.0 +DS2.0 +O3 +Optrs_strongly_typed -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY::-D_REENTRANT::-Wl,+s -ldld:SIXTY_FOUR_BIT MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT:asm/pa-risc2.o:::::::::dl:hpux-shared:+Z::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"hpux64-parisc2-cc","cc:+DD64 +O3 +Optrs_strongly_typed -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT:asm/pa-risc2W.o:::::::::dlfcn:hpux64-shared:+Z::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", # Isn't the line below meaningless? HP-UX cc optimizes for host by default. # hpux-parisc1_0-cc with +DAportable flag would make more sense. <appro> -"hpux-parisc1_1-cc","cc:+DA1.1 +DS1.1 +O3 +Optrs_strongly_typed +Olibcalls -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY::-D_REENTRANT::-Wl,+s -ldld:MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT::::::::::dl:hpux-shared:+Z::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"hpux-parisc1_1-cc","cc:+DA1.1 +DS1.1 +O3 +Optrs_strongly_typed -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY::-D_REENTRANT::-Wl,+s -ldld:MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT::::::::::dl:hpux-shared:+Z::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", # HPUX 9.X config. # Don't use the bundled cc. It is broken. Use HP ANSI C if possible, or @@ -384,8 +383,8 @@ my %table=( "debug-linux-elf","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -m486 -Wall::-D_REENTRANT::-lefence -ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", "debug-linux-elf-noefence","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -m486 -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn", "linux-aout", "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -m486 -Wall::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_out_asm}", -"linux-mipsel", "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::(unknown):::BN_LLONG:::", -"linux-mips", "gcc:-DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::(unknown):::BN_LLONG:::", +"linux-mipsel", "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"linux-mips", "gcc:-DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", "linux-ppc", "gcc:-DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", "linux-m68k", "gcc:-DB_ENDIAN -DTERMIO -O2 -fomit-frame-pointer -Wall::-D_REENTRANT:::BN_LLONG::", "linux-s390", "gcc:-DB_ENDIAN -DTERMIO -DNO_ASM -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", @@ -396,6 +395,8 @@ my %table=( "NetBSD-m68", "gcc:-DTERMIOS -O3 -fomit-frame-pointer -Wall -DB_ENDIAN::(unknown):::BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL::::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", "NetBSD-x86", "gcc:-DTERMIOS -O3 -fomit-frame-pointer -m486 -Wall::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", "FreeBSD-elf", "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall::-pthread -D_REENTRANT -D_THREAD_SAFE -D_THREADSAFE:::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"FreeBSD-sparc64","gcc:-DB_ENDIAN -DTERMIOS -O3 -fomit-frame-pointer::-pthread -D_REENTRANT -D_THREAD_SAFE -D_THREADSAFE:::SIXTY_FOUR_BIT_LONG DES_INT DES_PTR DES_RISC2 BF_PTR::::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"FreeBSD-ia64","gcc:-DL_ENDIAN -DTERMIOS -O -fomit-frame-pointer::(unknown):::SIXTY_FOUR_BIT_LONG RC4_CHUNK RC4_CHAR:asm/ia64-cpp.o:::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", "FreeBSD", "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_out_asm}", "bsdi-gcc", "gcc:-O3 -ffast-math -DL_ENDIAN -DPERL5 -m486::(unknown):::RSA_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_bsdi_asm}", "bsdi-elf-gcc", "gcc:-DPERL5 -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall::(unknown)::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", @@ -403,7 +404,7 @@ my %table=( "nextstep3.3", "cc:-O3 -Wall:<libc.h>:(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:::", # NCR MP-RAS UNIX ver 02.03.01 -"ncr-scde","cc:-O6 -Xa -Hoff=BEHAVED -686 -Hwide -Hiw::(unknown)::-lsocket -lnsl:${x86_gcc_des} ${x86_gcc_opts}:::", +"ncr-scde","cc:-O6 -Xa -Hoff=BEHAVED -686 -Hwide -Hiw::(unknown)::-lsocket -lnsl -lc89:${x86_gcc_des} ${x86_gcc_opts}:::", # QNX 4 "qnx4", "cc:-DL_ENDIAN -DTERMIO::(unknown):::${x86_gcc_des} ${x86_gcc_opts}:", @@ -414,33 +415,36 @@ my %table=( # Linux on ARM "linux-elf-arm","gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT:::BN_LLONG::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +# SCO/Caldera targets. +# +# Originally we had like unixware-*, unixware-*-pentium, unixware-*-p6, etc. +# Now we only have blended unixware-* as it's the only one used by ./config. +# If you want to optimize for particular microarchitecture, bypass ./config +# and './Configure unixware-7 -Kpentium_pro' or whatever appropriate. +# Note that not all targets include assembler support. Mostly because of +# lack of motivation to support out-of-date platforms with out-of-date +# compiler drivers and assemblers. Tim Rice <tim@multitalents.net> has +# patiently assisted to debug most of it. +# # UnixWare 2.0x fails destest with -O "unixware-2.0","cc:-DFILIO_H -DNO_STRINGS_H::-Kthread::-lsocket -lnsl -lresolv -lx:${x86_gcc_des} ${x86_gcc_opts}:::", -"unixware-2.0-pentium","cc:-DFILIO_H -DNO_STRINGS_H -Kpentium::-Kthread::-lsocket -lnsl -lresolv -lx:MD2_CHAR RC4_INDEX ${x86_gcc_des}::", - -# UnixWare 2.1 "unixware-2.1","cc:-O -DFILIO_H::-Kthread::-lsocket -lnsl -lresolv -lx:${x86_gcc_des} ${x86_gcc_opts}:::", -"unixware-2.1-pentium","cc:-O -DFILIO_H -Kpentium::-Kthread::-lsocket -lnsl -lresolv -lx:MD2_CHAR RC4_INDEX ${x86_gcc_des}::", -"unixware-2.1-p6","cc:-O -DFILIO_H -Kp6::-Kthread::-lsocket -lnsl -lresolv -lx:MD2_CHAR RC4_INDEX ${x86_gcc_des}::", - -# UnixWare 7 -"unixware-7","cc:-O -DFILIO_H -Kalloca::-Kthread::-lsocket -lnsl:BN_LLONG MD2_CHAR RC4_INDEX ${x86_gcc_des}::::::::::dlfcn:svr5-shared:-Kpic::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"unixware-7-pentium","cc:-O -DFILIO_H -Kalloca -Kpentium::-Kthread::-lsocket -lnsl:BN_LLONG MD2_CHAR RC4_INDEX ${x86_gcc_des}::::::::::dlfcn:svr5-shared:-Kpic::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"unixware-7-pentium_pro","cc:-O -DFILIO_H -Kalloca -Kpentium_pro::-Kthread::-lsocket -lnsl:BN_LLONG MD2_CHAR RC4_INDEX ${x86_gcc_des}::::::::::dlfcn:svr5-shared:-Kpic::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"unixware-7-gcc","gcc:-DL_ENDIAN -DFILIO_H -O3 -fomit-frame-pointer -m486 -Wall::-D_REENTRANT::-lsocket -lnsl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::dlfcn:gnu-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"unixware-7","cc:-O -DFILIO_H -Kalloca::-Kthread::-lsocket -lnsl:BN_LLONG MD2_CHAR RC4_INDEX ${x86_gcc_des}:${x86_elf_asm}:dlfcn:svr5-shared:-Kpic::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"unixware-7-gcc","gcc:-DL_ENDIAN -DFILIO_H -O3 -fomit-frame-pointer -m486 -Wall::-D_REENTRANT::-lsocket -lnsl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:gnu-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"OpenUNIX-8","cc:-O -DFILIO_H -Kalloca::-Kthread::-lsocket -lnsl:BN_LLONG MD2_CHAR RC4_INDEX ${x86_gcc_des}:${x86_elf_asm}:dlfcn:svr5-shared:-Kpic::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"OpenUNIX-8-gcc","gcc:-O -DFILIO_H -fomit-frame-pointer::-pthread::-lsocket -lnsl:BN_LLONG MD2_CHAR RC4_INDEX ${x86_gcc_des}:${x86_elf_asm}:dlfcn:svr5-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"sco3-gcc", "gcc:-O3 -fomit-frame-pointer -Dssize_t=int -DNO_SYS_UN_H::(unknown)::-lsocket:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:::", # the SCO assembler doesn't seem to like our assembler files ... +# SCO 5 - Ben Laurie <ben@algroup.co.uk> says the -O breaks the SCO cc. +"sco5-cc", "cc:-belf::(unknown)::-lsocket -lnsl:${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:svr3-shared:-Kpic::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"sco5-gcc", "gcc:-O3 -fomit-frame-pointer::(unknown)::-lsocket -lnsl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:svr3-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -# OpenUNIX 8 -"OpenUNIX-8","cc:-O -DFILIO_H -Kalloca::-Kthread::-lsocket -lnsl:BN_LLONG MD2_CHAR RC4_INDEX ${x86_gcc_des}::::::::::dlfcn:svr5-shared:-Kpic::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"OpenUNIX-8-gcc","gcc:-O -DFILIO_H -fomit-frame-pointer::-pthread::-lsocket -lnsl:BN_LLONG MD2_CHAR RC4_INDEX ${x86_gcc_des}::::::::::dlfcn:svr5-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"OpenUNIX-8-pentium","cc:-O -DFILIO_H -Kalloca -Kpentium::-Kthread::-lsocket -lnsl:BN_LLONG MD2_CHAR RC4_INDEX ${x86_gcc_des}::::::::::dlfcn:svr5-shared:-Kpic::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"OpenUNIX-8-pentium_pro","cc:-O -DFILIO_H -Kalloca -Kpentium_pro::-Kthread::-lsocket -lnsl:BN_LLONG MD2_CHAR RC4_INDEX ${x86_gcc_des}::::::::::dlfcn:svr5-shared:-Kpic::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", # IBM's AIX. "aix-cc", "cc:-O -DB_ENDIAN -qmaxmem=16384::(unknown):AIX::BN_LLONG RC4_CHAR:::", "aix-gcc", "gcc:-O3 -DB_ENDIAN::(unknown):AIX::BN_LLONG RC4_CHAR:::", -"aix43-cc", "cc:-O -DAIX -DB_ENDIAN -qmaxmem=16384::(unknown):::BN_LLONG RC4_CHAR::::::::::dlfcn:", +"aix43-cc", "cc:-O -DAIX -DB_ENDIAN -qmaxmem=16384::(unknown):::BN_LLONG RC4_CHAR::::::::::dlfcn:aix-shared:::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)::", "aix43-gcc", "gcc:-O1 -DAIX -DB_ENDIAN::(unknown):::BN_LLONG RC4_CHAR::::::::::dlfcn:", -"aix64-cc", "cc:-O -DAIX -DB_ENDIAN -qmaxmem=16384 -q64::(unknown):::SIXTY_FOUR_BIT_LONG RC4_CHAR::::::::::dlfcn::::::-X 64", +"aix64-cc", "cc:-O -DAIX -DB_ENDIAN -qmaxmem=16384 -q64::(unknown):::SIXTY_FOUR_BIT_LONG RC4_CHAR::::::::::dlfcn:aix-shared::-q64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)::-X 64", # # Cray T90 and similar (SDSC) @@ -473,15 +477,6 @@ my %table=( "dgux-R4-gcc", "gcc:-O3 -fomit-frame-pointer::(unknown)::-lnsl -lsocket:RC4_INDEX DES_UNROLL:::", "dgux-R4-x86-gcc", "gcc:-O3 -fomit-frame-pointer -DL_ENDIAN::(unknown)::-lnsl -lsocket:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}", -# SCO 3 - Tim Rice <tim@multitalents.net> -"sco3-gcc", "gcc:-O3 -fomit-frame-pointer -Dssize_t=int -DNO_SYS_UN_H::(unknown)::-lsocket:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:::", # the SCO assembler doesn't seem to like our assembler files ... - -# SCO 5 - Ben Laurie <ben@algroup.co.uk> says the -O breaks the -# SCO cc. -"sco5-cc", "cc:-belf::(unknown)::-lsocket -lresolv -lnsl:${x86_gcc_des} ${x86_gcc_opts}::::::::::dlfcn:svr3-shared:-Kpic", # des options? -"sco5-cc-pentium", "cc:-Kpentium::(unknown)::-lsocket:${x86_gcc_des} ${x86_gcc_opts}:::", # des options? -"sco5-gcc", "gcc:-O3 -fomit-frame-pointer::(unknown)::-lsocket -lresolv -lnsl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::dlfcn:svr3-shared:-fPIC", - # Sinix/ReliantUNIX RM400 # NOTE: The CDS++ Compiler up to V2.0Bsomething has the IRIX_CC_BUG optimizer problem. Better use -g */ "ReliantUNIX","cc:-KPIC -g -DTERMIOS -DB_ENDIAN::-Kthread:SNI:-lsocket -lnsl -lc -L/usr/ucblib -lucb:BN_LLONG DES_PTR DES_RISC2 DES_UNROLL BF_PTR::::::::::dlfcn:reliantunix-shared:::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", @@ -508,7 +503,7 @@ my %table=( "VC-MSDOS","cl:::(unknown):MSDOS::BN_LLONG MD2_CHAR DES_UNROLL DES_PTR RC4_INDEX SIXTEEN_BIT:::", # Borland C++ 4.5 -"BC-32","bcc32::::WIN32::BN_LLONG DES_PTR RC4_INDEX::::::::::win32", +"BC-32","bcc32::::WIN32::BN_LLONG DES_PTR RC4_INDEX EXPORT_VAR_AS_FN::::::::::win32", "BC-16","bcc:::(unknown):WIN16::BN_LLONG DES_PTR RC4_INDEX SIXTEEN_BIT:::", # Mingw32 @@ -656,6 +651,7 @@ my $openssl_thread_defines; my $openssl_sys_defines=""; my $openssl_other_defines; my $libs; +my $libkrb5=""; my $target; my $options; my $symlink; @@ -696,6 +692,11 @@ PROCESS_ARGS: $flags .= "-DOPENSSL_NO_ASM "; $openssl_other_defines .= "#define OPENSSL_NO_ASM\n"; } + elsif (/^no-err$/) + { + $flags .= "-DOPENSSL_NO_ERR "; + $openssl_other_defines .= "#define OPENSSL_NO_ERR\n"; + } elsif (/^no-hw-(.+)$/) { my $hw=$1; @@ -956,6 +957,8 @@ my $shared_extension = $fields[$idx_shared_extension]; my $ranlib = $fields[$idx_ranlib]; my $arflags = $fields[$idx_arflags]; +my $no_shared_warn=0; + $cflags="$flags$cflags" if ($flags ne ""); # Kerberos settings. The flavor must be provided from outside, either through @@ -1020,8 +1023,6 @@ else $withargs{"krb5-include"} = "-I".$withargs{"krb5-dir"}."/include" if $withargs{"krb5-include"} eq "" && $withargs{"krb5-dir"} ne ""; - - $libs.=$withargs{"krb5-lib"}." " if $withargs{"krb5-lib"} ne ""; } # The DSO code currently always implements all functions so that no @@ -1107,6 +1108,7 @@ if ($zlib) my $shared_mark = ""; if ($shared_target eq "") { + $no_shared_warn = 1 if !$no_shared; $no_shared = 1; } if (!$no_shared) @@ -1240,6 +1242,7 @@ while (<IN>) s/^ARFLAGS=.*/ARFLAGS= $arflags/; s/^PERL=.*/PERL= $perl/; s/^KRB5_INCLUDES=.*/KRB5_INCLUDES=$withargs{"krb5-include"}/; + s/^LIBKRB5=.*/LIBKRB5=$withargs{"krb5-lib"}/; s/^SHLIB_TARGET=.*/SHLIB_TARGET=$shared_target/; s/^SHLIB_MARK=.*/SHLIB_MARK=$shared_mark/; s/^SHARED_LIBS=.*/SHARED_LIBS=\$(SHARED_CRYPTO) \$(SHARED_SSL)/ if (!$no_shared); @@ -1513,6 +1516,16 @@ applications as the compiler options required on this system are not known. See file INSTALL for details if you need multi-threading. EOF +print <<\EOF if ($no_shared_warn); + +You gave the option 'shared'. Normally, that would give you shared libraries. +Unfortunately, the OpenSSL configuration doesn't include shared library support +for this platform yet, so it will pretend you gave the option 'no-shared'. If +you can inform the developpers (openssl-dev\@openssl.org) how to support shared +libraries on this platform, they will at least look at it and try their best +(but please first make sure you have tried with a current version of OpenSSL). +EOF + exit(0); sub usage diff --git a/crypto/openssl/FAQ b/crypto/openssl/FAQ index 9d1b0bb..389d786 100644 --- a/crypto/openssl/FAQ +++ b/crypto/openssl/FAQ @@ -68,7 +68,7 @@ OpenSSL - Frequently Asked Questions * Which is the current version of OpenSSL? The current version is available from <URL: http://www.openssl.org>. -OpenSSL 0.9.7 was released on December 31, 2002. +OpenSSL 0.9.7a was released on February 19, 2003. In addition to the current stable release, you can also access daily snapshots of the OpenSSL development version at <URL: @@ -189,18 +189,30 @@ for permission to use their software with OpenSSL. Cryptographic software needs a source of unpredictable data to work correctly. Many open source operating systems provide a "randomness -device" that serves this purpose. On other systems, applications have -to call the RAND_add() or RAND_seed() function with appropriate data -before generating keys or performing public key encryption. -(These functions initialize the pseudo-random number generator, PRNG.) - -Some broken applications do not do this. As of version 0.9.5, the -OpenSSL functions that need randomness report an error if the random -number generator has not been seeded with at least 128 bits of -randomness. If this error occurs, please contact the author of the -application you are using. It is likely that it never worked -correctly. OpenSSL 0.9.5 and later make the error visible by refusing -to perform potentially insecure encryption. +device" (/dev/urandom or /dev/random) that serves this purpose. +All OpenSSL versions try to use /dev/urandom by default; starting with +version 0.9.7, OpenSSL also tries /dev/random if /dev/urandom is not +available. + +On other systems, applications have to call the RAND_add() or +RAND_seed() function with appropriate data before generating keys or +performing public key encryption. (These functions initialize the +pseudo-random number generator, PRNG.) Some broken applications do +not do this. As of version 0.9.5, the OpenSSL functions that need +randomness report an error if the random number generator has not been +seeded with at least 128 bits of randomness. If this error occurs and +is not discussed in the documentation of the application you are +using, please contact the author of that application; it is likely +that it never worked correctly. OpenSSL 0.9.5 and later make the +error visible by refusing to perform potentially insecure encryption. + +If you are using Solaris 8, you can add /dev/urandom and /dev/random +devices by installing patch 112438 (Sparc) or 112439 (x86), which are +available via the Patchfinder at <URL: http://sunsolve.sun.com> +(Solaris 9 includes these devices by default). For /dev/random support +for earlier Solaris versions, see Sun's statement at +<URL: http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsrdb/27606&zone_32=SUNWski> +(the SUNWski package is available in patch 105710). On systems without /dev/urandom and /dev/random, it is a good idea to use the Entropy Gathering Demon (EGD); see the RAND_egd() manpage for @@ -233,18 +245,6 @@ OpenSSL command line tools. Applications using the OpenSSL library provide their own configuration options to specify the entropy source, please check out the documentation coming the with application. -For Solaris 2.6, Tim Nibbe <tnibbe@sprint.net> and others have suggested -installing the SUNski package from Sun patch 105710-01 (Sparc) which -adds a /dev/random device and make sure it gets used, usually through -$RANDFILE. There are probably similar patches for the other Solaris -versions. An official statement from Sun with respect to /dev/random -support can be found at - http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsrdb/27606&zone_32=SUNWski -However, be warned that /dev/random is usually a blocking device, which -may have some effects on OpenSSL. -A third party /dev/random solution for Solaris is available at - http://www.cosy.sbg.ac.at/~andi/ - * Why do I get an "unable to write 'random state'" error message? @@ -490,10 +490,13 @@ and then redo the compilation. What you should really do is make sure Sometimes, you may get reports from VC++ command line (cl) that it can't find standard include files like stdio.h and other weirdnesses. One possible cause is that the environment isn't correctly set up. -To solve that problem, one should run VCVARS32.BAT which is found in -the 'bin' subdirectory of the VC++ installation directory (somewhere -under 'Program Files'). This needs to be done prior to running NMAKE, -and the changes are only valid for the current DOS session. +To solve that problem for VC++ versions up to 6, one should run +VCVARS32.BAT which is found in the 'bin' subdirectory of the VC++ +installation directory (somewhere under 'Program Files'). For VC++ +version 7 (and up?), which is also called VS.NET, the file is called +VSVARS32.BAT instead. +This needs to be done prior to running NMAKE, and the changes are only +valid for the current DOS session. * What is special about OpenSSL on Redhat? @@ -577,10 +580,13 @@ As of 0.9.7 assembler routines were overhauled for position independence of the machine code, which is essential for shared library support. For some reason OpenBSD is equipped with an out-of-date GNU assembler which finds the new code offensive. To work around the problem, configure with -no-asm (and sacrifice a great deal of performance) or upgrade /usr/bin/as. +no-asm (and sacrifice a great deal of performance) or patch your assembler +according to <URL: http://www.openssl.org/~appro/gas-1.92.3.OpenBSD.patch>. For your convenience a pre-compiled replacement binary is provided at -http://www.openssl.org/~appro/i386-openbsd3-as, which is compiled from -binutils-2.8 released in 1997. +<URL: http://www.openssl.org/~appro/gas-1.92.3.static.aout.bin>. +Reportedly elder *BSD a.out platforms also suffer from this problem and +remedy should be same. Provided binary is statically linked and should be +working across wider range of *BSD branches, not just OpenBSD. [PROG] ======================================================================== diff --git a/crypto/openssl/INSTALL b/crypto/openssl/INSTALL index a427f12..1c3f3c3 100644 --- a/crypto/openssl/INSTALL +++ b/crypto/openssl/INSTALL @@ -158,7 +158,7 @@ If a test fails, look at the output. There may be reasons for the failure that isn't a problem in OpenSSL itself (like a missing or malfunctioning bc). If it is a problem with OpenSSL itself, - try removing any compiler optimization flags from the CFLAGS line + try removing any compiler optimization flags from the CFLAG line in Makefile.ssl and run "make clean; make". Please send a bug report to <openssl-bugs@openssl.org>, including the output of "make report" in order to be added to the request tracker at @@ -308,3 +308,25 @@ to install additional support software to obtain random seed. Please check out the manual pages for RAND_add(), RAND_bytes(), RAND_egd(), and the FAQ for more information. + + Note on support for multiple builds + ----------------------------------- + + OpenSSL is usually built in it's source tree. Unfortunately, this doesn't + support building for multiple platforms from the same source tree very well. + It is however possible to build in a separate tree through the use of lots + of symbolic links, which should be prepared like this: + + mkdir -p objtree/"`uname -s`-`uname -r`-`uname -m`" + cd objtree/"`uname -s`-`uname -r`-`uname -m`" + (cd $OPENSSL_SOURCE; find . -type f) | while read F; do + mkdir -p `dirname $F` + rm -f $F; ln -s $OPENSSL_SOURCE/$F $F + echo $F '->' $OPENSSL_SOURCE/$F + done + make -f Makefile.org clean + + OPENSSL_SOURCE is an environment variable that contains the absolute (this + is important!) path to the OpenSSL source tree. + + Also, operations like 'make update' should still be made in the source tree. diff --git a/crypto/openssl/Makefile.org b/crypto/openssl/Makefile.org index fa18de1..8609019 100644 --- a/crypto/openssl/Makefile.org +++ b/crypto/openssl/Makefile.org @@ -72,6 +72,14 @@ TAR= tar TARFLAGS= --no-recursion MAKEDEPPROG=makedepend +# We let the C compiler driver to take care of .s files. This is done in +# order to be excused from maintaining a separate set of architecture +# dependent assembler flags. E.g. if you throw -mcpu=ultrasparc at SPARC +# gcc, then the driver will automatically translate it to -xarch=v8plus +# and pass it down to assembler. +AS=$(CC) -c +ASFLAGS=$(CFLAG) + # Set BN_ASM to bn_asm.o if you want to use the C version BN_ASM= bn_asm.o #BN_ASM= bn_asm.o @@ -159,6 +167,7 @@ RMD160_ASM_OBJ= asm/rm86-out.o # KRB5 stuff KRB5_INCLUDES= +LIBKRB5= # When we're prepared to use shared libraries in the programs we link here # we might set SHLIB_MARK to '$(SHARED_LIBS)'. @@ -216,7 +225,7 @@ sub_all: do \ if [ -d "$$i" ]; then \ (cd $$i && echo "making all in $$i..." && \ - $(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' KRB5_INCLUDES='${KRB5_INCLUDES}' LIBKRB5='${LIBKRB5}' EXE_EXT='${EXE_EXT}' SHARED_LIBS='${SHARED_LIBS}' SHLIB_EXT='${SHLIB_EXT}' SHLIB_TARGET='${SHLIB_TARGET}' all ) || exit 1; \ + $(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' AS='${AS}' ASFLAGS='${ASFLAGS}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' KRB5_INCLUDES='${KRB5_INCLUDES}' LIBKRB5='${LIBKRB5}' EXE_EXT='${EXE_EXT}' SHARED_LIBS='${SHARED_LIBS}' SHLIB_EXT='${SHLIB_EXT}' SHLIB_TARGET='${SHLIB_TARGET}' all ) || exit 1; \ else \ $(MAKE) $$i; \ fi; \ @@ -269,13 +278,16 @@ do_bsd-gcc-shared: do_gnu-shared do_linux-shared: do_gnu-shared do_gnu-shared: libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \ + if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \ + libs="$(LIBKRB5) $$libs"; \ + fi; \ ( set -x; ${CC} ${SHARED_LDFLAGS} \ -shared -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \ -Wl,-soname=lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \ -Wl,-Bsymbolic \ -Wl,--whole-archive lib$$i.a \ -Wl,--no-whole-archive $$libs ${EX_LIBS} -lc ) || exit 1; \ - libs="$$libs -l$$i"; \ + libs="-l$$i $$libs"; \ done DETECT_GNU_LD=(${CC} -Wl,-V /dev/null 2>&1 | grep '^GNU ld' )>/dev/null @@ -283,22 +295,28 @@ DETECT_GNU_LD=(${CC} -Wl,-V /dev/null 2>&1 | grep '^GNU ld' )>/dev/null # For Darwin AKA Mac OS/X (dyld) do_darwin-shared: libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \ - ( set -x ; ${CC} --verbose -dynamiclib -o lib$$i${SHLIB_EXT} \ + if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \ + libs="$(LIBKRB5) $$libs"; \ + fi; \ + ( set -x; ${CC} --verbose -dynamiclib -o lib$$i${SHLIB_EXT} \ lib$$i.a $$libs -all_load -current_version ${SHLIB_MAJOR}.${SHLIB_MINOR} \ -compatibility_version ${SHLIB_MAJOR}.`echo ${SHLIB_MINOR} | cut -d. -f1` \ -install_name ${INSTALLTOP}/lib/lib$$i${SHLIB_EXT} ) || exit 1; \ - libs="$$libs -l`basename $$i${SHLIB_EXT} .dylib`"; \ + libs="-l`basename $$i${SHLIB_EXT} .dylib` $$libs"; \ echo "" ; \ done do_cygwin-shared: libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \ + if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \ + libs="$(LIBKRB5) $$libs"; \ + fi; \ ( set -x; ${CC} -shared -o cyg$$i-$(SHLIB_VERSION_NUMBER).dll \ -Wl,-Bsymbolic \ -Wl,--whole-archive lib$$i.a \ -Wl,--out-implib,lib$$i.dll.a \ -Wl,--no-whole-archive $$libs ) || exit 1; \ - libs="$$libs -l$$i"; \ + libs="-l$$i $$libs"; \ done # This assumes that GNU utilities are *not* used @@ -307,11 +325,14 @@ do_alpha-osf1-shared: $(MAKE) do_gnu-shared; \ else \ libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \ + if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \ + libs="$(LIBKRB5) $$libs"; \ + fi; \ ( set -x; ${CC} ${SHARED_LDFLAGS} \ -shared -o lib$$i.so \ -set_version "${SHLIB_VERSION_HISTORY}${SHLIB_VERSION_NUMBER}" \ -all lib$$i.a -none $$libs ${EX_LIBS} -lc ) || exit 1; \ - libs="$$libs -l$$i"; \ + libs="-l$$i $$libs"; \ done; \ fi @@ -323,11 +344,14 @@ do_tru64-shared: $(MAKE) do_gnu-shared; \ else \ libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \ + if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \ + libs="$(LIBKRB5) $$libs"; \ + fi; \ ( set -x; ${CC} ${SHARED_LDFLAGS} \ -shared -msym -o lib$$i.so \ -set_version "${SHLIB_VERSION_HISTORY}${SHLIB_VERSION_NUMBER}" \ -all lib$$i.a -none $$libs ${EX_LIBS} -lc ) || exit 1; \ - libs="$$libs -l$$i"; \ + libs="-l$$i $$libs"; \ done; \ fi @@ -339,12 +363,15 @@ do_tru64-shared-rpath: $(MAKE) do_gnu-shared; \ else \ libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \ + if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \ + libs="$(LIBKRB5) $$libs"; \ + fi; \ ( set -x; ${CC} ${SHARED_LDFLAGS} \ -shared -msym -o lib$$i.so \ -rpath ${INSTALLTOP}/lib \ -set_version "${SHLIB_VERSION_HISTORY}${SHLIB_VERSION_NUMBER}" \ -all lib$$i.a -none $$libs ${EX_LIBS} -lc ) || exit 1; \ - libs="$$libs -l$$i"; \ + libs="-l$$i $$libs"; \ done; \ fi @@ -355,6 +382,9 @@ do_solaris-shared: $(MAKE) do_gnu-shared; \ else \ libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \ + if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \ + libs="$(LIBKRB5) $$libs"; \ + fi; \ ( PATH=/usr/ccs/bin:$$PATH ; export PATH; \ MINUSZ='-z '; \ (${CC} -v 2>&1 | grep gcc) > /dev/null && MINUSZ='-Wl,-z,'; \ @@ -363,7 +393,7 @@ do_solaris-shared: -h lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \ $${MINUSZ}allextract lib$$i.a $${MINUSZ}defaultextract \ $$libs ${EX_LIBS} -lc ) || exit 1; \ - libs="$$libs -l$$i"; \ + libs="-l$$i $$libs"; \ done; \ fi @@ -373,6 +403,9 @@ do_svr3-shared: $(MAKE) do_gnu-shared; \ else \ libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \ + if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \ + libs="$(LIBKRB5) $$libs"; \ + fi; \ ( PATH=/usr/ccs/bin:$$PATH ; export PATH; \ find . -name "*.o" -print > allobjs ; \ OBJS= ; export OBJS ; \ @@ -382,7 +415,7 @@ do_svr3-shared: set -x; ${CC} -G -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \ -h lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \ $${OBJS} $$libs ${EX_LIBS} ) || exit 1; \ - libs="$$libs -l$$i"; \ + libs="-l$$i $$libs"; \ done; \ fi @@ -392,6 +425,9 @@ do_svr5-shared: $(MAKE) do_gnu-shared; \ else \ libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \ + if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \ + libs="$(LIBKRB5) $$libs"; \ + fi; \ ( PATH=/usr/ccs/bin:$$PATH ; export PATH; \ find . -name "*.o" -print > allobjs ; \ OBJS= ; export OBJS ; \ @@ -402,7 +438,7 @@ do_svr5-shared: -G -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \ -h lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \ $${OBJS} $$libs ${EX_LIBS} ) || exit 1; \ - libs="$$libs -l$$i"; \ + libs="-l$$i $$libs"; \ done; \ fi @@ -412,11 +448,14 @@ do_irix-shared: $(MAKE) do_gnu-shared; \ else \ libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \ + if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \ + libs="$(LIBKRB5) $$libs"; \ + fi; \ ( set -x; ${CC} ${SHARED_LDFLAGS} \ -shared -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \ -Wl,-soname,lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \ -all lib$$i.a $$libs ${EX_LIBS} -lc) || exit 1; \ - libs="$$libs -l$$i"; \ + libs="-l$$i $$libs"; \ done; \ fi @@ -433,6 +472,9 @@ do_irix-shared: # do_hpux-shared: for i in ${SHLIBDIRS}; do \ + if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \ + libs="$(LIBKRB5) $$libs"; \ + fi; \ ( set -x; /usr/ccs/bin/ld ${SHARED_LDFLAGS} \ +vnocompatwarnings \ -b -z +s \ @@ -453,6 +495,9 @@ do_hpux-shared: # do_hpux64-shared: for i in ${SHLIBDIRS}; do \ + if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \ + libs="$(LIBKRB5) $$libs"; \ + fi; \ ( set -x; /usr/ccs/bin/ld ${SHARED_LDFLAGS} \ -b -z \ -o lib$$i.sl.${SHLIB_MAJOR}.${SHLIB_MINOR} \ @@ -495,17 +540,24 @@ SHAREDFLAGS=${SHARED_LDFLAGS} -G -bE:lib$$i.exp -bM:SRE SHAREDCMD=$(CC) do_aix-shared: libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \ + if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \ + libs="$(LIBKRB5) $$libs"; \ + fi; \ ( set -x; \ - ld -r -o $$i.o $(ALLSYMSFLAG) lib$$i.a && \ + ld -r -o lib$$i.o $(ALLSYMSFLAG) lib$$i.a && \ ( nm -Pg lib$$i.o | grep ' [BD] ' | cut -f1 -d' ' > lib$$i.exp; \ - $(SHAREDCMD) $(SHAREDFLAG) -o lib$$i.so lib$$i.o \ + $(SHAREDCMD) $(SHAREDFLAGS) \ + -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} lib$$i.o \ $$libs ${EX_LIBS} ) ) \ || exit 1; \ - libs="$$libs -l$$i"; \ + libs="-l$$i $$libs"; \ done do_reliantunix-shared: libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \ + if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \ + libs="$(LIBKRB5) $$libs"; \ + fi; \ tmpdir=/tmp/openssl.$$$$ ; rm -rf $$tmpdir ; \ ( set -x; \ ( Opwd=`pwd` ; mkdir $$tmpdir || exit 1; \ @@ -515,7 +567,7 @@ do_reliantunix-shared: cp $$tmpdir/lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} . ; \ ) || exit 1; \ rm -rf $$tmpdir ; \ - libs="$$libs -l$$i"; \ + libs="-l$$i $$libs"; \ done openssl.pc: Makefile.ssl @@ -528,7 +580,7 @@ openssl.pc: Makefile.ssl echo 'Description: Secure Sockets Layer and cryptography libraries and tools'; \ echo 'Version: '$(VERSION); \ echo 'Requires: '; \ - echo 'Libs: -L$${libdir} -lssl -lcrypto $(EX_LIBS)'; \ + echo 'Libs: -L$${libdir} -lssl -lcrypto $(LIBKRB5) $(EX_LIBS)'; \ echo 'Cflags: -I$${includedir} $(KRB5_INCLUDES)' ) > openssl.pc Makefile.ssl: Makefile.org @@ -601,8 +653,7 @@ rehash.time: certs @(OPENSSL="`pwd`/apps/openssl"; OPENSSL_DEBUG_MEMORY=on; \ export OPENSSL OPENSSL_DEBUG_MEMORY; \ LD_LIBRARY_PATH="`pwd`"; DYLD_LIBRARY_PATH="`pwd`"; SHLIB_PATH="`pwd`"; LIBPATH="`pwd`"; \ - if [ "$(PLATFORM)" = "DJGPP" ]; then PATH="`pwd`\;$$PATH"; \ - elif [ "$(PLATFORM)" = "Cygwin" ]; then PATH="`pwd`:$$PATH"; fi; \ + if [ "$(PLATFORM)" = "Cygwin" ]; then PATH="`pwd`:$$PATH"; fi; \ export LD_LIBRARY_PATH DYLD_LIBRARY_PATH SHLIB_PATH LIBPATH PATH; \ $(PERL) tools/c_rehash certs) touch rehash.time @@ -613,8 +664,7 @@ tests: rehash @(cd test && echo "testing..." && \ $(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' TESTS='${TESTS}' KRB5_INCLUDES='${KRB5_INCLUDES}' LIBKRB5='${LIBKRB5}' EXE_EXT='${EXE_EXT}' SHARED_LIBS='${SHARED_LIBS}' SHLIB_EXT='${SHLIB_EXT}' SHLIB_TARGET='${SHLIB_TARGET}' TESTS='${TESTS}' OPENSSL_DEBUG_MEMORY=on tests ); @LD_LIBRARY_PATH="`pwd`"; DYLD_LIBRARY_PATH="`pwd`"; SHLIB_PATH="`pwd`"; LIBPATH="`pwd`"; \ - if [ "$(PLATFORM)" = "DJGPP" ]; then PATH="`pwd`\;$$PATH"; \ - elif [ "$(PLATFORM)" = "Cygwin" ]; then PATH="`pwd`:$$PATH"; fi; \ + if [ "$(PLATFORM)" = "Cygwin" ]; then PATH="`pwd`:$$PATH"; fi; \ export LD_LIBRARY_PATH DYLD_LIBRARY_PATH SHLIB_PATH LIBPATH PATH; \ apps/openssl version -a @@ -749,7 +799,7 @@ install: all install_docs chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \ mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i; \ else \ - c=`echo $$i | sed 's/^lib\(.*\)/cyg\1-$(SHLIB_VERSION_NUMBER)/'`; \ + c=`echo $$i | sed 's/^lib\(.*\)\.dll/cyg\1-$(SHLIB_VERSION_NUMBER).dll/'`; \ cp $$c $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c.new; \ chmod 755 $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c.new; \ mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c.new $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c; \ @@ -763,6 +813,12 @@ install: all install_docs cd $(INSTALL_PREFIX)$(INSTALLTOP)/lib; \ set $(MAKE); \ $$1 -f $$here/Makefile link-shared ); \ + if [ "$(INSTALLTOP)" != "/usr" ]; then \ + echo 'OpenSSL shared libraries have been installed in:'; \ + echo ' $(INSTALLTOP)'; \ + echo ''; \ + sed -e '1,/^$$/d' doc/openssl-shared.txt; \ + fi; \ fi cp openssl.pc $(INSTALL_PREFIX)$(INSTALLTOP)/lib/pkgconfig diff --git a/crypto/openssl/Makefile.ssl b/crypto/openssl/Makefile.ssl index b262f9d..04de989 100644 --- a/crypto/openssl/Makefile.ssl +++ b/crypto/openssl/Makefile.ssl @@ -4,7 +4,7 @@ ## Makefile for OpenSSL ## -VERSION=0.9.7 +VERSION=0.9.7a MAJOR=0 MINOR=9.7 SHLIB_VERSION_NUMBER=0.9.7 @@ -74,6 +74,14 @@ TAR= tar TARFLAGS= --no-recursion MAKEDEPPROG=makedepend +# We let the C compiler driver to take care of .s files. This is done in +# order to be excused from maintaining a separate set of architecture +# dependent assembler flags. E.g. if you throw -mcpu=ultrasparc at SPARC +# gcc, then the driver will automatically translate it to -xarch=v8plus +# and pass it down to assembler. +AS=$(CC) -c +ASFLAGS=$(CFLAG) + # Set BN_ASM to bn_asm.o if you want to use the C version BN_ASM= bn_asm.o #BN_ASM= bn_asm.o @@ -161,6 +169,7 @@ RMD160_ASM_OBJ= # KRB5 stuff KRB5_INCLUDES= +LIBKRB5= # When we're prepared to use shared libraries in the programs we link here # we might set SHLIB_MARK to '$(SHARED_LIBS)'. @@ -218,7 +227,7 @@ sub_all: do \ if [ -d "$$i" ]; then \ (cd $$i && echo "making all in $$i..." && \ - $(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' KRB5_INCLUDES='${KRB5_INCLUDES}' LIBKRB5='${LIBKRB5}' EXE_EXT='${EXE_EXT}' SHARED_LIBS='${SHARED_LIBS}' SHLIB_EXT='${SHLIB_EXT}' SHLIB_TARGET='${SHLIB_TARGET}' all ) || exit 1; \ + $(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' AS='${AS}' ASFLAGS='${ASFLAGS}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' KRB5_INCLUDES='${KRB5_INCLUDES}' LIBKRB5='${LIBKRB5}' EXE_EXT='${EXE_EXT}' SHARED_LIBS='${SHARED_LIBS}' SHLIB_EXT='${SHLIB_EXT}' SHLIB_TARGET='${SHLIB_TARGET}' all ) || exit 1; \ else \ $(MAKE) $$i; \ fi; \ @@ -271,13 +280,16 @@ do_bsd-gcc-shared: do_gnu-shared do_linux-shared: do_gnu-shared do_gnu-shared: libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \ + if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \ + libs="$(LIBKRB5) $$libs"; \ + fi; \ ( set -x; ${CC} ${SHARED_LDFLAGS} \ -shared -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \ -Wl,-soname=lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \ -Wl,-Bsymbolic \ -Wl,--whole-archive lib$$i.a \ -Wl,--no-whole-archive $$libs ${EX_LIBS} -lc ) || exit 1; \ - libs="$$libs -l$$i"; \ + libs="-l$$i $$libs"; \ done DETECT_GNU_LD=(${CC} -Wl,-V /dev/null 2>&1 | grep '^GNU ld' )>/dev/null @@ -285,22 +297,28 @@ DETECT_GNU_LD=(${CC} -Wl,-V /dev/null 2>&1 | grep '^GNU ld' )>/dev/null # For Darwin AKA Mac OS/X (dyld) do_darwin-shared: libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \ - ( set -x ; ${CC} --verbose -dynamiclib -o lib$$i${SHLIB_EXT} \ + if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \ + libs="$(LIBKRB5) $$libs"; \ + fi; \ + ( set -x; ${CC} --verbose -dynamiclib -o lib$$i${SHLIB_EXT} \ lib$$i.a $$libs -all_load -current_version ${SHLIB_MAJOR}.${SHLIB_MINOR} \ -compatibility_version ${SHLIB_MAJOR}.`echo ${SHLIB_MINOR} | cut -d. -f1` \ -install_name ${INSTALLTOP}/lib/lib$$i${SHLIB_EXT} ) || exit 1; \ - libs="$$libs -l`basename $$i${SHLIB_EXT} .dylib`"; \ + libs="-l`basename $$i${SHLIB_EXT} .dylib` $$libs"; \ echo "" ; \ done do_cygwin-shared: libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \ + if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \ + libs="$(LIBKRB5) $$libs"; \ + fi; \ ( set -x; ${CC} -shared -o cyg$$i-$(SHLIB_VERSION_NUMBER).dll \ -Wl,-Bsymbolic \ -Wl,--whole-archive lib$$i.a \ -Wl,--out-implib,lib$$i.dll.a \ -Wl,--no-whole-archive $$libs ) || exit 1; \ - libs="$$libs -l$$i"; \ + libs="-l$$i $$libs"; \ done # This assumes that GNU utilities are *not* used @@ -309,11 +327,14 @@ do_alpha-osf1-shared: $(MAKE) do_gnu-shared; \ else \ libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \ + if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \ + libs="$(LIBKRB5) $$libs"; \ + fi; \ ( set -x; ${CC} ${SHARED_LDFLAGS} \ -shared -o lib$$i.so \ -set_version "${SHLIB_VERSION_HISTORY}${SHLIB_VERSION_NUMBER}" \ -all lib$$i.a -none $$libs ${EX_LIBS} -lc ) || exit 1; \ - libs="$$libs -l$$i"; \ + libs="-l$$i $$libs"; \ done; \ fi @@ -325,11 +346,14 @@ do_tru64-shared: $(MAKE) do_gnu-shared; \ else \ libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \ + if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \ + libs="$(LIBKRB5) $$libs"; \ + fi; \ ( set -x; ${CC} ${SHARED_LDFLAGS} \ -shared -msym -o lib$$i.so \ -set_version "${SHLIB_VERSION_HISTORY}${SHLIB_VERSION_NUMBER}" \ -all lib$$i.a -none $$libs ${EX_LIBS} -lc ) || exit 1; \ - libs="$$libs -l$$i"; \ + libs="-l$$i $$libs"; \ done; \ fi @@ -341,12 +365,15 @@ do_tru64-shared-rpath: $(MAKE) do_gnu-shared; \ else \ libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \ + if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \ + libs="$(LIBKRB5) $$libs"; \ + fi; \ ( set -x; ${CC} ${SHARED_LDFLAGS} \ -shared -msym -o lib$$i.so \ -rpath ${INSTALLTOP}/lib \ -set_version "${SHLIB_VERSION_HISTORY}${SHLIB_VERSION_NUMBER}" \ -all lib$$i.a -none $$libs ${EX_LIBS} -lc ) || exit 1; \ - libs="$$libs -l$$i"; \ + libs="-l$$i $$libs"; \ done; \ fi @@ -357,6 +384,9 @@ do_solaris-shared: $(MAKE) do_gnu-shared; \ else \ libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \ + if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \ + libs="$(LIBKRB5) $$libs"; \ + fi; \ ( PATH=/usr/ccs/bin:$$PATH ; export PATH; \ MINUSZ='-z '; \ (${CC} -v 2>&1 | grep gcc) > /dev/null && MINUSZ='-Wl,-z,'; \ @@ -365,7 +395,7 @@ do_solaris-shared: -h lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \ $${MINUSZ}allextract lib$$i.a $${MINUSZ}defaultextract \ $$libs ${EX_LIBS} -lc ) || exit 1; \ - libs="$$libs -l$$i"; \ + libs="-l$$i $$libs"; \ done; \ fi @@ -375,6 +405,9 @@ do_svr3-shared: $(MAKE) do_gnu-shared; \ else \ libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \ + if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \ + libs="$(LIBKRB5) $$libs"; \ + fi; \ ( PATH=/usr/ccs/bin:$$PATH ; export PATH; \ find . -name "*.o" -print > allobjs ; \ OBJS= ; export OBJS ; \ @@ -384,7 +417,7 @@ do_svr3-shared: set -x; ${CC} -G -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \ -h lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \ $${OBJS} $$libs ${EX_LIBS} ) || exit 1; \ - libs="$$libs -l$$i"; \ + libs="-l$$i $$libs"; \ done; \ fi @@ -394,6 +427,9 @@ do_svr5-shared: $(MAKE) do_gnu-shared; \ else \ libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \ + if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \ + libs="$(LIBKRB5) $$libs"; \ + fi; \ ( PATH=/usr/ccs/bin:$$PATH ; export PATH; \ find . -name "*.o" -print > allobjs ; \ OBJS= ; export OBJS ; \ @@ -404,7 +440,7 @@ do_svr5-shared: -G -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \ -h lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \ $${OBJS} $$libs ${EX_LIBS} ) || exit 1; \ - libs="$$libs -l$$i"; \ + libs="-l$$i $$libs"; \ done; \ fi @@ -414,11 +450,14 @@ do_irix-shared: $(MAKE) do_gnu-shared; \ else \ libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \ + if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \ + libs="$(LIBKRB5) $$libs"; \ + fi; \ ( set -x; ${CC} ${SHARED_LDFLAGS} \ -shared -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \ -Wl,-soname,lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \ -all lib$$i.a $$libs ${EX_LIBS} -lc) || exit 1; \ - libs="$$libs -l$$i"; \ + libs="-l$$i $$libs"; \ done; \ fi @@ -435,6 +474,9 @@ do_irix-shared: # do_hpux-shared: for i in ${SHLIBDIRS}; do \ + if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \ + libs="$(LIBKRB5) $$libs"; \ + fi; \ ( set -x; /usr/ccs/bin/ld ${SHARED_LDFLAGS} \ +vnocompatwarnings \ -b -z +s \ @@ -455,6 +497,9 @@ do_hpux-shared: # do_hpux64-shared: for i in ${SHLIBDIRS}; do \ + if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \ + libs="$(LIBKRB5) $$libs"; \ + fi; \ ( set -x; /usr/ccs/bin/ld ${SHARED_LDFLAGS} \ -b -z \ -o lib$$i.sl.${SHLIB_MAJOR}.${SHLIB_MINOR} \ @@ -497,17 +542,24 @@ SHAREDFLAGS=${SHARED_LDFLAGS} -G -bE:lib$$i.exp -bM:SRE SHAREDCMD=$(CC) do_aix-shared: libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \ + if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \ + libs="$(LIBKRB5) $$libs"; \ + fi; \ ( set -x; \ - ld -r -o $$i.o $(ALLSYMSFLAG) lib$$i.a && \ + ld -r -o lib$$i.o $(ALLSYMSFLAG) lib$$i.a && \ ( nm -Pg lib$$i.o | grep ' [BD] ' | cut -f1 -d' ' > lib$$i.exp; \ - $(SHAREDCMD) $(SHAREDFLAG) -o lib$$i.so lib$$i.o \ + $(SHAREDCMD) $(SHAREDFLAGS) \ + -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} lib$$i.o \ $$libs ${EX_LIBS} ) ) \ || exit 1; \ - libs="$$libs -l$$i"; \ + libs="-l$$i $$libs"; \ done do_reliantunix-shared: libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \ + if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \ + libs="$(LIBKRB5) $$libs"; \ + fi; \ tmpdir=/tmp/openssl.$$$$ ; rm -rf $$tmpdir ; \ ( set -x; \ ( Opwd=`pwd` ; mkdir $$tmpdir || exit 1; \ @@ -517,7 +569,7 @@ do_reliantunix-shared: cp $$tmpdir/lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} . ; \ ) || exit 1; \ rm -rf $$tmpdir ; \ - libs="$$libs -l$$i"; \ + libs="-l$$i $$libs"; \ done openssl.pc: Makefile.ssl @@ -530,7 +582,7 @@ openssl.pc: Makefile.ssl echo 'Description: Secure Sockets Layer and cryptography libraries and tools'; \ echo 'Version: '$(VERSION); \ echo 'Requires: '; \ - echo 'Libs: -L$${libdir} -lssl -lcrypto $(EX_LIBS)'; \ + echo 'Libs: -L$${libdir} -lssl -lcrypto $(LIBKRB5) $(EX_LIBS)'; \ echo 'Cflags: -I$${includedir} $(KRB5_INCLUDES)' ) > openssl.pc Makefile.ssl: Makefile.org @@ -603,8 +655,7 @@ rehash.time: certs @(OPENSSL="`pwd`/apps/openssl"; OPENSSL_DEBUG_MEMORY=on; \ export OPENSSL OPENSSL_DEBUG_MEMORY; \ LD_LIBRARY_PATH="`pwd`"; DYLD_LIBRARY_PATH="`pwd`"; SHLIB_PATH="`pwd`"; LIBPATH="`pwd`"; \ - if [ "$(PLATFORM)" = "DJGPP" ]; then PATH="`pwd`\;$$PATH"; \ - elif [ "$(PLATFORM)" = "Cygwin" ]; then PATH="`pwd`:$$PATH"; fi; \ + if [ "$(PLATFORM)" = "Cygwin" ]; then PATH="`pwd`:$$PATH"; fi; \ export LD_LIBRARY_PATH DYLD_LIBRARY_PATH SHLIB_PATH LIBPATH PATH; \ $(PERL) tools/c_rehash certs) touch rehash.time @@ -615,8 +666,7 @@ tests: rehash @(cd test && echo "testing..." && \ $(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' TESTS='${TESTS}' KRB5_INCLUDES='${KRB5_INCLUDES}' LIBKRB5='${LIBKRB5}' EXE_EXT='${EXE_EXT}' SHARED_LIBS='${SHARED_LIBS}' SHLIB_EXT='${SHLIB_EXT}' SHLIB_TARGET='${SHLIB_TARGET}' TESTS='${TESTS}' OPENSSL_DEBUG_MEMORY=on tests ); @LD_LIBRARY_PATH="`pwd`"; DYLD_LIBRARY_PATH="`pwd`"; SHLIB_PATH="`pwd`"; LIBPATH="`pwd`"; \ - if [ "$(PLATFORM)" = "DJGPP" ]; then PATH="`pwd`\;$$PATH"; \ - elif [ "$(PLATFORM)" = "Cygwin" ]; then PATH="`pwd`:$$PATH"; fi; \ + if [ "$(PLATFORM)" = "Cygwin" ]; then PATH="`pwd`:$$PATH"; fi; \ export LD_LIBRARY_PATH DYLD_LIBRARY_PATH SHLIB_PATH LIBPATH PATH; \ apps/openssl version -a @@ -751,7 +801,7 @@ install: all install_docs chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \ mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i; \ else \ - c=`echo $$i | sed 's/^lib\(.*\)/cyg\1-$(SHLIB_VERSION_NUMBER)/'`; \ + c=`echo $$i | sed 's/^lib\(.*\)\.dll/cyg\1-$(SHLIB_VERSION_NUMBER).dll/'`; \ cp $$c $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c.new; \ chmod 755 $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c.new; \ mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c.new $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c; \ @@ -765,6 +815,12 @@ install: all install_docs cd $(INSTALL_PREFIX)$(INSTALLTOP)/lib; \ set $(MAKE); \ $$1 -f $$here/Makefile link-shared ); \ + if [ "$(INSTALLTOP)" != "/usr" ]; then \ + echo 'OpenSSL shared libraries have been installed in:'; \ + echo ' $(INSTALLTOP)'; \ + echo ''; \ + sed -e '1,/^$$/d' doc/openssl-shared.txt; \ + fi; \ fi cp openssl.pc $(INSTALL_PREFIX)$(INSTALLTOP)/lib/pkgconfig diff --git a/crypto/openssl/NEWS b/crypto/openssl/NEWS index 28f42ce..3cf173e 100644 --- a/crypto/openssl/NEWS +++ b/crypto/openssl/NEWS @@ -5,6 +5,17 @@ This file gives a brief overview of the major changes between each OpenSSL release. For more details please read the CHANGES file. + Major changes between OpenSSL 0.9.7 and OpenSSL 0.9.7a: + + o Security: Important security related bugfixes. + o Enhanced compatibility with MIT Kerberos. + o Can be built without the ENGINE framework. + o IA32 assembler enhancements. + o Support for new platforms: FreeBSD/IA64 and FreeBSD/Sparc64. + o Configuration: the no-err option now works properly. + o SSL/TLS: now handles manual certificate chain building. + o SSL/TLS: certain session ID malfunctions corrected. + Major changes between OpenSSL 0.9.6 and OpenSSL 0.9.7: o New library section OCSP. @@ -51,6 +62,10 @@ o SSL/TLS: add callback to retrieve SSL/TLS messages. o SSL/TLS: support AES cipher suites (RFC3268). + Major changes between OpenSSL 0.9.6h and OpenSSL 0.9.6i: + + o Important security related bugfixes. + Major changes between OpenSSL 0.9.6g and OpenSSL 0.9.6h: o New configuration targets for Tandem OSS and A/UX. diff --git a/crypto/openssl/PROBLEMS b/crypto/openssl/PROBLEMS index 4bf3130..1a956b5 100644 --- a/crypto/openssl/PROBLEMS +++ b/crypto/openssl/PROBLEMS @@ -70,3 +70,31 @@ if compiled with WorkShop 6 compiler and -xarch=v9. The cause for this seems to be the fact that compiler emits multiplication to perform shift operations:-( To work the problem around configure with './Configure solaris64-sparcv9-cc -DMD32_REG_T=int'. + +* Problems with hp-parisc2-cc target when used with "no-asm" flag + +When using the hp-parisc2-cc target, wrong bignum code is generated. +This is due to the SIXTY_FOUR_BIT build being compiled with the +O3 +aggressive optimization. +The problem manifests itself by the BN_kronecker test hanging in an +endless loop. Reason: the BN_kronecker test calls BN_generate_prime() +which itself hangs. The reason could be tracked down to the bn_mul_comba8() +function in bn_asm.c. At some occasions the higher 32bit value of r[7] +is off by 1 (meaning: calculated=shouldbe+1). Further analysis failed, +as no debugger support possible at +O3 and additional fprintf()'s +introduced fixed the bug, therefore it is most likely a bug in the +optimizer. +The bug was found in the BN_kronecker test but may also lead to +failures in other parts of the code. +(See Ticket #426.) + +Workaround: modify the target to +O2 when building with no-asm. + +* Poor support for AIX shared builds. + +do_aix-shared rule is not flexible enough to parameterize through a +config-line. './Configure aix43-cc shared' is working, but not +'./Configure aix64-gcc shared'. In latter case make fails to create shared +libraries. It's possible to build 64-bit shared libraries by running +'env OBJECT_MODE=64 make', but we need more elegant solution. Preferably one +supporting even gcc shared builds. See RT#463 for background information. diff --git a/crypto/openssl/README b/crypto/openssl/README index b74af83..35bedc0 100644 --- a/crypto/openssl/README +++ b/crypto/openssl/README @@ -1,7 +1,7 @@ - OpenSSL 0.9.7 31 Dec 2002 + OpenSSL 0.9.7a Feb 19 2003 - Copyright (c) 1998-2002 The OpenSSL Project + Copyright (c) 1998-2003 The OpenSSL Project Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson All rights reserved. diff --git a/crypto/openssl/apps/Makefile.ssl b/crypto/openssl/apps/Makefile.ssl index c75d0d2..ff433d6 100644 --- a/crypto/openssl/apps/Makefile.ssl +++ b/crypto/openssl/apps/Makefile.ssl @@ -18,6 +18,7 @@ PERL= perl RM= rm -f # KRB5 stuff KRB5_INCLUDES= +LIBKRB5= PEX_LIBS= EX_LIBS= @@ -150,8 +151,7 @@ $(PROGRAM): progs.h $(E_OBJ) $(PROGRAM).o $(DLIBCRYPTO) $(DLIBSSL) fi -(cd ..; OPENSSL="`pwd`/apps/openssl"; export OPENSSL; \ LIBPATH="`pwd`"; LD_LIBRARY_PATH="`pwd`"; DYLD_LIBRARY_PATH="`pwd`"; SHLIB_PATH="`pwd`"; \ - if [ "$(PLATFORM)" = "DJGPP" ]; then PATH="`pwd`\;$$PATH"; \ - elif [ "$(PLATFORM)" = "Cygwin" ]; then PATH="`pwd`:$$PATH"; fi; \ + if [ "$(PLATFORM)" = "Cygwin" ]; then PATH="`pwd`:$$PATH"; fi; \ export LD_LIBRARY_PATH DYLD_LIBRARY_PATH SHLIB_PATH LIBPATH PATH; \ $(PERL) tools/c_rehash certs) diff --git a/crypto/openssl/apps/apps.c b/crypto/openssl/apps/apps.c index 4a8c926..ec3e391 100644 --- a/crypto/openssl/apps/apps.c +++ b/crypto/openssl/apps/apps.c @@ -122,7 +122,9 @@ #include <openssl/pkcs12.h> #include <openssl/ui.h> #include <openssl/safestack.h> +#ifndef OPENSSL_NO_ENGINE #include <openssl/engine.h> +#endif #ifdef OPENSSL_SYS_WINDOWS #define strcasecmp _stricmp @@ -859,6 +861,7 @@ EVP_PKEY *load_key(BIO *err, const char *file, int format, int maybe_stdin, BIO_printf(err,"no keyfile specified\n"); goto end; } +#ifndef OPENSSL_NO_ENGINE if (format == FORMAT_ENGINE) { if (!e) @@ -868,6 +871,7 @@ EVP_PKEY *load_key(BIO *err, const char *file, int format, int maybe_stdin, ui_method, &cb_data); goto end; } +#endif key=BIO_new(BIO_s_file()); if (key == NULL) { @@ -935,6 +939,7 @@ EVP_PKEY *load_pubkey(BIO *err, const char *file, int format, int maybe_stdin, BIO_printf(err,"no keyfile specified\n"); goto end; } +#ifndef OPENSSL_NO_ENGINE if (format == FORMAT_ENGINE) { if (!e) @@ -944,6 +949,7 @@ EVP_PKEY *load_pubkey(BIO *err, const char *file, int format, int maybe_stdin, ui_method, &cb_data); goto end; } +#endif key=BIO_new(BIO_s_file()); if (key == NULL) { @@ -1329,6 +1335,7 @@ X509_STORE *setup_verify(BIO *bp, char *CAfile, char *CApath) return NULL; } +#ifndef OPENSSL_NO_ENGINE /* Try to load an engine in a shareable library */ static ENGINE *try_load_engine(BIO *err, const char *engine, int debug) { @@ -1385,6 +1392,7 @@ ENGINE *setup_engine(BIO *err, const char *engine, int debug) } return e; } +#endif int load_config(BIO *err, CONF *cnf) { diff --git a/crypto/openssl/apps/apps.h b/crypto/openssl/apps/apps.h index 7b1f8de..c36b9d2 100644 --- a/crypto/openssl/apps/apps.h +++ b/crypto/openssl/apps/apps.h @@ -121,7 +121,9 @@ #include <openssl/lhash.h> #include <openssl/conf.h> #include <openssl/txt_db.h> +#ifndef OPENSSL_NO_ENGINE #include <openssl/engine.h> +#endif #include <openssl/ossl_typ.h> int app_RAND_load_file(const char *file, BIO *bio_e, int dont_warn); @@ -179,30 +181,57 @@ extern BIO *bio_err; do_pipe_sig() # define apps_shutdown() #else -# if defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_WIN16) || \ - defined(OPENSSL_SYS_WIN32) -# ifdef _O_BINARY -# define apps_startup() \ - do { _fmode=_O_BINARY; do_pipe_sig(); CRYPTO_malloc_init(); \ - ERR_load_crypto_strings(); OpenSSL_add_all_algorithms(); \ - ENGINE_load_builtin_engines(); setup_ui_method(); } while(0) +# ifndef OPENSSL_NO_ENGINE +# if defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_WIN16) || \ + defined(OPENSSL_SYS_WIN32) +# ifdef _O_BINARY +# define apps_startup() \ + do { _fmode=_O_BINARY; do_pipe_sig(); CRYPTO_malloc_init(); \ + ERR_load_crypto_strings(); OpenSSL_add_all_algorithms(); \ + ENGINE_load_builtin_engines(); setup_ui_method(); } while(0) +# else +# define apps_startup() \ + do { _fmode=O_BINARY; do_pipe_sig(); CRYPTO_malloc_init(); \ + ERR_load_crypto_strings(); OpenSSL_add_all_algorithms(); \ + ENGINE_load_builtin_engines(); setup_ui_method(); } while(0) +# endif # else # define apps_startup() \ - do { _fmode=O_BINARY; do_pipe_sig(); CRYPTO_malloc_init(); \ - ERR_load_crypto_strings(); OpenSSL_add_all_algorithms(); \ - ENGINE_load_builtin_engines(); setup_ui_method(); } while(0) + do { do_pipe_sig(); OpenSSL_add_all_algorithms(); \ + ERR_load_crypto_strings(); ENGINE_load_builtin_engines(); \ + setup_ui_method(); } while(0) # endif +# define apps_shutdown() \ + do { CONF_modules_unload(1); destroy_ui_method(); \ + EVP_cleanup(); ENGINE_cleanup(); \ + CRYPTO_cleanup_all_ex_data(); ERR_remove_state(0); \ + ERR_free_strings(); } while(0) # else -# define apps_startup() \ - do { do_pipe_sig(); OpenSSL_add_all_algorithms(); \ - ERR_load_crypto_strings(); ENGINE_load_builtin_engines(); \ - setup_ui_method(); } while(0) +# if defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_WIN16) || \ + defined(OPENSSL_SYS_WIN32) +# ifdef _O_BINARY +# define apps_startup() \ + do { _fmode=_O_BINARY; do_pipe_sig(); CRYPTO_malloc_init(); \ + ERR_load_crypto_strings(); OpenSSL_add_all_algorithms(); \ + setup_ui_method(); } while(0) +# else +# define apps_startup() \ + do { _fmode=O_BINARY; do_pipe_sig(); CRYPTO_malloc_init(); \ + ERR_load_crypto_strings(); OpenSSL_add_all_algorithms(); \ + setup_ui_method(); } while(0) +# endif +# else +# define apps_startup() \ + do { do_pipe_sig(); OpenSSL_add_all_algorithms(); \ + ERR_load_crypto_strings(); \ + setup_ui_method(); } while(0) +# endif +# define apps_shutdown() \ + do { CONF_modules_unload(1); destroy_ui_method(); \ + EVP_cleanup(); \ + CRYPTO_cleanup_all_ex_data(); ERR_remove_state(0); \ + ERR_free_strings(); } while(0) # endif -# define apps_shutdown() \ - do { CONF_modules_unload(1); destroy_ui_method(); \ - EVP_cleanup(); ENGINE_cleanup(); \ - CRYPTO_cleanup_all_ex_data(); ERR_remove_state(0); \ - ERR_free_strings(); } while(0) #endif typedef struct args_st @@ -248,7 +277,9 @@ EVP_PKEY *load_pubkey(BIO *err, const char *file, int format, int maybe_stdin, STACK_OF(X509) *load_certs(BIO *err, const char *file, int format, const char *pass, ENGINE *e, const char *cert_descrip); X509_STORE *setup_verify(BIO *bp, char *CAfile, char *CApath); +#ifndef OPENSSL_NO_ENGINE ENGINE *setup_engine(BIO *err, const char *engine, int debug); +#endif int load_config(BIO *err, CONF *cnf); char *make_config_name(void); diff --git a/crypto/openssl/apps/ca.c b/crypto/openssl/apps/ca.c index 93e61f6..1d4e4aa 100644 --- a/crypto/openssl/apps/ca.c +++ b/crypto/openssl/apps/ca.c @@ -196,7 +196,9 @@ static char *ca_usage[]={ " -extensions .. - Extension section (override value in config file)\n", " -extfile file - Configuration file with X509v3 extentions to add\n", " -crlexts .. - CRL extension section (override value in config file)\n", +#ifndef OPENSSL_NO_ENGINE " -engine e - use engine e, possibly a hardware device.\n", +#endif " -status serial - Shows certificate status given the serial number\n", " -updatedb - Updates db for expired certificates\n", NULL @@ -333,7 +335,9 @@ int MAIN(int argc, char **argv) #define BSIZE 256 MS_STATIC char buf[3][BSIZE]; char *randfile=NULL; +#ifndef OPENSSL_NO_ENGINE char *engine = NULL; +#endif char *tofree=NULL; #ifdef EFENCE @@ -537,11 +541,13 @@ EF_ALIGNMENT=0; rev_arg = *(++argv); rev_type = REV_CA_COMPROMISE; } +#ifndef OPENSSL_NO_ENGINE else if (strcmp(*argv,"-engine") == 0) { if (--argc < 1) goto bad; engine= *(++argv); } +#endif else { bad: @@ -562,7 +568,9 @@ bad: ERR_load_crypto_strings(); +#ifndef OPENSSL_NO_ENGINE e = setup_engine(bio_err, engine, 0); +#endif /*****************************************************************/ tofree=NULL; @@ -597,7 +605,10 @@ bad: goto err; } if(tofree) + { OPENSSL_free(tofree); + tofree = NULL; + } if (!load_config(bio_err, conf)) goto err; @@ -1633,11 +1644,12 @@ err: BIO_free_all(out); BIO_free_all(in); - sk_X509_pop_free(cert_sk,X509_free); + if (cert_sk) + sk_X509_pop_free(cert_sk,X509_free); if (ret) ERR_print_errors(bio_err); app_RAND_write_file(randfile, bio_err); - if (free_key) + if (free_key && key) OPENSSL_free(key); BN_free(serial); TXT_DB_free(db); diff --git a/crypto/openssl/apps/dgst.c b/crypto/openssl/apps/dgst.c index 280f79b..47d1309 100644 --- a/crypto/openssl/apps/dgst.c +++ b/crypto/openssl/apps/dgst.c @@ -100,7 +100,9 @@ int MAIN(int argc, char **argv) EVP_PKEY *sigkey = NULL; unsigned char *sigbuf = NULL; int siglen = 0; +#ifndef OPENSSL_NO_ENGINE char *engine=NULL; +#endif apps_startup(); @@ -166,11 +168,13 @@ int MAIN(int argc, char **argv) if (--argc < 1) break; keyform=str2fmt(*(++argv)); } +#ifndef OPENSSL_NO_ENGINE else if (strcmp(*argv,"-engine") == 0) { if (--argc < 1) break; engine= *(++argv); } +#endif else if (strcmp(*argv,"-hex") == 0) out_bin = 0; else if (strcmp(*argv,"-binary") == 0) @@ -208,7 +212,9 @@ int MAIN(int argc, char **argv) BIO_printf(bio_err,"-keyform arg key file format (PEM or ENGINE)\n"); BIO_printf(bio_err,"-signature file signature to verify\n"); BIO_printf(bio_err,"-binary output in binary form\n"); +#ifndef OPENSSL_NO_ENGINE BIO_printf(bio_err,"-engine e use engine e, possibly a hardware device.\n"); +#endif BIO_printf(bio_err,"-%3s to use the %s message digest algorithm (default)\n", LN_md5,LN_md5); @@ -228,7 +234,9 @@ int MAIN(int argc, char **argv) goto end; } +#ifndef OPENSSL_NO_ENGINE e = setup_engine(bio_err, engine, 0); +#endif in=BIO_new(BIO_s_file()); bmd=BIO_new(BIO_f_md()); diff --git a/crypto/openssl/apps/dh.c b/crypto/openssl/apps/dh.c index c10ea96..cd01fed 100644 --- a/crypto/openssl/apps/dh.c +++ b/crypto/openssl/apps/dh.c @@ -87,12 +87,17 @@ int MAIN(int, char **); int MAIN(int argc, char **argv) { +#ifndef OPENSSL_NO_ENGINE ENGINE *e = NULL; +#endif DH *dh=NULL; int i,badops=0,text=0; BIO *in=NULL,*out=NULL; int informat,outformat,check=0,noout=0,C=0,ret=1; - char *infile,*outfile,*prog,*engine; + char *infile,*outfile,*prog; +#ifndef OPENSSL_NO_ENGINE + char *engine; +#endif apps_startup(); @@ -103,7 +108,9 @@ int MAIN(int argc, char **argv) if (!load_config(bio_err, NULL)) goto end; +#ifndef OPENSSL_NO_ENGINE engine=NULL; +#endif infile=NULL; outfile=NULL; informat=FORMAT_PEM; @@ -134,11 +141,13 @@ int MAIN(int argc, char **argv) if (--argc < 1) goto bad; outfile= *(++argv); } +#ifndef OPENSSL_NO_ENGINE else if (strcmp(*argv,"-engine") == 0) { if (--argc < 1) goto bad; engine= *(++argv); } +#endif else if (strcmp(*argv,"-check") == 0) check=1; else if (strcmp(*argv,"-text") == 0) @@ -170,13 +179,17 @@ bad: BIO_printf(bio_err," -text print a text form of the DH parameters\n"); BIO_printf(bio_err," -C Output C code\n"); BIO_printf(bio_err," -noout no output\n"); +#ifndef OPENSSL_NO_ENGINE BIO_printf(bio_err," -engine e use engine e, possibly a hardware device.\n"); +#endif goto end; } ERR_load_crypto_strings(); +#ifndef OPENSSL_NO_ENGINE e = setup_engine(bio_err, engine, 0); +#endif in=BIO_new(BIO_s_file()); out=BIO_new(BIO_s_file()); diff --git a/crypto/openssl/apps/dhparam.c b/crypto/openssl/apps/dhparam.c index cbc65bc..dc00355 100644 --- a/crypto/openssl/apps/dhparam.c +++ b/crypto/openssl/apps/dhparam.c @@ -148,7 +148,9 @@ int MAIN(int, char **); int MAIN(int argc, char **argv) { +#ifndef OPENSSL_NO_ENGINE ENGINE *e = NULL; +#endif DH *dh=NULL; int i,badops=0,text=0; #ifndef OPENSSL_NO_DSA @@ -157,7 +159,10 @@ int MAIN(int argc, char **argv) BIO *in=NULL,*out=NULL; int informat,outformat,check=0,noout=0,C=0,ret=1; char *infile,*outfile,*prog; - char *inrand=NULL,*engine=NULL; + char *inrand=NULL; +#ifndef OPENSSL_NO_ENGINE + char *engine=NULL; +#endif int num = 0, g = 0; apps_startup(); @@ -199,11 +204,13 @@ int MAIN(int argc, char **argv) if (--argc < 1) goto bad; outfile= *(++argv); } +#ifndef OPENSSL_NO_ENGINE else if (strcmp(*argv,"-engine") == 0) { if (--argc < 1) goto bad; engine= *(++argv); } +#endif else if (strcmp(*argv,"-check") == 0) check=1; else if (strcmp(*argv,"-text") == 0) @@ -249,7 +256,9 @@ bad: BIO_printf(bio_err," -2 generate parameters using 2 as the generator value\n"); BIO_printf(bio_err," -5 generate parameters using 5 as the generator value\n"); BIO_printf(bio_err," numbits number of bits in to generate (default 512)\n"); +#ifndef OPENSSL_NO_ENGINE BIO_printf(bio_err," -engine e use engine e, possibly a hardware device.\n"); +#endif BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR); BIO_printf(bio_err," - load the file (or the files in the directory) into\n"); BIO_printf(bio_err," the random number generator\n"); @@ -259,7 +268,9 @@ bad: ERR_load_crypto_strings(); +#ifndef OPENSSL_NO_ENGINE e = setup_engine(bio_err, engine, 0); +#endif if (g && !num) num = DEFBITS; diff --git a/crypto/openssl/apps/dsa.c b/crypto/openssl/apps/dsa.c index 6598871..e9de3a3 100644 --- a/crypto/openssl/apps/dsa.c +++ b/crypto/openssl/apps/dsa.c @@ -90,7 +90,9 @@ int MAIN(int, char **); int MAIN(int argc, char **argv) { +#ifndef OPENSSL_NO_ENGINE ENGINE *e = NULL; +#endif int ret=1; DSA *dsa=NULL; int i,badops=0; @@ -98,7 +100,10 @@ int MAIN(int argc, char **argv) BIO *in=NULL,*out=NULL; int informat,outformat,text=0,noout=0; int pubin = 0, pubout = 0; - char *infile,*outfile,*prog,*engine; + char *infile,*outfile,*prog; +#ifndef OPENSSL_NO_ENGINE + char *engine; +#endif char *passargin = NULL, *passargout = NULL; char *passin = NULL, *passout = NULL; int modulus=0; @@ -112,7 +117,9 @@ int MAIN(int argc, char **argv) if (!load_config(bio_err, NULL)) goto end; +#ifndef OPENSSL_NO_ENGINE engine=NULL; +#endif infile=NULL; outfile=NULL; informat=FORMAT_PEM; @@ -153,11 +160,13 @@ int MAIN(int argc, char **argv) if (--argc < 1) goto bad; passargout= *(++argv); } +#ifndef OPENSSL_NO_ENGINE else if (strcmp(*argv,"-engine") == 0) { if (--argc < 1) goto bad; engine= *(++argv); } +#endif else if (strcmp(*argv,"-noout") == 0) noout=1; else if (strcmp(*argv,"-text") == 0) @@ -189,7 +198,9 @@ bad: BIO_printf(bio_err," -passin arg input file pass phrase source\n"); BIO_printf(bio_err," -out arg output file\n"); BIO_printf(bio_err," -passout arg output file pass phrase source\n"); +#ifndef OPENSSL_NO_ENGINE BIO_printf(bio_err," -engine e use engine e, possibly a hardware device.\n"); +#endif BIO_printf(bio_err," -des encrypt PEM output with cbc des\n"); BIO_printf(bio_err," -des3 encrypt PEM output with ede cbc des using 168 bit key\n"); #ifndef OPENSSL_NO_IDEA @@ -207,7 +218,9 @@ bad: ERR_load_crypto_strings(); +#ifndef OPENSSL_NO_ENGINE e = setup_engine(bio_err, engine, 0); +#endif if(!app_passwd(bio_err, passargin, passargout, &passin, &passout)) { BIO_printf(bio_err, "Error getting passwords\n"); diff --git a/crypto/openssl/apps/dsaparam.c b/crypto/openssl/apps/dsaparam.c index 320d76f..04861e8 100644 --- a/crypto/openssl/apps/dsaparam.c +++ b/crypto/openssl/apps/dsaparam.c @@ -90,7 +90,9 @@ int MAIN(int, char **); int MAIN(int argc, char **argv) { +#ifndef OPENSSL_NO_ENGINE ENGINE *e = NULL; +#endif DSA *dsa=NULL; int i,badops=0,text=0; BIO *in=NULL,*out=NULL; @@ -98,7 +100,9 @@ int MAIN(int argc, char **argv) char *infile,*outfile,*prog,*inrand=NULL; int numbits= -1,num,genkey=0; int need_rand=0; +#ifndef OPENSSL_NO_ENGINE char *engine=NULL; +#endif apps_startup(); @@ -139,11 +143,13 @@ int MAIN(int argc, char **argv) if (--argc < 1) goto bad; outfile= *(++argv); } +#ifndef OPENSSL_NO_ENGINE else if(strcmp(*argv, "-engine") == 0) { if (--argc < 1) goto bad; engine = *(++argv); } +#endif else if (strcmp(*argv,"-text") == 0) text=1; else if (strcmp(*argv,"-C") == 0) @@ -191,7 +197,9 @@ bad: BIO_printf(bio_err," -noout no output\n"); BIO_printf(bio_err," -genkey generate a DSA key\n"); BIO_printf(bio_err," -rand files to use for random number input\n"); +#ifndef OPENSSL_NO_ENGINE BIO_printf(bio_err," -engine e use engine e, possibly a hardware device.\n"); +#endif BIO_printf(bio_err," number number of bits to use for generating private key\n"); goto end; } @@ -235,7 +243,9 @@ bad: } } +#ifndef OPENSSL_NO_ENGINE e = setup_engine(bio_err, engine, 0); +#endif if (need_rand) { diff --git a/crypto/openssl/apps/enc.c b/crypto/openssl/apps/enc.c index 42ddfd2..0a9f731 100644 --- a/crypto/openssl/apps/enc.c +++ b/crypto/openssl/apps/enc.c @@ -100,7 +100,9 @@ int MAIN(int, char **); int MAIN(int argc, char **argv) { +#ifndef OPENSSL_NO_ENGINE ENGINE *e = NULL; +#endif static const char magic[]="Salted__"; char mbuf[sizeof magic-1]; char *strbuf=NULL; @@ -119,7 +121,9 @@ int MAIN(int argc, char **argv) BIO *in=NULL,*out=NULL,*b64=NULL,*benc=NULL,*rbio=NULL,*wbio=NULL; #define PROG_NAME_SIZE 39 char pname[PROG_NAME_SIZE+1]; +#ifndef OPENSSL_NO_ENGINE char *engine = NULL; +#endif apps_startup(); @@ -163,11 +167,13 @@ int MAIN(int argc, char **argv) if (--argc < 1) goto bad; passarg= *(++argv); } +#ifndef OPENSSL_NO_ENGINE else if (strcmp(*argv,"-engine") == 0) { if (--argc < 1) goto bad; engine= *(++argv); } +#endif else if (strcmp(*argv,"-d") == 0) enc=0; else if (strcmp(*argv,"-p") == 0) @@ -270,7 +276,9 @@ bad: BIO_printf(bio_err,"%-14s key/iv in hex is the next argument\n","-K/-iv"); BIO_printf(bio_err,"%-14s print the iv/key (then exit if -P)\n","-[pP]"); BIO_printf(bio_err,"%-14s buffer size\n","-bufsize <n>"); +#ifndef OPENSSL_NO_ENGINE BIO_printf(bio_err,"%-14s use engine e, possibly a hardware device.\n","-engine e"); +#endif BIO_printf(bio_err,"Cipher Types\n"); OBJ_NAME_do_all_sorted(OBJ_NAME_TYPE_CIPHER_METH, @@ -284,7 +292,9 @@ bad: argv++; } +#ifndef OPENSSL_NO_ENGINE e = setup_engine(bio_err, engine, 0); +#endif if (bufsize != NULL) { diff --git a/crypto/openssl/apps/engine.c b/crypto/openssl/apps/engine.c index b718ae1..456f80a 100644 --- a/crypto/openssl/apps/engine.c +++ b/crypto/openssl/apps/engine.c @@ -56,6 +56,8 @@ * */ +#ifndef OPENSSL_NO_ENGINE + #include <stdio.h> #include <stdlib.h> #include <string.h> @@ -518,3 +520,4 @@ end: apps_shutdown(); OPENSSL_EXIT(ret); } +#endif diff --git a/crypto/openssl/apps/gendh.c b/crypto/openssl/apps/gendh.c index 98ee413..a34a862 100644 --- a/crypto/openssl/apps/gendh.c +++ b/crypto/openssl/apps/gendh.c @@ -81,13 +81,17 @@ int MAIN(int, char **); int MAIN(int argc, char **argv) { +#ifndef OPENSSL_NO_ENGINE ENGINE *e = NULL; +#endif DH *dh=NULL; int ret=1,num=DEFBITS; int g=2; char *outfile=NULL; char *inrand=NULL; +#ifndef OPENSSL_NO_ENGINE char *engine=NULL; +#endif BIO *out=NULL; apps_startup(); @@ -115,11 +119,13 @@ int MAIN(int argc, char **argv) g=3; */ else if (strcmp(*argv,"-5") == 0) g=5; +#ifndef OPENSSL_NO_ENGINE else if (strcmp(*argv,"-engine") == 0) { if (--argc < 1) goto bad; engine= *(++argv); } +#endif else if (strcmp(*argv,"-rand") == 0) { if (--argc < 1) goto bad; @@ -138,14 +144,18 @@ bad: BIO_printf(bio_err," -2 - use 2 as the generator value\n"); /* BIO_printf(bio_err," -3 - use 3 as the generator value\n"); */ BIO_printf(bio_err," -5 - use 5 as the generator value\n"); +#ifndef OPENSSL_NO_ENGINE BIO_printf(bio_err," -engine e - use engine e, possibly a hardware device.\n"); +#endif BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR); BIO_printf(bio_err," - load the file (or the files in the directory) into\n"); BIO_printf(bio_err," the random number generator\n"); goto end; } +#ifndef OPENSSL_NO_ENGINE e = setup_engine(bio_err, engine, 0); +#endif out=BIO_new(BIO_s_file()); if (out == NULL) diff --git a/crypto/openssl/apps/gendsa.c b/crypto/openssl/apps/gendsa.c index 4600711..6d2ed06 100644 --- a/crypto/openssl/apps/gendsa.c +++ b/crypto/openssl/apps/gendsa.c @@ -77,7 +77,9 @@ int MAIN(int, char **); int MAIN(int argc, char **argv) { +#ifndef OPENSSL_NO_ENGINE ENGINE *e = NULL; +#endif DSA *dsa=NULL; int ret=1; char *outfile=NULL; @@ -85,7 +87,9 @@ int MAIN(int argc, char **argv) char *passargout = NULL, *passout = NULL; BIO *out=NULL,*in=NULL; const EVP_CIPHER *enc=NULL; +#ifndef OPENSSL_NO_ENGINE char *engine=NULL; +#endif apps_startup(); @@ -111,11 +115,13 @@ int MAIN(int argc, char **argv) if (--argc < 1) goto bad; passargout= *(++argv); } +#ifndef OPENSSL_NO_ENGINE else if (strcmp(*argv,"-engine") == 0) { if (--argc < 1) goto bad; engine= *(++argv); } +#endif else if (strcmp(*argv,"-rand") == 0) { if (--argc < 1) goto bad; @@ -167,7 +173,9 @@ bad: BIO_printf(bio_err," -aes128, -aes192, -aes256\n"); BIO_printf(bio_err," encrypt PEM output with cbc aes\n"); #endif +#ifndef OPENSSL_NO_ENGINE BIO_printf(bio_err," -engine e - use engine e, possibly a hardware device.\n"); +#endif BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR); BIO_printf(bio_err," - load the file (or the files in the directory) into\n"); BIO_printf(bio_err," the random number generator\n"); @@ -176,7 +184,9 @@ bad: goto end; } +#ifndef OPENSSL_NO_ENGINE e = setup_engine(bio_err, engine, 0); +#endif if(!app_passwd(bio_err, NULL, passargout, NULL, &passout)) { BIO_printf(bio_err, "Error getting password\n"); diff --git a/crypto/openssl/apps/genrsa.c b/crypto/openssl/apps/genrsa.c index dbc23e4..63be873 100644 --- a/crypto/openssl/apps/genrsa.c +++ b/crypto/openssl/apps/genrsa.c @@ -81,7 +81,9 @@ int MAIN(int, char **); int MAIN(int argc, char **argv) { +#ifndef OPENSSL_NO_ENGINE ENGINE *e = NULL; +#endif int ret=1; RSA *rsa=NULL; int i,num=DEFBITS; @@ -90,7 +92,9 @@ int MAIN(int argc, char **argv) unsigned long f4=RSA_F4; char *outfile=NULL; char *passargout = NULL, *passout = NULL; +#ifndef OPENSSL_NO_ENGINE char *engine=NULL; +#endif char *inrand=NULL; BIO *out=NULL; @@ -122,11 +126,13 @@ int MAIN(int argc, char **argv) f4=3; else if (strcmp(*argv,"-F4") == 0 || strcmp(*argv,"-f4") == 0) f4=RSA_F4; +#ifndef OPENSSL_NO_ENGINE else if (strcmp(*argv,"-engine") == 0) { if (--argc < 1) goto bad; engine= *(++argv); } +#endif else if (strcmp(*argv,"-rand") == 0) { if (--argc < 1) goto bad; @@ -177,7 +183,9 @@ bad: BIO_printf(bio_err," -passout arg output file pass phrase source\n"); BIO_printf(bio_err," -f4 use F4 (0x10001) for the E value\n"); BIO_printf(bio_err," -3 use 3 for the E value\n"); +#ifndef OPENSSL_NO_ENGINE BIO_printf(bio_err," -engine e use engine e, possibly a hardware device.\n"); +#endif BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR); BIO_printf(bio_err," load the file (or the files in the directory) into\n"); BIO_printf(bio_err," the random number generator\n"); @@ -191,7 +199,9 @@ bad: goto err; } +#ifndef OPENSSL_NO_ENGINE e = setup_engine(bio_err, engine, 0); +#endif if (outfile == NULL) { diff --git a/crypto/openssl/apps/ocsp.c b/crypto/openssl/apps/ocsp.c index 92922bc..f05ec0e 100644 --- a/crypto/openssl/apps/ocsp.c +++ b/crypto/openssl/apps/ocsp.c @@ -55,6 +55,7 @@ * Hudson (tjh@cryptsoft.com). * */ +#ifndef OPENSSL_NO_OCSP #include <stdio.h> #include <string.h> @@ -722,7 +723,12 @@ int MAIN(int argc, char **argv) } else if (host) { +#ifndef OPENSSL_NO_SOCK cbio = BIO_new_connect(host); +#else + BIO_printf(bio_err, "Error creating connect BIO - sockets not supported.\n"); + goto end; +#endif if (!cbio) { BIO_printf(bio_err, "Error creating connect BIO\n"); @@ -732,7 +738,16 @@ int MAIN(int argc, char **argv) if (use_ssl == 1) { BIO *sbio; +#if !defined(OPENSSL_NO_SSL2) && !defined(OPENSSL_NO_SSL3) ctx = SSL_CTX_new(SSLv23_client_method()); +#elif !defined(OPENSSL_NO_SSL3) + ctx = SSL_CTX_new(SSLv3_client_method()); +#elif !defined(OPENSSL_NO_SSL2) + ctx = SSL_CTX_new(SSLv2_client_method()); +#else + BIO_printf(bio_err, "SSL is disabled\n"); + goto end; +#endif SSL_CTX_set_mode(ctx, SSL_MODE_AUTO_RETRY); sbio = BIO_new_ssl(ctx, 1); cbio = BIO_push(sbio, cbio); @@ -1139,7 +1154,11 @@ static BIO *init_responder(char *port) bufbio = BIO_new(BIO_f_buffer()); if (!bufbio) goto err; +#ifndef OPENSSL_NO_SOCK acbio = BIO_new_accept(port); +#else + BIO_printf(bio_err, "Error setting up accept BIO - sockets not supported.\n"); +#endif if (!acbio) goto err; BIO_set_accept_bios(acbio, bufbio); @@ -1226,3 +1245,4 @@ static int send_ocsp_response(BIO *cbio, OCSP_RESPONSE *resp) return 1; } +#endif diff --git a/crypto/openssl/apps/openssl.c b/crypto/openssl/apps/openssl.c index 4789647..45af2ba 100644 --- a/crypto/openssl/apps/openssl.c +++ b/crypto/openssl/apps/openssl.c @@ -122,7 +122,9 @@ #include <openssl/x509.h> #include <openssl/pem.h> #include <openssl/ssl.h> +#ifndef OPENSSL_NO_ENGINE #include <openssl/engine.h> +#endif #define USE_SOCKETS /* needed for the _O_BINARY defs in the MS world */ #include "progs.h" #include "s_apps.h" diff --git a/crypto/openssl/apps/pkcs12.c b/crypto/openssl/apps/pkcs12.c index 8d1babe..5136acd 100644 --- a/crypto/openssl/apps/pkcs12.c +++ b/crypto/openssl/apps/pkcs12.c @@ -120,7 +120,9 @@ int MAIN(int argc, char **argv) char *passin = NULL, *passout = NULL; char *inrand = NULL; char *CApath = NULL, *CAfile = NULL; +#ifndef OPENSSL_NO_ENGINE char *engine=NULL; +#endif apps_startup(); @@ -252,11 +254,13 @@ int MAIN(int argc, char **argv) args++; CAfile = *args; } else badarg = 1; +#ifndef OPENSSL_NO_ENGINE } else if (!strcmp(*args,"-engine")) { if (args[1]) { args++; engine = *args; } else badarg = 1; +#endif } else badarg = 1; } else badarg = 1; @@ -304,14 +308,18 @@ int MAIN(int argc, char **argv) BIO_printf (bio_err, "-password p set import/export password source\n"); BIO_printf (bio_err, "-passin p input file pass phrase source\n"); BIO_printf (bio_err, "-passout p output file pass phrase source\n"); +#ifndef OPENSSL_NO_ENGINE BIO_printf (bio_err, "-engine e use engine e, possibly a hardware device.\n"); +#endif BIO_printf(bio_err, "-rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR); BIO_printf(bio_err, " load the file (or the files in the directory) into\n"); BIO_printf(bio_err, " the random number generator\n"); goto end; } +#ifndef OPENSSL_NO_ENGINE e = setup_engine(bio_err, engine, 0); +#endif if(passarg) { if(export_cert) passargout = passarg; diff --git a/crypto/openssl/apps/pkcs7.c b/crypto/openssl/apps/pkcs7.c index 738dd85..6c58c67 100644 --- a/crypto/openssl/apps/pkcs7.c +++ b/crypto/openssl/apps/pkcs7.c @@ -82,7 +82,9 @@ int MAIN(int, char **); int MAIN(int argc, char **argv) { +#ifndef OPENSSL_NO_ENGINE ENGINE *e = NULL; +#endif PKCS7 *p7=NULL; int i,badops=0; BIO *in=NULL,*out=NULL; @@ -90,7 +92,9 @@ int MAIN(int argc, char **argv) char *infile,*outfile,*prog; int print_certs=0,text=0,noout=0; int ret=1; +#ifndef OPENSSL_NO_ENGINE char *engine=NULL; +#endif apps_startup(); @@ -134,11 +138,13 @@ int MAIN(int argc, char **argv) text=1; else if (strcmp(*argv,"-print_certs") == 0) print_certs=1; +#ifndef OPENSSL_NO_ENGINE else if (strcmp(*argv,"-engine") == 0) { if (--argc < 1) goto bad; engine= *(++argv); } +#endif else { BIO_printf(bio_err,"unknown option %s\n",*argv); @@ -161,14 +167,18 @@ bad: BIO_printf(bio_err," -print_certs print any certs or crl in the input\n"); BIO_printf(bio_err," -text print full details of certificates\n"); BIO_printf(bio_err," -noout don't output encoded data\n"); +#ifndef OPENSSL_NO_ENGINE BIO_printf(bio_err," -engine e use engine e, possibly a hardware device.\n"); +#endif ret = 1; goto end; } ERR_load_crypto_strings(); +#ifndef OPENSSL_NO_ENGINE e = setup_engine(bio_err, engine, 0); +#endif in=BIO_new(BIO_s_file()); out=BIO_new(BIO_s_file()); diff --git a/crypto/openssl/apps/pkcs8.c b/crypto/openssl/apps/pkcs8.c index 1debccb..6be27e7 100644 --- a/crypto/openssl/apps/pkcs8.c +++ b/crypto/openssl/apps/pkcs8.c @@ -85,7 +85,9 @@ int MAIN(int argc, char **argv) EVP_PKEY *pkey=NULL; char pass[50], *passin = NULL, *passout = NULL, *p8pass = NULL; int badarg = 0; +#ifndef OPENSSL_NO_ENGINE char *engine=NULL; +#endif if (bio_err == NULL) bio_err = BIO_new_fp (stderr, BIO_NOCLOSE); @@ -145,11 +147,13 @@ int MAIN(int argc, char **argv) if (!args[1]) goto bad; passargout= *(++args); } +#ifndef OPENSSL_NO_ENGINE else if (strcmp(*args,"-engine") == 0) { if (!args[1]) goto bad; engine= *(++args); } +#endif else if (!strcmp (*args, "-in")) { if (args[1]) { args++; @@ -182,11 +186,15 @@ int MAIN(int argc, char **argv) BIO_printf(bio_err, "-nocrypt use or expect unencrypted private key\n"); BIO_printf(bio_err, "-v2 alg use PKCS#5 v2.0 and cipher \"alg\"\n"); BIO_printf(bio_err, "-v1 obj use PKCS#5 v1.5 and cipher \"alg\"\n"); +#ifndef OPENSSL_NO_ENGINE BIO_printf(bio_err," -engine e use engine e, possibly a hardware device.\n"); +#endif return (1); } +#ifndef OPENSSL_NO_ENGINE e = setup_engine(bio_err, engine, 0); +#endif if(!app_passwd(bio_err, passargin, passargout, &passin, &passout)) { BIO_printf(bio_err, "Error getting passwords\n"); diff --git a/crypto/openssl/apps/progs.h b/crypto/openssl/apps/progs.h index 752385d..70e4dba 100644 --- a/crypto/openssl/apps/progs.h +++ b/crypto/openssl/apps/progs.h @@ -35,7 +35,9 @@ extern int pkcs8_main(int argc,char *argv[]); extern int spkac_main(int argc,char *argv[]); extern int smime_main(int argc,char *argv[]); extern int rand_main(int argc,char *argv[]); +#ifndef OPENSSL_NO_ENGINE extern int engine_main(int argc,char *argv[]); +#endif extern int ocsp_main(int argc,char *argv[]); #define FUNC_TYPE_GENERAL 1 @@ -92,7 +94,9 @@ FUNCTION functions[] = { #if !defined(OPENSSL_NO_SOCK) && !(defined(OPENSSL_NO_SSL2) && defined(OPENSSL_NO_SSL3)) {FUNC_TYPE_GENERAL,"s_client",s_client_main}, #endif +#ifndef OPENSSL_NO_SPEED {FUNC_TYPE_GENERAL,"speed",speed_main}, +#endif #if !defined(OPENSSL_NO_SOCK) && !(defined(OPENSSL_NO_SSL2) && defined(OPENSSL_NO_SSL3)) {FUNC_TYPE_GENERAL,"s_time",s_time_main}, #endif @@ -111,7 +115,9 @@ FUNCTION functions[] = { {FUNC_TYPE_GENERAL,"spkac",spkac_main}, {FUNC_TYPE_GENERAL,"smime",smime_main}, {FUNC_TYPE_GENERAL,"rand",rand_main}, +#ifndef OPENSSL_NO_ENGINE {FUNC_TYPE_GENERAL,"engine",engine_main}, +#endif {FUNC_TYPE_GENERAL,"ocsp",ocsp_main}, #ifndef OPENSSL_NO_MD2 {FUNC_TYPE_MD,"md2",dgst_main}, diff --git a/crypto/openssl/apps/rand.c b/crypto/openssl/apps/rand.c index eaaa6e3..63724bc 100644 --- a/crypto/openssl/apps/rand.c +++ b/crypto/openssl/apps/rand.c @@ -76,7 +76,9 @@ int MAIN(int, char **); int MAIN(int argc, char **argv) { +#ifndef OPENSSL_NO_ENGINE ENGINE *e = NULL; +#endif int i, r, ret = 1; int badopt; char *outfile = NULL; @@ -84,7 +86,9 @@ int MAIN(int argc, char **argv) int base64 = 0; BIO *out = NULL; int num = -1; +#ifndef OPENSSL_NO_ENGINE char *engine=NULL; +#endif apps_startup(); @@ -106,6 +110,7 @@ int MAIN(int argc, char **argv) else badopt = 1; } +#ifndef OPENSSL_NO_ENGINE else if (strcmp(argv[i], "-engine") == 0) { if ((argv[i+1] != NULL) && (engine == NULL)) @@ -113,6 +118,7 @@ int MAIN(int argc, char **argv) else badopt = 1; } +#endif else if (strcmp(argv[i], "-rand") == 0) { if ((argv[i+1] != NULL) && (inrand == NULL)) @@ -150,13 +156,17 @@ int MAIN(int argc, char **argv) BIO_printf(bio_err, "Usage: rand [options] num\n"); BIO_printf(bio_err, "where options are\n"); BIO_printf(bio_err, "-out file - write to file\n"); +#ifndef OPENSSL_NO_ENGINE BIO_printf(bio_err, "-engine e - use engine e, possibly a hardware device.\n"); +#endif BIO_printf(bio_err, "-rand file%cfile%c... - seed PRNG from files\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR); BIO_printf(bio_err, "-base64 - encode output\n"); goto err; } +#ifndef OPENSSL_NO_ENGINE e = setup_engine(bio_err, engine, 0); +#endif app_RAND_load_file(NULL, bio_err, (inrand != NULL)); if (inrand != NULL) diff --git a/crypto/openssl/apps/req.c b/crypto/openssl/apps/req.c index cffdcd1..5f6ec3d 100644 --- a/crypto/openssl/apps/req.c +++ b/crypto/openssl/apps/req.c @@ -162,7 +162,9 @@ int MAIN(int argc, char **argv) int informat,outformat,verify=0,noout=0,text=0,keyform=FORMAT_PEM; int nodes=0,kludge=0,newhdr=0,subject=0,pubkey=0; char *infile,*outfile,*prog,*keyfile=NULL,*template=NULL,*keyout=NULL; +#ifndef OPENSSL_NO_ENGINE char *engine=NULL; +#endif char *extensions = NULL; char *req_exts = NULL; const EVP_CIPHER *cipher=NULL; @@ -210,11 +212,13 @@ int MAIN(int argc, char **argv) if (--argc < 1) goto bad; outformat=str2fmt(*(++argv)); } +#ifndef OPENSSL_NO_ENGINE else if (strcmp(*argv,"-engine") == 0) { if (--argc < 1) goto bad; engine= *(++argv); } +#endif else if (strcmp(*argv,"-key") == 0) { if (--argc < 1) goto bad; @@ -428,7 +432,9 @@ bad: BIO_printf(bio_err," -verify verify signature on REQ\n"); BIO_printf(bio_err," -modulus RSA modulus\n"); BIO_printf(bio_err," -nodes don't encrypt the output key\n"); +#ifndef OPENSSL_NO_ENGINE BIO_printf(bio_err," -engine e use engine e, possibly a hardware device\n"); +#endif BIO_printf(bio_err," -subject output the request's subject\n"); BIO_printf(bio_err," -passin private key password source\n"); BIO_printf(bio_err," -key file use the private key contained in file\n"); @@ -453,7 +459,7 @@ bad: BIO_printf(bio_err," -extensions .. specify certificate extension section (override value in config file)\n"); BIO_printf(bio_err," -reqexts .. specify request extension section (override value in config file)\n"); BIO_printf(bio_err," -utf8 input characters are UTF8 (default ASCII)\n"); - BIO_printf(bio_err," -nameopt arg - various certificate name options\n"); + BIO_printf(bio_err," -nameopt arg - various certificate name options\n"); BIO_printf(bio_err," -reqopt arg - various request text options\n\n"); goto end; } @@ -617,7 +623,9 @@ bad: if ((in == NULL) || (out == NULL)) goto end; +#ifndef OPENSSL_NO_ENGINE e = setup_engine(bio_err, engine, 0); +#endif if (keyfile != NULL) { @@ -1237,11 +1245,17 @@ start: for (;;) sprintf(buf,"%s_min",v->name); if (!NCONF_get_number(req_conf,dn_sect,buf, &n_min)) + { + ERR_clear_error(); n_min = -1; + } sprintf(buf,"%s_max",v->name); if (!NCONF_get_number(req_conf,dn_sect,buf, &n_max)) + { + ERR_clear_error(); n_max = -1; + } if (!add_DN_object(subj,v->value,def,value,nid, n_min,n_max, chtype)) diff --git a/crypto/openssl/apps/rsa.c b/crypto/openssl/apps/rsa.c index aebec74..0acdb08 100644 --- a/crypto/openssl/apps/rsa.c +++ b/crypto/openssl/apps/rsa.c @@ -104,7 +104,9 @@ int MAIN(int argc, char **argv) char *infile,*outfile,*prog; char *passargin = NULL, *passargout = NULL; char *passin = NULL, *passout = NULL; +#ifndef OPENSSL_NO_ENGINE char *engine=NULL; +#endif int modulus=0; apps_startup(); @@ -156,11 +158,13 @@ int MAIN(int argc, char **argv) if (--argc < 1) goto bad; passargout= *(++argv); } +#ifndef OPENSSL_NO_ENGINE else if (strcmp(*argv,"-engine") == 0) { if (--argc < 1) goto bad; engine= *(++argv); } +#endif else if (strcmp(*argv,"-sgckey") == 0) sgckey=1; else if (strcmp(*argv,"-pubin") == 0) @@ -212,13 +216,17 @@ bad: BIO_printf(bio_err," -check verify key consistency\n"); BIO_printf(bio_err," -pubin expect a public key in input file\n"); BIO_printf(bio_err," -pubout output a public key\n"); +#ifndef OPENSSL_NO_ENGINE BIO_printf(bio_err," -engine e use engine e, possibly a hardware device.\n"); +#endif goto end; } ERR_load_crypto_strings(); +#ifndef OPENSSL_NO_ENGINE e = setup_engine(bio_err, engine, 0); +#endif if(!app_passwd(bio_err, passargin, passargout, &passin, &passout)) { BIO_printf(bio_err, "Error getting passwords\n"); diff --git a/crypto/openssl/apps/rsautl.c b/crypto/openssl/apps/rsautl.c index 36957e5..5a6fd11 100644 --- a/crypto/openssl/apps/rsautl.c +++ b/crypto/openssl/apps/rsautl.c @@ -85,7 +85,9 @@ int MAIN(int argc, char **argv) ENGINE *e = NULL; BIO *in = NULL, *out = NULL; char *infile = NULL, *outfile = NULL; +#ifndef OPENSSL_NO_ENGINE char *engine = NULL; +#endif char *keyfile = NULL; char rsa_mode = RSA_VERIFY, key_type = KEY_PRIVKEY; int keyform = FORMAT_PEM; @@ -125,9 +127,11 @@ int MAIN(int argc, char **argv) } else if (strcmp(*argv,"-keyform") == 0) { if (--argc < 1) badarg = 1; keyform=str2fmt(*(++argv)); +#ifndef OPENSSL_NO_ENGINE } else if(!strcmp(*argv, "-engine")) { if (--argc < 1) badarg = 1; engine = *(++argv); +#endif } else if(!strcmp(*argv, "-pubin")) { key_type = KEY_PUBKEY; } else if(!strcmp(*argv, "-certin")) { @@ -162,7 +166,9 @@ int MAIN(int argc, char **argv) goto end; } +#ifndef OPENSSL_NO_ENGINE e = setup_engine(bio_err, engine, 0); +#endif /* FIXME: seed PRNG only if needed */ app_RAND_load_file(NULL, bio_err, 0); @@ -305,7 +311,9 @@ static void usage() BIO_printf(bio_err, "-encrypt encrypt with public key\n"); BIO_printf(bio_err, "-decrypt decrypt with private key\n"); BIO_printf(bio_err, "-hexdump hex dump output\n"); +#ifndef OPENSSL_NO_ENGINE BIO_printf(bio_err, "-engine e use engine e, possibly a hardware device.\n"); +#endif } diff --git a/crypto/openssl/apps/s_client.c b/crypto/openssl/apps/s_client.c index 738588c..2e73f34 100644 --- a/crypto/openssl/apps/s_client.c +++ b/crypto/openssl/apps/s_client.c @@ -222,7 +222,9 @@ static void sc_usage(void) BIO_printf(bio_err," for those protocols that support it, where\n"); BIO_printf(bio_err," 'prot' defines which one to assume. Currently,\n"); BIO_printf(bio_err," only \"smtp\" is supported.\n"); +#ifndef OPENSSL_NO_ENGINE BIO_printf(bio_err," -engine id - Initialise and use the specified engine\n"); +#endif BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR); } @@ -254,8 +256,10 @@ int MAIN(int argc, char **argv) SSL_METHOD *meth=NULL; BIO *sbio; char *inrand=NULL; +#ifndef OPENSSL_NO_ENGINE char *engine_id=NULL; ENGINE *e=NULL; +#endif #ifdef OPENSSL_SYS_WINDOWS struct timeval tv; #endif @@ -415,11 +419,13 @@ int MAIN(int argc, char **argv) else goto bad; } +#ifndef OPENSSL_NO_ENGINE else if (strcmp(*argv,"-engine") == 0) { if (--argc < 1) goto bad; engine_id = *(++argv); } +#endif else if (strcmp(*argv,"-rand") == 0) { if (--argc < 1) goto bad; @@ -444,7 +450,9 @@ bad: OpenSSL_add_ssl_algorithms(); SSL_load_error_strings(); +#ifndef OPENSSL_NO_ENGINE e = setup_engine(bio_err, engine_id, 1); +#endif if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL && !RAND_status()) diff --git a/crypto/openssl/apps/s_server.c b/crypto/openssl/apps/s_server.c index 44886c5..5157aae 100644 --- a/crypto/openssl/apps/s_server.c +++ b/crypto/openssl/apps/s_server.c @@ -242,7 +242,9 @@ static int s_msg=0; static int s_quiet=0; static int hack=0; +#ifndef OPENSSL_NO_ENGINE static char *engine_id=NULL; +#endif static const char *session_id_prefix=NULL; #ifdef MONOLITH @@ -267,7 +269,9 @@ static void s_server_init(void) s_msg=0; s_quiet=0; hack=0; +#ifndef OPENSSL_NO_ENGINE engine_id=NULL; +#endif } #endif @@ -316,7 +320,9 @@ static void sv_usage(void) BIO_printf(bio_err," -WWW - Respond to a 'GET /<path> HTTP/1.0' with file ./<path>\n"); BIO_printf(bio_err," -HTTP - Respond to a 'GET /<path> HTTP/1.0' with file ./<path>\n"); BIO_printf(bio_err," with the assumption it contains a complete HTTP response.\n"); +#ifndef OPENSSL_NO_ENGINE BIO_printf(bio_err," -engine id - Initialise and use the specified engine\n"); +#endif BIO_printf(bio_err," -id_prefix arg - Generate SSL/TLS session IDs prefixed by 'arg'\n"); BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR); } @@ -490,7 +496,9 @@ int MAIN(int argc, char *argv[]) int no_tmp_rsa=0,no_dhe=0,nocert=0; int state=0; SSL_METHOD *meth=NULL; +#ifndef OPENSSL_NO_ENGINE ENGINE *e=NULL; +#endif char *inrand=NULL; #if !defined(OPENSSL_NO_SSL2) && !defined(OPENSSL_NO_SSL3) @@ -665,11 +673,13 @@ int MAIN(int argc, char *argv[]) if (--argc < 1) goto bad; session_id_prefix = *(++argv); } +#ifndef OPENSSL_NO_ENGINE else if (strcmp(*argv,"-engine") == 0) { if (--argc < 1) goto bad; engine_id= *(++argv); } +#endif else if (strcmp(*argv,"-rand") == 0) { if (--argc < 1) goto bad; @@ -694,7 +704,9 @@ bad: SSL_load_error_strings(); OpenSSL_add_ssl_algorithms(); +#ifndef OPENSSL_NO_ENGINE e = setup_engine(bio_err, engine_id, 1); +#endif if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL && !RAND_status()) diff --git a/crypto/openssl/apps/smime.c b/crypto/openssl/apps/smime.c index ef0e477..cc248d3 100644 --- a/crypto/openssl/apps/smime.c +++ b/crypto/openssl/apps/smime.c @@ -104,7 +104,9 @@ int MAIN(int argc, char **argv) int need_rand = 0; int informat = FORMAT_SMIME, outformat = FORMAT_SMIME; int keyform = FORMAT_PEM; +#ifndef OPENSSL_NO_ENGINE char *engine=NULL; +#endif args = argv + 1; ret = 1; @@ -176,11 +178,13 @@ int MAIN(int argc, char **argv) inrand = *args; } else badarg = 1; need_rand = 1; +#ifndef OPENSSL_NO_ENGINE } else if (!strcmp(*args,"-engine")) { if (args[1]) { args++; engine = *args; } else badarg = 1; +#endif } else if (!strcmp(*args,"-passin")) { if (args[1]) { args++; @@ -330,7 +334,9 @@ int MAIN(int argc, char **argv) BIO_printf (bio_err, "-CAfile file trusted certificates file\n"); BIO_printf (bio_err, "-crl_check check revocation status of signer's certificate using CRLs\n"); BIO_printf (bio_err, "-crl_check_all check revocation status of signer's certificate chain using CRLs\n"); +#ifndef OPENSSL_NO_ENGINE BIO_printf (bio_err, "-engine e use engine e, possibly a hardware device.\n"); +#endif BIO_printf (bio_err, "-passin arg input file pass phrase source\n"); BIO_printf(bio_err, "-rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR); BIO_printf(bio_err, " load the file (or the files in the directory) into\n"); @@ -339,7 +345,9 @@ int MAIN(int argc, char **argv) goto end; } +#ifndef OPENSSL_NO_ENGINE e = setup_engine(bio_err, engine, 0); +#endif if(!app_passwd(bio_err, passargin, NULL, &passin, NULL)) { BIO_printf(bio_err, "Error getting password\n"); diff --git a/crypto/openssl/apps/spkac.c b/crypto/openssl/apps/spkac.c index ed370c5..47ee53f 100644 --- a/crypto/openssl/apps/spkac.c +++ b/crypto/openssl/apps/spkac.c @@ -92,7 +92,9 @@ int MAIN(int argc, char **argv) CONF *conf = NULL; NETSCAPE_SPKI *spki = NULL; EVP_PKEY *pkey = NULL; +#ifndef OPENSSL_NO_ENGINE char *engine=NULL; +#endif apps_startup(); @@ -141,11 +143,13 @@ int MAIN(int argc, char **argv) if (--argc < 1) goto bad; spksect= *(++argv); } +#ifndef OPENSSL_NO_ENGINE else if (strcmp(*argv,"-engine") == 0) { if (--argc < 1) goto bad; engine= *(++argv); } +#endif else if (strcmp(*argv,"-noout") == 0) noout=1; else if (strcmp(*argv,"-pubkey") == 0) @@ -171,7 +175,9 @@ bad: BIO_printf(bio_err," -noout don't print SPKAC\n"); BIO_printf(bio_err," -pubkey output public key\n"); BIO_printf(bio_err," -verify verify SPKAC signature\n"); +#ifndef OPENSSL_NO_ENGINE BIO_printf(bio_err," -engine e use engine e, possibly a hardware device.\n"); +#endif goto end; } @@ -181,7 +187,9 @@ bad: goto end; } +#ifndef OPENSSL_NO_ENGINE e = setup_engine(bio_err, engine, 0); +#endif if(keyfile) { pkey = load_key(bio_err, diff --git a/crypto/openssl/apps/verify.c b/crypto/openssl/apps/verify.c index 9a18213..6a93c01 100644 --- a/crypto/openssl/apps/verify.c +++ b/crypto/openssl/apps/verify.c @@ -86,7 +86,9 @@ int MAIN(int argc, char **argv) STACK_OF(X509) *untrusted = NULL, *trusted = NULL; X509_STORE *cert_ctx=NULL; X509_LOOKUP *lookup=NULL; +#ifndef OPENSSL_NO_ENGINE char *engine=NULL; +#endif cert_ctx=X509_STORE_new(); if (cert_ctx == NULL) goto end; @@ -142,11 +144,13 @@ int MAIN(int argc, char **argv) if (argc-- < 1) goto end; trustfile= *(++argv); } +#ifndef OPENSSL_NO_ENGINE else if (strcmp(*argv,"-engine") == 0) { if (--argc < 1) goto end; engine= *(++argv); } +#endif else if (strcmp(*argv,"-help") == 0) goto end; else if (strcmp(*argv,"-ignore_critical") == 0) @@ -170,7 +174,9 @@ int MAIN(int argc, char **argv) break; } +#ifndef OPENSSL_NO_ENGINE e = setup_engine(bio_err, engine, 0); +#endif lookup=X509_STORE_add_lookup(cert_ctx,X509_LOOKUP_file()); if (lookup == NULL) abort(); @@ -219,7 +225,11 @@ int MAIN(int argc, char **argv) ret=0; end: if (ret == 1) { - BIO_printf(bio_err,"usage: verify [-verbose] [-CApath path] [-CAfile file] [-purpose purpose] [-crl_check] [-engine e] cert1 cert2 ...\n"); + BIO_printf(bio_err,"usage: verify [-verbose] [-CApath path] [-CAfile file] [-purpose purpose] [-crl_check]"); +#ifndef OPENSSL_NO_ENGINE + BIO_printf(bio_err," [-engine e]"); +#endif + BIO_printf(bio_err," cert1 cert2 ...\n"); BIO_printf(bio_err,"recognized usages:\n"); for(i = 0; i < X509_PURPOSE_get_count(); i++) { X509_PURPOSE *ptmp; diff --git a/crypto/openssl/apps/x509.c b/crypto/openssl/apps/x509.c index 7915eca..1ac6452 100644 --- a/crypto/openssl/apps/x509.c +++ b/crypto/openssl/apps/x509.c @@ -131,7 +131,9 @@ static char *x509_usage[]={ " -extensions - section from config file with X509V3 extensions to add\n", " -clrext - delete extensions before signing and input certificate\n", " -nameopt arg - various certificate name options\n", +#ifndef OPENSSL_NO_ENGINE " -engine e - use engine e, possibly a hardware device.\n", +#endif " -certopt arg - various certificate text options\n", NULL }; @@ -183,7 +185,9 @@ int MAIN(int argc, char **argv) int need_rand = 0; int checkend=0,checkoffset=0; unsigned long nmflag = 0, certflag = 0; +#ifndef OPENSSL_NO_ENGINE char *engine=NULL; +#endif reqfile=0; @@ -360,11 +364,13 @@ int MAIN(int argc, char **argv) alias= *(++argv); trustout = 1; } +#ifndef OPENSSL_NO_ENGINE else if (strcmp(*argv,"-engine") == 0) { if (--argc < 1) goto bad; engine= *(++argv); } +#endif else if (strcmp(*argv,"-C") == 0) C= ++num; else if (strcmp(*argv,"-email") == 0) @@ -450,7 +456,9 @@ bad: goto end; } +#ifndef OPENSSL_NO_ENGINE e = setup_engine(bio_err, engine, 0); +#endif if (need_rand) app_RAND_load_file(NULL, bio_err, 0); diff --git a/crypto/openssl/config b/crypto/openssl/config index 8988f66..88d2873 100755 --- a/crypto/openssl/config +++ b/crypto/openssl/config @@ -74,34 +74,27 @@ if [ "x$XREL" != "x" ]; then echo "whatever-whatever-sco5"; exit 0 ;; 4.2MP) - if [ "x$VERSION" = "x2.01" ]; then - echo "${MACHINE}-whatever-unixware201"; exit 0 - elif [ "x$VERSION" = "x2.02" ]; then - echo "${MACHINE}-whatever-unixware202"; exit 0 - elif [ "x$VERSION" = "x2.03" ]; then - echo "${MACHINE}-whatever-unixware203"; exit 0 - elif [ "x$VERSION" = "x2.1.1" ]; then - echo "${MACHINE}-whatever-unixware211"; exit 0 - elif [ "x$VERSION" = "x2.1.2" ]; then - echo "${MACHINE}-whatever-unixware212"; exit 0 - elif [ "x$VERSION" = "x2.1.3" ]; then - echo "${MACHINE}-whatever-unixware213"; exit 0 - else - echo "${MACHINE}-whatever-unixware2"; exit 0 - fi + case "x${VERSION}" in + x2.0*) echo "whatever-whatever-unixware20"; exit 0 ;; + x2.1*) echo "whatever-whatever-unixware21"; exit 0 ;; + x2*) echo "whatever-whatever-unixware2"; exit 0 ;; + esac ;; 4.2) - echo "whatever-whatever-unixware1"; exit 0 - ;; - OpenUNIX) - if [ "`echo x$VERSION | sed -e 's/\..*//'`" = "x8" ]; then - echo "${MACHINE}-unknown-OpenUNIX${VERSION}"; exit 0 - fi + echo "i386-whatever-unixware1"; exit 0 ;; 5) - if [ "`echo x$VERSION | sed -e 's/\..*//'`" = "x7" ]; then - echo "${MACHINE}-sco-unixware7"; exit 0 - fi + case "x${VERSION}" in + # We hardcode i586 in place of ${MACHINE} for the + # following reason. The catch is that even though Pentium + # is minimum requirement for platforms in question, + # ${MACHINE} gets always assigned to i386. Now, problem + # with i386 is that it makes ./config pass 386 to + # ./Configure, which in turn makes make generate + # inefficient SHA-1 (for this moment) code. + x7*) echo "i586-sco-unixware7"; exit 0 ;; + x8*) echo "i586-unkn-OpenUNIX${VERSION}"; exit 0 ;; + esac ;; esac fi @@ -196,7 +189,7 @@ case "${SYSTEM}:${RELEASE}:${VERSION}:${MACHINE}" in echo "${MACHINE}-whatever-bsdi"; exit 0 ;; - FreeBSD:*) + FreeBSD:*:*:*386*) VERS=`echo ${RELEASE} | sed -e 's/[-(].*//'` MACH=`sysctl -n hw.model` ARCH='whatever' @@ -205,7 +198,6 @@ case "${SYSTEM}:${RELEASE}:${VERSION}:${MACHINE}" in *486* ) MACH="i486" ;; Pentium\ II*) MACH="i686" ;; Pentium* ) MACH="i586" ;; - Alpha* ) MACH="alpha" ;; * ) MACH="$MACHINE" ;; esac case ${MACH} in @@ -214,6 +206,10 @@ case "${SYSTEM}:${RELEASE}:${VERSION}:${MACHINE}" in echo "${MACH}-${ARCH}-freebsd${VERS}"; exit 0 ;; + FreeBSD:*) + echo "${MACHINE}-whatever-freebsd"; exit 0 + ;; + NetBSD:*:*:*386*) echo "`(/usr/sbin/sysctl -n hw.model || /sbin/sysctl -n hw.model) | sed 's,.*\(.\)86-class.*,i\186,'`-whatever-netbsd"; exit 0 ;; @@ -461,6 +457,10 @@ if [ "${SYSTEM}-${MACHINE}" = "Linux-alpha" ]; then fi fi +if [ "${SYSTEM}" = "AIX" ]; then # favor vendor cc over gcc + (cc) 2>&1 | grep -iv "command not found" > /dev/null && CC=cc +fi + CCVER=${CCVER:-0} # read the output of the embedded GuessOS @@ -547,7 +547,7 @@ EOF ppc-apple-darwin*) OUT="darwin-ppc-cc" ;; i386-apple-darwin*) OUT="darwin-i386-cc" ;; sparc64-*-linux2) - echo "WARNING! If *know* that your GNU C supports 64-bit/V9 ABI" + echo "WARNING! If you *know* that your GNU C supports 64-bit/V9 ABI" echo " and wish to build 64-bit library, then you have to" echo " invoke './Configure linux64-sparcv9' *manually*." if [ "$TEST" = "false" ]; then @@ -640,6 +640,8 @@ EOF *86*-*-solaris2) OUT="solaris-x86-$CC" ;; *-*-sunos4) OUT="sunos-$CC" ;; alpha*-*-freebsd*) OUT="FreeBSD-alpha" ;; + sparc64-*-freebsd*) OUT="FreeBSD-sparc64" ;; + ia64-*-freebsd*) OUT="FreeBSD-ia64" ;; *-freebsd[3-9]*) OUT="FreeBSD-elf" ;; *-freebsd[1-2]*) OUT="FreeBSD" ;; *86*-*-netbsd) OUT="NetBSD-x86" ;; @@ -696,9 +698,11 @@ EOF CPU_VERSION=${CPU_VERSION:-0} # See <sys/unistd.h> for further info on CPU_VERSION. if [ $CPU_VERSION -ge 768 ]; then # IA-64 CPU - echo "NOTICE! 64-bit is the only ABI currently operational on HP-UXi." - echo " Post request to openssl-dev@openssl.org for 32-bit support." + echo "WARNING! 64-bit ABI is the default configured ABI on HP-UXi." + echo " If you wish to build 32-bit library, the you have to" + echo " invoke './Configure hpux-ia32-cc' *manually*." if [ "$TEST" = "false" ]; then + echo " You have about 5 seconds to press Ctrl-C to abort." (stty -icanon min 0 time 50; read waste) < /dev/tty fi OUT="hpux64-ia64-cc" diff --git a/crypto/openssl/crypto/aes/aes_core.c b/crypto/openssl/crypto/aes/aes_core.c index ea884f6..2f41a82 100644 --- a/crypto/openssl/crypto/aes/aes_core.c +++ b/crypto/openssl/crypto/aes/aes_core.c @@ -750,7 +750,7 @@ int AES_set_encrypt_key(const unsigned char *userKey, const int bits, rk[2] = GETU32(userKey + 8); rk[3] = GETU32(userKey + 12); if (bits == 128) { - for (;;) { + while (1) { temp = rk[3]; rk[4] = rk[0] ^ (Te4[(temp >> 16) & 0xff] & 0xff000000) ^ @@ -770,7 +770,7 @@ int AES_set_encrypt_key(const unsigned char *userKey, const int bits, rk[4] = GETU32(userKey + 16); rk[5] = GETU32(userKey + 20); if (bits == 192) { - for (;;) { + while (1) { temp = rk[ 5]; rk[ 6] = rk[ 0] ^ (Te4[(temp >> 16) & 0xff] & 0xff000000) ^ @@ -792,7 +792,7 @@ int AES_set_encrypt_key(const unsigned char *userKey, const int bits, rk[6] = GETU32(userKey + 24); rk[7] = GETU32(userKey + 28); if (bits == 256) { - for (;;) { + while (1) { temp = rk[ 7]; rk[ 8] = rk[ 0] ^ (Te4[(temp >> 16) & 0xff] & 0xff000000) ^ diff --git a/crypto/openssl/crypto/asn1/a_time.c b/crypto/openssl/crypto/asn1/a_time.c index 6e5e9d8..7348da9 100644 --- a/crypto/openssl/crypto/asn1/a_time.c +++ b/crypto/openssl/crypto/asn1/a_time.c @@ -105,7 +105,10 @@ ASN1_TIME *ASN1_TIME_set(ASN1_TIME *s, time_t t) ts=OPENSSL_gmtime(&t,&data); if (ts == NULL) + { + ASN1err(ASN1_F_ASN1_TIME_SET, ASN1_R_ERROR_GETTING_TIME); return NULL; + } if((ts->tm_year >= 50) && (ts->tm_year < 150)) return ASN1_UTCTIME_set(s, t); return ASN1_GENERALIZEDTIME_set(s,t); @@ -152,7 +155,7 @@ ASN1_GENERALIZEDTIME *ASN1_TIME_to_generalizedtime(ASN1_TIME *t, ASN1_GENERALIZE if (t->data[0] >= '5') strcpy(str, "19"); else strcpy(str, "20"); - BUF_strlcat(str, (char *)t->data, t->length+2); + BUF_strlcat(str, (char *)t->data, t->length+3); /* Include space for a '\0' */ return ret; } diff --git a/crypto/openssl/crypto/asn1/asn1.h b/crypto/openssl/crypto/asn1/asn1.h index 28b5b00..99ba920 100644 --- a/crypto/openssl/crypto/asn1/asn1.h +++ b/crypto/openssl/crypto/asn1/asn1.h @@ -980,6 +980,7 @@ void ERR_load_ASN1_strings(void); #define ASN1_F_ASN1_TEMPLATE_D2I 131 #define ASN1_F_ASN1_TEMPLATE_EX_D2I 132 #define ASN1_F_ASN1_TEMPLATE_NEW 133 +#define ASN1_F_ASN1_TIME_SET 175 #define ASN1_F_ASN1_TYPE_GET_INT_OCTETSTRING 134 #define ASN1_F_ASN1_TYPE_GET_OCTETSTRING 135 #define ASN1_F_ASN1_UNPACK_STRING 136 @@ -1037,6 +1038,7 @@ void ERR_load_ASN1_strings(void); #define ASN1_R_DECODE_ERROR 110 #define ASN1_R_DECODING_ERROR 111 #define ASN1_R_ENCODE_ERROR 112 +#define ASN1_R_ERROR_GETTING_TIME 173 #define ASN1_R_ERROR_LOADING_SECTION 172 #define ASN1_R_ERROR_PARSING_SET_ELEMENT 113 #define ASN1_R_ERROR_SETTING_CIPHER_PARAMS 114 diff --git a/crypto/openssl/crypto/asn1/asn1_err.c b/crypto/openssl/crypto/asn1/asn1_err.c index c4c3d2a..094ec06 100644 --- a/crypto/openssl/crypto/asn1/asn1_err.c +++ b/crypto/openssl/crypto/asn1/asn1_err.c @@ -1,6 +1,6 @@ /* crypto/asn1/asn1_err.c */ /* ==================================================================== - * Copyright (c) 1999 The OpenSSL Project. All rights reserved. + * Copyright (c) 1999-2002 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -100,6 +100,7 @@ static ERR_STRING_DATA ASN1_str_functs[]= {ERR_PACK(0,ASN1_F_ASN1_TEMPLATE_D2I,0), "ASN1_TEMPLATE_D2I"}, {ERR_PACK(0,ASN1_F_ASN1_TEMPLATE_EX_D2I,0), "ASN1_TEMPLATE_EX_D2I"}, {ERR_PACK(0,ASN1_F_ASN1_TEMPLATE_NEW,0), "ASN1_TEMPLATE_NEW"}, +{ERR_PACK(0,ASN1_F_ASN1_TIME_SET,0), "ASN1_TIME_set"}, {ERR_PACK(0,ASN1_F_ASN1_TYPE_GET_INT_OCTETSTRING,0), "ASN1_TYPE_get_int_octetstring"}, {ERR_PACK(0,ASN1_F_ASN1_TYPE_GET_OCTETSTRING,0), "ASN1_TYPE_get_octetstring"}, {ERR_PACK(0,ASN1_F_ASN1_UNPACK_STRING,0), "ASN1_unpack_string"}, @@ -160,6 +161,7 @@ static ERR_STRING_DATA ASN1_str_reasons[]= {ASN1_R_DECODE_ERROR ,"decode error"}, {ASN1_R_DECODING_ERROR ,"decoding error"}, {ASN1_R_ENCODE_ERROR ,"encode error"}, +{ASN1_R_ERROR_GETTING_TIME ,"error getting time"}, {ASN1_R_ERROR_LOADING_SECTION ,"error loading section"}, {ASN1_R_ERROR_PARSING_SET_ELEMENT ,"error parsing set element"}, {ASN1_R_ERROR_SETTING_CIPHER_PARAMS ,"error setting cipher params"}, diff --git a/crypto/openssl/crypto/bf/Makefile.ssl b/crypto/openssl/crypto/bf/Makefile.ssl index bd3cedc..bb14a0e 100644 --- a/crypto/openssl/crypto/bf/Makefile.ssl +++ b/crypto/openssl/crypto/bf/Makefile.ssl @@ -49,14 +49,8 @@ lib: $(LIBOBJ) @touch lib # elf -asm/bx86-elf.o: asm/bx86unix.cpp - $(CPP) -DELF -x c asm/bx86unix.cpp | as -o asm/bx86-elf.o - -# solaris -asm/bx86-sol.o: asm/bx86unix.cpp - $(CC) -E -DSOL asm/bx86unix.cpp | sed 's/^#.*//' > asm/bx86-sol.s - as -o asm/bx86-sol.o asm/bx86-sol.s - rm -f asm/bx86-sol.s +asm/bx86-elf.s: asm/bf-586.pl ../perlasm/x86asm.pl ../perlasm/cbc.pl + (cd asm; $(PERL) bf-586.pl elf $(CFLAGS) $(PROCESSOR) > bx86-elf.s) # a.out asm/bx86-out.o: asm/bx86unix.cpp @@ -103,7 +97,7 @@ dclean: mv -f Makefile.new $(MAKEFILE) clean: - rm -f asm/bx86unix.cpp *.o asm/*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff + rm -f asm/bx86unix.cpp asm/*-elf.* *.o asm/*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff # DO NOT DELETE THIS LINE -- make depend depends on it. diff --git a/crypto/openssl/crypto/bio/b_sock.c b/crypto/openssl/crypto/bio/b_sock.c index 86f3817..601a14f 100644 --- a/crypto/openssl/crypto/bio/b_sock.c +++ b/crypto/openssl/crypto/bio/b_sock.c @@ -492,7 +492,7 @@ void BIO_sock_cleanup(void) #if !defined(OPENSSL_SYS_VMS) || __VMS_VER >= 70000000 -int BIO_socket_ioctl(int fd, long type, unsigned long *arg) +int BIO_socket_ioctl(int fd, long type, void *arg) { int i; @@ -742,7 +742,7 @@ int BIO_set_tcp_ndelay(int s, int on) int BIO_socket_nbio(int s, int mode) { int ret= -1; - unsigned long l; + int l; l=mode; #ifdef FIONBIO diff --git a/crypto/openssl/crypto/bio/bio.h b/crypto/openssl/crypto/bio/bio.h index ecd2899..fbbc16d 100644 --- a/crypto/openssl/crypto/bio/bio.h +++ b/crypto/openssl/crypto/bio/bio.h @@ -244,7 +244,7 @@ typedef struct bio_method_st long (_far *ctrl)(); int (_far *create)(); int (_far *destroy)(); - long (_fat *callback_ctrl)(); + long (_far *callback_ctrl)(); } BIO_METHOD; #endif @@ -585,7 +585,7 @@ struct hostent *BIO_gethostbyname(const char *name); * and an appropriate error code is set). */ int BIO_sock_error(int sock); -int BIO_socket_ioctl(int fd, long type, unsigned long *arg); +int BIO_socket_ioctl(int fd, long type, void *arg); int BIO_socket_nbio(int fd,int mode); int BIO_get_port(const char *str, unsigned short *port_ptr); int BIO_get_host_ip(const char *str, unsigned char *ip); diff --git a/crypto/openssl/crypto/bio/bio_lib.c b/crypto/openssl/crypto/bio/bio_lib.c index 98ce395..692c8fb 100644 --- a/crypto/openssl/crypto/bio/bio_lib.c +++ b/crypto/openssl/crypto/bio/bio_lib.c @@ -395,6 +395,8 @@ BIO *BIO_pop(BIO *b) if (b == NULL) return(NULL); ret=b->next_bio; + BIO_ctrl(b,BIO_CTRL_POP,0,NULL); + if (b->prev_bio != NULL) b->prev_bio->next_bio=b->next_bio; if (b->next_bio != NULL) @@ -402,7 +404,6 @@ BIO *BIO_pop(BIO *b) b->next_bio=NULL; b->prev_bio=NULL; - BIO_ctrl(b,BIO_CTRL_POP,0,NULL); return(ret); } diff --git a/crypto/openssl/crypto/bn/Makefile.ssl b/crypto/openssl/crypto/bn/Makefile.ssl index 1d378920..c1547a8 100644 --- a/crypto/openssl/crypto/bn/Makefile.ssl +++ b/crypto/openssl/crypto/bn/Makefile.ssl @@ -23,14 +23,6 @@ BN_ASM= bn_asm.o CFLAGS= $(INCLUDES) $(CFLAG) -# We let the C compiler driver to take care of .s files. This is done in -# order to be excused from maintaining a separate set of architecture -# dependent assembler flags. E.g. if you throw -mcpu=ultrasparc at SPARC -# gcc, then the driver will automatically translate it to -xarch=v8plus -# and pass it down to assembler. -AS=$(CC) -c -ASFLAGS=$(CFLAGS) - GENERAL=Makefile TEST=bntest.c exptest.c APPS= @@ -73,22 +65,11 @@ lib: $(LIBOBJ) @touch lib # elf -asm/bn86-elf.o: asm/bn86unix.cpp - $(CPP) -DELF -x c asm/bn86unix.cpp | as -o asm/bn86-elf.o - -asm/co86-elf.o: asm/co86unix.cpp - $(CPP) -DELF -x c asm/co86unix.cpp | as -o asm/co86-elf.o - -# solaris -asm/bn86-sol.o: asm/bn86unix.cpp - $(CC) -E -DSOL asm/bn86unix.cpp | sed 's/^#.*//' > asm/bn86-sol.s - as -o asm/bn86-sol.o asm/bn86-sol.s - rm -f asm/bn86-sol.s +asm/bn86-elf.s: asm/bn-586.pl ../perlasm/x86asm.pl + (cd asm; $(PERL) bn-586.pl elf $(CFLAGS) > bn86-elf.s) -asm/co86-sol.o: asm/co86unix.cpp - $(CC) -E -DSOL asm/co86unix.cpp | sed 's/^#.*//' > asm/co86-sol.s - as -o asm/co86-sol.o asm/co86-sol.s - rm -f asm/co86-sol.s +asm/co86-elf.s: asm/co-586.pl ../perlasm/x86asm.pl + (cd asm; $(PERL) co-586.pl elf $(CFLAGS) > co86-elf.s) # a.out asm/bn86-out.o: asm/bn86unix.cpp @@ -178,7 +159,7 @@ dclean: mv -f Makefile.new $(MAKEFILE) clean: - rm -f asm/co86unix.cpp asm/bn86unix.cpp *.o */*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff bn_asm.s + rm -f asm/co86unix.cpp asm/bn86unix.cpp asm/*-elf.* *.o */*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff bn_asm.s # DO NOT DELETE THIS LINE -- make depend depends on it. diff --git a/crypto/openssl/crypto/bn/asm/ia64.S b/crypto/openssl/crypto/bn/asm/ia64.S index ae56066..7dfda85 100644 --- a/crypto/openssl/crypto/bn/asm/ia64.S +++ b/crypto/openssl/crypto/bn/asm/ia64.S @@ -1,6 +1,6 @@ .explicit .text -.ident "ia64.S, Version 1.1" +.ident "ia64.S, Version 2.0" .ident "IA-64 ISA artwork by Andy Polyakov <appro@fy.chalmers.se>" // @@ -13,6 +13,35 @@ // disclaimed. // ==================================================================== // +// Version 2.x is Itanium2 re-tune. Few words about how Itanum2 is +// different from Itanium to this module viewpoint. Most notably, is it +// "wider" than Itanium? Can you experience loop scalability as +// discussed in commentary sections? Not really:-( Itanium2 has 6 +// integer ALU ports, i.e. it's 2 ports wider, but it's not enough to +// spin twice as fast, as I need 8 IALU ports. Amount of floating point +// ports is the same, i.e. 2, while I need 4. In other words, to this +// module Itanium2 remains effectively as "wide" as Itanium. Yet it's +// essentially different in respect to this module, and a re-tune was +// required. Well, because some intruction latencies has changed. Most +// noticeably those intensively used: +// +// Itanium Itanium2 +// ldf8 9 6 L2 hit +// ld8 2 1 L1 hit +// getf 2 5 +// xma[->getf] 7[+1] 4[+0] +// add[->st8] 1[+1] 1[+0] +// +// What does it mean? You might ratiocinate that the original code +// should run just faster... Because sum of latencies is smaller... +// Wrong! Note that getf latency increased. This means that if a loop is +// scheduled for lower latency (and they are), then it will suffer from +// stall condition and the code will therefore turn anti-scalable, e.g. +// original bn_mul_words spun at 5*n or 2.5 times slower than expected +// on Itanium2! What to do? Reschedule loops for Itanium2? But then +// Itanium would exhibit anti-scalability. So I've chosen to reschedule +// for worst latency for every instruction aiming for best *all-round* +// performance. // Q. How much faster does it get? // A. Here is the output from 'openssl speed rsa dsa' for vanilla @@ -149,12 +178,27 @@ bn_add_words: brp.loop.imp .L_bn_add_words_ctop,.L_bn_add_words_cend-16 } .body -{ .mib; mov r14=r32 // rp +{ .mib; +#if defined(_HPUX_SOURCE) && defined(_ILP32) + addp4 r14=0,r32 // rp +#else + mov r14=r32 // rp +#endif mov r9=pr };; -{ .mii; mov r15=r33 // ap +{ .mii; +#if defined(_HPUX_SOURCE) && defined(_ILP32) + addp4 r15=0,r33 // ap +#else + mov r15=r33 // ap +#endif mov ar.lc=r10 mov ar.ec=6 } -{ .mib; mov r16=r34 // bp +{ .mib; +#if defined(_HPUX_SOURCE) && defined(_ILP32) + addp4 r16=0,r34 // bp +#else + mov r16=r34 // bp +#endif mov pr.rot=1<<16 };; .L_bn_add_words_ctop: @@ -174,7 +218,7 @@ bn_add_words: { .mii; (p59) add r8=1,r8 // return value - mov pr=r9,-1 + mov pr=r9,0x1ffff mov ar.lc=r3 } { .mbb; nop.b 0x0 br.ret.sptk.many b0 };; @@ -202,12 +246,27 @@ bn_sub_words: brp.loop.imp .L_bn_sub_words_ctop,.L_bn_sub_words_cend-16 } .body -{ .mib; mov r14=r32 // rp +{ .mib; +#if defined(_HPUX_SOURCE) && defined(_ILP32) + addp4 r14=0,r32 // rp +#else + mov r14=r32 // rp +#endif mov r9=pr };; -{ .mii; mov r15=r33 // ap +{ .mii; +#if defined(_HPUX_SOURCE) && defined(_ILP32) + addp4 r15=0,r33 // ap +#else + mov r15=r33 // ap +#endif mov ar.lc=r10 mov ar.ec=6 } -{ .mib; mov r16=r34 // bp +{ .mib; +#if defined(_HPUX_SOURCE) && defined(_ILP32) + addp4 r16=0,r34 // bp +#else + mov r16=r34 // bp +#endif mov pr.rot=1<<16 };; .L_bn_sub_words_ctop: @@ -227,7 +286,7 @@ bn_sub_words: { .mii; (p59) add r8=1,r8 // return value - mov pr=r9,-1 + mov pr=r9,0x1ffff mov ar.lc=r3 } { .mbb; nop.b 0x0 br.ret.sptk.many b0 };; @@ -253,7 +312,7 @@ bn_mul_words: #ifdef XMA_TEMPTATION { .mfi; alloc r2=ar.pfs,4,0,0,0 };; #else -{ .mfi; alloc r2=ar.pfs,4,4,0,8 };; +{ .mfi; alloc r2=ar.pfs,4,12,0,16 };; #endif { .mib; mov r8=r0 // return value cmp4.le p6,p0=r34,r0 @@ -266,24 +325,30 @@ bn_mul_words: .body { .mib; setf.sig f8=r35 // w - mov pr.rot=0x400001<<16 - // ------^----- serves as (p48) at first (p26) + mov pr.rot=0x800001<<16 + // ------^----- serves as (p50) at first (p27) brp.loop.imp .L_bn_mul_words_ctop,.L_bn_mul_words_cend-16 } #ifndef XMA_TEMPTATION -{ .mii; mov r14=r32 // rp - mov r15=r33 // ap +{ .mii; +#if defined(_HPUX_SOURCE) && defined(_ILP32) + addp4 r14=0,r32 // rp + addp4 r15=0,r33 // ap +#else + mov r14=r32 // rp + mov r15=r33 // ap +#endif mov ar.lc=r10 } -{ .mii; mov r39=0 // serves as r33 at first (p26) - mov ar.ec=12 };; +{ .mii; mov r40=0 // serves as r35 at first (p27) + mov ar.ec=13 };; -// This loop spins in 2*(n+11) ticks. It's scheduled for data in L2 -// cache (i.e. 9 ticks away) as floating point load/store instructions +// This loop spins in 2*(n+12) ticks. It's scheduled for data in Itanium +// L2 cache (i.e. 9 ticks away) as floating point load/store instructions // bypass L1 cache and L2 latency is actually best-case scenario for -// ldf8. The loop is not scalable and shall run in 2*(n+11) even on -// "wider" IA-64 implementations. It's a trade-off here. n+22 loop +// ldf8. The loop is not scalable and shall run in 2*(n+12) even on +// "wider" IA-64 implementations. It's a trade-off here. n+24 loop // would give us ~5% in *overall* performance improvement on "wider" // IA-64, but would hurt Itanium for about same because of longer // epilogue. As it's a matter of few percents in either case I've @@ -291,25 +356,25 @@ bn_mul_words: // this very instruction sequence in bn_mul_add_words loop which in // turn is scalable). .L_bn_mul_words_ctop: -{ .mfi; (p25) getf.sig r36=f49 // low - (p21) xmpy.lu f45=f37,f8 - (p27) cmp.ltu p52,p48=r39,r38 } +{ .mfi; (p25) getf.sig r36=f52 // low + (p21) xmpy.lu f48=f37,f8 + (p28) cmp.ltu p54,p50=r41,r39 } { .mfi; (p16) ldf8 f32=[r15],8 - (p21) xmpy.hu f38=f37,f8 + (p21) xmpy.hu f40=f37,f8 (p0) nop.i 0x0 };; -{ .mii; (p26) getf.sig r32=f43 // high - .pred.rel "mutex",p48,p52 - (p48) add r38=r37,r33 // (p26) - (p52) add r38=r37,r33,1 } // (p26) -{ .mfb; (p27) st8 [r14]=r39,8 +{ .mii; (p25) getf.sig r32=f44 // high + .pred.rel "mutex",p50,p54 + (p50) add r40=r38,r35 // (p27) + (p54) add r40=r38,r35,1 } // (p27) +{ .mfb; (p28) st8 [r14]=r41,8 (p0) nop.f 0x0 br.ctop.sptk .L_bn_mul_words_ctop };; .L_bn_mul_words_cend: { .mii; nop.m 0x0 -.pred.rel "mutex",p49,p53 -(p49) add r8=r34,r0 -(p53) add r8=r34,r0,1 } +.pred.rel "mutex",p51,p55 +(p51) add r8=r36,r0 +(p55) add r8=r36,r0,1 } { .mfb; nop.m 0x0 nop.f 0x0 nop.b 0x0 } @@ -344,7 +409,7 @@ bn_mul_words: #endif // XMA_TEMPTATION { .mii; nop.m 0x0 - mov pr=r9,-1 + mov pr=r9,0x1ffff mov ar.lc=r3 } { .mfb; rum 1<<5 // clear um.mfh nop.f 0x0 @@ -376,59 +441,69 @@ bn_mul_add_words: .body { .mib; setf.sig f8=r35 // w - mov pr.rot=0x400001<<16 - // ------^----- serves as (p48) at first (p26) + mov pr.rot=0x800001<<16 + // ------^----- serves as (p50) at first (p27) brp.loop.imp .L_bn_mul_add_words_ctop,.L_bn_mul_add_words_cend-16 } -{ .mii; mov r14=r32 // rp - mov r15=r33 // ap +{ .mii; +#if defined(_HPUX_SOURCE) && defined(_ILP32) + addp4 r14=0,r32 // rp + addp4 r15=0,r33 // ap +#else + mov r14=r32 // rp + mov r15=r33 // ap +#endif mov ar.lc=r10 } -{ .mii; mov r39=0 // serves as r33 at first (p26) - mov r18=r32 // rp copy - mov ar.ec=14 };; +{ .mii; mov r40=0 // serves as r35 at first (p27) +#if defined(_HPUX_SOURCE) && defined(_ILP32) + addp4 r18=0,r32 // rp copy +#else + mov r18=r32 // rp copy +#endif + mov ar.ec=15 };; -// This loop spins in 3*(n+13) ticks on Itanium and should spin in -// 2*(n+13) on "wider" IA-64 implementations (to be verified with new +// This loop spins in 3*(n+14) ticks on Itanium and should spin in +// 2*(n+14) on "wider" IA-64 implementations (to be verified with new // µ-architecture manuals as they become available). As usual it's // possible to compress the epilogue, down to 10 in this case, at the // cost of scalability. Compressed (and therefore non-scalable) loop -// running at 3*(n+10) would buy you ~10% on Itanium but take ~35% +// running at 3*(n+11) would buy you ~10% on Itanium but take ~35% // from "wider" IA-64 so let it be scalable! Special attention was // paid for having the loop body split at 64-byte boundary. ld8 is // scheduled for L1 cache as the data is more than likely there. // Indeed, bn_mul_words has put it there a moment ago:-) .L_bn_mul_add_words_ctop: -{ .mfi; (p25) getf.sig r36=f49 // low - (p21) xmpy.lu f45=f37,f8 - (p27) cmp.ltu p52,p48=r39,r38 } +{ .mfi; (p25) getf.sig r36=f52 // low + (p21) xmpy.lu f48=f37,f8 + (p28) cmp.ltu p54,p50=r41,r39 } { .mfi; (p16) ldf8 f32=[r15],8 - (p21) xmpy.hu f38=f37,f8 - (p27) add r43=r43,r39 };; -{ .mii; (p26) getf.sig r32=f43 // high - .pred.rel "mutex",p48,p52 - (p48) add r38=r37,r33 // (p26) - (p52) add r38=r37,r33,1 } // (p26) -{ .mfb; (p27) cmp.ltu.unc p56,p0=r43,r39 + (p21) xmpy.hu f40=f37,f8 + (p28) add r45=r45,r41 };; +{ .mii; (p25) getf.sig r32=f44 // high + .pred.rel "mutex",p50,p54 + (p50) add r40=r38,r35 // (p27) + (p54) add r40=r38,r35,1 } // (p27) +{ .mfb; (p28) cmp.ltu.unc p60,p0=r45,r41 (p0) nop.f 0x0 (p0) nop.b 0x0 } -{ .mii; (p26) ld8 r42=[r18],8 - (p58) cmp.eq.or p57,p0=-1,r44 - (p58) add r44=1,r44 } -{ .mfb; (p29) st8 [r14]=r45,8 +{ .mii; (p27) ld8 r44=[r18],8 + (p62) cmp.eq.or p61,p0=-1,r46 + (p62) add r46=1,r46 } +{ .mfb; (p30) st8 [r14]=r47,8 (p0) nop.f 0x0 br.ctop.sptk .L_bn_mul_add_words_ctop};; .L_bn_mul_add_words_cend: { .mii; nop.m 0x0 -.pred.rel "mutex",p51,p55 -(p51) add r8=r36,r0 -(p55) add r8=r36,r0,1 } +.pred.rel "mutex",p53,p57 +(p53) add r8=r38,r0 +(p57) add r8=r38,r0,1 } { .mfb; nop.m 0x0 nop.f 0x0 nop.b 0x0 };; { .mii; -(p59) add r8=1,r8 - mov pr=r9,-1 +(p63) add r8=1,r8 + mov pr=r9,0x1ffff mov ar.lc=r3 } { .mfb; rum 1<<5 // clear um.mfh nop.f 0x0 @@ -461,6 +536,10 @@ bn_sqr_words: mov r9=pr };; .body +#if defined(_HPUX_SOURCE) && defined(_ILP32) +{ .mii; addp4 r32=0,r32 + addp4 r33=0,r33 };; +#endif { .mib; mov pr.rot=1<<16 brp.loop.imp .L_bn_sqr_words_ctop,.L_bn_sqr_words_cend-16 @@ -492,7 +571,7 @@ bn_sqr_words: .L_bn_sqr_words_cend: { .mii; nop.m 0x0 - mov pr=r9,-1 + mov pr=r9,0x1ffff mov ar.lc=r3 } { .mfb; rum 1<<5 // clear um.mfh nop.f 0x0 @@ -526,7 +605,14 @@ bn_sqr_comba8: .prologue .fframe 0 .save ar.pfs,r2 +#if defined(_HPUX_SOURCE) && defined(_ILP32) { .mii; alloc r2=ar.pfs,2,1,0,0 + addp4 r33=0,r33 + addp4 r32=0,r32 };; +{ .mii; +#else +{ .mii; alloc r2=ar.pfs,2,1,0,0 +#endif mov r34=r33 add r14=8,r33 };; .body @@ -587,7 +673,14 @@ bn_mul_comba8: .prologue .fframe 0 .save ar.pfs,r2 +#if defined(_HPUX_SOURCE) && defined(_ILP32) { .mii; alloc r2=ar.pfs,3,0,0,0 + addp4 r33=0,r33 + addp4 r34=0,r34 };; +{ .mii; addp4 r32=0,r32 +#else +{ .mii; alloc r2=ar.pfs,3,0,0,0 +#endif add r14=8,r33 add r17=8,r34 } .body @@ -1138,7 +1231,14 @@ bn_sqr_comba4: .prologue .fframe 0 .save ar.pfs,r2 +#if defined(_HPUX_SOURCE) && defined(_ILP32) +{ .mii; alloc r2=ar.pfs,2,1,0,0 + addp4 r32=0,r32 + addp4 r33=0,r33 };; +{ .mii; +#else { .mii; alloc r2=ar.pfs,2,1,0,0 +#endif mov r34=r33 add r14=8,r33 };; .body @@ -1164,7 +1264,14 @@ bn_mul_comba4: .prologue .fframe 0 .save ar.pfs,r2 +#if defined(_HPUX_SOURCE) && defined(_ILP32) +{ .mii; alloc r2=ar.pfs,3,0,0,0 + addp4 r33=0,r33 + addp4 r34=0,r34 };; +{ .mii; addp4 r32=0,r32 +#else { .mii; alloc r2=ar.pfs,3,0,0,0 +#endif add r14=8,r33 add r17=8,r34 } .body @@ -1464,7 +1571,7 @@ bn_div_words: or r8=r8,r33 mov ar.pfs=r2 };; { .mii; shr.u r9=H,I // remainder if anybody wants it - mov pr=r10,-1 } + mov pr=r10,0x1ffff } { .mfb; br.ret.sptk.many b0 };; // Unsigned 64 by 32 (well, by 64 for the moment) bit integer division diff --git a/crypto/openssl/crypto/bn/asm/pa-risc2.s b/crypto/openssl/crypto/bn/asm/pa-risc2.s index af9730d..f3b1629 100644 --- a/crypto/openssl/crypto/bn/asm/pa-risc2.s +++ b/crypto/openssl/crypto/bn/asm/pa-risc2.s @@ -747,8 +747,8 @@ bn_div_words .PROC .EXPORT bn_div_words,ENTRY,PRIV_LEV=3,ARGW0=GR,ARGW1=GR,ARGW2=GR,ARGW3=GR,RTNVAL=GR,LONG_RETURN .IMPORT BN_num_bits_word,CODE - .IMPORT __iob,DATA - .IMPORT fprintf,CODE + ;--- not PIC .IMPORT __iob,DATA + ;--- not PIC .IMPORT fprintf,CODE .IMPORT abort,CODE .IMPORT $$div2U,MILLICODE .CALLINFO CALLER,FRAME=144,ENTRY_GR=%r9,SAVE_RP,ARGS_SAVED,ORDERING_AWARE @@ -844,12 +844,12 @@ $0006001A MOVIB,TR 2,%r8,$0006001C ;offset 0xa18 EXTRD,U %r3,63,32,%r7 ;offset 0xa1c $D2 - ADDIL LR'__iob-$global$,%r27,%r1 ;offset 0xa20 - LDIL LR'C$7,%r21 ;offset 0xa24 - LDO RR'__iob-$global$+32(%r1),%r26 ;offset 0xa28 - .CALL ARGW0=GR,ARGW1=GR,ARGW2=GR,RTNVAL=GR ;in=24,25,26;out=28; - B,L fprintf,%r2 ;offset 0xa2c - LDO RR'C$7(%r21),%r25 ;offset 0xa30 + ;--- not PIC ADDIL LR'__iob-$global$,%r27,%r1 ;offset 0xa20 + ;--- not PIC LDIL LR'C$7,%r21 ;offset 0xa24 + ;--- not PIC LDO RR'__iob-$global$+32(%r1),%r26 ;offset 0xa28 + ;--- not PIC .CALL ARGW0=GR,ARGW1=GR,ARGW2=GR,RTNVAL=GR ;in=24,25,26;out=28; + ;--- not PIC B,L fprintf,%r2 ;offset 0xa2c + ;--- not PIC LDO RR'C$7(%r21),%r25 ;offset 0xa30 .CALL ; B,L abort,%r2 ;offset 0xa34 NOP ;offset 0xa38 @@ -1605,14 +1605,14 @@ bn_mul_comba4 .PROCEND - .SPACE $TEXT$ - .SUBSPA $CODE$ - .SPACE $PRIVATE$,SORT=16 - .IMPORT $global$,DATA - .SPACE $TEXT$ - .SUBSPA $CODE$ - .SUBSPA $LIT$,ACCESS=0x2c -C$7 - .ALIGN 8 - .STRINGZ "Division would overflow (%d)\n" +;--- not PIC .SPACE $TEXT$ +;--- not PIC .SUBSPA $CODE$ +;--- not PIC .SPACE $PRIVATE$,SORT=16 +;--- not PIC .IMPORT $global$,DATA +;--- not PIC .SPACE $TEXT$ +;--- not PIC .SUBSPA $CODE$ +;--- not PIC .SUBSPA $LIT$,ACCESS=0x2c +;--- not PIC C$7 +;--- not PIC .ALIGN 8 +;--- not PIC .STRINGZ "Division would overflow (%d)\n" .END diff --git a/crypto/openssl/crypto/bn/bn_lcl.h b/crypto/openssl/crypto/bn/bn_lcl.h index bf7c124..5614bc6 100644 --- a/crypto/openssl/crypto/bn/bn_lcl.h +++ b/crypto/openssl/crypto/bn/bn_lcl.h @@ -446,10 +446,6 @@ void bn_mul_low_recursive(BN_ULONG *r,BN_ULONG *a,BN_ULONG *b,int n2, BN_ULONG *t); void bn_mul_high(BN_ULONG *r,BN_ULONG *a,BN_ULONG *b,BN_ULONG *l,int n2, BN_ULONG *t); -BN_ULONG bn_add_part_words(BN_ULONG *r, const BN_ULONG *a, const BN_ULONG *b, - int cl, int dl); -BN_ULONG bn_sub_part_words(BN_ULONG *r, const BN_ULONG *a, const BN_ULONG *b, - int cl, int dl); #ifdef __cplusplus } diff --git a/crypto/openssl/crypto/bn/bn_prime.c b/crypto/openssl/crypto/bn/bn_prime.c index 918b923..e072d92 100644 --- a/crypto/openssl/crypto/bn/bn_prime.c +++ b/crypto/openssl/crypto/bn/bn_prime.c @@ -140,6 +140,7 @@ BIGNUM *BN_generate_prime(BIGNUM *ret, int bits, int safe, BN_CTX *ctx; int checks = BN_prime_checks_for_size(bits); + BN_init(&t); ctx=BN_CTX_new(); if (ctx == NULL) goto err; if (ret == NULL) @@ -148,7 +149,6 @@ BIGNUM *BN_generate_prime(BIGNUM *ret, int bits, int safe, } else rnd=ret; - BN_init(&t); loop: /* make a random number and set the top and bottom bits */ if (add == NULL) diff --git a/crypto/openssl/crypto/cast/Makefile.ssl b/crypto/openssl/crypto/cast/Makefile.ssl index c18d868..70c47bf 100644 --- a/crypto/openssl/crypto/cast/Makefile.ssl +++ b/crypto/openssl/crypto/cast/Makefile.ssl @@ -52,14 +52,8 @@ lib: $(LIBOBJ) @touch lib # elf -asm/cx86-elf.o: asm/cx86unix.cpp - $(CPP) -DELF -x c asm/cx86unix.cpp | as -o asm/cx86-elf.o - -# solaris -asm/cx86-sol.o: asm/cx86unix.cpp - $(CC) -E -DSOL asm/cx86unix.cpp | sed 's/^#.*//' > asm/cx86-sol.s - as -o asm/cx86-sol.o asm/cx86-sol.s - rm -f asm/cx86-sol.s +asm/cx86-elf.s: asm/cast-586.pl ../perlasm/x86asm.pl ../perlasm/cbc.pl + (cd asm; $(PERL) cast-586.pl elf $(CLAGS) $(PROCESSOR) > cx86-elf.s) # a.out asm/cx86-out.o: asm/cx86unix.cpp @@ -104,7 +98,7 @@ dclean: mv -f Makefile.new $(MAKEFILE) clean: - rm -f asm/cx86unix.cpp *.o asm/*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff + rm -f asm/cx86unix.cpp asm/*-elf.* *.o asm/*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff # DO NOT DELETE THIS LINE -- make depend depends on it. diff --git a/crypto/openssl/crypto/conf/conf_mall.c b/crypto/openssl/crypto/conf/conf_mall.c index d702af6..4ba40cf 100644 --- a/crypto/openssl/crypto/conf/conf_mall.c +++ b/crypto/openssl/crypto/conf/conf_mall.c @@ -63,7 +63,9 @@ #include <openssl/dso.h> #include <openssl/x509.h> #include <openssl/asn1.h> +#ifndef OPENSSL_NO_ENGINE #include <openssl/engine.h> +#endif /* Load all OpenSSL builtin modules */ @@ -71,6 +73,8 @@ void OPENSSL_load_builtin_modules(void) { /* Add builtin modules here */ ASN1_add_oid_module(); +#ifndef OPENSSL_NO_ENGINE ENGINE_add_conf_module(); +#endif } diff --git a/crypto/openssl/crypto/conf/conf_sap.c b/crypto/openssl/crypto/conf/conf_sap.c index 97fb174..e15c2e5 100644 --- a/crypto/openssl/crypto/conf/conf_sap.c +++ b/crypto/openssl/crypto/conf/conf_sap.c @@ -63,7 +63,9 @@ #include <openssl/dso.h> #include <openssl/x509.h> #include <openssl/asn1.h> +#ifndef OPENSSL_NO_ENGINE #include <openssl/engine.h> +#endif /* This is the automatic configuration loader: it is called automatically by * OpenSSL when any of a number of standard initialisation functions are called, @@ -78,8 +80,10 @@ void OPENSSL_config(const char *config_name) return; OPENSSL_load_builtin_modules(); +#ifndef OPENSSL_NO_ENGINE /* Need to load ENGINEs */ ENGINE_load_builtin_engines(); +#endif /* Add others here? */ diff --git a/crypto/openssl/crypto/des/Makefile.ssl b/crypto/openssl/crypto/des/Makefile.ssl index 2edb542..548573f 100644 --- a/crypto/openssl/crypto/des/Makefile.ssl +++ b/crypto/openssl/crypto/des/Makefile.ssl @@ -66,30 +66,11 @@ des: des.o cbc3_enc.o lib $(CC) $(CFLAGS) -o des des.o cbc3_enc.o $(LIB) # elf -asm/dx86-elf.o: asm/dx86unix.cpp - $(CPP) -DELF \ - `(echo $(CFLAGS) | egrep -ie '-[fK]PIC') > /dev/null 2>&1 && echo -DPIC; exit 0`\ - -x c asm/dx86unix.cpp | as -o asm/dx86-elf.o - -asm/yx86-elf.o: asm/yx86unix.cpp - $(CPP) -DELF \ - `(echo $(CFLAGS) | egrep -ie '-[fK]PIC') > /dev/null 2>&1 && echo -DPIC; exit 0`\ - -x c asm/yx86unix.cpp | as -o asm/yx86-elf.o - -# solaris -asm/dx86-sol.o: asm/dx86unix.cpp - $(CC) -E -DSOL \ - `(echo $(CFLAGS) | egrep -ie '-[fK]PIC') > /dev/null 2>&1 && echo -DPIC; exit 0`\ - asm/dx86unix.cpp | sed 's/^#.*//' > asm/dx86-sol.s - as -o asm/dx86-sol.o asm/dx86-sol.s - rm -f asm/dx86-sol.s - -asm/yx86-sol.o: asm/yx86unix.cpp - $(CC) -E -DSOL \ - `(echo $(CFLAGS) | egrep -ie '-[fK]PIC') > /dev/null 2>&1 && echo -DPIC; exit 0`\ - asm/yx86unix.cpp | sed 's/^#.*//' > asm/yx86-sol.s - as -o asm/yx86-sol.o asm/yx86-sol.s - rm -f asm/yx86-sol.s +asm/dx86-elf.s: asm/des-586.pl ../perlasm/x86asm.pl ../perlasm/cbc.pl + (cd asm; $(PERL) des-586.pl elf $(CFLAGS) > dx86-elf.s) + +asm/yx86-elf.s: asm/crypt586.pl ../perlasm/x86asm.pl ../perlasm/cbc.pl + (cd asm; $(PERL) crypt586.pl elf $(CFLAGS) > yx86-elf.s) # a.out asm/dx86-out.o: asm/dx86unix.cpp @@ -145,7 +126,7 @@ dclean: mv -f Makefile.new $(MAKEFILE) clean: - rm -f asm/dx86unix.cpp asm/yx86unix.cpp *.o asm/*.o *.obj des lib tags core .pure .nfs* *.old *.bak fluff + rm -f asm/dx86unix.cpp asm/yx86unix.cpp asm/*-elf.* *.o asm/*.o *.obj des lib tags core .pure .nfs* *.old *.bak fluff # DO NOT DELETE THIS LINE -- make depend depends on it. diff --git a/crypto/openssl/crypto/des/asm/crypt586.pl b/crypto/openssl/crypto/des/asm/crypt586.pl index 51fb3dd..1d04ed6 100644 --- a/crypto/openssl/crypto/des/asm/crypt586.pl +++ b/crypto/openssl/crypto/des/asm/crypt586.pl @@ -32,8 +32,9 @@ sub fcrypt_body &xor( $R, $R); # PIC-ification:-) - if ($cpp) { &picmeup("edx","DES_SPtrans"); } - else { &lea("edx",&DWP("DES_SPtrans")); } + &picmeup("edx","DES_SPtrans"); + #if ($cpp) { &picmeup("edx","DES_SPtrans"); } + #else { &lea("edx",&DWP("DES_SPtrans")); } &push("edx"); # becomes &swtmp(1) # &mov($trans,&wparam(1)); # reloaded with DES_SPtrans in D_ENCRYPT diff --git a/crypto/openssl/crypto/des/asm/des-586.pl b/crypto/openssl/crypto/des/asm/des-586.pl index 7a58869..b75d3c6 100644 --- a/crypto/openssl/crypto/des/asm/des-586.pl +++ b/crypto/openssl/crypto/des/asm/des-586.pl @@ -73,8 +73,9 @@ sub DES_encrypt } # PIC-ification:-) - if ($cpp) { &picmeup($trans,"DES_SPtrans"); } - else { &lea($trans,&DWP("DES_SPtrans")); } + &picmeup($trans,"DES_SPtrans"); + #if ($cpp) { &picmeup($trans,"DES_SPtrans"); } + #else { &lea($trans,&DWP("DES_SPtrans")); } &mov( "ecx", &wparam(1) ); &cmp("ebx","0"); diff --git a/crypto/openssl/crypto/des/cbc_cksm.c b/crypto/openssl/crypto/des/cbc_cksm.c index 6c5305b..09a7ba5 100644 --- a/crypto/openssl/crypto/des/cbc_cksm.c +++ b/crypto/openssl/crypto/des/cbc_cksm.c @@ -93,5 +93,14 @@ DES_LONG DES_cbc_cksum(const unsigned char *in, DES_cblock *output, l2c(tout1,out); } tout0=tin0=tin1=tin[0]=tin[1]=0; + /* + Transform the data in tout1 so that it will + match the return value that the MIT Kerberos + mit_des_cbc_cksum API returns. + */ + tout1 = ((tout1 >> 24L) & 0x000000FF) + | ((tout1 >> 8L) & 0x0000FF00) + | ((tout1 << 8L) & 0x00FF0000) + | ((tout1 << 24L) & 0xFF000000); return(tout1); } diff --git a/crypto/openssl/crypto/des/des_locl.h b/crypto/openssl/crypto/des/des_locl.h index 6f22247..e44e8e9 100644 --- a/crypto/openssl/crypto/des/des_locl.h +++ b/crypto/openssl/crypto/des/des_locl.h @@ -162,7 +162,7 @@ #if defined(OPENSSL_SYS_WIN32) && defined(_MSC_VER) #define ROTATE(a,n) (_lrotr(a,n)) -#elif defined(__GNUC__) && __GNUC__>=2 && !defined(__STRICT_ANSI__) && !defined(NO_ASM) && !defined(NO_INLINE_ASM) +#elif defined(__GNUC__) && __GNUC__>=2 && !defined(__STRICT_ANSI__) && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM) && !defined(PEDANTIC) # if defined(__i386) || defined(__i386__) || defined(__x86_64) || defined(__x86_64__) # define ROTATE(a,n) ({ register unsigned int ret; \ asm ("rorl %1,%0" \ diff --git a/crypto/openssl/crypto/des/destest.c b/crypto/openssl/crypto/des/destest.c index 7799e6e..687c00c 100644 --- a/crypto/openssl/crypto/des/destest.c +++ b/crypto/openssl/crypto/des/destest.c @@ -320,7 +320,11 @@ static unsigned char ofb_cipher[24]= 0x3d,0x6d,0x5b,0xe3,0x25,0x5a,0xf8,0xc3 }; +#if 0 static DES_LONG cbc_cksum_ret=0xB462FEF7L; +#else +static DES_LONG cbc_cksum_ret=0xF7FE62B4L; +#endif static unsigned char cbc_cksum_data[8]={0x1D,0x26,0x93,0x97,0xf7,0xfe,0x62,0xb4}; static char *pt(unsigned char *p); diff --git a/crypto/openssl/crypto/dh/dh_key.c b/crypto/openssl/crypto/dh/dh_key.c index 1a0efca..6ce65ed 100644 --- a/crypto/openssl/crypto/dh/dh_key.c +++ b/crypto/openssl/crypto/dh/dh_key.c @@ -61,7 +61,9 @@ #include <openssl/bn.h> #include <openssl/rand.h> #include <openssl/dh.h> +#ifndef OPENSSL_NO_ENGINE #include <openssl/engine.h> +#endif static int generate_key(DH *dh); static int compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh); diff --git a/crypto/openssl/crypto/dh/dh_lib.c b/crypto/openssl/crypto/dh/dh_lib.c index ba5fd41..09965ee 100644 --- a/crypto/openssl/crypto/dh/dh_lib.c +++ b/crypto/openssl/crypto/dh/dh_lib.c @@ -60,7 +60,9 @@ #include "cryptlib.h" #include <openssl/bn.h> #include <openssl/dh.h> +#ifndef OPENSSL_NO_ENGINE #include <openssl/engine.h> +#endif const char *DH_version="Diffie-Hellman" OPENSSL_VERSION_PTEXT; @@ -85,11 +87,13 @@ int DH_set_method(DH *dh, const DH_METHOD *meth) const DH_METHOD *mtmp; mtmp = dh->meth; if (mtmp->finish) mtmp->finish(dh); +#ifndef OPENSSL_NO_ENGINE if (dh->engine) { ENGINE_finish(dh->engine); dh->engine = NULL; } +#endif dh->meth = meth; if (meth->init) meth->init(dh); return 1; @@ -112,6 +116,7 @@ DH *DH_new_method(ENGINE *engine) } ret->meth = DH_get_default_method(); +#ifndef OPENSSL_NO_ENGINE if (engine) { if (!ENGINE_init(engine)) @@ -135,6 +140,7 @@ DH *DH_new_method(ENGINE *engine) return NULL; } } +#endif ret->pad=0; ret->version=0; @@ -154,8 +160,10 @@ DH *DH_new_method(ENGINE *engine) CRYPTO_new_ex_data(CRYPTO_EX_INDEX_DH, ret, &ret->ex_data); if ((ret->meth->init != NULL) && !ret->meth->init(ret)) { +#ifndef OPENSSL_NO_ENGINE if (ret->engine) ENGINE_finish(ret->engine); +#endif CRYPTO_free_ex_data(CRYPTO_EX_INDEX_DH, ret, &ret->ex_data); OPENSSL_free(ret); ret=NULL; @@ -182,8 +190,10 @@ void DH_free(DH *r) if (r->meth->finish) r->meth->finish(r); +#ifndef OPENSSL_NO_ENGINE if (r->engine) ENGINE_finish(r->engine); +#endif CRYPTO_free_ex_data(CRYPTO_EX_INDEX_DH, r, &r->ex_data); diff --git a/crypto/openssl/crypto/dsa/dsa_lib.c b/crypto/openssl/crypto/dsa/dsa_lib.c index 579f73f..4171af2 100644 --- a/crypto/openssl/crypto/dsa/dsa_lib.c +++ b/crypto/openssl/crypto/dsa/dsa_lib.c @@ -63,7 +63,9 @@ #include <openssl/bn.h> #include <openssl/dsa.h> #include <openssl/asn1.h> +#ifndef OPENSSL_NO_ENGINE #include <openssl/engine.h> +#endif const char *DSA_version="DSA" OPENSSL_VERSION_PTEXT; @@ -93,11 +95,13 @@ int DSA_set_method(DSA *dsa, const DSA_METHOD *meth) const DSA_METHOD *mtmp; mtmp = dsa->meth; if (mtmp->finish) mtmp->finish(dsa); +#ifndef OPENSSL_NO_ENGINE if (dsa->engine) { ENGINE_finish(dsa->engine); dsa->engine = NULL; } +#endif dsa->meth = meth; if (meth->init) meth->init(dsa); return 1; @@ -114,6 +118,7 @@ DSA *DSA_new_method(ENGINE *engine) return(NULL); } ret->meth = DSA_get_default_method(); +#ifndef OPENSSL_NO_ENGINE if (engine) { if (!ENGINE_init(engine)) @@ -138,6 +143,7 @@ DSA *DSA_new_method(ENGINE *engine) return NULL; } } +#endif ret->pad=0; ret->version=0; @@ -158,8 +164,10 @@ DSA *DSA_new_method(ENGINE *engine) CRYPTO_new_ex_data(CRYPTO_EX_INDEX_DSA, ret, &ret->ex_data); if ((ret->meth->init != NULL) && !ret->meth->init(ret)) { +#ifndef OPENSSL_NO_ENGINE if (ret->engine) ENGINE_finish(ret->engine); +#endif CRYPTO_free_ex_data(CRYPTO_EX_INDEX_DSA, ret, &ret->ex_data); OPENSSL_free(ret); ret=NULL; @@ -189,8 +197,10 @@ void DSA_free(DSA *r) if(r->meth->finish) r->meth->finish(r); +#ifndef OPENSSL_NO_ENGINE if(r->engine) ENGINE_finish(r->engine); +#endif CRYPTO_free_ex_data(CRYPTO_EX_INDEX_DSA, r, &r->ex_data); diff --git a/crypto/openssl/crypto/dsa/dsa_ossl.c b/crypto/openssl/crypto/dsa/dsa_ossl.c index 37dd5fc..68d91db 100644 --- a/crypto/openssl/crypto/dsa/dsa_ossl.c +++ b/crypto/openssl/crypto/dsa/dsa_ossl.c @@ -64,7 +64,9 @@ #include <openssl/dsa.h> #include <openssl/rand.h> #include <openssl/asn1.h> +#ifndef OPENSSL_NO_ENGINE #include <openssl/engine.h> +#endif static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa); static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp); @@ -106,13 +108,15 @@ static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa) int i,reason=ERR_R_BN_LIB; DSA_SIG *ret=NULL; + BN_init(&m); + BN_init(&xr); + if (!dsa->p || !dsa->q || !dsa->g) { reason=DSA_R_MISSING_PARAMETERS; goto err; } - BN_init(&m); - BN_init(&xr); + s=BN_new(); if (s == NULL) goto err; @@ -178,6 +182,9 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp) DSAerr(DSA_F_DSA_SIGN_SETUP,DSA_R_MISSING_PARAMETERS); return 0; } + + BN_init(&k); + if (ctx_in == NULL) { if ((ctx=BN_CTX_new()) == NULL) goto err; @@ -185,7 +192,6 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp) else ctx=ctx_in; - BN_init(&k); if ((r=BN_new()) == NULL) goto err; kinv=NULL; @@ -241,11 +247,12 @@ static int dsa_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig, return -1; } - if ((ctx=BN_CTX_new()) == NULL) goto err; BN_init(&u1); BN_init(&u2); BN_init(&t1); + if ((ctx=BN_CTX_new()) == NULL) goto err; + if (BN_is_zero(sig->r) || sig->r->neg || BN_ucmp(sig->r, dsa->q) >= 0) { ret = 0; diff --git a/crypto/openssl/crypto/dsa/dsa_sign.c b/crypto/openssl/crypto/dsa/dsa_sign.c index e9469ca..5cdc8ed 100644 --- a/crypto/openssl/crypto/dsa/dsa_sign.c +++ b/crypto/openssl/crypto/dsa/dsa_sign.c @@ -64,7 +64,9 @@ #include <openssl/dsa.h> #include <openssl/rand.h> #include <openssl/asn1.h> +#ifndef OPENSSL_NO_ENGINE #include <openssl/engine.h> +#endif DSA_SIG * DSA_do_sign(const unsigned char *dgst, int dlen, DSA *dsa) { diff --git a/crypto/openssl/crypto/dsa/dsa_vrf.c b/crypto/openssl/crypto/dsa/dsa_vrf.c index 066c6b5..fffb129 100644 --- a/crypto/openssl/crypto/dsa/dsa_vrf.c +++ b/crypto/openssl/crypto/dsa/dsa_vrf.c @@ -65,7 +65,9 @@ #include <openssl/rand.h> #include <openssl/asn1.h> #include <openssl/asn1_mac.h> +#ifndef OPENSSL_NO_ENGINE #include <openssl/engine.h> +#endif int DSA_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig, DSA *dsa) diff --git a/crypto/openssl/crypto/dsa/dsagen.c b/crypto/openssl/crypto/dsa/dsagen.c index a0b0976..1b6a1cc 100644 --- a/crypto/openssl/crypto/dsa/dsagen.c +++ b/crypto/openssl/crypto/dsa/dsagen.c @@ -103,7 +103,7 @@ main() bio_err=BIO_new_fp(stderr,BIO_NOCLOSE); memcpy(seed_buf,seed,20); - dsa=DSA_generate_parameters(1024,seed,20,&counter,&h,cb); + dsa=DSA_generate_parameters(1024,seed,20,&counter,&h,cb,bio_err); if (dsa == NULL) DSA_print(bio_err,dsa,0); diff --git a/crypto/openssl/crypto/dsa/dsatest.c b/crypto/openssl/crypto/dsa/dsatest.c index 1ab90cf..d4d038a 100644 --- a/crypto/openssl/crypto/dsa/dsatest.c +++ b/crypto/openssl/crypto/dsa/dsatest.c @@ -68,7 +68,9 @@ #include <openssl/rand.h> #include <openssl/bio.h> #include <openssl/err.h> +#ifndef OPENSSL_NO_ENGINE #include <openssl/engine.h> +#endif #ifdef OPENSSL_SYS_WINDOWS #include "../bio/bss_file.c" #endif diff --git a/crypto/openssl/crypto/dso/dso_dl.c b/crypto/openssl/crypto/dso/dso_dl.c index 195717e..79d2cb4 100644 --- a/crypto/openssl/crypto/dso/dso_dl.c +++ b/crypto/openssl/crypto/dso/dso_dl.c @@ -126,7 +126,7 @@ static int dl_load(DSO *dso) DSOerr(DSO_F_DL_LOAD,DSO_R_NO_FILENAME); goto err; } - ptr = shl_load(filename, BIND_IMMEDIATE|DYNAMIC_PATH, NULL); + ptr = shl_load(filename, BIND_IMMEDIATE|DYNAMIC_PATH, 0L); if(ptr == NULL) { DSOerr(DSO_F_DL_LOAD,DSO_R_LOAD_FAILED); diff --git a/crypto/openssl/crypto/ec/ec.h b/crypto/openssl/crypto/ec/ec.h index a52d4ed..6d6a9b7 100644 --- a/crypto/openssl/crypto/ec/ec.h +++ b/crypto/openssl/crypto/ec/ec.h @@ -195,7 +195,6 @@ void ERR_load_EC_strings(void); #define EC_F_EC_GROUP_GET0_GENERATOR 139 #define EC_F_EC_GROUP_GET_COFACTOR 140 #define EC_F_EC_GROUP_GET_CURVE_GFP 130 -#define EC_F_EC_GROUP_GET_EXTRA_DATA 107 #define EC_F_EC_GROUP_GET_ORDER 141 #define EC_F_EC_GROUP_NEW 108 #define EC_F_EC_GROUP_PRECOMPUTE_MULT 142 @@ -232,7 +231,6 @@ void ERR_load_EC_strings(void); #define EC_R_INVALID_FIELD 103 #define EC_R_INVALID_FORM 104 #define EC_R_NOT_INITIALIZED 111 -#define EC_R_NO_SUCH_EXTRA_DATA 105 #define EC_R_POINT_AT_INFINITY 106 #define EC_R_POINT_IS_NOT_ON_CURVE 107 #define EC_R_SLOT_FULL 108 diff --git a/crypto/openssl/crypto/ec/ec_err.c b/crypto/openssl/crypto/ec/ec_err.c index 394cdc0..d37b6ab 100644 --- a/crypto/openssl/crypto/ec/ec_err.c +++ b/crypto/openssl/crypto/ec/ec_err.c @@ -84,7 +84,6 @@ static ERR_STRING_DATA EC_str_functs[]= {ERR_PACK(0,EC_F_EC_GROUP_GET0_GENERATOR,0), "EC_GROUP_get0_generator"}, {ERR_PACK(0,EC_F_EC_GROUP_GET_COFACTOR,0), "EC_GROUP_get_cofactor"}, {ERR_PACK(0,EC_F_EC_GROUP_GET_CURVE_GFP,0), "EC_GROUP_get_curve_GFp"}, -{ERR_PACK(0,EC_F_EC_GROUP_GET_EXTRA_DATA,0), "EC_GROUP_get_extra_data"}, {ERR_PACK(0,EC_F_EC_GROUP_GET_ORDER,0), "EC_GROUP_get_order"}, {ERR_PACK(0,EC_F_EC_GROUP_NEW,0), "EC_GROUP_new"}, {ERR_PACK(0,EC_F_EC_GROUP_PRECOMPUTE_MULT,0), "EC_GROUP_precompute_mult"}, @@ -124,7 +123,6 @@ static ERR_STRING_DATA EC_str_reasons[]= {EC_R_INVALID_FIELD ,"invalid field"}, {EC_R_INVALID_FORM ,"invalid form"}, {EC_R_NOT_INITIALIZED ,"not initialized"}, -{EC_R_NO_SUCH_EXTRA_DATA ,"no such extra data"}, {EC_R_POINT_AT_INFINITY ,"point at infinity"}, {EC_R_POINT_IS_NOT_ON_CURVE ,"point is not on curve"}, {EC_R_SLOT_FULL ,"slot full"}, diff --git a/crypto/openssl/crypto/ec/ec_lib.c b/crypto/openssl/crypto/ec/ec_lib.c index 1d2cc71..deb5220 100644 --- a/crypto/openssl/crypto/ec/ec_lib.c +++ b/crypto/openssl/crypto/ec/ec_lib.c @@ -268,7 +268,9 @@ void *EC_GROUP_get_extra_data(const EC_GROUP *group, void *(*extra_data_dup_func || (group->extra_data_free_func != extra_data_free_func) || (group->extra_data_clear_free_func != extra_data_clear_free_func)) { - ECerr(EC_F_EC_GROUP_GET_EXTRA_DATA, EC_R_NO_SUCH_EXTRA_DATA); +#if 0 /* this was an error in 0.9.7, but that does not make a lot of sense */ + ECerr(..._F_EC_GROUP_GET_EXTRA_DATA, ..._R_NO_SUCH_EXTRA_DATA); +#endif return NULL; } diff --git a/crypto/openssl/crypto/ec/ec_mult.c b/crypto/openssl/crypto/ec/ec_mult.c index 603ba31..4dbc931 100644 --- a/crypto/openssl/crypto/ec/ec_mult.c +++ b/crypto/openssl/crypto/ec/ec_mult.c @@ -209,6 +209,17 @@ int EC_POINTs_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, EC_POINT ***val_sub = NULL; /* pointers to sub-arrays of 'val' */ int ret = 0; + if (group->meth != r->meth) + { + ECerr(EC_F_EC_POINTS_MUL, EC_R_INCOMPATIBLE_OBJECTS); + return 0; + } + + if ((scalar == NULL) && (num == 0)) + { + return EC_POINT_set_to_infinity(group, r); + } + if (scalar != NULL) { generator = EC_GROUP_get0_generator(group); diff --git a/crypto/openssl/crypto/ec/ectest.c b/crypto/openssl/crypto/ec/ectest.c index 5d7b6b2..345d3e4 100644 --- a/crypto/openssl/crypto/ec/ectest.c +++ b/crypto/openssl/crypto/ec/ectest.c @@ -70,7 +70,9 @@ int main(int argc, char * argv[]) { puts("Elliptic curves are disabled."); retur #include <openssl/ec.h> +#ifndef OPENSSL_NO_ENGINE #include <openssl/engine.h> +#endif #include <openssl/err.h> #define ABORT do { \ @@ -628,7 +630,9 @@ int main(int argc, char *argv[]) if (P_384) EC_GROUP_free(P_384); if (P_521) EC_GROUP_free(P_521); +#ifndef OPENSSL_NO_ENGINE ENGINE_cleanup(); +#endif CRYPTO_cleanup_all_ex_data(); ERR_free_strings(); ERR_remove_state(0); diff --git a/crypto/openssl/crypto/engine/Makefile.ssl b/crypto/openssl/crypto/engine/Makefile.ssl index cecc06f..847d672 100644 --- a/crypto/openssl/crypto/engine/Makefile.ssl +++ b/crypto/openssl/crypto/engine/Makefile.ssl @@ -50,7 +50,7 @@ all: lib lib: $(LIBOBJ) $(AR) $(LIB) $(LIBOBJ) - $(RANLIB) $(LIB) + $(RANLIB) $(LIB) || echo Never mind. @touch lib files: diff --git a/crypto/openssl/crypto/engine/engine.h b/crypto/openssl/crypto/engine/engine.h index 10e7444..8686879 100644 --- a/crypto/openssl/crypto/engine/engine.h +++ b/crypto/openssl/crypto/engine/engine.h @@ -59,6 +59,12 @@ #ifndef HEADER_ENGINE_H #define HEADER_ENGINE_H +#include <openssl/opensslconf.h> + +#ifdef OPENSSL_NO_ENGINE +#error ENGINE is disabled. +#endif + #include <openssl/ossl_typ.h> #include <openssl/bn.h> #ifndef OPENSSL_NO_RSA diff --git a/crypto/openssl/crypto/engine/enginetest.c b/crypto/openssl/crypto/engine/enginetest.c index 87fa8c5..c2d0297 100644 --- a/crypto/openssl/crypto/engine/enginetest.c +++ b/crypto/openssl/crypto/engine/enginetest.c @@ -56,9 +56,17 @@ * */ -#include <openssl/e_os2.h> #include <stdio.h> #include <string.h> + +#ifdef OPENSSL_NO_ENGINE +int main(int argc, char *argv[]) +{ + printf("No ENGINE support\n"); + return(0); +} +#else +#include <openssl/e_os2.h> #include <openssl/buffer.h> #include <openssl/crypto.h> #include <openssl/engine.h> @@ -272,3 +280,4 @@ end: CRYPTO_mem_leaks_fp(stderr); return to_return; } +#endif diff --git a/crypto/openssl/crypto/err/err.c b/crypto/openssl/crypto/err/err.c index 5abe44e..b873270 100644 --- a/crypto/openssl/crypto/err/err.c +++ b/crypto/openssl/crypto/err/err.c @@ -211,6 +211,7 @@ static ERR_STRING_DATA ERR_str_reasons[]= {0,NULL}, }; +#endif /* Define the predeclared (but externally opaque) "ERR_FNS" type */ @@ -491,6 +492,7 @@ static int int_err_get_next_lib(void) } +#ifndef OPENSSL_NO_ERR #define NUM_SYS_STR_REASONS 127 #define LEN_SYS_STR_REASON 32 diff --git a/crypto/openssl/crypto/evp/digest.c b/crypto/openssl/crypto/evp/digest.c index 33013c4..5b2104ac 100644 --- a/crypto/openssl/crypto/evp/digest.c +++ b/crypto/openssl/crypto/evp/digest.c @@ -113,7 +113,9 @@ #include "cryptlib.h" #include <openssl/objects.h> #include <openssl/evp.h> +#ifndef OPENSSL_NO_ENGINE #include <openssl/engine.h> +#endif void EVP_MD_CTX_init(EVP_MD_CTX *ctx) { @@ -138,6 +140,7 @@ int EVP_DigestInit(EVP_MD_CTX *ctx, const EVP_MD *type) int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl) { EVP_MD_CTX_clear_flags(ctx,EVP_MD_CTX_FLAG_CLEANED); +#ifndef OPENSSL_NO_ENGINE /* Whether it's nice or not, "Inits" can be used on "Final"'d contexts * so this context may already have an ENGINE! Try to avoid releasing * the previous handle, re-querying for an ENGINE, and having a @@ -183,7 +186,9 @@ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl) else ctx->engine = NULL; } - else if(!ctx->digest) + else +#endif + if(!ctx->digest) { EVPerr(EVP_F_EVP_DIGESTINIT, EVP_R_NO_DIGEST_SET); return 0; @@ -196,7 +201,9 @@ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl) if (type->ctx_size) ctx->md_data=OPENSSL_malloc(type->ctx_size); } +#ifndef OPENSSL_NO_ENGINE skip_to_init: +#endif return ctx->digest->init(ctx); } @@ -246,12 +253,14 @@ int EVP_MD_CTX_copy_ex(EVP_MD_CTX *out, const EVP_MD_CTX *in) EVPerr(EVP_F_EVP_MD_CTX_COPY,EVP_R_INPUT_NOT_INITIALIZED); return 0; } +#ifndef OPENSSL_NO_ENGINE /* Make sure it's safe to copy a digest context using an ENGINE */ if (in->engine && !ENGINE_init(in->engine)) { EVPerr(EVP_F_EVP_MD_CTX_COPY,ERR_R_ENGINE_LIB); return 0; } +#endif EVP_MD_CTX_cleanup(out); memcpy(out,in,sizeof *out); @@ -304,10 +313,12 @@ int EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx) OPENSSL_cleanse(ctx->md_data,ctx->digest->ctx_size); OPENSSL_free(ctx->md_data); } +#ifndef OPENSSL_NO_ENGINE if(ctx->engine) /* The EVP_MD we used belongs to an ENGINE, release the * functional reference we held for this reason. */ ENGINE_finish(ctx->engine); +#endif memset(ctx,'\0',sizeof *ctx); return 1; diff --git a/crypto/openssl/crypto/evp/evp_acnf.c b/crypto/openssl/crypto/evp/evp_acnf.c index a68b979..54c073c 100644 --- a/crypto/openssl/crypto/evp/evp_acnf.c +++ b/crypto/openssl/crypto/evp/evp_acnf.c @@ -59,7 +59,9 @@ #include "cryptlib.h" #include <openssl/evp.h> #include <openssl/conf.h> +#ifndef OPENSSL_NO_ENGINE #include <openssl/engine.h> +#endif /* Load all algorithms and configure OpenSSL. diff --git a/crypto/openssl/crypto/evp/evp_enc.c b/crypto/openssl/crypto/evp/evp_enc.c index 66c48d1..be0758a 100644 --- a/crypto/openssl/crypto/evp/evp_enc.c +++ b/crypto/openssl/crypto/evp/evp_enc.c @@ -60,7 +60,9 @@ #include "cryptlib.h" #include <openssl/evp.h> #include <openssl/err.h> +#ifndef OPENSSL_NO_ENGINE #include <openssl/engine.h> +#endif #include "evp_locl.h" const char *EVP_version="EVP" OPENSSL_VERSION_PTEXT; @@ -91,6 +93,7 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *imp enc = 1; ctx->encrypt = enc; } +#ifndef OPENSSL_NO_ENGINE /* Whether it's nice or not, "Inits" can be used on "Final"'d contexts * so this context may already have an ENGINE! Try to avoid releasing * the previous handle, re-querying for an ENGINE, and having a @@ -98,6 +101,7 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *imp if (ctx->engine && ctx->cipher && (!cipher || (cipher && (cipher->nid == ctx->cipher->nid)))) goto skip_to_init; +#endif if (cipher) { /* Ensure a context left lying around from last time is cleared @@ -107,6 +111,7 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *imp /* Restore encrypt field: it is zeroed by cleanup */ ctx->encrypt = enc; +#ifndef OPENSSL_NO_ENGINE if(impl) { if (!ENGINE_init(impl)) @@ -140,6 +145,7 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *imp } else ctx->engine = NULL; +#endif ctx->cipher=cipher; ctx->cipher_data=OPENSSL_malloc(ctx->cipher->ctx_size); @@ -159,7 +165,9 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *imp EVPerr(EVP_F_EVP_CIPHERINIT, EVP_R_NO_CIPHER_SET); return 0; } +#ifndef OPENSSL_NO_ENGINE skip_to_init: +#endif /* we assume block size is a power of 2 in *cryptUpdate */ OPENSSL_assert(ctx->cipher->block_size == 1 || ctx->cipher->block_size == 8 @@ -236,7 +244,7 @@ int EVP_EncryptInit_ex(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *cipher, ENGINE *imp int EVP_DecryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, const unsigned char *key, const unsigned char *iv) { - return EVP_CipherInit_ex(ctx, cipher, NULL, key, iv, 0); + return EVP_CipherInit(ctx, cipher, key, iv, 0); } int EVP_DecryptInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *impl, @@ -460,10 +468,12 @@ int EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *c) } if (c->cipher_data) OPENSSL_free(c->cipher_data); +#ifndef OPENSSL_NO_ENGINE if (c->engine) /* The EVP_CIPHER we used belongs to an ENGINE, release the * functional reference we held for this reason. */ ENGINE_finish(c->engine); +#endif memset(c,0,sizeof(EVP_CIPHER_CTX)); return 1; } diff --git a/crypto/openssl/crypto/evp/evp_test.c b/crypto/openssl/crypto/evp/evp_test.c index 698aff2..2846017 100644 --- a/crypto/openssl/crypto/evp/evp_test.c +++ b/crypto/openssl/crypto/evp/evp_test.c @@ -53,7 +53,10 @@ #include "../e_os.h" #include <openssl/evp.h> +#ifndef OPENSSL_NO_ENGINE #include <openssl/engine.h> +#endif +#include <openssl/err.h> #include <openssl/conf.h> static void hexdump(FILE *f,const char *title,const unsigned char *s,int l) @@ -330,11 +333,14 @@ int main(int argc,char **argv) /* Load up the software EVP_CIPHER and EVP_MD definitions */ OpenSSL_add_all_ciphers(); OpenSSL_add_all_digests(); +#ifndef OPENSSL_NO_ENGINE /* Load all compiled-in ENGINEs */ ENGINE_load_builtin_engines(); +#endif #if 0 OPENSSL_config(); #endif +#ifndef OPENSSL_NO_ENGINE /* Register all available ENGINE implementations of ciphers and digests. * This could perhaps be changed to "ENGINE_register_all_complete()"? */ ENGINE_register_all_ciphers(); @@ -343,6 +349,7 @@ int main(int argc,char **argv) * It'll prevent ENGINEs being ENGINE_init()ialised for cipher/digest use if * they weren't already initialised. */ /* ENGINE_set_cipher_flags(ENGINE_CIPHER_FLAG_NOINIT); */ +#endif for( ; ; ) { @@ -384,7 +391,9 @@ int main(int argc,char **argv) } } +#ifndef OPENSSL_NO_ENGINE ENGINE_cleanup(); +#endif EVP_cleanup(); CRYPTO_cleanup_all_ex_data(); ERR_remove_state(0); diff --git a/crypto/openssl/crypto/krb5/Makefile.ssl b/crypto/openssl/crypto/krb5/Makefile.ssl index cc47c05..7136d7a 100644 --- a/crypto/openssl/crypto/krb5/Makefile.ssl +++ b/crypto/openssl/crypto/krb5/Makefile.ssl @@ -41,7 +41,7 @@ all: lib lib: $(LIBOBJ) $(AR) $(LIB) $(LIBOBJ) - $(RANLIB) $(LIB) + $(RANLIB) $(LIB) || echo Never mind. @touch lib files: diff --git a/crypto/openssl/crypto/md2/md2test.c b/crypto/openssl/crypto/md2/md2test.c index d2f6dce..901d0a7 100644 --- a/crypto/openssl/crypto/md2/md2test.c +++ b/crypto/openssl/crypto/md2/md2test.c @@ -125,7 +125,6 @@ int main(int argc, char *argv[]) P++; } EXIT(err); - return(0); } static char *pt(unsigned char *md) diff --git a/crypto/openssl/crypto/md4/md4.c b/crypto/openssl/crypto/md4/md4.c index 2ac2d91..141415a 100644 --- a/crypto/openssl/crypto/md4/md4.c +++ b/crypto/openssl/crypto/md4/md4.c @@ -64,7 +64,7 @@ void do_fp(FILE *f); void pt(unsigned char *md); -#ifndef _OSD_POSIX +#if !defined(_OSD_POSIX) && !defined(__DJGPP__) int read(int, void *, unsigned int); #endif diff --git a/crypto/openssl/crypto/md5/Makefile.ssl b/crypto/openssl/crypto/md5/Makefile.ssl index e28bb92..56cab5d 100644 --- a/crypto/openssl/crypto/md5/Makefile.ssl +++ b/crypto/openssl/crypto/md5/Makefile.ssl @@ -21,14 +21,6 @@ MD5_ASM_OBJ= CFLAGS= $(INCLUDES) $(CFLAG) -# We let the C compiler driver to take care of .s files. This is done in -# order to be excused from maintaining a separate set of architecture -# dependent assembler flags. E.g. if you throw -mcpu=ultrasparc at SPARC -# gcc, then the driver will automatically translate it to -xarch=v8plus -# and pass it down to assembler. -AS=$(CC) -c -ASFLAGS=$(CFLAGS) - GENERAL=Makefile TEST=md5test.c APPS= @@ -55,14 +47,8 @@ lib: $(LIBOBJ) @touch lib # elf -asm/mx86-elf.o: asm/mx86unix.cpp - $(CPP) -DELF -x c asm/mx86unix.cpp | as -o asm/mx86-elf.o - -# solaris -asm/mx86-sol.o: asm/mx86unix.cpp - $(CC) -E -DSOL asm/mx86unix.cpp | sed 's/^#.*//' > asm/mx86-sol.s - as -o asm/mx86-sol.o asm/mx86-sol.s - rm -f asm/mx86-sol.s +asm/mx86-elf.s: asm/md5-586.pl ../perlasm/x86asm.pl + (cd asm; $(PERL) md5-586.pl elf $(CFLAGS) > mx86-elf.s) # a.out asm/mx86-out.o: asm/mx86unix.cpp @@ -125,7 +111,7 @@ dclean: mv -f Makefile.new $(MAKEFILE) clean: - rm -f asm/mx86unix.cpp *.o asm/*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff + rm -f asm/mx86unix.cpp asm/*-elf.* *.o asm/*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff # DO NOT DELETE THIS LINE -- make depend depends on it. diff --git a/crypto/openssl/crypto/md5/md5.c b/crypto/openssl/crypto/md5/md5.c index 7ed0024..563733a 100644 --- a/crypto/openssl/crypto/md5/md5.c +++ b/crypto/openssl/crypto/md5/md5.c @@ -64,7 +64,7 @@ void do_fp(FILE *f); void pt(unsigned char *md); -#ifndef _OSD_POSIX +#if !defined(_OSD_POSIX) && !defined(__DJGPP__) int read(int, void *, unsigned int); #endif diff --git a/crypto/openssl/crypto/md5/md5.h b/crypto/openssl/crypto/md5/md5.h index cfdbf03..a252e02 100644 --- a/crypto/openssl/crypto/md5/md5.h +++ b/crypto/openssl/crypto/md5/md5.h @@ -78,7 +78,7 @@ extern "C" { #if defined(OPENSSL_SYS_WIN16) || defined(__LP32__) #define MD5_LONG unsigned long -#elif defined(OENSSL_SYS_CRAY) || defined(__ILP64__) +#elif defined(OPENSSL_SYS_CRAY) || defined(__ILP64__) #define MD5_LONG unsigned long #define MD5_LONG_LOG2 3 /* diff --git a/crypto/openssl/crypto/mem.c b/crypto/openssl/crypto/mem.c index d7d3cda..29df7d3 100644 --- a/crypto/openssl/crypto/mem.c +++ b/crypto/openssl/crypto/mem.c @@ -252,6 +252,8 @@ void *CRYPTO_malloc_locked(int num, const char *file, int line) void *ret = NULL; extern unsigned char cleanse_ctr; + if (num < 0) return NULL; + allow_customize = 0; if (malloc_debug_func != NULL) { @@ -291,6 +293,8 @@ void *CRYPTO_malloc(int num, const char *file, int line) void *ret = NULL; extern unsigned char cleanse_ctr; + if (num < 0) return NULL; + allow_customize = 0; if (malloc_debug_func != NULL) { @@ -319,6 +323,9 @@ void *CRYPTO_realloc(void *str, int num, const char *file, int line) if (str == NULL) return CRYPTO_malloc(num, file, line); + + if (num < 0) return NULL; + if (realloc_debug_func != NULL) realloc_debug_func(str, NULL, num, file, line, 0); ret = realloc_ex_func(str,num,file,line); @@ -338,6 +345,9 @@ void *CRYPTO_realloc_clean(void *str, int old_len, int num, const char *file, if (str == NULL) return CRYPTO_malloc(num, file, line); + + if (num < 0) return NULL; + if (realloc_debug_func != NULL) realloc_debug_func(str, NULL, num, file, line, 0); ret=malloc_ex_func(num,file,line); diff --git a/crypto/openssl/crypto/o_time.c b/crypto/openssl/crypto/o_time.c index 1bc0297..ca5f3ea 100644 --- a/crypto/openssl/crypto/o_time.c +++ b/crypto/openssl/crypto/o_time.c @@ -80,7 +80,8 @@ struct tm *OPENSSL_gmtime(const time_t *timer, struct tm *result) ts = result; #elif !defined(OPENSSL_SYS_VMS) ts = gmtime(timer); - memcpy(result, ts, sizeof(struct tm)); + if (ts != NULL) + memcpy(result, ts, sizeof(struct tm)); ts = result; #endif #ifdef OPENSSL_SYS_VMS diff --git a/crypto/openssl/crypto/objects/obj_dat.h b/crypto/openssl/crypto/objects/obj_dat.h index 511c7b4..969b18a 100644 --- a/crypto/openssl/crypto/objects/obj_dat.h +++ b/crypto/openssl/crypto/objects/obj_dat.h @@ -827,7 +827,7 @@ static ASN1_OBJECT nid_objs[NUM_NID]={ {"RC4-40","rc4-40",NID_rc4_40,0,NULL}, {"RC2-40-CBC","rc2-40-cbc",NID_rc2_40_cbc,0,NULL}, {"GN","givenName",NID_givenName,3,&(lvalues[535]),0}, -{"SN","surName",NID_surname,3,&(lvalues[538]),0}, +{"SN","surname",NID_surname,3,&(lvalues[538]),0}, {"initials","initials",NID_initials,3,&(lvalues[541]),0}, {NULL,NULL,NID_undef,0,NULL}, {"crlDistributionPoints","X509v3 CRL Distribution Points", @@ -3005,7 +3005,7 @@ static ASN1_OBJECT *ln_objs[NUM_LN]={ &(nid_objs[16]),/* "stateOrProvinceName" */ &(nid_objs[498]),/* "subtreeMaximumQuality" */ &(nid_objs[497]),/* "subtreeMinimumQuality" */ -&(nid_objs[100]),/* "surName" */ +&(nid_objs[100]),/* "surname" */ &(nid_objs[459]),/* "textEncodedORAddress" */ &(nid_objs[293]),/* "textNotice" */ &(nid_objs[106]),/* "title" */ diff --git a/crypto/openssl/crypto/objects/obj_mac.h b/crypto/openssl/crypto/objects/obj_mac.h index a66b5b9..7645012 100644 --- a/crypto/openssl/crypto/objects/obj_mac.h +++ b/crypto/openssl/crypto/objects/obj_mac.h @@ -1596,7 +1596,7 @@ #define OBJ_commonName OBJ_X509,3L #define SN_surname "SN" -#define LN_surname "surName" +#define LN_surname "surname" #define NID_surname 100 #define OBJ_surname OBJ_X509,4L diff --git a/crypto/openssl/crypto/objects/objects.txt b/crypto/openssl/crypto/objects/objects.txt index f1c206f..3ba11f6 100644 --- a/crypto/openssl/crypto/objects/objects.txt +++ b/crypto/openssl/crypto/objects/objects.txt @@ -531,8 +531,7 @@ algorithm 29 : RSA-SHA1-2 : sha1WithRSA X500 4 : X509 X509 3 : CN : commonName -!Cname surname -X509 4 : SN : surName +X509 4 : SN : surname X509 5 : : serialNumber X509 6 : C : countryName X509 7 : L : localityName diff --git a/crypto/openssl/crypto/ocsp/Makefile.ssl b/crypto/openssl/crypto/ocsp/Makefile.ssl index 4b2d8ec8..8d5a85a 100644 --- a/crypto/openssl/crypto/ocsp/Makefile.ssl +++ b/crypto/openssl/crypto/ocsp/Makefile.ssl @@ -43,7 +43,7 @@ all: lib lib: $(LIBOBJ) $(AR) $(LIB) $(LIBOBJ) - $(RANLIB) $(LIB) + $(RANLIB) $(LIB) || echo Never mind. @touch lib files: diff --git a/crypto/openssl/crypto/opensslv.h b/crypto/openssl/crypto/opensslv.h index 516012f..396ae7b 100644 --- a/crypto/openssl/crypto/opensslv.h +++ b/crypto/openssl/crypto/opensslv.h @@ -25,8 +25,8 @@ * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for * major minor fix final patch/beta) */ -#define OPENSSL_VERSION_NUMBER 0x0090700fL -#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.7 31 Dec 2002" +#define OPENSSL_VERSION_NUMBER 0x0090701fL +#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.7a Feb 19 2003" #define OPENSSL_VERSION_PTEXT " part of " OPENSSL_VERSION_TEXT diff --git a/crypto/openssl/crypto/perlasm/x86asm.pl b/crypto/openssl/crypto/perlasm/x86asm.pl index 9a3d85b..1cb96e9 100644 --- a/crypto/openssl/crypto/perlasm/x86asm.pl +++ b/crypto/openssl/crypto/perlasm/x86asm.pl @@ -18,9 +18,9 @@ sub main'asm_init ($type,$fn,$i386)=@_; $filename=$fn; - $cpp=$sol=$aout=$win32=$gaswin=0; + $elf=$cpp=$sol=$aout=$win32=$gaswin=0; if ( ($type eq "elf")) - { require "x86unix.pl"; } + { $elf=1; require "x86unix.pl"; } elsif ( ($type eq "a.out")) { $aout=1; require "x86unix.pl"; } elsif ( ($type eq "gaswin")) @@ -47,6 +47,9 @@ EOF exit(1); } + $pic=0; + for (@ARGV) { $pic=1 if (/\-[fK]PIC/i); } + &asm_init_output(); &comment("Don't even think of reading this code"); @@ -91,7 +94,7 @@ $tmp #undef SIZE #undef TYPE #define SIZE(a,b) -#define TYPE(a,b) +#define TYPE(a,b) .def a; .scl 2; .type 32; .endef #endif /* __CYGWIN || __DJGPP */ #endif diff --git a/crypto/openssl/crypto/perlasm/x86ms.pl b/crypto/openssl/crypto/perlasm/x86ms.pl index abcb7c1..35f1a4d 100644 --- a/crypto/openssl/crypto/perlasm/x86ms.pl +++ b/crypto/openssl/crypto/perlasm/x86ms.pl @@ -367,4 +367,10 @@ sub out1p push(@out,"\t$name\t ".&conv($p1)."\n"); } +sub main'picmeup + { + local($dst,$sym)=@_; + &main'lea($dst,&main'DWP($sym)); + } + sub main'blindpop { &out1("pop",@_); } diff --git a/crypto/openssl/crypto/perlasm/x86nasm.pl b/crypto/openssl/crypto/perlasm/x86nasm.pl index 7965561..f30b746 100644 --- a/crypto/openssl/crypto/perlasm/x86nasm.pl +++ b/crypto/openssl/crypto/perlasm/x86nasm.pl @@ -344,4 +344,10 @@ sub out1p push(@out,"\t$name\t ".&conv($p1)."\n"); } +sub main'picmeup + { + local($dst,$sym)=@_; + &main'lea($dst,&main'DWP($sym)); + } + sub main'blindpop { &out1("pop",@_); } diff --git a/crypto/openssl/crypto/perlasm/x86unix.pl b/crypto/openssl/crypto/perlasm/x86unix.pl index 3ad889f..72bde06 100644 --- a/crypto/openssl/crypto/perlasm/x86unix.pl +++ b/crypto/openssl/crypto/perlasm/x86unix.pl @@ -345,15 +345,15 @@ sub main'function_end popl %ebx popl %ebp ret -.${func}_end: +.L_${func}_end: EOF push(@out,$tmp); if ($main'cpp) - { push(@out,"\tSIZE($func,.${func}_end-$func)\n"); } + { push(@out,"\tSIZE($func,.L_${func}_end-$func)\n"); } elsif ($main'gaswin) { $tmp=push(@out,"\t.align 4\n"); } - else { push(@out,"\t.size\t$func,.${func}_end-$func\n"); } + else { push(@out,"\t.size\t$func,.L_${func}_end-$func\n"); } push(@out,".ident \"$func\"\n"); $stack=0; %label=(); @@ -426,6 +426,11 @@ sub main'swtmp sub main'comment { + if ($main'elf) # GNU and SVR4 as'es use different comment delimiters, + { # so we just skip comments... + push(@out,"\n"); + return; + } foreach (@_) { if (/^\s*$/) @@ -546,7 +551,9 @@ sub popvars sub main'picmeup { local($dst,$sym)=@_; - local($tmp)=<<___; + if ($main'cpp) + { + local($tmp)=<<___; #if (defined(ELF) || defined(SOL)) && defined(PIC) .align 8 call 1f @@ -557,7 +564,22 @@ sub main'picmeup leal $sym,$regs{$dst} #endif ___ - push(@out,$tmp); + push(@out,$tmp); + } + elsif ($main'pic && ($main'elf || $main'aout)) + { + push(@out,"\t.align\t8\n"); + &main'call(&main'label("PIC_me_up")); + &main'set_label("PIC_me_up"); + &main'blindpop($dst); + &main'add($dst,"\$$under"."_GLOBAL_OFFSET_TABLE_+[.-". + &main'label("PIC_me_up") . "]"); + &main'mov($dst,&main'DWP($sym."\@GOT",$dst)); + } + else + { + &main'lea($dst,&main'DWP($sym)); + } } sub main'blindpop { &out1("popl",@_); } diff --git a/crypto/openssl/crypto/rand/rand.h b/crypto/openssl/crypto/rand/rand.h index 66e3999..606382d 100644 --- a/crypto/openssl/crypto/rand/rand.h +++ b/crypto/openssl/crypto/rand/rand.h @@ -87,7 +87,9 @@ extern int rand_predictable; int RAND_set_rand_method(const RAND_METHOD *meth); const RAND_METHOD *RAND_get_rand_method(void); +#ifndef OPENSSL_NO_ENGINE int RAND_set_rand_engine(ENGINE *engine); +#endif RAND_METHOD *RAND_SSLeay(void); void RAND_cleanup(void ); int RAND_bytes(unsigned char *buf,int num); diff --git a/crypto/openssl/crypto/rand/rand_lib.c b/crypto/openssl/crypto/rand/rand_lib.c index 5cf5dc1..513e338 100644 --- a/crypto/openssl/crypto/rand/rand_lib.c +++ b/crypto/openssl/crypto/rand/rand_lib.c @@ -60,19 +60,25 @@ #include <time.h> #include "cryptlib.h" #include <openssl/rand.h> +#ifndef OPENSSL_NO_ENGINE #include <openssl/engine.h> +#endif +#ifndef OPENSSL_NO_ENGINE /* non-NULL if default_RAND_meth is ENGINE-provided */ static ENGINE *funct_ref =NULL; +#endif static const RAND_METHOD *default_RAND_meth = NULL; int RAND_set_rand_method(const RAND_METHOD *meth) { +#ifndef OPENSSL_NO_ENGINE if(funct_ref) { ENGINE_finish(funct_ref); funct_ref = NULL; } +#endif default_RAND_meth = meth; return 1; } @@ -81,6 +87,7 @@ const RAND_METHOD *RAND_get_rand_method(void) { if (!default_RAND_meth) { +#ifndef OPENSSL_NO_ENGINE ENGINE *e = ENGINE_get_default_RAND(); if(e) { @@ -94,11 +101,13 @@ const RAND_METHOD *RAND_get_rand_method(void) if(e) funct_ref = e; else +#endif default_RAND_meth = RAND_SSLeay(); } return default_RAND_meth; } +#ifndef OPENSSL_NO_ENGINE int RAND_set_rand_engine(ENGINE *engine) { const RAND_METHOD *tmp_meth = NULL; @@ -118,6 +127,7 @@ int RAND_set_rand_engine(ENGINE *engine) funct_ref = engine; return 1; } +#endif void RAND_cleanup(void) { diff --git a/crypto/openssl/crypto/rc4/Makefile.ssl b/crypto/openssl/crypto/rc4/Makefile.ssl index a1eb79f..b210b42 100644 --- a/crypto/openssl/crypto/rc4/Makefile.ssl +++ b/crypto/openssl/crypto/rc4/Makefile.ssl @@ -52,14 +52,8 @@ lib: $(LIBOBJ) @touch lib # elf -asm/rx86-elf.o: asm/rx86unix.cpp - $(CPP) -DELF -x c asm/rx86unix.cpp | as -o asm/rx86-elf.o - -# solaris -asm/rx86-sol.o: asm/rx86unix.cpp - $(CC) -E -DSOL asm/rx86unix.cpp | sed 's/^#.*//' > asm/rx86-sol.s - as -o asm/rx86-sol.o asm/rx86-sol.s - rm -f asm/rx86-sol.s +asm/rx86-elf.s: asm/rc4-586.pl ../perlasm/x86asm.pl + (cd asm; $(PERL) rc4-586.pl elf $(CFLAGS) > rx86-elf.s) # a.out asm/rx86-out.o: asm/rx86unix.cpp @@ -104,7 +98,7 @@ dclean: mv -f Makefile.new $(MAKEFILE) clean: - rm -f asm/rx86unix.cpp *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff asm/*.o + rm -f asm/rx86unix.cpp asm/*-elf.* *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff asm/*.o # DO NOT DELETE THIS LINE -- make depend depends on it. diff --git a/crypto/openssl/crypto/rc5/Makefile.ssl b/crypto/openssl/crypto/rc5/Makefile.ssl index bb4704d..3ad6655 100644 --- a/crypto/openssl/crypto/rc5/Makefile.ssl +++ b/crypto/openssl/crypto/rc5/Makefile.ssl @@ -49,14 +49,8 @@ lib: $(LIBOBJ) @touch lib # elf -asm/r586-elf.o: asm/r586unix.cpp - $(CPP) -DELF -x c asm/r586unix.cpp | as -o asm/r586-elf.o - -# solaris -asm/r586-sol.o: asm/r586unix.cpp - $(CC) -E -DSOL asm/r586unix.cpp | sed 's/^#.*//' > asm/r586-sol.s - as -o asm/r586-sol.o asm/r586-sol.s - rm -f asm/r586-sol.s +asm/r586-elf.s: asm/rc5-586.pl ../perlasm/x86asm.pl ../perlasm/cbc.pl + (cd asm; $(PERL) rc5-586.pl elf $(CFLAGS) > r586-elf.s) # a.out asm/r586-out.o: asm/r586unix.cpp @@ -101,7 +95,7 @@ dclean: mv -f Makefile.new $(MAKEFILE) clean: - rm -f asm/r586unix.cpp *.o asm/*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff + rm -f asm/r586unix.cpp asm/*-elf.* *.o asm/*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff # DO NOT DELETE THIS LINE -- make depend depends on it. diff --git a/crypto/openssl/crypto/rc5/rc5_locl.h b/crypto/openssl/crypto/rc5/rc5_locl.h index d2dccce..f4ebc23 100644 --- a/crypto/openssl/crypto/rc5/rc5_locl.h +++ b/crypto/openssl/crypto/rc5/rc5_locl.h @@ -149,7 +149,7 @@ #if defined(OPENSSL_SYS_WIN32) && defined(_MSC_VER) #define ROTATE_l32(a,n) _lrotl(a,n) #define ROTATE_r32(a,n) _lrotr(a,n) -#elif defined(__GNUC__) && __GNUC__>=2 && !defined(__STRICT_ANSI__) && !defined(NO_ASM) && !defined(NO_INLINE_ASM) +#elif defined(__GNUC__) && __GNUC__>=2 && !defined(__STRICT_ANSI__) && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM) && !defined(PEDANTIC) # if defined(__i386) || defined(__i386__) || defined(__x86_64) || defined(__x86_64__) # define ROTATE_l32(a,n) ({ register unsigned int ret; \ asm ("roll %%cl,%0" \ diff --git a/crypto/openssl/crypto/ripemd/Makefile.ssl b/crypto/openssl/crypto/ripemd/Makefile.ssl index 6f1a9c5..3583dfd 100644 --- a/crypto/openssl/crypto/ripemd/Makefile.ssl +++ b/crypto/openssl/crypto/ripemd/Makefile.ssl @@ -47,14 +47,8 @@ lib: $(LIBOBJ) @touch lib # elf -asm/rm86-elf.o: asm/rm86unix.cpp - $(CPP) -DELF -x c asm/rm86unix.cpp | as -o asm/rm86-elf.o - -# solaris -asm/rm86-sol.o: asm/rm86unix.cpp - $(CC) -E -DSOL asm/rm86unix.cpp | sed 's/^#.*//' > asm/rm86-sol.s - as -o asm/rm86-sol.o asm/rm86-sol.s - rm -f asm/rm86-sol.s +asm/rm86-elf.s: asm/rmd-586.pl ../perlasm/x86asm.pl + (cd asm; $(PERL) rmd-586.pl elf $(CFLAGS) > rm86-elf.s) # a.out asm/rm86-out.o: asm/rm86unix.cpp @@ -99,7 +93,7 @@ dclean: mv -f Makefile.new $(MAKEFILE) clean: - rm -f asm/rm86unix.cpp *.o asm/*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff + rm -f asm/rm86unix.cpp asm/*-elf.* *.o asm/*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff # DO NOT DELETE THIS LINE -- make depend depends on it. diff --git a/crypto/openssl/crypto/ripemd/rmd160.c b/crypto/openssl/crypto/ripemd/rmd160.c index 4f8b88a..b0ec574 100644 --- a/crypto/openssl/crypto/ripemd/rmd160.c +++ b/crypto/openssl/crypto/ripemd/rmd160.c @@ -64,7 +64,7 @@ void do_fp(FILE *f); void pt(unsigned char *md); -#ifndef _OSD_POSIX +#if !defined(_OSD_POSIX) && !defined(__DJGPP__) int read(int, void *, unsigned int); #endif diff --git a/crypto/openssl/crypto/rsa/rsa_sign.c b/crypto/openssl/crypto/rsa/rsa_sign.c index 4ac2de3..9dd62ac 100644 --- a/crypto/openssl/crypto/rsa/rsa_sign.c +++ b/crypto/openssl/crypto/rsa/rsa_sign.c @@ -62,7 +62,9 @@ #include <openssl/rsa.h> #include <openssl/objects.h> #include <openssl/x509.h> +#ifndef OPENSSL_NO_ENGINE #include <openssl/engine.h> +#endif /* Size of an SSL signature: MD5+SHA1 */ #define SSL_SIG_LENGTH 36 @@ -77,10 +79,12 @@ int RSA_sign(int type, const unsigned char *m, unsigned int m_len, const unsigned char *s = NULL; X509_ALGOR algor; ASN1_OCTET_STRING digest; +#ifndef OPENSSL_NO_ENGINE if((rsa->flags & RSA_FLAG_SIGN_VER) && ENGINE_get_RSA(rsa->engine)->rsa_sign) return ENGINE_get_RSA(rsa->engine)->rsa_sign(type, m, m_len, sigret, siglen, rsa); +#endif /* Special case: SSL signature, just check the length */ if(type == NID_md5_sha1) { if(m_len != SSL_SIG_LENGTH) { @@ -155,10 +159,12 @@ int RSA_verify(int dtype, const unsigned char *m, unsigned int m_len, return(0); } +#ifndef OPENSSL_NO_ENGINE if((rsa->flags & RSA_FLAG_SIGN_VER) && ENGINE_get_RSA(rsa->engine)->rsa_verify) return ENGINE_get_RSA(rsa->engine)->rsa_verify(dtype, m, m_len, sigbuf, siglen, rsa); +#endif s=(unsigned char *)OPENSSL_malloc((unsigned int)siglen); if (s == NULL) diff --git a/crypto/openssl/crypto/rsa/rsa_test.c b/crypto/openssl/crypto/rsa/rsa_test.c index b8b462d..99abb1f 100644 --- a/crypto/openssl/crypto/rsa/rsa_test.c +++ b/crypto/openssl/crypto/rsa/rsa_test.c @@ -16,7 +16,9 @@ int main(int argc, char *argv[]) } #else #include <openssl/rsa.h> +#ifndef OPENSSL_NO_ENGINE #include <openssl/engine.h> +#endif #define SetKey \ key->n = BN_bin2bn(n, sizeof(n)-1, key->n); \ diff --git a/crypto/openssl/crypto/sha/Makefile.ssl b/crypto/openssl/crypto/sha/Makefile.ssl index 6487397..864645c 100644 --- a/crypto/openssl/crypto/sha/Makefile.ssl +++ b/crypto/openssl/crypto/sha/Makefile.ssl @@ -47,14 +47,8 @@ lib: $(LIBOBJ) @touch lib # elf -asm/sx86-elf.o: asm/sx86unix.cpp - $(CPP) -DELF -x c asm/sx86unix.cpp | as -o asm/sx86-elf.o - -# solaris -asm/sx86-sol.o: asm/sx86unix.cpp - $(CC) -E -DSOL asm/sx86unix.cpp | sed 's/^#.*//' > asm/sx86-sol.s - as -o asm/sx86-sol.o asm/sx86-sol.s - rm -f asm/sx86-sol.s +asm/sx86-elf.s: asm/sha1-586.pl ../perlasm/x86asm.pl + (cd asm; $(PERL) sha1-586.pl elf $(CFLAGS) $(PROCESSOR) > sx86-elf.s) # a.out asm/sx86-out.o: asm/sx86unix.cpp @@ -99,7 +93,7 @@ dclean: mv -f Makefile.new $(MAKEFILE) clean: - rm -f asm/sx86unix.cpp *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff asm/*.o + rm -f asm/sx86unix.cpp asm/*-elf.* *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff asm/*.o # DO NOT DELETE THIS LINE -- make depend depends on it. diff --git a/crypto/openssl/crypto/ui/Makefile.ssl b/crypto/openssl/crypto/ui/Makefile.ssl index 256f536..90ae7d4 100644 --- a/crypto/openssl/crypto/ui/Makefile.ssl +++ b/crypto/openssl/crypto/ui/Makefile.ssl @@ -44,7 +44,7 @@ all: lib lib: $(LIBOBJ) $(AR) $(LIB) $(LIBOBJ) - $(RANLIB) $(LIB) + $(RANLIB) $(LIB) || echo Never mind. @touch lib files: diff --git a/crypto/openssl/crypto/ui/ui_openssl.c b/crypto/openssl/crypto/ui/ui_openssl.c index e1a872e..75318d4 100644 --- a/crypto/openssl/crypto/ui/ui_openssl.c +++ b/crypto/openssl/crypto/ui/ui_openssl.c @@ -550,7 +550,7 @@ static int echo_console(UI *ui) static int close_console(UI *ui) { - if (tty_in != stderr) fclose(tty_in); + if (tty_in != stdin) fclose(tty_in); if (tty_out != stderr) fclose(tty_out); #ifdef OPENSSL_SYS_VMS status = sys$dassgn(channel); diff --git a/crypto/openssl/crypto/x509v3/ext_dat.h b/crypto/openssl/crypto/x509v3/ext_dat.h index 2fb97d8..5442480 100644 --- a/crypto/openssl/crypto/x509v3/ext_dat.h +++ b/crypto/openssl/crypto/x509v3/ext_dat.h @@ -90,17 +90,23 @@ static X509V3_EXT_METHOD *standard_exts[] = { &v3_crld, &v3_ext_ku, &v3_crl_reason, +#ifndef OPENSSL_NO_OCSP &v3_crl_invdate, +#endif &v3_sxnet, &v3_info, +#ifndef OPENSSL_NO_OCSP &v3_ocsp_nonce, &v3_ocsp_crlid, &v3_ocsp_accresp, &v3_ocsp_nocheck, &v3_ocsp_acutoff, &v3_ocsp_serviceloc, +#endif &v3_sinfo, +#ifndef OPENSSL_NO_OCSP &v3_crl_hold +#endif }; /* Number of standard extensions */ diff --git a/crypto/openssl/crypto/x509v3/v3_ocsp.c b/crypto/openssl/crypto/x509v3/v3_ocsp.c index 0831123..21badc1 100644 --- a/crypto/openssl/crypto/x509v3/v3_ocsp.c +++ b/crypto/openssl/crypto/x509v3/v3_ocsp.c @@ -56,6 +56,8 @@ * */ +#ifndef OPENSSL_NO_OCSP + #include <stdio.h> #include "cryptlib.h" #include <openssl/conf.h> @@ -270,3 +272,4 @@ static int i2r_ocsp_serviceloc(X509V3_EXT_METHOD *method, void *in, BIO *bp, int err: return 0; } +#endif diff --git a/crypto/openssl/crypto/x509v3/v3_purp.c b/crypto/openssl/crypto/x509v3/v3_purp.c index b739e4f..4d145f7 100644 --- a/crypto/openssl/crypto/x509v3/v3_purp.c +++ b/crypto/openssl/crypto/x509v3/v3_purp.c @@ -378,6 +378,10 @@ static void x509v3_cache_extensions(X509 *x) case NID_time_stamp: x->ex_xkusage |= XKU_TIMESTAMP; break; + + case NID_dvcs: + x->ex_xkusage |= XKU_DVCS; + break; } } sk_ASN1_OBJECT_pop_free(extusage, ASN1_OBJECT_free); diff --git a/crypto/openssl/crypto/x509v3/v3conf.c b/crypto/openssl/crypto/x509v3/v3conf.c index 67ee14f..00cf5b4 100644 --- a/crypto/openssl/crypto/x509v3/v3conf.c +++ b/crypto/openssl/crypto/x509v3/v3conf.c @@ -118,7 +118,7 @@ int main(int argc, char **argv) printf("%s", OBJ_nid2ln(OBJ_obj2nid(ext->object))); if(ext->critical) printf(",critical:\n"); else printf(":\n"); - X509V3_EXT_print_fp(stdout, ext, 0); + X509V3_EXT_print_fp(stdout, ext, 0, 0); printf("\n"); } diff --git a/crypto/openssl/crypto/x509v3/x509v3.h b/crypto/openssl/crypto/x509v3/x509v3.h index daecc55..fb07a19 100644 --- a/crypto/openssl/crypto/x509v3/x509v3.h +++ b/crypto/openssl/crypto/x509v3/x509v3.h @@ -352,6 +352,7 @@ DECLARE_ASN1_SET_OF(POLICYINFO) #define XKU_SGC 0x10 #define XKU_OCSP_SIGN 0x20 #define XKU_TIMESTAMP 0x40 +#define XKU_DVCS 0x80 #define X509_PURPOSE_DYNAMIC 0x1 #define X509_PURPOSE_DYNAMIC_NAME 0x2 diff --git a/crypto/openssl/demos/x509/mkcert.c b/crypto/openssl/demos/x509/mkcert.c index 8304d30..c5e67b8 100644 --- a/crypto/openssl/demos/x509/mkcert.c +++ b/crypto/openssl/demos/x509/mkcert.c @@ -9,7 +9,9 @@ #include <openssl/pem.h> #include <openssl/conf.h> #include <openssl/x509v3.h> +#ifndef OPENSSL_NO_ENGINE #include <openssl/engine.h> +#endif int mkcert(X509 **x509p, EVP_PKEY **pkeyp, int bits, int serial, int days); int add_ext(X509 *cert, int nid, char *value); @@ -35,7 +37,9 @@ int main(int argc, char **argv) X509_free(x509); EVP_PKEY_free(pkey); +#ifndef OPENSSL_NO_ENGINE ENGINE_cleanup(); +#endif CRYPTO_cleanup_all_ex_data(); CRYPTO_mem_leaks(bio_err); diff --git a/crypto/openssl/demos/x509/mkreq.c b/crypto/openssl/demos/x509/mkreq.c index d69dcc3..3dfc65f 100644 --- a/crypto/openssl/demos/x509/mkreq.c +++ b/crypto/openssl/demos/x509/mkreq.c @@ -8,7 +8,9 @@ #include <openssl/pem.h> #include <openssl/conf.h> #include <openssl/x509v3.h> +#ifndef OPENSSL_NO_ENGINE #include <openssl/engine.h> +#endif int mkreq(X509_REQ **x509p, EVP_PKEY **pkeyp, int bits, int serial, int days); int add_ext(STACK_OF(X509_REQUEST) *sk, int nid, char *value); @@ -33,7 +35,9 @@ int main(int argc, char **argv) X509_REQ_free(req); EVP_PKEY_free(pkey); +#ifndef OPENSSL_NO_ENGINE ENGINE_cleanup(); +#endif CRYPTO_cleanup_all_ex_data(); CRYPTO_mem_leaks(bio_err); diff --git a/crypto/openssl/doc/HOWTO/certificates.txt b/crypto/openssl/doc/HOWTO/certificates.txt index 8804864..82166e0 100644 --- a/crypto/openssl/doc/HOWTO/certificates.txt +++ b/crypto/openssl/doc/HOWTO/certificates.txt @@ -1,6 +1,8 @@ <DRAFT!> HOWTO certificates +1. Introduction + How you handle certificates depend a great deal on what your role is. Your role can be one or several of: @@ -13,12 +15,14 @@ Certificate authorities should read ca.txt. In all the cases shown below, the standard configuration file, as compiled into openssl, will be used. You may find it in /etc/, -/usr/local/ssr/ or somewhere else. The name is openssl.cnf, and +/usr/local/ssl/ or somewhere else. The name is openssl.cnf, and is better described in another HOWTO <config.txt?>. If you want to use a different configuration file, use the argument '-config {file}' with the command shown below. +2. Relationship with keys + Certificates are related to public key cryptography by containing a public key. To be useful, there must be a corresponding private key somewhere. With OpenSSL, public keys are easily derived from private @@ -26,22 +30,25 @@ keys, so before you create a certificate or a certificate request, you need to create a private key. Private keys are generated with 'openssl genrsa' if you want a RSA -private key, or 'openssl gendsa' if you want a DSA private key. More -info on how to handle these commands are found in the manual pages for -those commands or by running them with the argument '-h'. For the -sake of the description in this file, let's assume that the private -key ended up in the file privkey.pem (which is the default in some -cases). - - -Let's start with the most normal way of getting a certificate. Most -often, you want or need to get a certificate from a certificate -authority. To handle that, the certificate authority needs a -certificate request (or, as some certificate authorities like to put +private key, or 'openssl gendsa' if you want a DSA private key. +Further information on how to create private keys can be found in +another HOWTO <keys.txt?>. The rest of this text assumes you have +a private key in the file privkey.pem. + + +3. Creating a certificate request + +To create a certificate, you need to start with a certificate +request (or, as some certificate authorities like to put it, "certificate signing request", since that's exactly what they do, they sign it and give you the result back, thus making it authentic -according to their policies) from you. To generate a request, use the -command 'openssl req' like this: +according to their policies). A certificate request can then be sent +to a certificate authority to get it signed into a certificate, or if +you have your own certificate authority, you may sign it yourself, or +if you need a self-signed certificate (because you just want a test +certificate or because you are setting up your own CA). + +The certificate is created like this: openssl req -new -key privkey.pem -out cert.csr @@ -55,9 +62,25 @@ When the certificate authority has then done the checks the need to do (and probably gotten payment from you), they will hand over your new certificate to you. +Section 5 will tell you more on how to handle the certificate you +received. + + +4. Creating a self-signed certificate + +If you don't want to deal with another certificate authority, or just +want to create a test certificate for yourself, or are setting up a +certificate authority of your own, you may want to make the requested +certificate a self-signed one. If you have created a certificate +request as shown above, you can sign it using the 'openssl x509' +command, for example like this (to create a self-signed CA +certificate): + + openssl x509 -req -in cert.csr -extfile openssl.cnf -extensions v3_ca \ + -signkey privkey.pem -out cacert.pem -trustout -[fill in on how to create a self-signed certificate] +5. What to do with the certificate If you created everything yourself, or if the certificate authority was kind enough, your certificate is a raw DER thing in PEM format. diff --git a/crypto/openssl/doc/apps/ca.pod b/crypto/openssl/doc/apps/ca.pod index 183cd47..de66c53 100644 --- a/crypto/openssl/doc/apps/ca.pod +++ b/crypto/openssl/doc/apps/ca.pod @@ -43,6 +43,7 @@ B<openssl> B<ca> [B<-msie_hack>] [B<-extensions section>] [B<-extfile section>] +[B<-engine id>] =head1 DESCRIPTION @@ -195,6 +196,13 @@ an additional configuration file to read certificate extensions from (using the default section unless the B<-extensions> option is also used). +=item B<-engine id> + +specifying an engine (by it's unique B<id> string) will cause B<req> +to attempt to obtain a functional reference to the specified engine, +thus initialising it if needed. The engine will then be set as the default +for all available algorithms. + =back =head1 CRL OPTIONS diff --git a/crypto/openssl/doc/apps/dhparam.pod b/crypto/openssl/doc/apps/dhparam.pod index ff8a6e5..c31db95 100644 --- a/crypto/openssl/doc/apps/dhparam.pod +++ b/crypto/openssl/doc/apps/dhparam.pod @@ -18,6 +18,7 @@ B<openssl dhparam> [B<-2>] [B<-5>] [B<-rand> I<file(s)>] +[B<-engine id>] [I<numbits>] =head1 DESCRIPTION @@ -96,6 +97,13 @@ this option prints out the DH parameters in human readable form. this option converts the parameters into C code. The parameters can then be loaded by calling the B<get_dh>I<numbits>B<()> function. +=item B<-engine id> + +specifying an engine (by it's unique B<id> string) will cause B<req> +to attempt to obtain a functional reference to the specified engine, +thus initialising it if needed. The engine will then be set as the default +for all available algorithms. + =back =head1 WARNINGS diff --git a/crypto/openssl/doc/apps/dsa.pod b/crypto/openssl/doc/apps/dsa.pod index 28e534b..ed06b88 100644 --- a/crypto/openssl/doc/apps/dsa.pod +++ b/crypto/openssl/doc/apps/dsa.pod @@ -21,6 +21,7 @@ B<openssl> B<dsa> [B<-modulus>] [B<-pubin>] [B<-pubout>] +[B<-engine id>] =head1 DESCRIPTION @@ -106,6 +107,13 @@ by default a private key is output. With this option a public key will be output instead. This option is automatically set if the input is a public key. +=item B<-engine id> + +specifying an engine (by it's unique B<id> string) will cause B<req> +to attempt to obtain a functional reference to the specified engine, +thus initialising it if needed. The engine will then be set as the default +for all available algorithms. + =back =head1 NOTES diff --git a/crypto/openssl/doc/apps/dsaparam.pod b/crypto/openssl/doc/apps/dsaparam.pod index 50c2f61..b9b1b93 100644 --- a/crypto/openssl/doc/apps/dsaparam.pod +++ b/crypto/openssl/doc/apps/dsaparam.pod @@ -16,6 +16,7 @@ B<openssl dsaparam> [B<-C>] [B<-rand file(s)>] [B<-genkey>] +[B<-engine id>] [B<numbits>] =head1 DESCRIPTION @@ -82,6 +83,13 @@ this option specifies that a parameter set should be generated of size B<numbits>. It must be the last option. If this option is included then the input file (if any) is ignored. +=item B<-engine id> + +specifying an engine (by it's unique B<id> string) will cause B<req> +to attempt to obtain a functional reference to the specified engine, +thus initialising it if needed. The engine will then be set as the default +for all available algorithms. + =back =head1 NOTES diff --git a/crypto/openssl/doc/apps/gendsa.pod b/crypto/openssl/doc/apps/gendsa.pod index 74318fe..2c56cc7 100644 --- a/crypto/openssl/doc/apps/gendsa.pod +++ b/crypto/openssl/doc/apps/gendsa.pod @@ -12,6 +12,7 @@ B<openssl> B<gendsa> [B<-des3>] [B<-idea>] [B<-rand file(s)>] +[B<-engine id>] [B<paramfile>] =head1 DESCRIPTION @@ -37,6 +38,13 @@ Multiple files can be specified separated by a OS-dependent character. The separator is B<;> for MS-Windows, B<,> for OpenVMS, and B<:> for all others. +=item B<-engine id> + +specifying an engine (by it's unique B<id> string) will cause B<req> +to attempt to obtain a functional reference to the specified engine, +thus initialising it if needed. The engine will then be set as the default +for all available algorithms. + =item B<paramfile> This option specifies the DSA parameter file to use. The parameters in this diff --git a/crypto/openssl/doc/apps/genrsa.pod b/crypto/openssl/doc/apps/genrsa.pod index cdcc03c..25af4d1 100644 --- a/crypto/openssl/doc/apps/genrsa.pod +++ b/crypto/openssl/doc/apps/genrsa.pod @@ -15,6 +15,7 @@ B<openssl> B<genrsa> [B<-f4>] [B<-3>] [B<-rand file(s)>] +[B<-engine id>] [B<numbits>] =head1 DESCRIPTION @@ -54,6 +55,13 @@ Multiple files can be specified separated by a OS-dependent character. The separator is B<;> for MS-Windows, B<,> for OpenVMS, and B<:> for all others. +=item B<-engine id> + +specifying an engine (by it's unique B<id> string) will cause B<req> +to attempt to obtain a functional reference to the specified engine, +thus initialising it if needed. The engine will then be set as the default +for all available algorithms. + =item B<numbits> the size of the private key to generate in bits. This must be the last option diff --git a/crypto/openssl/doc/apps/pkcs7.pod b/crypto/openssl/doc/apps/pkcs7.pod index 9871c0e..a0a6363 100644 --- a/crypto/openssl/doc/apps/pkcs7.pod +++ b/crypto/openssl/doc/apps/pkcs7.pod @@ -14,6 +14,7 @@ B<openssl> B<pkcs7> [B<-print_certs>] [B<-text>] [B<-noout>] +[B<-engine id>] =head1 DESCRIPTION @@ -59,6 +60,13 @@ issuer names. don't output the encoded version of the PKCS#7 structure (or certificates is B<-print_certs> is set). +=item B<-engine id> + +specifying an engine (by it's unique B<id> string) will cause B<req> +to attempt to obtain a functional reference to the specified engine, +thus initialising it if needed. The engine will then be set as the default +for all available algorithms. + =back =head1 EXAMPLES diff --git a/crypto/openssl/doc/apps/pkcs8.pod b/crypto/openssl/doc/apps/pkcs8.pod index a56b2dd..68ecd65 100644 --- a/crypto/openssl/doc/apps/pkcs8.pod +++ b/crypto/openssl/doc/apps/pkcs8.pod @@ -21,6 +21,7 @@ B<openssl> B<pkcs8> [B<-nsdb>] [B<-v2 alg>] [B<-v1 alg>] +[B<-engine id>] =head1 DESCRIPTION @@ -122,6 +123,13 @@ B<des>, B<des3> and B<rc2>. It is recommended that B<des3> is used. This option specifies a PKCS#5 v1.5 or PKCS#12 algorithm to use. A complete list of possible algorithms is included below. +=item B<-engine id> + +specifying an engine (by it's unique B<id> string) will cause B<req> +to attempt to obtain a functional reference to the specified engine, +thus initialising it if needed. The engine will then be set as the default +for all available algorithms. + =back =head1 NOTES diff --git a/crypto/openssl/doc/apps/req.pod b/crypto/openssl/doc/apps/req.pod index 7a3b6bb..e2b5d0d 100644 --- a/crypto/openssl/doc/apps/req.pod +++ b/crypto/openssl/doc/apps/req.pod @@ -41,6 +41,7 @@ B<openssl> B<req> [B<-nameopt>] [B<-batch>] [B<-verbose>] +[B<-engine id>] =head1 DESCRIPTION @@ -244,6 +245,13 @@ non-interactive mode. print extra details about the operations being performed. +=item B<-engine id> + +specifying an engine (by it's unique B<id> string) will cause B<req> +to attempt to obtain a functional reference to the specified engine, +thus initialising it if needed. The engine will then be set as the default +for all available algorithms. + =back =head1 CONFIGURATION FILE FORMAT @@ -406,7 +414,7 @@ be input by calling it "1.organizationName". The actual permitted field names are any object identifier short or long names. These are compiled into OpenSSL and include the usual values such as commonName, countryName, localityName, organizationName, -organizationUnitName, stateOrPrivinceName. Additionally emailAddress +organizationUnitName, stateOrProvinceName. Additionally emailAddress is include as well as name, surname, givenName initials and dnQualifier. Additional object identifiers can be defined with the B<oid_file> or diff --git a/crypto/openssl/doc/apps/rsa.pod b/crypto/openssl/doc/apps/rsa.pod index ef74f1a..4d76409 100644 --- a/crypto/openssl/doc/apps/rsa.pod +++ b/crypto/openssl/doc/apps/rsa.pod @@ -24,6 +24,7 @@ B<openssl> B<rsa> [B<-check>] [B<-pubin>] [B<-pubout>] +[B<-engine id>] =head1 DESCRIPTION @@ -117,6 +118,13 @@ by default a private key is output: with this option a public key will be output instead. This option is automatically set if the input is a public key. +=item B<-engine id> + +specifying an engine (by it's unique B<id> string) will cause B<req> +to attempt to obtain a functional reference to the specified engine, +thus initialising it if needed. The engine will then be set as the default +for all available algorithms. + =back =head1 NOTES diff --git a/crypto/openssl/doc/apps/spkac.pod b/crypto/openssl/doc/apps/spkac.pod index bb84dfb..c3f1ff9 100644 --- a/crypto/openssl/doc/apps/spkac.pod +++ b/crypto/openssl/doc/apps/spkac.pod @@ -17,7 +17,7 @@ B<openssl> B<spkac> [B<-spksect section>] [B<-noout>] [B<-verify>] - +[B<-engine id>] =head1 DESCRIPTION @@ -79,6 +79,12 @@ being created). verifies the digital signature on the supplied SPKAC. +=item B<-engine id> + +specifying an engine (by it's unique B<id> string) will cause B<req> +to attempt to obtain a functional reference to the specified engine, +thus initialising it if needed. The engine will then be set as the default +for all available algorithms. =back diff --git a/crypto/openssl/doc/apps/x509.pod b/crypto/openssl/doc/apps/x509.pod index 674bfd1..50343cd 100644 --- a/crypto/openssl/doc/apps/x509.pod +++ b/crypto/openssl/doc/apps/x509.pod @@ -50,6 +50,7 @@ B<openssl> B<x509> [B<-clrext>] [B<-extfile filename>] [B<-extensions section>] +[B<-engine id>] =head1 DESCRIPTION @@ -98,6 +99,12 @@ digest, such as the B<-fingerprint>, B<-signkey> and B<-CA> options. If not specified then MD5 is used. If the key being used to sign with is a DSA key then this option has no effect: SHA1 is always used with DSA keys. +=item B<-engine id> + +specifying an engine (by it's unique B<id> string) will cause B<req> +to attempt to obtain a functional reference to the specified engine, +thus initialising it if needed. The engine will then be set as the default +for all available algorithms. =back @@ -637,8 +644,8 @@ certificate extensions: Set a certificate to be trusted for SSL client use and change set its alias to "Steve's Class 1 CA" - openssl x509 -in cert.pem -addtrust sslclient \ - -alias "Steve's Class 1 CA" -out trust.pem + openssl x509 -in cert.pem -addtrust clientAuth \ + -setalias "Steve's Class 1 CA" -out trust.pem =head1 NOTES diff --git a/crypto/openssl/doc/crypto/BN_generate_prime.pod b/crypto/openssl/doc/crypto/BN_generate_prime.pod index 6ea2379..7dccacb 100644 --- a/crypto/openssl/doc/crypto/BN_generate_prime.pod +++ b/crypto/openssl/doc/crypto/BN_generate_prime.pod @@ -70,7 +70,7 @@ If B<do_trial_division == 0>, this test is skipped. Both BN_is_prime() and BN_is_prime_fasttest() perform a Miller-Rabin probabilistic primality test with B<checks> iterations. If -B<checks == BN_prime_check>, a number of iterations is used that +B<checks == BN_prime_checks>, a number of iterations is used that yields a false positive rate of at most 2^-80 for random input. If B<callback> is not B<NULL>, B<callback(1, j, cb_arg)> is called diff --git a/crypto/openssl/doc/crypto/EVP_SealInit.pod b/crypto/openssl/doc/crypto/EVP_SealInit.pod index 25ef07f..b5e477e 100644 --- a/crypto/openssl/doc/crypto/EVP_SealInit.pod +++ b/crypto/openssl/doc/crypto/EVP_SealInit.pod @@ -18,22 +18,28 @@ EVP_SealInit, EVP_SealUpdate, EVP_SealFinal - EVP envelope encryption =head1 DESCRIPTION The EVP envelope routines are a high level interface to envelope -encryption. They generate a random key and then "envelope" it by -using public key encryption. Data can then be encrypted using this -key. +encryption. They generate a random key and IV (if required) then +"envelope" it by using public key encryption. Data can then be +encrypted using this key. EVP_SealInit() initializes a cipher context B<ctx> for encryption -with cipher B<type> using a random secret key and IV supplied in -the B<iv> parameter. B<type> is normally supplied by a function such -as EVP_des_cbc(). The secret key is encrypted using one or more public -keys, this allows the same encrypted data to be decrypted using any -of the corresponding private keys. B<ek> is an array of buffers where -the public key encrypted secret key will be written, each buffer must -contain enough room for the corresponding encrypted key: that is +with cipher B<type> using a random secret key and IV. B<type> is normally +supplied by a function such as EVP_des_cbc(). The secret key is encrypted +using one or more public keys, this allows the same encrypted data to be +decrypted using any of the corresponding private keys. B<ek> is an array of +buffers where the public key encrypted secret key will be written, each buffer +must contain enough room for the corresponding encrypted key: that is B<ek[i]> must have room for B<EVP_PKEY_size(pubk[i])> bytes. The actual size of each encrypted secret key is written to the array B<ekl>. B<pubk> is an array of B<npubk> public keys. +The B<iv> parameter is a buffer where the generated IV is written to. It must +contain enough room for the corresponding cipher's IV, as determined by (for +example) EVP_CIPHER_iv_length(type). + +If the cipher does not require an IV then the B<iv> parameter is ignored +and can be B<NULL>. + EVP_SealUpdate() and EVP_SealFinal() have exactly the same properties as the EVP_EncryptUpdate() and EVP_EncryptFinal() routines, as documented on the L<EVP_EncryptInit(3)|EVP_EncryptInit(3)> manual diff --git a/crypto/openssl/doc/standards.txt b/crypto/openssl/doc/standards.txt index 44d263b..edbe2f3 100644 --- a/crypto/openssl/doc/standards.txt +++ b/crypto/openssl/doc/standards.txt @@ -45,10 +45,6 @@ whole or at least great parts) in OpenSSL. 2315 PKCS 7: Cryptographic Message Syntax Version 1.5. B. Kaliski. March 1998. (Format: TXT=69679 bytes) (Status: INFORMATIONAL) -2437 PKCS #1: RSA Cryptography Specifications Version 2.0. B. Kaliski, - J. Staddon. October 1998. (Format: TXT=73529 bytes) (Obsoletes - RFC2313) (Status: INFORMATIONAL) - PKCS#8: Private-Key Information Syntax Standard PKCS#12: Personal Information Exchange Syntax Standard, version 1.0. @@ -87,6 +83,11 @@ PKCS#12: Personal Information Exchange Syntax Standard, version 1.0. Ford, D. Solo. April 2002. (Format: TXT=295556 bytes) (Obsoletes RFC2459) (Status: PROPOSED STANDARD) +3447 Public-Key Cryptography Standards (PKCS) #1: RSA Cryptography + Specifications Version 2.1. J. Jonsson, B. Kaliski. February 2003. + (Format: TXT=143173 bytes) (Obsoletes RFC2437) (Status: + INFORMATIONAL) + Related: -------- diff --git a/crypto/openssl/openssl.spec b/crypto/openssl/openssl.spec index 4d68d70..e3ec71a 100644 --- a/crypto/openssl/openssl.spec +++ b/crypto/openssl/openssl.spec @@ -1,15 +1,15 @@ %define libmaj 0 %define libmin 9 %define librel 7 -#%define librev a +%define librev a Release: 1 %define openssldir /var/ssl Summary: Secure Sockets Layer and cryptography libraries and tools Name: openssl -Version: %{libmaj}.%{libmin}.%{librel} -#Version: %{libmaj}.%{libmin}.%{librel}%{librev} +#Version: %{libmaj}.%{libmin}.%{librel} +Version: %{libmaj}.%{libmin}.%{librel}%{librev} Source0: ftp://ftp.openssl.org/source/%{name}-%{version}.tar.gz Copyright: Freely distributable Group: System Environment/Libraries diff --git a/crypto/openssl/ssl/bio_ssl.c b/crypto/openssl/ssl/bio_ssl.c index 467e149..d683ee4 100644 --- a/crypto/openssl/ssl/bio_ssl.c +++ b/crypto/openssl/ssl/bio_ssl.c @@ -403,6 +403,10 @@ static long ssl_ctrl(BIO *b, int cmd, long num, void *ptr) { BIO_free_all(ssl->wbio); } + if (b->next_bio != NULL) + { + CRYPTO_add(&b->next_bio->references,1,CRYPTO_LOCK_BIO); + } ssl->wbio=NULL; ssl->rbio=NULL; break; @@ -509,6 +513,7 @@ static int ssl_puts(BIO *bp, const char *str) BIO *BIO_new_buffer_ssl_connect(SSL_CTX *ctx) { +#ifndef OPENSSL_NO_SOCK BIO *ret=NULL,*buf=NULL,*ssl=NULL; if ((buf=BIO_new(BIO_f_buffer())) == NULL) @@ -521,6 +526,7 @@ BIO *BIO_new_buffer_ssl_connect(SSL_CTX *ctx) err: if (buf != NULL) BIO_free(buf); if (ssl != NULL) BIO_free(ssl); +#endif return(NULL); } diff --git a/crypto/openssl/ssl/s3_both.c b/crypto/openssl/ssl/s3_both.c index 38a7152..64d317b 100644 --- a/crypto/openssl/ssl/s3_both.c +++ b/crypto/openssl/ssl/s3_both.c @@ -268,6 +268,13 @@ unsigned long ssl3_output_cert_chain(SSL *s, X509 *x) X509_STORE_CTX xs_ctx; X509_OBJECT obj; + int no_chain; + + if ((s->mode & SSL_MODE_NO_AUTO_CHAIN) || s->ctx->extra_certs) + no_chain = 1; + else + no_chain = 0; + /* TLSv1 sends a chain with nothing in it, instead of an alert */ buf=s->init_buf; if (!BUF_MEM_grow_clean(buf,10)) @@ -277,7 +284,7 @@ unsigned long ssl3_output_cert_chain(SSL *s, X509 *x) } if (x != NULL) { - if(!X509_STORE_CTX_init(&xs_ctx,s->ctx->cert_store,NULL,NULL)) + if(!no_chain && !X509_STORE_CTX_init(&xs_ctx,s->ctx->cert_store,NULL,NULL)) { SSLerr(SSL_F_SSL3_OUTPUT_CERT_CHAIN,ERR_R_X509_LIB); return(0); @@ -295,6 +302,10 @@ unsigned long ssl3_output_cert_chain(SSL *s, X509 *x) l2n3(n,p); i2d_X509(x,&p); l+=n+3; + + if (no_chain) + break; + if (X509_NAME_cmp(X509_get_subject_name(x), X509_get_issuer_name(x)) == 0) break; @@ -306,8 +317,8 @@ unsigned long ssl3_output_cert_chain(SSL *s, X509 *x) * ref count */ X509_free(x); } - - X509_STORE_CTX_cleanup(&xs_ctx); + if (!no_chain) + X509_STORE_CTX_cleanup(&xs_ctx); } /* Thawte special :-) */ diff --git a/crypto/openssl/ssl/s3_enc.c b/crypto/openssl/ssl/s3_enc.c index 35fde29..559924d 100644 --- a/crypto/openssl/ssl/s3_enc.c +++ b/crypto/openssl/ssl/s3_enc.c @@ -474,6 +474,7 @@ int ssl3_enc(SSL *s, int send) ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECRYPTION_FAILED); return 0; } + /* otherwise, rec->length >= bs */ } EVP_Cipher(ds,rec->data,rec->input,l); @@ -482,7 +483,7 @@ int ssl3_enc(SSL *s, int send) { i=rec->data[l-1]+1; /* SSL 3.0 bounds the number of padding bytes by the block size; - * padding bytes (except that last) are arbitrary */ + * padding bytes (except the last one) are arbitrary */ if (i > bs) { /* Incorrect padding. SSLerr() and ssl3_alert are done @@ -491,6 +492,7 @@ int ssl3_enc(SSL *s, int send) * (see http://www.openssl.org/~bodo/tls-cbc.txt) */ return -1; } + /* now i <= bs <= rec->length */ rec->length-=i; } } diff --git a/crypto/openssl/ssl/s3_pkt.c b/crypto/openssl/ssl/s3_pkt.c index 6ccea9a..3f88429 100644 --- a/crypto/openssl/ssl/s3_pkt.c +++ b/crypto/openssl/ssl/s3_pkt.c @@ -238,6 +238,8 @@ static int ssl3_get_record(SSL *s) unsigned int mac_size; int clear=0; size_t extra; + int decryption_failed_or_bad_record_mac = 0; + unsigned char *mac = NULL; rr= &(s->s3->rrec); sess=s->session; @@ -353,8 +355,11 @@ again: /* SSLerr() and ssl3_send_alert() have been called */ goto err; - /* otherwise enc_err == -1 */ - goto decryption_failed_or_bad_record_mac; + /* Otherwise enc_err == -1, which indicates bad padding + * (rec->length has not been changed in this case). + * To minimize information leaked via timing, we will perform + * the MAC computation anyway. */ + decryption_failed_or_bad_record_mac = 1; } #ifdef TLS_DEBUG @@ -380,28 +385,46 @@ printf("\n"); SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_PRE_MAC_LENGTH_TOO_LONG); goto f_err; #else - goto decryption_failed_or_bad_record_mac; + decryption_failed_or_bad_record_mac = 1; #endif } /* check the MAC for rr->input (it's in mac_size bytes at the tail) */ - if (rr->length < mac_size) + if (rr->length >= mac_size) { + rr->length -= mac_size; + mac = &rr->data[rr->length]; + } + else + { + /* record (minus padding) is too short to contain a MAC */ #if 0 /* OK only for stream ciphers */ al=SSL_AD_DECODE_ERROR; SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_LENGTH_TOO_SHORT); goto f_err; #else - goto decryption_failed_or_bad_record_mac; + decryption_failed_or_bad_record_mac = 1; + rr->length = 0; #endif } - rr->length-=mac_size; i=s->method->ssl3_enc->mac(s,md,0); - if (memcmp(md,&(rr->data[rr->length]),mac_size) != 0) + if (mac == NULL || memcmp(md, mac, mac_size) != 0) { - goto decryption_failed_or_bad_record_mac; + decryption_failed_or_bad_record_mac = 1; } } + if (decryption_failed_or_bad_record_mac) + { + /* A separate 'decryption_failed' alert was introduced with TLS 1.0, + * SSL 3.0 only has 'bad_record_mac'. But unless a decryption + * failure is directly visible from the ciphertext anyway, + * we should not reveal which kind of error occured -- this + * might become visible to an attacker (e.g. via a logfile) */ + al=SSL_AD_BAD_RECORD_MAC; + SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC); + goto f_err; + } + /* r->length is now just compressed */ if (s->expand != NULL) { @@ -443,14 +466,6 @@ printf("\n"); return(1); -decryption_failed_or_bad_record_mac: - /* Separate 'decryption_failed' alert was introduced with TLS 1.0, - * SSL 3.0 only has 'bad_record_mac'. But unless a decryption - * failure is directly visible from the ciphertext anyway, - * we should not reveal which kind of error occured -- this - * might become visible to an attacker (e.g. via logfile) */ - al=SSL_AD_BAD_RECORD_MAC; - SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC); f_err: ssl3_send_alert(s,SSL3_AL_FATAL,al); err: diff --git a/crypto/openssl/ssl/ssl.h b/crypto/openssl/ssl/ssl.h index f8e400d..4ae8458 100644 --- a/crypto/openssl/ssl/ssl.h +++ b/crypto/openssl/ssl/ssl.h @@ -521,6 +521,8 @@ typedef struct ssl_session_st /* Never bother the application with retries if the transport * is blocking: */ #define SSL_MODE_AUTO_RETRY 0x00000004L +/* Don't attempt to automatically build certificate chain */ +#define SSL_MODE_NO_AUTO_CHAIN 0x00000008L /* Note: SSL[_CTX]_set_{options,mode} use |= op on the previous value, @@ -1227,14 +1229,12 @@ int SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file); /* PEM t STACK_OF(X509_NAME) *SSL_load_client_CA_file(const char *file); int SSL_add_file_cert_subjects_to_stack(STACK_OF(X509_NAME) *stackCAs, const char *file); -#ifndef OPENSSL_SYS_WIN32 #ifndef OPENSSL_SYS_VMS #ifndef OPENSSL_SYS_MACINTOSH_CLASSIC /* XXXXX: Better scheme needed! [was: #ifndef MAC_OS_pre_X] */ int SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stackCAs, const char *dir); #endif #endif -#endif #endif diff --git a/crypto/openssl/ssl/ssl_cert.c b/crypto/openssl/ssl/ssl_cert.c index 1f12255..da90078 100644 --- a/crypto/openssl/ssl/ssl_cert.c +++ b/crypto/openssl/ssl/ssl_cert.c @@ -781,7 +781,7 @@ err: #endif #endif -#else +#else /* OPENSSL_SYS_WIN32 */ int SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack, const char *dir) diff --git a/crypto/openssl/ssl/ssl_lib.c b/crypto/openssl/ssl/ssl_lib.c index 091326f..ddd8114 100644 --- a/crypto/openssl/ssl/ssl_lib.c +++ b/crypto/openssl/ssl/ssl_lib.c @@ -1069,14 +1069,17 @@ int ssl_cipher_ptr_id_cmp(const SSL_CIPHER * const *ap, * preference */ STACK_OF(SSL_CIPHER) *SSL_get_ciphers(SSL *s) { - if ((s != NULL) && (s->cipher_list != NULL)) - { - return(s->cipher_list); - } - else if ((s->ctx != NULL) && - (s->ctx->cipher_list != NULL)) + if (s != NULL) { - return(s->ctx->cipher_list); + if (s->cipher_list != NULL) + { + return(s->cipher_list); + } + else if ((s->ctx != NULL) && + (s->ctx->cipher_list != NULL)) + { + return(s->ctx->cipher_list); + } } return(NULL); } @@ -1085,14 +1088,17 @@ STACK_OF(SSL_CIPHER) *SSL_get_ciphers(SSL *s) * algorithm id */ STACK_OF(SSL_CIPHER) *ssl_get_ciphers_by_id(SSL *s) { - if ((s != NULL) && (s->cipher_list_by_id != NULL)) - { - return(s->cipher_list_by_id); - } - else if ((s != NULL) && (s->ctx != NULL) && - (s->ctx->cipher_list_by_id != NULL)) + if (s != NULL) { - return(s->ctx->cipher_list_by_id); + if (s->cipher_list_by_id != NULL) + { + return(s->cipher_list_by_id); + } + else if ((s->ctx != NULL) && + (s->ctx->cipher_list_by_id != NULL)) + { + return(s->ctx->cipher_list_by_id); + } } return(NULL); } @@ -1890,6 +1896,7 @@ SSL *SSL_dup(SSL *s) * they should not both point to the same object, * and thus we can't use SSL_copy_session_id. */ + ret->method->ssl_free(ret); ret->method = s->method; ret->method->ssl_new(ret); diff --git a/crypto/openssl/ssl/ssltest.c b/crypto/openssl/ssl/ssltest.c index 4fa9d41..42b6f1f 100644 --- a/crypto/openssl/ssl/ssltest.c +++ b/crypto/openssl/ssl/ssltest.c @@ -128,7 +128,9 @@ #include <openssl/evp.h> #include <openssl/x509.h> #include <openssl/ssl.h> +#ifndef OPENSSL_NO_ENGINE #include <openssl/engine.h> +#endif #include <openssl/err.h> #include <openssl/rand.h> @@ -760,7 +762,9 @@ end: #ifndef OPENSSL_NO_RSA free_tmp_rsa(); #endif +#ifndef OPENSSL_NO_ENGINE ENGINE_cleanup(); +#endif CRYPTO_cleanup_all_ex_data(); ERR_free_strings(); ERR_remove_state(0); diff --git a/crypto/openssl/test/Makefile.ssl b/crypto/openssl/test/Makefile.ssl index 58e8cfe..21ec82d 100644 --- a/crypto/openssl/test/Makefile.ssl +++ b/crypto/openssl/test/Makefile.ssl @@ -15,6 +15,9 @@ MAKE= make -f $(MAKEFILE) MAKEDEPPROG= makedepend MAKEDEPEND= $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG) PERL= perl +# KRB5 stuff +KRB5_INCLUDES= +LIBKRB5= PEX_LIBS= EX_LIBS= #-lnsl -lsocket @@ -119,14 +122,13 @@ apps: @(cd ..; $(MAKE) DIRS=apps all) SET_SO_PATHS=LIBPATH="`cd ..; pwd`"; LD_LIBRARY_PATH="$$LIBPATH"; DYLD_LIBRARY_PATH="$$LIBPATH"; SHLIB_PATH="$$LIBPATH"; \ - if [ "$(PLATFORM)" = "DJGPP" ]; then PATH="$$LIBPATH\;$$PATH"; \ - elif [ "$(PLATFORM)" = "Cygwin" ]; then PATH="$${LIBPATH}:$$PATH"; fi; \ + if [ "$(PLATFORM)" = "Cygwin" ]; then PATH="$${LIBPATH}:$$PATH"; fi; \ export LD_LIBRARY_PATH DYLD_LIBRARY_PATH SHLIB_PATH LIBPATH PATH alltests: \ test_des test_idea test_sha test_md4 test_md5 test_hmac \ test_md2 test_mdc2 \ - test_rmd test_rc2 test_rc4 test_rc5 test_bf test_cast test_rd \ + test_rmd test_rc2 test_rc4 test_rc5 test_bf test_cast test_aes \ test_rand test_bn test_ec test_enc test_x509 test_rsa test_crl test_sid \ test_gen test_req test_pkcs7 test_verify test_dh test_dsa \ test_ss test_ca test_engine test_evp test_ssl @@ -260,9 +262,9 @@ test_ca: sh ./testca; \ fi -test_rd: #$(RDTEST) +test_aes: #$(AESTEST) # @echo "test Rijndael" -# $(SET_SO_PATHS); ./$(RDTEST) +# $(SET_SO_PATHS); ./$(AESTEST) lint: lint -DLINT $(INCLUDES) $(SRC)>fluff @@ -465,14 +467,14 @@ $(EVPTEST): $(EVPTEST).o $(DLIBCRYPTO) $(CC) -o $(EVPTEST) $(CFLAGS) $(EVPTEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS) ; \ fi -#$(RDTEST).o: $(RDTEST).c -# $(CC) -c $(CFLAGS) -DINTERMEDIATE_VALUE_KAT -DTRACE_KAT_MCT $(RDTEST).c +#$(AESTEST).o: $(AESTEST).c +# $(CC) -c $(CFLAGS) -DINTERMEDIATE_VALUE_KAT -DTRACE_KAT_MCT $(AESTEST).c -#$(RDTEST): $(RDTEST).o $(DLIBCRYPTO) +#$(AESTEST): $(AESTEST).o $(DLIBCRYPTO) # if [ "$(SHLIB_TARGET)" = "hpux-shared" -o "$(SHLIB_TARGET)" = "darwin-shared" ] ; then \ -# $(CC) -o $(RDTEST) $(CFLAGS) $(RDTEST).o $(PEX_LIBS) $(DLIBCRYPTO) $(EX_LIBS) ; \ +# $(CC) -o $(AESTEST) $(CFLAGS) $(AESTEST).o $(PEX_LIBS) $(DLIBCRYPTO) $(EX_LIBS) ; \ # else \ -# $(CC) -o $(RDTEST) $(CFLAGS) $(RDTEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS) ; \ +# $(CC) -o $(AESTEST) $(CFLAGS) $(AESTEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS) ; \ # fi dummytest: dummytest.o $(DLIBCRYPTO) diff --git a/crypto/openssl/test/testgen b/crypto/openssl/test/testgen index 55c496f..3798543 100644 --- a/crypto/openssl/test/testgen +++ b/crypto/openssl/test/testgen @@ -27,6 +27,8 @@ fi echo "This could take some time." +rm -f testkey.pem testreq.pem + ../apps/openssl req -config test.cnf $req_new -out testreq.pem if [ $? != 0 ]; then echo problems creating request diff --git a/crypto/openssl/util/bat.sh b/crypto/openssl/util/bat.sh index c6f48e8..4d9a828 100755 --- a/crypto/openssl/util/bat.sh +++ b/crypto/openssl/util/bat.sh @@ -62,6 +62,7 @@ sub var_add local($dir,$val)=@_; local(@a,$_,$ret); + return("") if $no_engine && $dir =~ /\/engine/; return("") if $no_idea && $dir =~ /\/idea/; return("") if $no_rc2 && $dir =~ /\/rc2/; return("") if $no_rc4 && $dir =~ /\/rc4/; @@ -116,6 +117,7 @@ sub var_add @a=grep(!/(^sha1)|(_sha1$)|(m_dss1$)/,@a) if $no_sha1; @a=grep(!/_mdc2$/,@a) if $no_mdc2; + @a=grep(!/^engine$/,@a) if $no_engine; @a=grep(!/(^rsa$)|(^genrsa$)|(^req$)|(^ca$)/,@a) if $no_rsa; @a=grep(!/(^dsa$)|(^gendsa$)|(^dsaparam$)/,@a) if $no_dsa; @a=grep(!/^gendsa$/,@a) if $no_sha1; diff --git a/crypto/openssl/util/libeay.num b/crypto/openssl/util/libeay.num index 81f5d31..f5c8c0b 100755 --- a/crypto/openssl/util/libeay.num +++ b/crypto/openssl/util/libeay.num @@ -1881,72 +1881,72 @@ BIO_f_linebuffer 2463 EXIST:VMS:FUNCTION: BN_bntest_rand 2464 EXIST::FUNCTION: OPENSSL_issetugid 2465 EXIST::FUNCTION: BN_rand_range 2466 EXIST::FUNCTION: -ERR_load_ENGINE_strings 2467 EXIST::FUNCTION: -ENGINE_set_DSA 2468 EXIST::FUNCTION: -ENGINE_get_finish_function 2469 EXIST::FUNCTION: -ENGINE_get_default_RSA 2470 EXIST::FUNCTION: +ERR_load_ENGINE_strings 2467 EXIST::FUNCTION:ENGINE +ENGINE_set_DSA 2468 EXIST::FUNCTION:ENGINE +ENGINE_get_finish_function 2469 EXIST::FUNCTION:ENGINE +ENGINE_get_default_RSA 2470 EXIST::FUNCTION:ENGINE ENGINE_get_BN_mod_exp 2471 NOEXIST::FUNCTION: DSA_get_default_openssl_method 2472 NOEXIST::FUNCTION: -ENGINE_set_DH 2473 EXIST::FUNCTION: +ENGINE_set_DH 2473 EXIST::FUNCTION:ENGINE ENGINE_set_def_BN_mod_exp_crt 2474 NOEXIST::FUNCTION: ENGINE_set_default_BN_mod_exp_crt 2474 NOEXIST::FUNCTION: -ENGINE_init 2475 EXIST::FUNCTION: +ENGINE_init 2475 EXIST::FUNCTION:ENGINE DH_get_default_openssl_method 2476 NOEXIST::FUNCTION: RSA_set_default_openssl_method 2477 NOEXIST::FUNCTION: -ENGINE_finish 2478 EXIST::FUNCTION: -ENGINE_load_public_key 2479 EXIST::FUNCTION: -ENGINE_get_DH 2480 EXIST::FUNCTION: -ENGINE_ctrl 2481 EXIST::FUNCTION: -ENGINE_get_init_function 2482 EXIST::FUNCTION: -ENGINE_set_init_function 2483 EXIST::FUNCTION: -ENGINE_set_default_DSA 2484 EXIST::FUNCTION: -ENGINE_get_name 2485 EXIST::FUNCTION: -ENGINE_get_last 2486 EXIST::FUNCTION: -ENGINE_get_prev 2487 EXIST::FUNCTION: -ENGINE_get_default_DH 2488 EXIST::FUNCTION: -ENGINE_get_RSA 2489 EXIST::FUNCTION: -ENGINE_set_default 2490 EXIST::FUNCTION: -ENGINE_get_RAND 2491 EXIST::FUNCTION: -ENGINE_get_first 2492 EXIST::FUNCTION: -ENGINE_by_id 2493 EXIST::FUNCTION: -ENGINE_set_finish_function 2494 EXIST::FUNCTION: +ENGINE_finish 2478 EXIST::FUNCTION:ENGINE +ENGINE_load_public_key 2479 EXIST::FUNCTION:ENGINE +ENGINE_get_DH 2480 EXIST::FUNCTION:ENGINE +ENGINE_ctrl 2481 EXIST::FUNCTION:ENGINE +ENGINE_get_init_function 2482 EXIST::FUNCTION:ENGINE +ENGINE_set_init_function 2483 EXIST::FUNCTION:ENGINE +ENGINE_set_default_DSA 2484 EXIST::FUNCTION:ENGINE +ENGINE_get_name 2485 EXIST::FUNCTION:ENGINE +ENGINE_get_last 2486 EXIST::FUNCTION:ENGINE +ENGINE_get_prev 2487 EXIST::FUNCTION:ENGINE +ENGINE_get_default_DH 2488 EXIST::FUNCTION:ENGINE +ENGINE_get_RSA 2489 EXIST::FUNCTION:ENGINE +ENGINE_set_default 2490 EXIST::FUNCTION:ENGINE +ENGINE_get_RAND 2491 EXIST::FUNCTION:ENGINE +ENGINE_get_first 2492 EXIST::FUNCTION:ENGINE +ENGINE_by_id 2493 EXIST::FUNCTION:ENGINE +ENGINE_set_finish_function 2494 EXIST::FUNCTION:ENGINE ENGINE_get_def_BN_mod_exp_crt 2495 NOEXIST::FUNCTION: ENGINE_get_default_BN_mod_exp_crt 2495 NOEXIST::FUNCTION: RSA_get_default_openssl_method 2496 NOEXIST::FUNCTION: -ENGINE_set_RSA 2497 EXIST::FUNCTION: -ENGINE_load_private_key 2498 EXIST::FUNCTION: -ENGINE_set_default_RAND 2499 EXIST::FUNCTION: +ENGINE_set_RSA 2497 EXIST::FUNCTION:ENGINE +ENGINE_load_private_key 2498 EXIST::FUNCTION:ENGINE +ENGINE_set_default_RAND 2499 EXIST::FUNCTION:ENGINE ENGINE_set_BN_mod_exp 2500 NOEXIST::FUNCTION: -ENGINE_remove 2501 EXIST::FUNCTION: -ENGINE_free 2502 EXIST::FUNCTION: +ENGINE_remove 2501 EXIST::FUNCTION:ENGINE +ENGINE_free 2502 EXIST::FUNCTION:ENGINE ENGINE_get_BN_mod_exp_crt 2503 NOEXIST::FUNCTION: -ENGINE_get_next 2504 EXIST::FUNCTION: -ENGINE_set_name 2505 EXIST::FUNCTION: -ENGINE_get_default_DSA 2506 EXIST::FUNCTION: +ENGINE_get_next 2504 EXIST::FUNCTION:ENGINE +ENGINE_set_name 2505 EXIST::FUNCTION:ENGINE +ENGINE_get_default_DSA 2506 EXIST::FUNCTION:ENGINE ENGINE_set_default_BN_mod_exp 2507 NOEXIST::FUNCTION: -ENGINE_set_default_RSA 2508 EXIST::FUNCTION: -ENGINE_get_default_RAND 2509 EXIST::FUNCTION: +ENGINE_set_default_RSA 2508 EXIST::FUNCTION:ENGINE +ENGINE_get_default_RAND 2509 EXIST::FUNCTION:ENGINE ENGINE_get_default_BN_mod_exp 2510 NOEXIST::FUNCTION: -ENGINE_set_RAND 2511 EXIST::FUNCTION: -ENGINE_set_id 2512 EXIST::FUNCTION: +ENGINE_set_RAND 2511 EXIST::FUNCTION:ENGINE +ENGINE_set_id 2512 EXIST::FUNCTION:ENGINE ENGINE_set_BN_mod_exp_crt 2513 NOEXIST::FUNCTION: -ENGINE_set_default_DH 2514 EXIST::FUNCTION: -ENGINE_new 2515 EXIST::FUNCTION: -ENGINE_get_id 2516 EXIST::FUNCTION: +ENGINE_set_default_DH 2514 EXIST::FUNCTION:ENGINE +ENGINE_new 2515 EXIST::FUNCTION:ENGINE +ENGINE_get_id 2516 EXIST::FUNCTION:ENGINE DSA_set_default_openssl_method 2517 NOEXIST::FUNCTION: -ENGINE_add 2518 EXIST::FUNCTION: +ENGINE_add 2518 EXIST::FUNCTION:ENGINE DH_set_default_openssl_method 2519 NOEXIST::FUNCTION: -ENGINE_get_DSA 2520 EXIST::FUNCTION: -ENGINE_get_ctrl_function 2521 EXIST::FUNCTION: -ENGINE_set_ctrl_function 2522 EXIST::FUNCTION: +ENGINE_get_DSA 2520 EXIST::FUNCTION:ENGINE +ENGINE_get_ctrl_function 2521 EXIST::FUNCTION:ENGINE +ENGINE_set_ctrl_function 2522 EXIST::FUNCTION:ENGINE BN_pseudo_rand_range 2523 EXIST::FUNCTION: X509_STORE_CTX_set_verify_cb 2524 EXIST::FUNCTION: ERR_load_COMP_strings 2525 EXIST::FUNCTION: PKCS12_item_decrypt_d2i 2526 EXIST::FUNCTION: ASN1_UTF8STRING_it 2527 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: ASN1_UTF8STRING_it 2527 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: -ENGINE_unregister_ciphers 2528 EXIST::FUNCTION: -ENGINE_get_ciphers 2529 EXIST::FUNCTION: +ENGINE_unregister_ciphers 2528 EXIST::FUNCTION:ENGINE +ENGINE_get_ciphers 2529 EXIST::FUNCTION:ENGINE d2i_OCSP_BASICRESP 2530 EXIST::FUNCTION: KRB5_CHECKSUM_it 2531 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: KRB5_CHECKSUM_it 2531 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: @@ -1959,15 +1959,15 @@ X509V3_add1_i2d 2536 EXIST::FUNCTION: PKCS7_ENVELOPE_it 2537 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: PKCS7_ENVELOPE_it 2537 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: UI_add_input_boolean 2538 EXIST::FUNCTION: -ENGINE_unregister_RSA 2539 EXIST::FUNCTION: +ENGINE_unregister_RSA 2539 EXIST::FUNCTION:ENGINE X509V3_EXT_nconf 2540 EXIST::FUNCTION: ASN1_GENERALSTRING_free 2541 EXIST::FUNCTION: d2i_OCSP_CERTSTATUS 2542 EXIST::FUNCTION: X509_REVOKED_set_serialNumber 2543 EXIST::FUNCTION: X509_print_ex 2544 EXIST::FUNCTION:BIO OCSP_ONEREQ_get1_ext_d2i 2545 EXIST::FUNCTION: -ENGINE_register_all_RAND 2546 EXIST::FUNCTION: -ENGINE_load_dynamic 2547 EXIST::FUNCTION: +ENGINE_register_all_RAND 2546 EXIST::FUNCTION:ENGINE +ENGINE_load_dynamic 2547 EXIST::FUNCTION:ENGINE PBKDF2PARAM_it 2548 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: PBKDF2PARAM_it 2548 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: EXTENDED_KEY_USAGE_new 2549 EXIST::FUNCTION: @@ -1987,7 +1987,7 @@ X509_STORE_set_purpose 2559 EXIST::FUNCTION: i2d_ASN1_GENERALSTRING 2560 EXIST::FUNCTION: OCSP_response_status 2561 EXIST::FUNCTION: i2d_OCSP_SERVICELOC 2562 EXIST::FUNCTION: -ENGINE_get_digest_engine 2563 EXIST::FUNCTION: +ENGINE_get_digest_engine 2563 EXIST::FUNCTION:ENGINE EC_GROUP_set_curve_GFp 2564 EXIST::FUNCTION:EC OCSP_REQUEST_get_ext_by_OBJ 2565 EXIST::FUNCTION: _ossl_old_des_random_key 2566 EXIST::FUNCTION:DES @@ -2011,7 +2011,7 @@ _shadow_DES_rw_mode 2581 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIA _shadow_DES_rw_mode 2581 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:DES asn1_do_adb 2582 EXIST::FUNCTION: ASN1_template_i2d 2583 EXIST::FUNCTION: -ENGINE_register_DH 2584 EXIST::FUNCTION: +ENGINE_register_DH 2584 EXIST::FUNCTION:ENGINE UI_construct_prompt 2585 EXIST::FUNCTION: X509_STORE_set_trust 2586 EXIST::FUNCTION: UI_dup_input_string 2587 EXIST::FUNCTION: @@ -2039,7 +2039,7 @@ OCSP_resp_find 2605 EXIST::FUNCTION: BN_nnmod 2606 EXIST::FUNCTION: X509_CRL_sort 2607 EXIST::FUNCTION: X509_REVOKED_set_revocationDate 2608 EXIST::FUNCTION: -ENGINE_register_RAND 2609 EXIST::FUNCTION: +ENGINE_register_RAND 2609 EXIST::FUNCTION:ENGINE OCSP_SERVICELOC_new 2610 EXIST::FUNCTION: EC_POINT_set_affine_coordinates_GFp 2611 EXIST:!VMS:FUNCTION:EC EC_POINT_set_affine_coords_GFp 2611 EXIST:VMS:FUNCTION:EC @@ -2049,11 +2049,11 @@ SXNET_it 2613 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTI UI_dup_input_boolean 2614 EXIST::FUNCTION: PKCS12_add_CSPName_asc 2615 EXIST::FUNCTION: EC_POINT_is_at_infinity 2616 EXIST::FUNCTION:EC -ENGINE_load_cryptodev 2617 EXIST::FUNCTION: +ENGINE_load_cryptodev 2617 EXIST::FUNCTION:ENGINE DSO_convert_filename 2618 EXIST::FUNCTION: POLICYQUALINFO_it 2619 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: POLICYQUALINFO_it 2619 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: -ENGINE_register_ciphers 2620 EXIST::FUNCTION: +ENGINE_register_ciphers 2620 EXIST::FUNCTION:ENGINE BN_mod_lshift_quick 2621 EXIST::FUNCTION: DSO_set_filename 2622 EXIST::FUNCTION: ASN1_item_free 2623 EXIST::FUNCTION: @@ -2062,7 +2062,7 @@ AUTHORITY_KEYID_it 2625 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIA AUTHORITY_KEYID_it 2625 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: KRB5_APREQBODY_new 2626 EXIST::FUNCTION: X509V3_EXT_REQ_add_nconf 2627 EXIST::FUNCTION: -ENGINE_ctrl_cmd_string 2628 EXIST::FUNCTION: +ENGINE_ctrl_cmd_string 2628 EXIST::FUNCTION:ENGINE i2d_OCSP_RESPDATA 2629 EXIST::FUNCTION: EVP_MD_CTX_init 2630 EXIST::FUNCTION: EXTENDED_KEY_USAGE_free 2631 EXIST::FUNCTION: @@ -2071,8 +2071,8 @@ PKCS7_ATTR_SIGN_it 2632 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTI UI_add_error_string 2633 EXIST::FUNCTION: KRB5_CHECKSUM_free 2634 EXIST::FUNCTION: OCSP_REQUEST_get_ext 2635 EXIST::FUNCTION: -ENGINE_load_ubsec 2636 EXIST::FUNCTION: -ENGINE_register_all_digests 2637 EXIST::FUNCTION: +ENGINE_load_ubsec 2636 EXIST::FUNCTION:ENGINE +ENGINE_register_all_digests 2637 EXIST::FUNCTION:ENGINE PKEY_USAGE_PERIOD_it 2638 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: PKEY_USAGE_PERIOD_it 2638 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: PKCS12_unpack_authsafes 2639 EXIST::FUNCTION: @@ -2098,16 +2098,16 @@ OCSP_CERTSTATUS_free 2653 EXIST::FUNCTION: _ossl_old_des_crypt 2654 EXIST::FUNCTION:DES ASN1_item_i2d 2655 EXIST::FUNCTION: EVP_DecryptFinal_ex 2656 EXIST::FUNCTION: -ENGINE_load_openssl 2657 EXIST::FUNCTION: -ENGINE_get_cmd_defns 2658 EXIST::FUNCTION: -ENGINE_set_load_privkey_function 2659 EXIST:!VMS:FUNCTION: -ENGINE_set_load_privkey_fn 2659 EXIST:VMS:FUNCTION: +ENGINE_load_openssl 2657 EXIST::FUNCTION:ENGINE +ENGINE_get_cmd_defns 2658 EXIST::FUNCTION:ENGINE +ENGINE_set_load_privkey_function 2659 EXIST:!VMS:FUNCTION:ENGINE +ENGINE_set_load_privkey_fn 2659 EXIST:VMS:FUNCTION:ENGINE EVP_EncryptFinal_ex 2660 EXIST::FUNCTION: -ENGINE_set_default_digests 2661 EXIST::FUNCTION: +ENGINE_set_default_digests 2661 EXIST::FUNCTION:ENGINE X509_get0_pubkey_bitstr 2662 EXIST::FUNCTION: asn1_ex_i2c 2663 EXIST::FUNCTION: -ENGINE_register_RSA 2664 EXIST::FUNCTION: -ENGINE_unregister_DSA 2665 EXIST::FUNCTION: +ENGINE_register_RSA 2664 EXIST::FUNCTION:ENGINE +ENGINE_unregister_DSA 2665 EXIST::FUNCTION:ENGINE _ossl_old_des_key_sched 2666 EXIST::FUNCTION:DES X509_EXTENSION_it 2667 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: X509_EXTENSION_it 2667 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: @@ -2120,7 +2120,7 @@ PKCS12_certbag2x509 2672 EXIST::FUNCTION: _ossl_old_des_ofb64_encrypt 2673 EXIST::FUNCTION:DES d2i_EXTENDED_KEY_USAGE 2674 EXIST::FUNCTION: ERR_print_errors_cb 2675 EXIST::FUNCTION: -ENGINE_set_ciphers 2676 EXIST::FUNCTION: +ENGINE_set_ciphers 2676 EXIST::FUNCTION:ENGINE d2i_KRB5_APREQBODY 2677 EXIST::FUNCTION: UI_method_get_flusher 2678 EXIST::FUNCTION: X509_PUBKEY_it 2679 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: @@ -2156,7 +2156,7 @@ NCONF_get_number_e 2704 EXIST::FUNCTION: _ossl_old_des_decrypt3 2705 EXIST::FUNCTION:DES X509_signature_print 2706 EXIST::FUNCTION:EVP OCSP_SINGLERESP_free 2707 EXIST::FUNCTION: -ENGINE_load_builtin_engines 2708 EXIST::FUNCTION: +ENGINE_load_builtin_engines 2708 EXIST::FUNCTION:ENGINE i2d_OCSP_ONEREQ 2709 EXIST::FUNCTION: OCSP_REQUEST_add_ext 2710 EXIST::FUNCTION: OCSP_RESPBYTES_new 2711 EXIST::FUNCTION: @@ -2184,7 +2184,7 @@ X509_CERT_AUX_it 2727 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTI CERTIFICATEPOLICIES_it 2728 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: CERTIFICATEPOLICIES_it 2728 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: _ossl_old_des_ede3_cbc_encrypt 2729 EXIST::FUNCTION:DES -RAND_set_rand_engine 2730 EXIST::FUNCTION: +RAND_set_rand_engine 2730 EXIST::FUNCTION:ENGINE DSO_get_loaded_filename 2731 EXIST::FUNCTION: X509_ATTRIBUTE_it 2732 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: X509_ATTRIBUTE_it 2732 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: @@ -2206,7 +2206,7 @@ i2d_OCSP_BASICRESP 2744 EXIST::FUNCTION: i2d_OCSP_RESPBYTES 2745 EXIST::FUNCTION: PKCS12_unpack_p7encdata 2746 EXIST::FUNCTION: HMAC_CTX_init 2747 EXIST::FUNCTION:HMAC -ENGINE_get_digest 2748 EXIST::FUNCTION: +ENGINE_get_digest 2748 EXIST::FUNCTION:ENGINE OCSP_RESPONSE_print 2749 EXIST::FUNCTION: KRB5_TKTBODY_it 2750 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: KRB5_TKTBODY_it 2750 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: @@ -2219,16 +2219,16 @@ PBE2PARAM_it 2753 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTI PKCS12_certbag2x509crl 2754 EXIST::FUNCTION: PKCS7_SIGNED_it 2755 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: PKCS7_SIGNED_it 2755 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: -ENGINE_get_cipher 2756 EXIST::FUNCTION: +ENGINE_get_cipher 2756 EXIST::FUNCTION:ENGINE i2d_OCSP_CRLID 2757 EXIST::FUNCTION: OCSP_SINGLERESP_new 2758 EXIST::FUNCTION: -ENGINE_cmd_is_executable 2759 EXIST::FUNCTION: +ENGINE_cmd_is_executable 2759 EXIST::FUNCTION:ENGINE RSA_up_ref 2760 EXIST::FUNCTION:RSA ASN1_GENERALSTRING_it 2761 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: ASN1_GENERALSTRING_it 2761 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: -ENGINE_register_DSA 2762 EXIST::FUNCTION: +ENGINE_register_DSA 2762 EXIST::FUNCTION:ENGINE X509V3_EXT_add_nconf_sk 2763 EXIST::FUNCTION: -ENGINE_set_load_pubkey_function 2764 EXIST::FUNCTION: +ENGINE_set_load_pubkey_function 2764 EXIST::FUNCTION:ENGINE PKCS8_decrypt 2765 EXIST::FUNCTION: PEM_bytes_read_bio 2766 EXIST::FUNCTION:BIO DIRECTORYSTRING_it 2767 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: @@ -2265,7 +2265,7 @@ UI_method_set_flusher 2789 EXIST::FUNCTION: X509_ocspid_print 2790 EXIST::FUNCTION:BIO KRB5_ENCDATA_it 2791 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: KRB5_ENCDATA_it 2791 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: -ENGINE_get_load_pubkey_function 2792 EXIST::FUNCTION: +ENGINE_get_load_pubkey_function 2792 EXIST::FUNCTION:ENGINE UI_add_user_data 2793 EXIST::FUNCTION: OCSP_REQUEST_delete_ext 2794 EXIST::FUNCTION: UI_get_method 2795 EXIST::FUNCTION: @@ -2289,16 +2289,16 @@ ASN1_FBOOLEAN_it 2806 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIA ASN1_FBOOLEAN_it 2806 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: UI_set_ex_data 2807 EXIST::FUNCTION: _ossl_old_des_string_to_key 2808 EXIST::FUNCTION:DES -ENGINE_register_all_RSA 2809 EXIST::FUNCTION: +ENGINE_register_all_RSA 2809 EXIST::FUNCTION:ENGINE d2i_KRB5_PRINCNAME 2810 EXIST::FUNCTION: OCSP_RESPBYTES_it 2811 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: OCSP_RESPBYTES_it 2811 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: X509_CINF_it 2812 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: X509_CINF_it 2812 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: -ENGINE_unregister_digests 2813 EXIST::FUNCTION: +ENGINE_unregister_digests 2813 EXIST::FUNCTION:ENGINE d2i_EDIPARTYNAME 2814 EXIST::FUNCTION: d2i_OCSP_SERVICELOC 2815 EXIST::FUNCTION: -ENGINE_get_digests 2816 EXIST::FUNCTION: +ENGINE_get_digests 2816 EXIST::FUNCTION:ENGINE _ossl_old_des_set_odd_parity 2817 EXIST::FUNCTION:DES OCSP_RESPDATA_free 2818 EXIST::FUNCTION: d2i_KRB5_TICKET 2819 EXIST::FUNCTION: @@ -2309,7 +2309,7 @@ d2i_ASN1_GENERALSTRING 2822 EXIST::FUNCTION: X509_CRL_set_version 2823 EXIST::FUNCTION: BN_mod_sub 2824 EXIST::FUNCTION: OCSP_SINGLERESP_get_ext_by_NID 2825 EXIST::FUNCTION: -ENGINE_get_ex_new_index 2826 EXIST::FUNCTION: +ENGINE_get_ex_new_index 2826 EXIST::FUNCTION:ENGINE OCSP_REQUEST_free 2827 EXIST::FUNCTION: OCSP_REQUEST_add1_ext_i2d 2828 EXIST::FUNCTION: X509_VAL_it 2829 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: @@ -2343,7 +2343,7 @@ EC_POINT_method_of 2852 EXIST::FUNCTION:EC i2d_KRB5_APREQBODY 2853 EXIST::FUNCTION: _ossl_old_des_ecb3_encrypt 2854 EXIST::FUNCTION:DES CRYPTO_get_mem_ex_functions 2855 EXIST::FUNCTION: -ENGINE_get_ex_data 2856 EXIST::FUNCTION: +ENGINE_get_ex_data 2856 EXIST::FUNCTION:ENGINE UI_destroy_method 2857 EXIST::FUNCTION: ASN1_item_i2d_bio 2858 EXIST::FUNCTION:BIO OCSP_ONEREQ_get_ext_by_OBJ 2859 EXIST::FUNCTION: @@ -2367,7 +2367,7 @@ PKCS12_SAFEBAGS_it 2872 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIA PKCS12_SAFEBAGS_it 2872 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: d2i_OCSP_SIGNATURE 2873 EXIST::FUNCTION: OCSP_request_add1_nonce 2874 EXIST::FUNCTION: -ENGINE_set_cmd_defns 2875 EXIST::FUNCTION: +ENGINE_set_cmd_defns 2875 EXIST::FUNCTION:ENGINE OCSP_SERVICELOC_free 2876 EXIST::FUNCTION: EC_GROUP_free 2877 EXIST::FUNCTION:EC ASN1_BIT_STRING_it 2878 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: @@ -2384,7 +2384,7 @@ EC_GROUP_new_curve_GFp 2885 EXIST::FUNCTION:EC OCSP_REQUEST_get1_ext_d2i 2886 EXIST::FUNCTION: PKCS12_item_pack_safebag 2887 EXIST::FUNCTION: asn1_ex_c2i 2888 EXIST::FUNCTION: -ENGINE_register_digests 2889 EXIST::FUNCTION: +ENGINE_register_digests 2889 EXIST::FUNCTION:ENGINE i2d_OCSP_REVOKEDINFO 2890 EXIST::FUNCTION: asn1_enc_restore 2891 EXIST::FUNCTION: UI_free 2892 EXIST::FUNCTION: @@ -2395,7 +2395,7 @@ EC_POINT_invert 2896 EXIST::FUNCTION:EC OCSP_basic_sign 2897 EXIST::FUNCTION: i2d_OCSP_RESPID 2898 EXIST::FUNCTION: OCSP_check_nonce 2899 EXIST::FUNCTION: -ENGINE_ctrl_cmd 2900 EXIST::FUNCTION: +ENGINE_ctrl_cmd 2900 EXIST::FUNCTION:ENGINE d2i_KRB5_ENCKEY 2901 EXIST::FUNCTION: OCSP_parse_url 2902 EXIST::FUNCTION: OCSP_SINGLERESP_get_ext 2903 EXIST::FUNCTION: @@ -2403,12 +2403,12 @@ OCSP_CRLID_free 2904 EXIST::FUNCTION: OCSP_BASICRESP_get1_ext_d2i 2905 EXIST::FUNCTION: RSAPrivateKey_it 2906 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:RSA RSAPrivateKey_it 2906 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:RSA -ENGINE_register_all_DH 2907 EXIST::FUNCTION: +ENGINE_register_all_DH 2907 EXIST::FUNCTION:ENGINE i2d_EDIPARTYNAME 2908 EXIST::FUNCTION: EC_POINT_get_affine_coordinates_GFp 2909 EXIST:!VMS:FUNCTION:EC EC_POINT_get_affine_coords_GFp 2909 EXIST:VMS:FUNCTION:EC OCSP_CRLID_new 2910 EXIST::FUNCTION: -ENGINE_get_flags 2911 EXIST::FUNCTION: +ENGINE_get_flags 2911 EXIST::FUNCTION:ENGINE OCSP_ONEREQ_it 2912 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: OCSP_ONEREQ_it 2912 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: UI_process 2913 EXIST::FUNCTION: @@ -2416,8 +2416,8 @@ ASN1_INTEGER_it 2914 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIA ASN1_INTEGER_it 2914 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: EVP_CipherInit_ex 2915 EXIST::FUNCTION: UI_get_string_type 2916 EXIST::FUNCTION: -ENGINE_unregister_DH 2917 EXIST::FUNCTION: -ENGINE_register_all_DSA 2918 EXIST::FUNCTION: +ENGINE_unregister_DH 2917 EXIST::FUNCTION:ENGINE +ENGINE_register_all_DSA 2918 EXIST::FUNCTION:ENGINE OCSP_ONEREQ_get_ext_by_critical 2919 EXIST::FUNCTION: bn_dup_expand 2920 EXIST::FUNCTION: OCSP_cert_id_new 2921 EXIST::FUNCTION: @@ -2438,11 +2438,11 @@ BN_mod_sub_quick 2933 EXIST::FUNCTION: OCSP_ONEREQ_add_ext 2934 EXIST::FUNCTION: OCSP_request_sign 2935 EXIST::FUNCTION: EVP_DigestFinal_ex 2936 EXIST::FUNCTION: -ENGINE_set_digests 2937 EXIST::FUNCTION: +ENGINE_set_digests 2937 EXIST::FUNCTION:ENGINE OCSP_id_issuer_cmp 2938 EXIST::FUNCTION: OBJ_NAME_do_all 2939 EXIST::FUNCTION: EC_POINTs_mul 2940 EXIST::FUNCTION:EC -ENGINE_register_complete 2941 EXIST::FUNCTION: +ENGINE_register_complete 2941 EXIST::FUNCTION:ENGINE X509V3_EXT_nconf_nid 2942 EXIST::FUNCTION: ASN1_SEQUENCE_it 2943 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: ASN1_SEQUENCE_it 2943 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: @@ -2451,7 +2451,7 @@ RAND_query_egd_bytes 2945 EXIST::FUNCTION: UI_method_get_writer 2946 EXIST::FUNCTION: UI_OpenSSL 2947 EXIST::FUNCTION: PEM_def_callback 2948 EXIST::FUNCTION: -ENGINE_cleanup 2949 EXIST::FUNCTION: +ENGINE_cleanup 2949 EXIST::FUNCTION:ENGINE DIST_POINT_it 2950 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: DIST_POINT_it 2950 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: OCSP_SINGLERESP_it 2951 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: @@ -2475,7 +2475,7 @@ OCSP_RESPID_new 2967 EXIST::FUNCTION: OCSP_RESPDATA_it 2968 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: OCSP_RESPDATA_it 2968 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: d2i_OCSP_RESPDATA 2969 EXIST::FUNCTION: -ENGINE_register_all_complete 2970 EXIST::FUNCTION: +ENGINE_register_all_complete 2970 EXIST::FUNCTION:ENGINE OCSP_check_validity 2971 EXIST::FUNCTION: PKCS12_BAGS_it 2972 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: PKCS12_BAGS_it 2972 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: @@ -2487,7 +2487,7 @@ KRB5_AUTHENTBODY_it 2976 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTI X509_supported_extension 2977 EXIST::FUNCTION: i2d_KRB5_AUTHDATA 2978 EXIST::FUNCTION: UI_method_get_opener 2979 EXIST::FUNCTION: -ENGINE_set_ex_data 2980 EXIST::FUNCTION: +ENGINE_set_ex_data 2980 EXIST::FUNCTION:ENGINE OCSP_REQUEST_print 2981 EXIST::FUNCTION: CBIGNUM_it 2982 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: CBIGNUM_it 2982 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: @@ -2501,7 +2501,7 @@ OCSP_single_get0_status 2989 EXIST::FUNCTION: BN_swap 2990 EXIST::FUNCTION: POLICYINFO_it 2991 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: POLICYINFO_it 2991 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: -ENGINE_set_destroy_function 2992 EXIST::FUNCTION: +ENGINE_set_destroy_function 2992 EXIST::FUNCTION:ENGINE asn1_enc_free 2993 EXIST::FUNCTION: OCSP_RESPID_it 2994 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: OCSP_RESPID_it 2994 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: @@ -2523,8 +2523,8 @@ EDIPARTYNAME_it 3005 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTI NETSCAPE_SPKI_it 3006 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: NETSCAPE_SPKI_it 3006 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: UI_get0_test_string 3007 EXIST::FUNCTION: -ENGINE_get_cipher_engine 3008 EXIST::FUNCTION: -ENGINE_register_all_ciphers 3009 EXIST::FUNCTION: +ENGINE_get_cipher_engine 3008 EXIST::FUNCTION:ENGINE +ENGINE_register_all_ciphers 3009 EXIST::FUNCTION:ENGINE EC_POINT_copy 3010 EXIST::FUNCTION:EC BN_kronecker 3011 EXIST::FUNCTION: _ossl_old_des_ede3_ofb64_encrypt 3012 EXIST:!VMS:FUNCTION:DES @@ -2545,9 +2545,9 @@ OCSP_RESPONSE_new 3023 EXIST::FUNCTION: AES_set_encrypt_key 3024 EXIST::FUNCTION:AES OCSP_resp_count 3025 EXIST::FUNCTION: KRB5_CHECKSUM_new 3026 EXIST::FUNCTION: -ENGINE_load_cswift 3027 EXIST::FUNCTION: +ENGINE_load_cswift 3027 EXIST::FUNCTION:ENGINE OCSP_onereq_get0_id 3028 EXIST::FUNCTION: -ENGINE_set_default_ciphers 3029 EXIST::FUNCTION: +ENGINE_set_default_ciphers 3029 EXIST::FUNCTION:ENGINE NOTICEREF_it 3030 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: NOTICEREF_it 3030 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: X509V3_EXT_CRL_add_nconf 3031 EXIST::FUNCTION: @@ -2565,7 +2565,7 @@ AES_decrypt 3040 EXIST::FUNCTION:AES asn1_enc_init 3041 EXIST::FUNCTION: UI_get_result_maxsize 3042 EXIST::FUNCTION: OCSP_CERTID_new 3043 EXIST::FUNCTION: -ENGINE_unregister_RAND 3044 EXIST::FUNCTION: +ENGINE_unregister_RAND 3044 EXIST::FUNCTION:ENGINE UI_method_get_closer 3045 EXIST::FUNCTION: d2i_KRB5_ENCDATA 3046 EXIST::FUNCTION: OCSP_request_onereq_count 3047 EXIST::FUNCTION: @@ -2576,7 +2576,7 @@ ASN1_primitive_free 3051 EXIST::FUNCTION: i2d_EXTENDED_KEY_USAGE 3052 EXIST::FUNCTION: i2d_OCSP_SIGNATURE 3053 EXIST::FUNCTION: asn1_enc_save 3054 EXIST::FUNCTION: -ENGINE_load_nuron 3055 EXIST::FUNCTION: +ENGINE_load_nuron 3055 EXIST::FUNCTION:ENGINE _ossl_old_des_pcbc_encrypt 3056 EXIST::FUNCTION:DES PKCS12_MAC_DATA_it 3057 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: PKCS12_MAC_DATA_it 3057 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: @@ -2598,15 +2598,15 @@ ASN1_item_d2i_bio 3069 EXIST::FUNCTION:BIO EC_POINT_dbl 3070 EXIST::FUNCTION:EC asn1_get_choice_selector 3071 EXIST::FUNCTION: i2d_KRB5_CHECKSUM 3072 EXIST::FUNCTION: -ENGINE_set_table_flags 3073 EXIST::FUNCTION: +ENGINE_set_table_flags 3073 EXIST::FUNCTION:ENGINE AES_options 3074 EXIST::FUNCTION:AES -ENGINE_load_chil 3075 EXIST::FUNCTION: +ENGINE_load_chil 3075 EXIST::FUNCTION:ENGINE OCSP_id_cmp 3076 EXIST::FUNCTION: OCSP_BASICRESP_new 3077 EXIST::FUNCTION: OCSP_REQUEST_get_ext_by_NID 3078 EXIST::FUNCTION: KRB5_APREQ_it 3079 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: KRB5_APREQ_it 3079 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: -ENGINE_get_destroy_function 3080 EXIST::FUNCTION: +ENGINE_get_destroy_function 3080 EXIST::FUNCTION:ENGINE CONF_set_nconf 3081 EXIST::FUNCTION: ASN1_PRINTABLE_free 3082 EXIST::FUNCTION: OCSP_BASICRESP_get_ext_by_NID 3083 EXIST::FUNCTION: @@ -2667,7 +2667,7 @@ OCSP_CRLID_it 3127 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIA OCSP_CRLID_it 3127 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: i2d_KRB5_AUTHENTBODY 3128 EXIST::FUNCTION: OCSP_REQUEST_get_ext_count 3129 EXIST::FUNCTION: -ENGINE_load_atalla 3130 EXIST::FUNCTION: +ENGINE_load_atalla 3130 EXIST::FUNCTION:ENGINE X509_NAME_it 3131 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: X509_NAME_it 3131 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: USERNOTICE_it 3132 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: @@ -2685,7 +2685,7 @@ UI_method_set_opener 3140 EXIST::FUNCTION: ASN1_item_ex_free 3141 EXIST::FUNCTION: ASN1_BOOLEAN_it 3142 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: ASN1_BOOLEAN_it 3142 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: -ENGINE_get_table_flags 3143 EXIST::FUNCTION: +ENGINE_get_table_flags 3143 EXIST::FUNCTION:ENGINE UI_create_method 3144 EXIST::FUNCTION: OCSP_ONEREQ_add1_ext_i2d 3145 EXIST::FUNCTION: _shadow_DES_check_key 3146 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:DES @@ -2709,7 +2709,7 @@ PKCS7_it 3160 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIA PKCS7_it 3160 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: OCSP_REQUEST_get_ext_by_critical 3161 EXIST:!VMS:FUNCTION: OCSP_REQUEST_get_ext_by_crit 3161 EXIST:VMS:FUNCTION: -ENGINE_set_flags 3162 EXIST::FUNCTION: +ENGINE_set_flags 3162 EXIST::FUNCTION:ENGINE _ossl_old_des_ecb_encrypt 3163 EXIST::FUNCTION:DES OCSP_response_get1_basic 3164 EXIST::FUNCTION: EVP_Digest 3165 EXIST::FUNCTION: @@ -2721,8 +2721,8 @@ ASN1_TIME_to_generalizedtime 3169 EXIST::FUNCTION: BIGNUM_it 3170 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: BIGNUM_it 3170 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: AES_cbc_encrypt 3171 EXIST::FUNCTION:AES -ENGINE_get_load_privkey_function 3172 EXIST:!VMS:FUNCTION: -ENGINE_get_load_privkey_fn 3172 EXIST:VMS:FUNCTION: +ENGINE_get_load_privkey_function 3172 EXIST:!VMS:FUNCTION:ENGINE +ENGINE_get_load_privkey_fn 3172 EXIST:VMS:FUNCTION:ENGINE OCSP_RESPONSE_free 3173 EXIST::FUNCTION: UI_method_set_reader 3174 EXIST::FUNCTION: i2d_ASN1_T61STRING 3175 EXIST::FUNCTION: @@ -2736,7 +2736,7 @@ OCSP_crlID_new 3181 EXIST:!OS2,!VMS,!WIN16:FUNCTION: OCSP_crlID2_new 3181 EXIST:OS2,VMS,WIN16:FUNCTION: CONF_modules_load_file 3182 EXIST::FUNCTION: CONF_imodule_set_usr_data 3183 EXIST::FUNCTION: -ENGINE_set_default_string 3184 EXIST::FUNCTION: +ENGINE_set_default_string 3184 EXIST::FUNCTION:ENGINE CONF_module_get_usr_data 3185 EXIST::FUNCTION: ASN1_add_oid_module 3186 EXIST::FUNCTION: CONF_modules_finish 3187 EXIST::FUNCTION: @@ -2754,7 +2754,7 @@ CONF_imodule_get_name 3198 EXIST::FUNCTION: ERR_peek_top_error 3199 NOEXIST::FUNCTION: CONF_imodule_get_usr_data 3200 EXIST::FUNCTION: CONF_imodule_set_flags 3201 EXIST::FUNCTION: -ENGINE_add_conf_module 3202 EXIST::FUNCTION: +ENGINE_add_conf_module 3202 EXIST::FUNCTION:ENGINE ERR_peek_last_error_line 3203 EXIST::FUNCTION: ERR_peek_last_error_line_data 3204 EXIST::FUNCTION: ERR_peek_last_error 3205 EXIST::FUNCTION: @@ -2762,8 +2762,8 @@ DES_read_2passwords 3206 EXIST::FUNCTION:DES DES_read_password 3207 EXIST::FUNCTION:DES UI_UTIL_read_pw 3208 EXIST::FUNCTION: UI_UTIL_read_pw_string 3209 EXIST::FUNCTION: -ENGINE_load_aep 3210 EXIST::FUNCTION: -ENGINE_load_sureware 3211 EXIST::FUNCTION: +ENGINE_load_aep 3210 EXIST::FUNCTION:ENGINE +ENGINE_load_sureware 3211 EXIST::FUNCTION:ENGINE OPENSSL_add_all_algorithms_noconf 3212 EXIST:!VMS:FUNCTION: OPENSSL_add_all_algo_noconf 3212 EXIST:VMS:FUNCTION: OPENSSL_add_all_algorithms_conf 3213 EXIST:!VMS:FUNCTION: @@ -2772,7 +2772,7 @@ OPENSSL_load_builtin_modules 3214 EXIST::FUNCTION: AES_ofb128_encrypt 3215 EXIST::FUNCTION:AES AES_ctr128_encrypt 3216 EXIST::FUNCTION:AES AES_cfb128_encrypt 3217 EXIST::FUNCTION:AES -ENGINE_load_4758cca 3218 EXIST::FUNCTION: +ENGINE_load_4758cca 3218 EXIST::FUNCTION:ENGINE _ossl_096_des_random_seed 3219 EXIST::FUNCTION:DES EVP_aes_256_ofb 3220 EXIST::FUNCTION:AES EVP_aes_192_ofb 3221 EXIST::FUNCTION:AES @@ -2793,7 +2793,7 @@ ASN1_UNIVERSALSTRING_it 3234 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTI d2i_ASN1_UNIVERSALSTRING 3235 EXIST::FUNCTION: EVP_des_ede3_ecb 3236 EXIST::FUNCTION:DES X509_REQ_print_ex 3237 EXIST::FUNCTION:BIO -ENGINE_up_ref 3238 EXIST::FUNCTION: +ENGINE_up_ref 3238 EXIST::FUNCTION:ENGINE BUF_MEM_grow_clean 3239 EXIST::FUNCTION: CRYPTO_realloc_clean 3240 EXIST::FUNCTION: BUF_strlcat 3241 EXIST::FUNCTION: diff --git a/crypto/openssl/util/mk1mf.pl b/crypto/openssl/util/mk1mf.pl index 751fc75..936b063 100755 --- a/crypto/openssl/util/mk1mf.pl +++ b/crypto/openssl/util/mk1mf.pl @@ -64,6 +64,8 @@ and [options] can be one of no-asm - No x86 asm no-krb5 - No KRB5 no-ec - No EC + no-engine - No engine + no-hw - No hw nasm - Use NASM for x86 asm gaswin - Use GNU as with Mingw32 no-socks - No socket code @@ -218,7 +220,7 @@ $cflags.=" -DOPENSSL_NO_MD4" if $no_md4; $cflags.=" -DOPENSSL_NO_MD5" if $no_md5; $cflags.=" -DOPENSSL_NO_SHA" if $no_sha; $cflags.=" -DOPENSSL_NO_SHA1" if $no_sha1; -$cflags.=" -DOPENSSL_NO_RIPEMD" if $no_rmd160; +$cflags.=" -DOPENSSL_NO_RIPEMD" if $no_ripemd; $cflags.=" -DOPENSSL_NO_MDC2" if $no_mdc2; $cflags.=" -DOPENSSL_NO_BF" if $no_bf; $cflags.=" -DOPENSSL_NO_CAST" if $no_cast; @@ -232,6 +234,8 @@ $cflags.=" -DOPENSSL_NO_SSL3" if $no_ssl3; $cflags.=" -DOPENSSL_NO_ERR" if $no_err; $cflags.=" -DOPENSSL_NO_KRB5" if $no_krb5; $cflags.=" -DOPENSSL_NO_EC" if $no_ec; +$cflags.=" -DOPENSSL_NO_ENGINE" if $no_engine; +$cflags.=" -DOPENSSL_NO_HW" if $no_hw; #$cflags.=" -DRSAref" if $rsaref ne ""; ## if ($unix) @@ -648,6 +652,8 @@ sub var_add local($dir,$val)=@_; local(@a,$_,$ret); + return("") if $no_engine && $dir =~ /\/engine/; + return("") if $no_hw && $dir =~ /\/hw/; return("") if $no_idea && $dir =~ /\/idea/; return("") if $no_aes && $dir =~ /\/aes/; return("") if $no_rc2 && $dir =~ /\/rc2/; @@ -691,7 +697,7 @@ sub var_add @a=grep(!/(^md2)|(_md2$)/,@a) if $no_md2; @a=grep(!/(^md4)|(_md4$)/,@a) if $no_md4; @a=grep(!/(^md5)|(_md5$)/,@a) if $no_md5; - @a=grep(!/(rmd)|(ripemd)/,@a) if $no_rmd160; + @a=grep(!/(rmd)|(ripemd)/,@a) if $no_ripemd; @a=grep(!/(^d2i_r_)|(^i2d_r_)/,@a) if $no_rsa; @a=grep(!/(^p_open$)|(^p_seal$)/,@a) if $no_rsa; @@ -708,6 +714,8 @@ sub var_add @a=grep(!/(^sha1)|(_sha1$)|(m_dss1$)/,@a) if $no_sha1; @a=grep(!/_mdc2$/,@a) if $no_mdc2; + @a=grep(!/^engine$/,@a) if $no_engine; + @a=grep(!/^hw$/,@a) if $no_hw; @a=grep(!/(^rsa$)|(^genrsa$)/,@a) if $no_rsa; @a=grep(!/(^dsa$)|(^gendsa$)|(^dsaparam$)/,@a) if $no_dsa; @a=grep(!/^gendsa$/,@a) if $no_sha1; @@ -901,10 +909,12 @@ sub read_options elsif (/^no-sock$/) { $no_sock=1; } elsif (/^no-krb5$/) { $no_krb5=1; } elsif (/^no-ec$/) { $no_ec=1; } + elsif (/^no-engine$/) { $no_engine=1; } + elsif (/^no-hw$/) { $no_hw=1; } elsif (/^just-ssl$/) { $no_rc2=$no_idea=$no_des=$no_bf=$no_cast=1; $no_md2=$no_sha=$no_mdc2=$no_dsa=$no_dh=1; - $no_ssl2=$no_err=$no_rmd160=$no_rc5=1; + $no_ssl2=$no_err=$no_ripemd=$no_rc5=1; $no_aes=1; } elsif (/^rsaref$/) { } diff --git a/crypto/openssl/util/mkdef.pl b/crypto/openssl/util/mkdef.pl index adfd447..dacb956 100755 --- a/crypto/openssl/util/mkdef.pl +++ b/crypto/openssl/util/mkdef.pl @@ -91,7 +91,7 @@ my @known_algorithms = ( "RC2", "RC4", "RC5", "IDEA", "DES", "BF", "BIO", "COMP", "BUFFER", "LHASH", "STACK", "ERR", "LOCKING", # External "algorithms" - "FP_API", "STDIO", "SOCK", "KRB5" ); + "FP_API", "STDIO", "SOCK", "KRB5", "ENGINE", "HW" ); my $options=""; open(IN,"<Makefile.ssl") || die "unable to open Makefile.ssl!\n"; @@ -107,7 +107,7 @@ my $no_rc2; my $no_rc4; my $no_rc5; my $no_idea; my $no_des; my $no_bf; my $no_cast; my $no_md2; my $no_md4; my $no_md5; my $no_sha; my $no_ripemd; my $no_mdc2; my $no_rsa; my $no_dsa; my $no_dh; my $no_hmac=0; my $no_aes; my $no_krb5; -my $no_ec; +my $no_ec; my $no_engine; my $no_hw; my $no_fp_api; foreach (@ARGV, split(/ /, $options)) @@ -176,6 +176,8 @@ foreach (@ARGV, split(/ /, $options)) elsif (/^no-comp$/) { $no_comp=1; } elsif (/^no-dso$/) { $no_dso=1; } elsif (/^no-krb5$/) { $no_krb5=1; } + elsif (/^no-engine$/) { $no_engine=1; } + elsif (/^no-hw$/) { $no_hw=1; } } @@ -235,7 +237,7 @@ $crypto.=" crypto/dh/dh.h" ; # unless $no_dh; $crypto.=" crypto/ec/ec.h" ; # unless $no_ec; $crypto.=" crypto/hmac/hmac.h" ; # unless $no_hmac; -$crypto.=" crypto/engine/engine.h"; +$crypto.=" crypto/engine/engine.h"; # unless $no_engine; $crypto.=" crypto/stack/stack.h" ; # unless $no_stack; $crypto.=" crypto/buffer/buffer.h" ; # unless $no_buffer; $crypto.=" crypto/bio/bio.h" ; # unless $no_bio; @@ -1052,6 +1054,8 @@ sub is_valid if ($keyword eq "COMP" && $no_comp) { return 0; } if ($keyword eq "DSO" && $no_dso) { return 0; } if ($keyword eq "KRB5" && $no_krb5) { return 0; } + if ($keyword eq "ENGINE" && $no_engine) { return 0; } + if ($keyword eq "HW" && $no_hw) { return 0; } if ($keyword eq "FP_API" && $no_fp_api) { return 0; } # Nothing recognise as true diff --git a/crypto/openssl/util/ssleay.num b/crypto/openssl/util/ssleay.num index fdea472..46e38a1 100755 --- a/crypto/openssl/util/ssleay.num +++ b/crypto/openssl/util/ssleay.num @@ -169,7 +169,7 @@ SSL_add_file_cert_subjects_to_stack 185 EXIST:!VMS:FUNCTION:STDIO SSL_add_file_cert_subjs_to_stk 185 EXIST:VMS:FUNCTION:STDIO SSL_set_tmp_rsa_callback 186 EXIST::FUNCTION:RSA SSL_set_tmp_dh_callback 187 EXIST::FUNCTION:DH -SSL_add_dir_cert_subjects_to_stack 188 EXIST:!VMS,!WIN32:FUNCTION:STDIO +SSL_add_dir_cert_subjects_to_stack 188 EXIST:!VMS:FUNCTION:STDIO SSL_add_dir_cert_subjs_to_stk 188 NOEXIST::FUNCTION: SSL_set_session_id_context 189 EXIST::FUNCTION: SSL_CTX_use_certificate_chain_file 222 EXIST:!VMS:FUNCTION:STDIO |