aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJacques Vidrine <nectar@FreeBSD.org>2003-02-19 23:17:42 +0000
committerJacques Vidrine <nectar@FreeBSD.org>2003-02-19 23:17:42 +0000
commitfceca8a37790004b7d28e0ba02bd2d47101a818f (patch)
treee5eb3878430323e978956db174c9c51c7997ba4a
parent6e955c8f09387c9e78e612f5f410b3c926eb23a4 (diff)
downloadsrc-fceca8a37790004b7d28e0ba02bd2d47101a818f.tar.gz
src-fceca8a37790004b7d28e0ba02bd2d47101a818f.zip
Vendor import of OpenSSL 0.9.7a.
Notes
Notes: svn path=/vendor-crypto/openssl/dist/; revision=111147
-rw-r--r--crypto/openssl/CHANGES101
-rwxr-xr-xcrypto/openssl/Configure99
-rw-r--r--crypto/openssl/FAQ70
-rw-r--r--crypto/openssl/INSTALL24
-rw-r--r--crypto/openssl/Makefile.org100
-rw-r--r--crypto/openssl/Makefile.ssl102
-rw-r--r--crypto/openssl/NEWS15
-rw-r--r--crypto/openssl/PROBLEMS28
-rw-r--r--crypto/openssl/README4
-rw-r--r--crypto/openssl/apps/Makefile.ssl4
-rw-r--r--crypto/openssl/apps/apps.c8
-rw-r--r--crypto/openssl/apps/apps.h69
-rw-r--r--crypto/openssl/apps/ca.c16
-rw-r--r--crypto/openssl/apps/dgst.c8
-rw-r--r--crypto/openssl/apps/dh.c15
-rw-r--r--crypto/openssl/apps/dhparam.c13
-rw-r--r--crypto/openssl/apps/dsa.c15
-rw-r--r--crypto/openssl/apps/dsaparam.c10
-rw-r--r--crypto/openssl/apps/enc.c10
-rw-r--r--crypto/openssl/apps/engine.c3
-rw-r--r--crypto/openssl/apps/gendh.c10
-rw-r--r--crypto/openssl/apps/gendsa.c10
-rw-r--r--crypto/openssl/apps/genrsa.c10
-rw-r--r--crypto/openssl/apps/ocsp.c20
-rw-r--r--crypto/openssl/apps/openssl.c2
-rw-r--r--crypto/openssl/apps/pkcs12.c8
-rw-r--r--crypto/openssl/apps/pkcs7.c10
-rw-r--r--crypto/openssl/apps/pkcs8.c8
-rw-r--r--crypto/openssl/apps/progs.h6
-rw-r--r--crypto/openssl/apps/rand.c10
-rw-r--r--crypto/openssl/apps/req.c16
-rw-r--r--crypto/openssl/apps/rsa.c8
-rw-r--r--crypto/openssl/apps/rsautl.c8
-rw-r--r--crypto/openssl/apps/s_client.c8
-rw-r--r--crypto/openssl/apps/s_server.c12
-rw-r--r--crypto/openssl/apps/smime.c8
-rw-r--r--crypto/openssl/apps/speed.c10
-rw-r--r--crypto/openssl/apps/spkac.c8
-rw-r--r--crypto/openssl/apps/verify.c12
-rw-r--r--crypto/openssl/apps/x509.c8
-rwxr-xr-xcrypto/openssl/config62
-rw-r--r--crypto/openssl/crypto/aes/aes_core.c6
-rw-r--r--crypto/openssl/crypto/asn1/a_time.c5
-rw-r--r--crypto/openssl/crypto/asn1/asn1.h2
-rw-r--r--crypto/openssl/crypto/asn1/asn1_err.c4
-rw-r--r--crypto/openssl/crypto/bf/Makefile.ssl12
-rw-r--r--crypto/openssl/crypto/bio/b_sock.c4
-rw-r--r--crypto/openssl/crypto/bio/bio.h4
-rw-r--r--crypto/openssl/crypto/bio/bio_lib.c3
-rw-r--r--crypto/openssl/crypto/bn/Makefile.ssl29
-rw-r--r--crypto/openssl/crypto/bn/asm/ia64.S235
-rw-r--r--crypto/openssl/crypto/bn/asm/pa-risc2.s36
-rw-r--r--crypto/openssl/crypto/bn/bn_lcl.h4
-rw-r--r--crypto/openssl/crypto/bn/bn_prime.c2
-rw-r--r--crypto/openssl/crypto/cast/Makefile.ssl12
-rw-r--r--crypto/openssl/crypto/conf/conf_mall.c4
-rw-r--r--crypto/openssl/crypto/conf/conf_sap.c4
-rw-r--r--crypto/openssl/crypto/des/Makefile.ssl31
-rw-r--r--crypto/openssl/crypto/des/asm/crypt586.pl5
-rw-r--r--crypto/openssl/crypto/des/asm/des-586.pl5
-rw-r--r--crypto/openssl/crypto/des/cbc_cksm.c9
-rw-r--r--crypto/openssl/crypto/des/des_locl.h2
-rw-r--r--crypto/openssl/crypto/des/destest.c4
-rw-r--r--crypto/openssl/crypto/dh/dh_key.c2
-rw-r--r--crypto/openssl/crypto/dh/dh_lib.c10
-rw-r--r--crypto/openssl/crypto/dsa/dsa_lib.c10
-rw-r--r--crypto/openssl/crypto/dsa/dsa_ossl.c15
-rw-r--r--crypto/openssl/crypto/dsa/dsa_sign.c2
-rw-r--r--crypto/openssl/crypto/dsa/dsa_vrf.c2
-rw-r--r--crypto/openssl/crypto/dsa/dsagen.c2
-rw-r--r--crypto/openssl/crypto/dsa/dsatest.c2
-rw-r--r--crypto/openssl/crypto/dso/dso_dl.c2
-rw-r--r--crypto/openssl/crypto/ec/ec.h2
-rw-r--r--crypto/openssl/crypto/ec/ec_err.c2
-rw-r--r--crypto/openssl/crypto/ec/ec_lib.c4
-rw-r--r--crypto/openssl/crypto/ec/ec_mult.c11
-rw-r--r--crypto/openssl/crypto/ec/ectest.c4
-rw-r--r--crypto/openssl/crypto/engine/Makefile.ssl2
-rw-r--r--crypto/openssl/crypto/engine/engine.h6
-rw-r--r--crypto/openssl/crypto/engine/enginetest.c11
-rw-r--r--crypto/openssl/crypto/err/err.c2
-rw-r--r--crypto/openssl/crypto/err/err_all.c4
-rw-r--r--crypto/openssl/crypto/evp/digest.c13
-rw-r--r--crypto/openssl/crypto/evp/evp_acnf.c2
-rw-r--r--crypto/openssl/crypto/evp/evp_enc.c12
-rw-r--r--crypto/openssl/crypto/evp/evp_test.c9
-rw-r--r--crypto/openssl/crypto/krb5/Makefile.ssl2
-rw-r--r--crypto/openssl/crypto/md2/md2test.c1
-rw-r--r--crypto/openssl/crypto/md4/md4.c2
-rw-r--r--crypto/openssl/crypto/md5/Makefile.ssl20
-rw-r--r--crypto/openssl/crypto/md5/md5.c2
-rw-r--r--crypto/openssl/crypto/md5/md5.h2
-rw-r--r--crypto/openssl/crypto/mem.c10
-rw-r--r--crypto/openssl/crypto/o_time.c3
-rw-r--r--crypto/openssl/crypto/objects/obj_dat.h4
-rw-r--r--crypto/openssl/crypto/objects/obj_mac.h2
-rw-r--r--crypto/openssl/crypto/objects/objects.txt3
-rw-r--r--crypto/openssl/crypto/ocsp/Makefile.ssl2
-rw-r--r--crypto/openssl/crypto/opensslv.h4
-rw-r--r--crypto/openssl/crypto/perlasm/x86asm.pl9
-rw-r--r--crypto/openssl/crypto/perlasm/x86ms.pl6
-rw-r--r--crypto/openssl/crypto/perlasm/x86nasm.pl6
-rw-r--r--crypto/openssl/crypto/perlasm/x86unix.pl32
-rw-r--r--crypto/openssl/crypto/rand/rand.h2
-rw-r--r--crypto/openssl/crypto/rand/rand_lib.c10
-rw-r--r--crypto/openssl/crypto/rc4/Makefile.ssl12
-rw-r--r--crypto/openssl/crypto/rc5/Makefile.ssl12
-rw-r--r--crypto/openssl/crypto/rc5/rc5_locl.h2
-rw-r--r--crypto/openssl/crypto/ripemd/Makefile.ssl12
-rw-r--r--crypto/openssl/crypto/ripemd/rmd160.c2
-rw-r--r--crypto/openssl/crypto/rsa/rsa_eay.c2
-rw-r--r--crypto/openssl/crypto/rsa/rsa_lib.c10
-rw-r--r--crypto/openssl/crypto/rsa/rsa_sign.c6
-rw-r--r--crypto/openssl/crypto/rsa/rsa_test.c2
-rw-r--r--crypto/openssl/crypto/sha/Makefile.ssl12
-rw-r--r--crypto/openssl/crypto/ui/Makefile.ssl2
-rw-r--r--crypto/openssl/crypto/ui/ui_openssl.c2
-rw-r--r--crypto/openssl/crypto/x509v3/ext_dat.h6
-rw-r--r--crypto/openssl/crypto/x509v3/v3_ocsp.c3
-rw-r--r--crypto/openssl/crypto/x509v3/v3_purp.c4
-rw-r--r--crypto/openssl/crypto/x509v3/v3conf.c2
-rw-r--r--crypto/openssl/crypto/x509v3/x509v3.h1
-rw-r--r--crypto/openssl/demos/x509/mkcert.c4
-rw-r--r--crypto/openssl/demos/x509/mkreq.c4
-rw-r--r--crypto/openssl/doc/HOWTO/certificates.txt55
-rw-r--r--crypto/openssl/doc/apps/ca.pod8
-rw-r--r--crypto/openssl/doc/apps/dhparam.pod8
-rw-r--r--crypto/openssl/doc/apps/dsa.pod8
-rw-r--r--crypto/openssl/doc/apps/dsaparam.pod8
-rw-r--r--crypto/openssl/doc/apps/gendsa.pod8
-rw-r--r--crypto/openssl/doc/apps/genrsa.pod8
-rw-r--r--crypto/openssl/doc/apps/pkcs7.pod8
-rw-r--r--crypto/openssl/doc/apps/pkcs8.pod8
-rw-r--r--crypto/openssl/doc/apps/req.pod10
-rw-r--r--crypto/openssl/doc/apps/rsa.pod8
-rw-r--r--crypto/openssl/doc/apps/spkac.pod8
-rw-r--r--crypto/openssl/doc/apps/x509.pod11
-rw-r--r--crypto/openssl/doc/crypto/BN_generate_prime.pod2
-rw-r--r--crypto/openssl/doc/crypto/EVP_SealInit.pod26
-rw-r--r--crypto/openssl/doc/standards.txt9
-rw-r--r--crypto/openssl/openssl.spec6
-rw-r--r--crypto/openssl/ssl/bio_ssl.c6
-rw-r--r--crypto/openssl/ssl/s2_clnt.c2
-rw-r--r--crypto/openssl/ssl/s3_both.c17
-rw-r--r--crypto/openssl/ssl/s3_enc.c4
-rw-r--r--crypto/openssl/ssl/s3_pkt.c47
-rw-r--r--crypto/openssl/ssl/ssl.h4
-rw-r--r--crypto/openssl/ssl/ssl_cert.c2
-rw-r--r--crypto/openssl/ssl/ssl_lib.c35
-rw-r--r--crypto/openssl/ssl/ssltest.c4
-rw-r--r--crypto/openssl/test/Makefile.ssl22
-rw-r--r--crypto/openssl/test/testgen2
-rwxr-xr-xcrypto/openssl/util/bat.sh2
-rwxr-xr-xcrypto/openssl/util/libeay.num218
-rwxr-xr-xcrypto/openssl/util/mk1mf.pl16
-rwxr-xr-xcrypto/openssl/util/mkdef.pl10
-rwxr-xr-xcrypto/openssl/util/ssleay.num2
157 files changed, 1688 insertions, 647 deletions
diff --git a/crypto/openssl/CHANGES b/crypto/openssl/CHANGES
index 418378f876a7..0ef0122b5d7f 100644
--- a/crypto/openssl/CHANGES
+++ b/crypto/openssl/CHANGES
@@ -2,6 +2,87 @@
OpenSSL CHANGES
_______________
+ Changes between 0.9.7 and 0.9.7a [19 Feb 2003]
+
+ *) In ssl3_get_record (ssl/s3_pkt.c), minimize information leaked
+ via timing by performing a MAC computation even if incorrrect
+ block cipher padding has been found. This is a countermeasure
+ against active attacks where the attacker has to distinguish
+ between bad padding and a MAC verification error. (CAN-2003-0078)
+
+ [Bodo Moeller; problem pointed out by Brice Canvel (EPFL),
+ Alain Hiltgen (UBS), Serge Vaudenay (EPFL), and
+ Martin Vuagnoux (EPFL, Ilion)]
+
+ *) Make the no-err option work as intended. The intention with no-err
+ is not to have the whole error stack handling routines removed from
+ libcrypto, it's only intended to remove all the function name and
+ reason texts, thereby removing some of the footprint that may not
+ be interesting if those errors aren't displayed anyway.
+
+ NOTE: it's still possible for any application or module to have it's
+ own set of error texts inserted. The routines are there, just not
+ used by default when no-err is given.
+ [Richard Levitte]
+
+ *) Add support for FreeBSD on IA64.
+ [dirk.meyer@dinoex.sub.org via Richard Levitte, resolves #454]
+
+ *) Adjust DES_cbc_cksum() so it returns the same value as the MIT
+ Kerberos function mit_des_cbc_cksum(). Before this change,
+ the value returned by DES_cbc_cksum() was like the one from
+ mit_des_cbc_cksum(), except the bytes were swapped.
+ [Kevin Greaney <Kevin.Greaney@hp.com> and Richard Levitte]
+
+ *) Allow an application to disable the automatic SSL chain building.
+ Before this a rather primitive chain build was always performed in
+ ssl3_output_cert_chain(): an application had no way to send the
+ correct chain if the automatic operation produced an incorrect result.
+
+ Now the chain builder is disabled if either:
+
+ 1. Extra certificates are added via SSL_CTX_add_extra_chain_cert().
+
+ 2. The mode flag SSL_MODE_NO_AUTO_CHAIN is set.
+
+ The reasoning behind this is that an application would not want the
+ auto chain building to take place if extra chain certificates are
+ present and it might also want a means of sending no additional
+ certificates (for example the chain has two certificates and the
+ root is omitted).
+ [Steve Henson]
+
+ *) Add the possibility to build without the ENGINE framework.
+ [Steven Reddie <smr@essemer.com.au> via Richard Levitte]
+
+ *) Under Win32 gmtime() can return NULL: check return value in
+ OPENSSL_gmtime(). Add error code for case where gmtime() fails.
+ [Steve Henson]
+
+ *) DSA routines: under certain error conditions uninitialized BN objects
+ could be freed. Solution: make sure initialization is performed early
+ enough. (Reported and fix supplied by Ivan D Nestlerode <nestler@MIT.EDU>,
+ Nils Larsch <nla@trustcenter.de> via PR#459)
+ [Lutz Jaenicke]
+
+ *) Another fix for SSLv2 session ID handling: the session ID was incorrectly
+ checked on reconnect on the client side, therefore session resumption
+ could still fail with a "ssl session id is different" error. This
+ behaviour is masked when SSL_OP_ALL is used due to
+ SSL_OP_MICROSOFT_SESS_ID_BUG being set.
+ Behaviour observed by Crispin Flowerday <crispin@flowerday.cx> as
+ followup to PR #377.
+ [Lutz Jaenicke]
+
+ *) IA-32 assembler support enhancements: unified ELF targets, support
+ for SCO/Caldera platforms, fix for Cygwin shared build.
+ [Andy Polyakov]
+
+ *) Add support for FreeBSD on sparc64. As a consequence, support for
+ FreeBSD on non-x86 processors is separate from x86 processors on
+ the config script, much like the NetBSD support.
+ [Richard Levitte & Kris Kennaway <kris@obsecurity.org>]
+
Changes between 0.9.6h and 0.9.7 [31 Dec 2002]
*) Fix session ID handling in SSLv2 client code: the SERVER FINISHED
@@ -177,7 +258,7 @@
# is assumed to contain the absolute OpenSSL source directory.
mkdir -p objtree/"`uname -s`-`uname -r`-`uname -m`"
cd objtree/"`uname -s`-`uname -r`-`uname -m`"
- (cd $OPENSSL_SOURCE; find . -type f -o -type l) | while read F; do
+ (cd $OPENSSL_SOURCE; find . -type f) | while read F; do
mkdir -p `dirname $F`
ln -s $OPENSSL_SOURCE/$F $F
done
@@ -1677,6 +1758,11 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k
be reduced modulo m.
[Lenka Fibikova <fibikova@exp-math.uni-essen.de>, Bodo Moeller]
+#if 0
+ The following entry accidentily appeared in the CHANGES file
+ distributed with OpenSSL 0.9.7. The modifications described in
+ it do *not* apply to OpenSSL 0.9.7.
+
*) Remove a few calls to bn_wexpand() in BN_sqr() (the one in there
was actually never needed) and in BN_mul(). The removal in BN_mul()
required a small change in bn_mul_part_recursive() and the addition
@@ -1685,6 +1771,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k
bn_sub_words() and bn_add_words() except they take arrays with
differing sizes.
[Richard Levitte]
+#endif
*) In 'openssl passwd', verify passwords read from the terminal
unless the '-salt' option is used (which usually means that
@@ -1816,6 +1903,18 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k
*) Clean old EAY MD5 hack from e_os.h.
[Richard Levitte]
+ Changes between 0.9.6h and 0.9.6i [19 Feb 2003]
+
+ *) In ssl3_get_record (ssl/s3_pkt.c), minimize information leaked
+ via timing by performing a MAC computation even if incorrrect
+ block cipher padding has been found. This is a countermeasure
+ against active attacks where the attacker has to distinguish
+ between bad padding and a MAC verification error. (CAN-2003-0078)
+
+ [Bodo Moeller; problem pointed out by Brice Canvel (EPFL),
+ Alain Hiltgen (UBS), Serge Vaudenay (EPFL), and
+ Martin Vuagnoux (EPFL, Ilion)]
+
Changes between 0.9.6g and 0.9.6h [5 Dec 2002]
*) New function OPENSSL_cleanse(), which is used to cleanse a section of
diff --git a/crypto/openssl/Configure b/crypto/openssl/Configure
index df29f780d1bf..768651f03cd0 100755
--- a/crypto/openssl/Configure
+++ b/crypto/openssl/Configure
@@ -10,7 +10,7 @@ use strict;
# see INSTALL for instructions.
-my $usage="Usage: Configure [no-<cipher> ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [no-hw-xxx|no-hw] [[no-]threads] [[no-]shared] [[no-]zlib|zlib-dynamic] [no-asm] [no-dso] [no-krb5] [386] [--prefix=DIR] [--openssldir=OPENSSLDIR] [--with-xxx[=vvv]] [--test-sanity] os/compiler[:flags]\n";
+my $usage="Usage: Configure [no-<cipher> ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [no-engine] [no-hw-xxx|no-hw] [[no-]threads] [[no-]shared] [[no-]zlib|zlib-dynamic] [no-asm] [no-dso] [no-krb5] [386] [--prefix=DIR] [--openssldir=OPENSSLDIR] [--with-xxx[=vvv]] [--test-sanity] os/compiler[:flags]\n";
# Options:
#
@@ -38,6 +38,7 @@ my $usage="Usage: Configure [no-<cipher> ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-
# --test-sanity Make a number of sanity checks on the data in this file.
# This is a debugging tool for OpenSSL developers.
#
+# no-engine do not compile in any engine code.
# no-hw-xxx do not compile support for specific crypto hardware.
# Generic OpenSSL-style methods relating to this support
# are always compiled but return NULL if the hardware
@@ -107,7 +108,6 @@ my $tlib="-lnsl -lsocket";
my $bits1="THIRTY_TWO_BIT ";
my $bits2="SIXTY_FOUR_BIT ";
-my $x86_sol_asm="asm/bn86-sol.o asm/co86-sol.o:asm/dx86-sol.o asm/yx86-sol.o:asm/bx86-sol.o:asm/mx86-sol.o:asm/sx86-sol.o:asm/cx86-sol.o:asm/rx86-sol.o:asm/rm86-sol.o:asm/r586-sol.o";
my $x86_elf_asm="asm/bn86-elf.o asm/co86-elf.o:asm/dx86-elf.o asm/yx86-elf.o:asm/bx86-elf.o:asm/mx86-elf.o:asm/sx86-elf.o:asm/cx86-elf.o:asm/rx86-elf.o:asm/rm86-elf.o:asm/r586-elf.o";
my $x86_out_asm="asm/bn86-out.o asm/co86-out.o:asm/dx86-out.o asm/yx86-out.o:asm/bx86-out.o:asm/mx86-out.o:asm/sx86-out.o:asm/cx86-out.o:asm/rx86-out.o:asm/rm86-out.o:asm/r586-out.o";
my $x86_bsdi_asm="asm/bn86bsdi.o asm/co86bsdi.o:asm/dx86bsdi.o asm/yx86bsdi.o:asm/bx86bsdi.o:asm/mx86bsdi.o:asm/sx86bsdi.o:asm/cx86bsdi.o:asm/rx86bsdi.o:asm/rm86bsdi.o:asm/r586bsdi.o";
@@ -161,7 +161,7 @@ my %table=(
# surrounds it with #APP #NO_APP comment pair which (at least Solaris
# 7_x86) /usr/ccs/bin/as fails to assemble with "Illegal mnemonic"
# error message.
-"solaris-x86-gcc","gcc:-O3 -fomit-frame-pointer -m486 -Wall -DL_ENDIAN -DOPENSSL_NO_INLINE_ASM::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_sol_asm}:dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"solaris-x86-gcc","gcc:-O3 -fomit-frame-pointer -m486 -Wall -DL_ENDIAN -DOPENSSL_NO_INLINE_ASM::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
#### Solaris x86 with Sun C setups
"solaris-x86-cc","cc:-fast -O -Xa::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_UNROLL BF_PTR::::::::::dlfcn:solaris-shared:-KPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
@@ -262,22 +262,21 @@ my %table=(
"hpux64-parisc-gcc","gcc:-DB_ENDIAN -DMD32_XARRAY::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT::::::::::dlfcn:hpux64-shared:-fpic::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
# IA-64 targets
-# I have no idea if this one actually works, feedback needed. <appro>
-"hpux-ia64-cc","cc:-Ae +DD32 +O3 +ESlit -z -DB_ENDIAN::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT:asm/ia64-cpp.o:::::::::dlfcn:hpux-shared:+Z::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"hpux-ia64-cc","cc:-Ae +DD32 +O3 +Olit=all -z -DB_ENDIAN::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT:asm/ia64-cpp.o:::::::::dlfcn:hpux-shared:+Z::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
# Frank Geurts <frank.geurts@nl.abnamro.com> has patiently assisted with
# with debugging of the following config.
-"hpux64-ia64-cc","cc:-Ae +DD64 +O3 +ESlit -z -DB_ENDIAN::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT:asm/ia64-cpp.o:::::::::dlfcn:hpux64-shared:+Z::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"hpux64-ia64-cc","cc:-Ae +DD64 +O3 +Olit=all -z -DB_ENDIAN::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT:asm/ia64-cpp.o:::::::::dlfcn:hpux64-shared:+Z::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
# More attempts at unified 10.X and 11.X targets for HP C compiler.
#
# Chris Ruemmler <ruemmler@cup.hp.com>
# Kevin Steves <ks@hp.se>
-"hpux-parisc-cc","cc:+O3 +Optrs_strongly_typed +Olibcalls -Ae +ESlit -DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY::-D_REENTRANT::-Wl,+s -ldld:MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT::::::::::dl:hpux-shared:+Z::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"hpux-parisc2-cc","cc:+DA2.0 +DS2.0 +O3 +Optrs_strongly_typed +Olibcalls -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY::-D_REENTRANT::-Wl,+s -ldld:SIXTY_FOUR_BIT MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT:asm/pa-risc2.o:::::::::dl:hpux-shared:+Z::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"hpux64-parisc2-cc","cc:+DD64 +O3 +Optrs_strongly_typed +Olibcalls -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT:asm/pa-risc2W.o:::::::::dlfcn:hpux64-shared:+Z::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"hpux-parisc-cc","cc:+O3 +Optrs_strongly_typed -Ae +ESlit -DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY::-D_REENTRANT::-Wl,+s -ldld:MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT::::::::::dl:hpux-shared:+Z::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"hpux-parisc2-cc","cc:+DA2.0 +DS2.0 +O3 +Optrs_strongly_typed -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY::-D_REENTRANT::-Wl,+s -ldld:SIXTY_FOUR_BIT MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT:asm/pa-risc2.o:::::::::dl:hpux-shared:+Z::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"hpux64-parisc2-cc","cc:+DD64 +O3 +Optrs_strongly_typed -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT:asm/pa-risc2W.o:::::::::dlfcn:hpux64-shared:+Z::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
# Isn't the line below meaningless? HP-UX cc optimizes for host by default.
# hpux-parisc1_0-cc with +DAportable flag would make more sense. <appro>
-"hpux-parisc1_1-cc","cc:+DA1.1 +DS1.1 +O3 +Optrs_strongly_typed +Olibcalls -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY::-D_REENTRANT::-Wl,+s -ldld:MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT::::::::::dl:hpux-shared:+Z::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"hpux-parisc1_1-cc","cc:+DA1.1 +DS1.1 +O3 +Optrs_strongly_typed -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY::-D_REENTRANT::-Wl,+s -ldld:MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT::::::::::dl:hpux-shared:+Z::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
# HPUX 9.X config.
# Don't use the bundled cc. It is broken. Use HP ANSI C if possible, or
@@ -384,8 +383,8 @@ my %table=(
"debug-linux-elf","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -m486 -Wall::-D_REENTRANT::-lefence -ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
"debug-linux-elf-noefence","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -m486 -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn",
"linux-aout", "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -m486 -Wall::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_out_asm}",
-"linux-mipsel", "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::(unknown):::BN_LLONG:::",
-"linux-mips", "gcc:-DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::(unknown):::BN_LLONG:::",
+"linux-mipsel", "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-mips", "gcc:-DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
"linux-ppc", "gcc:-DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
"linux-m68k", "gcc:-DB_ENDIAN -DTERMIO -O2 -fomit-frame-pointer -Wall::-D_REENTRANT:::BN_LLONG::",
"linux-s390", "gcc:-DB_ENDIAN -DTERMIO -DNO_ASM -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
@@ -396,6 +395,8 @@ my %table=(
"NetBSD-m68", "gcc:-DTERMIOS -O3 -fomit-frame-pointer -Wall -DB_ENDIAN::(unknown):::BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL::::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
"NetBSD-x86", "gcc:-DTERMIOS -O3 -fomit-frame-pointer -m486 -Wall::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
"FreeBSD-elf", "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall::-pthread -D_REENTRANT -D_THREAD_SAFE -D_THREADSAFE:::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"FreeBSD-sparc64","gcc:-DB_ENDIAN -DTERMIOS -O3 -fomit-frame-pointer::-pthread -D_REENTRANT -D_THREAD_SAFE -D_THREADSAFE:::SIXTY_FOUR_BIT_LONG DES_INT DES_PTR DES_RISC2 BF_PTR::::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"FreeBSD-ia64","gcc:-DL_ENDIAN -DTERMIOS -O -fomit-frame-pointer::(unknown):::SIXTY_FOUR_BIT_LONG RC4_CHUNK RC4_CHAR:asm/ia64-cpp.o:::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
"FreeBSD", "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_out_asm}",
"bsdi-gcc", "gcc:-O3 -ffast-math -DL_ENDIAN -DPERL5 -m486::(unknown):::RSA_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_bsdi_asm}",
"bsdi-elf-gcc", "gcc:-DPERL5 -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall::(unknown)::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
@@ -403,7 +404,7 @@ my %table=(
"nextstep3.3", "cc:-O3 -Wall:<libc.h>:(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:::",
# NCR MP-RAS UNIX ver 02.03.01
-"ncr-scde","cc:-O6 -Xa -Hoff=BEHAVED -686 -Hwide -Hiw::(unknown)::-lsocket -lnsl:${x86_gcc_des} ${x86_gcc_opts}:::",
+"ncr-scde","cc:-O6 -Xa -Hoff=BEHAVED -686 -Hwide -Hiw::(unknown)::-lsocket -lnsl -lc89:${x86_gcc_des} ${x86_gcc_opts}:::",
# QNX 4
"qnx4", "cc:-DL_ENDIAN -DTERMIO::(unknown):::${x86_gcc_des} ${x86_gcc_opts}:",
@@ -414,33 +415,36 @@ my %table=(
# Linux on ARM
"linux-elf-arm","gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT:::BN_LLONG::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+# SCO/Caldera targets.
+#
+# Originally we had like unixware-*, unixware-*-pentium, unixware-*-p6, etc.
+# Now we only have blended unixware-* as it's the only one used by ./config.
+# If you want to optimize for particular microarchitecture, bypass ./config
+# and './Configure unixware-7 -Kpentium_pro' or whatever appropriate.
+# Note that not all targets include assembler support. Mostly because of
+# lack of motivation to support out-of-date platforms with out-of-date
+# compiler drivers and assemblers. Tim Rice <tim@multitalents.net> has
+# patiently assisted to debug most of it.
+#
# UnixWare 2.0x fails destest with -O
"unixware-2.0","cc:-DFILIO_H -DNO_STRINGS_H::-Kthread::-lsocket -lnsl -lresolv -lx:${x86_gcc_des} ${x86_gcc_opts}:::",
-"unixware-2.0-pentium","cc:-DFILIO_H -DNO_STRINGS_H -Kpentium::-Kthread::-lsocket -lnsl -lresolv -lx:MD2_CHAR RC4_INDEX ${x86_gcc_des}::",
-
-# UnixWare 2.1
"unixware-2.1","cc:-O -DFILIO_H::-Kthread::-lsocket -lnsl -lresolv -lx:${x86_gcc_des} ${x86_gcc_opts}:::",
-"unixware-2.1-pentium","cc:-O -DFILIO_H -Kpentium::-Kthread::-lsocket -lnsl -lresolv -lx:MD2_CHAR RC4_INDEX ${x86_gcc_des}::",
-"unixware-2.1-p6","cc:-O -DFILIO_H -Kp6::-Kthread::-lsocket -lnsl -lresolv -lx:MD2_CHAR RC4_INDEX ${x86_gcc_des}::",
-
-# UnixWare 7
-"unixware-7","cc:-O -DFILIO_H -Kalloca::-Kthread::-lsocket -lnsl:BN_LLONG MD2_CHAR RC4_INDEX ${x86_gcc_des}::::::::::dlfcn:svr5-shared:-Kpic::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"unixware-7-pentium","cc:-O -DFILIO_H -Kalloca -Kpentium::-Kthread::-lsocket -lnsl:BN_LLONG MD2_CHAR RC4_INDEX ${x86_gcc_des}::::::::::dlfcn:svr5-shared:-Kpic::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"unixware-7-pentium_pro","cc:-O -DFILIO_H -Kalloca -Kpentium_pro::-Kthread::-lsocket -lnsl:BN_LLONG MD2_CHAR RC4_INDEX ${x86_gcc_des}::::::::::dlfcn:svr5-shared:-Kpic::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"unixware-7-gcc","gcc:-DL_ENDIAN -DFILIO_H -O3 -fomit-frame-pointer -m486 -Wall::-D_REENTRANT::-lsocket -lnsl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::dlfcn:gnu-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"unixware-7","cc:-O -DFILIO_H -Kalloca::-Kthread::-lsocket -lnsl:BN_LLONG MD2_CHAR RC4_INDEX ${x86_gcc_des}:${x86_elf_asm}:dlfcn:svr5-shared:-Kpic::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"unixware-7-gcc","gcc:-DL_ENDIAN -DFILIO_H -O3 -fomit-frame-pointer -m486 -Wall::-D_REENTRANT::-lsocket -lnsl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:gnu-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"OpenUNIX-8","cc:-O -DFILIO_H -Kalloca::-Kthread::-lsocket -lnsl:BN_LLONG MD2_CHAR RC4_INDEX ${x86_gcc_des}:${x86_elf_asm}:dlfcn:svr5-shared:-Kpic::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"OpenUNIX-8-gcc","gcc:-O -DFILIO_H -fomit-frame-pointer::-pthread::-lsocket -lnsl:BN_LLONG MD2_CHAR RC4_INDEX ${x86_gcc_des}:${x86_elf_asm}:dlfcn:svr5-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"sco3-gcc", "gcc:-O3 -fomit-frame-pointer -Dssize_t=int -DNO_SYS_UN_H::(unknown)::-lsocket:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:::", # the SCO assembler doesn't seem to like our assembler files ...
+# SCO 5 - Ben Laurie <ben@algroup.co.uk> says the -O breaks the SCO cc.
+"sco5-cc", "cc:-belf::(unknown)::-lsocket -lnsl:${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:svr3-shared:-Kpic::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"sco5-gcc", "gcc:-O3 -fomit-frame-pointer::(unknown)::-lsocket -lnsl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:svr3-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-# OpenUNIX 8
-"OpenUNIX-8","cc:-O -DFILIO_H -Kalloca::-Kthread::-lsocket -lnsl:BN_LLONG MD2_CHAR RC4_INDEX ${x86_gcc_des}::::::::::dlfcn:svr5-shared:-Kpic::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"OpenUNIX-8-gcc","gcc:-O -DFILIO_H -fomit-frame-pointer::-pthread::-lsocket -lnsl:BN_LLONG MD2_CHAR RC4_INDEX ${x86_gcc_des}::::::::::dlfcn:svr5-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"OpenUNIX-8-pentium","cc:-O -DFILIO_H -Kalloca -Kpentium::-Kthread::-lsocket -lnsl:BN_LLONG MD2_CHAR RC4_INDEX ${x86_gcc_des}::::::::::dlfcn:svr5-shared:-Kpic::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"OpenUNIX-8-pentium_pro","cc:-O -DFILIO_H -Kalloca -Kpentium_pro::-Kthread::-lsocket -lnsl:BN_LLONG MD2_CHAR RC4_INDEX ${x86_gcc_des}::::::::::dlfcn:svr5-shared:-Kpic::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
# IBM's AIX.
"aix-cc", "cc:-O -DB_ENDIAN -qmaxmem=16384::(unknown):AIX::BN_LLONG RC4_CHAR:::",
"aix-gcc", "gcc:-O3 -DB_ENDIAN::(unknown):AIX::BN_LLONG RC4_CHAR:::",
-"aix43-cc", "cc:-O -DAIX -DB_ENDIAN -qmaxmem=16384::(unknown):::BN_LLONG RC4_CHAR::::::::::dlfcn:",
+"aix43-cc", "cc:-O -DAIX -DB_ENDIAN -qmaxmem=16384::(unknown):::BN_LLONG RC4_CHAR::::::::::dlfcn:aix-shared:::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)::",
"aix43-gcc", "gcc:-O1 -DAIX -DB_ENDIAN::(unknown):::BN_LLONG RC4_CHAR::::::::::dlfcn:",
-"aix64-cc", "cc:-O -DAIX -DB_ENDIAN -qmaxmem=16384 -q64::(unknown):::SIXTY_FOUR_BIT_LONG RC4_CHAR::::::::::dlfcn::::::-X 64",
+"aix64-cc", "cc:-O -DAIX -DB_ENDIAN -qmaxmem=16384 -q64::(unknown):::SIXTY_FOUR_BIT_LONG RC4_CHAR::::::::::dlfcn:aix-shared::-q64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)::-X 64",
#
# Cray T90 and similar (SDSC)
@@ -473,15 +477,6 @@ my %table=(
"dgux-R4-gcc", "gcc:-O3 -fomit-frame-pointer::(unknown)::-lnsl -lsocket:RC4_INDEX DES_UNROLL:::",
"dgux-R4-x86-gcc", "gcc:-O3 -fomit-frame-pointer -DL_ENDIAN::(unknown)::-lnsl -lsocket:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}",
-# SCO 3 - Tim Rice <tim@multitalents.net>
-"sco3-gcc", "gcc:-O3 -fomit-frame-pointer -Dssize_t=int -DNO_SYS_UN_H::(unknown)::-lsocket:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:::", # the SCO assembler doesn't seem to like our assembler files ...
-
-# SCO 5 - Ben Laurie <ben@algroup.co.uk> says the -O breaks the
-# SCO cc.
-"sco5-cc", "cc:-belf::(unknown)::-lsocket -lresolv -lnsl:${x86_gcc_des} ${x86_gcc_opts}::::::::::dlfcn:svr3-shared:-Kpic", # des options?
-"sco5-cc-pentium", "cc:-Kpentium::(unknown)::-lsocket:${x86_gcc_des} ${x86_gcc_opts}:::", # des options?
-"sco5-gcc", "gcc:-O3 -fomit-frame-pointer::(unknown)::-lsocket -lresolv -lnsl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::dlfcn:svr3-shared:-fPIC",
-
# Sinix/ReliantUNIX RM400
# NOTE: The CDS++ Compiler up to V2.0Bsomething has the IRIX_CC_BUG optimizer problem. Better use -g */
"ReliantUNIX","cc:-KPIC -g -DTERMIOS -DB_ENDIAN::-Kthread:SNI:-lsocket -lnsl -lc -L/usr/ucblib -lucb:BN_LLONG DES_PTR DES_RISC2 DES_UNROLL BF_PTR::::::::::dlfcn:reliantunix-shared:::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
@@ -508,7 +503,7 @@ my %table=(
"VC-MSDOS","cl:::(unknown):MSDOS::BN_LLONG MD2_CHAR DES_UNROLL DES_PTR RC4_INDEX SIXTEEN_BIT:::",
# Borland C++ 4.5
-"BC-32","bcc32::::WIN32::BN_LLONG DES_PTR RC4_INDEX::::::::::win32",
+"BC-32","bcc32::::WIN32::BN_LLONG DES_PTR RC4_INDEX EXPORT_VAR_AS_FN::::::::::win32",
"BC-16","bcc:::(unknown):WIN16::BN_LLONG DES_PTR RC4_INDEX SIXTEEN_BIT:::",
# Mingw32
@@ -656,6 +651,7 @@ my $openssl_thread_defines;
my $openssl_sys_defines="";
my $openssl_other_defines;
my $libs;
+my $libkrb5="";
my $target;
my $options;
my $symlink;
@@ -696,6 +692,11 @@ PROCESS_ARGS:
$flags .= "-DOPENSSL_NO_ASM ";
$openssl_other_defines .= "#define OPENSSL_NO_ASM\n";
}
+ elsif (/^no-err$/)
+ {
+ $flags .= "-DOPENSSL_NO_ERR ";
+ $openssl_other_defines .= "#define OPENSSL_NO_ERR\n";
+ }
elsif (/^no-hw-(.+)$/)
{
my $hw=$1;
@@ -956,6 +957,8 @@ my $shared_extension = $fields[$idx_shared_extension];
my $ranlib = $fields[$idx_ranlib];
my $arflags = $fields[$idx_arflags];
+my $no_shared_warn=0;
+
$cflags="$flags$cflags" if ($flags ne "");
# Kerberos settings. The flavor must be provided from outside, either through
@@ -1020,8 +1023,6 @@ else
$withargs{"krb5-include"} = "-I".$withargs{"krb5-dir"}."/include"
if $withargs{"krb5-include"} eq "" &&
$withargs{"krb5-dir"} ne "";
-
- $libs.=$withargs{"krb5-lib"}." " if $withargs{"krb5-lib"} ne "";
}
# The DSO code currently always implements all functions so that no
@@ -1107,6 +1108,7 @@ if ($zlib)
my $shared_mark = "";
if ($shared_target eq "")
{
+ $no_shared_warn = 1 if !$no_shared;
$no_shared = 1;
}
if (!$no_shared)
@@ -1240,6 +1242,7 @@ while (<IN>)
s/^ARFLAGS=.*/ARFLAGS= $arflags/;
s/^PERL=.*/PERL= $perl/;
s/^KRB5_INCLUDES=.*/KRB5_INCLUDES=$withargs{"krb5-include"}/;
+ s/^LIBKRB5=.*/LIBKRB5=$withargs{"krb5-lib"}/;
s/^SHLIB_TARGET=.*/SHLIB_TARGET=$shared_target/;
s/^SHLIB_MARK=.*/SHLIB_MARK=$shared_mark/;
s/^SHARED_LIBS=.*/SHARED_LIBS=\$(SHARED_CRYPTO) \$(SHARED_SSL)/ if (!$no_shared);
@@ -1513,6 +1516,16 @@ applications as the compiler options required on this system are not known.
See file INSTALL for details if you need multi-threading.
EOF
+print <<\EOF if ($no_shared_warn);
+
+You gave the option 'shared'. Normally, that would give you shared libraries.
+Unfortunately, the OpenSSL configuration doesn't include shared library support
+for this platform yet, so it will pretend you gave the option 'no-shared'. If
+you can inform the developpers (openssl-dev\@openssl.org) how to support shared
+libraries on this platform, they will at least look at it and try their best
+(but please first make sure you have tried with a current version of OpenSSL).
+EOF
+
exit(0);
sub usage
diff --git a/crypto/openssl/FAQ b/crypto/openssl/FAQ
index 9d1b0bb6c1b5..389d786dab4d 100644
--- a/crypto/openssl/FAQ
+++ b/crypto/openssl/FAQ
@@ -68,7 +68,7 @@ OpenSSL - Frequently Asked Questions
* Which is the current version of OpenSSL?
The current version is available from <URL: http://www.openssl.org>.
-OpenSSL 0.9.7 was released on December 31, 2002.
+OpenSSL 0.9.7a was released on February 19, 2003.
In addition to the current stable release, you can also access daily
snapshots of the OpenSSL development version at <URL:
@@ -189,18 +189,30 @@ for permission to use their software with OpenSSL.
Cryptographic software needs a source of unpredictable data to work
correctly. Many open source operating systems provide a "randomness
-device" that serves this purpose. On other systems, applications have
-to call the RAND_add() or RAND_seed() function with appropriate data
-before generating keys or performing public key encryption.
-(These functions initialize the pseudo-random number generator, PRNG.)
-
-Some broken applications do not do this. As of version 0.9.5, the
-OpenSSL functions that need randomness report an error if the random
-number generator has not been seeded with at least 128 bits of
-randomness. If this error occurs, please contact the author of the
-application you are using. It is likely that it never worked
-correctly. OpenSSL 0.9.5 and later make the error visible by refusing
-to perform potentially insecure encryption.
+device" (/dev/urandom or /dev/random) that serves this purpose.
+All OpenSSL versions try to use /dev/urandom by default; starting with
+version 0.9.7, OpenSSL also tries /dev/random if /dev/urandom is not
+available.
+
+On other systems, applications have to call the RAND_add() or
+RAND_seed() function with appropriate data before generating keys or
+performing public key encryption. (These functions initialize the
+pseudo-random number generator, PRNG.) Some broken applications do
+not do this. As of version 0.9.5, the OpenSSL functions that need
+randomness report an error if the random number generator has not been
+seeded with at least 128 bits of randomness. If this error occurs and
+is not discussed in the documentation of the application you are
+using, please contact the author of that application; it is likely
+that it never worked correctly. OpenSSL 0.9.5 and later make the
+error visible by refusing to perform potentially insecure encryption.
+
+If you are using Solaris 8, you can add /dev/urandom and /dev/random
+devices by installing patch 112438 (Sparc) or 112439 (x86), which are
+available via the Patchfinder at <URL: http://sunsolve.sun.com>
+(Solaris 9 includes these devices by default). For /dev/random support
+for earlier Solaris versions, see Sun's statement at
+<URL: http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsrdb/27606&zone_32=SUNWski>
+(the SUNWski package is available in patch 105710).
On systems without /dev/urandom and /dev/random, it is a good idea to
use the Entropy Gathering Demon (EGD); see the RAND_egd() manpage for
@@ -233,18 +245,6 @@ OpenSSL command line tools. Applications using the OpenSSL library
provide their own configuration options to specify the entropy source,
please check out the documentation coming the with application.
-For Solaris 2.6, Tim Nibbe <tnibbe@sprint.net> and others have suggested
-installing the SUNski package from Sun patch 105710-01 (Sparc) which
-adds a /dev/random device and make sure it gets used, usually through
-$RANDFILE. There are probably similar patches for the other Solaris
-versions. An official statement from Sun with respect to /dev/random
-support can be found at
- http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsrdb/27606&zone_32=SUNWski
-However, be warned that /dev/random is usually a blocking device, which
-may have some effects on OpenSSL.
-A third party /dev/random solution for Solaris is available at
- http://www.cosy.sbg.ac.at/~andi/
-
* Why do I get an "unable to write 'random state'" error message?
@@ -490,10 +490,13 @@ and then redo the compilation. What you should really do is make sure
Sometimes, you may get reports from VC++ command line (cl) that it
can't find standard include files like stdio.h and other weirdnesses.
One possible cause is that the environment isn't correctly set up.
-To solve that problem, one should run VCVARS32.BAT which is found in
-the 'bin' subdirectory of the VC++ installation directory (somewhere
-under 'Program Files'). This needs to be done prior to running NMAKE,
-and the changes are only valid for the current DOS session.
+To solve that problem for VC++ versions up to 6, one should run
+VCVARS32.BAT which is found in the 'bin' subdirectory of the VC++
+installation directory (somewhere under 'Program Files'). For VC++
+version 7 (and up?), which is also called VS.NET, the file is called
+VSVARS32.BAT instead.
+This needs to be done prior to running NMAKE, and the changes are only
+valid for the current DOS session.
* What is special about OpenSSL on Redhat?
@@ -577,10 +580,13 @@ As of 0.9.7 assembler routines were overhauled for position independence
of the machine code, which is essential for shared library support. For
some reason OpenBSD is equipped with an out-of-date GNU assembler which
finds the new code offensive. To work around the problem, configure with
-no-asm (and sacrifice a great deal of performance) or upgrade /usr/bin/as.
+no-asm (and sacrifice a great deal of performance) or patch your assembler
+according to <URL: http://www.openssl.org/~appro/gas-1.92.3.OpenBSD.patch>.
For your convenience a pre-compiled replacement binary is provided at
-http://www.openssl.org/~appro/i386-openbsd3-as, which is compiled from
-binutils-2.8 released in 1997.
+<URL: http://www.openssl.org/~appro/gas-1.92.3.static.aout.bin>.
+Reportedly elder *BSD a.out platforms also suffer from this problem and
+remedy should be same. Provided binary is statically linked and should be
+working across wider range of *BSD branches, not just OpenBSD.
[PROG] ========================================================================
diff --git a/crypto/openssl/INSTALL b/crypto/openssl/INSTALL
index a427f12f6cba..1c3f3c3fe922 100644
--- a/crypto/openssl/INSTALL
+++ b/crypto/openssl/INSTALL
@@ -158,7 +158,7 @@
If a test fails, look at the output. There may be reasons for
the failure that isn't a problem in OpenSSL itself (like a missing
or malfunctioning bc). If it is a problem with OpenSSL itself,
- try removing any compiler optimization flags from the CFLAGS line
+ try removing any compiler optimization flags from the CFLAG line
in Makefile.ssl and run "make clean; make". Please send a bug
report to <openssl-bugs@openssl.org>, including the output of
"make report" in order to be added to the request tracker at
@@ -308,3 +308,25 @@
to install additional support software to obtain random seed.
Please check out the manual pages for RAND_add(), RAND_bytes(), RAND_egd(),
and the FAQ for more information.
+
+ Note on support for multiple builds
+ -----------------------------------
+
+ OpenSSL is usually built in it's source tree. Unfortunately, this doesn't
+ support building for multiple platforms from the same source tree very well.
+ It is however possible to build in a separate tree through the use of lots
+ of symbolic links, which should be prepared like this:
+
+ mkdir -p objtree/"`uname -s`-`uname -r`-`uname -m`"
+ cd objtree/"`uname -s`-`uname -r`-`uname -m`"
+ (cd $OPENSSL_SOURCE; find . -type f) | while read F; do
+ mkdir -p `dirname $F`
+ rm -f $F; ln -s $OPENSSL_SOURCE/$F $F
+ echo $F '->' $OPENSSL_SOURCE/$F
+ done
+ make -f Makefile.org clean
+
+ OPENSSL_SOURCE is an environment variable that contains the absolute (this
+ is important!) path to the OpenSSL source tree.
+
+ Also, operations like 'make update' should still be made in the source tree.
diff --git a/crypto/openssl/Makefile.org b/crypto/openssl/Makefile.org
index fa18de17eb7f..860901908395 100644
--- a/crypto/openssl/Makefile.org
+++ b/crypto/openssl/Makefile.org
@@ -72,6 +72,14 @@ TAR= tar
TARFLAGS= --no-recursion
MAKEDEPPROG=makedepend
+# We let the C compiler driver to take care of .s files. This is done in
+# order to be excused from maintaining a separate set of architecture
+# dependent assembler flags. E.g. if you throw -mcpu=ultrasparc at SPARC
+# gcc, then the driver will automatically translate it to -xarch=v8plus
+# and pass it down to assembler.
+AS=$(CC) -c
+ASFLAGS=$(CFLAG)
+
# Set BN_ASM to bn_asm.o if you want to use the C version
BN_ASM= bn_asm.o
#BN_ASM= bn_asm.o
@@ -159,6 +167,7 @@ RMD160_ASM_OBJ= asm/rm86-out.o
# KRB5 stuff
KRB5_INCLUDES=
+LIBKRB5=
# When we're prepared to use shared libraries in the programs we link here
# we might set SHLIB_MARK to '$(SHARED_LIBS)'.
@@ -216,7 +225,7 @@ sub_all:
do \
if [ -d "$$i" ]; then \
(cd $$i && echo "making all in $$i..." && \
- $(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' KRB5_INCLUDES='${KRB5_INCLUDES}' LIBKRB5='${LIBKRB5}' EXE_EXT='${EXE_EXT}' SHARED_LIBS='${SHARED_LIBS}' SHLIB_EXT='${SHLIB_EXT}' SHLIB_TARGET='${SHLIB_TARGET}' all ) || exit 1; \
+ $(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' AS='${AS}' ASFLAGS='${ASFLAGS}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' KRB5_INCLUDES='${KRB5_INCLUDES}' LIBKRB5='${LIBKRB5}' EXE_EXT='${EXE_EXT}' SHARED_LIBS='${SHARED_LIBS}' SHLIB_EXT='${SHLIB_EXT}' SHLIB_TARGET='${SHLIB_TARGET}' all ) || exit 1; \
else \
$(MAKE) $$i; \
fi; \
@@ -269,13 +278,16 @@ do_bsd-gcc-shared: do_gnu-shared
do_linux-shared: do_gnu-shared
do_gnu-shared:
libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
+ if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \
+ libs="$(LIBKRB5) $$libs"; \
+ fi; \
( set -x; ${CC} ${SHARED_LDFLAGS} \
-shared -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
-Wl,-soname=lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
-Wl,-Bsymbolic \
-Wl,--whole-archive lib$$i.a \
-Wl,--no-whole-archive $$libs ${EX_LIBS} -lc ) || exit 1; \
- libs="$$libs -l$$i"; \
+ libs="-l$$i $$libs"; \
done
DETECT_GNU_LD=(${CC} -Wl,-V /dev/null 2>&1 | grep '^GNU ld' )>/dev/null
@@ -283,22 +295,28 @@ DETECT_GNU_LD=(${CC} -Wl,-V /dev/null 2>&1 | grep '^GNU ld' )>/dev/null
# For Darwin AKA Mac OS/X (dyld)
do_darwin-shared:
libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
- ( set -x ; ${CC} --verbose -dynamiclib -o lib$$i${SHLIB_EXT} \
+ if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \
+ libs="$(LIBKRB5) $$libs"; \
+ fi; \
+ ( set -x; ${CC} --verbose -dynamiclib -o lib$$i${SHLIB_EXT} \
lib$$i.a $$libs -all_load -current_version ${SHLIB_MAJOR}.${SHLIB_MINOR} \
-compatibility_version ${SHLIB_MAJOR}.`echo ${SHLIB_MINOR} | cut -d. -f1` \
-install_name ${INSTALLTOP}/lib/lib$$i${SHLIB_EXT} ) || exit 1; \
- libs="$$libs -l`basename $$i${SHLIB_EXT} .dylib`"; \
+ libs="-l`basename $$i${SHLIB_EXT} .dylib` $$libs"; \
echo "" ; \
done
do_cygwin-shared:
libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
+ if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \
+ libs="$(LIBKRB5) $$libs"; \
+ fi; \
( set -x; ${CC} -shared -o cyg$$i-$(SHLIB_VERSION_NUMBER).dll \
-Wl,-Bsymbolic \
-Wl,--whole-archive lib$$i.a \
-Wl,--out-implib,lib$$i.dll.a \
-Wl,--no-whole-archive $$libs ) || exit 1; \
- libs="$$libs -l$$i"; \
+ libs="-l$$i $$libs"; \
done
# This assumes that GNU utilities are *not* used
@@ -307,11 +325,14 @@ do_alpha-osf1-shared:
$(MAKE) do_gnu-shared; \
else \
libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
+ if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \
+ libs="$(LIBKRB5) $$libs"; \
+ fi; \
( set -x; ${CC} ${SHARED_LDFLAGS} \
-shared -o lib$$i.so \
-set_version "${SHLIB_VERSION_HISTORY}${SHLIB_VERSION_NUMBER}" \
-all lib$$i.a -none $$libs ${EX_LIBS} -lc ) || exit 1; \
- libs="$$libs -l$$i"; \
+ libs="-l$$i $$libs"; \
done; \
fi
@@ -323,11 +344,14 @@ do_tru64-shared:
$(MAKE) do_gnu-shared; \
else \
libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
+ if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \
+ libs="$(LIBKRB5) $$libs"; \
+ fi; \
( set -x; ${CC} ${SHARED_LDFLAGS} \
-shared -msym -o lib$$i.so \
-set_version "${SHLIB_VERSION_HISTORY}${SHLIB_VERSION_NUMBER}" \
-all lib$$i.a -none $$libs ${EX_LIBS} -lc ) || exit 1; \
- libs="$$libs -l$$i"; \
+ libs="-l$$i $$libs"; \
done; \
fi
@@ -339,12 +363,15 @@ do_tru64-shared-rpath:
$(MAKE) do_gnu-shared; \
else \
libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
+ if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \
+ libs="$(LIBKRB5) $$libs"; \
+ fi; \
( set -x; ${CC} ${SHARED_LDFLAGS} \
-shared -msym -o lib$$i.so \
-rpath ${INSTALLTOP}/lib \
-set_version "${SHLIB_VERSION_HISTORY}${SHLIB_VERSION_NUMBER}" \
-all lib$$i.a -none $$libs ${EX_LIBS} -lc ) || exit 1; \
- libs="$$libs -l$$i"; \
+ libs="-l$$i $$libs"; \
done; \
fi
@@ -355,6 +382,9 @@ do_solaris-shared:
$(MAKE) do_gnu-shared; \
else \
libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
+ if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \
+ libs="$(LIBKRB5) $$libs"; \
+ fi; \
( PATH=/usr/ccs/bin:$$PATH ; export PATH; \
MINUSZ='-z '; \
(${CC} -v 2>&1 | grep gcc) > /dev/null && MINUSZ='-Wl,-z,'; \
@@ -363,7 +393,7 @@ do_solaris-shared:
-h lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
$${MINUSZ}allextract lib$$i.a $${MINUSZ}defaultextract \
$$libs ${EX_LIBS} -lc ) || exit 1; \
- libs="$$libs -l$$i"; \
+ libs="-l$$i $$libs"; \
done; \
fi
@@ -373,6 +403,9 @@ do_svr3-shared:
$(MAKE) do_gnu-shared; \
else \
libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
+ if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \
+ libs="$(LIBKRB5) $$libs"; \
+ fi; \
( PATH=/usr/ccs/bin:$$PATH ; export PATH; \
find . -name "*.o" -print > allobjs ; \
OBJS= ; export OBJS ; \
@@ -382,7 +415,7 @@ do_svr3-shared:
set -x; ${CC} -G -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
-h lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
$${OBJS} $$libs ${EX_LIBS} ) || exit 1; \
- libs="$$libs -l$$i"; \
+ libs="-l$$i $$libs"; \
done; \
fi
@@ -392,6 +425,9 @@ do_svr5-shared:
$(MAKE) do_gnu-shared; \
else \
libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
+ if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \
+ libs="$(LIBKRB5) $$libs"; \
+ fi; \
( PATH=/usr/ccs/bin:$$PATH ; export PATH; \
find . -name "*.o" -print > allobjs ; \
OBJS= ; export OBJS ; \
@@ -402,7 +438,7 @@ do_svr5-shared:
-G -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
-h lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
$${OBJS} $$libs ${EX_LIBS} ) || exit 1; \
- libs="$$libs -l$$i"; \
+ libs="-l$$i $$libs"; \
done; \
fi
@@ -412,11 +448,14 @@ do_irix-shared:
$(MAKE) do_gnu-shared; \
else \
libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
+ if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \
+ libs="$(LIBKRB5) $$libs"; \
+ fi; \
( set -x; ${CC} ${SHARED_LDFLAGS} \
-shared -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
-Wl,-soname,lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
-all lib$$i.a $$libs ${EX_LIBS} -lc) || exit 1; \
- libs="$$libs -l$$i"; \
+ libs="-l$$i $$libs"; \
done; \
fi
@@ -433,6 +472,9 @@ do_irix-shared:
#
do_hpux-shared:
for i in ${SHLIBDIRS}; do \
+ if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \
+ libs="$(LIBKRB5) $$libs"; \
+ fi; \
( set -x; /usr/ccs/bin/ld ${SHARED_LDFLAGS} \
+vnocompatwarnings \
-b -z +s \
@@ -453,6 +495,9 @@ do_hpux-shared:
#
do_hpux64-shared:
for i in ${SHLIBDIRS}; do \
+ if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \
+ libs="$(LIBKRB5) $$libs"; \
+ fi; \
( set -x; /usr/ccs/bin/ld ${SHARED_LDFLAGS} \
-b -z \
-o lib$$i.sl.${SHLIB_MAJOR}.${SHLIB_MINOR} \
@@ -495,17 +540,24 @@ SHAREDFLAGS=${SHARED_LDFLAGS} -G -bE:lib$$i.exp -bM:SRE
SHAREDCMD=$(CC)
do_aix-shared:
libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
+ if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \
+ libs="$(LIBKRB5) $$libs"; \
+ fi; \
( set -x; \
- ld -r -o $$i.o $(ALLSYMSFLAG) lib$$i.a && \
+ ld -r -o lib$$i.o $(ALLSYMSFLAG) lib$$i.a && \
( nm -Pg lib$$i.o | grep ' [BD] ' | cut -f1 -d' ' > lib$$i.exp; \
- $(SHAREDCMD) $(SHAREDFLAG) -o lib$$i.so lib$$i.o \
+ $(SHAREDCMD) $(SHAREDFLAGS) \
+ -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} lib$$i.o \
$$libs ${EX_LIBS} ) ) \
|| exit 1; \
- libs="$$libs -l$$i"; \
+ libs="-l$$i $$libs"; \
done
do_reliantunix-shared:
libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
+ if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \
+ libs="$(LIBKRB5) $$libs"; \
+ fi; \
tmpdir=/tmp/openssl.$$$$ ; rm -rf $$tmpdir ; \
( set -x; \
( Opwd=`pwd` ; mkdir $$tmpdir || exit 1; \
@@ -515,7 +567,7 @@ do_reliantunix-shared:
cp $$tmpdir/lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} . ; \
) || exit 1; \
rm -rf $$tmpdir ; \
- libs="$$libs -l$$i"; \
+ libs="-l$$i $$libs"; \
done
openssl.pc: Makefile.ssl
@@ -528,7 +580,7 @@ openssl.pc: Makefile.ssl
echo 'Description: Secure Sockets Layer and cryptography libraries and tools'; \
echo 'Version: '$(VERSION); \
echo 'Requires: '; \
- echo 'Libs: -L$${libdir} -lssl -lcrypto $(EX_LIBS)'; \
+ echo 'Libs: -L$${libdir} -lssl -lcrypto $(LIBKRB5) $(EX_LIBS)'; \
echo 'Cflags: -I$${includedir} $(KRB5_INCLUDES)' ) > openssl.pc
Makefile.ssl: Makefile.org
@@ -601,8 +653,7 @@ rehash.time: certs
@(OPENSSL="`pwd`/apps/openssl"; OPENSSL_DEBUG_MEMORY=on; \
export OPENSSL OPENSSL_DEBUG_MEMORY; \
LD_LIBRARY_PATH="`pwd`"; DYLD_LIBRARY_PATH="`pwd`"; SHLIB_PATH="`pwd`"; LIBPATH="`pwd`"; \
- if [ "$(PLATFORM)" = "DJGPP" ]; then PATH="`pwd`\;$$PATH"; \
- elif [ "$(PLATFORM)" = "Cygwin" ]; then PATH="`pwd`:$$PATH"; fi; \
+ if [ "$(PLATFORM)" = "Cygwin" ]; then PATH="`pwd`:$$PATH"; fi; \
export LD_LIBRARY_PATH DYLD_LIBRARY_PATH SHLIB_PATH LIBPATH PATH; \
$(PERL) tools/c_rehash certs)
touch rehash.time
@@ -613,8 +664,7 @@ tests: rehash
@(cd test && echo "testing..." && \
$(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' TESTS='${TESTS}' KRB5_INCLUDES='${KRB5_INCLUDES}' LIBKRB5='${LIBKRB5}' EXE_EXT='${EXE_EXT}' SHARED_LIBS='${SHARED_LIBS}' SHLIB_EXT='${SHLIB_EXT}' SHLIB_TARGET='${SHLIB_TARGET}' TESTS='${TESTS}' OPENSSL_DEBUG_MEMORY=on tests );
@LD_LIBRARY_PATH="`pwd`"; DYLD_LIBRARY_PATH="`pwd`"; SHLIB_PATH="`pwd`"; LIBPATH="`pwd`"; \
- if [ "$(PLATFORM)" = "DJGPP" ]; then PATH="`pwd`\;$$PATH"; \
- elif [ "$(PLATFORM)" = "Cygwin" ]; then PATH="`pwd`:$$PATH"; fi; \
+ if [ "$(PLATFORM)" = "Cygwin" ]; then PATH="`pwd`:$$PATH"; fi; \
export LD_LIBRARY_PATH DYLD_LIBRARY_PATH SHLIB_PATH LIBPATH PATH; \
apps/openssl version -a
@@ -749,7 +799,7 @@ install: all install_docs
chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \
mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i; \
else \
- c=`echo $$i | sed 's/^lib\(.*\)/cyg\1-$(SHLIB_VERSION_NUMBER)/'`; \
+ c=`echo $$i | sed 's/^lib\(.*\)\.dll/cyg\1-$(SHLIB_VERSION_NUMBER).dll/'`; \
cp $$c $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c.new; \
chmod 755 $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c.new; \
mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c.new $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c; \
@@ -763,6 +813,12 @@ install: all install_docs
cd $(INSTALL_PREFIX)$(INSTALLTOP)/lib; \
set $(MAKE); \
$$1 -f $$here/Makefile link-shared ); \
+ if [ "$(INSTALLTOP)" != "/usr" ]; then \
+ echo 'OpenSSL shared libraries have been installed in:'; \
+ echo ' $(INSTALLTOP)'; \
+ echo ''; \
+ sed -e '1,/^$$/d' doc/openssl-shared.txt; \
+ fi; \
fi
cp openssl.pc $(INSTALL_PREFIX)$(INSTALLTOP)/lib/pkgconfig
diff --git a/crypto/openssl/Makefile.ssl b/crypto/openssl/Makefile.ssl
index b262f9d568f9..04de989fabd2 100644
--- a/crypto/openssl/Makefile.ssl
+++ b/crypto/openssl/Makefile.ssl
@@ -4,7 +4,7 @@
## Makefile for OpenSSL
##
-VERSION=0.9.7
+VERSION=0.9.7a
MAJOR=0
MINOR=9.7
SHLIB_VERSION_NUMBER=0.9.7
@@ -74,6 +74,14 @@ TAR= tar
TARFLAGS= --no-recursion
MAKEDEPPROG=makedepend
+# We let the C compiler driver to take care of .s files. This is done in
+# order to be excused from maintaining a separate set of architecture
+# dependent assembler flags. E.g. if you throw -mcpu=ultrasparc at SPARC
+# gcc, then the driver will automatically translate it to -xarch=v8plus
+# and pass it down to assembler.
+AS=$(CC) -c
+ASFLAGS=$(CFLAG)
+
# Set BN_ASM to bn_asm.o if you want to use the C version
BN_ASM= bn_asm.o
#BN_ASM= bn_asm.o
@@ -161,6 +169,7 @@ RMD160_ASM_OBJ=
# KRB5 stuff
KRB5_INCLUDES=
+LIBKRB5=
# When we're prepared to use shared libraries in the programs we link here
# we might set SHLIB_MARK to '$(SHARED_LIBS)'.
@@ -218,7 +227,7 @@ sub_all:
do \
if [ -d "$$i" ]; then \
(cd $$i && echo "making all in $$i..." && \
- $(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' KRB5_INCLUDES='${KRB5_INCLUDES}' LIBKRB5='${LIBKRB5}' EXE_EXT='${EXE_EXT}' SHARED_LIBS='${SHARED_LIBS}' SHLIB_EXT='${SHLIB_EXT}' SHLIB_TARGET='${SHLIB_TARGET}' all ) || exit 1; \
+ $(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' AS='${AS}' ASFLAGS='${ASFLAGS}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' KRB5_INCLUDES='${KRB5_INCLUDES}' LIBKRB5='${LIBKRB5}' EXE_EXT='${EXE_EXT}' SHARED_LIBS='${SHARED_LIBS}' SHLIB_EXT='${SHLIB_EXT}' SHLIB_TARGET='${SHLIB_TARGET}' all ) || exit 1; \
else \
$(MAKE) $$i; \
fi; \
@@ -271,13 +280,16 @@ do_bsd-gcc-shared: do_gnu-shared
do_linux-shared: do_gnu-shared
do_gnu-shared:
libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
+ if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \
+ libs="$(LIBKRB5) $$libs"; \
+ fi; \
( set -x; ${CC} ${SHARED_LDFLAGS} \
-shared -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
-Wl,-soname=lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
-Wl,-Bsymbolic \
-Wl,--whole-archive lib$$i.a \
-Wl,--no-whole-archive $$libs ${EX_LIBS} -lc ) || exit 1; \
- libs="$$libs -l$$i"; \
+ libs="-l$$i $$libs"; \
done
DETECT_GNU_LD=(${CC} -Wl,-V /dev/null 2>&1 | grep '^GNU ld' )>/dev/null
@@ -285,22 +297,28 @@ DETECT_GNU_LD=(${CC} -Wl,-V /dev/null 2>&1 | grep '^GNU ld' )>/dev/null
# For Darwin AKA Mac OS/X (dyld)
do_darwin-shared:
libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
- ( set -x ; ${CC} --verbose -dynamiclib -o lib$$i${SHLIB_EXT} \
+ if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \
+ libs="$(LIBKRB5) $$libs"; \
+ fi; \
+ ( set -x; ${CC} --verbose -dynamiclib -o lib$$i${SHLIB_EXT} \
lib$$i.a $$libs -all_load -current_version ${SHLIB_MAJOR}.${SHLIB_MINOR} \
-compatibility_version ${SHLIB_MAJOR}.`echo ${SHLIB_MINOR} | cut -d. -f1` \
-install_name ${INSTALLTOP}/lib/lib$$i${SHLIB_EXT} ) || exit 1; \
- libs="$$libs -l`basename $$i${SHLIB_EXT} .dylib`"; \
+ libs="-l`basename $$i${SHLIB_EXT} .dylib` $$libs"; \
echo "" ; \
done
do_cygwin-shared:
libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
+ if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \
+ libs="$(LIBKRB5) $$libs"; \
+ fi; \
( set -x; ${CC} -shared -o cyg$$i-$(SHLIB_VERSION_NUMBER).dll \
-Wl,-Bsymbolic \
-Wl,--whole-archive lib$$i.a \
-Wl,--out-implib,lib$$i.dll.a \
-Wl,--no-whole-archive $$libs ) || exit 1; \
- libs="$$libs -l$$i"; \
+ libs="-l$$i $$libs"; \
done
# This assumes that GNU utilities are *not* used
@@ -309,11 +327,14 @@ do_alpha-osf1-shared:
$(MAKE) do_gnu-shared; \
else \
libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
+ if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \
+ libs="$(LIBKRB5) $$libs"; \
+ fi; \
( set -x; ${CC} ${SHARED_LDFLAGS} \
-shared -o lib$$i.so \
-set_version "${SHLIB_VERSION_HISTORY}${SHLIB_VERSION_NUMBER}" \
-all lib$$i.a -none $$libs ${EX_LIBS} -lc ) || exit 1; \
- libs="$$libs -l$$i"; \
+ libs="-l$$i $$libs"; \
done; \
fi
@@ -325,11 +346,14 @@ do_tru64-shared:
$(MAKE) do_gnu-shared; \
else \
libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
+ if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \
+ libs="$(LIBKRB5) $$libs"; \
+ fi; \
( set -x; ${CC} ${SHARED_LDFLAGS} \
-shared -msym -o lib$$i.so \
-set_version "${SHLIB_VERSION_HISTORY}${SHLIB_VERSION_NUMBER}" \
-all lib$$i.a -none $$libs ${EX_LIBS} -lc ) || exit 1; \
- libs="$$libs -l$$i"; \
+ libs="-l$$i $$libs"; \
done; \
fi
@@ -341,12 +365,15 @@ do_tru64-shared-rpath:
$(MAKE) do_gnu-shared; \
else \
libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
+ if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \
+ libs="$(LIBKRB5) $$libs"; \
+ fi; \
( set -x; ${CC} ${SHARED_LDFLAGS} \
-shared -msym -o lib$$i.so \
-rpath ${INSTALLTOP}/lib \
-set_version "${SHLIB_VERSION_HISTORY}${SHLIB_VERSION_NUMBER}" \
-all lib$$i.a -none $$libs ${EX_LIBS} -lc ) || exit 1; \
- libs="$$libs -l$$i"; \
+ libs="-l$$i $$libs"; \
done; \
fi
@@ -357,6 +384,9 @@ do_solaris-shared:
$(MAKE) do_gnu-shared; \
else \
libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
+ if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \
+ libs="$(LIBKRB5) $$libs"; \
+ fi; \
( PATH=/usr/ccs/bin:$$PATH ; export PATH; \
MINUSZ='-z '; \
(${CC} -v 2>&1 | grep gcc) > /dev/null && MINUSZ='-Wl,-z,'; \
@@ -365,7 +395,7 @@ do_solaris-shared:
-h lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
$${MINUSZ}allextract lib$$i.a $${MINUSZ}defaultextract \
$$libs ${EX_LIBS} -lc ) || exit 1; \
- libs="$$libs -l$$i"; \
+ libs="-l$$i $$libs"; \
done; \
fi
@@ -375,6 +405,9 @@ do_svr3-shared:
$(MAKE) do_gnu-shared; \
else \
libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
+ if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \
+ libs="$(LIBKRB5) $$libs"; \
+ fi; \
( PATH=/usr/ccs/bin:$$PATH ; export PATH; \
find . -name "*.o" -print > allobjs ; \
OBJS= ; export OBJS ; \
@@ -384,7 +417,7 @@ do_svr3-shared:
set -x; ${CC} -G -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
-h lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
$${OBJS} $$libs ${EX_LIBS} ) || exit 1; \
- libs="$$libs -l$$i"; \
+ libs="-l$$i $$libs"; \
done; \
fi
@@ -394,6 +427,9 @@ do_svr5-shared:
$(MAKE) do_gnu-shared; \
else \
libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
+ if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \
+ libs="$(LIBKRB5) $$libs"; \
+ fi; \
( PATH=/usr/ccs/bin:$$PATH ; export PATH; \
find . -name "*.o" -print > allobjs ; \
OBJS= ; export OBJS ; \
@@ -404,7 +440,7 @@ do_svr5-shared:
-G -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
-h lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
$${OBJS} $$libs ${EX_LIBS} ) || exit 1; \
- libs="$$libs -l$$i"; \
+ libs="-l$$i $$libs"; \
done; \
fi
@@ -414,11 +450,14 @@ do_irix-shared:
$(MAKE) do_gnu-shared; \
else \
libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
+ if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \
+ libs="$(LIBKRB5) $$libs"; \
+ fi; \
( set -x; ${CC} ${SHARED_LDFLAGS} \
-shared -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
-Wl,-soname,lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
-all lib$$i.a $$libs ${EX_LIBS} -lc) || exit 1; \
- libs="$$libs -l$$i"; \
+ libs="-l$$i $$libs"; \
done; \
fi
@@ -435,6 +474,9 @@ do_irix-shared:
#
do_hpux-shared:
for i in ${SHLIBDIRS}; do \
+ if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \
+ libs="$(LIBKRB5) $$libs"; \
+ fi; \
( set -x; /usr/ccs/bin/ld ${SHARED_LDFLAGS} \
+vnocompatwarnings \
-b -z +s \
@@ -455,6 +497,9 @@ do_hpux-shared:
#
do_hpux64-shared:
for i in ${SHLIBDIRS}; do \
+ if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \
+ libs="$(LIBKRB5) $$libs"; \
+ fi; \
( set -x; /usr/ccs/bin/ld ${SHARED_LDFLAGS} \
-b -z \
-o lib$$i.sl.${SHLIB_MAJOR}.${SHLIB_MINOR} \
@@ -497,17 +542,24 @@ SHAREDFLAGS=${SHARED_LDFLAGS} -G -bE:lib$$i.exp -bM:SRE
SHAREDCMD=$(CC)
do_aix-shared:
libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
+ if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \
+ libs="$(LIBKRB5) $$libs"; \
+ fi; \
( set -x; \
- ld -r -o $$i.o $(ALLSYMSFLAG) lib$$i.a && \
+ ld -r -o lib$$i.o $(ALLSYMSFLAG) lib$$i.a && \
( nm -Pg lib$$i.o | grep ' [BD] ' | cut -f1 -d' ' > lib$$i.exp; \
- $(SHAREDCMD) $(SHAREDFLAG) -o lib$$i.so lib$$i.o \
+ $(SHAREDCMD) $(SHAREDFLAGS) \
+ -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} lib$$i.o \
$$libs ${EX_LIBS} ) ) \
|| exit 1; \
- libs="$$libs -l$$i"; \
+ libs="-l$$i $$libs"; \
done
do_reliantunix-shared:
libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
+ if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \
+ libs="$(LIBKRB5) $$libs"; \
+ fi; \
tmpdir=/tmp/openssl.$$$$ ; rm -rf $$tmpdir ; \
( set -x; \
( Opwd=`pwd` ; mkdir $$tmpdir || exit 1; \
@@ -517,7 +569,7 @@ do_reliantunix-shared:
cp $$tmpdir/lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} . ; \
) || exit 1; \
rm -rf $$tmpdir ; \
- libs="$$libs -l$$i"; \
+ libs="-l$$i $$libs"; \
done
openssl.pc: Makefile.ssl
@@ -530,7 +582,7 @@ openssl.pc: Makefile.ssl
echo 'Description: Secure Sockets Layer and cryptography libraries and tools'; \
echo 'Version: '$(VERSION); \
echo 'Requires: '; \
- echo 'Libs: -L$${libdir} -lssl -lcrypto $(EX_LIBS)'; \
+ echo 'Libs: -L$${libdir} -lssl -lcrypto $(LIBKRB5) $(EX_LIBS)'; \
echo 'Cflags: -I$${includedir} $(KRB5_INCLUDES)' ) > openssl.pc
Makefile.ssl: Makefile.org
@@ -603,8 +655,7 @@ rehash.time: certs
@(OPENSSL="`pwd`/apps/openssl"; OPENSSL_DEBUG_MEMORY=on; \
export OPENSSL OPENSSL_DEBUG_MEMORY; \
LD_LIBRARY_PATH="`pwd`"; DYLD_LIBRARY_PATH="`pwd`"; SHLIB_PATH="`pwd`"; LIBPATH="`pwd`"; \
- if [ "$(PLATFORM)" = "DJGPP" ]; then PATH="`pwd`\;$$PATH"; \
- elif [ "$(PLATFORM)" = "Cygwin" ]; then PATH="`pwd`:$$PATH"; fi; \
+ if [ "$(PLATFORM)" = "Cygwin" ]; then PATH="`pwd`:$$PATH"; fi; \
export LD_LIBRARY_PATH DYLD_LIBRARY_PATH SHLIB_PATH LIBPATH PATH; \
$(PERL) tools/c_rehash certs)
touch rehash.time
@@ -615,8 +666,7 @@ tests: rehash
@(cd test && echo "testing..." && \
$(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' TESTS='${TESTS}' KRB5_INCLUDES='${KRB5_INCLUDES}' LIBKRB5='${LIBKRB5}' EXE_EXT='${EXE_EXT}' SHARED_LIBS='${SHARED_LIBS}' SHLIB_EXT='${SHLIB_EXT}' SHLIB_TARGET='${SHLIB_TARGET}' TESTS='${TESTS}' OPENSSL_DEBUG_MEMORY=on tests );
@LD_LIBRARY_PATH="`pwd`"; DYLD_LIBRARY_PATH="`pwd`"; SHLIB_PATH="`pwd`"; LIBPATH="`pwd`"; \
- if [ "$(PLATFORM)" = "DJGPP" ]; then PATH="`pwd`\;$$PATH"; \
- elif [ "$(PLATFORM)" = "Cygwin" ]; then PATH="`pwd`:$$PATH"; fi; \
+ if [ "$(PLATFORM)" = "Cygwin" ]; then PATH="`pwd`:$$PATH"; fi; \
export LD_LIBRARY_PATH DYLD_LIBRARY_PATH SHLIB_PATH LIBPATH PATH; \
apps/openssl version -a
@@ -751,7 +801,7 @@ install: all install_docs
chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \
mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i; \
else \
- c=`echo $$i | sed 's/^lib\(.*\)/cyg\1-$(SHLIB_VERSION_NUMBER)/'`; \
+ c=`echo $$i | sed 's/^lib\(.*\)\.dll/cyg\1-$(SHLIB_VERSION_NUMBER).dll/'`; \
cp $$c $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c.new; \
chmod 755 $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c.new; \
mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c.new $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c; \
@@ -765,6 +815,12 @@ install: all install_docs
cd $(INSTALL_PREFIX)$(INSTALLTOP)/lib; \
set $(MAKE); \
$$1 -f $$here/Makefile link-shared ); \
+ if [ "$(INSTALLTOP)" != "/usr" ]; then \
+ echo 'OpenSSL shared libraries have been installed in:'; \
+ echo ' $(INSTALLTOP)'; \
+ echo ''; \
+ sed -e '1,/^$$/d' doc/openssl-shared.txt; \
+ fi; \
fi
cp openssl.pc $(INSTALL_PREFIX)$(INSTALLTOP)/lib/pkgconfig
diff --git a/crypto/openssl/NEWS b/crypto/openssl/NEWS
index 28f42ce89c0f..3cf173ebae23 100644
--- a/crypto/openssl/NEWS
+++ b/crypto/openssl/NEWS
@@ -5,6 +5,17 @@
This file gives a brief overview of the major changes between each OpenSSL
release. For more details please read the CHANGES file.
+ Major changes between OpenSSL 0.9.7 and OpenSSL 0.9.7a:
+
+ o Security: Important security related bugfixes.
+ o Enhanced compatibility with MIT Kerberos.
+ o Can be built without the ENGINE framework.
+ o IA32 assembler enhancements.
+ o Support for new platforms: FreeBSD/IA64 and FreeBSD/Sparc64.
+ o Configuration: the no-err option now works properly.
+ o SSL/TLS: now handles manual certificate chain building.
+ o SSL/TLS: certain session ID malfunctions corrected.
+
Major changes between OpenSSL 0.9.6 and OpenSSL 0.9.7:
o New library section OCSP.
@@ -51,6 +62,10 @@
o SSL/TLS: add callback to retrieve SSL/TLS messages.
o SSL/TLS: support AES cipher suites (RFC3268).
+ Major changes between OpenSSL 0.9.6h and OpenSSL 0.9.6i:
+
+ o Important security related bugfixes.
+
Major changes between OpenSSL 0.9.6g and OpenSSL 0.9.6h:
o New configuration targets for Tandem OSS and A/UX.
diff --git a/crypto/openssl/PROBLEMS b/crypto/openssl/PROBLEMS
index 4bf31303be99..1a956b54815c 100644
--- a/crypto/openssl/PROBLEMS
+++ b/crypto/openssl/PROBLEMS
@@ -70,3 +70,31 @@ if compiled with WorkShop 6 compiler and -xarch=v9. The cause for
this seems to be the fact that compiler emits multiplication to
perform shift operations:-( To work the problem around configure
with './Configure solaris64-sparcv9-cc -DMD32_REG_T=int'.
+
+* Problems with hp-parisc2-cc target when used with "no-asm" flag
+
+When using the hp-parisc2-cc target, wrong bignum code is generated.
+This is due to the SIXTY_FOUR_BIT build being compiled with the +O3
+aggressive optimization.
+The problem manifests itself by the BN_kronecker test hanging in an
+endless loop. Reason: the BN_kronecker test calls BN_generate_prime()
+which itself hangs. The reason could be tracked down to the bn_mul_comba8()
+function in bn_asm.c. At some occasions the higher 32bit value of r[7]
+is off by 1 (meaning: calculated=shouldbe+1). Further analysis failed,
+as no debugger support possible at +O3 and additional fprintf()'s
+introduced fixed the bug, therefore it is most likely a bug in the
+optimizer.
+The bug was found in the BN_kronecker test but may also lead to
+failures in other parts of the code.
+(See Ticket #426.)
+
+Workaround: modify the target to +O2 when building with no-asm.
+
+* Poor support for AIX shared builds.
+
+do_aix-shared rule is not flexible enough to parameterize through a
+config-line. './Configure aix43-cc shared' is working, but not
+'./Configure aix64-gcc shared'. In latter case make fails to create shared
+libraries. It's possible to build 64-bit shared libraries by running
+'env OBJECT_MODE=64 make', but we need more elegant solution. Preferably one
+supporting even gcc shared builds. See RT#463 for background information.
diff --git a/crypto/openssl/README b/crypto/openssl/README
index b74af83b0b96..35bedc08ebe2 100644
--- a/crypto/openssl/README
+++ b/crypto/openssl/README
@@ -1,7 +1,7 @@
- OpenSSL 0.9.7 31 Dec 2002
+ OpenSSL 0.9.7a Feb 19 2003
- Copyright (c) 1998-2002 The OpenSSL Project
+ Copyright (c) 1998-2003 The OpenSSL Project
Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
All rights reserved.
diff --git a/crypto/openssl/apps/Makefile.ssl b/crypto/openssl/apps/Makefile.ssl
index c75d0d2e77c3..ff433d6a80d5 100644
--- a/crypto/openssl/apps/Makefile.ssl
+++ b/crypto/openssl/apps/Makefile.ssl
@@ -18,6 +18,7 @@ PERL= perl
RM= rm -f
# KRB5 stuff
KRB5_INCLUDES=
+LIBKRB5=
PEX_LIBS=
EX_LIBS=
@@ -150,8 +151,7 @@ $(PROGRAM): progs.h $(E_OBJ) $(PROGRAM).o $(DLIBCRYPTO) $(DLIBSSL)
fi
-(cd ..; OPENSSL="`pwd`/apps/openssl"; export OPENSSL; \
LIBPATH="`pwd`"; LD_LIBRARY_PATH="`pwd`"; DYLD_LIBRARY_PATH="`pwd`"; SHLIB_PATH="`pwd`"; \
- if [ "$(PLATFORM)" = "DJGPP" ]; then PATH="`pwd`\;$$PATH"; \
- elif [ "$(PLATFORM)" = "Cygwin" ]; then PATH="`pwd`:$$PATH"; fi; \
+ if [ "$(PLATFORM)" = "Cygwin" ]; then PATH="`pwd`:$$PATH"; fi; \
export LD_LIBRARY_PATH DYLD_LIBRARY_PATH SHLIB_PATH LIBPATH PATH; \
$(PERL) tools/c_rehash certs)
diff --git a/crypto/openssl/apps/apps.c b/crypto/openssl/apps/apps.c
index 4a8c9263a7cc..ec3e391b66ab 100644
--- a/crypto/openssl/apps/apps.c
+++ b/crypto/openssl/apps/apps.c
@@ -122,7 +122,9 @@
#include <openssl/pkcs12.h>
#include <openssl/ui.h>
#include <openssl/safestack.h>
+#ifndef OPENSSL_NO_ENGINE
#include <openssl/engine.h>
+#endif
#ifdef OPENSSL_SYS_WINDOWS
#define strcasecmp _stricmp
@@ -859,6 +861,7 @@ EVP_PKEY *load_key(BIO *err, const char *file, int format, int maybe_stdin,
BIO_printf(err,"no keyfile specified\n");
goto end;
}
+#ifndef OPENSSL_NO_ENGINE
if (format == FORMAT_ENGINE)
{
if (!e)
@@ -868,6 +871,7 @@ EVP_PKEY *load_key(BIO *err, const char *file, int format, int maybe_stdin,
ui_method, &cb_data);
goto end;
}
+#endif
key=BIO_new(BIO_s_file());
if (key == NULL)
{
@@ -935,6 +939,7 @@ EVP_PKEY *load_pubkey(BIO *err, const char *file, int format, int maybe_stdin,
BIO_printf(err,"no keyfile specified\n");
goto end;
}
+#ifndef OPENSSL_NO_ENGINE
if (format == FORMAT_ENGINE)
{
if (!e)
@@ -944,6 +949,7 @@ EVP_PKEY *load_pubkey(BIO *err, const char *file, int format, int maybe_stdin,
ui_method, &cb_data);
goto end;
}
+#endif
key=BIO_new(BIO_s_file());
if (key == NULL)
{
@@ -1329,6 +1335,7 @@ X509_STORE *setup_verify(BIO *bp, char *CAfile, char *CApath)
return NULL;
}
+#ifndef OPENSSL_NO_ENGINE
/* Try to load an engine in a shareable library */
static ENGINE *try_load_engine(BIO *err, const char *engine, int debug)
{
@@ -1385,6 +1392,7 @@ ENGINE *setup_engine(BIO *err, const char *engine, int debug)
}
return e;
}
+#endif
int load_config(BIO *err, CONF *cnf)
{
diff --git a/crypto/openssl/apps/apps.h b/crypto/openssl/apps/apps.h
index 7b1f8ded787d..c36b9d256657 100644
--- a/crypto/openssl/apps/apps.h
+++ b/crypto/openssl/apps/apps.h
@@ -121,7 +121,9 @@
#include <openssl/lhash.h>
#include <openssl/conf.h>
#include <openssl/txt_db.h>
+#ifndef OPENSSL_NO_ENGINE
#include <openssl/engine.h>
+#endif
#include <openssl/ossl_typ.h>
int app_RAND_load_file(const char *file, BIO *bio_e, int dont_warn);
@@ -179,30 +181,57 @@ extern BIO *bio_err;
do_pipe_sig()
# define apps_shutdown()
#else
-# if defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_WIN16) || \
- defined(OPENSSL_SYS_WIN32)
-# ifdef _O_BINARY
-# define apps_startup() \
- do { _fmode=_O_BINARY; do_pipe_sig(); CRYPTO_malloc_init(); \
- ERR_load_crypto_strings(); OpenSSL_add_all_algorithms(); \
- ENGINE_load_builtin_engines(); setup_ui_method(); } while(0)
+# ifndef OPENSSL_NO_ENGINE
+# if defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_WIN16) || \
+ defined(OPENSSL_SYS_WIN32)
+# ifdef _O_BINARY
+# define apps_startup() \
+ do { _fmode=_O_BINARY; do_pipe_sig(); CRYPTO_malloc_init(); \
+ ERR_load_crypto_strings(); OpenSSL_add_all_algorithms(); \
+ ENGINE_load_builtin_engines(); setup_ui_method(); } while(0)
+# else
+# define apps_startup() \
+ do { _fmode=O_BINARY; do_pipe_sig(); CRYPTO_malloc_init(); \
+ ERR_load_crypto_strings(); OpenSSL_add_all_algorithms(); \
+ ENGINE_load_builtin_engines(); setup_ui_method(); } while(0)
+# endif
# else
# define apps_startup() \
- do { _fmode=O_BINARY; do_pipe_sig(); CRYPTO_malloc_init(); \
- ERR_load_crypto_strings(); OpenSSL_add_all_algorithms(); \
- ENGINE_load_builtin_engines(); setup_ui_method(); } while(0)
+ do { do_pipe_sig(); OpenSSL_add_all_algorithms(); \
+ ERR_load_crypto_strings(); ENGINE_load_builtin_engines(); \
+ setup_ui_method(); } while(0)
# endif
+# define apps_shutdown() \
+ do { CONF_modules_unload(1); destroy_ui_method(); \
+ EVP_cleanup(); ENGINE_cleanup(); \
+ CRYPTO_cleanup_all_ex_data(); ERR_remove_state(0); \
+ ERR_free_strings(); } while(0)
# else
-# define apps_startup() \
- do { do_pipe_sig(); OpenSSL_add_all_algorithms(); \
- ERR_load_crypto_strings(); ENGINE_load_builtin_engines(); \
- setup_ui_method(); } while(0)
+# if defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_WIN16) || \
+ defined(OPENSSL_SYS_WIN32)
+# ifdef _O_BINARY
+# define apps_startup() \
+ do { _fmode=_O_BINARY; do_pipe_sig(); CRYPTO_malloc_init(); \
+ ERR_load_crypto_strings(); OpenSSL_add_all_algorithms(); \
+ setup_ui_method(); } while(0)
+# else
+# define apps_startup() \
+ do { _fmode=O_BINARY; do_pipe_sig(); CRYPTO_malloc_init(); \
+ ERR_load_crypto_strings(); OpenSSL_add_all_algorithms(); \
+ setup_ui_method(); } while(0)
+# endif
+# else
+# define apps_startup() \
+ do { do_pipe_sig(); OpenSSL_add_all_algorithms(); \
+ ERR_load_crypto_strings(); \
+ setup_ui_method(); } while(0)
+# endif
+# define apps_shutdown() \
+ do { CONF_modules_unload(1); destroy_ui_method(); \
+ EVP_cleanup(); \
+ CRYPTO_cleanup_all_ex_data(); ERR_remove_state(0); \
+ ERR_free_strings(); } while(0)
# endif
-# define apps_shutdown() \
- do { CONF_modules_unload(1); destroy_ui_method(); \
- EVP_cleanup(); ENGINE_cleanup(); \
- CRYPTO_cleanup_all_ex_data(); ERR_remove_state(0); \
- ERR_free_strings(); } while(0)
#endif
typedef struct args_st
@@ -248,7 +277,9 @@ EVP_PKEY *load_pubkey(BIO *err, const char *file, int format, int maybe_stdin,
STACK_OF(X509) *load_certs(BIO *err, const char *file, int format,
const char *pass, ENGINE *e, const char *cert_descrip);
X509_STORE *setup_verify(BIO *bp, char *CAfile, char *CApath);
+#ifndef OPENSSL_NO_ENGINE
ENGINE *setup_engine(BIO *err, const char *engine, int debug);
+#endif
int load_config(BIO *err, CONF *cnf);
char *make_config_name(void);
diff --git a/crypto/openssl/apps/ca.c b/crypto/openssl/apps/ca.c
index 93e61f610b44..1d4e4aa7d3db 100644
--- a/crypto/openssl/apps/ca.c
+++ b/crypto/openssl/apps/ca.c
@@ -196,7 +196,9 @@ static char *ca_usage[]={
" -extensions .. - Extension section (override value in config file)\n",
" -extfile file - Configuration file with X509v3 extentions to add\n",
" -crlexts .. - CRL extension section (override value in config file)\n",
+#ifndef OPENSSL_NO_ENGINE
" -engine e - use engine e, possibly a hardware device.\n",
+#endif
" -status serial - Shows certificate status given the serial number\n",
" -updatedb - Updates db for expired certificates\n",
NULL
@@ -333,7 +335,9 @@ int MAIN(int argc, char **argv)
#define BSIZE 256
MS_STATIC char buf[3][BSIZE];
char *randfile=NULL;
+#ifndef OPENSSL_NO_ENGINE
char *engine = NULL;
+#endif
char *tofree=NULL;
#ifdef EFENCE
@@ -537,11 +541,13 @@ EF_ALIGNMENT=0;
rev_arg = *(++argv);
rev_type = REV_CA_COMPROMISE;
}
+#ifndef OPENSSL_NO_ENGINE
else if (strcmp(*argv,"-engine") == 0)
{
if (--argc < 1) goto bad;
engine= *(++argv);
}
+#endif
else
{
bad:
@@ -562,7 +568,9 @@ bad:
ERR_load_crypto_strings();
+#ifndef OPENSSL_NO_ENGINE
e = setup_engine(bio_err, engine, 0);
+#endif
/*****************************************************************/
tofree=NULL;
@@ -597,7 +605,10 @@ bad:
goto err;
}
if(tofree)
+ {
OPENSSL_free(tofree);
+ tofree = NULL;
+ }
if (!load_config(bio_err, conf))
goto err;
@@ -1633,11 +1644,12 @@ err:
BIO_free_all(out);
BIO_free_all(in);
- sk_X509_pop_free(cert_sk,X509_free);
+ if (cert_sk)
+ sk_X509_pop_free(cert_sk,X509_free);
if (ret) ERR_print_errors(bio_err);
app_RAND_write_file(randfile, bio_err);
- if (free_key)
+ if (free_key && key)
OPENSSL_free(key);
BN_free(serial);
TXT_DB_free(db);
diff --git a/crypto/openssl/apps/dgst.c b/crypto/openssl/apps/dgst.c
index 280f79b4a23a..47d1309b14c1 100644
--- a/crypto/openssl/apps/dgst.c
+++ b/crypto/openssl/apps/dgst.c
@@ -100,7 +100,9 @@ int MAIN(int argc, char **argv)
EVP_PKEY *sigkey = NULL;
unsigned char *sigbuf = NULL;
int siglen = 0;
+#ifndef OPENSSL_NO_ENGINE
char *engine=NULL;
+#endif
apps_startup();
@@ -166,11 +168,13 @@ int MAIN(int argc, char **argv)
if (--argc < 1) break;
keyform=str2fmt(*(++argv));
}
+#ifndef OPENSSL_NO_ENGINE
else if (strcmp(*argv,"-engine") == 0)
{
if (--argc < 1) break;
engine= *(++argv);
}
+#endif
else if (strcmp(*argv,"-hex") == 0)
out_bin = 0;
else if (strcmp(*argv,"-binary") == 0)
@@ -208,7 +212,9 @@ int MAIN(int argc, char **argv)
BIO_printf(bio_err,"-keyform arg key file format (PEM or ENGINE)\n");
BIO_printf(bio_err,"-signature file signature to verify\n");
BIO_printf(bio_err,"-binary output in binary form\n");
+#ifndef OPENSSL_NO_ENGINE
BIO_printf(bio_err,"-engine e use engine e, possibly a hardware device.\n");
+#endif
BIO_printf(bio_err,"-%3s to use the %s message digest algorithm (default)\n",
LN_md5,LN_md5);
@@ -228,7 +234,9 @@ int MAIN(int argc, char **argv)
goto end;
}
+#ifndef OPENSSL_NO_ENGINE
e = setup_engine(bio_err, engine, 0);
+#endif
in=BIO_new(BIO_s_file());
bmd=BIO_new(BIO_f_md());
diff --git a/crypto/openssl/apps/dh.c b/crypto/openssl/apps/dh.c
index c10ea96b90ac..cd01fed13987 100644
--- a/crypto/openssl/apps/dh.c
+++ b/crypto/openssl/apps/dh.c
@@ -87,12 +87,17 @@ int MAIN(int, char **);
int MAIN(int argc, char **argv)
{
+#ifndef OPENSSL_NO_ENGINE
ENGINE *e = NULL;
+#endif
DH *dh=NULL;
int i,badops=0,text=0;
BIO *in=NULL,*out=NULL;
int informat,outformat,check=0,noout=0,C=0,ret=1;
- char *infile,*outfile,*prog,*engine;
+ char *infile,*outfile,*prog;
+#ifndef OPENSSL_NO_ENGINE
+ char *engine;
+#endif
apps_startup();
@@ -103,7 +108,9 @@ int MAIN(int argc, char **argv)
if (!load_config(bio_err, NULL))
goto end;
+#ifndef OPENSSL_NO_ENGINE
engine=NULL;
+#endif
infile=NULL;
outfile=NULL;
informat=FORMAT_PEM;
@@ -134,11 +141,13 @@ int MAIN(int argc, char **argv)
if (--argc < 1) goto bad;
outfile= *(++argv);
}
+#ifndef OPENSSL_NO_ENGINE
else if (strcmp(*argv,"-engine") == 0)
{
if (--argc < 1) goto bad;
engine= *(++argv);
}
+#endif
else if (strcmp(*argv,"-check") == 0)
check=1;
else if (strcmp(*argv,"-text") == 0)
@@ -170,13 +179,17 @@ bad:
BIO_printf(bio_err," -text print a text form of the DH parameters\n");
BIO_printf(bio_err," -C Output C code\n");
BIO_printf(bio_err," -noout no output\n");
+#ifndef OPENSSL_NO_ENGINE
BIO_printf(bio_err," -engine e use engine e, possibly a hardware device.\n");
+#endif
goto end;
}
ERR_load_crypto_strings();
+#ifndef OPENSSL_NO_ENGINE
e = setup_engine(bio_err, engine, 0);
+#endif
in=BIO_new(BIO_s_file());
out=BIO_new(BIO_s_file());
diff --git a/crypto/openssl/apps/dhparam.c b/crypto/openssl/apps/dhparam.c
index cbc65bcc5f5e..dc00355b95b7 100644
--- a/crypto/openssl/apps/dhparam.c
+++ b/crypto/openssl/apps/dhparam.c
@@ -148,7 +148,9 @@ int MAIN(int, char **);
int MAIN(int argc, char **argv)
{
+#ifndef OPENSSL_NO_ENGINE
ENGINE *e = NULL;
+#endif
DH *dh=NULL;
int i,badops=0,text=0;
#ifndef OPENSSL_NO_DSA
@@ -157,7 +159,10 @@ int MAIN(int argc, char **argv)
BIO *in=NULL,*out=NULL;
int informat,outformat,check=0,noout=0,C=0,ret=1;
char *infile,*outfile,*prog;
- char *inrand=NULL,*engine=NULL;
+ char *inrand=NULL;
+#ifndef OPENSSL_NO_ENGINE
+ char *engine=NULL;
+#endif
int num = 0, g = 0;
apps_startup();
@@ -199,11 +204,13 @@ int MAIN(int argc, char **argv)
if (--argc < 1) goto bad;
outfile= *(++argv);
}
+#ifndef OPENSSL_NO_ENGINE
else if (strcmp(*argv,"-engine") == 0)
{
if (--argc < 1) goto bad;
engine= *(++argv);
}
+#endif
else if (strcmp(*argv,"-check") == 0)
check=1;
else if (strcmp(*argv,"-text") == 0)
@@ -249,7 +256,9 @@ bad:
BIO_printf(bio_err," -2 generate parameters using 2 as the generator value\n");
BIO_printf(bio_err," -5 generate parameters using 5 as the generator value\n");
BIO_printf(bio_err," numbits number of bits in to generate (default 512)\n");
+#ifndef OPENSSL_NO_ENGINE
BIO_printf(bio_err," -engine e use engine e, possibly a hardware device.\n");
+#endif
BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
BIO_printf(bio_err," - load the file (or the files in the directory) into\n");
BIO_printf(bio_err," the random number generator\n");
@@ -259,7 +268,9 @@ bad:
ERR_load_crypto_strings();
+#ifndef OPENSSL_NO_ENGINE
e = setup_engine(bio_err, engine, 0);
+#endif
if (g && !num)
num = DEFBITS;
diff --git a/crypto/openssl/apps/dsa.c b/crypto/openssl/apps/dsa.c
index 65988717bbd1..e9de3a3bdfb6 100644
--- a/crypto/openssl/apps/dsa.c
+++ b/crypto/openssl/apps/dsa.c
@@ -90,7 +90,9 @@ int MAIN(int, char **);
int MAIN(int argc, char **argv)
{
+#ifndef OPENSSL_NO_ENGINE
ENGINE *e = NULL;
+#endif
int ret=1;
DSA *dsa=NULL;
int i,badops=0;
@@ -98,7 +100,10 @@ int MAIN(int argc, char **argv)
BIO *in=NULL,*out=NULL;
int informat,outformat,text=0,noout=0;
int pubin = 0, pubout = 0;
- char *infile,*outfile,*prog,*engine;
+ char *infile,*outfile,*prog;
+#ifndef OPENSSL_NO_ENGINE
+ char *engine;
+#endif
char *passargin = NULL, *passargout = NULL;
char *passin = NULL, *passout = NULL;
int modulus=0;
@@ -112,7 +117,9 @@ int MAIN(int argc, char **argv)
if (!load_config(bio_err, NULL))
goto end;
+#ifndef OPENSSL_NO_ENGINE
engine=NULL;
+#endif
infile=NULL;
outfile=NULL;
informat=FORMAT_PEM;
@@ -153,11 +160,13 @@ int MAIN(int argc, char **argv)
if (--argc < 1) goto bad;
passargout= *(++argv);
}
+#ifndef OPENSSL_NO_ENGINE
else if (strcmp(*argv,"-engine") == 0)
{
if (--argc < 1) goto bad;
engine= *(++argv);
}
+#endif
else if (strcmp(*argv,"-noout") == 0)
noout=1;
else if (strcmp(*argv,"-text") == 0)
@@ -189,7 +198,9 @@ bad:
BIO_printf(bio_err," -passin arg input file pass phrase source\n");
BIO_printf(bio_err," -out arg output file\n");
BIO_printf(bio_err," -passout arg output file pass phrase source\n");
+#ifndef OPENSSL_NO_ENGINE
BIO_printf(bio_err," -engine e use engine e, possibly a hardware device.\n");
+#endif
BIO_printf(bio_err," -des encrypt PEM output with cbc des\n");
BIO_printf(bio_err," -des3 encrypt PEM output with ede cbc des using 168 bit key\n");
#ifndef OPENSSL_NO_IDEA
@@ -207,7 +218,9 @@ bad:
ERR_load_crypto_strings();
+#ifndef OPENSSL_NO_ENGINE
e = setup_engine(bio_err, engine, 0);
+#endif
if(!app_passwd(bio_err, passargin, passargout, &passin, &passout)) {
BIO_printf(bio_err, "Error getting passwords\n");
diff --git a/crypto/openssl/apps/dsaparam.c b/crypto/openssl/apps/dsaparam.c
index 320d76f632d4..04861e898639 100644
--- a/crypto/openssl/apps/dsaparam.c
+++ b/crypto/openssl/apps/dsaparam.c
@@ -90,7 +90,9 @@ int MAIN(int, char **);
int MAIN(int argc, char **argv)
{
+#ifndef OPENSSL_NO_ENGINE
ENGINE *e = NULL;
+#endif
DSA *dsa=NULL;
int i,badops=0,text=0;
BIO *in=NULL,*out=NULL;
@@ -98,7 +100,9 @@ int MAIN(int argc, char **argv)
char *infile,*outfile,*prog,*inrand=NULL;
int numbits= -1,num,genkey=0;
int need_rand=0;
+#ifndef OPENSSL_NO_ENGINE
char *engine=NULL;
+#endif
apps_startup();
@@ -139,11 +143,13 @@ int MAIN(int argc, char **argv)
if (--argc < 1) goto bad;
outfile= *(++argv);
}
+#ifndef OPENSSL_NO_ENGINE
else if(strcmp(*argv, "-engine") == 0)
{
if (--argc < 1) goto bad;
engine = *(++argv);
}
+#endif
else if (strcmp(*argv,"-text") == 0)
text=1;
else if (strcmp(*argv,"-C") == 0)
@@ -191,7 +197,9 @@ bad:
BIO_printf(bio_err," -noout no output\n");
BIO_printf(bio_err," -genkey generate a DSA key\n");
BIO_printf(bio_err," -rand files to use for random number input\n");
+#ifndef OPENSSL_NO_ENGINE
BIO_printf(bio_err," -engine e use engine e, possibly a hardware device.\n");
+#endif
BIO_printf(bio_err," number number of bits to use for generating private key\n");
goto end;
}
@@ -235,7 +243,9 @@ bad:
}
}
+#ifndef OPENSSL_NO_ENGINE
e = setup_engine(bio_err, engine, 0);
+#endif
if (need_rand)
{
diff --git a/crypto/openssl/apps/enc.c b/crypto/openssl/apps/enc.c
index 42ddfd244bc5..0a9f7310bf51 100644
--- a/crypto/openssl/apps/enc.c
+++ b/crypto/openssl/apps/enc.c
@@ -100,7 +100,9 @@ int MAIN(int, char **);
int MAIN(int argc, char **argv)
{
+#ifndef OPENSSL_NO_ENGINE
ENGINE *e = NULL;
+#endif
static const char magic[]="Salted__";
char mbuf[sizeof magic-1];
char *strbuf=NULL;
@@ -119,7 +121,9 @@ int MAIN(int argc, char **argv)
BIO *in=NULL,*out=NULL,*b64=NULL,*benc=NULL,*rbio=NULL,*wbio=NULL;
#define PROG_NAME_SIZE 39
char pname[PROG_NAME_SIZE+1];
+#ifndef OPENSSL_NO_ENGINE
char *engine = NULL;
+#endif
apps_startup();
@@ -163,11 +167,13 @@ int MAIN(int argc, char **argv)
if (--argc < 1) goto bad;
passarg= *(++argv);
}
+#ifndef OPENSSL_NO_ENGINE
else if (strcmp(*argv,"-engine") == 0)
{
if (--argc < 1) goto bad;
engine= *(++argv);
}
+#endif
else if (strcmp(*argv,"-d") == 0)
enc=0;
else if (strcmp(*argv,"-p") == 0)
@@ -270,7 +276,9 @@ bad:
BIO_printf(bio_err,"%-14s key/iv in hex is the next argument\n","-K/-iv");
BIO_printf(bio_err,"%-14s print the iv/key (then exit if -P)\n","-[pP]");
BIO_printf(bio_err,"%-14s buffer size\n","-bufsize <n>");
+#ifndef OPENSSL_NO_ENGINE
BIO_printf(bio_err,"%-14s use engine e, possibly a hardware device.\n","-engine e");
+#endif
BIO_printf(bio_err,"Cipher Types\n");
OBJ_NAME_do_all_sorted(OBJ_NAME_TYPE_CIPHER_METH,
@@ -284,7 +292,9 @@ bad:
argv++;
}
+#ifndef OPENSSL_NO_ENGINE
e = setup_engine(bio_err, engine, 0);
+#endif
if (bufsize != NULL)
{
diff --git a/crypto/openssl/apps/engine.c b/crypto/openssl/apps/engine.c
index b718ae124c05..456f80a70621 100644
--- a/crypto/openssl/apps/engine.c
+++ b/crypto/openssl/apps/engine.c
@@ -56,6 +56,8 @@
*
*/
+#ifndef OPENSSL_NO_ENGINE
+
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
@@ -518,3 +520,4 @@ end:
apps_shutdown();
OPENSSL_EXIT(ret);
}
+#endif
diff --git a/crypto/openssl/apps/gendh.c b/crypto/openssl/apps/gendh.c
index 98ee413c74b7..a34a862caf97 100644
--- a/crypto/openssl/apps/gendh.c
+++ b/crypto/openssl/apps/gendh.c
@@ -81,13 +81,17 @@ int MAIN(int, char **);
int MAIN(int argc, char **argv)
{
+#ifndef OPENSSL_NO_ENGINE
ENGINE *e = NULL;
+#endif
DH *dh=NULL;
int ret=1,num=DEFBITS;
int g=2;
char *outfile=NULL;
char *inrand=NULL;
+#ifndef OPENSSL_NO_ENGINE
char *engine=NULL;
+#endif
BIO *out=NULL;
apps_startup();
@@ -115,11 +119,13 @@ int MAIN(int argc, char **argv)
g=3; */
else if (strcmp(*argv,"-5") == 0)
g=5;
+#ifndef OPENSSL_NO_ENGINE
else if (strcmp(*argv,"-engine") == 0)
{
if (--argc < 1) goto bad;
engine= *(++argv);
}
+#endif
else if (strcmp(*argv,"-rand") == 0)
{
if (--argc < 1) goto bad;
@@ -138,14 +144,18 @@ bad:
BIO_printf(bio_err," -2 - use 2 as the generator value\n");
/* BIO_printf(bio_err," -3 - use 3 as the generator value\n"); */
BIO_printf(bio_err," -5 - use 5 as the generator value\n");
+#ifndef OPENSSL_NO_ENGINE
BIO_printf(bio_err," -engine e - use engine e, possibly a hardware device.\n");
+#endif
BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
BIO_printf(bio_err," - load the file (or the files in the directory) into\n");
BIO_printf(bio_err," the random number generator\n");
goto end;
}
+#ifndef OPENSSL_NO_ENGINE
e = setup_engine(bio_err, engine, 0);
+#endif
out=BIO_new(BIO_s_file());
if (out == NULL)
diff --git a/crypto/openssl/apps/gendsa.c b/crypto/openssl/apps/gendsa.c
index 4600711c369a..6d2ed06c81d9 100644
--- a/crypto/openssl/apps/gendsa.c
+++ b/crypto/openssl/apps/gendsa.c
@@ -77,7 +77,9 @@ int MAIN(int, char **);
int MAIN(int argc, char **argv)
{
+#ifndef OPENSSL_NO_ENGINE
ENGINE *e = NULL;
+#endif
DSA *dsa=NULL;
int ret=1;
char *outfile=NULL;
@@ -85,7 +87,9 @@ int MAIN(int argc, char **argv)
char *passargout = NULL, *passout = NULL;
BIO *out=NULL,*in=NULL;
const EVP_CIPHER *enc=NULL;
+#ifndef OPENSSL_NO_ENGINE
char *engine=NULL;
+#endif
apps_startup();
@@ -111,11 +115,13 @@ int MAIN(int argc, char **argv)
if (--argc < 1) goto bad;
passargout= *(++argv);
}
+#ifndef OPENSSL_NO_ENGINE
else if (strcmp(*argv,"-engine") == 0)
{
if (--argc < 1) goto bad;
engine= *(++argv);
}
+#endif
else if (strcmp(*argv,"-rand") == 0)
{
if (--argc < 1) goto bad;
@@ -167,7 +173,9 @@ bad:
BIO_printf(bio_err," -aes128, -aes192, -aes256\n");
BIO_printf(bio_err," encrypt PEM output with cbc aes\n");
#endif
+#ifndef OPENSSL_NO_ENGINE
BIO_printf(bio_err," -engine e - use engine e, possibly a hardware device.\n");
+#endif
BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
BIO_printf(bio_err," - load the file (or the files in the directory) into\n");
BIO_printf(bio_err," the random number generator\n");
@@ -176,7 +184,9 @@ bad:
goto end;
}
+#ifndef OPENSSL_NO_ENGINE
e = setup_engine(bio_err, engine, 0);
+#endif
if(!app_passwd(bio_err, NULL, passargout, NULL, &passout)) {
BIO_printf(bio_err, "Error getting password\n");
diff --git a/crypto/openssl/apps/genrsa.c b/crypto/openssl/apps/genrsa.c
index dbc23e40aa85..63be873b7bf8 100644
--- a/crypto/openssl/apps/genrsa.c
+++ b/crypto/openssl/apps/genrsa.c
@@ -81,7 +81,9 @@ int MAIN(int, char **);
int MAIN(int argc, char **argv)
{
+#ifndef OPENSSL_NO_ENGINE
ENGINE *e = NULL;
+#endif
int ret=1;
RSA *rsa=NULL;
int i,num=DEFBITS;
@@ -90,7 +92,9 @@ int MAIN(int argc, char **argv)
unsigned long f4=RSA_F4;
char *outfile=NULL;
char *passargout = NULL, *passout = NULL;
+#ifndef OPENSSL_NO_ENGINE
char *engine=NULL;
+#endif
char *inrand=NULL;
BIO *out=NULL;
@@ -122,11 +126,13 @@ int MAIN(int argc, char **argv)
f4=3;
else if (strcmp(*argv,"-F4") == 0 || strcmp(*argv,"-f4") == 0)
f4=RSA_F4;
+#ifndef OPENSSL_NO_ENGINE
else if (strcmp(*argv,"-engine") == 0)
{
if (--argc < 1) goto bad;
engine= *(++argv);
}
+#endif
else if (strcmp(*argv,"-rand") == 0)
{
if (--argc < 1) goto bad;
@@ -177,7 +183,9 @@ bad:
BIO_printf(bio_err," -passout arg output file pass phrase source\n");
BIO_printf(bio_err," -f4 use F4 (0x10001) for the E value\n");
BIO_printf(bio_err," -3 use 3 for the E value\n");
+#ifndef OPENSSL_NO_ENGINE
BIO_printf(bio_err," -engine e use engine e, possibly a hardware device.\n");
+#endif
BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
BIO_printf(bio_err," load the file (or the files in the directory) into\n");
BIO_printf(bio_err," the random number generator\n");
@@ -191,7 +199,9 @@ bad:
goto err;
}
+#ifndef OPENSSL_NO_ENGINE
e = setup_engine(bio_err, engine, 0);
+#endif
if (outfile == NULL)
{
diff --git a/crypto/openssl/apps/ocsp.c b/crypto/openssl/apps/ocsp.c
index 92922bc8ad6f..f05ec0e65540 100644
--- a/crypto/openssl/apps/ocsp.c
+++ b/crypto/openssl/apps/ocsp.c
@@ -55,6 +55,7 @@
* Hudson (tjh@cryptsoft.com).
*
*/
+#ifndef OPENSSL_NO_OCSP
#include <stdio.h>
#include <string.h>
@@ -722,7 +723,12 @@ int MAIN(int argc, char **argv)
}
else if (host)
{
+#ifndef OPENSSL_NO_SOCK
cbio = BIO_new_connect(host);
+#else
+ BIO_printf(bio_err, "Error creating connect BIO - sockets not supported.\n");
+ goto end;
+#endif
if (!cbio)
{
BIO_printf(bio_err, "Error creating connect BIO\n");
@@ -732,7 +738,16 @@ int MAIN(int argc, char **argv)
if (use_ssl == 1)
{
BIO *sbio;
+#if !defined(OPENSSL_NO_SSL2) && !defined(OPENSSL_NO_SSL3)
ctx = SSL_CTX_new(SSLv23_client_method());
+#elif !defined(OPENSSL_NO_SSL3)
+ ctx = SSL_CTX_new(SSLv3_client_method());
+#elif !defined(OPENSSL_NO_SSL2)
+ ctx = SSL_CTX_new(SSLv2_client_method());
+#else
+ BIO_printf(bio_err, "SSL is disabled\n");
+ goto end;
+#endif
SSL_CTX_set_mode(ctx, SSL_MODE_AUTO_RETRY);
sbio = BIO_new_ssl(ctx, 1);
cbio = BIO_push(sbio, cbio);
@@ -1139,7 +1154,11 @@ static BIO *init_responder(char *port)
bufbio = BIO_new(BIO_f_buffer());
if (!bufbio)
goto err;
+#ifndef OPENSSL_NO_SOCK
acbio = BIO_new_accept(port);
+#else
+ BIO_printf(bio_err, "Error setting up accept BIO - sockets not supported.\n");
+#endif
if (!acbio)
goto err;
BIO_set_accept_bios(acbio, bufbio);
@@ -1226,3 +1245,4 @@ static int send_ocsp_response(BIO *cbio, OCSP_RESPONSE *resp)
return 1;
}
+#endif
diff --git a/crypto/openssl/apps/openssl.c b/crypto/openssl/apps/openssl.c
index 47896472e8fd..45af2ba7f9a8 100644
--- a/crypto/openssl/apps/openssl.c
+++ b/crypto/openssl/apps/openssl.c
@@ -122,7 +122,9 @@
#include <openssl/x509.h>
#include <openssl/pem.h>
#include <openssl/ssl.h>
+#ifndef OPENSSL_NO_ENGINE
#include <openssl/engine.h>
+#endif
#define USE_SOCKETS /* needed for the _O_BINARY defs in the MS world */
#include "progs.h"
#include "s_apps.h"
diff --git a/crypto/openssl/apps/pkcs12.c b/crypto/openssl/apps/pkcs12.c
index 8d1babe5eab7..5136acdc5759 100644
--- a/crypto/openssl/apps/pkcs12.c
+++ b/crypto/openssl/apps/pkcs12.c
@@ -120,7 +120,9 @@ int MAIN(int argc, char **argv)
char *passin = NULL, *passout = NULL;
char *inrand = NULL;
char *CApath = NULL, *CAfile = NULL;
+#ifndef OPENSSL_NO_ENGINE
char *engine=NULL;
+#endif
apps_startup();
@@ -252,11 +254,13 @@ int MAIN(int argc, char **argv)
args++;
CAfile = *args;
} else badarg = 1;
+#ifndef OPENSSL_NO_ENGINE
} else if (!strcmp(*args,"-engine")) {
if (args[1]) {
args++;
engine = *args;
} else badarg = 1;
+#endif
} else badarg = 1;
} else badarg = 1;
@@ -304,14 +308,18 @@ int MAIN(int argc, char **argv)
BIO_printf (bio_err, "-password p set import/export password source\n");
BIO_printf (bio_err, "-passin p input file pass phrase source\n");
BIO_printf (bio_err, "-passout p output file pass phrase source\n");
+#ifndef OPENSSL_NO_ENGINE
BIO_printf (bio_err, "-engine e use engine e, possibly a hardware device.\n");
+#endif
BIO_printf(bio_err, "-rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
BIO_printf(bio_err, " load the file (or the files in the directory) into\n");
BIO_printf(bio_err, " the random number generator\n");
goto end;
}
+#ifndef OPENSSL_NO_ENGINE
e = setup_engine(bio_err, engine, 0);
+#endif
if(passarg) {
if(export_cert) passargout = passarg;
diff --git a/crypto/openssl/apps/pkcs7.c b/crypto/openssl/apps/pkcs7.c
index 738dd853ceed..6c58c67eb279 100644
--- a/crypto/openssl/apps/pkcs7.c
+++ b/crypto/openssl/apps/pkcs7.c
@@ -82,7 +82,9 @@ int MAIN(int, char **);
int MAIN(int argc, char **argv)
{
+#ifndef OPENSSL_NO_ENGINE
ENGINE *e = NULL;
+#endif
PKCS7 *p7=NULL;
int i,badops=0;
BIO *in=NULL,*out=NULL;
@@ -90,7 +92,9 @@ int MAIN(int argc, char **argv)
char *infile,*outfile,*prog;
int print_certs=0,text=0,noout=0;
int ret=1;
+#ifndef OPENSSL_NO_ENGINE
char *engine=NULL;
+#endif
apps_startup();
@@ -134,11 +138,13 @@ int MAIN(int argc, char **argv)
text=1;
else if (strcmp(*argv,"-print_certs") == 0)
print_certs=1;
+#ifndef OPENSSL_NO_ENGINE
else if (strcmp(*argv,"-engine") == 0)
{
if (--argc < 1) goto bad;
engine= *(++argv);
}
+#endif
else
{
BIO_printf(bio_err,"unknown option %s\n",*argv);
@@ -161,14 +167,18 @@ bad:
BIO_printf(bio_err," -print_certs print any certs or crl in the input\n");
BIO_printf(bio_err," -text print full details of certificates\n");
BIO_printf(bio_err," -noout don't output encoded data\n");
+#ifndef OPENSSL_NO_ENGINE
BIO_printf(bio_err," -engine e use engine e, possibly a hardware device.\n");
+#endif
ret = 1;
goto end;
}
ERR_load_crypto_strings();
+#ifndef OPENSSL_NO_ENGINE
e = setup_engine(bio_err, engine, 0);
+#endif
in=BIO_new(BIO_s_file());
out=BIO_new(BIO_s_file());
diff --git a/crypto/openssl/apps/pkcs8.c b/crypto/openssl/apps/pkcs8.c
index 1debccb17e16..6be27e7f442f 100644
--- a/crypto/openssl/apps/pkcs8.c
+++ b/crypto/openssl/apps/pkcs8.c
@@ -85,7 +85,9 @@ int MAIN(int argc, char **argv)
EVP_PKEY *pkey=NULL;
char pass[50], *passin = NULL, *passout = NULL, *p8pass = NULL;
int badarg = 0;
+#ifndef OPENSSL_NO_ENGINE
char *engine=NULL;
+#endif
if (bio_err == NULL) bio_err = BIO_new_fp (stderr, BIO_NOCLOSE);
@@ -145,11 +147,13 @@ int MAIN(int argc, char **argv)
if (!args[1]) goto bad;
passargout= *(++args);
}
+#ifndef OPENSSL_NO_ENGINE
else if (strcmp(*args,"-engine") == 0)
{
if (!args[1]) goto bad;
engine= *(++args);
}
+#endif
else if (!strcmp (*args, "-in")) {
if (args[1]) {
args++;
@@ -182,11 +186,15 @@ int MAIN(int argc, char **argv)
BIO_printf(bio_err, "-nocrypt use or expect unencrypted private key\n");
BIO_printf(bio_err, "-v2 alg use PKCS#5 v2.0 and cipher \"alg\"\n");
BIO_printf(bio_err, "-v1 obj use PKCS#5 v1.5 and cipher \"alg\"\n");
+#ifndef OPENSSL_NO_ENGINE
BIO_printf(bio_err," -engine e use engine e, possibly a hardware device.\n");
+#endif
return (1);
}
+#ifndef OPENSSL_NO_ENGINE
e = setup_engine(bio_err, engine, 0);
+#endif
if(!app_passwd(bio_err, passargin, passargout, &passin, &passout)) {
BIO_printf(bio_err, "Error getting passwords\n");
diff --git a/crypto/openssl/apps/progs.h b/crypto/openssl/apps/progs.h
index 752385d3a735..70e4dbac0733 100644
--- a/crypto/openssl/apps/progs.h
+++ b/crypto/openssl/apps/progs.h
@@ -35,7 +35,9 @@ extern int pkcs8_main(int argc,char *argv[]);
extern int spkac_main(int argc,char *argv[]);
extern int smime_main(int argc,char *argv[]);
extern int rand_main(int argc,char *argv[]);
+#ifndef OPENSSL_NO_ENGINE
extern int engine_main(int argc,char *argv[]);
+#endif
extern int ocsp_main(int argc,char *argv[]);
#define FUNC_TYPE_GENERAL 1
@@ -92,7 +94,9 @@ FUNCTION functions[] = {
#if !defined(OPENSSL_NO_SOCK) && !(defined(OPENSSL_NO_SSL2) && defined(OPENSSL_NO_SSL3))
{FUNC_TYPE_GENERAL,"s_client",s_client_main},
#endif
+#ifndef OPENSSL_NO_SPEED
{FUNC_TYPE_GENERAL,"speed",speed_main},
+#endif
#if !defined(OPENSSL_NO_SOCK) && !(defined(OPENSSL_NO_SSL2) && defined(OPENSSL_NO_SSL3))
{FUNC_TYPE_GENERAL,"s_time",s_time_main},
#endif
@@ -111,7 +115,9 @@ FUNCTION functions[] = {
{FUNC_TYPE_GENERAL,"spkac",spkac_main},
{FUNC_TYPE_GENERAL,"smime",smime_main},
{FUNC_TYPE_GENERAL,"rand",rand_main},
+#ifndef OPENSSL_NO_ENGINE
{FUNC_TYPE_GENERAL,"engine",engine_main},
+#endif
{FUNC_TYPE_GENERAL,"ocsp",ocsp_main},
#ifndef OPENSSL_NO_MD2
{FUNC_TYPE_MD,"md2",dgst_main},
diff --git a/crypto/openssl/apps/rand.c b/crypto/openssl/apps/rand.c
index eaaa6e35a620..63724bc73025 100644
--- a/crypto/openssl/apps/rand.c
+++ b/crypto/openssl/apps/rand.c
@@ -76,7 +76,9 @@ int MAIN(int, char **);
int MAIN(int argc, char **argv)
{
+#ifndef OPENSSL_NO_ENGINE
ENGINE *e = NULL;
+#endif
int i, r, ret = 1;
int badopt;
char *outfile = NULL;
@@ -84,7 +86,9 @@ int MAIN(int argc, char **argv)
int base64 = 0;
BIO *out = NULL;
int num = -1;
+#ifndef OPENSSL_NO_ENGINE
char *engine=NULL;
+#endif
apps_startup();
@@ -106,6 +110,7 @@ int MAIN(int argc, char **argv)
else
badopt = 1;
}
+#ifndef OPENSSL_NO_ENGINE
else if (strcmp(argv[i], "-engine") == 0)
{
if ((argv[i+1] != NULL) && (engine == NULL))
@@ -113,6 +118,7 @@ int MAIN(int argc, char **argv)
else
badopt = 1;
}
+#endif
else if (strcmp(argv[i], "-rand") == 0)
{
if ((argv[i+1] != NULL) && (inrand == NULL))
@@ -150,13 +156,17 @@ int MAIN(int argc, char **argv)
BIO_printf(bio_err, "Usage: rand [options] num\n");
BIO_printf(bio_err, "where options are\n");
BIO_printf(bio_err, "-out file - write to file\n");
+#ifndef OPENSSL_NO_ENGINE
BIO_printf(bio_err, "-engine e - use engine e, possibly a hardware device.\n");
+#endif
BIO_printf(bio_err, "-rand file%cfile%c... - seed PRNG from files\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
BIO_printf(bio_err, "-base64 - encode output\n");
goto err;
}
+#ifndef OPENSSL_NO_ENGINE
e = setup_engine(bio_err, engine, 0);
+#endif
app_RAND_load_file(NULL, bio_err, (inrand != NULL));
if (inrand != NULL)
diff --git a/crypto/openssl/apps/req.c b/crypto/openssl/apps/req.c
index cffdcd196933..5f6ec3d33914 100644
--- a/crypto/openssl/apps/req.c
+++ b/crypto/openssl/apps/req.c
@@ -162,7 +162,9 @@ int MAIN(int argc, char **argv)
int informat,outformat,verify=0,noout=0,text=0,keyform=FORMAT_PEM;
int nodes=0,kludge=0,newhdr=0,subject=0,pubkey=0;
char *infile,*outfile,*prog,*keyfile=NULL,*template=NULL,*keyout=NULL;
+#ifndef OPENSSL_NO_ENGINE
char *engine=NULL;
+#endif
char *extensions = NULL;
char *req_exts = NULL;
const EVP_CIPHER *cipher=NULL;
@@ -210,11 +212,13 @@ int MAIN(int argc, char **argv)
if (--argc < 1) goto bad;
outformat=str2fmt(*(++argv));
}
+#ifndef OPENSSL_NO_ENGINE
else if (strcmp(*argv,"-engine") == 0)
{
if (--argc < 1) goto bad;
engine= *(++argv);
}
+#endif
else if (strcmp(*argv,"-key") == 0)
{
if (--argc < 1) goto bad;
@@ -428,7 +432,9 @@ bad:
BIO_printf(bio_err," -verify verify signature on REQ\n");
BIO_printf(bio_err," -modulus RSA modulus\n");
BIO_printf(bio_err," -nodes don't encrypt the output key\n");
+#ifndef OPENSSL_NO_ENGINE
BIO_printf(bio_err," -engine e use engine e, possibly a hardware device\n");
+#endif
BIO_printf(bio_err," -subject output the request's subject\n");
BIO_printf(bio_err," -passin private key password source\n");
BIO_printf(bio_err," -key file use the private key contained in file\n");
@@ -453,7 +459,7 @@ bad:
BIO_printf(bio_err," -extensions .. specify certificate extension section (override value in config file)\n");
BIO_printf(bio_err," -reqexts .. specify request extension section (override value in config file)\n");
BIO_printf(bio_err," -utf8 input characters are UTF8 (default ASCII)\n");
- BIO_printf(bio_err," -nameopt arg - various certificate name options\n");
+ BIO_printf(bio_err," -nameopt arg - various certificate name options\n");
BIO_printf(bio_err," -reqopt arg - various request text options\n\n");
goto end;
}
@@ -617,7 +623,9 @@ bad:
if ((in == NULL) || (out == NULL))
goto end;
+#ifndef OPENSSL_NO_ENGINE
e = setup_engine(bio_err, engine, 0);
+#endif
if (keyfile != NULL)
{
@@ -1237,11 +1245,17 @@ start: for (;;)
sprintf(buf,"%s_min",v->name);
if (!NCONF_get_number(req_conf,dn_sect,buf, &n_min))
+ {
+ ERR_clear_error();
n_min = -1;
+ }
sprintf(buf,"%s_max",v->name);
if (!NCONF_get_number(req_conf,dn_sect,buf, &n_max))
+ {
+ ERR_clear_error();
n_max = -1;
+ }
if (!add_DN_object(subj,v->value,def,value,nid,
n_min,n_max, chtype))
diff --git a/crypto/openssl/apps/rsa.c b/crypto/openssl/apps/rsa.c
index aebec744a292..0acdb08b24c3 100644
--- a/crypto/openssl/apps/rsa.c
+++ b/crypto/openssl/apps/rsa.c
@@ -104,7 +104,9 @@ int MAIN(int argc, char **argv)
char *infile,*outfile,*prog;
char *passargin = NULL, *passargout = NULL;
char *passin = NULL, *passout = NULL;
+#ifndef OPENSSL_NO_ENGINE
char *engine=NULL;
+#endif
int modulus=0;
apps_startup();
@@ -156,11 +158,13 @@ int MAIN(int argc, char **argv)
if (--argc < 1) goto bad;
passargout= *(++argv);
}
+#ifndef OPENSSL_NO_ENGINE
else if (strcmp(*argv,"-engine") == 0)
{
if (--argc < 1) goto bad;
engine= *(++argv);
}
+#endif
else if (strcmp(*argv,"-sgckey") == 0)
sgckey=1;
else if (strcmp(*argv,"-pubin") == 0)
@@ -212,13 +216,17 @@ bad:
BIO_printf(bio_err," -check verify key consistency\n");
BIO_printf(bio_err," -pubin expect a public key in input file\n");
BIO_printf(bio_err," -pubout output a public key\n");
+#ifndef OPENSSL_NO_ENGINE
BIO_printf(bio_err," -engine e use engine e, possibly a hardware device.\n");
+#endif
goto end;
}
ERR_load_crypto_strings();
+#ifndef OPENSSL_NO_ENGINE
e = setup_engine(bio_err, engine, 0);
+#endif
if(!app_passwd(bio_err, passargin, passargout, &passin, &passout)) {
BIO_printf(bio_err, "Error getting passwords\n");
diff --git a/crypto/openssl/apps/rsautl.c b/crypto/openssl/apps/rsautl.c
index 36957e5b8420..5a6fd115f41b 100644
--- a/crypto/openssl/apps/rsautl.c
+++ b/crypto/openssl/apps/rsautl.c
@@ -85,7 +85,9 @@ int MAIN(int argc, char **argv)
ENGINE *e = NULL;
BIO *in = NULL, *out = NULL;
char *infile = NULL, *outfile = NULL;
+#ifndef OPENSSL_NO_ENGINE
char *engine = NULL;
+#endif
char *keyfile = NULL;
char rsa_mode = RSA_VERIFY, key_type = KEY_PRIVKEY;
int keyform = FORMAT_PEM;
@@ -125,9 +127,11 @@ int MAIN(int argc, char **argv)
} else if (strcmp(*argv,"-keyform") == 0) {
if (--argc < 1) badarg = 1;
keyform=str2fmt(*(++argv));
+#ifndef OPENSSL_NO_ENGINE
} else if(!strcmp(*argv, "-engine")) {
if (--argc < 1) badarg = 1;
engine = *(++argv);
+#endif
} else if(!strcmp(*argv, "-pubin")) {
key_type = KEY_PUBKEY;
} else if(!strcmp(*argv, "-certin")) {
@@ -162,7 +166,9 @@ int MAIN(int argc, char **argv)
goto end;
}
+#ifndef OPENSSL_NO_ENGINE
e = setup_engine(bio_err, engine, 0);
+#endif
/* FIXME: seed PRNG only if needed */
app_RAND_load_file(NULL, bio_err, 0);
@@ -305,7 +311,9 @@ static void usage()
BIO_printf(bio_err, "-encrypt encrypt with public key\n");
BIO_printf(bio_err, "-decrypt decrypt with private key\n");
BIO_printf(bio_err, "-hexdump hex dump output\n");
+#ifndef OPENSSL_NO_ENGINE
BIO_printf(bio_err, "-engine e use engine e, possibly a hardware device.\n");
+#endif
}
diff --git a/crypto/openssl/apps/s_client.c b/crypto/openssl/apps/s_client.c
index 738588c6aab6..2e73f34676ff 100644
--- a/crypto/openssl/apps/s_client.c
+++ b/crypto/openssl/apps/s_client.c
@@ -222,7 +222,9 @@ static void sc_usage(void)
BIO_printf(bio_err," for those protocols that support it, where\n");
BIO_printf(bio_err," 'prot' defines which one to assume. Currently,\n");
BIO_printf(bio_err," only \"smtp\" is supported.\n");
+#ifndef OPENSSL_NO_ENGINE
BIO_printf(bio_err," -engine id - Initialise and use the specified engine\n");
+#endif
BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
}
@@ -254,8 +256,10 @@ int MAIN(int argc, char **argv)
SSL_METHOD *meth=NULL;
BIO *sbio;
char *inrand=NULL;
+#ifndef OPENSSL_NO_ENGINE
char *engine_id=NULL;
ENGINE *e=NULL;
+#endif
#ifdef OPENSSL_SYS_WINDOWS
struct timeval tv;
#endif
@@ -415,11 +419,13 @@ int MAIN(int argc, char **argv)
else
goto bad;
}
+#ifndef OPENSSL_NO_ENGINE
else if (strcmp(*argv,"-engine") == 0)
{
if (--argc < 1) goto bad;
engine_id = *(++argv);
}
+#endif
else if (strcmp(*argv,"-rand") == 0)
{
if (--argc < 1) goto bad;
@@ -444,7 +450,9 @@ bad:
OpenSSL_add_ssl_algorithms();
SSL_load_error_strings();
+#ifndef OPENSSL_NO_ENGINE
e = setup_engine(bio_err, engine_id, 1);
+#endif
if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL
&& !RAND_status())
diff --git a/crypto/openssl/apps/s_server.c b/crypto/openssl/apps/s_server.c
index 44886c5c2615..5157aae4d19c 100644
--- a/crypto/openssl/apps/s_server.c
+++ b/crypto/openssl/apps/s_server.c
@@ -242,7 +242,9 @@ static int s_msg=0;
static int s_quiet=0;
static int hack=0;
+#ifndef OPENSSL_NO_ENGINE
static char *engine_id=NULL;
+#endif
static const char *session_id_prefix=NULL;
#ifdef MONOLITH
@@ -267,7 +269,9 @@ static void s_server_init(void)
s_msg=0;
s_quiet=0;
hack=0;
+#ifndef OPENSSL_NO_ENGINE
engine_id=NULL;
+#endif
}
#endif
@@ -316,7 +320,9 @@ static void sv_usage(void)
BIO_printf(bio_err," -WWW - Respond to a 'GET /<path> HTTP/1.0' with file ./<path>\n");
BIO_printf(bio_err," -HTTP - Respond to a 'GET /<path> HTTP/1.0' with file ./<path>\n");
BIO_printf(bio_err," with the assumption it contains a complete HTTP response.\n");
+#ifndef OPENSSL_NO_ENGINE
BIO_printf(bio_err," -engine id - Initialise and use the specified engine\n");
+#endif
BIO_printf(bio_err," -id_prefix arg - Generate SSL/TLS session IDs prefixed by 'arg'\n");
BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
}
@@ -490,7 +496,9 @@ int MAIN(int argc, char *argv[])
int no_tmp_rsa=0,no_dhe=0,nocert=0;
int state=0;
SSL_METHOD *meth=NULL;
+#ifndef OPENSSL_NO_ENGINE
ENGINE *e=NULL;
+#endif
char *inrand=NULL;
#if !defined(OPENSSL_NO_SSL2) && !defined(OPENSSL_NO_SSL3)
@@ -665,11 +673,13 @@ int MAIN(int argc, char *argv[])
if (--argc < 1) goto bad;
session_id_prefix = *(++argv);
}
+#ifndef OPENSSL_NO_ENGINE
else if (strcmp(*argv,"-engine") == 0)
{
if (--argc < 1) goto bad;
engine_id= *(++argv);
}
+#endif
else if (strcmp(*argv,"-rand") == 0)
{
if (--argc < 1) goto bad;
@@ -694,7 +704,9 @@ bad:
SSL_load_error_strings();
OpenSSL_add_ssl_algorithms();
+#ifndef OPENSSL_NO_ENGINE
e = setup_engine(bio_err, engine_id, 1);
+#endif
if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL
&& !RAND_status())
diff --git a/crypto/openssl/apps/smime.c b/crypto/openssl/apps/smime.c
index ef0e47746445..cc248d377bb4 100644
--- a/crypto/openssl/apps/smime.c
+++ b/crypto/openssl/apps/smime.c
@@ -104,7 +104,9 @@ int MAIN(int argc, char **argv)
int need_rand = 0;
int informat = FORMAT_SMIME, outformat = FORMAT_SMIME;
int keyform = FORMAT_PEM;
+#ifndef OPENSSL_NO_ENGINE
char *engine=NULL;
+#endif
args = argv + 1;
ret = 1;
@@ -176,11 +178,13 @@ int MAIN(int argc, char **argv)
inrand = *args;
} else badarg = 1;
need_rand = 1;
+#ifndef OPENSSL_NO_ENGINE
} else if (!strcmp(*args,"-engine")) {
if (args[1]) {
args++;
engine = *args;
} else badarg = 1;
+#endif
} else if (!strcmp(*args,"-passin")) {
if (args[1]) {
args++;
@@ -330,7 +334,9 @@ int MAIN(int argc, char **argv)
BIO_printf (bio_err, "-CAfile file trusted certificates file\n");
BIO_printf (bio_err, "-crl_check check revocation status of signer's certificate using CRLs\n");
BIO_printf (bio_err, "-crl_check_all check revocation status of signer's certificate chain using CRLs\n");
+#ifndef OPENSSL_NO_ENGINE
BIO_printf (bio_err, "-engine e use engine e, possibly a hardware device.\n");
+#endif
BIO_printf (bio_err, "-passin arg input file pass phrase source\n");
BIO_printf(bio_err, "-rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
BIO_printf(bio_err, " load the file (or the files in the directory) into\n");
@@ -339,7 +345,9 @@ int MAIN(int argc, char **argv)
goto end;
}
+#ifndef OPENSSL_NO_ENGINE
e = setup_engine(bio_err, engine, 0);
+#endif
if(!app_passwd(bio_err, passargin, NULL, &passin, NULL)) {
BIO_printf(bio_err, "Error getting password\n");
diff --git a/crypto/openssl/apps/speed.c b/crypto/openssl/apps/speed.c
index 7f42b52e73fd..ec55b4188cb4 100644
--- a/crypto/openssl/apps/speed.c
+++ b/crypto/openssl/apps/speed.c
@@ -58,6 +58,8 @@
/* most of this code has been pilfered from my libdes speed.c program */
+#ifndef OPENSSL_NO_SPEED
+
#undef SECONDS
#define SECONDS 3
#define RSA_SECONDS 10
@@ -370,7 +372,9 @@ int MAIN(int, char **);
int MAIN(int argc, char **argv)
{
+#ifndef OPENSSL_NO_ENGINE
ENGINE *e = NULL;
+#endif
unsigned char *buf=NULL,*buf2=NULL;
int mret=1;
long count=0,save_count=0;
@@ -590,6 +594,7 @@ int MAIN(int argc, char **argv)
j--; /* Otherwise, -elapsed gets confused with
an algorithm. */
}
+#ifndef OPENSSL_NO_ENGINE
else if ((argc > 0) && (strcmp(*argv,"-engine") == 0))
{
argc--;
@@ -606,6 +611,7 @@ int MAIN(int argc, char **argv)
means all of them should be run) */
j--;
}
+#endif
#ifdef HAVE_FORK
else if ((argc > 0) && (strcmp(*argv,"-multi") == 0))
{
@@ -865,7 +871,9 @@ int MAIN(int argc, char **argv)
#if defined(TIMES) || defined(USE_TOD)
BIO_printf(bio_err,"-elapsed measure time in real time instead of CPU user time.\n");
#endif
+#ifndef OPENSSL_NO_ENGINE
BIO_printf(bio_err,"-engine e use engine e, possibly a hardware device.\n");
+#endif
BIO_printf(bio_err,"-evp e use EVP e.\n");
BIO_printf(bio_err,"-decrypt time decryption instead of encryption (only EVP).\n");
BIO_printf(bio_err,"-mr produce machine readable output.\n");
@@ -1393,6 +1401,7 @@ int MAIN(int argc, char **argv)
else
EVP_EncryptFinal_ex(&ctx,buf,&outl);
d=Time_F(STOP);
+ EVP_CIPHER_CTX_cleanup(&ctx);
}
if (evp_md)
{
@@ -1939,3 +1948,4 @@ static int do_multi(int multi)
return 1;
}
#endif
+#endif
diff --git a/crypto/openssl/apps/spkac.c b/crypto/openssl/apps/spkac.c
index ed370c5ca9c6..47ee53f1eef6 100644
--- a/crypto/openssl/apps/spkac.c
+++ b/crypto/openssl/apps/spkac.c
@@ -92,7 +92,9 @@ int MAIN(int argc, char **argv)
CONF *conf = NULL;
NETSCAPE_SPKI *spki = NULL;
EVP_PKEY *pkey = NULL;
+#ifndef OPENSSL_NO_ENGINE
char *engine=NULL;
+#endif
apps_startup();
@@ -141,11 +143,13 @@ int MAIN(int argc, char **argv)
if (--argc < 1) goto bad;
spksect= *(++argv);
}
+#ifndef OPENSSL_NO_ENGINE
else if (strcmp(*argv,"-engine") == 0)
{
if (--argc < 1) goto bad;
engine= *(++argv);
}
+#endif
else if (strcmp(*argv,"-noout") == 0)
noout=1;
else if (strcmp(*argv,"-pubkey") == 0)
@@ -171,7 +175,9 @@ bad:
BIO_printf(bio_err," -noout don't print SPKAC\n");
BIO_printf(bio_err," -pubkey output public key\n");
BIO_printf(bio_err," -verify verify SPKAC signature\n");
+#ifndef OPENSSL_NO_ENGINE
BIO_printf(bio_err," -engine e use engine e, possibly a hardware device.\n");
+#endif
goto end;
}
@@ -181,7 +187,9 @@ bad:
goto end;
}
+#ifndef OPENSSL_NO_ENGINE
e = setup_engine(bio_err, engine, 0);
+#endif
if(keyfile) {
pkey = load_key(bio_err,
diff --git a/crypto/openssl/apps/verify.c b/crypto/openssl/apps/verify.c
index 9a18213ece45..6a93c018b8ce 100644
--- a/crypto/openssl/apps/verify.c
+++ b/crypto/openssl/apps/verify.c
@@ -86,7 +86,9 @@ int MAIN(int argc, char **argv)
STACK_OF(X509) *untrusted = NULL, *trusted = NULL;
X509_STORE *cert_ctx=NULL;
X509_LOOKUP *lookup=NULL;
+#ifndef OPENSSL_NO_ENGINE
char *engine=NULL;
+#endif
cert_ctx=X509_STORE_new();
if (cert_ctx == NULL) goto end;
@@ -142,11 +144,13 @@ int MAIN(int argc, char **argv)
if (argc-- < 1) goto end;
trustfile= *(++argv);
}
+#ifndef OPENSSL_NO_ENGINE
else if (strcmp(*argv,"-engine") == 0)
{
if (--argc < 1) goto end;
engine= *(++argv);
}
+#endif
else if (strcmp(*argv,"-help") == 0)
goto end;
else if (strcmp(*argv,"-ignore_critical") == 0)
@@ -170,7 +174,9 @@ int MAIN(int argc, char **argv)
break;
}
+#ifndef OPENSSL_NO_ENGINE
e = setup_engine(bio_err, engine, 0);
+#endif
lookup=X509_STORE_add_lookup(cert_ctx,X509_LOOKUP_file());
if (lookup == NULL) abort();
@@ -219,7 +225,11 @@ int MAIN(int argc, char **argv)
ret=0;
end:
if (ret == 1) {
- BIO_printf(bio_err,"usage: verify [-verbose] [-CApath path] [-CAfile file] [-purpose purpose] [-crl_check] [-engine e] cert1 cert2 ...\n");
+ BIO_printf(bio_err,"usage: verify [-verbose] [-CApath path] [-CAfile file] [-purpose purpose] [-crl_check]");
+#ifndef OPENSSL_NO_ENGINE
+ BIO_printf(bio_err," [-engine e]");
+#endif
+ BIO_printf(bio_err," cert1 cert2 ...\n");
BIO_printf(bio_err,"recognized usages:\n");
for(i = 0; i < X509_PURPOSE_get_count(); i++) {
X509_PURPOSE *ptmp;
diff --git a/crypto/openssl/apps/x509.c b/crypto/openssl/apps/x509.c
index 7915eca65c82..1ac6452bdb4c 100644
--- a/crypto/openssl/apps/x509.c
+++ b/crypto/openssl/apps/x509.c
@@ -131,7 +131,9 @@ static char *x509_usage[]={
" -extensions - section from config file with X509V3 extensions to add\n",
" -clrext - delete extensions before signing and input certificate\n",
" -nameopt arg - various certificate name options\n",
+#ifndef OPENSSL_NO_ENGINE
" -engine e - use engine e, possibly a hardware device.\n",
+#endif
" -certopt arg - various certificate text options\n",
NULL
};
@@ -183,7 +185,9 @@ int MAIN(int argc, char **argv)
int need_rand = 0;
int checkend=0,checkoffset=0;
unsigned long nmflag = 0, certflag = 0;
+#ifndef OPENSSL_NO_ENGINE
char *engine=NULL;
+#endif
reqfile=0;
@@ -360,11 +364,13 @@ int MAIN(int argc, char **argv)
alias= *(++argv);
trustout = 1;
}
+#ifndef OPENSSL_NO_ENGINE
else if (strcmp(*argv,"-engine") == 0)
{
if (--argc < 1) goto bad;
engine= *(++argv);
}
+#endif
else if (strcmp(*argv,"-C") == 0)
C= ++num;
else if (strcmp(*argv,"-email") == 0)
@@ -450,7 +456,9 @@ bad:
goto end;
}
+#ifndef OPENSSL_NO_ENGINE
e = setup_engine(bio_err, engine, 0);
+#endif
if (need_rand)
app_RAND_load_file(NULL, bio_err, 0);
diff --git a/crypto/openssl/config b/crypto/openssl/config
index 8988f665bbf2..88d28735cdf2 100755
--- a/crypto/openssl/config
+++ b/crypto/openssl/config
@@ -74,34 +74,27 @@ if [ "x$XREL" != "x" ]; then
echo "whatever-whatever-sco5"; exit 0
;;
4.2MP)
- if [ "x$VERSION" = "x2.01" ]; then
- echo "${MACHINE}-whatever-unixware201"; exit 0
- elif [ "x$VERSION" = "x2.02" ]; then
- echo "${MACHINE}-whatever-unixware202"; exit 0
- elif [ "x$VERSION" = "x2.03" ]; then
- echo "${MACHINE}-whatever-unixware203"; exit 0
- elif [ "x$VERSION" = "x2.1.1" ]; then
- echo "${MACHINE}-whatever-unixware211"; exit 0
- elif [ "x$VERSION" = "x2.1.2" ]; then
- echo "${MACHINE}-whatever-unixware212"; exit 0
- elif [ "x$VERSION" = "x2.1.3" ]; then
- echo "${MACHINE}-whatever-unixware213"; exit 0
- else
- echo "${MACHINE}-whatever-unixware2"; exit 0
- fi
+ case "x${VERSION}" in
+ x2.0*) echo "whatever-whatever-unixware20"; exit 0 ;;
+ x2.1*) echo "whatever-whatever-unixware21"; exit 0 ;;
+ x2*) echo "whatever-whatever-unixware2"; exit 0 ;;
+ esac
;;
4.2)
- echo "whatever-whatever-unixware1"; exit 0
- ;;
- OpenUNIX)
- if [ "`echo x$VERSION | sed -e 's/\..*//'`" = "x8" ]; then
- echo "${MACHINE}-unknown-OpenUNIX${VERSION}"; exit 0
- fi
+ echo "i386-whatever-unixware1"; exit 0
;;
5)
- if [ "`echo x$VERSION | sed -e 's/\..*//'`" = "x7" ]; then
- echo "${MACHINE}-sco-unixware7"; exit 0
- fi
+ case "x${VERSION}" in
+ # We hardcode i586 in place of ${MACHINE} for the
+ # following reason. The catch is that even though Pentium
+ # is minimum requirement for platforms in question,
+ # ${MACHINE} gets always assigned to i386. Now, problem
+ # with i386 is that it makes ./config pass 386 to
+ # ./Configure, which in turn makes make generate
+ # inefficient SHA-1 (for this moment) code.
+ x7*) echo "i586-sco-unixware7"; exit 0 ;;
+ x8*) echo "i586-unkn-OpenUNIX${VERSION}"; exit 0 ;;
+ esac
;;
esac
fi
@@ -196,7 +189,7 @@ case "${SYSTEM}:${RELEASE}:${VERSION}:${MACHINE}" in
echo "${MACHINE}-whatever-bsdi"; exit 0
;;
- FreeBSD:*)
+ FreeBSD:*:*:*386*)
VERS=`echo ${RELEASE} | sed -e 's/[-(].*//'`
MACH=`sysctl -n hw.model`
ARCH='whatever'
@@ -205,7 +198,6 @@ case "${SYSTEM}:${RELEASE}:${VERSION}:${MACHINE}" in
*486* ) MACH="i486" ;;
Pentium\ II*) MACH="i686" ;;
Pentium* ) MACH="i586" ;;
- Alpha* ) MACH="alpha" ;;
* ) MACH="$MACHINE" ;;
esac
case ${MACH} in
@@ -214,6 +206,10 @@ case "${SYSTEM}:${RELEASE}:${VERSION}:${MACHINE}" in
echo "${MACH}-${ARCH}-freebsd${VERS}"; exit 0
;;
+ FreeBSD:*)
+ echo "${MACHINE}-whatever-freebsd"; exit 0
+ ;;
+
NetBSD:*:*:*386*)
echo "`(/usr/sbin/sysctl -n hw.model || /sbin/sysctl -n hw.model) | sed 's,.*\(.\)86-class.*,i\186,'`-whatever-netbsd"; exit 0
;;
@@ -461,6 +457,10 @@ if [ "${SYSTEM}-${MACHINE}" = "Linux-alpha" ]; then
fi
fi
+if [ "${SYSTEM}" = "AIX" ]; then # favor vendor cc over gcc
+ (cc) 2>&1 | grep -iv "command not found" > /dev/null && CC=cc
+fi
+
CCVER=${CCVER:-0}
# read the output of the embedded GuessOS
@@ -547,7 +547,7 @@ EOF
ppc-apple-darwin*) OUT="darwin-ppc-cc" ;;
i386-apple-darwin*) OUT="darwin-i386-cc" ;;
sparc64-*-linux2)
- echo "WARNING! If *know* that your GNU C supports 64-bit/V9 ABI"
+ echo "WARNING! If you *know* that your GNU C supports 64-bit/V9 ABI"
echo " and wish to build 64-bit library, then you have to"
echo " invoke './Configure linux64-sparcv9' *manually*."
if [ "$TEST" = "false" ]; then
@@ -640,6 +640,8 @@ EOF
*86*-*-solaris2) OUT="solaris-x86-$CC" ;;
*-*-sunos4) OUT="sunos-$CC" ;;
alpha*-*-freebsd*) OUT="FreeBSD-alpha" ;;
+ sparc64-*-freebsd*) OUT="FreeBSD-sparc64" ;;
+ ia64-*-freebsd*) OUT="FreeBSD-ia64" ;;
*-freebsd[3-9]*) OUT="FreeBSD-elf" ;;
*-freebsd[1-2]*) OUT="FreeBSD" ;;
*86*-*-netbsd) OUT="NetBSD-x86" ;;
@@ -696,9 +698,11 @@ EOF
CPU_VERSION=${CPU_VERSION:-0}
# See <sys/unistd.h> for further info on CPU_VERSION.
if [ $CPU_VERSION -ge 768 ]; then # IA-64 CPU
- echo "NOTICE! 64-bit is the only ABI currently operational on HP-UXi."
- echo " Post request to openssl-dev@openssl.org for 32-bit support."
+ echo "WARNING! 64-bit ABI is the default configured ABI on HP-UXi."
+ echo " If you wish to build 32-bit library, the you have to"
+ echo " invoke './Configure hpux-ia32-cc' *manually*."
if [ "$TEST" = "false" ]; then
+ echo " You have about 5 seconds to press Ctrl-C to abort."
(stty -icanon min 0 time 50; read waste) < /dev/tty
fi
OUT="hpux64-ia64-cc"
diff --git a/crypto/openssl/crypto/aes/aes_core.c b/crypto/openssl/crypto/aes/aes_core.c
index ea884f6f9e84..2f41a825f8d9 100644
--- a/crypto/openssl/crypto/aes/aes_core.c
+++ b/crypto/openssl/crypto/aes/aes_core.c
@@ -750,7 +750,7 @@ int AES_set_encrypt_key(const unsigned char *userKey, const int bits,
rk[2] = GETU32(userKey + 8);
rk[3] = GETU32(userKey + 12);
if (bits == 128) {
- for (;;) {
+ while (1) {
temp = rk[3];
rk[4] = rk[0] ^
(Te4[(temp >> 16) & 0xff] & 0xff000000) ^
@@ -770,7 +770,7 @@ int AES_set_encrypt_key(const unsigned char *userKey, const int bits,
rk[4] = GETU32(userKey + 16);
rk[5] = GETU32(userKey + 20);
if (bits == 192) {
- for (;;) {
+ while (1) {
temp = rk[ 5];
rk[ 6] = rk[ 0] ^
(Te4[(temp >> 16) & 0xff] & 0xff000000) ^
@@ -792,7 +792,7 @@ int AES_set_encrypt_key(const unsigned char *userKey, const int bits,
rk[6] = GETU32(userKey + 24);
rk[7] = GETU32(userKey + 28);
if (bits == 256) {
- for (;;) {
+ while (1) {
temp = rk[ 7];
rk[ 8] = rk[ 0] ^
(Te4[(temp >> 16) & 0xff] & 0xff000000) ^
diff --git a/crypto/openssl/crypto/asn1/a_time.c b/crypto/openssl/crypto/asn1/a_time.c
index 6e5e9d845dc3..7348da9457b3 100644
--- a/crypto/openssl/crypto/asn1/a_time.c
+++ b/crypto/openssl/crypto/asn1/a_time.c
@@ -105,7 +105,10 @@ ASN1_TIME *ASN1_TIME_set(ASN1_TIME *s, time_t t)
ts=OPENSSL_gmtime(&t,&data);
if (ts == NULL)
+ {
+ ASN1err(ASN1_F_ASN1_TIME_SET, ASN1_R_ERROR_GETTING_TIME);
return NULL;
+ }
if((ts->tm_year >= 50) && (ts->tm_year < 150))
return ASN1_UTCTIME_set(s, t);
return ASN1_GENERALIZEDTIME_set(s,t);
@@ -152,7 +155,7 @@ ASN1_GENERALIZEDTIME *ASN1_TIME_to_generalizedtime(ASN1_TIME *t, ASN1_GENERALIZE
if (t->data[0] >= '5') strcpy(str, "19");
else strcpy(str, "20");
- BUF_strlcat(str, (char *)t->data, t->length+2);
+ BUF_strlcat(str, (char *)t->data, t->length+3); /* Include space for a '\0' */
return ret;
}
diff --git a/crypto/openssl/crypto/asn1/asn1.h b/crypto/openssl/crypto/asn1/asn1.h
index 28b5b008f876..99ba920eca1f 100644
--- a/crypto/openssl/crypto/asn1/asn1.h
+++ b/crypto/openssl/crypto/asn1/asn1.h
@@ -980,6 +980,7 @@ void ERR_load_ASN1_strings(void);
#define ASN1_F_ASN1_TEMPLATE_D2I 131
#define ASN1_F_ASN1_TEMPLATE_EX_D2I 132
#define ASN1_F_ASN1_TEMPLATE_NEW 133
+#define ASN1_F_ASN1_TIME_SET 175
#define ASN1_F_ASN1_TYPE_GET_INT_OCTETSTRING 134
#define ASN1_F_ASN1_TYPE_GET_OCTETSTRING 135
#define ASN1_F_ASN1_UNPACK_STRING 136
@@ -1037,6 +1038,7 @@ void ERR_load_ASN1_strings(void);
#define ASN1_R_DECODE_ERROR 110
#define ASN1_R_DECODING_ERROR 111
#define ASN1_R_ENCODE_ERROR 112
+#define ASN1_R_ERROR_GETTING_TIME 173
#define ASN1_R_ERROR_LOADING_SECTION 172
#define ASN1_R_ERROR_PARSING_SET_ELEMENT 113
#define ASN1_R_ERROR_SETTING_CIPHER_PARAMS 114
diff --git a/crypto/openssl/crypto/asn1/asn1_err.c b/crypto/openssl/crypto/asn1/asn1_err.c
index c4c3d2a91df1..094ec06fda08 100644
--- a/crypto/openssl/crypto/asn1/asn1_err.c
+++ b/crypto/openssl/crypto/asn1/asn1_err.c
@@ -1,6 +1,6 @@
/* crypto/asn1/asn1_err.c */
/* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
+ * Copyright (c) 1999-2002 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -100,6 +100,7 @@ static ERR_STRING_DATA ASN1_str_functs[]=
{ERR_PACK(0,ASN1_F_ASN1_TEMPLATE_D2I,0), "ASN1_TEMPLATE_D2I"},
{ERR_PACK(0,ASN1_F_ASN1_TEMPLATE_EX_D2I,0), "ASN1_TEMPLATE_EX_D2I"},
{ERR_PACK(0,ASN1_F_ASN1_TEMPLATE_NEW,0), "ASN1_TEMPLATE_NEW"},
+{ERR_PACK(0,ASN1_F_ASN1_TIME_SET,0), "ASN1_TIME_set"},
{ERR_PACK(0,ASN1_F_ASN1_TYPE_GET_INT_OCTETSTRING,0), "ASN1_TYPE_get_int_octetstring"},
{ERR_PACK(0,ASN1_F_ASN1_TYPE_GET_OCTETSTRING,0), "ASN1_TYPE_get_octetstring"},
{ERR_PACK(0,ASN1_F_ASN1_UNPACK_STRING,0), "ASN1_unpack_string"},
@@ -160,6 +161,7 @@ static ERR_STRING_DATA ASN1_str_reasons[]=
{ASN1_R_DECODE_ERROR ,"decode error"},
{ASN1_R_DECODING_ERROR ,"decoding error"},
{ASN1_R_ENCODE_ERROR ,"encode error"},
+{ASN1_R_ERROR_GETTING_TIME ,"error getting time"},
{ASN1_R_ERROR_LOADING_SECTION ,"error loading section"},
{ASN1_R_ERROR_PARSING_SET_ELEMENT ,"error parsing set element"},
{ASN1_R_ERROR_SETTING_CIPHER_PARAMS ,"error setting cipher params"},
diff --git a/crypto/openssl/crypto/bf/Makefile.ssl b/crypto/openssl/crypto/bf/Makefile.ssl
index bd3cedc4f88a..bb14a0ee8250 100644
--- a/crypto/openssl/crypto/bf/Makefile.ssl
+++ b/crypto/openssl/crypto/bf/Makefile.ssl
@@ -49,14 +49,8 @@ lib: $(LIBOBJ)
@touch lib
# elf
-asm/bx86-elf.o: asm/bx86unix.cpp
- $(CPP) -DELF -x c asm/bx86unix.cpp | as -o asm/bx86-elf.o
-
-# solaris
-asm/bx86-sol.o: asm/bx86unix.cpp
- $(CC) -E -DSOL asm/bx86unix.cpp | sed 's/^#.*//' > asm/bx86-sol.s
- as -o asm/bx86-sol.o asm/bx86-sol.s
- rm -f asm/bx86-sol.s
+asm/bx86-elf.s: asm/bf-586.pl ../perlasm/x86asm.pl ../perlasm/cbc.pl
+ (cd asm; $(PERL) bf-586.pl elf $(CFLAGS) $(PROCESSOR) > bx86-elf.s)
# a.out
asm/bx86-out.o: asm/bx86unix.cpp
@@ -103,7 +97,7 @@ dclean:
mv -f Makefile.new $(MAKEFILE)
clean:
- rm -f asm/bx86unix.cpp *.o asm/*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+ rm -f asm/bx86unix.cpp asm/*-elf.* *.o asm/*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
# DO NOT DELETE THIS LINE -- make depend depends on it.
diff --git a/crypto/openssl/crypto/bio/b_sock.c b/crypto/openssl/crypto/bio/b_sock.c
index 86f38172fba6..601a14f37c5b 100644
--- a/crypto/openssl/crypto/bio/b_sock.c
+++ b/crypto/openssl/crypto/bio/b_sock.c
@@ -492,7 +492,7 @@ void BIO_sock_cleanup(void)
#if !defined(OPENSSL_SYS_VMS) || __VMS_VER >= 70000000
-int BIO_socket_ioctl(int fd, long type, unsigned long *arg)
+int BIO_socket_ioctl(int fd, long type, void *arg)
{
int i;
@@ -742,7 +742,7 @@ int BIO_set_tcp_ndelay(int s, int on)
int BIO_socket_nbio(int s, int mode)
{
int ret= -1;
- unsigned long l;
+ int l;
l=mode;
#ifdef FIONBIO
diff --git a/crypto/openssl/crypto/bio/bio.h b/crypto/openssl/crypto/bio/bio.h
index ecd289991874..fbbc16d00c52 100644
--- a/crypto/openssl/crypto/bio/bio.h
+++ b/crypto/openssl/crypto/bio/bio.h
@@ -244,7 +244,7 @@ typedef struct bio_method_st
long (_far *ctrl)();
int (_far *create)();
int (_far *destroy)();
- long (_fat *callback_ctrl)();
+ long (_far *callback_ctrl)();
} BIO_METHOD;
#endif
@@ -585,7 +585,7 @@ struct hostent *BIO_gethostbyname(const char *name);
* and an appropriate error code is set).
*/
int BIO_sock_error(int sock);
-int BIO_socket_ioctl(int fd, long type, unsigned long *arg);
+int BIO_socket_ioctl(int fd, long type, void *arg);
int BIO_socket_nbio(int fd,int mode);
int BIO_get_port(const char *str, unsigned short *port_ptr);
int BIO_get_host_ip(const char *str, unsigned char *ip);
diff --git a/crypto/openssl/crypto/bio/bio_lib.c b/crypto/openssl/crypto/bio/bio_lib.c
index 98ce395519f4..692c8fb5c653 100644
--- a/crypto/openssl/crypto/bio/bio_lib.c
+++ b/crypto/openssl/crypto/bio/bio_lib.c
@@ -395,6 +395,8 @@ BIO *BIO_pop(BIO *b)
if (b == NULL) return(NULL);
ret=b->next_bio;
+ BIO_ctrl(b,BIO_CTRL_POP,0,NULL);
+
if (b->prev_bio != NULL)
b->prev_bio->next_bio=b->next_bio;
if (b->next_bio != NULL)
@@ -402,7 +404,6 @@ BIO *BIO_pop(BIO *b)
b->next_bio=NULL;
b->prev_bio=NULL;
- BIO_ctrl(b,BIO_CTRL_POP,0,NULL);
return(ret);
}
diff --git a/crypto/openssl/crypto/bn/Makefile.ssl b/crypto/openssl/crypto/bn/Makefile.ssl
index 1d37892013f6..c1547a8e6d06 100644
--- a/crypto/openssl/crypto/bn/Makefile.ssl
+++ b/crypto/openssl/crypto/bn/Makefile.ssl
@@ -23,14 +23,6 @@ BN_ASM= bn_asm.o
CFLAGS= $(INCLUDES) $(CFLAG)
-# We let the C compiler driver to take care of .s files. This is done in
-# order to be excused from maintaining a separate set of architecture
-# dependent assembler flags. E.g. if you throw -mcpu=ultrasparc at SPARC
-# gcc, then the driver will automatically translate it to -xarch=v8plus
-# and pass it down to assembler.
-AS=$(CC) -c
-ASFLAGS=$(CFLAGS)
-
GENERAL=Makefile
TEST=bntest.c exptest.c
APPS=
@@ -73,22 +65,11 @@ lib: $(LIBOBJ)
@touch lib
# elf
-asm/bn86-elf.o: asm/bn86unix.cpp
- $(CPP) -DELF -x c asm/bn86unix.cpp | as -o asm/bn86-elf.o
-
-asm/co86-elf.o: asm/co86unix.cpp
- $(CPP) -DELF -x c asm/co86unix.cpp | as -o asm/co86-elf.o
-
-# solaris
-asm/bn86-sol.o: asm/bn86unix.cpp
- $(CC) -E -DSOL asm/bn86unix.cpp | sed 's/^#.*//' > asm/bn86-sol.s
- as -o asm/bn86-sol.o asm/bn86-sol.s
- rm -f asm/bn86-sol.s
+asm/bn86-elf.s: asm/bn-586.pl ../perlasm/x86asm.pl
+ (cd asm; $(PERL) bn-586.pl elf $(CFLAGS) > bn86-elf.s)
-asm/co86-sol.o: asm/co86unix.cpp
- $(CC) -E -DSOL asm/co86unix.cpp | sed 's/^#.*//' > asm/co86-sol.s
- as -o asm/co86-sol.o asm/co86-sol.s
- rm -f asm/co86-sol.s
+asm/co86-elf.s: asm/co-586.pl ../perlasm/x86asm.pl
+ (cd asm; $(PERL) co-586.pl elf $(CFLAGS) > co86-elf.s)
# a.out
asm/bn86-out.o: asm/bn86unix.cpp
@@ -178,7 +159,7 @@ dclean:
mv -f Makefile.new $(MAKEFILE)
clean:
- rm -f asm/co86unix.cpp asm/bn86unix.cpp *.o */*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff bn_asm.s
+ rm -f asm/co86unix.cpp asm/bn86unix.cpp asm/*-elf.* *.o */*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff bn_asm.s
# DO NOT DELETE THIS LINE -- make depend depends on it.
diff --git a/crypto/openssl/crypto/bn/asm/ia64.S b/crypto/openssl/crypto/bn/asm/ia64.S
index ae56066310b8..7dfda8556603 100644
--- a/crypto/openssl/crypto/bn/asm/ia64.S
+++ b/crypto/openssl/crypto/bn/asm/ia64.S
@@ -1,6 +1,6 @@
.explicit
.text
-.ident "ia64.S, Version 1.1"
+.ident "ia64.S, Version 2.0"
.ident "IA-64 ISA artwork by Andy Polyakov <appro@fy.chalmers.se>"
//
@@ -13,6 +13,35 @@
// disclaimed.
// ====================================================================
//
+// Version 2.x is Itanium2 re-tune. Few words about how Itanum2 is
+// different from Itanium to this module viewpoint. Most notably, is it
+// "wider" than Itanium? Can you experience loop scalability as
+// discussed in commentary sections? Not really:-( Itanium2 has 6
+// integer ALU ports, i.e. it's 2 ports wider, but it's not enough to
+// spin twice as fast, as I need 8 IALU ports. Amount of floating point
+// ports is the same, i.e. 2, while I need 4. In other words, to this
+// module Itanium2 remains effectively as "wide" as Itanium. Yet it's
+// essentially different in respect to this module, and a re-tune was
+// required. Well, because some intruction latencies has changed. Most
+// noticeably those intensively used:
+//
+// Itanium Itanium2
+// ldf8 9 6 L2 hit
+// ld8 2 1 L1 hit
+// getf 2 5
+// xma[->getf] 7[+1] 4[+0]
+// add[->st8] 1[+1] 1[+0]
+//
+// What does it mean? You might ratiocinate that the original code
+// should run just faster... Because sum of latencies is smaller...
+// Wrong! Note that getf latency increased. This means that if a loop is
+// scheduled for lower latency (and they are), then it will suffer from
+// stall condition and the code will therefore turn anti-scalable, e.g.
+// original bn_mul_words spun at 5*n or 2.5 times slower than expected
+// on Itanium2! What to do? Reschedule loops for Itanium2? But then
+// Itanium would exhibit anti-scalability. So I've chosen to reschedule
+// for worst latency for every instruction aiming for best *all-round*
+// performance.
// Q. How much faster does it get?
// A. Here is the output from 'openssl speed rsa dsa' for vanilla
@@ -149,12 +178,27 @@ bn_add_words:
brp.loop.imp .L_bn_add_words_ctop,.L_bn_add_words_cend-16
}
.body
-{ .mib; mov r14=r32 // rp
+{ .mib;
+#if defined(_HPUX_SOURCE) && defined(_ILP32)
+ addp4 r14=0,r32 // rp
+#else
+ mov r14=r32 // rp
+#endif
mov r9=pr };;
-{ .mii; mov r15=r33 // ap
+{ .mii;
+#if defined(_HPUX_SOURCE) && defined(_ILP32)
+ addp4 r15=0,r33 // ap
+#else
+ mov r15=r33 // ap
+#endif
mov ar.lc=r10
mov ar.ec=6 }
-{ .mib; mov r16=r34 // bp
+{ .mib;
+#if defined(_HPUX_SOURCE) && defined(_ILP32)
+ addp4 r16=0,r34 // bp
+#else
+ mov r16=r34 // bp
+#endif
mov pr.rot=1<<16 };;
.L_bn_add_words_ctop:
@@ -174,7 +218,7 @@ bn_add_words:
{ .mii;
(p59) add r8=1,r8 // return value
- mov pr=r9,-1
+ mov pr=r9,0x1ffff
mov ar.lc=r3 }
{ .mbb; nop.b 0x0
br.ret.sptk.many b0 };;
@@ -202,12 +246,27 @@ bn_sub_words:
brp.loop.imp .L_bn_sub_words_ctop,.L_bn_sub_words_cend-16
}
.body
-{ .mib; mov r14=r32 // rp
+{ .mib;
+#if defined(_HPUX_SOURCE) && defined(_ILP32)
+ addp4 r14=0,r32 // rp
+#else
+ mov r14=r32 // rp
+#endif
mov r9=pr };;
-{ .mii; mov r15=r33 // ap
+{ .mii;
+#if defined(_HPUX_SOURCE) && defined(_ILP32)
+ addp4 r15=0,r33 // ap
+#else
+ mov r15=r33 // ap
+#endif
mov ar.lc=r10
mov ar.ec=6 }
-{ .mib; mov r16=r34 // bp
+{ .mib;
+#if defined(_HPUX_SOURCE) && defined(_ILP32)
+ addp4 r16=0,r34 // bp
+#else
+ mov r16=r34 // bp
+#endif
mov pr.rot=1<<16 };;
.L_bn_sub_words_ctop:
@@ -227,7 +286,7 @@ bn_sub_words:
{ .mii;
(p59) add r8=1,r8 // return value
- mov pr=r9,-1
+ mov pr=r9,0x1ffff
mov ar.lc=r3 }
{ .mbb; nop.b 0x0
br.ret.sptk.many b0 };;
@@ -253,7 +312,7 @@ bn_mul_words:
#ifdef XMA_TEMPTATION
{ .mfi; alloc r2=ar.pfs,4,0,0,0 };;
#else
-{ .mfi; alloc r2=ar.pfs,4,4,0,8 };;
+{ .mfi; alloc r2=ar.pfs,4,12,0,16 };;
#endif
{ .mib; mov r8=r0 // return value
cmp4.le p6,p0=r34,r0
@@ -266,24 +325,30 @@ bn_mul_words:
.body
{ .mib; setf.sig f8=r35 // w
- mov pr.rot=0x400001<<16
- // ------^----- serves as (p48) at first (p26)
+ mov pr.rot=0x800001<<16
+ // ------^----- serves as (p50) at first (p27)
brp.loop.imp .L_bn_mul_words_ctop,.L_bn_mul_words_cend-16
}
#ifndef XMA_TEMPTATION
-{ .mii; mov r14=r32 // rp
- mov r15=r33 // ap
+{ .mii;
+#if defined(_HPUX_SOURCE) && defined(_ILP32)
+ addp4 r14=0,r32 // rp
+ addp4 r15=0,r33 // ap
+#else
+ mov r14=r32 // rp
+ mov r15=r33 // ap
+#endif
mov ar.lc=r10 }
-{ .mii; mov r39=0 // serves as r33 at first (p26)
- mov ar.ec=12 };;
+{ .mii; mov r40=0 // serves as r35 at first (p27)
+ mov ar.ec=13 };;
-// This loop spins in 2*(n+11) ticks. It's scheduled for data in L2
-// cache (i.e. 9 ticks away) as floating point load/store instructions
+// This loop spins in 2*(n+12) ticks. It's scheduled for data in Itanium
+// L2 cache (i.e. 9 ticks away) as floating point load/store instructions
// bypass L1 cache and L2 latency is actually best-case scenario for
-// ldf8. The loop is not scalable and shall run in 2*(n+11) even on
-// "wider" IA-64 implementations. It's a trade-off here. n+22 loop
+// ldf8. The loop is not scalable and shall run in 2*(n+12) even on
+// "wider" IA-64 implementations. It's a trade-off here. n+24 loop
// would give us ~5% in *overall* performance improvement on "wider"
// IA-64, but would hurt Itanium for about same because of longer
// epilogue. As it's a matter of few percents in either case I've
@@ -291,25 +356,25 @@ bn_mul_words:
// this very instruction sequence in bn_mul_add_words loop which in
// turn is scalable).
.L_bn_mul_words_ctop:
-{ .mfi; (p25) getf.sig r36=f49 // low
- (p21) xmpy.lu f45=f37,f8
- (p27) cmp.ltu p52,p48=r39,r38 }
+{ .mfi; (p25) getf.sig r36=f52 // low
+ (p21) xmpy.lu f48=f37,f8
+ (p28) cmp.ltu p54,p50=r41,r39 }
{ .mfi; (p16) ldf8 f32=[r15],8
- (p21) xmpy.hu f38=f37,f8
+ (p21) xmpy.hu f40=f37,f8
(p0) nop.i 0x0 };;
-{ .mii; (p26) getf.sig r32=f43 // high
- .pred.rel "mutex",p48,p52
- (p48) add r38=r37,r33 // (p26)
- (p52) add r38=r37,r33,1 } // (p26)
-{ .mfb; (p27) st8 [r14]=r39,8
+{ .mii; (p25) getf.sig r32=f44 // high
+ .pred.rel "mutex",p50,p54
+ (p50) add r40=r38,r35 // (p27)
+ (p54) add r40=r38,r35,1 } // (p27)
+{ .mfb; (p28) st8 [r14]=r41,8
(p0) nop.f 0x0
br.ctop.sptk .L_bn_mul_words_ctop };;
.L_bn_mul_words_cend:
{ .mii; nop.m 0x0
-.pred.rel "mutex",p49,p53
-(p49) add r8=r34,r0
-(p53) add r8=r34,r0,1 }
+.pred.rel "mutex",p51,p55
+(p51) add r8=r36,r0
+(p55) add r8=r36,r0,1 }
{ .mfb; nop.m 0x0
nop.f 0x0
nop.b 0x0 }
@@ -344,7 +409,7 @@ bn_mul_words:
#endif // XMA_TEMPTATION
{ .mii; nop.m 0x0
- mov pr=r9,-1
+ mov pr=r9,0x1ffff
mov ar.lc=r3 }
{ .mfb; rum 1<<5 // clear um.mfh
nop.f 0x0
@@ -376,59 +441,69 @@ bn_mul_add_words:
.body
{ .mib; setf.sig f8=r35 // w
- mov pr.rot=0x400001<<16
- // ------^----- serves as (p48) at first (p26)
+ mov pr.rot=0x800001<<16
+ // ------^----- serves as (p50) at first (p27)
brp.loop.imp .L_bn_mul_add_words_ctop,.L_bn_mul_add_words_cend-16
}
-{ .mii; mov r14=r32 // rp
- mov r15=r33 // ap
+{ .mii;
+#if defined(_HPUX_SOURCE) && defined(_ILP32)
+ addp4 r14=0,r32 // rp
+ addp4 r15=0,r33 // ap
+#else
+ mov r14=r32 // rp
+ mov r15=r33 // ap
+#endif
mov ar.lc=r10 }
-{ .mii; mov r39=0 // serves as r33 at first (p26)
- mov r18=r32 // rp copy
- mov ar.ec=14 };;
+{ .mii; mov r40=0 // serves as r35 at first (p27)
+#if defined(_HPUX_SOURCE) && defined(_ILP32)
+ addp4 r18=0,r32 // rp copy
+#else
+ mov r18=r32 // rp copy
+#endif
+ mov ar.ec=15 };;
-// This loop spins in 3*(n+13) ticks on Itanium and should spin in
-// 2*(n+13) on "wider" IA-64 implementations (to be verified with new
+// This loop spins in 3*(n+14) ticks on Itanium and should spin in
+// 2*(n+14) on "wider" IA-64 implementations (to be verified with new
// -architecture manuals as they become available). As usual it's
// possible to compress the epilogue, down to 10 in this case, at the
// cost of scalability. Compressed (and therefore non-scalable) loop
-// running at 3*(n+10) would buy you ~10% on Itanium but take ~35%
+// running at 3*(n+11) would buy you ~10% on Itanium but take ~35%
// from "wider" IA-64 so let it be scalable! Special attention was
// paid for having the loop body split at 64-byte boundary. ld8 is
// scheduled for L1 cache as the data is more than likely there.
// Indeed, bn_mul_words has put it there a moment ago:-)
.L_bn_mul_add_words_ctop:
-{ .mfi; (p25) getf.sig r36=f49 // low
- (p21) xmpy.lu f45=f37,f8
- (p27) cmp.ltu p52,p48=r39,r38 }
+{ .mfi; (p25) getf.sig r36=f52 // low
+ (p21) xmpy.lu f48=f37,f8
+ (p28) cmp.ltu p54,p50=r41,r39 }
{ .mfi; (p16) ldf8 f32=[r15],8
- (p21) xmpy.hu f38=f37,f8
- (p27) add r43=r43,r39 };;
-{ .mii; (p26) getf.sig r32=f43 // high
- .pred.rel "mutex",p48,p52
- (p48) add r38=r37,r33 // (p26)
- (p52) add r38=r37,r33,1 } // (p26)
-{ .mfb; (p27) cmp.ltu.unc p56,p0=r43,r39
+ (p21) xmpy.hu f40=f37,f8
+ (p28) add r45=r45,r41 };;
+{ .mii; (p25) getf.sig r32=f44 // high
+ .pred.rel "mutex",p50,p54
+ (p50) add r40=r38,r35 // (p27)
+ (p54) add r40=r38,r35,1 } // (p27)
+{ .mfb; (p28) cmp.ltu.unc p60,p0=r45,r41
(p0) nop.f 0x0
(p0) nop.b 0x0 }
-{ .mii; (p26) ld8 r42=[r18],8
- (p58) cmp.eq.or p57,p0=-1,r44
- (p58) add r44=1,r44 }
-{ .mfb; (p29) st8 [r14]=r45,8
+{ .mii; (p27) ld8 r44=[r18],8
+ (p62) cmp.eq.or p61,p0=-1,r46
+ (p62) add r46=1,r46 }
+{ .mfb; (p30) st8 [r14]=r47,8
(p0) nop.f 0x0
br.ctop.sptk .L_bn_mul_add_words_ctop};;
.L_bn_mul_add_words_cend:
{ .mii; nop.m 0x0
-.pred.rel "mutex",p51,p55
-(p51) add r8=r36,r0
-(p55) add r8=r36,r0,1 }
+.pred.rel "mutex",p53,p57
+(p53) add r8=r38,r0
+(p57) add r8=r38,r0,1 }
{ .mfb; nop.m 0x0
nop.f 0x0
nop.b 0x0 };;
{ .mii;
-(p59) add r8=1,r8
- mov pr=r9,-1
+(p63) add r8=1,r8
+ mov pr=r9,0x1ffff
mov ar.lc=r3 }
{ .mfb; rum 1<<5 // clear um.mfh
nop.f 0x0
@@ -461,6 +536,10 @@ bn_sqr_words:
mov r9=pr };;
.body
+#if defined(_HPUX_SOURCE) && defined(_ILP32)
+{ .mii; addp4 r32=0,r32
+ addp4 r33=0,r33 };;
+#endif
{ .mib;
mov pr.rot=1<<16
brp.loop.imp .L_bn_sqr_words_ctop,.L_bn_sqr_words_cend-16
@@ -492,7 +571,7 @@ bn_sqr_words:
.L_bn_sqr_words_cend:
{ .mii; nop.m 0x0
- mov pr=r9,-1
+ mov pr=r9,0x1ffff
mov ar.lc=r3 }
{ .mfb; rum 1<<5 // clear um.mfh
nop.f 0x0
@@ -526,7 +605,14 @@ bn_sqr_comba8:
.prologue
.fframe 0
.save ar.pfs,r2
+#if defined(_HPUX_SOURCE) && defined(_ILP32)
{ .mii; alloc r2=ar.pfs,2,1,0,0
+ addp4 r33=0,r33
+ addp4 r32=0,r32 };;
+{ .mii;
+#else
+{ .mii; alloc r2=ar.pfs,2,1,0,0
+#endif
mov r34=r33
add r14=8,r33 };;
.body
@@ -587,7 +673,14 @@ bn_mul_comba8:
.prologue
.fframe 0
.save ar.pfs,r2
+#if defined(_HPUX_SOURCE) && defined(_ILP32)
{ .mii; alloc r2=ar.pfs,3,0,0,0
+ addp4 r33=0,r33
+ addp4 r34=0,r34 };;
+{ .mii; addp4 r32=0,r32
+#else
+{ .mii; alloc r2=ar.pfs,3,0,0,0
+#endif
add r14=8,r33
add r17=8,r34 }
.body
@@ -1138,7 +1231,14 @@ bn_sqr_comba4:
.prologue
.fframe 0
.save ar.pfs,r2
+#if defined(_HPUX_SOURCE) && defined(_ILP32)
+{ .mii; alloc r2=ar.pfs,2,1,0,0
+ addp4 r32=0,r32
+ addp4 r33=0,r33 };;
+{ .mii;
+#else
{ .mii; alloc r2=ar.pfs,2,1,0,0
+#endif
mov r34=r33
add r14=8,r33 };;
.body
@@ -1164,7 +1264,14 @@ bn_mul_comba4:
.prologue
.fframe 0
.save ar.pfs,r2
+#if defined(_HPUX_SOURCE) && defined(_ILP32)
+{ .mii; alloc r2=ar.pfs,3,0,0,0
+ addp4 r33=0,r33
+ addp4 r34=0,r34 };;
+{ .mii; addp4 r32=0,r32
+#else
{ .mii; alloc r2=ar.pfs,3,0,0,0
+#endif
add r14=8,r33
add r17=8,r34 }
.body
@@ -1464,7 +1571,7 @@ bn_div_words:
or r8=r8,r33
mov ar.pfs=r2 };;
{ .mii; shr.u r9=H,I // remainder if anybody wants it
- mov pr=r10,-1 }
+ mov pr=r10,0x1ffff }
{ .mfb; br.ret.sptk.many b0 };;
// Unsigned 64 by 32 (well, by 64 for the moment) bit integer division
diff --git a/crypto/openssl/crypto/bn/asm/pa-risc2.s b/crypto/openssl/crypto/bn/asm/pa-risc2.s
index af9730d06215..f3b16290eb04 100644
--- a/crypto/openssl/crypto/bn/asm/pa-risc2.s
+++ b/crypto/openssl/crypto/bn/asm/pa-risc2.s
@@ -747,8 +747,8 @@ bn_div_words
.PROC
.EXPORT bn_div_words,ENTRY,PRIV_LEV=3,ARGW0=GR,ARGW1=GR,ARGW2=GR,ARGW3=GR,RTNVAL=GR,LONG_RETURN
.IMPORT BN_num_bits_word,CODE
- .IMPORT __iob,DATA
- .IMPORT fprintf,CODE
+ ;--- not PIC .IMPORT __iob,DATA
+ ;--- not PIC .IMPORT fprintf,CODE
.IMPORT abort,CODE
.IMPORT $$div2U,MILLICODE
.CALLINFO CALLER,FRAME=144,ENTRY_GR=%r9,SAVE_RP,ARGS_SAVED,ORDERING_AWARE
@@ -844,12 +844,12 @@ $0006001A
MOVIB,TR 2,%r8,$0006001C ;offset 0xa18
EXTRD,U %r3,63,32,%r7 ;offset 0xa1c
$D2
- ADDIL LR'__iob-$global$,%r27,%r1 ;offset 0xa20
- LDIL LR'C$7,%r21 ;offset 0xa24
- LDO RR'__iob-$global$+32(%r1),%r26 ;offset 0xa28
- .CALL ARGW0=GR,ARGW1=GR,ARGW2=GR,RTNVAL=GR ;in=24,25,26;out=28;
- B,L fprintf,%r2 ;offset 0xa2c
- LDO RR'C$7(%r21),%r25 ;offset 0xa30
+ ;--- not PIC ADDIL LR'__iob-$global$,%r27,%r1 ;offset 0xa20
+ ;--- not PIC LDIL LR'C$7,%r21 ;offset 0xa24
+ ;--- not PIC LDO RR'__iob-$global$+32(%r1),%r26 ;offset 0xa28
+ ;--- not PIC .CALL ARGW0=GR,ARGW1=GR,ARGW2=GR,RTNVAL=GR ;in=24,25,26;out=28;
+ ;--- not PIC B,L fprintf,%r2 ;offset 0xa2c
+ ;--- not PIC LDO RR'C$7(%r21),%r25 ;offset 0xa30
.CALL ;
B,L abort,%r2 ;offset 0xa34
NOP ;offset 0xa38
@@ -1605,14 +1605,14 @@ bn_mul_comba4
.PROCEND
- .SPACE $TEXT$
- .SUBSPA $CODE$
- .SPACE $PRIVATE$,SORT=16
- .IMPORT $global$,DATA
- .SPACE $TEXT$
- .SUBSPA $CODE$
- .SUBSPA $LIT$,ACCESS=0x2c
-C$7
- .ALIGN 8
- .STRINGZ "Division would overflow (%d)\n"
+;--- not PIC .SPACE $TEXT$
+;--- not PIC .SUBSPA $CODE$
+;--- not PIC .SPACE $PRIVATE$,SORT=16
+;--- not PIC .IMPORT $global$,DATA
+;--- not PIC .SPACE $TEXT$
+;--- not PIC .SUBSPA $CODE$
+;--- not PIC .SUBSPA $LIT$,ACCESS=0x2c
+;--- not PIC C$7
+;--- not PIC .ALIGN 8
+;--- not PIC .STRINGZ "Division would overflow (%d)\n"
.END
diff --git a/crypto/openssl/crypto/bn/bn_lcl.h b/crypto/openssl/crypto/bn/bn_lcl.h
index bf7c12403c35..5614bc6164cf 100644
--- a/crypto/openssl/crypto/bn/bn_lcl.h
+++ b/crypto/openssl/crypto/bn/bn_lcl.h
@@ -446,10 +446,6 @@ void bn_mul_low_recursive(BN_ULONG *r,BN_ULONG *a,BN_ULONG *b,int n2,
BN_ULONG *t);
void bn_mul_high(BN_ULONG *r,BN_ULONG *a,BN_ULONG *b,BN_ULONG *l,int n2,
BN_ULONG *t);
-BN_ULONG bn_add_part_words(BN_ULONG *r, const BN_ULONG *a, const BN_ULONG *b,
- int cl, int dl);
-BN_ULONG bn_sub_part_words(BN_ULONG *r, const BN_ULONG *a, const BN_ULONG *b,
- int cl, int dl);
#ifdef __cplusplus
}
diff --git a/crypto/openssl/crypto/bn/bn_prime.c b/crypto/openssl/crypto/bn/bn_prime.c
index 918b9237c6e2..e072d9255c4c 100644
--- a/crypto/openssl/crypto/bn/bn_prime.c
+++ b/crypto/openssl/crypto/bn/bn_prime.c
@@ -140,6 +140,7 @@ BIGNUM *BN_generate_prime(BIGNUM *ret, int bits, int safe,
BN_CTX *ctx;
int checks = BN_prime_checks_for_size(bits);
+ BN_init(&t);
ctx=BN_CTX_new();
if (ctx == NULL) goto err;
if (ret == NULL)
@@ -148,7 +149,6 @@ BIGNUM *BN_generate_prime(BIGNUM *ret, int bits, int safe,
}
else
rnd=ret;
- BN_init(&t);
loop:
/* make a random number and set the top and bottom bits */
if (add == NULL)
diff --git a/crypto/openssl/crypto/cast/Makefile.ssl b/crypto/openssl/crypto/cast/Makefile.ssl
index c18d86845e1e..70c47bf8e695 100644
--- a/crypto/openssl/crypto/cast/Makefile.ssl
+++ b/crypto/openssl/crypto/cast/Makefile.ssl
@@ -52,14 +52,8 @@ lib: $(LIBOBJ)
@touch lib
# elf
-asm/cx86-elf.o: asm/cx86unix.cpp
- $(CPP) -DELF -x c asm/cx86unix.cpp | as -o asm/cx86-elf.o
-
-# solaris
-asm/cx86-sol.o: asm/cx86unix.cpp
- $(CC) -E -DSOL asm/cx86unix.cpp | sed 's/^#.*//' > asm/cx86-sol.s
- as -o asm/cx86-sol.o asm/cx86-sol.s
- rm -f asm/cx86-sol.s
+asm/cx86-elf.s: asm/cast-586.pl ../perlasm/x86asm.pl ../perlasm/cbc.pl
+ (cd asm; $(PERL) cast-586.pl elf $(CLAGS) $(PROCESSOR) > cx86-elf.s)
# a.out
asm/cx86-out.o: asm/cx86unix.cpp
@@ -104,7 +98,7 @@ dclean:
mv -f Makefile.new $(MAKEFILE)
clean:
- rm -f asm/cx86unix.cpp *.o asm/*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+ rm -f asm/cx86unix.cpp asm/*-elf.* *.o asm/*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
# DO NOT DELETE THIS LINE -- make depend depends on it.
diff --git a/crypto/openssl/crypto/conf/conf_mall.c b/crypto/openssl/crypto/conf/conf_mall.c
index d702af689ba3..4ba40cf44cc6 100644
--- a/crypto/openssl/crypto/conf/conf_mall.c
+++ b/crypto/openssl/crypto/conf/conf_mall.c
@@ -63,7 +63,9 @@
#include <openssl/dso.h>
#include <openssl/x509.h>
#include <openssl/asn1.h>
+#ifndef OPENSSL_NO_ENGINE
#include <openssl/engine.h>
+#endif
/* Load all OpenSSL builtin modules */
@@ -71,6 +73,8 @@ void OPENSSL_load_builtin_modules(void)
{
/* Add builtin modules here */
ASN1_add_oid_module();
+#ifndef OPENSSL_NO_ENGINE
ENGINE_add_conf_module();
+#endif
}
diff --git a/crypto/openssl/crypto/conf/conf_sap.c b/crypto/openssl/crypto/conf/conf_sap.c
index 97fb17430382..e15c2e55463a 100644
--- a/crypto/openssl/crypto/conf/conf_sap.c
+++ b/crypto/openssl/crypto/conf/conf_sap.c
@@ -63,7 +63,9 @@
#include <openssl/dso.h>
#include <openssl/x509.h>
#include <openssl/asn1.h>
+#ifndef OPENSSL_NO_ENGINE
#include <openssl/engine.h>
+#endif
/* This is the automatic configuration loader: it is called automatically by
* OpenSSL when any of a number of standard initialisation functions are called,
@@ -78,8 +80,10 @@ void OPENSSL_config(const char *config_name)
return;
OPENSSL_load_builtin_modules();
+#ifndef OPENSSL_NO_ENGINE
/* Need to load ENGINEs */
ENGINE_load_builtin_engines();
+#endif
/* Add others here? */
diff --git a/crypto/openssl/crypto/des/Makefile.ssl b/crypto/openssl/crypto/des/Makefile.ssl
index 2edb542db967..548573f4b185 100644
--- a/crypto/openssl/crypto/des/Makefile.ssl
+++ b/crypto/openssl/crypto/des/Makefile.ssl
@@ -66,30 +66,11 @@ des: des.o cbc3_enc.o lib
$(CC) $(CFLAGS) -o des des.o cbc3_enc.o $(LIB)
# elf
-asm/dx86-elf.o: asm/dx86unix.cpp
- $(CPP) -DELF \
- `(echo $(CFLAGS) | egrep -ie '-[fK]PIC') > /dev/null 2>&1 && echo -DPIC; exit 0`\
- -x c asm/dx86unix.cpp | as -o asm/dx86-elf.o
-
-asm/yx86-elf.o: asm/yx86unix.cpp
- $(CPP) -DELF \
- `(echo $(CFLAGS) | egrep -ie '-[fK]PIC') > /dev/null 2>&1 && echo -DPIC; exit 0`\
- -x c asm/yx86unix.cpp | as -o asm/yx86-elf.o
-
-# solaris
-asm/dx86-sol.o: asm/dx86unix.cpp
- $(CC) -E -DSOL \
- `(echo $(CFLAGS) | egrep -ie '-[fK]PIC') > /dev/null 2>&1 && echo -DPIC; exit 0`\
- asm/dx86unix.cpp | sed 's/^#.*//' > asm/dx86-sol.s
- as -o asm/dx86-sol.o asm/dx86-sol.s
- rm -f asm/dx86-sol.s
-
-asm/yx86-sol.o: asm/yx86unix.cpp
- $(CC) -E -DSOL \
- `(echo $(CFLAGS) | egrep -ie '-[fK]PIC') > /dev/null 2>&1 && echo -DPIC; exit 0`\
- asm/yx86unix.cpp | sed 's/^#.*//' > asm/yx86-sol.s
- as -o asm/yx86-sol.o asm/yx86-sol.s
- rm -f asm/yx86-sol.s
+asm/dx86-elf.s: asm/des-586.pl ../perlasm/x86asm.pl ../perlasm/cbc.pl
+ (cd asm; $(PERL) des-586.pl elf $(CFLAGS) > dx86-elf.s)
+
+asm/yx86-elf.s: asm/crypt586.pl ../perlasm/x86asm.pl ../perlasm/cbc.pl
+ (cd asm; $(PERL) crypt586.pl elf $(CFLAGS) > yx86-elf.s)
# a.out
asm/dx86-out.o: asm/dx86unix.cpp
@@ -145,7 +126,7 @@ dclean:
mv -f Makefile.new $(MAKEFILE)
clean:
- rm -f asm/dx86unix.cpp asm/yx86unix.cpp *.o asm/*.o *.obj des lib tags core .pure .nfs* *.old *.bak fluff
+ rm -f asm/dx86unix.cpp asm/yx86unix.cpp asm/*-elf.* *.o asm/*.o *.obj des lib tags core .pure .nfs* *.old *.bak fluff
# DO NOT DELETE THIS LINE -- make depend depends on it.
diff --git a/crypto/openssl/crypto/des/asm/crypt586.pl b/crypto/openssl/crypto/des/asm/crypt586.pl
index 51fb3ddf26e4..1d04ed6def10 100644
--- a/crypto/openssl/crypto/des/asm/crypt586.pl
+++ b/crypto/openssl/crypto/des/asm/crypt586.pl
@@ -32,8 +32,9 @@ sub fcrypt_body
&xor( $R, $R);
# PIC-ification:-)
- if ($cpp) { &picmeup("edx","DES_SPtrans"); }
- else { &lea("edx",&DWP("DES_SPtrans")); }
+ &picmeup("edx","DES_SPtrans");
+ #if ($cpp) { &picmeup("edx","DES_SPtrans"); }
+ #else { &lea("edx",&DWP("DES_SPtrans")); }
&push("edx"); # becomes &swtmp(1)
#
&mov($trans,&wparam(1)); # reloaded with DES_SPtrans in D_ENCRYPT
diff --git a/crypto/openssl/crypto/des/asm/des-586.pl b/crypto/openssl/crypto/des/asm/des-586.pl
index 7a5886928995..b75d3c6b3a44 100644
--- a/crypto/openssl/crypto/des/asm/des-586.pl
+++ b/crypto/openssl/crypto/des/asm/des-586.pl
@@ -73,8 +73,9 @@ sub DES_encrypt
}
# PIC-ification:-)
- if ($cpp) { &picmeup($trans,"DES_SPtrans"); }
- else { &lea($trans,&DWP("DES_SPtrans")); }
+ &picmeup($trans,"DES_SPtrans");
+ #if ($cpp) { &picmeup($trans,"DES_SPtrans"); }
+ #else { &lea($trans,&DWP("DES_SPtrans")); }
&mov( "ecx", &wparam(1) );
&cmp("ebx","0");
diff --git a/crypto/openssl/crypto/des/cbc_cksm.c b/crypto/openssl/crypto/des/cbc_cksm.c
index 6c5305b99d90..09a7ba56aada 100644
--- a/crypto/openssl/crypto/des/cbc_cksm.c
+++ b/crypto/openssl/crypto/des/cbc_cksm.c
@@ -93,5 +93,14 @@ DES_LONG DES_cbc_cksum(const unsigned char *in, DES_cblock *output,
l2c(tout1,out);
}
tout0=tin0=tin1=tin[0]=tin[1]=0;
+ /*
+ Transform the data in tout1 so that it will
+ match the return value that the MIT Kerberos
+ mit_des_cbc_cksum API returns.
+ */
+ tout1 = ((tout1 >> 24L) & 0x000000FF)
+ | ((tout1 >> 8L) & 0x0000FF00)
+ | ((tout1 << 8L) & 0x00FF0000)
+ | ((tout1 << 24L) & 0xFF000000);
return(tout1);
}
diff --git a/crypto/openssl/crypto/des/des_locl.h b/crypto/openssl/crypto/des/des_locl.h
index 6f222474c9ff..e44e8e98b250 100644
--- a/crypto/openssl/crypto/des/des_locl.h
+++ b/crypto/openssl/crypto/des/des_locl.h
@@ -162,7 +162,7 @@
#if defined(OPENSSL_SYS_WIN32) && defined(_MSC_VER)
#define ROTATE(a,n) (_lrotr(a,n))
-#elif defined(__GNUC__) && __GNUC__>=2 && !defined(__STRICT_ANSI__) && !defined(NO_ASM) && !defined(NO_INLINE_ASM)
+#elif defined(__GNUC__) && __GNUC__>=2 && !defined(__STRICT_ANSI__) && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM) && !defined(PEDANTIC)
# if defined(__i386) || defined(__i386__) || defined(__x86_64) || defined(__x86_64__)
# define ROTATE(a,n) ({ register unsigned int ret; \
asm ("rorl %1,%0" \
diff --git a/crypto/openssl/crypto/des/destest.c b/crypto/openssl/crypto/des/destest.c
index 7799e6e4bf5a..687c00c79229 100644
--- a/crypto/openssl/crypto/des/destest.c
+++ b/crypto/openssl/crypto/des/destest.c
@@ -320,7 +320,11 @@ static unsigned char ofb_cipher[24]=
0x3d,0x6d,0x5b,0xe3,0x25,0x5a,0xf8,0xc3
};
+#if 0
static DES_LONG cbc_cksum_ret=0xB462FEF7L;
+#else
+static DES_LONG cbc_cksum_ret=0xF7FE62B4L;
+#endif
static unsigned char cbc_cksum_data[8]={0x1D,0x26,0x93,0x97,0xf7,0xfe,0x62,0xb4};
static char *pt(unsigned char *p);
diff --git a/crypto/openssl/crypto/dh/dh_key.c b/crypto/openssl/crypto/dh/dh_key.c
index 1a0efca2c4c1..6ce65ed5f37c 100644
--- a/crypto/openssl/crypto/dh/dh_key.c
+++ b/crypto/openssl/crypto/dh/dh_key.c
@@ -61,7 +61,9 @@
#include <openssl/bn.h>
#include <openssl/rand.h>
#include <openssl/dh.h>
+#ifndef OPENSSL_NO_ENGINE
#include <openssl/engine.h>
+#endif
static int generate_key(DH *dh);
static int compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh);
diff --git a/crypto/openssl/crypto/dh/dh_lib.c b/crypto/openssl/crypto/dh/dh_lib.c
index ba5fd410579f..09965ee2ea80 100644
--- a/crypto/openssl/crypto/dh/dh_lib.c
+++ b/crypto/openssl/crypto/dh/dh_lib.c
@@ -60,7 +60,9 @@
#include "cryptlib.h"
#include <openssl/bn.h>
#include <openssl/dh.h>
+#ifndef OPENSSL_NO_ENGINE
#include <openssl/engine.h>
+#endif
const char *DH_version="Diffie-Hellman" OPENSSL_VERSION_PTEXT;
@@ -85,11 +87,13 @@ int DH_set_method(DH *dh, const DH_METHOD *meth)
const DH_METHOD *mtmp;
mtmp = dh->meth;
if (mtmp->finish) mtmp->finish(dh);
+#ifndef OPENSSL_NO_ENGINE
if (dh->engine)
{
ENGINE_finish(dh->engine);
dh->engine = NULL;
}
+#endif
dh->meth = meth;
if (meth->init) meth->init(dh);
return 1;
@@ -112,6 +116,7 @@ DH *DH_new_method(ENGINE *engine)
}
ret->meth = DH_get_default_method();
+#ifndef OPENSSL_NO_ENGINE
if (engine)
{
if (!ENGINE_init(engine))
@@ -135,6 +140,7 @@ DH *DH_new_method(ENGINE *engine)
return NULL;
}
}
+#endif
ret->pad=0;
ret->version=0;
@@ -154,8 +160,10 @@ DH *DH_new_method(ENGINE *engine)
CRYPTO_new_ex_data(CRYPTO_EX_INDEX_DH, ret, &ret->ex_data);
if ((ret->meth->init != NULL) && !ret->meth->init(ret))
{
+#ifndef OPENSSL_NO_ENGINE
if (ret->engine)
ENGINE_finish(ret->engine);
+#endif
CRYPTO_free_ex_data(CRYPTO_EX_INDEX_DH, ret, &ret->ex_data);
OPENSSL_free(ret);
ret=NULL;
@@ -182,8 +190,10 @@ void DH_free(DH *r)
if (r->meth->finish)
r->meth->finish(r);
+#ifndef OPENSSL_NO_ENGINE
if (r->engine)
ENGINE_finish(r->engine);
+#endif
CRYPTO_free_ex_data(CRYPTO_EX_INDEX_DH, r, &r->ex_data);
diff --git a/crypto/openssl/crypto/dsa/dsa_lib.c b/crypto/openssl/crypto/dsa/dsa_lib.c
index 579f73f869f0..4171af24c6cd 100644
--- a/crypto/openssl/crypto/dsa/dsa_lib.c
+++ b/crypto/openssl/crypto/dsa/dsa_lib.c
@@ -63,7 +63,9 @@
#include <openssl/bn.h>
#include <openssl/dsa.h>
#include <openssl/asn1.h>
+#ifndef OPENSSL_NO_ENGINE
#include <openssl/engine.h>
+#endif
const char *DSA_version="DSA" OPENSSL_VERSION_PTEXT;
@@ -93,11 +95,13 @@ int DSA_set_method(DSA *dsa, const DSA_METHOD *meth)
const DSA_METHOD *mtmp;
mtmp = dsa->meth;
if (mtmp->finish) mtmp->finish(dsa);
+#ifndef OPENSSL_NO_ENGINE
if (dsa->engine)
{
ENGINE_finish(dsa->engine);
dsa->engine = NULL;
}
+#endif
dsa->meth = meth;
if (meth->init) meth->init(dsa);
return 1;
@@ -114,6 +118,7 @@ DSA *DSA_new_method(ENGINE *engine)
return(NULL);
}
ret->meth = DSA_get_default_method();
+#ifndef OPENSSL_NO_ENGINE
if (engine)
{
if (!ENGINE_init(engine))
@@ -138,6 +143,7 @@ DSA *DSA_new_method(ENGINE *engine)
return NULL;
}
}
+#endif
ret->pad=0;
ret->version=0;
@@ -158,8 +164,10 @@ DSA *DSA_new_method(ENGINE *engine)
CRYPTO_new_ex_data(CRYPTO_EX_INDEX_DSA, ret, &ret->ex_data);
if ((ret->meth->init != NULL) && !ret->meth->init(ret))
{
+#ifndef OPENSSL_NO_ENGINE
if (ret->engine)
ENGINE_finish(ret->engine);
+#endif
CRYPTO_free_ex_data(CRYPTO_EX_INDEX_DSA, ret, &ret->ex_data);
OPENSSL_free(ret);
ret=NULL;
@@ -189,8 +197,10 @@ void DSA_free(DSA *r)
if(r->meth->finish)
r->meth->finish(r);
+#ifndef OPENSSL_NO_ENGINE
if(r->engine)
ENGINE_finish(r->engine);
+#endif
CRYPTO_free_ex_data(CRYPTO_EX_INDEX_DSA, r, &r->ex_data);
diff --git a/crypto/openssl/crypto/dsa/dsa_ossl.c b/crypto/openssl/crypto/dsa/dsa_ossl.c
index 37dd5fc99409..68d91dbe23bc 100644
--- a/crypto/openssl/crypto/dsa/dsa_ossl.c
+++ b/crypto/openssl/crypto/dsa/dsa_ossl.c
@@ -64,7 +64,9 @@
#include <openssl/dsa.h>
#include <openssl/rand.h>
#include <openssl/asn1.h>
+#ifndef OPENSSL_NO_ENGINE
#include <openssl/engine.h>
+#endif
static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa);
static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp);
@@ -106,13 +108,15 @@ static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
int i,reason=ERR_R_BN_LIB;
DSA_SIG *ret=NULL;
+ BN_init(&m);
+ BN_init(&xr);
+
if (!dsa->p || !dsa->q || !dsa->g)
{
reason=DSA_R_MISSING_PARAMETERS;
goto err;
}
- BN_init(&m);
- BN_init(&xr);
+
s=BN_new();
if (s == NULL) goto err;
@@ -178,6 +182,9 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp)
DSAerr(DSA_F_DSA_SIGN_SETUP,DSA_R_MISSING_PARAMETERS);
return 0;
}
+
+ BN_init(&k);
+
if (ctx_in == NULL)
{
if ((ctx=BN_CTX_new()) == NULL) goto err;
@@ -185,7 +192,6 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp)
else
ctx=ctx_in;
- BN_init(&k);
if ((r=BN_new()) == NULL) goto err;
kinv=NULL;
@@ -241,11 +247,12 @@ static int dsa_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig,
return -1;
}
- if ((ctx=BN_CTX_new()) == NULL) goto err;
BN_init(&u1);
BN_init(&u2);
BN_init(&t1);
+ if ((ctx=BN_CTX_new()) == NULL) goto err;
+
if (BN_is_zero(sig->r) || sig->r->neg || BN_ucmp(sig->r, dsa->q) >= 0)
{
ret = 0;
diff --git a/crypto/openssl/crypto/dsa/dsa_sign.c b/crypto/openssl/crypto/dsa/dsa_sign.c
index e9469ca62fd6..5cdc8ed8511b 100644
--- a/crypto/openssl/crypto/dsa/dsa_sign.c
+++ b/crypto/openssl/crypto/dsa/dsa_sign.c
@@ -64,7 +64,9 @@
#include <openssl/dsa.h>
#include <openssl/rand.h>
#include <openssl/asn1.h>
+#ifndef OPENSSL_NO_ENGINE
#include <openssl/engine.h>
+#endif
DSA_SIG * DSA_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
{
diff --git a/crypto/openssl/crypto/dsa/dsa_vrf.c b/crypto/openssl/crypto/dsa/dsa_vrf.c
index 066c6b5b2849..fffb129f8f3b 100644
--- a/crypto/openssl/crypto/dsa/dsa_vrf.c
+++ b/crypto/openssl/crypto/dsa/dsa_vrf.c
@@ -65,7 +65,9 @@
#include <openssl/rand.h>
#include <openssl/asn1.h>
#include <openssl/asn1_mac.h>
+#ifndef OPENSSL_NO_ENGINE
#include <openssl/engine.h>
+#endif
int DSA_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig,
DSA *dsa)
diff --git a/crypto/openssl/crypto/dsa/dsagen.c b/crypto/openssl/crypto/dsa/dsagen.c
index a0b097664086..1b6a1cca0fec 100644
--- a/crypto/openssl/crypto/dsa/dsagen.c
+++ b/crypto/openssl/crypto/dsa/dsagen.c
@@ -103,7 +103,7 @@ main()
bio_err=BIO_new_fp(stderr,BIO_NOCLOSE);
memcpy(seed_buf,seed,20);
- dsa=DSA_generate_parameters(1024,seed,20,&counter,&h,cb);
+ dsa=DSA_generate_parameters(1024,seed,20,&counter,&h,cb,bio_err);
if (dsa == NULL)
DSA_print(bio_err,dsa,0);
diff --git a/crypto/openssl/crypto/dsa/dsatest.c b/crypto/openssl/crypto/dsa/dsatest.c
index 1ab90cfd7e49..d4d038ae6f1b 100644
--- a/crypto/openssl/crypto/dsa/dsatest.c
+++ b/crypto/openssl/crypto/dsa/dsatest.c
@@ -68,7 +68,9 @@
#include <openssl/rand.h>
#include <openssl/bio.h>
#include <openssl/err.h>
+#ifndef OPENSSL_NO_ENGINE
#include <openssl/engine.h>
+#endif
#ifdef OPENSSL_SYS_WINDOWS
#include "../bio/bss_file.c"
#endif
diff --git a/crypto/openssl/crypto/dso/dso_dl.c b/crypto/openssl/crypto/dso/dso_dl.c
index 195717e9935b..79d2cb4d8c8d 100644
--- a/crypto/openssl/crypto/dso/dso_dl.c
+++ b/crypto/openssl/crypto/dso/dso_dl.c
@@ -126,7 +126,7 @@ static int dl_load(DSO *dso)
DSOerr(DSO_F_DL_LOAD,DSO_R_NO_FILENAME);
goto err;
}
- ptr = shl_load(filename, BIND_IMMEDIATE|DYNAMIC_PATH, NULL);
+ ptr = shl_load(filename, BIND_IMMEDIATE|DYNAMIC_PATH, 0L);
if(ptr == NULL)
{
DSOerr(DSO_F_DL_LOAD,DSO_R_LOAD_FAILED);
diff --git a/crypto/openssl/crypto/ec/ec.h b/crypto/openssl/crypto/ec/ec.h
index a52d4edf141f..6d6a9b712732 100644
--- a/crypto/openssl/crypto/ec/ec.h
+++ b/crypto/openssl/crypto/ec/ec.h
@@ -195,7 +195,6 @@ void ERR_load_EC_strings(void);
#define EC_F_EC_GROUP_GET0_GENERATOR 139
#define EC_F_EC_GROUP_GET_COFACTOR 140
#define EC_F_EC_GROUP_GET_CURVE_GFP 130
-#define EC_F_EC_GROUP_GET_EXTRA_DATA 107
#define EC_F_EC_GROUP_GET_ORDER 141
#define EC_F_EC_GROUP_NEW 108
#define EC_F_EC_GROUP_PRECOMPUTE_MULT 142
@@ -232,7 +231,6 @@ void ERR_load_EC_strings(void);
#define EC_R_INVALID_FIELD 103
#define EC_R_INVALID_FORM 104
#define EC_R_NOT_INITIALIZED 111
-#define EC_R_NO_SUCH_EXTRA_DATA 105
#define EC_R_POINT_AT_INFINITY 106
#define EC_R_POINT_IS_NOT_ON_CURVE 107
#define EC_R_SLOT_FULL 108
diff --git a/crypto/openssl/crypto/ec/ec_err.c b/crypto/openssl/crypto/ec/ec_err.c
index 394cdc021fd1..d37b6aba87fd 100644
--- a/crypto/openssl/crypto/ec/ec_err.c
+++ b/crypto/openssl/crypto/ec/ec_err.c
@@ -84,7 +84,6 @@ static ERR_STRING_DATA EC_str_functs[]=
{ERR_PACK(0,EC_F_EC_GROUP_GET0_GENERATOR,0), "EC_GROUP_get0_generator"},
{ERR_PACK(0,EC_F_EC_GROUP_GET_COFACTOR,0), "EC_GROUP_get_cofactor"},
{ERR_PACK(0,EC_F_EC_GROUP_GET_CURVE_GFP,0), "EC_GROUP_get_curve_GFp"},
-{ERR_PACK(0,EC_F_EC_GROUP_GET_EXTRA_DATA,0), "EC_GROUP_get_extra_data"},
{ERR_PACK(0,EC_F_EC_GROUP_GET_ORDER,0), "EC_GROUP_get_order"},
{ERR_PACK(0,EC_F_EC_GROUP_NEW,0), "EC_GROUP_new"},
{ERR_PACK(0,EC_F_EC_GROUP_PRECOMPUTE_MULT,0), "EC_GROUP_precompute_mult"},
@@ -124,7 +123,6 @@ static ERR_STRING_DATA EC_str_reasons[]=
{EC_R_INVALID_FIELD ,"invalid field"},
{EC_R_INVALID_FORM ,"invalid form"},
{EC_R_NOT_INITIALIZED ,"not initialized"},
-{EC_R_NO_SUCH_EXTRA_DATA ,"no such extra data"},
{EC_R_POINT_AT_INFINITY ,"point at infinity"},
{EC_R_POINT_IS_NOT_ON_CURVE ,"point is not on curve"},
{EC_R_SLOT_FULL ,"slot full"},
diff --git a/crypto/openssl/crypto/ec/ec_lib.c b/crypto/openssl/crypto/ec/ec_lib.c
index 1d2cc71eefe6..deb522060f2a 100644
--- a/crypto/openssl/crypto/ec/ec_lib.c
+++ b/crypto/openssl/crypto/ec/ec_lib.c
@@ -268,7 +268,9 @@ void *EC_GROUP_get_extra_data(const EC_GROUP *group, void *(*extra_data_dup_func
|| (group->extra_data_free_func != extra_data_free_func)
|| (group->extra_data_clear_free_func != extra_data_clear_free_func))
{
- ECerr(EC_F_EC_GROUP_GET_EXTRA_DATA, EC_R_NO_SUCH_EXTRA_DATA);
+#if 0 /* this was an error in 0.9.7, but that does not make a lot of sense */
+ ECerr(..._F_EC_GROUP_GET_EXTRA_DATA, ..._R_NO_SUCH_EXTRA_DATA);
+#endif
return NULL;
}
diff --git a/crypto/openssl/crypto/ec/ec_mult.c b/crypto/openssl/crypto/ec/ec_mult.c
index 603ba31b8191..4dbc93112062 100644
--- a/crypto/openssl/crypto/ec/ec_mult.c
+++ b/crypto/openssl/crypto/ec/ec_mult.c
@@ -209,6 +209,17 @@ int EC_POINTs_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar,
EC_POINT ***val_sub = NULL; /* pointers to sub-arrays of 'val' */
int ret = 0;
+ if (group->meth != r->meth)
+ {
+ ECerr(EC_F_EC_POINTS_MUL, EC_R_INCOMPATIBLE_OBJECTS);
+ return 0;
+ }
+
+ if ((scalar == NULL) && (num == 0))
+ {
+ return EC_POINT_set_to_infinity(group, r);
+ }
+
if (scalar != NULL)
{
generator = EC_GROUP_get0_generator(group);
diff --git a/crypto/openssl/crypto/ec/ectest.c b/crypto/openssl/crypto/ec/ectest.c
index 5d7b6b26aa72..345d3e428925 100644
--- a/crypto/openssl/crypto/ec/ectest.c
+++ b/crypto/openssl/crypto/ec/ectest.c
@@ -70,7 +70,9 @@ int main(int argc, char * argv[]) { puts("Elliptic curves are disabled."); retur
#include <openssl/ec.h>
+#ifndef OPENSSL_NO_ENGINE
#include <openssl/engine.h>
+#endif
#include <openssl/err.h>
#define ABORT do { \
@@ -628,7 +630,9 @@ int main(int argc, char *argv[])
if (P_384) EC_GROUP_free(P_384);
if (P_521) EC_GROUP_free(P_521);
+#ifndef OPENSSL_NO_ENGINE
ENGINE_cleanup();
+#endif
CRYPTO_cleanup_all_ex_data();
ERR_free_strings();
ERR_remove_state(0);
diff --git a/crypto/openssl/crypto/engine/Makefile.ssl b/crypto/openssl/crypto/engine/Makefile.ssl
index cecc06f28ca9..847d6724000c 100644
--- a/crypto/openssl/crypto/engine/Makefile.ssl
+++ b/crypto/openssl/crypto/engine/Makefile.ssl
@@ -50,7 +50,7 @@ all: lib
lib: $(LIBOBJ)
$(AR) $(LIB) $(LIBOBJ)
- $(RANLIB) $(LIB)
+ $(RANLIB) $(LIB) || echo Never mind.
@touch lib
files:
diff --git a/crypto/openssl/crypto/engine/engine.h b/crypto/openssl/crypto/engine/engine.h
index 10e744417225..8686879e1a33 100644
--- a/crypto/openssl/crypto/engine/engine.h
+++ b/crypto/openssl/crypto/engine/engine.h
@@ -59,6 +59,12 @@
#ifndef HEADER_ENGINE_H
#define HEADER_ENGINE_H
+#include <openssl/opensslconf.h>
+
+#ifdef OPENSSL_NO_ENGINE
+#error ENGINE is disabled.
+#endif
+
#include <openssl/ossl_typ.h>
#include <openssl/bn.h>
#ifndef OPENSSL_NO_RSA
diff --git a/crypto/openssl/crypto/engine/enginetest.c b/crypto/openssl/crypto/engine/enginetest.c
index 87fa8c57b72c..c2d0297392f1 100644
--- a/crypto/openssl/crypto/engine/enginetest.c
+++ b/crypto/openssl/crypto/engine/enginetest.c
@@ -56,9 +56,17 @@
*
*/
-#include <openssl/e_os2.h>
#include <stdio.h>
#include <string.h>
+
+#ifdef OPENSSL_NO_ENGINE
+int main(int argc, char *argv[])
+{
+ printf("No ENGINE support\n");
+ return(0);
+}
+#else
+#include <openssl/e_os2.h>
#include <openssl/buffer.h>
#include <openssl/crypto.h>
#include <openssl/engine.h>
@@ -272,3 +280,4 @@ end:
CRYPTO_mem_leaks_fp(stderr);
return to_return;
}
+#endif
diff --git a/crypto/openssl/crypto/err/err.c b/crypto/openssl/crypto/err/err.c
index 5abe44e6d57d..b873270c049a 100644
--- a/crypto/openssl/crypto/err/err.c
+++ b/crypto/openssl/crypto/err/err.c
@@ -211,6 +211,7 @@ static ERR_STRING_DATA ERR_str_reasons[]=
{0,NULL},
};
+#endif
/* Define the predeclared (but externally opaque) "ERR_FNS" type */
@@ -491,6 +492,7 @@ static int int_err_get_next_lib(void)
}
+#ifndef OPENSSL_NO_ERR
#define NUM_SYS_STR_REASONS 127
#define LEN_SYS_STR_REASON 32
diff --git a/crypto/openssl/crypto/err/err_all.c b/crypto/openssl/crypto/err/err_all.c
index 90029fd159fa..dc505d9d9d48 100644
--- a/crypto/openssl/crypto/err/err_all.c
+++ b/crypto/openssl/crypto/err/err_all.c
@@ -82,7 +82,9 @@
#include <openssl/pkcs12.h>
#include <openssl/rand.h>
#include <openssl/dso.h>
+#ifndef OPENSSL_NO_ENGINE
#include <openssl/engine.h>
+#endif
#include <openssl/ocsp.h>
#include <openssl/err.h>
@@ -122,7 +124,9 @@ void ERR_load_crypto_strings(void)
ERR_load_PKCS12_strings();
ERR_load_RAND_strings();
ERR_load_DSO_strings();
+#ifndef OPENSSL_NO_ENGINE
ERR_load_ENGINE_strings();
+#endif
ERR_load_OCSP_strings();
ERR_load_UI_strings();
#endif
diff --git a/crypto/openssl/crypto/evp/digest.c b/crypto/openssl/crypto/evp/digest.c
index 33013c41a607..5b2104ac120f 100644
--- a/crypto/openssl/crypto/evp/digest.c
+++ b/crypto/openssl/crypto/evp/digest.c
@@ -113,7 +113,9 @@
#include "cryptlib.h"
#include <openssl/objects.h>
#include <openssl/evp.h>
+#ifndef OPENSSL_NO_ENGINE
#include <openssl/engine.h>
+#endif
void EVP_MD_CTX_init(EVP_MD_CTX *ctx)
{
@@ -138,6 +140,7 @@ int EVP_DigestInit(EVP_MD_CTX *ctx, const EVP_MD *type)
int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl)
{
EVP_MD_CTX_clear_flags(ctx,EVP_MD_CTX_FLAG_CLEANED);
+#ifndef OPENSSL_NO_ENGINE
/* Whether it's nice or not, "Inits" can be used on "Final"'d contexts
* so this context may already have an ENGINE! Try to avoid releasing
* the previous handle, re-querying for an ENGINE, and having a
@@ -183,7 +186,9 @@ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl)
else
ctx->engine = NULL;
}
- else if(!ctx->digest)
+ else
+#endif
+ if(!ctx->digest)
{
EVPerr(EVP_F_EVP_DIGESTINIT, EVP_R_NO_DIGEST_SET);
return 0;
@@ -196,7 +201,9 @@ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl)
if (type->ctx_size)
ctx->md_data=OPENSSL_malloc(type->ctx_size);
}
+#ifndef OPENSSL_NO_ENGINE
skip_to_init:
+#endif
return ctx->digest->init(ctx);
}
@@ -246,12 +253,14 @@ int EVP_MD_CTX_copy_ex(EVP_MD_CTX *out, const EVP_MD_CTX *in)
EVPerr(EVP_F_EVP_MD_CTX_COPY,EVP_R_INPUT_NOT_INITIALIZED);
return 0;
}
+#ifndef OPENSSL_NO_ENGINE
/* Make sure it's safe to copy a digest context using an ENGINE */
if (in->engine && !ENGINE_init(in->engine))
{
EVPerr(EVP_F_EVP_MD_CTX_COPY,ERR_R_ENGINE_LIB);
return 0;
}
+#endif
EVP_MD_CTX_cleanup(out);
memcpy(out,in,sizeof *out);
@@ -304,10 +313,12 @@ int EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx)
OPENSSL_cleanse(ctx->md_data,ctx->digest->ctx_size);
OPENSSL_free(ctx->md_data);
}
+#ifndef OPENSSL_NO_ENGINE
if(ctx->engine)
/* The EVP_MD we used belongs to an ENGINE, release the
* functional reference we held for this reason. */
ENGINE_finish(ctx->engine);
+#endif
memset(ctx,'\0',sizeof *ctx);
return 1;
diff --git a/crypto/openssl/crypto/evp/evp_acnf.c b/crypto/openssl/crypto/evp/evp_acnf.c
index a68b979bdbd9..54c073ca444c 100644
--- a/crypto/openssl/crypto/evp/evp_acnf.c
+++ b/crypto/openssl/crypto/evp/evp_acnf.c
@@ -59,7 +59,9 @@
#include "cryptlib.h"
#include <openssl/evp.h>
#include <openssl/conf.h>
+#ifndef OPENSSL_NO_ENGINE
#include <openssl/engine.h>
+#endif
/* Load all algorithms and configure OpenSSL.
diff --git a/crypto/openssl/crypto/evp/evp_enc.c b/crypto/openssl/crypto/evp/evp_enc.c
index 66c48d1431fc..be0758a87965 100644
--- a/crypto/openssl/crypto/evp/evp_enc.c
+++ b/crypto/openssl/crypto/evp/evp_enc.c
@@ -60,7 +60,9 @@
#include "cryptlib.h"
#include <openssl/evp.h>
#include <openssl/err.h>
+#ifndef OPENSSL_NO_ENGINE
#include <openssl/engine.h>
+#endif
#include "evp_locl.h"
const char *EVP_version="EVP" OPENSSL_VERSION_PTEXT;
@@ -91,6 +93,7 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *imp
enc = 1;
ctx->encrypt = enc;
}
+#ifndef OPENSSL_NO_ENGINE
/* Whether it's nice or not, "Inits" can be used on "Final"'d contexts
* so this context may already have an ENGINE! Try to avoid releasing
* the previous handle, re-querying for an ENGINE, and having a
@@ -98,6 +101,7 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *imp
if (ctx->engine && ctx->cipher && (!cipher ||
(cipher && (cipher->nid == ctx->cipher->nid))))
goto skip_to_init;
+#endif
if (cipher)
{
/* Ensure a context left lying around from last time is cleared
@@ -107,6 +111,7 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *imp
/* Restore encrypt field: it is zeroed by cleanup */
ctx->encrypt = enc;
+#ifndef OPENSSL_NO_ENGINE
if(impl)
{
if (!ENGINE_init(impl))
@@ -140,6 +145,7 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *imp
}
else
ctx->engine = NULL;
+#endif
ctx->cipher=cipher;
ctx->cipher_data=OPENSSL_malloc(ctx->cipher->ctx_size);
@@ -159,7 +165,9 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *imp
EVPerr(EVP_F_EVP_CIPHERINIT, EVP_R_NO_CIPHER_SET);
return 0;
}
+#ifndef OPENSSL_NO_ENGINE
skip_to_init:
+#endif
/* we assume block size is a power of 2 in *cryptUpdate */
OPENSSL_assert(ctx->cipher->block_size == 1
|| ctx->cipher->block_size == 8
@@ -236,7 +244,7 @@ int EVP_EncryptInit_ex(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *cipher, ENGINE *imp
int EVP_DecryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
const unsigned char *key, const unsigned char *iv)
{
- return EVP_CipherInit_ex(ctx, cipher, NULL, key, iv, 0);
+ return EVP_CipherInit(ctx, cipher, key, iv, 0);
}
int EVP_DecryptInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *impl,
@@ -460,10 +468,12 @@ int EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *c)
}
if (c->cipher_data)
OPENSSL_free(c->cipher_data);
+#ifndef OPENSSL_NO_ENGINE
if (c->engine)
/* The EVP_CIPHER we used belongs to an ENGINE, release the
* functional reference we held for this reason. */
ENGINE_finish(c->engine);
+#endif
memset(c,0,sizeof(EVP_CIPHER_CTX));
return 1;
}
diff --git a/crypto/openssl/crypto/evp/evp_test.c b/crypto/openssl/crypto/evp/evp_test.c
index 698aff21dc7f..28460173f7ef 100644
--- a/crypto/openssl/crypto/evp/evp_test.c
+++ b/crypto/openssl/crypto/evp/evp_test.c
@@ -53,7 +53,10 @@
#include "../e_os.h"
#include <openssl/evp.h>
+#ifndef OPENSSL_NO_ENGINE
#include <openssl/engine.h>
+#endif
+#include <openssl/err.h>
#include <openssl/conf.h>
static void hexdump(FILE *f,const char *title,const unsigned char *s,int l)
@@ -330,11 +333,14 @@ int main(int argc,char **argv)
/* Load up the software EVP_CIPHER and EVP_MD definitions */
OpenSSL_add_all_ciphers();
OpenSSL_add_all_digests();
+#ifndef OPENSSL_NO_ENGINE
/* Load all compiled-in ENGINEs */
ENGINE_load_builtin_engines();
+#endif
#if 0
OPENSSL_config();
#endif
+#ifndef OPENSSL_NO_ENGINE
/* Register all available ENGINE implementations of ciphers and digests.
* This could perhaps be changed to "ENGINE_register_all_complete()"? */
ENGINE_register_all_ciphers();
@@ -343,6 +349,7 @@ int main(int argc,char **argv)
* It'll prevent ENGINEs being ENGINE_init()ialised for cipher/digest use if
* they weren't already initialised. */
/* ENGINE_set_cipher_flags(ENGINE_CIPHER_FLAG_NOINIT); */
+#endif
for( ; ; )
{
@@ -384,7 +391,9 @@ int main(int argc,char **argv)
}
}
+#ifndef OPENSSL_NO_ENGINE
ENGINE_cleanup();
+#endif
EVP_cleanup();
CRYPTO_cleanup_all_ex_data();
ERR_remove_state(0);
diff --git a/crypto/openssl/crypto/krb5/Makefile.ssl b/crypto/openssl/crypto/krb5/Makefile.ssl
index cc47c0547236..7136d7a4023c 100644
--- a/crypto/openssl/crypto/krb5/Makefile.ssl
+++ b/crypto/openssl/crypto/krb5/Makefile.ssl
@@ -41,7 +41,7 @@ all: lib
lib: $(LIBOBJ)
$(AR) $(LIB) $(LIBOBJ)
- $(RANLIB) $(LIB)
+ $(RANLIB) $(LIB) || echo Never mind.
@touch lib
files:
diff --git a/crypto/openssl/crypto/md2/md2test.c b/crypto/openssl/crypto/md2/md2test.c
index d2f6dce97fa0..901d0a7d8ea6 100644
--- a/crypto/openssl/crypto/md2/md2test.c
+++ b/crypto/openssl/crypto/md2/md2test.c
@@ -125,7 +125,6 @@ int main(int argc, char *argv[])
P++;
}
EXIT(err);
- return(0);
}
static char *pt(unsigned char *md)
diff --git a/crypto/openssl/crypto/md4/md4.c b/crypto/openssl/crypto/md4/md4.c
index 2ac2d914ffac..141415ad4df6 100644
--- a/crypto/openssl/crypto/md4/md4.c
+++ b/crypto/openssl/crypto/md4/md4.c
@@ -64,7 +64,7 @@
void do_fp(FILE *f);
void pt(unsigned char *md);
-#ifndef _OSD_POSIX
+#if !defined(_OSD_POSIX) && !defined(__DJGPP__)
int read(int, void *, unsigned int);
#endif
diff --git a/crypto/openssl/crypto/md5/Makefile.ssl b/crypto/openssl/crypto/md5/Makefile.ssl
index e28bb924517e..56cab5d882ba 100644
--- a/crypto/openssl/crypto/md5/Makefile.ssl
+++ b/crypto/openssl/crypto/md5/Makefile.ssl
@@ -21,14 +21,6 @@ MD5_ASM_OBJ=
CFLAGS= $(INCLUDES) $(CFLAG)
-# We let the C compiler driver to take care of .s files. This is done in
-# order to be excused from maintaining a separate set of architecture
-# dependent assembler flags. E.g. if you throw -mcpu=ultrasparc at SPARC
-# gcc, then the driver will automatically translate it to -xarch=v8plus
-# and pass it down to assembler.
-AS=$(CC) -c
-ASFLAGS=$(CFLAGS)
-
GENERAL=Makefile
TEST=md5test.c
APPS=
@@ -55,14 +47,8 @@ lib: $(LIBOBJ)
@touch lib
# elf
-asm/mx86-elf.o: asm/mx86unix.cpp
- $(CPP) -DELF -x c asm/mx86unix.cpp | as -o asm/mx86-elf.o
-
-# solaris
-asm/mx86-sol.o: asm/mx86unix.cpp
- $(CC) -E -DSOL asm/mx86unix.cpp | sed 's/^#.*//' > asm/mx86-sol.s
- as -o asm/mx86-sol.o asm/mx86-sol.s
- rm -f asm/mx86-sol.s
+asm/mx86-elf.s: asm/md5-586.pl ../perlasm/x86asm.pl
+ (cd asm; $(PERL) md5-586.pl elf $(CFLAGS) > mx86-elf.s)
# a.out
asm/mx86-out.o: asm/mx86unix.cpp
@@ -125,7 +111,7 @@ dclean:
mv -f Makefile.new $(MAKEFILE)
clean:
- rm -f asm/mx86unix.cpp *.o asm/*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+ rm -f asm/mx86unix.cpp asm/*-elf.* *.o asm/*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
# DO NOT DELETE THIS LINE -- make depend depends on it.
diff --git a/crypto/openssl/crypto/md5/md5.c b/crypto/openssl/crypto/md5/md5.c
index 7ed0024ae195..563733abc506 100644
--- a/crypto/openssl/crypto/md5/md5.c
+++ b/crypto/openssl/crypto/md5/md5.c
@@ -64,7 +64,7 @@
void do_fp(FILE *f);
void pt(unsigned char *md);
-#ifndef _OSD_POSIX
+#if !defined(_OSD_POSIX) && !defined(__DJGPP__)
int read(int, void *, unsigned int);
#endif
diff --git a/crypto/openssl/crypto/md5/md5.h b/crypto/openssl/crypto/md5/md5.h
index cfdbf03fe169..a252e0211543 100644
--- a/crypto/openssl/crypto/md5/md5.h
+++ b/crypto/openssl/crypto/md5/md5.h
@@ -78,7 +78,7 @@ extern "C" {
#if defined(OPENSSL_SYS_WIN16) || defined(__LP32__)
#define MD5_LONG unsigned long
-#elif defined(OENSSL_SYS_CRAY) || defined(__ILP64__)
+#elif defined(OPENSSL_SYS_CRAY) || defined(__ILP64__)
#define MD5_LONG unsigned long
#define MD5_LONG_LOG2 3
/*
diff --git a/crypto/openssl/crypto/mem.c b/crypto/openssl/crypto/mem.c
index d7d3cda5dcd2..29df7d35b248 100644
--- a/crypto/openssl/crypto/mem.c
+++ b/crypto/openssl/crypto/mem.c
@@ -252,6 +252,8 @@ void *CRYPTO_malloc_locked(int num, const char *file, int line)
void *ret = NULL;
extern unsigned char cleanse_ctr;
+ if (num < 0) return NULL;
+
allow_customize = 0;
if (malloc_debug_func != NULL)
{
@@ -291,6 +293,8 @@ void *CRYPTO_malloc(int num, const char *file, int line)
void *ret = NULL;
extern unsigned char cleanse_ctr;
+ if (num < 0) return NULL;
+
allow_customize = 0;
if (malloc_debug_func != NULL)
{
@@ -319,6 +323,9 @@ void *CRYPTO_realloc(void *str, int num, const char *file, int line)
if (str == NULL)
return CRYPTO_malloc(num, file, line);
+
+ if (num < 0) return NULL;
+
if (realloc_debug_func != NULL)
realloc_debug_func(str, NULL, num, file, line, 0);
ret = realloc_ex_func(str,num,file,line);
@@ -338,6 +345,9 @@ void *CRYPTO_realloc_clean(void *str, int old_len, int num, const char *file,
if (str == NULL)
return CRYPTO_malloc(num, file, line);
+
+ if (num < 0) return NULL;
+
if (realloc_debug_func != NULL)
realloc_debug_func(str, NULL, num, file, line, 0);
ret=malloc_ex_func(num,file,line);
diff --git a/crypto/openssl/crypto/o_time.c b/crypto/openssl/crypto/o_time.c
index 1bc0297b3659..ca5f3ea48e0a 100644
--- a/crypto/openssl/crypto/o_time.c
+++ b/crypto/openssl/crypto/o_time.c
@@ -80,7 +80,8 @@ struct tm *OPENSSL_gmtime(const time_t *timer, struct tm *result)
ts = result;
#elif !defined(OPENSSL_SYS_VMS)
ts = gmtime(timer);
- memcpy(result, ts, sizeof(struct tm));
+ if (ts != NULL)
+ memcpy(result, ts, sizeof(struct tm));
ts = result;
#endif
#ifdef OPENSSL_SYS_VMS
diff --git a/crypto/openssl/crypto/objects/obj_dat.h b/crypto/openssl/crypto/objects/obj_dat.h
index 511c7b4c0fbb..969b18a34196 100644
--- a/crypto/openssl/crypto/objects/obj_dat.h
+++ b/crypto/openssl/crypto/objects/obj_dat.h
@@ -827,7 +827,7 @@ static ASN1_OBJECT nid_objs[NUM_NID]={
{"RC4-40","rc4-40",NID_rc4_40,0,NULL},
{"RC2-40-CBC","rc2-40-cbc",NID_rc2_40_cbc,0,NULL},
{"GN","givenName",NID_givenName,3,&(lvalues[535]),0},
-{"SN","surName",NID_surname,3,&(lvalues[538]),0},
+{"SN","surname",NID_surname,3,&(lvalues[538]),0},
{"initials","initials",NID_initials,3,&(lvalues[541]),0},
{NULL,NULL,NID_undef,0,NULL},
{"crlDistributionPoints","X509v3 CRL Distribution Points",
@@ -3005,7 +3005,7 @@ static ASN1_OBJECT *ln_objs[NUM_LN]={
&(nid_objs[16]),/* "stateOrProvinceName" */
&(nid_objs[498]),/* "subtreeMaximumQuality" */
&(nid_objs[497]),/* "subtreeMinimumQuality" */
-&(nid_objs[100]),/* "surName" */
+&(nid_objs[100]),/* "surname" */
&(nid_objs[459]),/* "textEncodedORAddress" */
&(nid_objs[293]),/* "textNotice" */
&(nid_objs[106]),/* "title" */
diff --git a/crypto/openssl/crypto/objects/obj_mac.h b/crypto/openssl/crypto/objects/obj_mac.h
index a66b5b9255f3..7645012298ec 100644
--- a/crypto/openssl/crypto/objects/obj_mac.h
+++ b/crypto/openssl/crypto/objects/obj_mac.h
@@ -1596,7 +1596,7 @@
#define OBJ_commonName OBJ_X509,3L
#define SN_surname "SN"
-#define LN_surname "surName"
+#define LN_surname "surname"
#define NID_surname 100
#define OBJ_surname OBJ_X509,4L
diff --git a/crypto/openssl/crypto/objects/objects.txt b/crypto/openssl/crypto/objects/objects.txt
index f1c206f85113..3ba11f65ccff 100644
--- a/crypto/openssl/crypto/objects/objects.txt
+++ b/crypto/openssl/crypto/objects/objects.txt
@@ -531,8 +531,7 @@ algorithm 29 : RSA-SHA1-2 : sha1WithRSA
X500 4 : X509
X509 3 : CN : commonName
-!Cname surname
-X509 4 : SN : surName
+X509 4 : SN : surname
X509 5 : : serialNumber
X509 6 : C : countryName
X509 7 : L : localityName
diff --git a/crypto/openssl/crypto/ocsp/Makefile.ssl b/crypto/openssl/crypto/ocsp/Makefile.ssl
index 4b2d8ec8bb29..8d5a85a55cae 100644
--- a/crypto/openssl/crypto/ocsp/Makefile.ssl
+++ b/crypto/openssl/crypto/ocsp/Makefile.ssl
@@ -43,7 +43,7 @@ all: lib
lib: $(LIBOBJ)
$(AR) $(LIB) $(LIBOBJ)
- $(RANLIB) $(LIB)
+ $(RANLIB) $(LIB) || echo Never mind.
@touch lib
files:
diff --git a/crypto/openssl/crypto/opensslv.h b/crypto/openssl/crypto/opensslv.h
index 516012f73be6..396ae7b3dced 100644
--- a/crypto/openssl/crypto/opensslv.h
+++ b/crypto/openssl/crypto/opensslv.h
@@ -25,8 +25,8 @@
* (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for
* major minor fix final patch/beta)
*/
-#define OPENSSL_VERSION_NUMBER 0x0090700fL
-#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.7 31 Dec 2002"
+#define OPENSSL_VERSION_NUMBER 0x0090701fL
+#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.7a Feb 19 2003"
#define OPENSSL_VERSION_PTEXT " part of " OPENSSL_VERSION_TEXT
diff --git a/crypto/openssl/crypto/perlasm/x86asm.pl b/crypto/openssl/crypto/perlasm/x86asm.pl
index 9a3d85b0984b..1cb96e914ab6 100644
--- a/crypto/openssl/crypto/perlasm/x86asm.pl
+++ b/crypto/openssl/crypto/perlasm/x86asm.pl
@@ -18,9 +18,9 @@ sub main'asm_init
($type,$fn,$i386)=@_;
$filename=$fn;
- $cpp=$sol=$aout=$win32=$gaswin=0;
+ $elf=$cpp=$sol=$aout=$win32=$gaswin=0;
if ( ($type eq "elf"))
- { require "x86unix.pl"; }
+ { $elf=1; require "x86unix.pl"; }
elsif ( ($type eq "a.out"))
{ $aout=1; require "x86unix.pl"; }
elsif ( ($type eq "gaswin"))
@@ -47,6 +47,9 @@ EOF
exit(1);
}
+ $pic=0;
+ for (@ARGV) { $pic=1 if (/\-[fK]PIC/i); }
+
&asm_init_output();
&comment("Don't even think of reading this code");
@@ -91,7 +94,7 @@ $tmp
#undef SIZE
#undef TYPE
#define SIZE(a,b)
-#define TYPE(a,b)
+#define TYPE(a,b) .def a; .scl 2; .type 32; .endef
#endif /* __CYGWIN || __DJGPP */
#endif
diff --git a/crypto/openssl/crypto/perlasm/x86ms.pl b/crypto/openssl/crypto/perlasm/x86ms.pl
index abcb7c1303ed..35f1a4ddb931 100644
--- a/crypto/openssl/crypto/perlasm/x86ms.pl
+++ b/crypto/openssl/crypto/perlasm/x86ms.pl
@@ -367,4 +367,10 @@ sub out1p
push(@out,"\t$name\t ".&conv($p1)."\n");
}
+sub main'picmeup
+ {
+ local($dst,$sym)=@_;
+ &main'lea($dst,&main'DWP($sym));
+ }
+
sub main'blindpop { &out1("pop",@_); }
diff --git a/crypto/openssl/crypto/perlasm/x86nasm.pl b/crypto/openssl/crypto/perlasm/x86nasm.pl
index 796556159ca6..f30b7466d45d 100644
--- a/crypto/openssl/crypto/perlasm/x86nasm.pl
+++ b/crypto/openssl/crypto/perlasm/x86nasm.pl
@@ -344,4 +344,10 @@ sub out1p
push(@out,"\t$name\t ".&conv($p1)."\n");
}
+sub main'picmeup
+ {
+ local($dst,$sym)=@_;
+ &main'lea($dst,&main'DWP($sym));
+ }
+
sub main'blindpop { &out1("pop",@_); }
diff --git a/crypto/openssl/crypto/perlasm/x86unix.pl b/crypto/openssl/crypto/perlasm/x86unix.pl
index 3ad889ffd60d..72bde061c563 100644
--- a/crypto/openssl/crypto/perlasm/x86unix.pl
+++ b/crypto/openssl/crypto/perlasm/x86unix.pl
@@ -345,15 +345,15 @@ sub main'function_end
popl %ebx
popl %ebp
ret
-.${func}_end:
+.L_${func}_end:
EOF
push(@out,$tmp);
if ($main'cpp)
- { push(@out,"\tSIZE($func,.${func}_end-$func)\n"); }
+ { push(@out,"\tSIZE($func,.L_${func}_end-$func)\n"); }
elsif ($main'gaswin)
{ $tmp=push(@out,"\t.align 4\n"); }
- else { push(@out,"\t.size\t$func,.${func}_end-$func\n"); }
+ else { push(@out,"\t.size\t$func,.L_${func}_end-$func\n"); }
push(@out,".ident \"$func\"\n");
$stack=0;
%label=();
@@ -426,6 +426,11 @@ sub main'swtmp
sub main'comment
{
+ if ($main'elf) # GNU and SVR4 as'es use different comment delimiters,
+ { # so we just skip comments...
+ push(@out,"\n");
+ return;
+ }
foreach (@_)
{
if (/^\s*$/)
@@ -546,7 +551,9 @@ sub popvars
sub main'picmeup
{
local($dst,$sym)=@_;
- local($tmp)=<<___;
+ if ($main'cpp)
+ {
+ local($tmp)=<<___;
#if (defined(ELF) || defined(SOL)) && defined(PIC)
.align 8
call 1f
@@ -557,7 +564,22 @@ sub main'picmeup
leal $sym,$regs{$dst}
#endif
___
- push(@out,$tmp);
+ push(@out,$tmp);
+ }
+ elsif ($main'pic && ($main'elf || $main'aout))
+ {
+ push(@out,"\t.align\t8\n");
+ &main'call(&main'label("PIC_me_up"));
+ &main'set_label("PIC_me_up");
+ &main'blindpop($dst);
+ &main'add($dst,"\$$under"."_GLOBAL_OFFSET_TABLE_+[.-".
+ &main'label("PIC_me_up") . "]");
+ &main'mov($dst,&main'DWP($sym."\@GOT",$dst));
+ }
+ else
+ {
+ &main'lea($dst,&main'DWP($sym));
+ }
}
sub main'blindpop { &out1("popl",@_); }
diff --git a/crypto/openssl/crypto/rand/rand.h b/crypto/openssl/crypto/rand/rand.h
index 66e39991ec75..606382dd211c 100644
--- a/crypto/openssl/crypto/rand/rand.h
+++ b/crypto/openssl/crypto/rand/rand.h
@@ -87,7 +87,9 @@ extern int rand_predictable;
int RAND_set_rand_method(const RAND_METHOD *meth);
const RAND_METHOD *RAND_get_rand_method(void);
+#ifndef OPENSSL_NO_ENGINE
int RAND_set_rand_engine(ENGINE *engine);
+#endif
RAND_METHOD *RAND_SSLeay(void);
void RAND_cleanup(void );
int RAND_bytes(unsigned char *buf,int num);
diff --git a/crypto/openssl/crypto/rand/rand_lib.c b/crypto/openssl/crypto/rand/rand_lib.c
index 5cf5dc11886d..513e3389859e 100644
--- a/crypto/openssl/crypto/rand/rand_lib.c
+++ b/crypto/openssl/crypto/rand/rand_lib.c
@@ -60,19 +60,25 @@
#include <time.h>
#include "cryptlib.h"
#include <openssl/rand.h>
+#ifndef OPENSSL_NO_ENGINE
#include <openssl/engine.h>
+#endif
+#ifndef OPENSSL_NO_ENGINE
/* non-NULL if default_RAND_meth is ENGINE-provided */
static ENGINE *funct_ref =NULL;
+#endif
static const RAND_METHOD *default_RAND_meth = NULL;
int RAND_set_rand_method(const RAND_METHOD *meth)
{
+#ifndef OPENSSL_NO_ENGINE
if(funct_ref)
{
ENGINE_finish(funct_ref);
funct_ref = NULL;
}
+#endif
default_RAND_meth = meth;
return 1;
}
@@ -81,6 +87,7 @@ const RAND_METHOD *RAND_get_rand_method(void)
{
if (!default_RAND_meth)
{
+#ifndef OPENSSL_NO_ENGINE
ENGINE *e = ENGINE_get_default_RAND();
if(e)
{
@@ -94,11 +101,13 @@ const RAND_METHOD *RAND_get_rand_method(void)
if(e)
funct_ref = e;
else
+#endif
default_RAND_meth = RAND_SSLeay();
}
return default_RAND_meth;
}
+#ifndef OPENSSL_NO_ENGINE
int RAND_set_rand_engine(ENGINE *engine)
{
const RAND_METHOD *tmp_meth = NULL;
@@ -118,6 +127,7 @@ int RAND_set_rand_engine(ENGINE *engine)
funct_ref = engine;
return 1;
}
+#endif
void RAND_cleanup(void)
{
diff --git a/crypto/openssl/crypto/rc4/Makefile.ssl b/crypto/openssl/crypto/rc4/Makefile.ssl
index a1eb79fd08cd..b210b42f8f4b 100644
--- a/crypto/openssl/crypto/rc4/Makefile.ssl
+++ b/crypto/openssl/crypto/rc4/Makefile.ssl
@@ -52,14 +52,8 @@ lib: $(LIBOBJ)
@touch lib
# elf
-asm/rx86-elf.o: asm/rx86unix.cpp
- $(CPP) -DELF -x c asm/rx86unix.cpp | as -o asm/rx86-elf.o
-
-# solaris
-asm/rx86-sol.o: asm/rx86unix.cpp
- $(CC) -E -DSOL asm/rx86unix.cpp | sed 's/^#.*//' > asm/rx86-sol.s
- as -o asm/rx86-sol.o asm/rx86-sol.s
- rm -f asm/rx86-sol.s
+asm/rx86-elf.s: asm/rc4-586.pl ../perlasm/x86asm.pl
+ (cd asm; $(PERL) rc4-586.pl elf $(CFLAGS) > rx86-elf.s)
# a.out
asm/rx86-out.o: asm/rx86unix.cpp
@@ -104,7 +98,7 @@ dclean:
mv -f Makefile.new $(MAKEFILE)
clean:
- rm -f asm/rx86unix.cpp *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff asm/*.o
+ rm -f asm/rx86unix.cpp asm/*-elf.* *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff asm/*.o
# DO NOT DELETE THIS LINE -- make depend depends on it.
diff --git a/crypto/openssl/crypto/rc5/Makefile.ssl b/crypto/openssl/crypto/rc5/Makefile.ssl
index bb4704d5f542..3ad665594686 100644
--- a/crypto/openssl/crypto/rc5/Makefile.ssl
+++ b/crypto/openssl/crypto/rc5/Makefile.ssl
@@ -49,14 +49,8 @@ lib: $(LIBOBJ)
@touch lib
# elf
-asm/r586-elf.o: asm/r586unix.cpp
- $(CPP) -DELF -x c asm/r586unix.cpp | as -o asm/r586-elf.o
-
-# solaris
-asm/r586-sol.o: asm/r586unix.cpp
- $(CC) -E -DSOL asm/r586unix.cpp | sed 's/^#.*//' > asm/r586-sol.s
- as -o asm/r586-sol.o asm/r586-sol.s
- rm -f asm/r586-sol.s
+asm/r586-elf.s: asm/rc5-586.pl ../perlasm/x86asm.pl ../perlasm/cbc.pl
+ (cd asm; $(PERL) rc5-586.pl elf $(CFLAGS) > r586-elf.s)
# a.out
asm/r586-out.o: asm/r586unix.cpp
@@ -101,7 +95,7 @@ dclean:
mv -f Makefile.new $(MAKEFILE)
clean:
- rm -f asm/r586unix.cpp *.o asm/*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+ rm -f asm/r586unix.cpp asm/*-elf.* *.o asm/*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
# DO NOT DELETE THIS LINE -- make depend depends on it.
diff --git a/crypto/openssl/crypto/rc5/rc5_locl.h b/crypto/openssl/crypto/rc5/rc5_locl.h
index d2dccce96c13..f4ebc23004b8 100644
--- a/crypto/openssl/crypto/rc5/rc5_locl.h
+++ b/crypto/openssl/crypto/rc5/rc5_locl.h
@@ -149,7 +149,7 @@
#if defined(OPENSSL_SYS_WIN32) && defined(_MSC_VER)
#define ROTATE_l32(a,n) _lrotl(a,n)
#define ROTATE_r32(a,n) _lrotr(a,n)
-#elif defined(__GNUC__) && __GNUC__>=2 && !defined(__STRICT_ANSI__) && !defined(NO_ASM) && !defined(NO_INLINE_ASM)
+#elif defined(__GNUC__) && __GNUC__>=2 && !defined(__STRICT_ANSI__) && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM) && !defined(PEDANTIC)
# if defined(__i386) || defined(__i386__) || defined(__x86_64) || defined(__x86_64__)
# define ROTATE_l32(a,n) ({ register unsigned int ret; \
asm ("roll %%cl,%0" \
diff --git a/crypto/openssl/crypto/ripemd/Makefile.ssl b/crypto/openssl/crypto/ripemd/Makefile.ssl
index 6f1a9c59a2ff..3583dfdcaf32 100644
--- a/crypto/openssl/crypto/ripemd/Makefile.ssl
+++ b/crypto/openssl/crypto/ripemd/Makefile.ssl
@@ -47,14 +47,8 @@ lib: $(LIBOBJ)
@touch lib
# elf
-asm/rm86-elf.o: asm/rm86unix.cpp
- $(CPP) -DELF -x c asm/rm86unix.cpp | as -o asm/rm86-elf.o
-
-# solaris
-asm/rm86-sol.o: asm/rm86unix.cpp
- $(CC) -E -DSOL asm/rm86unix.cpp | sed 's/^#.*//' > asm/rm86-sol.s
- as -o asm/rm86-sol.o asm/rm86-sol.s
- rm -f asm/rm86-sol.s
+asm/rm86-elf.s: asm/rmd-586.pl ../perlasm/x86asm.pl
+ (cd asm; $(PERL) rmd-586.pl elf $(CFLAGS) > rm86-elf.s)
# a.out
asm/rm86-out.o: asm/rm86unix.cpp
@@ -99,7 +93,7 @@ dclean:
mv -f Makefile.new $(MAKEFILE)
clean:
- rm -f asm/rm86unix.cpp *.o asm/*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+ rm -f asm/rm86unix.cpp asm/*-elf.* *.o asm/*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
# DO NOT DELETE THIS LINE -- make depend depends on it.
diff --git a/crypto/openssl/crypto/ripemd/rmd160.c b/crypto/openssl/crypto/ripemd/rmd160.c
index 4f8b88a18ac1..b0ec57449890 100644
--- a/crypto/openssl/crypto/ripemd/rmd160.c
+++ b/crypto/openssl/crypto/ripemd/rmd160.c
@@ -64,7 +64,7 @@
void do_fp(FILE *f);
void pt(unsigned char *md);
-#ifndef _OSD_POSIX
+#if !defined(_OSD_POSIX) && !defined(__DJGPP__)
int read(int, void *, unsigned int);
#endif
diff --git a/crypto/openssl/crypto/rsa/rsa_eay.c b/crypto/openssl/crypto/rsa/rsa_eay.c
index ce93c4032e7e..29ce4511bcaf 100644
--- a/crypto/openssl/crypto/rsa/rsa_eay.c
+++ b/crypto/openssl/crypto/rsa/rsa_eay.c
@@ -61,7 +61,9 @@
#include <openssl/bn.h>
#include <openssl/rsa.h>
#include <openssl/rand.h>
+#ifndef OPENSSL_NO_ENGINE
#include <openssl/engine.h>
+#endif
#ifndef RSA_NULL
diff --git a/crypto/openssl/crypto/rsa/rsa_lib.c b/crypto/openssl/crypto/rsa/rsa_lib.c
index 93235744f7a9..889c36d3a6f4 100644
--- a/crypto/openssl/crypto/rsa/rsa_lib.c
+++ b/crypto/openssl/crypto/rsa/rsa_lib.c
@@ -62,7 +62,9 @@
#include <openssl/lhash.h>
#include <openssl/bn.h>
#include <openssl/rsa.h>
+#ifndef OPENSSL_NO_ENGINE
#include <openssl/engine.h>
+#endif
const char *RSA_version="RSA" OPENSSL_VERSION_PTEXT;
@@ -108,11 +110,13 @@ int RSA_set_method(RSA *rsa, const RSA_METHOD *meth)
const RSA_METHOD *mtmp;
mtmp = rsa->meth;
if (mtmp->finish) mtmp->finish(rsa);
+#ifndef OPENSSL_NO_ENGINE
if (rsa->engine)
{
ENGINE_finish(rsa->engine);
rsa->engine = NULL;
}
+#endif
rsa->meth = meth;
if (meth->init) meth->init(rsa);
return 1;
@@ -130,6 +134,7 @@ RSA *RSA_new_method(ENGINE *engine)
}
ret->meth = RSA_get_default_method();
+#ifndef OPENSSL_NO_ENGINE
if (engine)
{
if (!ENGINE_init(engine))
@@ -154,6 +159,7 @@ RSA *RSA_new_method(ENGINE *engine)
return NULL;
}
}
+#endif
ret->pad=0;
ret->version=0;
@@ -175,8 +181,10 @@ RSA *RSA_new_method(ENGINE *engine)
CRYPTO_new_ex_data(CRYPTO_EX_INDEX_RSA, ret, &ret->ex_data);
if ((ret->meth->init != NULL) && !ret->meth->init(ret))
{
+#ifndef OPENSSL_NO_ENGINE
if (ret->engine)
ENGINE_finish(ret->engine);
+#endif
CRYPTO_free_ex_data(CRYPTO_EX_INDEX_RSA, ret, &ret->ex_data);
OPENSSL_free(ret);
ret=NULL;
@@ -205,8 +213,10 @@ void RSA_free(RSA *r)
if (r->meth->finish)
r->meth->finish(r);
+#ifndef OPENSSL_NO_ENGINE
if (r->engine)
ENGINE_finish(r->engine);
+#endif
CRYPTO_free_ex_data(CRYPTO_EX_INDEX_RSA, r, &r->ex_data);
diff --git a/crypto/openssl/crypto/rsa/rsa_sign.c b/crypto/openssl/crypto/rsa/rsa_sign.c
index 4ac2de340790..9dd62ac956ba 100644
--- a/crypto/openssl/crypto/rsa/rsa_sign.c
+++ b/crypto/openssl/crypto/rsa/rsa_sign.c
@@ -62,7 +62,9 @@
#include <openssl/rsa.h>
#include <openssl/objects.h>
#include <openssl/x509.h>
+#ifndef OPENSSL_NO_ENGINE
#include <openssl/engine.h>
+#endif
/* Size of an SSL signature: MD5+SHA1 */
#define SSL_SIG_LENGTH 36
@@ -77,10 +79,12 @@ int RSA_sign(int type, const unsigned char *m, unsigned int m_len,
const unsigned char *s = NULL;
X509_ALGOR algor;
ASN1_OCTET_STRING digest;
+#ifndef OPENSSL_NO_ENGINE
if((rsa->flags & RSA_FLAG_SIGN_VER)
&& ENGINE_get_RSA(rsa->engine)->rsa_sign)
return ENGINE_get_RSA(rsa->engine)->rsa_sign(type,
m, m_len, sigret, siglen, rsa);
+#endif
/* Special case: SSL signature, just check the length */
if(type == NID_md5_sha1) {
if(m_len != SSL_SIG_LENGTH) {
@@ -155,10 +159,12 @@ int RSA_verify(int dtype, const unsigned char *m, unsigned int m_len,
return(0);
}
+#ifndef OPENSSL_NO_ENGINE
if((rsa->flags & RSA_FLAG_SIGN_VER)
&& ENGINE_get_RSA(rsa->engine)->rsa_verify)
return ENGINE_get_RSA(rsa->engine)->rsa_verify(dtype,
m, m_len, sigbuf, siglen, rsa);
+#endif
s=(unsigned char *)OPENSSL_malloc((unsigned int)siglen);
if (s == NULL)
diff --git a/crypto/openssl/crypto/rsa/rsa_test.c b/crypto/openssl/crypto/rsa/rsa_test.c
index b8b462d33b56..99abb1fde782 100644
--- a/crypto/openssl/crypto/rsa/rsa_test.c
+++ b/crypto/openssl/crypto/rsa/rsa_test.c
@@ -16,7 +16,9 @@ int main(int argc, char *argv[])
}
#else
#include <openssl/rsa.h>
+#ifndef OPENSSL_NO_ENGINE
#include <openssl/engine.h>
+#endif
#define SetKey \
key->n = BN_bin2bn(n, sizeof(n)-1, key->n); \
diff --git a/crypto/openssl/crypto/sha/Makefile.ssl b/crypto/openssl/crypto/sha/Makefile.ssl
index 64873976a4c8..864645c8b547 100644
--- a/crypto/openssl/crypto/sha/Makefile.ssl
+++ b/crypto/openssl/crypto/sha/Makefile.ssl
@@ -47,14 +47,8 @@ lib: $(LIBOBJ)
@touch lib
# elf
-asm/sx86-elf.o: asm/sx86unix.cpp
- $(CPP) -DELF -x c asm/sx86unix.cpp | as -o asm/sx86-elf.o
-
-# solaris
-asm/sx86-sol.o: asm/sx86unix.cpp
- $(CC) -E -DSOL asm/sx86unix.cpp | sed 's/^#.*//' > asm/sx86-sol.s
- as -o asm/sx86-sol.o asm/sx86-sol.s
- rm -f asm/sx86-sol.s
+asm/sx86-elf.s: asm/sha1-586.pl ../perlasm/x86asm.pl
+ (cd asm; $(PERL) sha1-586.pl elf $(CFLAGS) $(PROCESSOR) > sx86-elf.s)
# a.out
asm/sx86-out.o: asm/sx86unix.cpp
@@ -99,7 +93,7 @@ dclean:
mv -f Makefile.new $(MAKEFILE)
clean:
- rm -f asm/sx86unix.cpp *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff asm/*.o
+ rm -f asm/sx86unix.cpp asm/*-elf.* *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff asm/*.o
# DO NOT DELETE THIS LINE -- make depend depends on it.
diff --git a/crypto/openssl/crypto/ui/Makefile.ssl b/crypto/openssl/crypto/ui/Makefile.ssl
index 256f536a6869..90ae7d4a4a24 100644
--- a/crypto/openssl/crypto/ui/Makefile.ssl
+++ b/crypto/openssl/crypto/ui/Makefile.ssl
@@ -44,7 +44,7 @@ all: lib
lib: $(LIBOBJ)
$(AR) $(LIB) $(LIBOBJ)
- $(RANLIB) $(LIB)
+ $(RANLIB) $(LIB) || echo Never mind.
@touch lib
files:
diff --git a/crypto/openssl/crypto/ui/ui_openssl.c b/crypto/openssl/crypto/ui/ui_openssl.c
index e1a872ef7ca2..75318d48a142 100644
--- a/crypto/openssl/crypto/ui/ui_openssl.c
+++ b/crypto/openssl/crypto/ui/ui_openssl.c
@@ -550,7 +550,7 @@ static int echo_console(UI *ui)
static int close_console(UI *ui)
{
- if (tty_in != stderr) fclose(tty_in);
+ if (tty_in != stdin) fclose(tty_in);
if (tty_out != stderr) fclose(tty_out);
#ifdef OPENSSL_SYS_VMS
status = sys$dassgn(channel);
diff --git a/crypto/openssl/crypto/x509v3/ext_dat.h b/crypto/openssl/crypto/x509v3/ext_dat.h
index 2fb97d89254d..5442480595b3 100644
--- a/crypto/openssl/crypto/x509v3/ext_dat.h
+++ b/crypto/openssl/crypto/x509v3/ext_dat.h
@@ -90,17 +90,23 @@ static X509V3_EXT_METHOD *standard_exts[] = {
&v3_crld,
&v3_ext_ku,
&v3_crl_reason,
+#ifndef OPENSSL_NO_OCSP
&v3_crl_invdate,
+#endif
&v3_sxnet,
&v3_info,
+#ifndef OPENSSL_NO_OCSP
&v3_ocsp_nonce,
&v3_ocsp_crlid,
&v3_ocsp_accresp,
&v3_ocsp_nocheck,
&v3_ocsp_acutoff,
&v3_ocsp_serviceloc,
+#endif
&v3_sinfo,
+#ifndef OPENSSL_NO_OCSP
&v3_crl_hold
+#endif
};
/* Number of standard extensions */
diff --git a/crypto/openssl/crypto/x509v3/v3_ocsp.c b/crypto/openssl/crypto/x509v3/v3_ocsp.c
index 083112314e61..21badc13f9f0 100644
--- a/crypto/openssl/crypto/x509v3/v3_ocsp.c
+++ b/crypto/openssl/crypto/x509v3/v3_ocsp.c
@@ -56,6 +56,8 @@
*
*/
+#ifndef OPENSSL_NO_OCSP
+
#include <stdio.h>
#include "cryptlib.h"
#include <openssl/conf.h>
@@ -270,3 +272,4 @@ static int i2r_ocsp_serviceloc(X509V3_EXT_METHOD *method, void *in, BIO *bp, int
err:
return 0;
}
+#endif
diff --git a/crypto/openssl/crypto/x509v3/v3_purp.c b/crypto/openssl/crypto/x509v3/v3_purp.c
index b739e4fd837c..4d145f71fd03 100644
--- a/crypto/openssl/crypto/x509v3/v3_purp.c
+++ b/crypto/openssl/crypto/x509v3/v3_purp.c
@@ -378,6 +378,10 @@ static void x509v3_cache_extensions(X509 *x)
case NID_time_stamp:
x->ex_xkusage |= XKU_TIMESTAMP;
break;
+
+ case NID_dvcs:
+ x->ex_xkusage |= XKU_DVCS;
+ break;
}
}
sk_ASN1_OBJECT_pop_free(extusage, ASN1_OBJECT_free);
diff --git a/crypto/openssl/crypto/x509v3/v3conf.c b/crypto/openssl/crypto/x509v3/v3conf.c
index 67ee14f33484..00cf5b4a5b2e 100644
--- a/crypto/openssl/crypto/x509v3/v3conf.c
+++ b/crypto/openssl/crypto/x509v3/v3conf.c
@@ -118,7 +118,7 @@ int main(int argc, char **argv)
printf("%s", OBJ_nid2ln(OBJ_obj2nid(ext->object)));
if(ext->critical) printf(",critical:\n");
else printf(":\n");
- X509V3_EXT_print_fp(stdout, ext, 0);
+ X509V3_EXT_print_fp(stdout, ext, 0, 0);
printf("\n");
}
diff --git a/crypto/openssl/crypto/x509v3/x509v3.h b/crypto/openssl/crypto/x509v3/x509v3.h
index daecc55271e4..fb07a19016fd 100644
--- a/crypto/openssl/crypto/x509v3/x509v3.h
+++ b/crypto/openssl/crypto/x509v3/x509v3.h
@@ -352,6 +352,7 @@ DECLARE_ASN1_SET_OF(POLICYINFO)
#define XKU_SGC 0x10
#define XKU_OCSP_SIGN 0x20
#define XKU_TIMESTAMP 0x40
+#define XKU_DVCS 0x80
#define X509_PURPOSE_DYNAMIC 0x1
#define X509_PURPOSE_DYNAMIC_NAME 0x2
diff --git a/crypto/openssl/demos/x509/mkcert.c b/crypto/openssl/demos/x509/mkcert.c
index 8304d30e0b65..c5e67b8e28e4 100644
--- a/crypto/openssl/demos/x509/mkcert.c
+++ b/crypto/openssl/demos/x509/mkcert.c
@@ -9,7 +9,9 @@
#include <openssl/pem.h>
#include <openssl/conf.h>
#include <openssl/x509v3.h>
+#ifndef OPENSSL_NO_ENGINE
#include <openssl/engine.h>
+#endif
int mkcert(X509 **x509p, EVP_PKEY **pkeyp, int bits, int serial, int days);
int add_ext(X509 *cert, int nid, char *value);
@@ -35,7 +37,9 @@ int main(int argc, char **argv)
X509_free(x509);
EVP_PKEY_free(pkey);
+#ifndef OPENSSL_NO_ENGINE
ENGINE_cleanup();
+#endif
CRYPTO_cleanup_all_ex_data();
CRYPTO_mem_leaks(bio_err);
diff --git a/crypto/openssl/demos/x509/mkreq.c b/crypto/openssl/demos/x509/mkreq.c
index d69dcc392b9f..3dfc65f16435 100644
--- a/crypto/openssl/demos/x509/mkreq.c
+++ b/crypto/openssl/demos/x509/mkreq.c
@@ -8,7 +8,9 @@
#include <openssl/pem.h>
#include <openssl/conf.h>
#include <openssl/x509v3.h>
+#ifndef OPENSSL_NO_ENGINE
#include <openssl/engine.h>
+#endif
int mkreq(X509_REQ **x509p, EVP_PKEY **pkeyp, int bits, int serial, int days);
int add_ext(STACK_OF(X509_REQUEST) *sk, int nid, char *value);
@@ -33,7 +35,9 @@ int main(int argc, char **argv)
X509_REQ_free(req);
EVP_PKEY_free(pkey);
+#ifndef OPENSSL_NO_ENGINE
ENGINE_cleanup();
+#endif
CRYPTO_cleanup_all_ex_data();
CRYPTO_mem_leaks(bio_err);
diff --git a/crypto/openssl/doc/HOWTO/certificates.txt b/crypto/openssl/doc/HOWTO/certificates.txt
index 88048645dbef..82166e0dc23e 100644
--- a/crypto/openssl/doc/HOWTO/certificates.txt
+++ b/crypto/openssl/doc/HOWTO/certificates.txt
@@ -1,6 +1,8 @@
<DRAFT!>
HOWTO certificates
+1. Introduction
+
How you handle certificates depend a great deal on what your role is.
Your role can be one or several of:
@@ -13,12 +15,14 @@ Certificate authorities should read ca.txt.
In all the cases shown below, the standard configuration file, as
compiled into openssl, will be used. You may find it in /etc/,
-/usr/local/ssr/ or somewhere else. The name is openssl.cnf, and
+/usr/local/ssl/ or somewhere else. The name is openssl.cnf, and
is better described in another HOWTO <config.txt?>. If you want to
use a different configuration file, use the argument '-config {file}'
with the command shown below.
+2. Relationship with keys
+
Certificates are related to public key cryptography by containing a
public key. To be useful, there must be a corresponding private key
somewhere. With OpenSSL, public keys are easily derived from private
@@ -26,22 +30,25 @@ keys, so before you create a certificate or a certificate request, you
need to create a private key.
Private keys are generated with 'openssl genrsa' if you want a RSA
-private key, or 'openssl gendsa' if you want a DSA private key. More
-info on how to handle these commands are found in the manual pages for
-those commands or by running them with the argument '-h'. For the
-sake of the description in this file, let's assume that the private
-key ended up in the file privkey.pem (which is the default in some
-cases).
-
-
-Let's start with the most normal way of getting a certificate. Most
-often, you want or need to get a certificate from a certificate
-authority. To handle that, the certificate authority needs a
-certificate request (or, as some certificate authorities like to put
+private key, or 'openssl gendsa' if you want a DSA private key.
+Further information on how to create private keys can be found in
+another HOWTO <keys.txt?>. The rest of this text assumes you have
+a private key in the file privkey.pem.
+
+
+3. Creating a certificate request
+
+To create a certificate, you need to start with a certificate
+request (or, as some certificate authorities like to put
it, "certificate signing request", since that's exactly what they do,
they sign it and give you the result back, thus making it authentic
-according to their policies) from you. To generate a request, use the
-command 'openssl req' like this:
+according to their policies). A certificate request can then be sent
+to a certificate authority to get it signed into a certificate, or if
+you have your own certificate authority, you may sign it yourself, or
+if you need a self-signed certificate (because you just want a test
+certificate or because you are setting up your own CA).
+
+The certificate is created like this:
openssl req -new -key privkey.pem -out cert.csr
@@ -55,9 +62,25 @@ When the certificate authority has then done the checks the need to
do (and probably gotten payment from you), they will hand over your
new certificate to you.
+Section 5 will tell you more on how to handle the certificate you
+received.
+
+
+4. Creating a self-signed certificate
+
+If you don't want to deal with another certificate authority, or just
+want to create a test certificate for yourself, or are setting up a
+certificate authority of your own, you may want to make the requested
+certificate a self-signed one. If you have created a certificate
+request as shown above, you can sign it using the 'openssl x509'
+command, for example like this (to create a self-signed CA
+certificate):
+
+ openssl x509 -req -in cert.csr -extfile openssl.cnf -extensions v3_ca \
+ -signkey privkey.pem -out cacert.pem -trustout
-[fill in on how to create a self-signed certificate]
+5. What to do with the certificate
If you created everything yourself, or if the certificate authority
was kind enough, your certificate is a raw DER thing in PEM format.
diff --git a/crypto/openssl/doc/apps/ca.pod b/crypto/openssl/doc/apps/ca.pod
index 183cd475c8f0..de66c534b5cc 100644
--- a/crypto/openssl/doc/apps/ca.pod
+++ b/crypto/openssl/doc/apps/ca.pod
@@ -43,6 +43,7 @@ B<openssl> B<ca>
[B<-msie_hack>]
[B<-extensions section>]
[B<-extfile section>]
+[B<-engine id>]
=head1 DESCRIPTION
@@ -195,6 +196,13 @@ an additional configuration file to read certificate extensions from
(using the default section unless the B<-extensions> option is also
used).
+=item B<-engine id>
+
+specifying an engine (by it's unique B<id> string) will cause B<req>
+to attempt to obtain a functional reference to the specified engine,
+thus initialising it if needed. The engine will then be set as the default
+for all available algorithms.
+
=back
=head1 CRL OPTIONS
diff --git a/crypto/openssl/doc/apps/dhparam.pod b/crypto/openssl/doc/apps/dhparam.pod
index ff8a6e5e5b63..c31db95a4732 100644
--- a/crypto/openssl/doc/apps/dhparam.pod
+++ b/crypto/openssl/doc/apps/dhparam.pod
@@ -18,6 +18,7 @@ B<openssl dhparam>
[B<-2>]
[B<-5>]
[B<-rand> I<file(s)>]
+[B<-engine id>]
[I<numbits>]
=head1 DESCRIPTION
@@ -96,6 +97,13 @@ this option prints out the DH parameters in human readable form.
this option converts the parameters into C code. The parameters can then
be loaded by calling the B<get_dh>I<numbits>B<()> function.
+=item B<-engine id>
+
+specifying an engine (by it's unique B<id> string) will cause B<req>
+to attempt to obtain a functional reference to the specified engine,
+thus initialising it if needed. The engine will then be set as the default
+for all available algorithms.
+
=back
=head1 WARNINGS
diff --git a/crypto/openssl/doc/apps/dsa.pod b/crypto/openssl/doc/apps/dsa.pod
index 28e534bb9561..ed06b8806d8c 100644
--- a/crypto/openssl/doc/apps/dsa.pod
+++ b/crypto/openssl/doc/apps/dsa.pod
@@ -21,6 +21,7 @@ B<openssl> B<dsa>
[B<-modulus>]
[B<-pubin>]
[B<-pubout>]
+[B<-engine id>]
=head1 DESCRIPTION
@@ -106,6 +107,13 @@ by default a private key is output. With this option a public
key will be output instead. This option is automatically set if the input is
a public key.
+=item B<-engine id>
+
+specifying an engine (by it's unique B<id> string) will cause B<req>
+to attempt to obtain a functional reference to the specified engine,
+thus initialising it if needed. The engine will then be set as the default
+for all available algorithms.
+
=back
=head1 NOTES
diff --git a/crypto/openssl/doc/apps/dsaparam.pod b/crypto/openssl/doc/apps/dsaparam.pod
index 50c2f61242fc..b9b1b93b42ec 100644
--- a/crypto/openssl/doc/apps/dsaparam.pod
+++ b/crypto/openssl/doc/apps/dsaparam.pod
@@ -16,6 +16,7 @@ B<openssl dsaparam>
[B<-C>]
[B<-rand file(s)>]
[B<-genkey>]
+[B<-engine id>]
[B<numbits>]
=head1 DESCRIPTION
@@ -82,6 +83,13 @@ this option specifies that a parameter set should be generated of size
B<numbits>. It must be the last option. If this option is included then
the input file (if any) is ignored.
+=item B<-engine id>
+
+specifying an engine (by it's unique B<id> string) will cause B<req>
+to attempt to obtain a functional reference to the specified engine,
+thus initialising it if needed. The engine will then be set as the default
+for all available algorithms.
+
=back
=head1 NOTES
diff --git a/crypto/openssl/doc/apps/gendsa.pod b/crypto/openssl/doc/apps/gendsa.pod
index 74318fe7fb63..2c56cc788897 100644
--- a/crypto/openssl/doc/apps/gendsa.pod
+++ b/crypto/openssl/doc/apps/gendsa.pod
@@ -12,6 +12,7 @@ B<openssl> B<gendsa>
[B<-des3>]
[B<-idea>]
[B<-rand file(s)>]
+[B<-engine id>]
[B<paramfile>]
=head1 DESCRIPTION
@@ -37,6 +38,13 @@ Multiple files can be specified separated by a OS-dependent character.
The separator is B<;> for MS-Windows, B<,> for OpenVMS, and B<:> for
all others.
+=item B<-engine id>
+
+specifying an engine (by it's unique B<id> string) will cause B<req>
+to attempt to obtain a functional reference to the specified engine,
+thus initialising it if needed. The engine will then be set as the default
+for all available algorithms.
+
=item B<paramfile>
This option specifies the DSA parameter file to use. The parameters in this
diff --git a/crypto/openssl/doc/apps/genrsa.pod b/crypto/openssl/doc/apps/genrsa.pod
index cdcc03c1237b..25af4d1475cd 100644
--- a/crypto/openssl/doc/apps/genrsa.pod
+++ b/crypto/openssl/doc/apps/genrsa.pod
@@ -15,6 +15,7 @@ B<openssl> B<genrsa>
[B<-f4>]
[B<-3>]
[B<-rand file(s)>]
+[B<-engine id>]
[B<numbits>]
=head1 DESCRIPTION
@@ -54,6 +55,13 @@ Multiple files can be specified separated by a OS-dependent character.
The separator is B<;> for MS-Windows, B<,> for OpenVMS, and B<:> for
all others.
+=item B<-engine id>
+
+specifying an engine (by it's unique B<id> string) will cause B<req>
+to attempt to obtain a functional reference to the specified engine,
+thus initialising it if needed. The engine will then be set as the default
+for all available algorithms.
+
=item B<numbits>
the size of the private key to generate in bits. This must be the last option
diff --git a/crypto/openssl/doc/apps/pkcs7.pod b/crypto/openssl/doc/apps/pkcs7.pod
index 9871c0e0cdc3..a0a636328b59 100644
--- a/crypto/openssl/doc/apps/pkcs7.pod
+++ b/crypto/openssl/doc/apps/pkcs7.pod
@@ -14,6 +14,7 @@ B<openssl> B<pkcs7>
[B<-print_certs>]
[B<-text>]
[B<-noout>]
+[B<-engine id>]
=head1 DESCRIPTION
@@ -59,6 +60,13 @@ issuer names.
don't output the encoded version of the PKCS#7 structure (or certificates
is B<-print_certs> is set).
+=item B<-engine id>
+
+specifying an engine (by it's unique B<id> string) will cause B<req>
+to attempt to obtain a functional reference to the specified engine,
+thus initialising it if needed. The engine will then be set as the default
+for all available algorithms.
+
=back
=head1 EXAMPLES
diff --git a/crypto/openssl/doc/apps/pkcs8.pod b/crypto/openssl/doc/apps/pkcs8.pod
index a56b2dd00204..68ecd65b1019 100644
--- a/crypto/openssl/doc/apps/pkcs8.pod
+++ b/crypto/openssl/doc/apps/pkcs8.pod
@@ -21,6 +21,7 @@ B<openssl> B<pkcs8>
[B<-nsdb>]
[B<-v2 alg>]
[B<-v1 alg>]
+[B<-engine id>]
=head1 DESCRIPTION
@@ -122,6 +123,13 @@ B<des>, B<des3> and B<rc2>. It is recommended that B<des3> is used.
This option specifies a PKCS#5 v1.5 or PKCS#12 algorithm to use. A complete
list of possible algorithms is included below.
+=item B<-engine id>
+
+specifying an engine (by it's unique B<id> string) will cause B<req>
+to attempt to obtain a functional reference to the specified engine,
+thus initialising it if needed. The engine will then be set as the default
+for all available algorithms.
+
=back
=head1 NOTES
diff --git a/crypto/openssl/doc/apps/req.pod b/crypto/openssl/doc/apps/req.pod
index 7a3b6bb99d37..e2b5d0d8ec22 100644
--- a/crypto/openssl/doc/apps/req.pod
+++ b/crypto/openssl/doc/apps/req.pod
@@ -41,6 +41,7 @@ B<openssl> B<req>
[B<-nameopt>]
[B<-batch>]
[B<-verbose>]
+[B<-engine id>]
=head1 DESCRIPTION
@@ -244,6 +245,13 @@ non-interactive mode.
print extra details about the operations being performed.
+=item B<-engine id>
+
+specifying an engine (by it's unique B<id> string) will cause B<req>
+to attempt to obtain a functional reference to the specified engine,
+thus initialising it if needed. The engine will then be set as the default
+for all available algorithms.
+
=back
=head1 CONFIGURATION FILE FORMAT
@@ -406,7 +414,7 @@ be input by calling it "1.organizationName".
The actual permitted field names are any object identifier short or
long names. These are compiled into OpenSSL and include the usual
values such as commonName, countryName, localityName, organizationName,
-organizationUnitName, stateOrPrivinceName. Additionally emailAddress
+organizationUnitName, stateOrProvinceName. Additionally emailAddress
is include as well as name, surname, givenName initials and dnQualifier.
Additional object identifiers can be defined with the B<oid_file> or
diff --git a/crypto/openssl/doc/apps/rsa.pod b/crypto/openssl/doc/apps/rsa.pod
index ef74f1adff5f..4d7640995ede 100644
--- a/crypto/openssl/doc/apps/rsa.pod
+++ b/crypto/openssl/doc/apps/rsa.pod
@@ -24,6 +24,7 @@ B<openssl> B<rsa>
[B<-check>]
[B<-pubin>]
[B<-pubout>]
+[B<-engine id>]
=head1 DESCRIPTION
@@ -117,6 +118,13 @@ by default a private key is output: with this option a public
key will be output instead. This option is automatically set if
the input is a public key.
+=item B<-engine id>
+
+specifying an engine (by it's unique B<id> string) will cause B<req>
+to attempt to obtain a functional reference to the specified engine,
+thus initialising it if needed. The engine will then be set as the default
+for all available algorithms.
+
=back
=head1 NOTES
diff --git a/crypto/openssl/doc/apps/spkac.pod b/crypto/openssl/doc/apps/spkac.pod
index bb84dfbe3352..c3f1ff9c6441 100644
--- a/crypto/openssl/doc/apps/spkac.pod
+++ b/crypto/openssl/doc/apps/spkac.pod
@@ -17,7 +17,7 @@ B<openssl> B<spkac>
[B<-spksect section>]
[B<-noout>]
[B<-verify>]
-
+[B<-engine id>]
=head1 DESCRIPTION
@@ -79,6 +79,12 @@ being created).
verifies the digital signature on the supplied SPKAC.
+=item B<-engine id>
+
+specifying an engine (by it's unique B<id> string) will cause B<req>
+to attempt to obtain a functional reference to the specified engine,
+thus initialising it if needed. The engine will then be set as the default
+for all available algorithms.
=back
diff --git a/crypto/openssl/doc/apps/x509.pod b/crypto/openssl/doc/apps/x509.pod
index 674bfd17cdeb..50343cd68543 100644
--- a/crypto/openssl/doc/apps/x509.pod
+++ b/crypto/openssl/doc/apps/x509.pod
@@ -50,6 +50,7 @@ B<openssl> B<x509>
[B<-clrext>]
[B<-extfile filename>]
[B<-extensions section>]
+[B<-engine id>]
=head1 DESCRIPTION
@@ -98,6 +99,12 @@ digest, such as the B<-fingerprint>, B<-signkey> and B<-CA> options. If not
specified then MD5 is used. If the key being used to sign with is a DSA key then
this option has no effect: SHA1 is always used with DSA keys.
+=item B<-engine id>
+
+specifying an engine (by it's unique B<id> string) will cause B<req>
+to attempt to obtain a functional reference to the specified engine,
+thus initialising it if needed. The engine will then be set as the default
+for all available algorithms.
=back
@@ -637,8 +644,8 @@ certificate extensions:
Set a certificate to be trusted for SSL client use and change set its alias to
"Steve's Class 1 CA"
- openssl x509 -in cert.pem -addtrust sslclient \
- -alias "Steve's Class 1 CA" -out trust.pem
+ openssl x509 -in cert.pem -addtrust clientAuth \
+ -setalias "Steve's Class 1 CA" -out trust.pem
=head1 NOTES
diff --git a/crypto/openssl/doc/crypto/BN_generate_prime.pod b/crypto/openssl/doc/crypto/BN_generate_prime.pod
index 6ea23791d1a1..7dccacbc1e55 100644
--- a/crypto/openssl/doc/crypto/BN_generate_prime.pod
+++ b/crypto/openssl/doc/crypto/BN_generate_prime.pod
@@ -70,7 +70,7 @@ If B<do_trial_division == 0>, this test is skipped.
Both BN_is_prime() and BN_is_prime_fasttest() perform a Miller-Rabin
probabilistic primality test with B<checks> iterations. If
-B<checks == BN_prime_check>, a number of iterations is used that
+B<checks == BN_prime_checks>, a number of iterations is used that
yields a false positive rate of at most 2^-80 for random input.
If B<callback> is not B<NULL>, B<callback(1, j, cb_arg)> is called
diff --git a/crypto/openssl/doc/crypto/EVP_SealInit.pod b/crypto/openssl/doc/crypto/EVP_SealInit.pod
index 25ef07f7c7ba..b5e477e29421 100644
--- a/crypto/openssl/doc/crypto/EVP_SealInit.pod
+++ b/crypto/openssl/doc/crypto/EVP_SealInit.pod
@@ -18,22 +18,28 @@ EVP_SealInit, EVP_SealUpdate, EVP_SealFinal - EVP envelope encryption
=head1 DESCRIPTION
The EVP envelope routines are a high level interface to envelope
-encryption. They generate a random key and then "envelope" it by
-using public key encryption. Data can then be encrypted using this
-key.
+encryption. They generate a random key and IV (if required) then
+"envelope" it by using public key encryption. Data can then be
+encrypted using this key.
EVP_SealInit() initializes a cipher context B<ctx> for encryption
-with cipher B<type> using a random secret key and IV supplied in
-the B<iv> parameter. B<type> is normally supplied by a function such
-as EVP_des_cbc(). The secret key is encrypted using one or more public
-keys, this allows the same encrypted data to be decrypted using any
-of the corresponding private keys. B<ek> is an array of buffers where
-the public key encrypted secret key will be written, each buffer must
-contain enough room for the corresponding encrypted key: that is
+with cipher B<type> using a random secret key and IV. B<type> is normally
+supplied by a function such as EVP_des_cbc(). The secret key is encrypted
+using one or more public keys, this allows the same encrypted data to be
+decrypted using any of the corresponding private keys. B<ek> is an array of
+buffers where the public key encrypted secret key will be written, each buffer
+must contain enough room for the corresponding encrypted key: that is
B<ek[i]> must have room for B<EVP_PKEY_size(pubk[i])> bytes. The actual
size of each encrypted secret key is written to the array B<ekl>. B<pubk> is
an array of B<npubk> public keys.
+The B<iv> parameter is a buffer where the generated IV is written to. It must
+contain enough room for the corresponding cipher's IV, as determined by (for
+example) EVP_CIPHER_iv_length(type).
+
+If the cipher does not require an IV then the B<iv> parameter is ignored
+and can be B<NULL>.
+
EVP_SealUpdate() and EVP_SealFinal() have exactly the same properties
as the EVP_EncryptUpdate() and EVP_EncryptFinal() routines, as
documented on the L<EVP_EncryptInit(3)|EVP_EncryptInit(3)> manual
diff --git a/crypto/openssl/doc/standards.txt b/crypto/openssl/doc/standards.txt
index 44d263bd1abc..edbe2f3a57de 100644
--- a/crypto/openssl/doc/standards.txt
+++ b/crypto/openssl/doc/standards.txt
@@ -45,10 +45,6 @@ whole or at least great parts) in OpenSSL.
2315 PKCS 7: Cryptographic Message Syntax Version 1.5. B. Kaliski.
March 1998. (Format: TXT=69679 bytes) (Status: INFORMATIONAL)
-2437 PKCS #1: RSA Cryptography Specifications Version 2.0. B. Kaliski,
- J. Staddon. October 1998. (Format: TXT=73529 bytes) (Obsoletes
- RFC2313) (Status: INFORMATIONAL)
-
PKCS#8: Private-Key Information Syntax Standard
PKCS#12: Personal Information Exchange Syntax Standard, version 1.0.
@@ -87,6 +83,11 @@ PKCS#12: Personal Information Exchange Syntax Standard, version 1.0.
Ford, D. Solo. April 2002. (Format: TXT=295556 bytes) (Obsoletes
RFC2459) (Status: PROPOSED STANDARD)
+3447 Public-Key Cryptography Standards (PKCS) #1: RSA Cryptography
+ Specifications Version 2.1. J. Jonsson, B. Kaliski. February 2003.
+ (Format: TXT=143173 bytes) (Obsoletes RFC2437) (Status:
+ INFORMATIONAL)
+
Related:
--------
diff --git a/crypto/openssl/openssl.spec b/crypto/openssl/openssl.spec
index 4d68d705ae0a..e3ec71adf723 100644
--- a/crypto/openssl/openssl.spec
+++ b/crypto/openssl/openssl.spec
@@ -1,15 +1,15 @@
%define libmaj 0
%define libmin 9
%define librel 7
-#%define librev a
+%define librev a
Release: 1
%define openssldir /var/ssl
Summary: Secure Sockets Layer and cryptography libraries and tools
Name: openssl
-Version: %{libmaj}.%{libmin}.%{librel}
-#Version: %{libmaj}.%{libmin}.%{librel}%{librev}
+#Version: %{libmaj}.%{libmin}.%{librel}
+Version: %{libmaj}.%{libmin}.%{librel}%{librev}
Source0: ftp://ftp.openssl.org/source/%{name}-%{version}.tar.gz
Copyright: Freely distributable
Group: System Environment/Libraries
diff --git a/crypto/openssl/ssl/bio_ssl.c b/crypto/openssl/ssl/bio_ssl.c
index 467e1499470e..d683ee43e192 100644
--- a/crypto/openssl/ssl/bio_ssl.c
+++ b/crypto/openssl/ssl/bio_ssl.c
@@ -403,6 +403,10 @@ static long ssl_ctrl(BIO *b, int cmd, long num, void *ptr)
{
BIO_free_all(ssl->wbio);
}
+ if (b->next_bio != NULL)
+ {
+ CRYPTO_add(&b->next_bio->references,1,CRYPTO_LOCK_BIO);
+ }
ssl->wbio=NULL;
ssl->rbio=NULL;
break;
@@ -509,6 +513,7 @@ static int ssl_puts(BIO *bp, const char *str)
BIO *BIO_new_buffer_ssl_connect(SSL_CTX *ctx)
{
+#ifndef OPENSSL_NO_SOCK
BIO *ret=NULL,*buf=NULL,*ssl=NULL;
if ((buf=BIO_new(BIO_f_buffer())) == NULL)
@@ -521,6 +526,7 @@ BIO *BIO_new_buffer_ssl_connect(SSL_CTX *ctx)
err:
if (buf != NULL) BIO_free(buf);
if (ssl != NULL) BIO_free(ssl);
+#endif
return(NULL);
}
diff --git a/crypto/openssl/ssl/s2_clnt.c b/crypto/openssl/ssl/s2_clnt.c
index c6319bb63da6..1d24dedc918b 100644
--- a/crypto/openssl/ssl/s2_clnt.c
+++ b/crypto/openssl/ssl/s2_clnt.c
@@ -1021,7 +1021,7 @@ static int get_server_finished(SSL *s)
if (!(s->options & SSL_OP_MICROSOFT_SESS_ID_BUG))
{
if ((s->session->session_id_length > sizeof s->session->session_id)
- || (0 != memcmp(buf, s->session->session_id,
+ || (0 != memcmp(buf + 1, s->session->session_id,
(unsigned int)s->session->session_id_length)))
{
ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
diff --git a/crypto/openssl/ssl/s3_both.c b/crypto/openssl/ssl/s3_both.c
index 38a7152814ff..64d317b7ac35 100644
--- a/crypto/openssl/ssl/s3_both.c
+++ b/crypto/openssl/ssl/s3_both.c
@@ -268,6 +268,13 @@ unsigned long ssl3_output_cert_chain(SSL *s, X509 *x)
X509_STORE_CTX xs_ctx;
X509_OBJECT obj;
+ int no_chain;
+
+ if ((s->mode & SSL_MODE_NO_AUTO_CHAIN) || s->ctx->extra_certs)
+ no_chain = 1;
+ else
+ no_chain = 0;
+
/* TLSv1 sends a chain with nothing in it, instead of an alert */
buf=s->init_buf;
if (!BUF_MEM_grow_clean(buf,10))
@@ -277,7 +284,7 @@ unsigned long ssl3_output_cert_chain(SSL *s, X509 *x)
}
if (x != NULL)
{
- if(!X509_STORE_CTX_init(&xs_ctx,s->ctx->cert_store,NULL,NULL))
+ if(!no_chain && !X509_STORE_CTX_init(&xs_ctx,s->ctx->cert_store,NULL,NULL))
{
SSLerr(SSL_F_SSL3_OUTPUT_CERT_CHAIN,ERR_R_X509_LIB);
return(0);
@@ -295,6 +302,10 @@ unsigned long ssl3_output_cert_chain(SSL *s, X509 *x)
l2n3(n,p);
i2d_X509(x,&p);
l+=n+3;
+
+ if (no_chain)
+ break;
+
if (X509_NAME_cmp(X509_get_subject_name(x),
X509_get_issuer_name(x)) == 0) break;
@@ -306,8 +317,8 @@ unsigned long ssl3_output_cert_chain(SSL *s, X509 *x)
* ref count */
X509_free(x);
}
-
- X509_STORE_CTX_cleanup(&xs_ctx);
+ if (!no_chain)
+ X509_STORE_CTX_cleanup(&xs_ctx);
}
/* Thawte special :-) */
diff --git a/crypto/openssl/ssl/s3_enc.c b/crypto/openssl/ssl/s3_enc.c
index 35fde29c8a5f..559924d3681b 100644
--- a/crypto/openssl/ssl/s3_enc.c
+++ b/crypto/openssl/ssl/s3_enc.c
@@ -474,6 +474,7 @@ int ssl3_enc(SSL *s, int send)
ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECRYPTION_FAILED);
return 0;
}
+ /* otherwise, rec->length >= bs */
}
EVP_Cipher(ds,rec->data,rec->input,l);
@@ -482,7 +483,7 @@ int ssl3_enc(SSL *s, int send)
{
i=rec->data[l-1]+1;
/* SSL 3.0 bounds the number of padding bytes by the block size;
- * padding bytes (except that last) are arbitrary */
+ * padding bytes (except the last one) are arbitrary */
if (i > bs)
{
/* Incorrect padding. SSLerr() and ssl3_alert are done
@@ -491,6 +492,7 @@ int ssl3_enc(SSL *s, int send)
* (see http://www.openssl.org/~bodo/tls-cbc.txt) */
return -1;
}
+ /* now i <= bs <= rec->length */
rec->length-=i;
}
}
diff --git a/crypto/openssl/ssl/s3_pkt.c b/crypto/openssl/ssl/s3_pkt.c
index 6ccea9aee586..3f88429e79a6 100644
--- a/crypto/openssl/ssl/s3_pkt.c
+++ b/crypto/openssl/ssl/s3_pkt.c
@@ -238,6 +238,8 @@ static int ssl3_get_record(SSL *s)
unsigned int mac_size;
int clear=0;
size_t extra;
+ int decryption_failed_or_bad_record_mac = 0;
+ unsigned char *mac = NULL;
rr= &(s->s3->rrec);
sess=s->session;
@@ -353,8 +355,11 @@ again:
/* SSLerr() and ssl3_send_alert() have been called */
goto err;
- /* otherwise enc_err == -1 */
- goto decryption_failed_or_bad_record_mac;
+ /* Otherwise enc_err == -1, which indicates bad padding
+ * (rec->length has not been changed in this case).
+ * To minimize information leaked via timing, we will perform
+ * the MAC computation anyway. */
+ decryption_failed_or_bad_record_mac = 1;
}
#ifdef TLS_DEBUG
@@ -380,28 +385,46 @@ printf("\n");
SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_PRE_MAC_LENGTH_TOO_LONG);
goto f_err;
#else
- goto decryption_failed_or_bad_record_mac;
+ decryption_failed_or_bad_record_mac = 1;
#endif
}
/* check the MAC for rr->input (it's in mac_size bytes at the tail) */
- if (rr->length < mac_size)
+ if (rr->length >= mac_size)
{
+ rr->length -= mac_size;
+ mac = &rr->data[rr->length];
+ }
+ else
+ {
+ /* record (minus padding) is too short to contain a MAC */
#if 0 /* OK only for stream ciphers */
al=SSL_AD_DECODE_ERROR;
SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_LENGTH_TOO_SHORT);
goto f_err;
#else
- goto decryption_failed_or_bad_record_mac;
+ decryption_failed_or_bad_record_mac = 1;
+ rr->length = 0;
#endif
}
- rr->length-=mac_size;
i=s->method->ssl3_enc->mac(s,md,0);
- if (memcmp(md,&(rr->data[rr->length]),mac_size) != 0)
+ if (mac == NULL || memcmp(md, mac, mac_size) != 0)
{
- goto decryption_failed_or_bad_record_mac;
+ decryption_failed_or_bad_record_mac = 1;
}
}
+ if (decryption_failed_or_bad_record_mac)
+ {
+ /* A separate 'decryption_failed' alert was introduced with TLS 1.0,
+ * SSL 3.0 only has 'bad_record_mac'. But unless a decryption
+ * failure is directly visible from the ciphertext anyway,
+ * we should not reveal which kind of error occured -- this
+ * might become visible to an attacker (e.g. via a logfile) */
+ al=SSL_AD_BAD_RECORD_MAC;
+ SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC);
+ goto f_err;
+ }
+
/* r->length is now just compressed */
if (s->expand != NULL)
{
@@ -443,14 +466,6 @@ printf("\n");
return(1);
-decryption_failed_or_bad_record_mac:
- /* Separate 'decryption_failed' alert was introduced with TLS 1.0,
- * SSL 3.0 only has 'bad_record_mac'. But unless a decryption
- * failure is directly visible from the ciphertext anyway,
- * we should not reveal which kind of error occured -- this
- * might become visible to an attacker (e.g. via logfile) */
- al=SSL_AD_BAD_RECORD_MAC;
- SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC);
f_err:
ssl3_send_alert(s,SSL3_AL_FATAL,al);
err:
diff --git a/crypto/openssl/ssl/ssl.h b/crypto/openssl/ssl/ssl.h
index f8e400d2ef0e..4ae845825949 100644
--- a/crypto/openssl/ssl/ssl.h
+++ b/crypto/openssl/ssl/ssl.h
@@ -521,6 +521,8 @@ typedef struct ssl_session_st
/* Never bother the application with retries if the transport
* is blocking: */
#define SSL_MODE_AUTO_RETRY 0x00000004L
+/* Don't attempt to automatically build certificate chain */
+#define SSL_MODE_NO_AUTO_CHAIN 0x00000008L
/* Note: SSL[_CTX]_set_{options,mode} use |= op on the previous value,
@@ -1227,14 +1229,12 @@ int SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file); /* PEM t
STACK_OF(X509_NAME) *SSL_load_client_CA_file(const char *file);
int SSL_add_file_cert_subjects_to_stack(STACK_OF(X509_NAME) *stackCAs,
const char *file);
-#ifndef OPENSSL_SYS_WIN32
#ifndef OPENSSL_SYS_VMS
#ifndef OPENSSL_SYS_MACINTOSH_CLASSIC /* XXXXX: Better scheme needed! [was: #ifndef MAC_OS_pre_X] */
int SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stackCAs,
const char *dir);
#endif
#endif
-#endif
#endif
diff --git a/crypto/openssl/ssl/ssl_cert.c b/crypto/openssl/ssl/ssl_cert.c
index 1f122559ba14..da90078a378b 100644
--- a/crypto/openssl/ssl/ssl_cert.c
+++ b/crypto/openssl/ssl/ssl_cert.c
@@ -781,7 +781,7 @@ err:
#endif
#endif
-#else
+#else /* OPENSSL_SYS_WIN32 */
int SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack,
const char *dir)
diff --git a/crypto/openssl/ssl/ssl_lib.c b/crypto/openssl/ssl/ssl_lib.c
index 091326f5d6fd..ddd811458779 100644
--- a/crypto/openssl/ssl/ssl_lib.c
+++ b/crypto/openssl/ssl/ssl_lib.c
@@ -1069,14 +1069,17 @@ int ssl_cipher_ptr_id_cmp(const SSL_CIPHER * const *ap,
* preference */
STACK_OF(SSL_CIPHER) *SSL_get_ciphers(SSL *s)
{
- if ((s != NULL) && (s->cipher_list != NULL))
- {
- return(s->cipher_list);
- }
- else if ((s->ctx != NULL) &&
- (s->ctx->cipher_list != NULL))
+ if (s != NULL)
{
- return(s->ctx->cipher_list);
+ if (s->cipher_list != NULL)
+ {
+ return(s->cipher_list);
+ }
+ else if ((s->ctx != NULL) &&
+ (s->ctx->cipher_list != NULL))
+ {
+ return(s->ctx->cipher_list);
+ }
}
return(NULL);
}
@@ -1085,14 +1088,17 @@ STACK_OF(SSL_CIPHER) *SSL_get_ciphers(SSL *s)
* algorithm id */
STACK_OF(SSL_CIPHER) *ssl_get_ciphers_by_id(SSL *s)
{
- if ((s != NULL) && (s->cipher_list_by_id != NULL))
- {
- return(s->cipher_list_by_id);
- }
- else if ((s != NULL) && (s->ctx != NULL) &&
- (s->ctx->cipher_list_by_id != NULL))
+ if (s != NULL)
{
- return(s->ctx->cipher_list_by_id);
+ if (s->cipher_list_by_id != NULL)
+ {
+ return(s->cipher_list_by_id);
+ }
+ else if ((s->ctx != NULL) &&
+ (s->ctx->cipher_list_by_id != NULL))
+ {
+ return(s->ctx->cipher_list_by_id);
+ }
}
return(NULL);
}
@@ -1890,6 +1896,7 @@ SSL *SSL_dup(SSL *s)
* they should not both point to the same object,
* and thus we can't use SSL_copy_session_id. */
+ ret->method->ssl_free(ret);
ret->method = s->method;
ret->method->ssl_new(ret);
diff --git a/crypto/openssl/ssl/ssltest.c b/crypto/openssl/ssl/ssltest.c
index 4fa9d41d59a7..42b6f1fc8b14 100644
--- a/crypto/openssl/ssl/ssltest.c
+++ b/crypto/openssl/ssl/ssltest.c
@@ -128,7 +128,9 @@
#include <openssl/evp.h>
#include <openssl/x509.h>
#include <openssl/ssl.h>
+#ifndef OPENSSL_NO_ENGINE
#include <openssl/engine.h>
+#endif
#include <openssl/err.h>
#include <openssl/rand.h>
@@ -760,7 +762,9 @@ end:
#ifndef OPENSSL_NO_RSA
free_tmp_rsa();
#endif
+#ifndef OPENSSL_NO_ENGINE
ENGINE_cleanup();
+#endif
CRYPTO_cleanup_all_ex_data();
ERR_free_strings();
ERR_remove_state(0);
diff --git a/crypto/openssl/test/Makefile.ssl b/crypto/openssl/test/Makefile.ssl
index 58e8cfe2c2ee..21ec82dd595f 100644
--- a/crypto/openssl/test/Makefile.ssl
+++ b/crypto/openssl/test/Makefile.ssl
@@ -15,6 +15,9 @@ MAKE= make -f $(MAKEFILE)
MAKEDEPPROG= makedepend
MAKEDEPEND= $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
PERL= perl
+# KRB5 stuff
+KRB5_INCLUDES=
+LIBKRB5=
PEX_LIBS=
EX_LIBS= #-lnsl -lsocket
@@ -119,14 +122,13 @@ apps:
@(cd ..; $(MAKE) DIRS=apps all)
SET_SO_PATHS=LIBPATH="`cd ..; pwd`"; LD_LIBRARY_PATH="$$LIBPATH"; DYLD_LIBRARY_PATH="$$LIBPATH"; SHLIB_PATH="$$LIBPATH"; \
- if [ "$(PLATFORM)" = "DJGPP" ]; then PATH="$$LIBPATH\;$$PATH"; \
- elif [ "$(PLATFORM)" = "Cygwin" ]; then PATH="$${LIBPATH}:$$PATH"; fi; \
+ if [ "$(PLATFORM)" = "Cygwin" ]; then PATH="$${LIBPATH}:$$PATH"; fi; \
export LD_LIBRARY_PATH DYLD_LIBRARY_PATH SHLIB_PATH LIBPATH PATH
alltests: \
test_des test_idea test_sha test_md4 test_md5 test_hmac \
test_md2 test_mdc2 \
- test_rmd test_rc2 test_rc4 test_rc5 test_bf test_cast test_rd \
+ test_rmd test_rc2 test_rc4 test_rc5 test_bf test_cast test_aes \
test_rand test_bn test_ec test_enc test_x509 test_rsa test_crl test_sid \
test_gen test_req test_pkcs7 test_verify test_dh test_dsa \
test_ss test_ca test_engine test_evp test_ssl
@@ -260,9 +262,9 @@ test_ca:
sh ./testca; \
fi
-test_rd: #$(RDTEST)
+test_aes: #$(AESTEST)
# @echo "test Rijndael"
-# $(SET_SO_PATHS); ./$(RDTEST)
+# $(SET_SO_PATHS); ./$(AESTEST)
lint:
lint -DLINT $(INCLUDES) $(SRC)>fluff
@@ -465,14 +467,14 @@ $(EVPTEST): $(EVPTEST).o $(DLIBCRYPTO)
$(CC) -o $(EVPTEST) $(CFLAGS) $(EVPTEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS) ; \
fi
-#$(RDTEST).o: $(RDTEST).c
-# $(CC) -c $(CFLAGS) -DINTERMEDIATE_VALUE_KAT -DTRACE_KAT_MCT $(RDTEST).c
+#$(AESTEST).o: $(AESTEST).c
+# $(CC) -c $(CFLAGS) -DINTERMEDIATE_VALUE_KAT -DTRACE_KAT_MCT $(AESTEST).c
-#$(RDTEST): $(RDTEST).o $(DLIBCRYPTO)
+#$(AESTEST): $(AESTEST).o $(DLIBCRYPTO)
# if [ "$(SHLIB_TARGET)" = "hpux-shared" -o "$(SHLIB_TARGET)" = "darwin-shared" ] ; then \
-# $(CC) -o $(RDTEST) $(CFLAGS) $(RDTEST).o $(PEX_LIBS) $(DLIBCRYPTO) $(EX_LIBS) ; \
+# $(CC) -o $(AESTEST) $(CFLAGS) $(AESTEST).o $(PEX_LIBS) $(DLIBCRYPTO) $(EX_LIBS) ; \
# else \
-# $(CC) -o $(RDTEST) $(CFLAGS) $(RDTEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS) ; \
+# $(CC) -o $(AESTEST) $(CFLAGS) $(AESTEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS) ; \
# fi
dummytest: dummytest.o $(DLIBCRYPTO)
diff --git a/crypto/openssl/test/testgen b/crypto/openssl/test/testgen
index 55c496f4bcc1..3798543e0473 100644
--- a/crypto/openssl/test/testgen
+++ b/crypto/openssl/test/testgen
@@ -27,6 +27,8 @@ fi
echo "This could take some time."
+rm -f testkey.pem testreq.pem
+
../apps/openssl req -config test.cnf $req_new -out testreq.pem
if [ $? != 0 ]; then
echo problems creating request
diff --git a/crypto/openssl/util/bat.sh b/crypto/openssl/util/bat.sh
index c6f48e8a7b15..4d9a8287d0cf 100755
--- a/crypto/openssl/util/bat.sh
+++ b/crypto/openssl/util/bat.sh
@@ -62,6 +62,7 @@ sub var_add
local($dir,$val)=@_;
local(@a,$_,$ret);
+ return("") if $no_engine && $dir =~ /\/engine/;
return("") if $no_idea && $dir =~ /\/idea/;
return("") if $no_rc2 && $dir =~ /\/rc2/;
return("") if $no_rc4 && $dir =~ /\/rc4/;
@@ -116,6 +117,7 @@ sub var_add
@a=grep(!/(^sha1)|(_sha1$)|(m_dss1$)/,@a) if $no_sha1;
@a=grep(!/_mdc2$/,@a) if $no_mdc2;
+ @a=grep(!/^engine$/,@a) if $no_engine;
@a=grep(!/(^rsa$)|(^genrsa$)|(^req$)|(^ca$)/,@a) if $no_rsa;
@a=grep(!/(^dsa$)|(^gendsa$)|(^dsaparam$)/,@a) if $no_dsa;
@a=grep(!/^gendsa$/,@a) if $no_sha1;
diff --git a/crypto/openssl/util/libeay.num b/crypto/openssl/util/libeay.num
index 81f5d31df95a..f5c8c0be8a0b 100755
--- a/crypto/openssl/util/libeay.num
+++ b/crypto/openssl/util/libeay.num
@@ -1881,72 +1881,72 @@ BIO_f_linebuffer 2463 EXIST:VMS:FUNCTION:
BN_bntest_rand 2464 EXIST::FUNCTION:
OPENSSL_issetugid 2465 EXIST::FUNCTION:
BN_rand_range 2466 EXIST::FUNCTION:
-ERR_load_ENGINE_strings 2467 EXIST::FUNCTION:
-ENGINE_set_DSA 2468 EXIST::FUNCTION:
-ENGINE_get_finish_function 2469 EXIST::FUNCTION:
-ENGINE_get_default_RSA 2470 EXIST::FUNCTION:
+ERR_load_ENGINE_strings 2467 EXIST::FUNCTION:ENGINE
+ENGINE_set_DSA 2468 EXIST::FUNCTION:ENGINE
+ENGINE_get_finish_function 2469 EXIST::FUNCTION:ENGINE
+ENGINE_get_default_RSA 2470 EXIST::FUNCTION:ENGINE
ENGINE_get_BN_mod_exp 2471 NOEXIST::FUNCTION:
DSA_get_default_openssl_method 2472 NOEXIST::FUNCTION:
-ENGINE_set_DH 2473 EXIST::FUNCTION:
+ENGINE_set_DH 2473 EXIST::FUNCTION:ENGINE
ENGINE_set_def_BN_mod_exp_crt 2474 NOEXIST::FUNCTION:
ENGINE_set_default_BN_mod_exp_crt 2474 NOEXIST::FUNCTION:
-ENGINE_init 2475 EXIST::FUNCTION:
+ENGINE_init 2475 EXIST::FUNCTION:ENGINE
DH_get_default_openssl_method 2476 NOEXIST::FUNCTION:
RSA_set_default_openssl_method 2477 NOEXIST::FUNCTION:
-ENGINE_finish 2478 EXIST::FUNCTION:
-ENGINE_load_public_key 2479 EXIST::FUNCTION:
-ENGINE_get_DH 2480 EXIST::FUNCTION:
-ENGINE_ctrl 2481 EXIST::FUNCTION:
-ENGINE_get_init_function 2482 EXIST::FUNCTION:
-ENGINE_set_init_function 2483 EXIST::FUNCTION:
-ENGINE_set_default_DSA 2484 EXIST::FUNCTION:
-ENGINE_get_name 2485 EXIST::FUNCTION:
-ENGINE_get_last 2486 EXIST::FUNCTION:
-ENGINE_get_prev 2487 EXIST::FUNCTION:
-ENGINE_get_default_DH 2488 EXIST::FUNCTION:
-ENGINE_get_RSA 2489 EXIST::FUNCTION:
-ENGINE_set_default 2490 EXIST::FUNCTION:
-ENGINE_get_RAND 2491 EXIST::FUNCTION:
-ENGINE_get_first 2492 EXIST::FUNCTION:
-ENGINE_by_id 2493 EXIST::FUNCTION:
-ENGINE_set_finish_function 2494 EXIST::FUNCTION:
+ENGINE_finish 2478 EXIST::FUNCTION:ENGINE
+ENGINE_load_public_key 2479 EXIST::FUNCTION:ENGINE
+ENGINE_get_DH 2480 EXIST::FUNCTION:ENGINE
+ENGINE_ctrl 2481 EXIST::FUNCTION:ENGINE
+ENGINE_get_init_function 2482 EXIST::FUNCTION:ENGINE
+ENGINE_set_init_function 2483 EXIST::FUNCTION:ENGINE
+ENGINE_set_default_DSA 2484 EXIST::FUNCTION:ENGINE
+ENGINE_get_name 2485 EXIST::FUNCTION:ENGINE
+ENGINE_get_last 2486 EXIST::FUNCTION:ENGINE
+ENGINE_get_prev 2487 EXIST::FUNCTION:ENGINE
+ENGINE_get_default_DH 2488 EXIST::FUNCTION:ENGINE
+ENGINE_get_RSA 2489 EXIST::FUNCTION:ENGINE
+ENGINE_set_default 2490 EXIST::FUNCTION:ENGINE
+ENGINE_get_RAND 2491 EXIST::FUNCTION:ENGINE
+ENGINE_get_first 2492 EXIST::FUNCTION:ENGINE
+ENGINE_by_id 2493 EXIST::FUNCTION:ENGINE
+ENGINE_set_finish_function 2494 EXIST::FUNCTION:ENGINE
ENGINE_get_def_BN_mod_exp_crt 2495 NOEXIST::FUNCTION:
ENGINE_get_default_BN_mod_exp_crt 2495 NOEXIST::FUNCTION:
RSA_get_default_openssl_method 2496 NOEXIST::FUNCTION:
-ENGINE_set_RSA 2497 EXIST::FUNCTION:
-ENGINE_load_private_key 2498 EXIST::FUNCTION:
-ENGINE_set_default_RAND 2499 EXIST::FUNCTION:
+ENGINE_set_RSA 2497 EXIST::FUNCTION:ENGINE
+ENGINE_load_private_key 2498 EXIST::FUNCTION:ENGINE
+ENGINE_set_default_RAND 2499 EXIST::FUNCTION:ENGINE
ENGINE_set_BN_mod_exp 2500 NOEXIST::FUNCTION:
-ENGINE_remove 2501 EXIST::FUNCTION:
-ENGINE_free 2502 EXIST::FUNCTION:
+ENGINE_remove 2501 EXIST::FUNCTION:ENGINE
+ENGINE_free 2502 EXIST::FUNCTION:ENGINE
ENGINE_get_BN_mod_exp_crt 2503 NOEXIST::FUNCTION:
-ENGINE_get_next 2504 EXIST::FUNCTION:
-ENGINE_set_name 2505 EXIST::FUNCTION:
-ENGINE_get_default_DSA 2506 EXIST::FUNCTION:
+ENGINE_get_next 2504 EXIST::FUNCTION:ENGINE
+ENGINE_set_name 2505 EXIST::FUNCTION:ENGINE
+ENGINE_get_default_DSA 2506 EXIST::FUNCTION:ENGINE
ENGINE_set_default_BN_mod_exp 2507 NOEXIST::FUNCTION:
-ENGINE_set_default_RSA 2508 EXIST::FUNCTION:
-ENGINE_get_default_RAND 2509 EXIST::FUNCTION:
+ENGINE_set_default_RSA 2508 EXIST::FUNCTION:ENGINE
+ENGINE_get_default_RAND 2509 EXIST::FUNCTION:ENGINE
ENGINE_get_default_BN_mod_exp 2510 NOEXIST::FUNCTION:
-ENGINE_set_RAND 2511 EXIST::FUNCTION:
-ENGINE_set_id 2512 EXIST::FUNCTION:
+ENGINE_set_RAND 2511 EXIST::FUNCTION:ENGINE
+ENGINE_set_id 2512 EXIST::FUNCTION:ENGINE
ENGINE_set_BN_mod_exp_crt 2513 NOEXIST::FUNCTION:
-ENGINE_set_default_DH 2514 EXIST::FUNCTION:
-ENGINE_new 2515 EXIST::FUNCTION:
-ENGINE_get_id 2516 EXIST::FUNCTION:
+ENGINE_set_default_DH 2514 EXIST::FUNCTION:ENGINE
+ENGINE_new 2515 EXIST::FUNCTION:ENGINE
+ENGINE_get_id 2516 EXIST::FUNCTION:ENGINE
DSA_set_default_openssl_method 2517 NOEXIST::FUNCTION:
-ENGINE_add 2518 EXIST::FUNCTION:
+ENGINE_add 2518 EXIST::FUNCTION:ENGINE
DH_set_default_openssl_method 2519 NOEXIST::FUNCTION:
-ENGINE_get_DSA 2520 EXIST::FUNCTION:
-ENGINE_get_ctrl_function 2521 EXIST::FUNCTION:
-ENGINE_set_ctrl_function 2522 EXIST::FUNCTION:
+ENGINE_get_DSA 2520 EXIST::FUNCTION:ENGINE
+ENGINE_get_ctrl_function 2521 EXIST::FUNCTION:ENGINE
+ENGINE_set_ctrl_function 2522 EXIST::FUNCTION:ENGINE
BN_pseudo_rand_range 2523 EXIST::FUNCTION:
X509_STORE_CTX_set_verify_cb 2524 EXIST::FUNCTION:
ERR_load_COMP_strings 2525 EXIST::FUNCTION:
PKCS12_item_decrypt_d2i 2526 EXIST::FUNCTION:
ASN1_UTF8STRING_it 2527 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
ASN1_UTF8STRING_it 2527 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-ENGINE_unregister_ciphers 2528 EXIST::FUNCTION:
-ENGINE_get_ciphers 2529 EXIST::FUNCTION:
+ENGINE_unregister_ciphers 2528 EXIST::FUNCTION:ENGINE
+ENGINE_get_ciphers 2529 EXIST::FUNCTION:ENGINE
d2i_OCSP_BASICRESP 2530 EXIST::FUNCTION:
KRB5_CHECKSUM_it 2531 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
KRB5_CHECKSUM_it 2531 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
@@ -1959,15 +1959,15 @@ X509V3_add1_i2d 2536 EXIST::FUNCTION:
PKCS7_ENVELOPE_it 2537 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
PKCS7_ENVELOPE_it 2537 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
UI_add_input_boolean 2538 EXIST::FUNCTION:
-ENGINE_unregister_RSA 2539 EXIST::FUNCTION:
+ENGINE_unregister_RSA 2539 EXIST::FUNCTION:ENGINE
X509V3_EXT_nconf 2540 EXIST::FUNCTION:
ASN1_GENERALSTRING_free 2541 EXIST::FUNCTION:
d2i_OCSP_CERTSTATUS 2542 EXIST::FUNCTION:
X509_REVOKED_set_serialNumber 2543 EXIST::FUNCTION:
X509_print_ex 2544 EXIST::FUNCTION:BIO
OCSP_ONEREQ_get1_ext_d2i 2545 EXIST::FUNCTION:
-ENGINE_register_all_RAND 2546 EXIST::FUNCTION:
-ENGINE_load_dynamic 2547 EXIST::FUNCTION:
+ENGINE_register_all_RAND 2546 EXIST::FUNCTION:ENGINE
+ENGINE_load_dynamic 2547 EXIST::FUNCTION:ENGINE
PBKDF2PARAM_it 2548 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
PBKDF2PARAM_it 2548 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
EXTENDED_KEY_USAGE_new 2549 EXIST::FUNCTION:
@@ -1987,7 +1987,7 @@ X509_STORE_set_purpose 2559 EXIST::FUNCTION:
i2d_ASN1_GENERALSTRING 2560 EXIST::FUNCTION:
OCSP_response_status 2561 EXIST::FUNCTION:
i2d_OCSP_SERVICELOC 2562 EXIST::FUNCTION:
-ENGINE_get_digest_engine 2563 EXIST::FUNCTION:
+ENGINE_get_digest_engine 2563 EXIST::FUNCTION:ENGINE
EC_GROUP_set_curve_GFp 2564 EXIST::FUNCTION:EC
OCSP_REQUEST_get_ext_by_OBJ 2565 EXIST::FUNCTION:
_ossl_old_des_random_key 2566 EXIST::FUNCTION:DES
@@ -2011,7 +2011,7 @@ _shadow_DES_rw_mode 2581 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIA
_shadow_DES_rw_mode 2581 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:DES
asn1_do_adb 2582 EXIST::FUNCTION:
ASN1_template_i2d 2583 EXIST::FUNCTION:
-ENGINE_register_DH 2584 EXIST::FUNCTION:
+ENGINE_register_DH 2584 EXIST::FUNCTION:ENGINE
UI_construct_prompt 2585 EXIST::FUNCTION:
X509_STORE_set_trust 2586 EXIST::FUNCTION:
UI_dup_input_string 2587 EXIST::FUNCTION:
@@ -2039,7 +2039,7 @@ OCSP_resp_find 2605 EXIST::FUNCTION:
BN_nnmod 2606 EXIST::FUNCTION:
X509_CRL_sort 2607 EXIST::FUNCTION:
X509_REVOKED_set_revocationDate 2608 EXIST::FUNCTION:
-ENGINE_register_RAND 2609 EXIST::FUNCTION:
+ENGINE_register_RAND 2609 EXIST::FUNCTION:ENGINE
OCSP_SERVICELOC_new 2610 EXIST::FUNCTION:
EC_POINT_set_affine_coordinates_GFp 2611 EXIST:!VMS:FUNCTION:EC
EC_POINT_set_affine_coords_GFp 2611 EXIST:VMS:FUNCTION:EC
@@ -2049,11 +2049,11 @@ SXNET_it 2613 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTI
UI_dup_input_boolean 2614 EXIST::FUNCTION:
PKCS12_add_CSPName_asc 2615 EXIST::FUNCTION:
EC_POINT_is_at_infinity 2616 EXIST::FUNCTION:EC
-ENGINE_load_cryptodev 2617 EXIST::FUNCTION:
+ENGINE_load_cryptodev 2617 EXIST::FUNCTION:ENGINE
DSO_convert_filename 2618 EXIST::FUNCTION:
POLICYQUALINFO_it 2619 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
POLICYQUALINFO_it 2619 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-ENGINE_register_ciphers 2620 EXIST::FUNCTION:
+ENGINE_register_ciphers 2620 EXIST::FUNCTION:ENGINE
BN_mod_lshift_quick 2621 EXIST::FUNCTION:
DSO_set_filename 2622 EXIST::FUNCTION:
ASN1_item_free 2623 EXIST::FUNCTION:
@@ -2062,7 +2062,7 @@ AUTHORITY_KEYID_it 2625 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIA
AUTHORITY_KEYID_it 2625 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
KRB5_APREQBODY_new 2626 EXIST::FUNCTION:
X509V3_EXT_REQ_add_nconf 2627 EXIST::FUNCTION:
-ENGINE_ctrl_cmd_string 2628 EXIST::FUNCTION:
+ENGINE_ctrl_cmd_string 2628 EXIST::FUNCTION:ENGINE
i2d_OCSP_RESPDATA 2629 EXIST::FUNCTION:
EVP_MD_CTX_init 2630 EXIST::FUNCTION:
EXTENDED_KEY_USAGE_free 2631 EXIST::FUNCTION:
@@ -2071,8 +2071,8 @@ PKCS7_ATTR_SIGN_it 2632 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTI
UI_add_error_string 2633 EXIST::FUNCTION:
KRB5_CHECKSUM_free 2634 EXIST::FUNCTION:
OCSP_REQUEST_get_ext 2635 EXIST::FUNCTION:
-ENGINE_load_ubsec 2636 EXIST::FUNCTION:
-ENGINE_register_all_digests 2637 EXIST::FUNCTION:
+ENGINE_load_ubsec 2636 EXIST::FUNCTION:ENGINE
+ENGINE_register_all_digests 2637 EXIST::FUNCTION:ENGINE
PKEY_USAGE_PERIOD_it 2638 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
PKEY_USAGE_PERIOD_it 2638 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
PKCS12_unpack_authsafes 2639 EXIST::FUNCTION:
@@ -2098,16 +2098,16 @@ OCSP_CERTSTATUS_free 2653 EXIST::FUNCTION:
_ossl_old_des_crypt 2654 EXIST::FUNCTION:DES
ASN1_item_i2d 2655 EXIST::FUNCTION:
EVP_DecryptFinal_ex 2656 EXIST::FUNCTION:
-ENGINE_load_openssl 2657 EXIST::FUNCTION:
-ENGINE_get_cmd_defns 2658 EXIST::FUNCTION:
-ENGINE_set_load_privkey_function 2659 EXIST:!VMS:FUNCTION:
-ENGINE_set_load_privkey_fn 2659 EXIST:VMS:FUNCTION:
+ENGINE_load_openssl 2657 EXIST::FUNCTION:ENGINE
+ENGINE_get_cmd_defns 2658 EXIST::FUNCTION:ENGINE
+ENGINE_set_load_privkey_function 2659 EXIST:!VMS:FUNCTION:ENGINE
+ENGINE_set_load_privkey_fn 2659 EXIST:VMS:FUNCTION:ENGINE
EVP_EncryptFinal_ex 2660 EXIST::FUNCTION:
-ENGINE_set_default_digests 2661 EXIST::FUNCTION:
+ENGINE_set_default_digests 2661 EXIST::FUNCTION:ENGINE
X509_get0_pubkey_bitstr 2662 EXIST::FUNCTION:
asn1_ex_i2c 2663 EXIST::FUNCTION:
-ENGINE_register_RSA 2664 EXIST::FUNCTION:
-ENGINE_unregister_DSA 2665 EXIST::FUNCTION:
+ENGINE_register_RSA 2664 EXIST::FUNCTION:ENGINE
+ENGINE_unregister_DSA 2665 EXIST::FUNCTION:ENGINE
_ossl_old_des_key_sched 2666 EXIST::FUNCTION:DES
X509_EXTENSION_it 2667 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
X509_EXTENSION_it 2667 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
@@ -2120,7 +2120,7 @@ PKCS12_certbag2x509 2672 EXIST::FUNCTION:
_ossl_old_des_ofb64_encrypt 2673 EXIST::FUNCTION:DES
d2i_EXTENDED_KEY_USAGE 2674 EXIST::FUNCTION:
ERR_print_errors_cb 2675 EXIST::FUNCTION:
-ENGINE_set_ciphers 2676 EXIST::FUNCTION:
+ENGINE_set_ciphers 2676 EXIST::FUNCTION:ENGINE
d2i_KRB5_APREQBODY 2677 EXIST::FUNCTION:
UI_method_get_flusher 2678 EXIST::FUNCTION:
X509_PUBKEY_it 2679 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
@@ -2156,7 +2156,7 @@ NCONF_get_number_e 2704 EXIST::FUNCTION:
_ossl_old_des_decrypt3 2705 EXIST::FUNCTION:DES
X509_signature_print 2706 EXIST::FUNCTION:EVP
OCSP_SINGLERESP_free 2707 EXIST::FUNCTION:
-ENGINE_load_builtin_engines 2708 EXIST::FUNCTION:
+ENGINE_load_builtin_engines 2708 EXIST::FUNCTION:ENGINE
i2d_OCSP_ONEREQ 2709 EXIST::FUNCTION:
OCSP_REQUEST_add_ext 2710 EXIST::FUNCTION:
OCSP_RESPBYTES_new 2711 EXIST::FUNCTION:
@@ -2184,7 +2184,7 @@ X509_CERT_AUX_it 2727 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTI
CERTIFICATEPOLICIES_it 2728 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
CERTIFICATEPOLICIES_it 2728 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
_ossl_old_des_ede3_cbc_encrypt 2729 EXIST::FUNCTION:DES
-RAND_set_rand_engine 2730 EXIST::FUNCTION:
+RAND_set_rand_engine 2730 EXIST::FUNCTION:ENGINE
DSO_get_loaded_filename 2731 EXIST::FUNCTION:
X509_ATTRIBUTE_it 2732 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
X509_ATTRIBUTE_it 2732 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
@@ -2206,7 +2206,7 @@ i2d_OCSP_BASICRESP 2744 EXIST::FUNCTION:
i2d_OCSP_RESPBYTES 2745 EXIST::FUNCTION:
PKCS12_unpack_p7encdata 2746 EXIST::FUNCTION:
HMAC_CTX_init 2747 EXIST::FUNCTION:HMAC
-ENGINE_get_digest 2748 EXIST::FUNCTION:
+ENGINE_get_digest 2748 EXIST::FUNCTION:ENGINE
OCSP_RESPONSE_print 2749 EXIST::FUNCTION:
KRB5_TKTBODY_it 2750 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
KRB5_TKTBODY_it 2750 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
@@ -2219,16 +2219,16 @@ PBE2PARAM_it 2753 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTI
PKCS12_certbag2x509crl 2754 EXIST::FUNCTION:
PKCS7_SIGNED_it 2755 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
PKCS7_SIGNED_it 2755 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-ENGINE_get_cipher 2756 EXIST::FUNCTION:
+ENGINE_get_cipher 2756 EXIST::FUNCTION:ENGINE
i2d_OCSP_CRLID 2757 EXIST::FUNCTION:
OCSP_SINGLERESP_new 2758 EXIST::FUNCTION:
-ENGINE_cmd_is_executable 2759 EXIST::FUNCTION:
+ENGINE_cmd_is_executable 2759 EXIST::FUNCTION:ENGINE
RSA_up_ref 2760 EXIST::FUNCTION:RSA
ASN1_GENERALSTRING_it 2761 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
ASN1_GENERALSTRING_it 2761 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-ENGINE_register_DSA 2762 EXIST::FUNCTION:
+ENGINE_register_DSA 2762 EXIST::FUNCTION:ENGINE
X509V3_EXT_add_nconf_sk 2763 EXIST::FUNCTION:
-ENGINE_set_load_pubkey_function 2764 EXIST::FUNCTION:
+ENGINE_set_load_pubkey_function 2764 EXIST::FUNCTION:ENGINE
PKCS8_decrypt 2765 EXIST::FUNCTION:
PEM_bytes_read_bio 2766 EXIST::FUNCTION:BIO
DIRECTORYSTRING_it 2767 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
@@ -2265,7 +2265,7 @@ UI_method_set_flusher 2789 EXIST::FUNCTION:
X509_ocspid_print 2790 EXIST::FUNCTION:BIO
KRB5_ENCDATA_it 2791 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
KRB5_ENCDATA_it 2791 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-ENGINE_get_load_pubkey_function 2792 EXIST::FUNCTION:
+ENGINE_get_load_pubkey_function 2792 EXIST::FUNCTION:ENGINE
UI_add_user_data 2793 EXIST::FUNCTION:
OCSP_REQUEST_delete_ext 2794 EXIST::FUNCTION:
UI_get_method 2795 EXIST::FUNCTION:
@@ -2289,16 +2289,16 @@ ASN1_FBOOLEAN_it 2806 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIA
ASN1_FBOOLEAN_it 2806 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
UI_set_ex_data 2807 EXIST::FUNCTION:
_ossl_old_des_string_to_key 2808 EXIST::FUNCTION:DES
-ENGINE_register_all_RSA 2809 EXIST::FUNCTION:
+ENGINE_register_all_RSA 2809 EXIST::FUNCTION:ENGINE
d2i_KRB5_PRINCNAME 2810 EXIST::FUNCTION:
OCSP_RESPBYTES_it 2811 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
OCSP_RESPBYTES_it 2811 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
X509_CINF_it 2812 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
X509_CINF_it 2812 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-ENGINE_unregister_digests 2813 EXIST::FUNCTION:
+ENGINE_unregister_digests 2813 EXIST::FUNCTION:ENGINE
d2i_EDIPARTYNAME 2814 EXIST::FUNCTION:
d2i_OCSP_SERVICELOC 2815 EXIST::FUNCTION:
-ENGINE_get_digests 2816 EXIST::FUNCTION:
+ENGINE_get_digests 2816 EXIST::FUNCTION:ENGINE
_ossl_old_des_set_odd_parity 2817 EXIST::FUNCTION:DES
OCSP_RESPDATA_free 2818 EXIST::FUNCTION:
d2i_KRB5_TICKET 2819 EXIST::FUNCTION:
@@ -2309,7 +2309,7 @@ d2i_ASN1_GENERALSTRING 2822 EXIST::FUNCTION:
X509_CRL_set_version 2823 EXIST::FUNCTION:
BN_mod_sub 2824 EXIST::FUNCTION:
OCSP_SINGLERESP_get_ext_by_NID 2825 EXIST::FUNCTION:
-ENGINE_get_ex_new_index 2826 EXIST::FUNCTION:
+ENGINE_get_ex_new_index 2826 EXIST::FUNCTION:ENGINE
OCSP_REQUEST_free 2827 EXIST::FUNCTION:
OCSP_REQUEST_add1_ext_i2d 2828 EXIST::FUNCTION:
X509_VAL_it 2829 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
@@ -2343,7 +2343,7 @@ EC_POINT_method_of 2852 EXIST::FUNCTION:EC
i2d_KRB5_APREQBODY 2853 EXIST::FUNCTION:
_ossl_old_des_ecb3_encrypt 2854 EXIST::FUNCTION:DES
CRYPTO_get_mem_ex_functions 2855 EXIST::FUNCTION:
-ENGINE_get_ex_data 2856 EXIST::FUNCTION:
+ENGINE_get_ex_data 2856 EXIST::FUNCTION:ENGINE
UI_destroy_method 2857 EXIST::FUNCTION:
ASN1_item_i2d_bio 2858 EXIST::FUNCTION:BIO
OCSP_ONEREQ_get_ext_by_OBJ 2859 EXIST::FUNCTION:
@@ -2367,7 +2367,7 @@ PKCS12_SAFEBAGS_it 2872 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIA
PKCS12_SAFEBAGS_it 2872 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
d2i_OCSP_SIGNATURE 2873 EXIST::FUNCTION:
OCSP_request_add1_nonce 2874 EXIST::FUNCTION:
-ENGINE_set_cmd_defns 2875 EXIST::FUNCTION:
+ENGINE_set_cmd_defns 2875 EXIST::FUNCTION:ENGINE
OCSP_SERVICELOC_free 2876 EXIST::FUNCTION:
EC_GROUP_free 2877 EXIST::FUNCTION:EC
ASN1_BIT_STRING_it 2878 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
@@ -2384,7 +2384,7 @@ EC_GROUP_new_curve_GFp 2885 EXIST::FUNCTION:EC
OCSP_REQUEST_get1_ext_d2i 2886 EXIST::FUNCTION:
PKCS12_item_pack_safebag 2887 EXIST::FUNCTION:
asn1_ex_c2i 2888 EXIST::FUNCTION:
-ENGINE_register_digests 2889 EXIST::FUNCTION:
+ENGINE_register_digests 2889 EXIST::FUNCTION:ENGINE
i2d_OCSP_REVOKEDINFO 2890 EXIST::FUNCTION:
asn1_enc_restore 2891 EXIST::FUNCTION:
UI_free 2892 EXIST::FUNCTION:
@@ -2395,7 +2395,7 @@ EC_POINT_invert 2896 EXIST::FUNCTION:EC
OCSP_basic_sign 2897 EXIST::FUNCTION:
i2d_OCSP_RESPID 2898 EXIST::FUNCTION:
OCSP_check_nonce 2899 EXIST::FUNCTION:
-ENGINE_ctrl_cmd 2900 EXIST::FUNCTION:
+ENGINE_ctrl_cmd 2900 EXIST::FUNCTION:ENGINE
d2i_KRB5_ENCKEY 2901 EXIST::FUNCTION:
OCSP_parse_url 2902 EXIST::FUNCTION:
OCSP_SINGLERESP_get_ext 2903 EXIST::FUNCTION:
@@ -2403,12 +2403,12 @@ OCSP_CRLID_free 2904 EXIST::FUNCTION:
OCSP_BASICRESP_get1_ext_d2i 2905 EXIST::FUNCTION:
RSAPrivateKey_it 2906 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:RSA
RSAPrivateKey_it 2906 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:RSA
-ENGINE_register_all_DH 2907 EXIST::FUNCTION:
+ENGINE_register_all_DH 2907 EXIST::FUNCTION:ENGINE
i2d_EDIPARTYNAME 2908 EXIST::FUNCTION:
EC_POINT_get_affine_coordinates_GFp 2909 EXIST:!VMS:FUNCTION:EC
EC_POINT_get_affine_coords_GFp 2909 EXIST:VMS:FUNCTION:EC
OCSP_CRLID_new 2910 EXIST::FUNCTION:
-ENGINE_get_flags 2911 EXIST::FUNCTION:
+ENGINE_get_flags 2911 EXIST::FUNCTION:ENGINE
OCSP_ONEREQ_it 2912 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
OCSP_ONEREQ_it 2912 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
UI_process 2913 EXIST::FUNCTION:
@@ -2416,8 +2416,8 @@ ASN1_INTEGER_it 2914 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIA
ASN1_INTEGER_it 2914 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
EVP_CipherInit_ex 2915 EXIST::FUNCTION:
UI_get_string_type 2916 EXIST::FUNCTION:
-ENGINE_unregister_DH 2917 EXIST::FUNCTION:
-ENGINE_register_all_DSA 2918 EXIST::FUNCTION:
+ENGINE_unregister_DH 2917 EXIST::FUNCTION:ENGINE
+ENGINE_register_all_DSA 2918 EXIST::FUNCTION:ENGINE
OCSP_ONEREQ_get_ext_by_critical 2919 EXIST::FUNCTION:
bn_dup_expand 2920 EXIST::FUNCTION:
OCSP_cert_id_new 2921 EXIST::FUNCTION:
@@ -2438,11 +2438,11 @@ BN_mod_sub_quick 2933 EXIST::FUNCTION:
OCSP_ONEREQ_add_ext 2934 EXIST::FUNCTION:
OCSP_request_sign 2935 EXIST::FUNCTION:
EVP_DigestFinal_ex 2936 EXIST::FUNCTION:
-ENGINE_set_digests 2937 EXIST::FUNCTION:
+ENGINE_set_digests 2937 EXIST::FUNCTION:ENGINE
OCSP_id_issuer_cmp 2938 EXIST::FUNCTION:
OBJ_NAME_do_all 2939 EXIST::FUNCTION:
EC_POINTs_mul 2940 EXIST::FUNCTION:EC
-ENGINE_register_complete 2941 EXIST::FUNCTION:
+ENGINE_register_complete 2941 EXIST::FUNCTION:ENGINE
X509V3_EXT_nconf_nid 2942 EXIST::FUNCTION:
ASN1_SEQUENCE_it 2943 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
ASN1_SEQUENCE_it 2943 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
@@ -2451,7 +2451,7 @@ RAND_query_egd_bytes 2945 EXIST::FUNCTION:
UI_method_get_writer 2946 EXIST::FUNCTION:
UI_OpenSSL 2947 EXIST::FUNCTION:
PEM_def_callback 2948 EXIST::FUNCTION:
-ENGINE_cleanup 2949 EXIST::FUNCTION:
+ENGINE_cleanup 2949 EXIST::FUNCTION:ENGINE
DIST_POINT_it 2950 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
DIST_POINT_it 2950 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
OCSP_SINGLERESP_it 2951 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
@@ -2475,7 +2475,7 @@ OCSP_RESPID_new 2967 EXIST::FUNCTION:
OCSP_RESPDATA_it 2968 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
OCSP_RESPDATA_it 2968 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
d2i_OCSP_RESPDATA 2969 EXIST::FUNCTION:
-ENGINE_register_all_complete 2970 EXIST::FUNCTION:
+ENGINE_register_all_complete 2970 EXIST::FUNCTION:ENGINE
OCSP_check_validity 2971 EXIST::FUNCTION:
PKCS12_BAGS_it 2972 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
PKCS12_BAGS_it 2972 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
@@ -2487,7 +2487,7 @@ KRB5_AUTHENTBODY_it 2976 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTI
X509_supported_extension 2977 EXIST::FUNCTION:
i2d_KRB5_AUTHDATA 2978 EXIST::FUNCTION:
UI_method_get_opener 2979 EXIST::FUNCTION:
-ENGINE_set_ex_data 2980 EXIST::FUNCTION:
+ENGINE_set_ex_data 2980 EXIST::FUNCTION:ENGINE
OCSP_REQUEST_print 2981 EXIST::FUNCTION:
CBIGNUM_it 2982 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
CBIGNUM_it 2982 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
@@ -2501,7 +2501,7 @@ OCSP_single_get0_status 2989 EXIST::FUNCTION:
BN_swap 2990 EXIST::FUNCTION:
POLICYINFO_it 2991 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
POLICYINFO_it 2991 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-ENGINE_set_destroy_function 2992 EXIST::FUNCTION:
+ENGINE_set_destroy_function 2992 EXIST::FUNCTION:ENGINE
asn1_enc_free 2993 EXIST::FUNCTION:
OCSP_RESPID_it 2994 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
OCSP_RESPID_it 2994 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
@@ -2523,8 +2523,8 @@ EDIPARTYNAME_it 3005 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTI
NETSCAPE_SPKI_it 3006 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
NETSCAPE_SPKI_it 3006 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
UI_get0_test_string 3007 EXIST::FUNCTION:
-ENGINE_get_cipher_engine 3008 EXIST::FUNCTION:
-ENGINE_register_all_ciphers 3009 EXIST::FUNCTION:
+ENGINE_get_cipher_engine 3008 EXIST::FUNCTION:ENGINE
+ENGINE_register_all_ciphers 3009 EXIST::FUNCTION:ENGINE
EC_POINT_copy 3010 EXIST::FUNCTION:EC
BN_kronecker 3011 EXIST::FUNCTION:
_ossl_old_des_ede3_ofb64_encrypt 3012 EXIST:!VMS:FUNCTION:DES
@@ -2545,9 +2545,9 @@ OCSP_RESPONSE_new 3023 EXIST::FUNCTION:
AES_set_encrypt_key 3024 EXIST::FUNCTION:AES
OCSP_resp_count 3025 EXIST::FUNCTION:
KRB5_CHECKSUM_new 3026 EXIST::FUNCTION:
-ENGINE_load_cswift 3027 EXIST::FUNCTION:
+ENGINE_load_cswift 3027 EXIST::FUNCTION:ENGINE
OCSP_onereq_get0_id 3028 EXIST::FUNCTION:
-ENGINE_set_default_ciphers 3029 EXIST::FUNCTION:
+ENGINE_set_default_ciphers 3029 EXIST::FUNCTION:ENGINE
NOTICEREF_it 3030 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
NOTICEREF_it 3030 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
X509V3_EXT_CRL_add_nconf 3031 EXIST::FUNCTION:
@@ -2565,7 +2565,7 @@ AES_decrypt 3040 EXIST::FUNCTION:AES
asn1_enc_init 3041 EXIST::FUNCTION:
UI_get_result_maxsize 3042 EXIST::FUNCTION:
OCSP_CERTID_new 3043 EXIST::FUNCTION:
-ENGINE_unregister_RAND 3044 EXIST::FUNCTION:
+ENGINE_unregister_RAND 3044 EXIST::FUNCTION:ENGINE
UI_method_get_closer 3045 EXIST::FUNCTION:
d2i_KRB5_ENCDATA 3046 EXIST::FUNCTION:
OCSP_request_onereq_count 3047 EXIST::FUNCTION:
@@ -2576,7 +2576,7 @@ ASN1_primitive_free 3051 EXIST::FUNCTION:
i2d_EXTENDED_KEY_USAGE 3052 EXIST::FUNCTION:
i2d_OCSP_SIGNATURE 3053 EXIST::FUNCTION:
asn1_enc_save 3054 EXIST::FUNCTION:
-ENGINE_load_nuron 3055 EXIST::FUNCTION:
+ENGINE_load_nuron 3055 EXIST::FUNCTION:ENGINE
_ossl_old_des_pcbc_encrypt 3056 EXIST::FUNCTION:DES
PKCS12_MAC_DATA_it 3057 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
PKCS12_MAC_DATA_it 3057 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
@@ -2598,15 +2598,15 @@ ASN1_item_d2i_bio 3069 EXIST::FUNCTION:BIO
EC_POINT_dbl 3070 EXIST::FUNCTION:EC
asn1_get_choice_selector 3071 EXIST::FUNCTION:
i2d_KRB5_CHECKSUM 3072 EXIST::FUNCTION:
-ENGINE_set_table_flags 3073 EXIST::FUNCTION:
+ENGINE_set_table_flags 3073 EXIST::FUNCTION:ENGINE
AES_options 3074 EXIST::FUNCTION:AES
-ENGINE_load_chil 3075 EXIST::FUNCTION:
+ENGINE_load_chil 3075 EXIST::FUNCTION:ENGINE
OCSP_id_cmp 3076 EXIST::FUNCTION:
OCSP_BASICRESP_new 3077 EXIST::FUNCTION:
OCSP_REQUEST_get_ext_by_NID 3078 EXIST::FUNCTION:
KRB5_APREQ_it 3079 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
KRB5_APREQ_it 3079 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-ENGINE_get_destroy_function 3080 EXIST::FUNCTION:
+ENGINE_get_destroy_function 3080 EXIST::FUNCTION:ENGINE
CONF_set_nconf 3081 EXIST::FUNCTION:
ASN1_PRINTABLE_free 3082 EXIST::FUNCTION:
OCSP_BASICRESP_get_ext_by_NID 3083 EXIST::FUNCTION:
@@ -2667,7 +2667,7 @@ OCSP_CRLID_it 3127 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIA
OCSP_CRLID_it 3127 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
i2d_KRB5_AUTHENTBODY 3128 EXIST::FUNCTION:
OCSP_REQUEST_get_ext_count 3129 EXIST::FUNCTION:
-ENGINE_load_atalla 3130 EXIST::FUNCTION:
+ENGINE_load_atalla 3130 EXIST::FUNCTION:ENGINE
X509_NAME_it 3131 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
X509_NAME_it 3131 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
USERNOTICE_it 3132 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
@@ -2685,7 +2685,7 @@ UI_method_set_opener 3140 EXIST::FUNCTION:
ASN1_item_ex_free 3141 EXIST::FUNCTION:
ASN1_BOOLEAN_it 3142 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
ASN1_BOOLEAN_it 3142 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-ENGINE_get_table_flags 3143 EXIST::FUNCTION:
+ENGINE_get_table_flags 3143 EXIST::FUNCTION:ENGINE
UI_create_method 3144 EXIST::FUNCTION:
OCSP_ONEREQ_add1_ext_i2d 3145 EXIST::FUNCTION:
_shadow_DES_check_key 3146 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:DES
@@ -2709,7 +2709,7 @@ PKCS7_it 3160 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIA
PKCS7_it 3160 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
OCSP_REQUEST_get_ext_by_critical 3161 EXIST:!VMS:FUNCTION:
OCSP_REQUEST_get_ext_by_crit 3161 EXIST:VMS:FUNCTION:
-ENGINE_set_flags 3162 EXIST::FUNCTION:
+ENGINE_set_flags 3162 EXIST::FUNCTION:ENGINE
_ossl_old_des_ecb_encrypt 3163 EXIST::FUNCTION:DES
OCSP_response_get1_basic 3164 EXIST::FUNCTION:
EVP_Digest 3165 EXIST::FUNCTION:
@@ -2721,8 +2721,8 @@ ASN1_TIME_to_generalizedtime 3169 EXIST::FUNCTION:
BIGNUM_it 3170 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
BIGNUM_it 3170 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
AES_cbc_encrypt 3171 EXIST::FUNCTION:AES
-ENGINE_get_load_privkey_function 3172 EXIST:!VMS:FUNCTION:
-ENGINE_get_load_privkey_fn 3172 EXIST:VMS:FUNCTION:
+ENGINE_get_load_privkey_function 3172 EXIST:!VMS:FUNCTION:ENGINE
+ENGINE_get_load_privkey_fn 3172 EXIST:VMS:FUNCTION:ENGINE
OCSP_RESPONSE_free 3173 EXIST::FUNCTION:
UI_method_set_reader 3174 EXIST::FUNCTION:
i2d_ASN1_T61STRING 3175 EXIST::FUNCTION:
@@ -2736,7 +2736,7 @@ OCSP_crlID_new 3181 EXIST:!OS2,!VMS,!WIN16:FUNCTION:
OCSP_crlID2_new 3181 EXIST:OS2,VMS,WIN16:FUNCTION:
CONF_modules_load_file 3182 EXIST::FUNCTION:
CONF_imodule_set_usr_data 3183 EXIST::FUNCTION:
-ENGINE_set_default_string 3184 EXIST::FUNCTION:
+ENGINE_set_default_string 3184 EXIST::FUNCTION:ENGINE
CONF_module_get_usr_data 3185 EXIST::FUNCTION:
ASN1_add_oid_module 3186 EXIST::FUNCTION:
CONF_modules_finish 3187 EXIST::FUNCTION:
@@ -2754,7 +2754,7 @@ CONF_imodule_get_name 3198 EXIST::FUNCTION:
ERR_peek_top_error 3199 NOEXIST::FUNCTION:
CONF_imodule_get_usr_data 3200 EXIST::FUNCTION:
CONF_imodule_set_flags 3201 EXIST::FUNCTION:
-ENGINE_add_conf_module 3202 EXIST::FUNCTION:
+ENGINE_add_conf_module 3202 EXIST::FUNCTION:ENGINE
ERR_peek_last_error_line 3203 EXIST::FUNCTION:
ERR_peek_last_error_line_data 3204 EXIST::FUNCTION:
ERR_peek_last_error 3205 EXIST::FUNCTION:
@@ -2762,8 +2762,8 @@ DES_read_2passwords 3206 EXIST::FUNCTION:DES
DES_read_password 3207 EXIST::FUNCTION:DES
UI_UTIL_read_pw 3208 EXIST::FUNCTION:
UI_UTIL_read_pw_string 3209 EXIST::FUNCTION:
-ENGINE_load_aep 3210 EXIST::FUNCTION:
-ENGINE_load_sureware 3211 EXIST::FUNCTION:
+ENGINE_load_aep 3210 EXIST::FUNCTION:ENGINE
+ENGINE_load_sureware 3211 EXIST::FUNCTION:ENGINE
OPENSSL_add_all_algorithms_noconf 3212 EXIST:!VMS:FUNCTION:
OPENSSL_add_all_algo_noconf 3212 EXIST:VMS:FUNCTION:
OPENSSL_add_all_algorithms_conf 3213 EXIST:!VMS:FUNCTION:
@@ -2772,7 +2772,7 @@ OPENSSL_load_builtin_modules 3214 EXIST::FUNCTION:
AES_ofb128_encrypt 3215 EXIST::FUNCTION:AES
AES_ctr128_encrypt 3216 EXIST::FUNCTION:AES
AES_cfb128_encrypt 3217 EXIST::FUNCTION:AES
-ENGINE_load_4758cca 3218 EXIST::FUNCTION:
+ENGINE_load_4758cca 3218 EXIST::FUNCTION:ENGINE
_ossl_096_des_random_seed 3219 EXIST::FUNCTION:DES
EVP_aes_256_ofb 3220 EXIST::FUNCTION:AES
EVP_aes_192_ofb 3221 EXIST::FUNCTION:AES
@@ -2793,7 +2793,7 @@ ASN1_UNIVERSALSTRING_it 3234 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTI
d2i_ASN1_UNIVERSALSTRING 3235 EXIST::FUNCTION:
EVP_des_ede3_ecb 3236 EXIST::FUNCTION:DES
X509_REQ_print_ex 3237 EXIST::FUNCTION:BIO
-ENGINE_up_ref 3238 EXIST::FUNCTION:
+ENGINE_up_ref 3238 EXIST::FUNCTION:ENGINE
BUF_MEM_grow_clean 3239 EXIST::FUNCTION:
CRYPTO_realloc_clean 3240 EXIST::FUNCTION:
BUF_strlcat 3241 EXIST::FUNCTION:
diff --git a/crypto/openssl/util/mk1mf.pl b/crypto/openssl/util/mk1mf.pl
index 751fc753743e..936b063ca495 100755
--- a/crypto/openssl/util/mk1mf.pl
+++ b/crypto/openssl/util/mk1mf.pl
@@ -64,6 +64,8 @@ and [options] can be one of
no-asm - No x86 asm
no-krb5 - No KRB5
no-ec - No EC
+ no-engine - No engine
+ no-hw - No hw
nasm - Use NASM for x86 asm
gaswin - Use GNU as with Mingw32
no-socks - No socket code
@@ -218,7 +220,7 @@ $cflags.=" -DOPENSSL_NO_MD4" if $no_md4;
$cflags.=" -DOPENSSL_NO_MD5" if $no_md5;
$cflags.=" -DOPENSSL_NO_SHA" if $no_sha;
$cflags.=" -DOPENSSL_NO_SHA1" if $no_sha1;
-$cflags.=" -DOPENSSL_NO_RIPEMD" if $no_rmd160;
+$cflags.=" -DOPENSSL_NO_RIPEMD" if $no_ripemd;
$cflags.=" -DOPENSSL_NO_MDC2" if $no_mdc2;
$cflags.=" -DOPENSSL_NO_BF" if $no_bf;
$cflags.=" -DOPENSSL_NO_CAST" if $no_cast;
@@ -232,6 +234,8 @@ $cflags.=" -DOPENSSL_NO_SSL3" if $no_ssl3;
$cflags.=" -DOPENSSL_NO_ERR" if $no_err;
$cflags.=" -DOPENSSL_NO_KRB5" if $no_krb5;
$cflags.=" -DOPENSSL_NO_EC" if $no_ec;
+$cflags.=" -DOPENSSL_NO_ENGINE" if $no_engine;
+$cflags.=" -DOPENSSL_NO_HW" if $no_hw;
#$cflags.=" -DRSAref" if $rsaref ne "";
## if ($unix)
@@ -648,6 +652,8 @@ sub var_add
local($dir,$val)=@_;
local(@a,$_,$ret);
+ return("") if $no_engine && $dir =~ /\/engine/;
+ return("") if $no_hw && $dir =~ /\/hw/;
return("") if $no_idea && $dir =~ /\/idea/;
return("") if $no_aes && $dir =~ /\/aes/;
return("") if $no_rc2 && $dir =~ /\/rc2/;
@@ -691,7 +697,7 @@ sub var_add
@a=grep(!/(^md2)|(_md2$)/,@a) if $no_md2;
@a=grep(!/(^md4)|(_md4$)/,@a) if $no_md4;
@a=grep(!/(^md5)|(_md5$)/,@a) if $no_md5;
- @a=grep(!/(rmd)|(ripemd)/,@a) if $no_rmd160;
+ @a=grep(!/(rmd)|(ripemd)/,@a) if $no_ripemd;
@a=grep(!/(^d2i_r_)|(^i2d_r_)/,@a) if $no_rsa;
@a=grep(!/(^p_open$)|(^p_seal$)/,@a) if $no_rsa;
@@ -708,6 +714,8 @@ sub var_add
@a=grep(!/(^sha1)|(_sha1$)|(m_dss1$)/,@a) if $no_sha1;
@a=grep(!/_mdc2$/,@a) if $no_mdc2;
+ @a=grep(!/^engine$/,@a) if $no_engine;
+ @a=grep(!/^hw$/,@a) if $no_hw;
@a=grep(!/(^rsa$)|(^genrsa$)/,@a) if $no_rsa;
@a=grep(!/(^dsa$)|(^gendsa$)|(^dsaparam$)/,@a) if $no_dsa;
@a=grep(!/^gendsa$/,@a) if $no_sha1;
@@ -901,10 +909,12 @@ sub read_options
elsif (/^no-sock$/) { $no_sock=1; }
elsif (/^no-krb5$/) { $no_krb5=1; }
elsif (/^no-ec$/) { $no_ec=1; }
+ elsif (/^no-engine$/) { $no_engine=1; }
+ elsif (/^no-hw$/) { $no_hw=1; }
elsif (/^just-ssl$/) { $no_rc2=$no_idea=$no_des=$no_bf=$no_cast=1;
$no_md2=$no_sha=$no_mdc2=$no_dsa=$no_dh=1;
- $no_ssl2=$no_err=$no_rmd160=$no_rc5=1;
+ $no_ssl2=$no_err=$no_ripemd=$no_rc5=1;
$no_aes=1; }
elsif (/^rsaref$/) { }
diff --git a/crypto/openssl/util/mkdef.pl b/crypto/openssl/util/mkdef.pl
index adfd447dd31c..dacb9565ef8c 100755
--- a/crypto/openssl/util/mkdef.pl
+++ b/crypto/openssl/util/mkdef.pl
@@ -91,7 +91,7 @@ my @known_algorithms = ( "RC2", "RC4", "RC5", "IDEA", "DES", "BF",
"BIO", "COMP", "BUFFER", "LHASH", "STACK", "ERR",
"LOCKING",
# External "algorithms"
- "FP_API", "STDIO", "SOCK", "KRB5" );
+ "FP_API", "STDIO", "SOCK", "KRB5", "ENGINE", "HW" );
my $options="";
open(IN,"<Makefile.ssl") || die "unable to open Makefile.ssl!\n";
@@ -107,7 +107,7 @@ my $no_rc2; my $no_rc4; my $no_rc5; my $no_idea; my $no_des; my $no_bf;
my $no_cast;
my $no_md2; my $no_md4; my $no_md5; my $no_sha; my $no_ripemd; my $no_mdc2;
my $no_rsa; my $no_dsa; my $no_dh; my $no_hmac=0; my $no_aes; my $no_krb5;
-my $no_ec;
+my $no_ec; my $no_engine; my $no_hw;
my $no_fp_api;
foreach (@ARGV, split(/ /, $options))
@@ -176,6 +176,8 @@ foreach (@ARGV, split(/ /, $options))
elsif (/^no-comp$/) { $no_comp=1; }
elsif (/^no-dso$/) { $no_dso=1; }
elsif (/^no-krb5$/) { $no_krb5=1; }
+ elsif (/^no-engine$/) { $no_engine=1; }
+ elsif (/^no-hw$/) { $no_hw=1; }
}
@@ -235,7 +237,7 @@ $crypto.=" crypto/dh/dh.h" ; # unless $no_dh;
$crypto.=" crypto/ec/ec.h" ; # unless $no_ec;
$crypto.=" crypto/hmac/hmac.h" ; # unless $no_hmac;
-$crypto.=" crypto/engine/engine.h";
+$crypto.=" crypto/engine/engine.h"; # unless $no_engine;
$crypto.=" crypto/stack/stack.h" ; # unless $no_stack;
$crypto.=" crypto/buffer/buffer.h" ; # unless $no_buffer;
$crypto.=" crypto/bio/bio.h" ; # unless $no_bio;
@@ -1052,6 +1054,8 @@ sub is_valid
if ($keyword eq "COMP" && $no_comp) { return 0; }
if ($keyword eq "DSO" && $no_dso) { return 0; }
if ($keyword eq "KRB5" && $no_krb5) { return 0; }
+ if ($keyword eq "ENGINE" && $no_engine) { return 0; }
+ if ($keyword eq "HW" && $no_hw) { return 0; }
if ($keyword eq "FP_API" && $no_fp_api) { return 0; }
# Nothing recognise as true
diff --git a/crypto/openssl/util/ssleay.num b/crypto/openssl/util/ssleay.num
index fdea47205ddd..46e38a131f99 100755
--- a/crypto/openssl/util/ssleay.num
+++ b/crypto/openssl/util/ssleay.num
@@ -169,7 +169,7 @@ SSL_add_file_cert_subjects_to_stack 185 EXIST:!VMS:FUNCTION:STDIO
SSL_add_file_cert_subjs_to_stk 185 EXIST:VMS:FUNCTION:STDIO
SSL_set_tmp_rsa_callback 186 EXIST::FUNCTION:RSA
SSL_set_tmp_dh_callback 187 EXIST::FUNCTION:DH
-SSL_add_dir_cert_subjects_to_stack 188 EXIST:!VMS,!WIN32:FUNCTION:STDIO
+SSL_add_dir_cert_subjects_to_stack 188 EXIST:!VMS:FUNCTION:STDIO
SSL_add_dir_cert_subjs_to_stk 188 NOEXIST::FUNCTION:
SSL_set_session_id_context 189 EXIST::FUNCTION:
SSL_CTX_use_certificate_chain_file 222 EXIST:!VMS:FUNCTION:STDIO