summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorbeck <>2001-08-01 19:51:17 +0000
committerbeck <>2001-08-01 19:51:17 +0000
commit4b790f68539c49ef91f5e82506c2624900c92106 (patch)
treed14ff9f79630cb04ad006cd2730646f44f62d786
parentedbfd6c7e91e15e92ef0df548474ac76b6dddca0 (diff)
downloadopenbsd-4b790f68539c49ef91f5e82506c2624900c92106.tar.gz
openbsd-4b790f68539c49ef91f5e82506c2624900c92106.tar.bz2
openbsd-4b790f68539c49ef91f5e82506c2624900c92106.zip
merge openssl 0.9.6b-engine
Note that this is a maintenence release, API's appear *not* to have changed. As such, I have only increased the minor number on these libraries
Diffstat
-rw-r--r--src/lib/libcrypto/asn1/t_x509.c2
-rw-r--r--src/lib/libcrypto/asn1/x_pubkey.c2
-rw-r--r--src/lib/libcrypto/bio/b_print.c14
-rw-r--r--src/lib/libcrypto/bio/bf_buff.c2
-rw-r--r--src/lib/libcrypto/bn/asm/mips3.s430
-rw-r--r--src/lib/libcrypto/cryptlib.c10
-rw-r--r--src/lib/libcrypto/dsa/dsa.h1
-rw-r--r--src/lib/libcrypto/dsa/dsa_err.c1
-rw-r--r--src/lib/libcrypto/dsa/dsa_ossl.c21
-rw-r--r--src/lib/libcrypto/evp/e_bf.c2
-rw-r--r--src/lib/libcrypto/evp/evp.h6
-rw-r--r--src/lib/libcrypto/evp/evp_key.c6
-rw-r--r--src/lib/libcrypto/opensslv.h6
-rw-r--r--src/lib/libcrypto/perlasm/x86unix.pl2
-rw-r--r--src/lib/libcrypto/rand/md_rand.c99
-rw-r--r--src/lib/libcrypto/rand/randfile.c8
-rw-r--r--src/lib/libcrypto/rsa/rsa_oaep.c29
-rw-r--r--src/lib/libcrypto/x509/x509_obj.c2
-rw-r--r--src/lib/libcrypto/x509/x509_trs.c3
-rw-r--r--src/lib/libssl/crypto/shlib_version2
-rw-r--r--src/lib/libssl/s3_srvr.c26
-rw-r--r--src/lib/libssl/shlib_version2
-rw-r--r--src/lib/libssl/src/CHANGES114
-rw-r--r--src/lib/libssl/src/Configure3
-rw-r--r--src/lib/libssl/src/FAQ66
-rw-r--r--src/lib/libssl/src/INSTALL8
-rw-r--r--src/lib/libssl/src/INSTALL.VMS10
-rw-r--r--src/lib/libssl/src/Makefile.org12
-rw-r--r--src/lib/libssl/src/NEWS17
-rw-r--r--src/lib/libssl/src/README4
-rw-r--r--src/lib/libssl/src/apps/ca.c8
-rw-r--r--src/lib/libssl/src/apps/dgst.c6
-rw-r--r--src/lib/libssl/src/apps/enc.c8
-rw-r--r--src/lib/libssl/src/apps/smime.c1
-rw-r--r--src/lib/libssl/src/apps/speed.c4
-rw-r--r--src/lib/libssl/src/crypto/asn1/t_x509.c2
-rw-r--r--src/lib/libssl/src/crypto/asn1/x_pubkey.c2
-rw-r--r--src/lib/libssl/src/crypto/bio/b_print.c14
-rw-r--r--src/lib/libssl/src/crypto/bio/bf_buff.c2
-rw-r--r--src/lib/libssl/src/crypto/bn/asm/mips3.s430
-rw-r--r--src/lib/libssl/src/crypto/cryptlib.c10
-rw-r--r--src/lib/libssl/src/crypto/dsa/dsa.h1
-rw-r--r--src/lib/libssl/src/crypto/dsa/dsa_err.c1
-rw-r--r--src/lib/libssl/src/crypto/dsa/dsa_ossl.c21
-rw-r--r--src/lib/libssl/src/crypto/evp/e_bf.c2
-rw-r--r--src/lib/libssl/src/crypto/evp/evp.h6
-rw-r--r--src/lib/libssl/src/crypto/evp/evp_key.c6
-rw-r--r--src/lib/libssl/src/crypto/opensslv.h6
-rw-r--r--src/lib/libssl/src/crypto/perlasm/x86unix.pl2
-rw-r--r--src/lib/libssl/src/crypto/rand/md_rand.c99
-rw-r--r--src/lib/libssl/src/crypto/rand/randfile.c8
-rw-r--r--src/lib/libssl/src/crypto/rsa/rsa_oaep.c29
-rw-r--r--src/lib/libssl/src/crypto/x509/x509_obj.c2
-rw-r--r--src/lib/libssl/src/crypto/x509/x509_trs.c3
-rw-r--r--src/lib/libssl/src/doc/apps/enc.pod10
-rw-r--r--src/lib/libssl/src/doc/apps/rsautl.pod4
-rw-r--r--src/lib/libssl/src/doc/apps/s_server.pod2
-rw-r--r--src/lib/libssl/src/doc/crypto/bio.pod2
-rw-r--r--src/lib/libssl/src/doc/crypto/rand.pod13
-rw-r--r--src/lib/libssl/src/doc/ssl/SSL_CTX_get_ex_new_index.pod2
-rw-r--r--src/lib/libssl/src/doc/ssl/SSL_CTX_load_verify_locations.pod14
-rw-r--r--src/lib/libssl/src/doc/ssl/SSL_CTX_set_client_CA_list.pod24
-rw-r--r--src/lib/libssl/src/doc/ssl/SSL_CTX_set_session_cache_mode.pod2
-rw-r--r--src/lib/libssl/src/doc/ssl/SSL_SESSION_get_ex_new_index.pod2
-rw-r--r--src/lib/libssl/src/doc/ssl/SSL_get_error.pod11
-rw-r--r--src/lib/libssl/src/doc/ssl/SSL_get_ex_new_index.pod2
-rw-r--r--src/lib/libssl/src/doc/ssl/SSL_get_peer_certificate.pod9
-rw-r--r--src/lib/libssl/src/doc/ssl/SSL_read.pod17
-rw-r--r--src/lib/libssl/src/doc/ssl/SSL_shutdown.pod2
-rw-r--r--src/lib/libssl/src/doc/ssl/SSL_write.pod11
-rw-r--r--src/lib/libssl/src/e_os.h1
-rw-r--r--src/lib/libssl/src/ssl/s2_srvr.c3
-rw-r--r--src/lib/libssl/src/ssl/s3_enc.c17
-rw-r--r--src/lib/libssl/src/ssl/s3_srvr.c26
-rw-r--r--src/lib/libssl/src/ssl/t1_enc.c16
-rw-r--r--src/lib/libssl/src/test/Makefile.ssl2
-rw-r--r--src/lib/libssl/src/test/bctest111
-rw-r--r--src/lib/libssl/ssl/shlib_version2
-rw-r--r--src/lib/libssl/t1_enc.c16
-rw-r--r--src/lib/libssl/test/Makefile.ssl2
-rw-r--r--src/lib/libssl/test/bctest111
81 files changed, 1420 insertions, 597 deletions
diff --git a/src/lib/libcrypto/asn1/t_x509.c b/src/lib/libcrypto/asn1/t_x509.c
index 314bdfb1c7..89ae73a6de 100644
--- a/src/lib/libcrypto/asn1/t_x509.c
+++ b/src/lib/libcrypto/asn1/t_x509.c
@@ -349,6 +349,8 @@ int X509_NAME_print(BIO *bp, X509_NAME *name, int obase)
349 ll=80-2-obase; 349 ll=80-2-obase;
350 350
351 s=X509_NAME_oneline(name,buf,256); 351 s=X509_NAME_oneline(name,buf,256);
352 if (!*s)
353 return 1;
352 s++; /* skip the first slash */ 354 s++; /* skip the first slash */
353 355
354 l=ll; 356 l=ll;
diff --git a/src/lib/libcrypto/asn1/x_pubkey.c b/src/lib/libcrypto/asn1/x_pubkey.c
index b2e2a51477..4397a404b5 100644
--- a/src/lib/libcrypto/asn1/x_pubkey.c
+++ b/src/lib/libcrypto/asn1/x_pubkey.c
@@ -234,7 +234,7 @@ EVP_PKEY *X509_PUBKEY_get(X509_PUBKEY *key)
234 a=key->algor; 234 a=key->algor;
235 if (ret->type == EVP_PKEY_DSA) 235 if (ret->type == EVP_PKEY_DSA)
236 { 236 {
237 if (a->parameter->type == V_ASN1_SEQUENCE) 237 if (a->parameter && (a->parameter->type == V_ASN1_SEQUENCE))
238 { 238 {
239 ret->pkey.dsa->write_params=0; 239 ret->pkey.dsa->write_params=0;
240 p=a->parameter->value.sequence->data; 240 p=a->parameter->value.sequence->data;
diff --git a/src/lib/libcrypto/bio/b_print.c b/src/lib/libcrypto/bio/b_print.c
index b4f7a85f2e..91a049406e 100644
--- a/src/lib/libcrypto/bio/b_print.c
+++ b/src/lib/libcrypto/bio/b_print.c
@@ -109,7 +109,11 @@
109#endif 109#endif
110 110
111#if HAVE_LONG_LONG 111#if HAVE_LONG_LONG
112#define LLONG long long 112# if defined(WIN32) && !defined(__GNUC__)
113# define LLONG _int64
114# else
115# define LLONG long long
116# endif
113#else 117#else
114#define LLONG long 118#define LLONG long
115#endif 119#endif
@@ -152,7 +156,7 @@ static void _dopr(char **sbuffer, char **buffer,
152 156
153/* some handy macros */ 157/* some handy macros */
154#define char_to_int(p) (p - '0') 158#define char_to_int(p) (p - '0')
155#define MAX(p,q) ((p >= q) ? p : q) 159#define OSSL_MAX(p,q) ((p >= q) ? p : q)
156 160
157static void 161static void
158_dopr( 162_dopr(
@@ -503,13 +507,13 @@ fmtint(
503 convert[place] = 0; 507 convert[place] = 0;
504 508
505 zpadlen = max - place; 509 zpadlen = max - place;
506 spadlen = min - MAX(max, place) - (signvalue ? 1 : 0); 510 spadlen = min - OSSL_MAX(max, place) - (signvalue ? 1 : 0);
507 if (zpadlen < 0) 511 if (zpadlen < 0)
508 zpadlen = 0; 512 zpadlen = 0;
509 if (spadlen < 0) 513 if (spadlen < 0)
510 spadlen = 0; 514 spadlen = 0;
511 if (flags & DP_F_ZERO) { 515 if (flags & DP_F_ZERO) {
512 zpadlen = MAX(zpadlen, spadlen); 516 zpadlen = OSSL_MAX(zpadlen, spadlen);
513 spadlen = 0; 517 spadlen = 0;
514 } 518 }
515 if (flags & DP_F_MINUS) 519 if (flags & DP_F_MINUS)
@@ -641,7 +645,7 @@ fmtfp(
641 (caps ? "0123456789ABCDEF" 645 (caps ? "0123456789ABCDEF"
642 : "0123456789abcdef")[fracpart % 10]; 646 : "0123456789abcdef")[fracpart % 10];
643 fracpart = (fracpart / 10); 647 fracpart = (fracpart / 10);
644 } while (fracpart && (fplace < 20)); 648 } while (fplace < max);
645 if (fplace == 20) 649 if (fplace == 20)
646 fplace--; 650 fplace--;
647 fconvert[fplace] = 0; 651 fconvert[fplace] = 0;
diff --git a/src/lib/libcrypto/bio/bf_buff.c b/src/lib/libcrypto/bio/bf_buff.c
index f50e8f98a3..c90238bae1 100644
--- a/src/lib/libcrypto/bio/bf_buff.c
+++ b/src/lib/libcrypto/bio/bf_buff.c
@@ -70,7 +70,7 @@ static long buffer_ctrl(BIO *h, int cmd, long arg1, void *arg2);
70static int buffer_new(BIO *h); 70static int buffer_new(BIO *h);
71static int buffer_free(BIO *data); 71static int buffer_free(BIO *data);
72static long buffer_callback_ctrl(BIO *h, int cmd, bio_info_cb *fp); 72static long buffer_callback_ctrl(BIO *h, int cmd, bio_info_cb *fp);
73#define DEFAULT_BUFFER_SIZE 1024 73#define DEFAULT_BUFFER_SIZE 4096
74 74
75static BIO_METHOD methods_buffer= 75static BIO_METHOD methods_buffer=
76 { 76 {
diff --git a/src/lib/libcrypto/bn/asm/mips3.s b/src/lib/libcrypto/bn/asm/mips3.s
index 45786c00a5..dca4105c7d 100644
--- a/src/lib/libcrypto/bn/asm/mips3.s
+++ b/src/lib/libcrypto/bn/asm/mips3.s
@@ -1,5 +1,5 @@
1.rdata 1.rdata
2.asciiz "mips3.s, Version 1.0" 2.asciiz "mips3.s, Version 1.1"
3.asciiz "MIPS III/IV ISA artwork by Andy Polyakov <appro@fy.chalmers.se>" 3.asciiz "MIPS III/IV ISA artwork by Andy Polyakov <appro@fy.chalmers.se>"
4 4
5/* 5/*
@@ -849,6 +849,7 @@ LEAF(bn_mul_comba8)
849 sltu AT,c_1,t_1 849 sltu AT,c_1,t_1
850 daddu t_2,AT 850 daddu t_2,AT
851 daddu c_2,t_2 851 daddu c_2,t_2
852 sltu c_3,c_2,t_2
852 dmultu a_1,b_2 /* mul_add_c(a[1],b[2],c1,c2,c3); */ 853 dmultu a_1,b_2 /* mul_add_c(a[1],b[2],c1,c2,c3); */
853 mflo t_1 854 mflo t_1
854 mfhi t_2 855 mfhi t_2
@@ -856,7 +857,8 @@ LEAF(bn_mul_comba8)
856 sltu AT,c_1,t_1 857 sltu AT,c_1,t_1
857 daddu t_2,AT 858 daddu t_2,AT
858 daddu c_2,t_2 859 daddu c_2,t_2
859 sltu c_3,c_2,t_2 860 sltu AT,c_2,t_2
861 daddu c_3,AT
860 dmultu a_2,b_1 /* mul_add_c(a[2],b[1],c1,c2,c3); */ 862 dmultu a_2,b_1 /* mul_add_c(a[2],b[1],c1,c2,c3); */
861 mflo t_1 863 mflo t_1
862 mfhi t_2 864 mfhi t_2
@@ -884,6 +886,7 @@ LEAF(bn_mul_comba8)
884 sltu AT,c_2,t_1 886 sltu AT,c_2,t_1
885 daddu t_2,AT 887 daddu t_2,AT
886 daddu c_3,t_2 888 daddu c_3,t_2
889 sltu c_1,c_3,t_2
887 dmultu a_3,b_1 /* mul_add_c(a[3],b[1],c2,c3,c1); */ 890 dmultu a_3,b_1 /* mul_add_c(a[3],b[1],c2,c3,c1); */
888 mflo t_1 891 mflo t_1
889 mfhi t_2 892 mfhi t_2
@@ -891,7 +894,8 @@ LEAF(bn_mul_comba8)
891 sltu AT,c_2,t_1 894 sltu AT,c_2,t_1
892 daddu t_2,AT 895 daddu t_2,AT
893 daddu c_3,t_2 896 daddu c_3,t_2
894 sltu c_1,c_3,t_2 897 sltu AT,c_3,t_2
898 daddu c_1,AT
895 dmultu a_2,b_2 /* mul_add_c(a[2],b[2],c2,c3,c1); */ 899 dmultu a_2,b_2 /* mul_add_c(a[2],b[2],c2,c3,c1); */
896 mflo t_1 900 mflo t_1
897 mfhi t_2 901 mfhi t_2
@@ -928,6 +932,7 @@ LEAF(bn_mul_comba8)
928 sltu AT,c_3,t_1 932 sltu AT,c_3,t_1
929 daddu t_2,AT 933 daddu t_2,AT
930 daddu c_1,t_2 934 daddu c_1,t_2
935 sltu c_2,c_1,t_2
931 dmultu a_1,b_4 /* mul_add_c(a[1],b[4],c3,c1,c2); */ 936 dmultu a_1,b_4 /* mul_add_c(a[1],b[4],c3,c1,c2); */
932 mflo t_1 937 mflo t_1
933 mfhi t_2 938 mfhi t_2
@@ -935,7 +940,8 @@ LEAF(bn_mul_comba8)
935 sltu AT,c_3,t_1 940 sltu AT,c_3,t_1
936 daddu t_2,AT 941 daddu t_2,AT
937 daddu c_1,t_2 942 daddu c_1,t_2
938 sltu c_2,c_1,t_2 943 sltu AT,c_1,t_2
944 daddu c_2,AT
939 dmultu a_2,b_3 /* mul_add_c(a[2],b[3],c3,c1,c2); */ 945 dmultu a_2,b_3 /* mul_add_c(a[2],b[3],c3,c1,c2); */
940 mflo t_1 946 mflo t_1
941 mfhi t_2 947 mfhi t_2
@@ -981,6 +987,7 @@ LEAF(bn_mul_comba8)
981 sltu AT,c_1,t_1 987 sltu AT,c_1,t_1
982 daddu t_2,AT 988 daddu t_2,AT
983 daddu c_2,t_2 989 daddu c_2,t_2
990 sltu c_3,c_2,t_2
984 dmultu a_5,b_1 /* mul_add_c(a[5],b[1],c1,c2,c3); */ 991 dmultu a_5,b_1 /* mul_add_c(a[5],b[1],c1,c2,c3); */
985 mflo t_1 992 mflo t_1
986 mfhi t_2 993 mfhi t_2
@@ -988,7 +995,8 @@ LEAF(bn_mul_comba8)
988 sltu AT,c_1,t_1 995 sltu AT,c_1,t_1
989 daddu t_2,AT 996 daddu t_2,AT
990 daddu c_2,t_2 997 daddu c_2,t_2
991 sltu c_3,c_2,t_2 998 sltu AT,c_2,t_2
999 daddu c_3,AT
992 dmultu a_4,b_2 /* mul_add_c(a[4],b[2],c1,c2,c3); */ 1000 dmultu a_4,b_2 /* mul_add_c(a[4],b[2],c1,c2,c3); */
993 mflo t_1 1001 mflo t_1
994 mfhi t_2 1002 mfhi t_2
@@ -1043,6 +1051,7 @@ LEAF(bn_mul_comba8)
1043 sltu AT,c_2,t_1 1051 sltu AT,c_2,t_1
1044 daddu t_2,AT 1052 daddu t_2,AT
1045 daddu c_3,t_2 1053 daddu c_3,t_2
1054 sltu c_1,c_3,t_2
1046 dmultu a_1,b_6 /* mul_add_c(a[1],b[6],c2,c3,c1); */ 1055 dmultu a_1,b_6 /* mul_add_c(a[1],b[6],c2,c3,c1); */
1047 mflo t_1 1056 mflo t_1
1048 mfhi t_2 1057 mfhi t_2
@@ -1050,7 +1059,8 @@ LEAF(bn_mul_comba8)
1050 sltu AT,c_2,t_1 1059 sltu AT,c_2,t_1
1051 daddu t_2,AT 1060 daddu t_2,AT
1052 daddu c_3,t_2 1061 daddu c_3,t_2
1053 sltu c_1,c_3,t_2 1062 sltu AT,c_3,t_2
1063 daddu c_1,AT
1054 dmultu a_2,b_5 /* mul_add_c(a[2],b[5],c2,c3,c1); */ 1064 dmultu a_2,b_5 /* mul_add_c(a[2],b[5],c2,c3,c1); */
1055 mflo t_1 1065 mflo t_1
1056 mfhi t_2 1066 mfhi t_2
@@ -1114,6 +1124,7 @@ LEAF(bn_mul_comba8)
1114 sltu AT,c_3,t_1 1124 sltu AT,c_3,t_1
1115 daddu t_2,AT 1125 daddu t_2,AT
1116 daddu c_1,t_2 1126 daddu c_1,t_2
1127 sltu c_2,c_1,t_2
1117 dmultu a_6,b_2 /* mul_add_c(a[6],b[2],c3,c1,c2); */ 1128 dmultu a_6,b_2 /* mul_add_c(a[6],b[2],c3,c1,c2); */
1118 mflo t_1 1129 mflo t_1
1119 mfhi t_2 1130 mfhi t_2
@@ -1121,7 +1132,8 @@ LEAF(bn_mul_comba8)
1121 sltu AT,c_3,t_1 1132 sltu AT,c_3,t_1
1122 daddu t_2,AT 1133 daddu t_2,AT
1123 daddu c_1,t_2 1134 daddu c_1,t_2
1124 sltu c_2,c_1,t_2 1135 sltu AT,c_1,t_2
1136 daddu c_2,AT
1125 dmultu a_5,b_3 /* mul_add_c(a[5],b[3],c3,c1,c2); */ 1137 dmultu a_5,b_3 /* mul_add_c(a[5],b[3],c3,c1,c2); */
1126 mflo t_1 1138 mflo t_1
1127 mfhi t_2 1139 mfhi t_2
@@ -1176,6 +1188,7 @@ LEAF(bn_mul_comba8)
1176 sltu AT,c_1,t_1 1188 sltu AT,c_1,t_1
1177 daddu t_2,AT 1189 daddu t_2,AT
1178 daddu c_2,t_2 1190 daddu c_2,t_2
1191 sltu c_3,c_2,t_2
1179 dmultu a_3,b_6 /* mul_add_c(a[3],b[6],c1,c2,c3); */ 1192 dmultu a_3,b_6 /* mul_add_c(a[3],b[6],c1,c2,c3); */
1180 mflo t_1 1193 mflo t_1
1181 mfhi t_2 1194 mfhi t_2
@@ -1183,7 +1196,8 @@ LEAF(bn_mul_comba8)
1183 sltu AT,c_1,t_1 1196 sltu AT,c_1,t_1
1184 daddu t_2,AT 1197 daddu t_2,AT
1185 daddu c_2,t_2 1198 daddu c_2,t_2
1186 sltu c_3,c_2,t_2 1199 sltu AT,c_2,t_2
1200 daddu c_3,AT
1187 dmultu a_4,b_5 /* mul_add_c(a[4],b[5],c1,c2,c3); */ 1201 dmultu a_4,b_5 /* mul_add_c(a[4],b[5],c1,c2,c3); */
1188 mflo t_1 1202 mflo t_1
1189 mfhi t_2 1203 mfhi t_2
@@ -1229,6 +1243,7 @@ LEAF(bn_mul_comba8)
1229 sltu AT,c_2,t_1 1243 sltu AT,c_2,t_1
1230 daddu t_2,AT 1244 daddu t_2,AT
1231 daddu c_3,t_2 1245 daddu c_3,t_2
1246 sltu c_1,c_3,t_2
1232 dmultu a_6,b_4 /* mul_add_c(a[6],b[4],c2,c3,c1); */ 1247 dmultu a_6,b_4 /* mul_add_c(a[6],b[4],c2,c3,c1); */
1233 mflo t_1 1248 mflo t_1
1234 mfhi t_2 1249 mfhi t_2
@@ -1236,7 +1251,8 @@ LEAF(bn_mul_comba8)
1236 sltu AT,c_2,t_1 1251 sltu AT,c_2,t_1
1237 daddu t_2,AT 1252 daddu t_2,AT
1238 daddu c_3,t_2 1253 daddu c_3,t_2
1239 sltu c_1,c_3,t_2 1254 sltu AT,c_3,t_2
1255 daddu c_1,AT
1240 dmultu a_5,b_5 /* mul_add_c(a[5],b[5],c2,c3,c1); */ 1256 dmultu a_5,b_5 /* mul_add_c(a[5],b[5],c2,c3,c1); */
1241 mflo t_1 1257 mflo t_1
1242 mfhi t_2 1258 mfhi t_2
@@ -1273,6 +1289,7 @@ LEAF(bn_mul_comba8)
1273 sltu AT,c_3,t_1 1289 sltu AT,c_3,t_1
1274 daddu t_2,AT 1290 daddu t_2,AT
1275 daddu c_1,t_2 1291 daddu c_1,t_2
1292 sltu c_2,c_1,t_2
1276 dmultu a_5,b_6 /* mul_add_c(a[5],b[6],c3,c1,c2); */ 1293 dmultu a_5,b_6 /* mul_add_c(a[5],b[6],c3,c1,c2); */
1277 mflo t_1 1294 mflo t_1
1278 mfhi t_2 1295 mfhi t_2
@@ -1280,7 +1297,8 @@ LEAF(bn_mul_comba8)
1280 sltu AT,c_3,t_1 1297 sltu AT,c_3,t_1
1281 daddu t_2,AT 1298 daddu t_2,AT
1282 daddu c_1,t_2 1299 daddu c_1,t_2
1283 sltu c_2,c_1,t_2 1300 sltu AT,c_1,t_2
1301 daddu c_2,AT
1284 dmultu a_6,b_5 /* mul_add_c(a[6],b[5],c3,c1,c2); */ 1302 dmultu a_6,b_5 /* mul_add_c(a[6],b[5],c3,c1,c2); */
1285 mflo t_1 1303 mflo t_1
1286 mfhi t_2 1304 mfhi t_2
@@ -1308,6 +1326,7 @@ LEAF(bn_mul_comba8)
1308 sltu AT,c_1,t_1 1326 sltu AT,c_1,t_1
1309 daddu t_2,AT 1327 daddu t_2,AT
1310 daddu c_2,t_2 1328 daddu c_2,t_2
1329 sltu c_3,c_2,t_2
1311 dmultu a_6,b_6 /* mul_add_c(a[6],b[6],c1,c2,c3); */ 1330 dmultu a_6,b_6 /* mul_add_c(a[6],b[6],c1,c2,c3); */
1312 mflo t_1 1331 mflo t_1
1313 mfhi t_2 1332 mfhi t_2
@@ -1315,7 +1334,8 @@ LEAF(bn_mul_comba8)
1315 sltu AT,c_1,t_1 1334 sltu AT,c_1,t_1
1316 daddu t_2,AT 1335 daddu t_2,AT
1317 daddu c_2,t_2 1336 daddu c_2,t_2
1318 sltu c_3,c_2,t_2 1337 sltu AT,c_2,t_2
1338 daddu c_3,AT
1319 dmultu a_5,b_7 /* mul_add_c(a[5],b[7],c1,c2,c3); */ 1339 dmultu a_5,b_7 /* mul_add_c(a[5],b[7],c1,c2,c3); */
1320 mflo t_1 1340 mflo t_1
1321 mfhi t_2 1341 mfhi t_2
@@ -1334,6 +1354,7 @@ LEAF(bn_mul_comba8)
1334 sltu AT,c_2,t_1 1354 sltu AT,c_2,t_1
1335 daddu t_2,AT 1355 daddu t_2,AT
1336 daddu c_3,t_2 1356 daddu c_3,t_2
1357 sltu c_1,c_3,t_2
1337 dmultu a_7,b_6 /* mul_add_c(a[7],b[6],c2,c3,c1); */ 1358 dmultu a_7,b_6 /* mul_add_c(a[7],b[6],c2,c3,c1); */
1338 mflo t_1 1359 mflo t_1
1339 mfhi t_2 1360 mfhi t_2
@@ -1341,7 +1362,8 @@ LEAF(bn_mul_comba8)
1341 sltu AT,c_2,t_1 1362 sltu AT,c_2,t_1
1342 daddu t_2,AT 1363 daddu t_2,AT
1343 daddu c_3,t_2 1364 daddu c_3,t_2
1344 sltu c_1,c_3,t_2 1365 sltu AT,c_3,t_2
1366 daddu c_1,AT
1345 sd c_2,104(a0) /* r[13]=c2; */ 1367 sd c_2,104(a0) /* r[13]=c2; */
1346 1368
1347 dmultu a_7,b_7 /* mul_add_c(a[7],b[7],c3,c1,c2); */ 1369 dmultu a_7,b_7 /* mul_add_c(a[7],b[7],c3,c1,c2); */
@@ -1430,6 +1452,7 @@ LEAF(bn_mul_comba4)
1430 sltu AT,c_1,t_1 1452 sltu AT,c_1,t_1
1431 daddu t_2,AT 1453 daddu t_2,AT
1432 daddu c_2,t_2 1454 daddu c_2,t_2
1455 sltu c_3,c_2,t_2
1433 dmultu a_1,b_2 /* mul_add_c(a[1],b[2],c1,c2,c3); */ 1456 dmultu a_1,b_2 /* mul_add_c(a[1],b[2],c1,c2,c3); */
1434 mflo t_1 1457 mflo t_1
1435 mfhi t_2 1458 mfhi t_2
@@ -1437,7 +1460,8 @@ LEAF(bn_mul_comba4)
1437 sltu AT,c_1,t_1 1460 sltu AT,c_1,t_1
1438 daddu t_2,AT 1461 daddu t_2,AT
1439 daddu c_2,t_2 1462 daddu c_2,t_2
1440 sltu c_3,c_2,t_2 1463 sltu AT,c_2,t_2
1464 daddu c_3,AT
1441 dmultu a_2,b_1 /* mul_add_c(a[2],b[1],c1,c2,c3); */ 1465 dmultu a_2,b_1 /* mul_add_c(a[2],b[1],c1,c2,c3); */
1442 mflo t_1 1466 mflo t_1
1443 mfhi t_2 1467 mfhi t_2
@@ -1465,6 +1489,7 @@ LEAF(bn_mul_comba4)
1465 sltu AT,c_2,t_1 1489 sltu AT,c_2,t_1
1466 daddu t_2,AT 1490 daddu t_2,AT
1467 daddu c_3,t_2 1491 daddu c_3,t_2
1492 sltu c_1,c_3,t_2
1468 dmultu a_2,b_2 /* mul_add_c(a[2],b[2],c2,c3,c1); */ 1493 dmultu a_2,b_2 /* mul_add_c(a[2],b[2],c2,c3,c1); */
1469 mflo t_1 1494 mflo t_1
1470 mfhi t_2 1495 mfhi t_2
@@ -1472,7 +1497,8 @@ LEAF(bn_mul_comba4)
1472 sltu AT,c_2,t_1 1497 sltu AT,c_2,t_1
1473 daddu t_2,AT 1498 daddu t_2,AT
1474 daddu c_3,t_2 1499 daddu c_3,t_2
1475 sltu c_1,c_3,t_2 1500 sltu AT,c_3,t_2
1501 daddu c_1,AT
1476 dmultu a_1,b_3 /* mul_add_c(a[1],b[3],c2,c3,c1); */ 1502 dmultu a_1,b_3 /* mul_add_c(a[1],b[3],c2,c3,c1); */
1477 mflo t_1 1503 mflo t_1
1478 mfhi t_2 1504 mfhi t_2
@@ -1491,6 +1517,7 @@ LEAF(bn_mul_comba4)
1491 sltu AT,c_3,t_1 1517 sltu AT,c_3,t_1
1492 daddu t_2,AT 1518 daddu t_2,AT
1493 daddu c_1,t_2 1519 daddu c_1,t_2
1520 sltu c_2,c_1,t_2
1494 dmultu a_3,b_2 /* mul_add_c(a[3],b[2],c3,c1,c2); */ 1521 dmultu a_3,b_2 /* mul_add_c(a[3],b[2],c3,c1,c2); */
1495 mflo t_1 1522 mflo t_1
1496 mfhi t_2 1523 mfhi t_2
@@ -1498,7 +1525,8 @@ LEAF(bn_mul_comba4)
1498 sltu AT,c_3,t_1 1525 sltu AT,c_3,t_1
1499 daddu t_2,AT 1526 daddu t_2,AT
1500 daddu c_1,t_2 1527 daddu c_1,t_2
1501 sltu c_2,c_1,t_2 1528 sltu AT,c_1,t_2
1529 daddu c_2,AT
1502 sd c_3,40(a0) 1530 sd c_3,40(a0)
1503 1531
1504 dmultu a_3,b_3 /* mul_add_c(a[3],b[3],c1,c2,c3); */ 1532 dmultu a_3,b_3 /* mul_add_c(a[3],b[3],c1,c2,c3); */
@@ -1543,28 +1571,30 @@ LEAF(bn_sqr_comba8)
1543 dmultu a_0,a_1 /* mul_add_c2(a[0],b[1],c2,c3,c1); */ 1571 dmultu a_0,a_1 /* mul_add_c2(a[0],b[1],c2,c3,c1); */
1544 mflo t_1 1572 mflo t_1
1545 mfhi t_2 1573 mfhi t_2
1574 slt c_1,t_2,zero
1575 dsll t_2,1
1576 slt a2,t_1,zero
1577 daddu t_2,a2
1578 dsll t_1,1
1546 daddu c_2,t_1 1579 daddu c_2,t_1
1547 sltu AT,c_2,t_1 1580 sltu AT,c_2,t_1
1548 daddu c_3,t_2,AT 1581 daddu c_3,t_2,AT
1549 daddu c_2,t_1
1550 sltu AT,c_2,t_1
1551 daddu t_2,AT
1552 daddu c_3,t_2
1553 sltu c_1,c_3,t_2
1554 sd c_2,8(a0) 1582 sd c_2,8(a0)
1555 1583
1556 dmultu a_2,a_0 /* mul_add_c2(a[2],b[0],c3,c1,c2); */ 1584 dmultu a_2,a_0 /* mul_add_c2(a[2],b[0],c3,c1,c2); */
1557 mflo t_1 1585 mflo t_1
1558 mfhi t_2 1586 mfhi t_2
1559 daddu c_3,t_1 1587 slt c_2,t_2,zero
1560 sltu AT,c_3,t_1 1588 dsll t_2,1
1561 daddu a2,t_2,AT 1589 slt a2,t_1,zero
1562 daddu c_1,a2 1590 daddu t_2,a2
1591 dsll t_1,1
1563 daddu c_3,t_1 1592 daddu c_3,t_1
1564 sltu AT,c_3,t_1 1593 sltu AT,c_3,t_1
1565 daddu t_2,AT 1594 daddu t_2,AT
1566 daddu c_1,t_2 1595 daddu c_1,t_2
1567 sltu c_2,c_1,t_2 1596 sltu AT,c_1,t_2
1597 daddu c_2,AT
1568 dmultu a_1,a_1 /* mul_add_c(a[1],b[1],c3,c1,c2); */ 1598 dmultu a_1,a_1 /* mul_add_c(a[1],b[1],c3,c1,c2); */
1569 mflo t_1 1599 mflo t_1
1570 mfhi t_2 1600 mfhi t_2
@@ -1579,24 +1609,26 @@ LEAF(bn_sqr_comba8)
1579 dmultu a_0,a_3 /* mul_add_c2(a[0],b[3],c1,c2,c3); */ 1609 dmultu a_0,a_3 /* mul_add_c2(a[0],b[3],c1,c2,c3); */
1580 mflo t_1 1610 mflo t_1
1581 mfhi t_2 1611 mfhi t_2
1582 daddu c_1,t_1 1612 slt c_3,t_2,zero
1583 sltu AT,c_1,t_1 1613 dsll t_2,1
1584 daddu a2,t_2,AT 1614 slt a2,t_1,zero
1585 daddu c_2,a2 1615 daddu t_2,a2
1616 dsll t_1,1
1586 daddu c_1,t_1 1617 daddu c_1,t_1
1587 sltu AT,c_1,t_1 1618 sltu AT,c_1,t_1
1588 daddu t_2,AT 1619 daddu t_2,AT
1589 daddu c_2,t_2 1620 daddu c_2,t_2
1590 sltu c_3,c_2,t_2 1621 sltu AT,c_2,t_2
1622 daddu c_3,AT
1591 dmultu a_1,a_2 /* mul_add_c2(a[1],b[2],c1,c2,c3); */ 1623 dmultu a_1,a_2 /* mul_add_c2(a[1],b[2],c1,c2,c3); */
1592 mflo t_1 1624 mflo t_1
1593 mfhi t_2 1625 mfhi t_2
1594 daddu c_1,t_1 1626 slt AT,t_2,zero
1595 sltu AT,c_1,t_1
1596 daddu a2,t_2,AT
1597 daddu c_2,a2
1598 sltu AT,c_2,a2
1599 daddu c_3,AT 1627 daddu c_3,AT
1628 dsll t_2,1
1629 slt a2,t_1,zero
1630 daddu t_2,a2
1631 dsll t_1,1
1600 daddu c_1,t_1 1632 daddu c_1,t_1
1601 sltu AT,c_1,t_1 1633 sltu AT,c_1,t_1
1602 daddu t_2,AT 1634 daddu t_2,AT
@@ -1608,24 +1640,26 @@ LEAF(bn_sqr_comba8)
1608 dmultu a_4,a_0 /* mul_add_c2(a[4],b[0],c2,c3,c1); */ 1640 dmultu a_4,a_0 /* mul_add_c2(a[4],b[0],c2,c3,c1); */
1609 mflo t_1 1641 mflo t_1
1610 mfhi t_2 1642 mfhi t_2
1611 daddu c_2,t_1 1643 slt c_1,t_2,zero
1612 sltu AT,c_2,t_1 1644 dsll t_2,1
1613 daddu a2,t_2,AT 1645 slt a2,t_1,zero
1614 daddu c_3,a2 1646 daddu t_2,a2
1647 dsll t_1,1
1615 daddu c_2,t_1 1648 daddu c_2,t_1
1616 sltu AT,c_2,t_1 1649 sltu AT,c_2,t_1
1617 daddu t_2,AT 1650 daddu t_2,AT
1618 daddu c_3,t_2 1651 daddu c_3,t_2
1619 sltu c_1,c_3,t_2 1652 sltu AT,c_3,t_2
1653 daddu c_1,AT
1620 dmultu a_3,a_1 /* mul_add_c2(a[3],b[1],c2,c3,c1); */ 1654 dmultu a_3,a_1 /* mul_add_c2(a[3],b[1],c2,c3,c1); */
1621 mflo t_1 1655 mflo t_1
1622 mfhi t_2 1656 mfhi t_2
1623 daddu c_2,t_1 1657 slt AT,t_2,zero
1624 sltu AT,c_2,t_1
1625 daddu a2,t_2,AT
1626 daddu c_3,a2
1627 sltu AT,c_3,a2
1628 daddu c_1,AT 1658 daddu c_1,AT
1659 dsll t_2,1
1660 slt a2,t_1,zero
1661 daddu t_2,a2
1662 dsll t_1,1
1629 daddu c_2,t_1 1663 daddu c_2,t_1
1630 sltu AT,c_2,t_1 1664 sltu AT,c_2,t_1
1631 daddu t_2,AT 1665 daddu t_2,AT
@@ -1646,24 +1680,26 @@ LEAF(bn_sqr_comba8)
1646 dmultu a_0,a_5 /* mul_add_c2(a[0],b[5],c3,c1,c2); */ 1680 dmultu a_0,a_5 /* mul_add_c2(a[0],b[5],c3,c1,c2); */
1647 mflo t_1 1681 mflo t_1
1648 mfhi t_2 1682 mfhi t_2
1649 daddu c_3,t_1 1683 slt c_2,t_2,zero
1650 sltu AT,c_3,t_1 1684 dsll t_2,1
1651 daddu a2,t_2,AT 1685 slt a2,t_1,zero
1652 daddu c_1,a2 1686 daddu t_2,a2
1687 dsll t_1,1
1653 daddu c_3,t_1 1688 daddu c_3,t_1
1654 sltu AT,c_3,t_1 1689 sltu AT,c_3,t_1
1655 daddu t_2,AT 1690 daddu t_2,AT
1656 daddu c_1,t_2 1691 daddu c_1,t_2
1657 sltu c_2,c_1,t_2 1692 sltu AT,c_1,t_2
1693 daddu c_2,AT
1658 dmultu a_1,a_4 /* mul_add_c2(a[1],b[4],c3,c1,c2); */ 1694 dmultu a_1,a_4 /* mul_add_c2(a[1],b[4],c3,c1,c2); */
1659 mflo t_1 1695 mflo t_1
1660 mfhi t_2 1696 mfhi t_2
1661 daddu c_3,t_1 1697 slt AT,t_2,zero
1662 sltu AT,c_3,t_1
1663 daddu a2,t_2,AT
1664 daddu c_1,a2
1665 sltu AT,c_1,a2
1666 daddu c_2,AT 1698 daddu c_2,AT
1699 dsll t_2,1
1700 slt a2,t_1,zero
1701 daddu t_2,a2
1702 dsll t_1,1
1667 daddu c_3,t_1 1703 daddu c_3,t_1
1668 sltu AT,c_3,t_1 1704 sltu AT,c_3,t_1
1669 daddu t_2,AT 1705 daddu t_2,AT
@@ -1673,12 +1709,12 @@ LEAF(bn_sqr_comba8)
1673 dmultu a_2,a_3 /* mul_add_c2(a[2],b[3],c3,c1,c2); */ 1709 dmultu a_2,a_3 /* mul_add_c2(a[2],b[3],c3,c1,c2); */
1674 mflo t_1 1710 mflo t_1
1675 mfhi t_2 1711 mfhi t_2
1676 daddu c_3,t_1 1712 slt AT,t_2,zero
1677 sltu AT,c_3,t_1
1678 daddu a2,t_2,AT
1679 daddu c_1,a2
1680 sltu AT,c_1,a2
1681 daddu c_2,AT 1713 daddu c_2,AT
1714 dsll t_2,1
1715 slt a2,t_1,zero
1716 daddu t_2,a2
1717 dsll t_1,1
1682 daddu c_3,t_1 1718 daddu c_3,t_1
1683 sltu AT,c_3,t_1 1719 sltu AT,c_3,t_1
1684 daddu t_2,AT 1720 daddu t_2,AT
@@ -1690,24 +1726,26 @@ LEAF(bn_sqr_comba8)
1690 dmultu a_6,a_0 /* mul_add_c2(a[6],b[0],c1,c2,c3); */ 1726 dmultu a_6,a_0 /* mul_add_c2(a[6],b[0],c1,c2,c3); */
1691 mflo t_1 1727 mflo t_1
1692 mfhi t_2 1728 mfhi t_2
1693 daddu c_1,t_1 1729 slt c_3,t_2,zero
1694 sltu AT,c_1,t_1 1730 dsll t_2,1
1695 daddu a2,t_2,AT 1731 slt a2,t_1,zero
1696 daddu c_2,a2 1732 daddu t_2,a2
1733 dsll t_1,1
1697 daddu c_1,t_1 1734 daddu c_1,t_1
1698 sltu AT,c_1,t_1 1735 sltu AT,c_1,t_1
1699 daddu t_2,AT 1736 daddu t_2,AT
1700 daddu c_2,t_2 1737 daddu c_2,t_2
1701 sltu c_3,c_2,t_2 1738 sltu AT,c_2,t_2
1739 daddu c_3,AT
1702 dmultu a_5,a_1 /* mul_add_c2(a[5],b[1],c1,c2,c3); */ 1740 dmultu a_5,a_1 /* mul_add_c2(a[5],b[1],c1,c2,c3); */
1703 mflo t_1 1741 mflo t_1
1704 mfhi t_2 1742 mfhi t_2
1705 daddu c_1,t_1 1743 slt AT,t_2,zero
1706 sltu AT,c_1,t_1
1707 daddu a2,t_2,AT
1708 daddu c_2,a2
1709 sltu AT,c_2,a2
1710 daddu c_3,AT 1744 daddu c_3,AT
1745 dsll t_2,1
1746 slt a2,t_1,zero
1747 daddu t_2,a2
1748 dsll t_1,1
1711 daddu c_1,t_1 1749 daddu c_1,t_1
1712 sltu AT,c_1,t_1 1750 sltu AT,c_1,t_1
1713 daddu t_2,AT 1751 daddu t_2,AT
@@ -1717,12 +1755,12 @@ LEAF(bn_sqr_comba8)
1717 dmultu a_4,a_2 /* mul_add_c2(a[4],b[2],c1,c2,c3); */ 1755 dmultu a_4,a_2 /* mul_add_c2(a[4],b[2],c1,c2,c3); */
1718 mflo t_1 1756 mflo t_1
1719 mfhi t_2 1757 mfhi t_2
1720 daddu c_1,t_1 1758 slt AT,t_2,zero
1721 sltu AT,c_1,t_1
1722 daddu a2,t_2,AT
1723 daddu c_2,a2
1724 sltu AT,c_2,a2
1725 daddu c_3,AT 1759 daddu c_3,AT
1760 dsll t_2,1
1761 slt a2,t_1,zero
1762 daddu t_2,a2
1763 dsll t_1,1
1726 daddu c_1,t_1 1764 daddu c_1,t_1
1727 sltu AT,c_1,t_1 1765 sltu AT,c_1,t_1
1728 daddu t_2,AT 1766 daddu t_2,AT
@@ -1743,24 +1781,26 @@ LEAF(bn_sqr_comba8)
1743 dmultu a_0,a_7 /* mul_add_c2(a[0],b[7],c2,c3,c1); */ 1781 dmultu a_0,a_7 /* mul_add_c2(a[0],b[7],c2,c3,c1); */
1744 mflo t_1 1782 mflo t_1
1745 mfhi t_2 1783 mfhi t_2
1746 daddu c_2,t_1 1784 slt c_1,t_2,zero
1747 sltu AT,c_2,t_1 1785 dsll t_2,1
1748 daddu a2,t_2,AT 1786 slt a2,t_1,zero
1749 daddu c_3,a2 1787 daddu t_2,a2
1788 dsll t_1,1
1750 daddu c_2,t_1 1789 daddu c_2,t_1
1751 sltu AT,c_2,t_1 1790 sltu AT,c_2,t_1
1752 daddu t_2,AT 1791 daddu t_2,AT
1753 daddu c_3,t_2 1792 daddu c_3,t_2
1754 sltu c_1,c_3,t_2 1793 sltu AT,c_3,t_2
1794 daddu c_1,AT
1755 dmultu a_1,a_6 /* mul_add_c2(a[1],b[6],c2,c3,c1); */ 1795 dmultu a_1,a_6 /* mul_add_c2(a[1],b[6],c2,c3,c1); */
1756 mflo t_1 1796 mflo t_1
1757 mfhi t_2 1797 mfhi t_2
1758 daddu c_2,t_1 1798 slt AT,t_2,zero
1759 sltu AT,c_2,t_1
1760 daddu a2,t_2,AT
1761 daddu c_3,a2
1762 sltu AT,c_3,a2
1763 daddu c_1,AT 1799 daddu c_1,AT
1800 dsll t_2,1
1801 slt a2,t_1,zero
1802 daddu t_2,a2
1803 dsll t_1,1
1764 daddu c_2,t_1 1804 daddu c_2,t_1
1765 sltu AT,c_2,t_1 1805 sltu AT,c_2,t_1
1766 daddu t_2,AT 1806 daddu t_2,AT
@@ -1770,12 +1810,12 @@ LEAF(bn_sqr_comba8)
1770 dmultu a_2,a_5 /* mul_add_c2(a[2],b[5],c2,c3,c1); */ 1810 dmultu a_2,a_5 /* mul_add_c2(a[2],b[5],c2,c3,c1); */
1771 mflo t_1 1811 mflo t_1
1772 mfhi t_2 1812 mfhi t_2
1773 daddu c_2,t_1 1813 slt AT,t_2,zero
1774 sltu AT,c_2,t_1
1775 daddu a2,t_2,AT
1776 daddu c_3,a2
1777 sltu AT,c_3,a2
1778 daddu c_1,AT 1814 daddu c_1,AT
1815 dsll t_2,1
1816 slt a2,t_1,zero
1817 daddu t_2,a2
1818 dsll t_1,1
1779 daddu c_2,t_1 1819 daddu c_2,t_1
1780 sltu AT,c_2,t_1 1820 sltu AT,c_2,t_1
1781 daddu t_2,AT 1821 daddu t_2,AT
@@ -1785,12 +1825,12 @@ LEAF(bn_sqr_comba8)
1785 dmultu a_3,a_4 /* mul_add_c2(a[3],b[4],c2,c3,c1); */ 1825 dmultu a_3,a_4 /* mul_add_c2(a[3],b[4],c2,c3,c1); */
1786 mflo t_1 1826 mflo t_1
1787 mfhi t_2 1827 mfhi t_2
1788 daddu c_2,t_1 1828 slt AT,t_2,zero
1789 sltu AT,c_2,t_1
1790 daddu a2,t_2,AT
1791 daddu c_3,a2
1792 sltu AT,c_3,a2
1793 daddu c_1,AT 1829 daddu c_1,AT
1830 dsll t_2,1
1831 slt a2,t_1,zero
1832 daddu t_2,a2
1833 dsll t_1,1
1794 daddu c_2,t_1 1834 daddu c_2,t_1
1795 sltu AT,c_2,t_1 1835 sltu AT,c_2,t_1
1796 daddu t_2,AT 1836 daddu t_2,AT
@@ -1802,24 +1842,26 @@ LEAF(bn_sqr_comba8)
1802 dmultu a_7,a_1 /* mul_add_c2(a[7],b[1],c3,c1,c2); */ 1842 dmultu a_7,a_1 /* mul_add_c2(a[7],b[1],c3,c1,c2); */
1803 mflo t_1 1843 mflo t_1
1804 mfhi t_2 1844 mfhi t_2
1805 daddu c_3,t_1 1845 slt c_2,t_2,zero
1806 sltu AT,c_3,t_1 1846 dsll t_2,1
1807 daddu a2,t_2,AT 1847 slt a2,t_1,zero
1808 daddu c_1,a2 1848 daddu t_2,a2
1849 dsll t_1,1
1809 daddu c_3,t_1 1850 daddu c_3,t_1
1810 sltu AT,c_3,t_1 1851 sltu AT,c_3,t_1
1811 daddu t_2,AT 1852 daddu t_2,AT
1812 daddu c_1,t_2 1853 daddu c_1,t_2
1813 sltu c_2,c_1,t_2 1854 sltu AT,c_1,t_2
1855 daddu c_2,AT
1814 dmultu a_6,a_2 /* mul_add_c2(a[6],b[2],c3,c1,c2); */ 1856 dmultu a_6,a_2 /* mul_add_c2(a[6],b[2],c3,c1,c2); */
1815 mflo t_1 1857 mflo t_1
1816 mfhi t_2 1858 mfhi t_2
1817 daddu c_3,t_1 1859 slt AT,t_2,zero
1818 sltu AT,c_3,t_1
1819 daddu a2,t_2,AT
1820 daddu c_1,a2
1821 sltu AT,c_1,a2
1822 daddu c_2,AT 1860 daddu c_2,AT
1861 dsll t_2,1
1862 slt a2,t_1,zero
1863 daddu t_2,a2
1864 dsll t_1,1
1823 daddu c_3,t_1 1865 daddu c_3,t_1
1824 sltu AT,c_3,t_1 1866 sltu AT,c_3,t_1
1825 daddu t_2,AT 1867 daddu t_2,AT
@@ -1829,12 +1871,12 @@ LEAF(bn_sqr_comba8)
1829 dmultu a_5,a_3 /* mul_add_c2(a[5],b[3],c3,c1,c2); */ 1871 dmultu a_5,a_3 /* mul_add_c2(a[5],b[3],c3,c1,c2); */
1830 mflo t_1 1872 mflo t_1
1831 mfhi t_2 1873 mfhi t_2
1832 daddu c_3,t_1 1874 slt AT,t_2,zero
1833 sltu AT,c_3,t_1
1834 daddu a2,t_2,AT
1835 daddu c_1,a2
1836 sltu AT,c_1,a2
1837 daddu c_2,AT 1875 daddu c_2,AT
1876 dsll t_2,1
1877 slt a2,t_1,zero
1878 daddu t_2,a2
1879 dsll t_1,1
1838 daddu c_3,t_1 1880 daddu c_3,t_1
1839 sltu AT,c_3,t_1 1881 sltu AT,c_3,t_1
1840 daddu t_2,AT 1882 daddu t_2,AT
@@ -1855,24 +1897,26 @@ LEAF(bn_sqr_comba8)
1855 dmultu a_2,a_7 /* mul_add_c2(a[2],b[7],c1,c2,c3); */ 1897 dmultu a_2,a_7 /* mul_add_c2(a[2],b[7],c1,c2,c3); */
1856 mflo t_1 1898 mflo t_1
1857 mfhi t_2 1899 mfhi t_2
1858 daddu c_1,t_1 1900 slt c_3,t_2,zero
1859 sltu AT,c_1,t_1 1901 dsll t_2,1
1860 daddu a2,t_2,AT 1902 slt a2,t_1,zero
1861 daddu c_2,a2 1903 daddu t_2,a2
1904 dsll t_1,1
1862 daddu c_1,t_1 1905 daddu c_1,t_1
1863 sltu AT,c_1,t_1 1906 sltu AT,c_1,t_1
1864 daddu t_2,AT 1907 daddu t_2,AT
1865 daddu c_2,t_2 1908 daddu c_2,t_2
1866 sltu c_3,c_2,t_2 1909 sltu AT,c_2,t_2
1910 daddu c_3,AT
1867 dmultu a_3,a_6 /* mul_add_c2(a[3],b[6],c1,c2,c3); */ 1911 dmultu a_3,a_6 /* mul_add_c2(a[3],b[6],c1,c2,c3); */
1868 mflo t_1 1912 mflo t_1
1869 mfhi t_2 1913 mfhi t_2
1870 daddu c_1,t_1 1914 slt AT,t_2,zero
1871 sltu AT,c_1,t_1
1872 daddu a2,t_2,AT
1873 daddu c_2,a2
1874 sltu AT,c_2,a2
1875 daddu c_3,AT 1915 daddu c_3,AT
1916 dsll t_2,1
1917 slt a2,t_1,zero
1918 daddu t_2,a2
1919 dsll t_1,1
1876 daddu c_1,t_1 1920 daddu c_1,t_1
1877 sltu AT,c_1,t_1 1921 sltu AT,c_1,t_1
1878 daddu t_2,AT 1922 daddu t_2,AT
@@ -1882,12 +1926,12 @@ LEAF(bn_sqr_comba8)
1882 dmultu a_4,a_5 /* mul_add_c2(a[4],b[5],c1,c2,c3); */ 1926 dmultu a_4,a_5 /* mul_add_c2(a[4],b[5],c1,c2,c3); */
1883 mflo t_1 1927 mflo t_1
1884 mfhi t_2 1928 mfhi t_2
1885 daddu c_1,t_1 1929 slt AT,t_2,zero
1886 sltu AT,c_1,t_1
1887 daddu a2,t_2,AT
1888 daddu c_2,a2
1889 sltu AT,c_2,a2
1890 daddu c_3,AT 1930 daddu c_3,AT
1931 dsll t_2,1
1932 slt a2,t_1,zero
1933 daddu t_2,a2
1934 dsll t_1,1
1891 daddu c_1,t_1 1935 daddu c_1,t_1
1892 sltu AT,c_1,t_1 1936 sltu AT,c_1,t_1
1893 daddu t_2,AT 1937 daddu t_2,AT
@@ -1899,24 +1943,26 @@ LEAF(bn_sqr_comba8)
1899 dmultu a_7,a_3 /* mul_add_c2(a[7],b[3],c2,c3,c1); */ 1943 dmultu a_7,a_3 /* mul_add_c2(a[7],b[3],c2,c3,c1); */
1900 mflo t_1 1944 mflo t_1
1901 mfhi t_2 1945 mfhi t_2
1902 daddu c_2,t_1 1946 slt c_1,t_2,zero
1903 sltu AT,c_2,t_1 1947 dsll t_2,1
1904 daddu a2,t_2,AT 1948 slt a2,t_1,zero
1905 daddu c_3,a2 1949 daddu t_2,a2
1950 dsll t_1,1
1906 daddu c_2,t_1 1951 daddu c_2,t_1
1907 sltu AT,c_2,t_1 1952 sltu AT,c_2,t_1
1908 daddu t_2,AT 1953 daddu t_2,AT
1909 daddu c_3,t_2 1954 daddu c_3,t_2
1910 sltu c_1,c_3,t_2 1955 sltu AT,c_3,t_2
1956 daddu c_1,AT
1911 dmultu a_6,a_4 /* mul_add_c2(a[6],b[4],c2,c3,c1); */ 1957 dmultu a_6,a_4 /* mul_add_c2(a[6],b[4],c2,c3,c1); */
1912 mflo t_1 1958 mflo t_1
1913 mfhi t_2 1959 mfhi t_2
1914 daddu c_2,t_1 1960 slt AT,t_2,zero
1915 sltu AT,c_2,t_1
1916 daddu a2,t_2,AT
1917 daddu c_3,a2
1918 sltu AT,c_3,a2
1919 daddu c_1,AT 1961 daddu c_1,AT
1962 dsll t_2,1
1963 slt a2,t_1,zero
1964 daddu t_2,a2
1965 dsll t_1,1
1920 daddu c_2,t_1 1966 daddu c_2,t_1
1921 sltu AT,c_2,t_1 1967 sltu AT,c_2,t_1
1922 daddu t_2,AT 1968 daddu t_2,AT
@@ -1937,24 +1983,26 @@ LEAF(bn_sqr_comba8)
1937 dmultu a_4,a_7 /* mul_add_c2(a[4],b[7],c3,c1,c2); */ 1983 dmultu a_4,a_7 /* mul_add_c2(a[4],b[7],c3,c1,c2); */
1938 mflo t_1 1984 mflo t_1
1939 mfhi t_2 1985 mfhi t_2
1940 daddu c_3,t_1 1986 slt c_2,t_2,zero
1941 sltu AT,c_3,t_1 1987 dsll t_2,1
1942 daddu a2,t_2,AT 1988 slt a2,t_1,zero
1943 daddu c_1,a2 1989 daddu t_2,a2
1990 dsll t_1,1
1944 daddu c_3,t_1 1991 daddu c_3,t_1
1945 sltu AT,c_3,t_1 1992 sltu AT,c_3,t_1
1946 daddu t_2,AT 1993 daddu t_2,AT
1947 daddu c_1,t_2 1994 daddu c_1,t_2
1948 sltu c_2,c_1,t_2 1995 sltu AT,c_1,t_2
1996 daddu c_2,AT
1949 dmultu a_5,a_6 /* mul_add_c2(a[5],b[6],c3,c1,c2); */ 1997 dmultu a_5,a_6 /* mul_add_c2(a[5],b[6],c3,c1,c2); */
1950 mflo t_1 1998 mflo t_1
1951 mfhi t_2 1999 mfhi t_2
1952 daddu c_3,t_1 2000 slt AT,t_2,zero
1953 sltu AT,c_3,t_1
1954 daddu a2,t_2,AT
1955 daddu c_1,a2
1956 sltu AT,c_1,a2
1957 daddu c_2,AT 2001 daddu c_2,AT
2002 dsll t_2,1
2003 slt a2,t_1,zero
2004 daddu t_2,a2
2005 dsll t_1,1
1958 daddu c_3,t_1 2006 daddu c_3,t_1
1959 sltu AT,c_3,t_1 2007 sltu AT,c_3,t_1
1960 daddu t_2,AT 2008 daddu t_2,AT
@@ -1966,15 +2014,17 @@ LEAF(bn_sqr_comba8)
1966 dmultu a_7,a_5 /* mul_add_c2(a[7],b[5],c1,c2,c3); */ 2014 dmultu a_7,a_5 /* mul_add_c2(a[7],b[5],c1,c2,c3); */
1967 mflo t_1 2015 mflo t_1
1968 mfhi t_2 2016 mfhi t_2
1969 daddu c_1,t_1 2017 slt c_3,t_2,zero
1970 sltu AT,c_1,t_1 2018 dsll t_2,1
1971 daddu a2,t_2,AT 2019 slt a2,t_1,zero
1972 daddu c_2,a2 2020 daddu t_2,a2
2021 dsll t_1,1
1973 daddu c_1,t_1 2022 daddu c_1,t_1
1974 sltu AT,c_1,t_1 2023 sltu AT,c_1,t_1
1975 daddu t_2,AT 2024 daddu t_2,AT
1976 daddu c_2,t_2 2025 daddu c_2,t_2
1977 sltu c_3,c_2,t_2 2026 sltu AT,c_2,t_2
2027 daddu c_3,AT
1978 dmultu a_6,a_6 /* mul_add_c(a[6],b[6],c1,c2,c3); */ 2028 dmultu a_6,a_6 /* mul_add_c(a[6],b[6],c1,c2,c3); */
1979 mflo t_1 2029 mflo t_1
1980 mfhi t_2 2030 mfhi t_2
@@ -1989,15 +2039,17 @@ LEAF(bn_sqr_comba8)
1989 dmultu a_6,a_7 /* mul_add_c2(a[6],b[7],c2,c3,c1); */ 2039 dmultu a_6,a_7 /* mul_add_c2(a[6],b[7],c2,c3,c1); */
1990 mflo t_1 2040 mflo t_1
1991 mfhi t_2 2041 mfhi t_2
1992 daddu c_2,t_1 2042 slt c_1,t_2,zero
1993 sltu AT,c_2,t_1 2043 dsll t_2,1
1994 daddu a2,t_2,AT 2044 slt a2,t_1,zero
1995 daddu c_3,a2 2045 daddu t_2,a2
2046 dsll t_1,1
1996 daddu c_2,t_1 2047 daddu c_2,t_1
1997 sltu AT,c_2,t_1 2048 sltu AT,c_2,t_1
1998 daddu t_2,AT 2049 daddu t_2,AT
1999 daddu c_3,t_2 2050 daddu c_3,t_2
2000 sltu c_1,c_3,t_2 2051 sltu AT,c_3,t_2
2052 daddu c_1,AT
2001 sd c_2,104(a0) 2053 sd c_2,104(a0)
2002 2054
2003 dmultu a_7,a_7 /* mul_add_c(a[7],b[7],c3,c1,c2); */ 2055 dmultu a_7,a_7 /* mul_add_c(a[7],b[7],c3,c1,c2); */
@@ -2028,28 +2080,30 @@ LEAF(bn_sqr_comba4)
2028 dmultu a_0,a_1 /* mul_add_c2(a[0],b[1],c2,c3,c1); */ 2080 dmultu a_0,a_1 /* mul_add_c2(a[0],b[1],c2,c3,c1); */
2029 mflo t_1 2081 mflo t_1
2030 mfhi t_2 2082 mfhi t_2
2083 slt c_1,t_2,zero
2084 dsll t_2,1
2085 slt a2,t_1,zero
2086 daddu t_2,a2
2087 dsll t_1,1
2031 daddu c_2,t_1 2088 daddu c_2,t_1
2032 sltu AT,c_2,t_1 2089 sltu AT,c_2,t_1
2033 daddu c_3,t_2,AT 2090 daddu c_3,t_2,AT
2034 daddu c_2,t_1
2035 sltu AT,c_2,t_1
2036 daddu t_2,AT
2037 daddu c_3,t_2
2038 sltu c_1,c_3,t_2
2039 sd c_2,8(a0) 2091 sd c_2,8(a0)
2040 2092
2041 dmultu a_2,a_0 /* mul_add_c2(a[2],b[0],c3,c1,c2); */ 2093 dmultu a_2,a_0 /* mul_add_c2(a[2],b[0],c3,c1,c2); */
2042 mflo t_1 2094 mflo t_1
2043 mfhi t_2 2095 mfhi t_2
2044 daddu c_3,t_1 2096 slt c_2,t_2,zero
2045 sltu AT,c_3,t_1 2097 dsll t_2,1
2046 daddu a2,t_2,AT 2098 slt a2,t_1,zero
2047 daddu c_1,a2 2099 daddu t_2,a2
2100 dsll t_1,1
2048 daddu c_3,t_1 2101 daddu c_3,t_1
2049 sltu AT,c_3,t_1 2102 sltu AT,c_3,t_1
2050 daddu t_2,AT 2103 daddu t_2,AT
2051 daddu c_1,t_2 2104 daddu c_1,t_2
2052 sltu c_2,c_1,t_2 2105 sltu AT,c_1,t_2
2106 daddu c_2,AT
2053 dmultu a_1,a_1 /* mul_add_c(a[1],b[1],c3,c1,c2); */ 2107 dmultu a_1,a_1 /* mul_add_c(a[1],b[1],c3,c1,c2); */
2054 mflo t_1 2108 mflo t_1
2055 mfhi t_2 2109 mfhi t_2
@@ -2064,24 +2118,26 @@ LEAF(bn_sqr_comba4)
2064 dmultu a_0,a_3 /* mul_add_c2(a[0],b[3],c1,c2,c3); */ 2118 dmultu a_0,a_3 /* mul_add_c2(a[0],b[3],c1,c2,c3); */
2065 mflo t_1 2119 mflo t_1
2066 mfhi t_2 2120 mfhi t_2
2067 daddu c_1,t_1 2121 slt c_3,t_2,zero
2068 sltu AT,c_1,t_1 2122 dsll t_2,1
2069 daddu a2,t_2,AT 2123 slt a2,t_1,zero
2070 daddu c_2,a2 2124 daddu t_2,a2
2125 dsll t_1,1
2071 daddu c_1,t_1 2126 daddu c_1,t_1
2072 sltu AT,c_1,t_1 2127 sltu AT,c_1,t_1
2073 daddu t_2,AT 2128 daddu t_2,AT
2074 daddu c_2,t_2 2129 daddu c_2,t_2
2075 sltu c_3,c_2,t_2 2130 sltu AT,c_2,t_2
2131 daddu c_3,AT
2076 dmultu a_1,a_2 /* mul_add_c(a2[1],b[2],c1,c2,c3); */ 2132 dmultu a_1,a_2 /* mul_add_c(a2[1],b[2],c1,c2,c3); */
2077 mflo t_1 2133 mflo t_1
2078 mfhi t_2 2134 mfhi t_2
2079 daddu c_1,t_1 2135 slt AT,t_2,zero
2080 sltu AT,c_1,t_1
2081 daddu a2,t_2,AT
2082 daddu c_2,a2
2083 sltu AT,c_2,a2
2084 daddu c_3,AT 2136 daddu c_3,AT
2137 dsll t_2,1
2138 slt a2,t_1,zero
2139 daddu t_2,a2
2140 dsll t_1,1
2085 daddu c_1,t_1 2141 daddu c_1,t_1
2086 sltu AT,c_1,t_1 2142 sltu AT,c_1,t_1
2087 daddu t_2,AT 2143 daddu t_2,AT
@@ -2093,15 +2149,17 @@ LEAF(bn_sqr_comba4)
2093 dmultu a_3,a_1 /* mul_add_c2(a[3],b[1],c2,c3,c1); */ 2149 dmultu a_3,a_1 /* mul_add_c2(a[3],b[1],c2,c3,c1); */
2094 mflo t_1 2150 mflo t_1
2095 mfhi t_2 2151 mfhi t_2
2096 daddu c_2,t_1 2152 slt c_1,t_2,zero
2097 sltu AT,c_2,t_1 2153 dsll t_2,1
2098 daddu a2,t_2,AT 2154 slt a2,t_1,zero
2099 daddu c_3,a2 2155 daddu t_2,a2
2156 dsll t_1,1
2100 daddu c_2,t_1 2157 daddu c_2,t_1
2101 sltu AT,c_2,t_1 2158 sltu AT,c_2,t_1
2102 daddu t_2,AT 2159 daddu t_2,AT
2103 daddu c_3,t_2 2160 daddu c_3,t_2
2104 sltu c_1,c_3,t_2 2161 sltu AT,c_3,t_2
2162 daddu c_1,AT
2105 dmultu a_2,a_2 /* mul_add_c(a[2],b[2],c2,c3,c1); */ 2163 dmultu a_2,a_2 /* mul_add_c(a[2],b[2],c2,c3,c1); */
2106 mflo t_1 2164 mflo t_1
2107 mfhi t_2 2165 mfhi t_2
@@ -2116,15 +2174,17 @@ LEAF(bn_sqr_comba4)
2116 dmultu a_2,a_3 /* mul_add_c2(a[2],b[3],c3,c1,c2); */ 2174 dmultu a_2,a_3 /* mul_add_c2(a[2],b[3],c3,c1,c2); */
2117 mflo t_1 2175 mflo t_1
2118 mfhi t_2 2176 mfhi t_2
2119 daddu c_3,t_1 2177 slt c_2,t_2,zero
2120 sltu AT,c_3,t_1 2178 dsll t_2,1
2121 daddu a2,t_2,AT 2179 slt a2,t_1,zero
2122 daddu c_1,a2 2180 daddu t_2,a2
2181 dsll t_1,1
2123 daddu c_3,t_1 2182 daddu c_3,t_1
2124 sltu AT,c_3,t_1 2183 sltu AT,c_3,t_1
2125 daddu t_2,AT 2184 daddu t_2,AT
2126 daddu c_1,t_2 2185 daddu c_1,t_2
2127 sltu c_2,c_1,t_2 2186 sltu AT,c_1,t_2
2187 daddu c_2,AT
2128 sd c_3,40(a0) 2188 sd c_3,40(a0)
2129 2189
2130 dmultu a_3,a_3 /* mul_add_c(a[3],b[3],c1,c2,c3); */ 2190 dmultu a_3,a_3 /* mul_add_c(a[3],b[3],c1,c2,c3); */
diff --git a/src/lib/libcrypto/cryptlib.c b/src/lib/libcrypto/cryptlib.c
index 9de60fd528..a7a9262133 100644
--- a/src/lib/libcrypto/cryptlib.c
+++ b/src/lib/libcrypto/cryptlib.c
@@ -241,7 +241,7 @@ void CRYPTO_destroy_dynlockid(int i)
241 } 241 }
242 else 242 else
243#endif 243#endif
244 if (--(pointer->references) <= 0) 244 if (pointer->references <= 0)
245 { 245 {
246 sk_CRYPTO_dynlock_set(dyn_locks, i, NULL); 246 sk_CRYPTO_dynlock_set(dyn_locks, i, NULL);
247 } 247 }
@@ -396,16 +396,15 @@ void CRYPTO_lock(int mode, int type, const char *file, int line)
396#endif 396#endif
397 if (type < 0) 397 if (type < 0)
398 { 398 {
399 int i = -type - 1;
400 struct CRYPTO_dynlock_value *pointer 399 struct CRYPTO_dynlock_value *pointer
401 = CRYPTO_get_dynlock_value(i); 400 = CRYPTO_get_dynlock_value(type);
402 401
403 if (pointer) 402 if (pointer && dynlock_lock_callback)
404 { 403 {
405 dynlock_lock_callback(mode, pointer, file, line); 404 dynlock_lock_callback(mode, pointer, file, line);
406 } 405 }
407 406
408 CRYPTO_destroy_dynlockid(i); 407 CRYPTO_destroy_dynlockid(type);
409 } 408 }
410 else 409 else
411 if (locking_callback != NULL) 410 if (locking_callback != NULL)
@@ -431,7 +430,6 @@ int CRYPTO_add_lock(int *pointer, int amount, int type, const char *file,
431 CRYPTO_get_lock_name(type), 430 CRYPTO_get_lock_name(type),
432 file,line); 431 file,line);
433#endif 432#endif
434 *pointer=ret;
435 } 433 }
436 else 434 else
437 { 435 {
diff --git a/src/lib/libcrypto/dsa/dsa.h b/src/lib/libcrypto/dsa/dsa.h
index 65689a3426..12b60a8faa 100644
--- a/src/lib/libcrypto/dsa/dsa.h
+++ b/src/lib/libcrypto/dsa/dsa.h
@@ -248,6 +248,7 @@ DH *DSA_dup_DH(DSA *r);
248 248
249/* Reason codes. */ 249/* Reason codes. */
250#define DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE 100 250#define DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE 100
251#define DSA_R_MISSING_PARAMETERS 101
251 252
252#ifdef __cplusplus 253#ifdef __cplusplus
253} 254}
diff --git a/src/lib/libcrypto/dsa/dsa_err.c b/src/lib/libcrypto/dsa/dsa_err.c
index 2b3ab3a9ad..736aeef7c4 100644
--- a/src/lib/libcrypto/dsa/dsa_err.c
+++ b/src/lib/libcrypto/dsa/dsa_err.c
@@ -85,6 +85,7 @@ static ERR_STRING_DATA DSA_str_functs[]=
85static ERR_STRING_DATA DSA_str_reasons[]= 85static ERR_STRING_DATA DSA_str_reasons[]=
86 { 86 {
87{DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE ,"data too large for key size"}, 87{DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE ,"data too large for key size"},
88{DSA_R_MISSING_PARAMETERS ,"missing parameters"},
88{0,NULL} 89{0,NULL}
89 }; 90 };
90 91
diff --git a/src/lib/libcrypto/dsa/dsa_ossl.c b/src/lib/libcrypto/dsa/dsa_ossl.c
index 5cbbdddfb9..34c6e9a141 100644
--- a/src/lib/libcrypto/dsa/dsa_ossl.c
+++ b/src/lib/libcrypto/dsa/dsa_ossl.c
@@ -108,6 +108,11 @@ static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
108 int i,reason=ERR_R_BN_LIB; 108 int i,reason=ERR_R_BN_LIB;
109 DSA_SIG *ret=NULL; 109 DSA_SIG *ret=NULL;
110 110
111 if (!dsa->p || !dsa->q || !dsa->g)
112 {
113 reason=DSA_R_MISSING_PARAMETERS;
114 goto err;
115 }
111 BN_init(&m); 116 BN_init(&m);
112 BN_init(&xr); 117 BN_init(&xr);
113 s=BN_new(); 118 s=BN_new();
@@ -170,6 +175,11 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp)
170 BIGNUM k,*kinv=NULL,*r=NULL; 175 BIGNUM k,*kinv=NULL,*r=NULL;
171 int ret=0; 176 int ret=0;
172 177
178 if (!dsa->p || !dsa->q || !dsa->g)
179 {
180 DSAerr(DSA_F_DSA_SIGN_SETUP,DSA_R_MISSING_PARAMETERS);
181 return 0;
182 }
173 if (ctx_in == NULL) 183 if (ctx_in == NULL)
174 { 184 {
175 if ((ctx=BN_CTX_new()) == NULL) goto err; 185 if ((ctx=BN_CTX_new()) == NULL) goto err;
@@ -233,6 +243,17 @@ static int dsa_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig,
233 BN_init(&u2); 243 BN_init(&u2);
234 BN_init(&t1); 244 BN_init(&t1);
235 245
246 if (BN_is_zero(sig->r) || sig->r->neg || BN_ucmp(sig->r, dsa->q) >= 0)
247 {
248 ret = 0;
249 goto err;
250 }
251 if (BN_is_zero(sig->s) || sig->s->neg || BN_ucmp(sig->s, dsa->q) >= 0)
252 {
253 ret = 0;
254 goto err;
255 }
256
236 /* Calculate W = inv(S) mod Q 257 /* Calculate W = inv(S) mod Q
237 * save W in u2 */ 258 * save W in u2 */
238 if ((BN_mod_inverse(&u2,sig->s,dsa->q,ctx)) == NULL) goto err; 259 if ((BN_mod_inverse(&u2,sig->s,dsa->q,ctx)) == NULL) goto err;
diff --git a/src/lib/libcrypto/evp/e_bf.c b/src/lib/libcrypto/evp/e_bf.c
index 72047f64da..53559b0b65 100644
--- a/src/lib/libcrypto/evp/e_bf.c
+++ b/src/lib/libcrypto/evp/e_bf.c
@@ -67,7 +67,7 @@ static int bf_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
67 const unsigned char *iv, int enc); 67 const unsigned char *iv, int enc);
68 68
69IMPLEMENT_BLOCK_CIPHER(bf, bf_ks, BF, bf_ks, NID_bf, 8, 16, 8, 69IMPLEMENT_BLOCK_CIPHER(bf, bf_ks, BF, bf_ks, NID_bf, 8, 16, 8,
70 0, bf_init_key, NULL, 70 EVP_CIPH_VARIABLE_LENGTH, bf_init_key, NULL,
71 EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv, NULL) 71 EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv, NULL)
72 72
73static int bf_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, 73static int bf_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
diff --git a/src/lib/libcrypto/evp/evp.h b/src/lib/libcrypto/evp/evp.h
index 76d417b44a..fd43127092 100644
--- a/src/lib/libcrypto/evp/evp.h
+++ b/src/lib/libcrypto/evp/evp.h
@@ -553,9 +553,9 @@ int EVP_read_pw_string(char *buf,int length,const char *prompt,int verify);
553void EVP_set_pw_prompt(char *prompt); 553void EVP_set_pw_prompt(char *prompt);
554char * EVP_get_pw_prompt(void); 554char * EVP_get_pw_prompt(void);
555 555
556int EVP_BytesToKey(const EVP_CIPHER *type,EVP_MD *md,unsigned char *salt, 556int EVP_BytesToKey(const EVP_CIPHER *type, EVP_MD *md,
557 unsigned char *data, int datal, int count, 557 const unsigned char *salt, const unsigned char *data, int datal,
558 unsigned char *key,unsigned char *iv); 558 int count, unsigned char *key, unsigned char *iv);
559 559
560int EVP_EncryptInit(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *type, 560int EVP_EncryptInit(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *type,
561 unsigned char *key, unsigned char *iv); 561 unsigned char *key, unsigned char *iv);
diff --git a/src/lib/libcrypto/evp/evp_key.c b/src/lib/libcrypto/evp/evp_key.c
index 09b72bf4bd..e7434ef9b2 100644
--- a/src/lib/libcrypto/evp/evp_key.c
+++ b/src/lib/libcrypto/evp/evp_key.c
@@ -95,9 +95,9 @@ int EVP_read_pw_string(char *buf, int len, const char *prompt, int verify)
95#endif 95#endif
96 } 96 }
97 97
98int EVP_BytesToKey(const EVP_CIPHER *type, EVP_MD *md, unsigned char *salt, 98int EVP_BytesToKey(const EVP_CIPHER *type, EVP_MD *md,
99 unsigned char *data, int datal, int count, unsigned char *key, 99 const unsigned char *salt, const unsigned char *data, int datal,
100 unsigned char *iv) 100 int count, unsigned char *key, unsigned char *iv)
101 { 101 {
102 EVP_MD_CTX c; 102 EVP_MD_CTX c;
103 unsigned char md_buf[EVP_MAX_MD_SIZE]; 103 unsigned char md_buf[EVP_MAX_MD_SIZE];
diff --git a/src/lib/libcrypto/opensslv.h b/src/lib/libcrypto/opensslv.h
index dc50f6d7da..4b25018e49 100644
--- a/src/lib/libcrypto/opensslv.h
+++ b/src/lib/libcrypto/opensslv.h
@@ -2,7 +2,7 @@
2#define HEADER_OPENSSLV_H 2#define HEADER_OPENSSLV_H
3 3
4/* Numeric release version identifier: 4/* Numeric release version identifier:
5 * MMNNFFPPS: major minor fix patch status 5 * MNNFFPPS: major minor fix patch status
6 * The status nibble has one of the values 0 for development, 1 to e for betas 6 * The status nibble has one of the values 0 for development, 1 to e for betas
7 * 1 to 14, and f for release. The patch level is exactly that. 7 * 1 to 14, and f for release. The patch level is exactly that.
8 * For example: 8 * For example:
@@ -25,8 +25,8 @@
25 * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for 25 * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for
26 * major minor fix final patch/beta) 26 * major minor fix final patch/beta)
27 */ 27 */
28#define OPENSSL_VERSION_NUMBER 0x0090601fL 28#define OPENSSL_VERSION_NUMBER 0x0090602fL
29#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.6a [engine] 5 Apr 2001" 29#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.6b [engine] 9 Jul 2001"
30#define OPENSSL_VERSION_PTEXT " part of " OPENSSL_VERSION_TEXT 30#define OPENSSL_VERSION_PTEXT " part of " OPENSSL_VERSION_TEXT
31 31
32 32
diff --git a/src/lib/libcrypto/perlasm/x86unix.pl b/src/lib/libcrypto/perlasm/x86unix.pl
index 309060ea00..10a7af8bff 100644
--- a/src/lib/libcrypto/perlasm/x86unix.pl
+++ b/src/lib/libcrypto/perlasm/x86unix.pl
@@ -79,7 +79,7 @@ sub main'DWP
79 local($addr,$reg1,$reg2,$idx)=@_; 79 local($addr,$reg1,$reg2,$idx)=@_;
80 80
81 $ret=""; 81 $ret="";
82 $addr =~ s/(^|[+ \t])([A-Za-z_]+)($|[+ \t])/$1$under$2$3/; 82 $addr =~ s/(^|[+ \t])([A-Za-z_]+[A-Za-z0-9_]+)($|[+ \t])/$1$under$2$3/;
83 $reg1="$regs{$reg1}" if defined($regs{$reg1}); 83 $reg1="$regs{$reg1}" if defined($regs{$reg1});
84 $reg2="$regs{$reg2}" if defined($regs{$reg2}); 84 $reg2="$regs{$reg2}" if defined($regs{$reg2});
85 $ret.=$addr if ($addr ne "") && ($addr ne 0); 85 $ret.=$addr if ($addr ne "") && ($addr ne 0);
diff --git a/src/lib/libcrypto/rand/md_rand.c b/src/lib/libcrypto/rand/md_rand.c
index ae57570608..04b9d695b0 100644
--- a/src/lib/libcrypto/rand/md_rand.c
+++ b/src/lib/libcrypto/rand/md_rand.c
@@ -141,10 +141,11 @@ static long md_count[2]={0,0};
141static double entropy=0; 141static double entropy=0;
142static int initialized=0; 142static int initialized=0;
143 143
144/* This should be set to 1 only when ssleay_rand_add() is called inside 144static unsigned int crypto_lock_rand = 0; /* may be set only when a thread
145 an already locked state, so it doesn't try to lock and thereby cause 145 * holds CRYPTO_LOCK_RAND
146 a hang. And it should always be reset back to 0 before unlocking. */ 146 * (to prevent double locking) */
147static int add_do_not_lock=0; 147static unsigned long locking_thread = 0; /* valid iff crypto_lock_rand is set */
148
148 149
149#ifdef PREDICT 150#ifdef PREDICT
150int rand_predictable=0; 151int rand_predictable=0;
@@ -191,6 +192,7 @@ static void ssleay_rand_add(const void *buf, int num, double add)
191 long md_c[2]; 192 long md_c[2];
192 unsigned char local_md[MD_DIGEST_LENGTH]; 193 unsigned char local_md[MD_DIGEST_LENGTH];
193 MD_CTX m; 194 MD_CTX m;
195 int do_not_lock;
194 196
195 /* 197 /*
196 * (Based on the rand(3) manpage) 198 * (Based on the rand(3) manpage)
@@ -207,7 +209,10 @@ static void ssleay_rand_add(const void *buf, int num, double add)
207 * hash function. 209 * hash function.
208 */ 210 */
209 211
210 if (!add_do_not_lock) CRYPTO_w_lock(CRYPTO_LOCK_RAND); 212 /* check if we already have the lock */
213 do_not_lock = crypto_lock_rand && (locking_thread == CRYPTO_thread_id());
214
215 if (!do_not_lock) CRYPTO_w_lock(CRYPTO_LOCK_RAND);
211 st_idx=state_index; 216 st_idx=state_index;
212 217
213 /* use our own copies of the counters so that even 218 /* use our own copies of the counters so that even
@@ -239,7 +244,7 @@ static void ssleay_rand_add(const void *buf, int num, double add)
239 244
240 md_count[1] += (num / MD_DIGEST_LENGTH) + (num % MD_DIGEST_LENGTH > 0); 245 md_count[1] += (num / MD_DIGEST_LENGTH) + (num % MD_DIGEST_LENGTH > 0);
241 246
242 if (!add_do_not_lock) CRYPTO_w_unlock(CRYPTO_LOCK_RAND); 247 if (!do_not_lock) CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
243 248
244 for (i=0; i<num; i+=MD_DIGEST_LENGTH) 249 for (i=0; i<num; i+=MD_DIGEST_LENGTH)
245 { 250 {
@@ -281,7 +286,7 @@ static void ssleay_rand_add(const void *buf, int num, double add)
281 } 286 }
282 memset((char *)&m,0,sizeof(m)); 287 memset((char *)&m,0,sizeof(m));
283 288
284 if (!add_do_not_lock) CRYPTO_w_lock(CRYPTO_LOCK_RAND); 289 if (!do_not_lock) CRYPTO_w_lock(CRYPTO_LOCK_RAND);
285 /* Don't just copy back local_md into md -- this could mean that 290 /* Don't just copy back local_md into md -- this could mean that
286 * other thread's seeding remains without effect (except for 291 * other thread's seeding remains without effect (except for
287 * the incremented counter). By XORing it we keep at least as 292 * the incremented counter). By XORing it we keep at least as
@@ -292,7 +297,7 @@ static void ssleay_rand_add(const void *buf, int num, double add)
292 } 297 }
293 if (entropy < ENTROPY_NEEDED) /* stop counting when we have enough */ 298 if (entropy < ENTROPY_NEEDED) /* stop counting when we have enough */
294 entropy += add; 299 entropy += add;
295 if (!add_do_not_lock) CRYPTO_w_unlock(CRYPTO_LOCK_RAND); 300 if (!do_not_lock) CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
296 301
297#if !defined(THREADS) && !defined(WIN32) 302#if !defined(THREADS) && !defined(WIN32)
298 assert(md_c[1] == md_count[1]); 303 assert(md_c[1] == md_count[1]);
@@ -340,28 +345,31 @@ static int ssleay_rand_bytes(unsigned char *buf, int num)
340 * 345 *
341 * For each group of 10 bytes (or less), we do the following: 346 * For each group of 10 bytes (or less), we do the following:
342 * 347 *
343 * Input into the hash function the top 10 bytes from the 348 * Input into the hash function the local 'md' (which is initialized from
344 * local 'md' (which is initialized from the global 'md' 349 * the global 'md' before any bytes are generated), the bytes that are to
345 * before any bytes are generated), the bytes that are 350 * be overwritten by the random bytes, and bytes from the 'state'
346 * to be overwritten by the random bytes, and bytes from the 351 * (incrementing looping index). From this digest output (which is kept
347 * 'state' (incrementing looping index). From this digest output 352 * in 'md'), the top (up to) 10 bytes are returned to the caller and the
348 * (which is kept in 'md'), the top (up to) 10 bytes are 353 * bottom 10 bytes are xored into the 'state'.
349 * returned to the caller and the bottom (up to) 10 bytes are xored 354 *
350 * into the 'state'.
351 * Finally, after we have finished 'num' random bytes for the 355 * Finally, after we have finished 'num' random bytes for the
352 * caller, 'count' (which is incremented) and the local and global 'md' 356 * caller, 'count' (which is incremented) and the local and global 'md'
353 * are fed into the hash function and the results are kept in the 357 * are fed into the hash function and the results are kept in the
354 * global 'md'. 358 * global 'md'.
355 */ 359 */
356 360
357 if (!initialized)
358 RAND_poll();
359
360 CRYPTO_w_lock(CRYPTO_LOCK_RAND); 361 CRYPTO_w_lock(CRYPTO_LOCK_RAND);
361 add_do_not_lock = 1; /* Since we call ssleay_rand_add while in
362 this locked state. */
363 362
364 initialized = 1; 363 /* prevent ssleay_rand_bytes() from trying to obtain the lock again */
364 crypto_lock_rand = 1;
365 locking_thread = CRYPTO_thread_id();
366
367 if (!initialized)
368 {
369 RAND_poll();
370 initialized = 1;
371 }
372
365 if (!stirred_pool) 373 if (!stirred_pool)
366 do_stir_pool = 1; 374 do_stir_pool = 1;
367 375
@@ -387,11 +395,11 @@ static int ssleay_rand_bytes(unsigned char *buf, int num)
387 395
388 if (do_stir_pool) 396 if (do_stir_pool)
389 { 397 {
390 /* Our output function chains only half of 'md', so we better 398 /* In the output function only half of 'md' remains secret,
391 * make sure that the required entropy gets 'evenly distributed' 399 * so we better make sure that the required entropy gets
392 * through 'state', our randomness pool. The input function 400 * 'evenly distributed' through 'state', our randomness pool.
393 * (ssleay_rand_add) chains all of 'md', which makes it more 401 * The input function (ssleay_rand_add) chains all of 'md',
394 * suitable for this purpose. 402 * which makes it more suitable for this purpose.
395 */ 403 */
396 404
397 int n = STATE_SIZE; /* so that the complete pool gets accessed */ 405 int n = STATE_SIZE; /* so that the complete pool gets accessed */
@@ -425,8 +433,9 @@ static int ssleay_rand_bytes(unsigned char *buf, int num)
425 433
426 md_count[0] += 1; 434 md_count[0] += 1;
427 435
428 add_do_not_lock = 0; /* If this would ever be forgotten, we can 436 /* before unlocking, we must clear 'crypto_lock_rand' */
429 expect any evil god to eat our souls. */ 437 crypto_lock_rand = 0;
438 locking_thread = 0;
430 CRYPTO_w_unlock(CRYPTO_LOCK_RAND); 439 CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
431 440
432 while (num > 0) 441 while (num > 0)
@@ -492,11 +501,12 @@ static int ssleay_rand_bytes(unsigned char *buf, int num)
492static int ssleay_rand_pseudo_bytes(unsigned char *buf, int num) 501static int ssleay_rand_pseudo_bytes(unsigned char *buf, int num)
493 { 502 {
494 int ret; 503 int ret;
504 unsigned long err;
495 505
496 ret = RAND_bytes(buf, num); 506 ret = RAND_bytes(buf, num);
497 if (ret == 0) 507 if (ret == 0)
498 { 508 {
499 long err = ERR_peek_error(); 509 err = ERR_peek_error();
500 if (ERR_GET_LIB(err) == ERR_LIB_RAND && 510 if (ERR_GET_LIB(err) == ERR_LIB_RAND &&
501 ERR_GET_REASON(err) == RAND_R_PRNG_NOT_SEEDED) 511 ERR_GET_REASON(err) == RAND_R_PRNG_NOT_SEEDED)
502 (void)ERR_get_error(); 512 (void)ERR_get_error();
@@ -507,14 +517,37 @@ static int ssleay_rand_pseudo_bytes(unsigned char *buf, int num)
507static int ssleay_rand_status(void) 517static int ssleay_rand_status(void)
508 { 518 {
509 int ret; 519 int ret;
520 int do_not_lock;
510 521
522 /* check if we already have the lock
523 * (could happen if a RAND_poll() implementation calls RAND_status()) */
524 do_not_lock = crypto_lock_rand && (locking_thread == CRYPTO_thread_id());
525
526 if (!do_not_lock)
527 {
528 CRYPTO_w_lock(CRYPTO_LOCK_RAND);
529
530 /* prevent ssleay_rand_bytes() from trying to obtain the lock again */
531 crypto_lock_rand = 1;
532 locking_thread = CRYPTO_thread_id();
533 }
534
511 if (!initialized) 535 if (!initialized)
536 {
512 RAND_poll(); 537 RAND_poll();
538 initialized = 1;
539 }
513 540
514 CRYPTO_w_lock(CRYPTO_LOCK_RAND);
515 initialized = 1;
516 ret = entropy >= ENTROPY_NEEDED; 541 ret = entropy >= ENTROPY_NEEDED;
517 CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
518 542
543 if (!do_not_lock)
544 {
545 /* before unlocking, we must clear 'crypto_lock_rand' */
546 crypto_lock_rand = 0;
547 locking_thread = 0;
548
549 CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
550 }
551
519 return ret; 552 return ret;
520 } 553 }
diff --git a/src/lib/libcrypto/rand/randfile.c b/src/lib/libcrypto/rand/randfile.c
index f4376cf8cc..2ffb84c89e 100644
--- a/src/lib/libcrypto/rand/randfile.c
+++ b/src/lib/libcrypto/rand/randfile.c
@@ -233,6 +233,12 @@ const char *RAND_file_name(char *buf, size_t size)
233 { 233 {
234 if (issetugid() == 0) 234 if (issetugid() == 0)
235 s=getenv("HOME"); 235 s=getenv("HOME");
236#ifdef DEFAULT_HOME
237 if (s == NULL)
238 {
239 s = DEFAULT_HOME;
240 }
241#endif
236 if (s && *s && strlen(s)+strlen(RFILE)+2 < size) 242 if (s && *s && strlen(s)+strlen(RFILE)+2 < size)
237 { 243 {
238 strlcpy(buf,s,size); 244 strlcpy(buf,s,size);
@@ -242,7 +248,7 @@ const char *RAND_file_name(char *buf, size_t size)
242 strlcat(buf,RFILE,size); 248 strlcat(buf,RFILE,size);
243 ret=buf; 249 ret=buf;
244 } 250 }
245 else 251 else
246 buf[0] = '\0'; /* no file name */ 252 buf[0] = '\0'; /* no file name */
247 } 253 }
248 254
diff --git a/src/lib/libcrypto/rsa/rsa_oaep.c b/src/lib/libcrypto/rsa/rsa_oaep.c
index fd0b7f361f..1849e55cd5 100644
--- a/src/lib/libcrypto/rsa/rsa_oaep.c
+++ b/src/lib/libcrypto/rsa/rsa_oaep.c
@@ -77,14 +77,16 @@ int RSA_padding_check_PKCS1_OAEP(unsigned char *to, int tlen,
77 int i, dblen, mlen = -1; 77 int i, dblen, mlen = -1;
78 unsigned char *maskeddb; 78 unsigned char *maskeddb;
79 int lzero; 79 int lzero;
80 unsigned char *db, seed[SHA_DIGEST_LENGTH], phash[SHA_DIGEST_LENGTH]; 80 unsigned char *db = NULL, seed[SHA_DIGEST_LENGTH], phash[SHA_DIGEST_LENGTH];
81 81
82 if (--num < 2 * SHA_DIGEST_LENGTH + 1) 82 if (--num < 2 * SHA_DIGEST_LENGTH + 1)
83 { 83 goto decoding_err;
84 RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP, RSA_R_OAEP_DECODING_ERROR);
85 return (-1);
86 }
87 84
85 lzero = num - flen;
86 if (lzero < 0)
87 goto decoding_err;
88 maskeddb = from - lzero + SHA_DIGEST_LENGTH;
89
88 dblen = num - SHA_DIGEST_LENGTH; 90 dblen = num - SHA_DIGEST_LENGTH;
89 db = OPENSSL_malloc(dblen); 91 db = OPENSSL_malloc(dblen);
90 if (db == NULL) 92 if (db == NULL)
@@ -93,9 +95,6 @@ int RSA_padding_check_PKCS1_OAEP(unsigned char *to, int tlen,
93 return (-1); 95 return (-1);
94 } 96 }
95 97
96 lzero = num - flen;
97 maskeddb = from - lzero + SHA_DIGEST_LENGTH;
98
99 MGF1(seed, SHA_DIGEST_LENGTH, maskeddb, dblen); 98 MGF1(seed, SHA_DIGEST_LENGTH, maskeddb, dblen);
100 for (i = lzero; i < SHA_DIGEST_LENGTH; i++) 99 for (i = lzero; i < SHA_DIGEST_LENGTH; i++)
101 seed[i] ^= from[i - lzero]; 100 seed[i] ^= from[i - lzero];
@@ -107,21 +106,20 @@ int RSA_padding_check_PKCS1_OAEP(unsigned char *to, int tlen,
107 SHA1(param, plen, phash); 106 SHA1(param, plen, phash);
108 107
109 if (memcmp(db, phash, SHA_DIGEST_LENGTH) != 0) 108 if (memcmp(db, phash, SHA_DIGEST_LENGTH) != 0)
110 RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP, RSA_R_OAEP_DECODING_ERROR); 109 goto decoding_err;
111 else 110 else
112 { 111 {
113 for (i = SHA_DIGEST_LENGTH; i < dblen; i++) 112 for (i = SHA_DIGEST_LENGTH; i < dblen; i++)
114 if (db[i] != 0x00) 113 if (db[i] != 0x00)
115 break; 114 break;
116 if (db[i] != 0x01 || i++ >= dblen) 115 if (db[i] != 0x01 || i++ >= dblen)
117 RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP, 116 goto decoding_err;
118 RSA_R_OAEP_DECODING_ERROR);
119 else 117 else
120 { 118 {
121 mlen = dblen - i; 119 mlen = dblen - i;
122 if (tlen < mlen) 120 if (tlen < mlen)
123 { 121 {
124 RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_OAEP, RSA_R_DATA_TOO_LARGE); 122 RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP, RSA_R_DATA_TOO_LARGE);
125 mlen = -1; 123 mlen = -1;
126 } 124 }
127 else 125 else
@@ -130,6 +128,13 @@ int RSA_padding_check_PKCS1_OAEP(unsigned char *to, int tlen,
130 } 128 }
131 OPENSSL_free(db); 129 OPENSSL_free(db);
132 return (mlen); 130 return (mlen);
131
132decoding_err:
133 /* to avoid chosen ciphertext attacks, the error message should not reveal
134 * which kind of decoding error happened */
135 RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP, RSA_R_OAEP_DECODING_ERROR);
136 if (db != NULL) OPENSSL_free(db);
137 return -1;
133 } 138 }
134 139
135int MGF1(unsigned char *mask, long len, unsigned char *seed, long seedlen) 140int MGF1(unsigned char *mask, long len, unsigned char *seed, long seedlen)
diff --git a/src/lib/libcrypto/x509/x509_obj.c b/src/lib/libcrypto/x509/x509_obj.c
index 6a3ba8eb15..f0271fdfa1 100644
--- a/src/lib/libcrypto/x509/x509_obj.c
+++ b/src/lib/libcrypto/x509/x509_obj.c
@@ -214,6 +214,8 @@ int i;
214 } 214 }
215 else 215 else
216 p=buf; 216 p=buf;
217 if (i == 0)
218 *p = '\0';
217 return(p); 219 return(p);
218err: 220err:
219 X509err(X509_F_X509_NAME_ONELINE,ERR_R_MALLOC_FAILURE); 221 X509err(X509_F_X509_NAME_ONELINE,ERR_R_MALLOC_FAILURE);
diff --git a/src/lib/libcrypto/x509/x509_trs.c b/src/lib/libcrypto/x509/x509_trs.c
index a7b1543461..86b3b79dcc 100644
--- a/src/lib/libcrypto/x509/x509_trs.c
+++ b/src/lib/libcrypto/x509/x509_trs.c
@@ -228,7 +228,8 @@ int X509_TRUST_get_trust(X509_TRUST *xp)
228 228
229static int trust_1oidany(X509_TRUST *trust, X509 *x, int flags) 229static int trust_1oidany(X509_TRUST *trust, X509 *x, int flags)
230{ 230{
231 if(x->aux) return obj_trust(trust->arg1, x, flags); 231 if(x->aux && (x->aux->trust || x->aux->reject))
232 return obj_trust(trust->arg1, x, flags);
232 /* we don't have any trust settings: for compatibility 233 /* we don't have any trust settings: for compatibility
233 * we return trusted if it is self signed 234 * we return trusted if it is self signed
234 */ 235 */
diff --git a/src/lib/libssl/crypto/shlib_version b/src/lib/libssl/crypto/shlib_version
index 3066b9771e..900b4048a9 100644
--- a/src/lib/libssl/crypto/shlib_version
+++ b/src/lib/libssl/crypto/shlib_version
@@ -1,2 +1,2 @@
1major=5 1major=5
2minor=0 2minor=1
diff --git a/src/lib/libssl/s3_srvr.c b/src/lib/libssl/s3_srvr.c
index d04232960e..258af84867 100644
--- a/src/lib/libssl/s3_srvr.c
+++ b/src/lib/libssl/s3_srvr.c
@@ -1322,14 +1322,15 @@ static int ssl3_get_client_key_exchange(SSL *s)
1322 1322
1323 i=RSA_private_decrypt((int)n,p,p,rsa,RSA_PKCS1_PADDING); 1323 i=RSA_private_decrypt((int)n,p,p,rsa,RSA_PKCS1_PADDING);
1324 1324
1325 al = -1;
1326
1325 if (i != SSL_MAX_MASTER_KEY_LENGTH) 1327 if (i != SSL_MAX_MASTER_KEY_LENGTH)
1326 { 1328 {
1327 al=SSL_AD_DECODE_ERROR; 1329 al=SSL_AD_DECODE_ERROR;
1328 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_BAD_RSA_DECRYPT); 1330 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_BAD_RSA_DECRYPT);
1329 goto f_err;
1330 } 1331 }
1331 1332
1332 if (!((p[0] == (s->client_version>>8)) && (p[1] == (s->client_version & 0xff)))) 1333 if ((al == -1) && !((p[0] == (s->client_version>>8)) && (p[1] == (s->client_version & 0xff))))
1333 { 1334 {
1334 /* The premaster secret must contain the same version number as the 1335 /* The premaster secret must contain the same version number as the
1335 * ClientHello to detect version rollback attacks (strangely, the 1336 * ClientHello to detect version rollback attacks (strangely, the
@@ -1347,6 +1348,27 @@ static int ssl3_get_client_key_exchange(SSL *s)
1347 } 1348 }
1348 } 1349 }
1349 1350
1351 if (al != -1)
1352 {
1353#if 0
1354 goto f_err;
1355#else
1356 /* Some decryption failure -- use random value instead as countermeasure
1357 * against Bleichenbacher's attack on PKCS #1 v1.5 RSA padding
1358 * (see RFC 2246, section 7.4.7.1).
1359 * But note that due to length and protocol version checking, the
1360 * attack is impractical anyway (see section 5 in D. Bleichenbacher:
1361 * "Chosen Ciphertext Attacks Against Protocols Based on the RSA
1362 * Encryption Standard PKCS #1", CRYPTO '98, LNCS 1462, pp. 1-12).
1363 */
1364 ERR_clear_error();
1365 i = SSL_MAX_MASTER_KEY_LENGTH;
1366 p[0] = s->client_version >> 8;
1367 p[1] = s->client_version & 0xff;
1368 RAND_pseudo_bytes(p+2, i-2); /* should be RAND_bytes, but we cannot work around a failure */
1369#endif
1370 }
1371
1350 s->session->master_key_length= 1372 s->session->master_key_length=
1351 s->method->ssl3_enc->generate_master_secret(s, 1373 s->method->ssl3_enc->generate_master_secret(s,
1352 s->session->master_key, 1374 s->session->master_key,
diff --git a/src/lib/libssl/shlib_version b/src/lib/libssl/shlib_version
index 3066b9771e..900b4048a9 100644
--- a/src/lib/libssl/shlib_version
+++ b/src/lib/libssl/shlib_version
@@ -1,2 +1,2 @@
1major=5 1major=5
2minor=0 2minor=1
diff --git a/src/lib/libssl/src/CHANGES b/src/lib/libssl/src/CHANGES
index 08ef8508d8..f88867b065 100644
--- a/src/lib/libssl/src/CHANGES
+++ b/src/lib/libssl/src/CHANGES
@@ -2,6 +2,118 @@
2 OpenSSL CHANGES 2 OpenSSL CHANGES
3 _______________ 3 _______________
4 4
5 Changes between 0.9.6a and 0.9.6b [9 Jul 2001]
6
7 *) Change ssleay_rand_bytes (crypto/rand/md_rand.c)
8 to avoid a SSLeay/OpenSSL PRNG weakness pointed out by
9 Markku-Juhani O. Saarinen <markku-juhani.saarinen@nokia.com>:
10 PRNG state recovery was possible based on the output of
11 one PRNG request appropriately sized to gain knowledge on
12 'md' followed by enough consecutive 1-byte PRNG requests
13 to traverse all of 'state'.
14
15 1. When updating 'md_local' (the current thread's copy of 'md')
16 during PRNG output generation, hash all of the previous
17 'md_local' value, not just the half used for PRNG output.
18
19 2. Make the number of bytes from 'state' included into the hash
20 independent from the number of PRNG bytes requested.
21
22 The first measure alone would be sufficient to avoid
23 Markku-Juhani's attack. (Actually it had never occurred
24 to me that the half of 'md_local' used for chaining was the
25 half from which PRNG output bytes were taken -- I had always
26 assumed that the secret half would be used.) The second
27 measure makes sure that additional data from 'state' is never
28 mixed into 'md_local' in small portions; this heuristically
29 further strengthens the PRNG.
30 [Bodo Moeller]
31
32 *) Fix crypto/bn/asm/mips3.s.
33 [Andy Polyakov]
34
35 *) When only the key is given to "enc", the IV is undefined. Print out
36 an error message in this case.
37 [Lutz Jaenicke]
38
39 *) Handle special case when X509_NAME is empty in X509 printing routines.
40 [Steve Henson]
41
42 *) In dsa_do_verify (crypto/dsa/dsa_ossl.c), verify that r and s are
43 positive and less than q.
44 [Bodo Moeller]
45
46 *) Don't change *pointer in CRYPTO_add_lock() is add_lock_callback is
47 used: it isn't thread safe and the add_lock_callback should handle
48 that itself.
49 [Paul Rose <Paul.Rose@bridge.com>]
50
51 *) Verify that incoming data obeys the block size in
52 ssl3_enc (ssl/s3_enc.c) and tls1_enc (ssl/t1_enc.c).
53 [Bodo Moeller]
54
55 *) Fix OAEP check.
56 [Ulf Möller, Bodo Möller]
57
58 *) The countermeasure against Bleichbacher's attack on PKCS #1 v1.5
59 RSA encryption was accidentily removed in s3_srvr.c in OpenSSL 0.9.5
60 when fixing the server behaviour for backwards-compatible 'client
61 hello' messages. (Note that the attack is impractical against
62 SSL 3.0 and TLS 1.0 anyway because length and version checking
63 means that the probability of guessing a valid ciphertext is
64 around 2^-40; see section 5 in Bleichenbacher's CRYPTO '98
65 paper.)
66
67 Before 0.9.5, the countermeasure (hide the error by generating a
68 random 'decryption result') did not work properly because
69 ERR_clear_error() was missing, meaning that SSL_get_error() would
70 detect the supposedly ignored error.
71
72 Both problems are now fixed.
73 [Bodo Moeller]
74
75 *) In crypto/bio/bf_buff.c, increase DEFAULT_BUFFER_SIZE to 4096
76 (previously it was 1024).
77 [Bodo Moeller]
78
79 *) Fix for compatibility mode trust settings: ignore trust settings
80 unless some valid trust or reject settings are present.
81 [Steve Henson]
82
83 *) Fix for blowfish EVP: its a variable length cipher.
84 [Steve Henson]
85
86 *) Fix various bugs related to DSA S/MIME verification. Handle missing
87 parameters in DSA public key structures and return an error in the
88 DSA routines if parameters are absent.
89 [Steve Henson]
90
91 *) In versions up to 0.9.6, RAND_file_name() resorted to file ".rnd"
92 in the current directory if neither $RANDFILE nor $HOME was set.
93 RAND_file_name() in 0.9.6a returned NULL in this case. This has
94 caused some confusion to Windows users who haven't defined $HOME.
95 Thus RAND_file_name() is changed again: e_os.h can define a
96 DEFAULT_HOME, which will be used if $HOME is not set.
97 For Windows, we use "C:"; on other platforms, we still require
98 environment variables.
99
100 *) Move 'if (!initialized) RAND_poll()' into regions protected by
101 CRYPTO_LOCK_RAND. This is not strictly necessary, but avoids
102 having multiple threads call RAND_poll() concurrently.
103 [Bodo Moeller]
104
105 *) In crypto/rand/md_rand.c, replace 'add_do_not_lock' flag by a
106 combination of a flag and a thread ID variable.
107 Otherwise while one thread is in ssleay_rand_bytes (which sets the
108 flag), *other* threads can enter ssleay_add_bytes without obeying
109 the CRYPTO_LOCK_RAND lock (and may even illegaly release the lock
110 that they do not hold after the first thread unsets add_do_not_lock).
111 [Bodo Moeller]
112
113 *) Change bctest again: '-x' expressions are not available in all
114 versions of 'test'.
115 [Bodo Moeller]
116
5 Changes between 0.9.6 and 0.9.6a [5 Apr 2001] 117 Changes between 0.9.6 and 0.9.6a [5 Apr 2001]
6 118
7 *) Fix a couple of memory leaks in PKCS7_dataDecode() 119 *) Fix a couple of memory leaks in PKCS7_dataDecode()
@@ -2363,7 +2475,7 @@
2363 copied!) 2475 copied!)
2364 [Bodo Moeller] 2476 [Bodo Moeller]
2365 2477
2366 *) Bugfix: SSL_set_mode ignored its parameter, only SSL_CTX_set_mode 2478 *) Bugfix: SSL_set_options ignored its parameter, only SSL_CTX_set_options
2367 worked. 2479 worked.
2368 2480
2369 *) Fix problems with no-hmac etc. 2481 *) Fix problems with no-hmac etc.
diff --git a/src/lib/libssl/src/Configure b/src/lib/libssl/src/Configure
index 98bc46bf87..ed4178084d 100644
--- a/src/lib/libssl/src/Configure
+++ b/src/lib/libssl/src/Configure
@@ -143,6 +143,9 @@ my %table=(
143# error message. 143# error message.
144"solaris-x86-gcc","gcc:-O3 -fomit-frame-pointer -m486 -Wall -DL_ENDIAN -DNO_INLINE_ASM::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_sol_asm}:dlfcn:gnu-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", 144"solaris-x86-gcc","gcc:-O3 -fomit-frame-pointer -m486 -Wall -DL_ENDIAN -DNO_INLINE_ASM::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_sol_asm}:dlfcn:gnu-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
145 145
146#### Solaris x86 with Sun C setups
147"solaris-x86-cc","cc:-fast -O -Xa::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_UNROLL BF_PTR::::::::::dlfcn:solaris-shared:-KPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
148
146#### SPARC Solaris with GNU C setups 149#### SPARC Solaris with GNU C setups
147"solaris-sparcv7-gcc","gcc:-O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::::::::::dlfcn:gnu-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", 150"solaris-sparcv7-gcc","gcc:-O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::::::::::dlfcn:gnu-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
148"solaris-sparcv8-gcc","gcc:-mv8 -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8.o:::::::::dlfcn:gnu-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", 151"solaris-sparcv8-gcc","gcc:-mv8 -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8.o:::::::::dlfcn:gnu-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
diff --git a/src/lib/libssl/src/FAQ b/src/lib/libssl/src/FAQ
index cd759e0202..23e212fb4e 100644
--- a/src/lib/libssl/src/FAQ
+++ b/src/lib/libssl/src/FAQ
@@ -17,6 +17,7 @@ OpenSSL - Frequently Asked Questions
17[USER] Questions on using the OpenSSL applications 17[USER] Questions on using the OpenSSL applications
18 18
19* Why do I get a "PRNG not seeded" error message? 19* Why do I get a "PRNG not seeded" error message?
20* Why do I get an "unable to write 'random state'" error message?
20* How do I create certificates or certificate requests? 21* How do I create certificates or certificate requests?
21* Why can't I create certificate requests? 22* Why can't I create certificate requests?
22* Why does <SSL program> fail with a certificate verify error? 23* Why does <SSL program> fail with a certificate verify error?
@@ -47,6 +48,7 @@ OpenSSL - Frequently Asked Questions
47* Why do I get errors about unknown algorithms? 48* Why do I get errors about unknown algorithms?
48* Why can't the OpenSSH configure script detect OpenSSL? 49* Why can't the OpenSSH configure script detect OpenSSL?
49* Can I use OpenSSL's SSL library with non-blocking I/O? 50* Can I use OpenSSL's SSL library with non-blocking I/O?
51* Why doesn't my server application receive a client certificate?
50 52
51=============================================================================== 53===============================================================================
52 54
@@ -55,7 +57,7 @@ OpenSSL - Frequently Asked Questions
55* Which is the current version of OpenSSL? 57* Which is the current version of OpenSSL?
56 58
57The current version is available from <URL: http://www.openssl.org>. 59The current version is available from <URL: http://www.openssl.org>.
58OpenSSL 0.9.6a was released on April 5th, 2001. 60OpenSSL 0.9.6b was released on July 9th, 2001.
59 61
60In addition to the current stable release, you can also access daily 62In addition to the current stable release, you can also access daily
61snapshots of the OpenSSL development version at <URL: 63snapshots of the OpenSSL development version at <URL:
@@ -160,6 +162,7 @@ correctly. Many open source operating systems provide a "randomness
160device" that serves this purpose. On other systems, applications have 162device" that serves this purpose. On other systems, applications have
161to call the RAND_add() or RAND_seed() function with appropriate data 163to call the RAND_add() or RAND_seed() function with appropriate data
162before generating keys or performing public key encryption. 164before generating keys or performing public key encryption.
165(These functions initialize the pseudo-random number generator, PRNG.)
163 166
164Some broken applications do not do this. As of version 0.9.5, the 167Some broken applications do not do this. As of version 0.9.5, the
165OpenSSL functions that need randomness report an error if the random 168OpenSSL functions that need randomness report an error if the random
@@ -169,18 +172,36 @@ application you are using. It is likely that it never worked
169correctly. OpenSSL 0.9.5 and later make the error visible by refusing 172correctly. OpenSSL 0.9.5 and later make the error visible by refusing
170to perform potentially insecure encryption. 173to perform potentially insecure encryption.
171 174
172On systems without /dev/urandom, it is a good idea to use the Entropy 175On systems without /dev/urandom and /dev/random, it is a good idea to
173Gathering Demon; see the RAND_egd() manpage for details. 176use the Entropy Gathering Demon (EGD); see the RAND_egd() manpage for
174 177details. Starting with version 0.9.7, OpenSSL will automatically look
175Most components of the openssl command line tool try to use the 178for an EGD socket at /var/run/egd-pool, /dev/egd-pool, /etc/egd-pool and
176file $HOME/.rnd (or $RANDFILE, if this environment variable is set) 179/etc/entropy.
177for seeding the PRNG. If this file does not exist or is too short, 180
178the "PRNG not seeded" error message may occur. 181Most components of the openssl command line utility automatically try
179 182to seed the random number generator from a file. The name of the
180[Note to OpenSSL 0.9.5 users: The command "openssl rsa" in version 183default seeding file is determined as follows: If environment variable
1810.9.5 does not do this and will fail on systems without /dev/urandom 184RANDFILE is set, then it names the seeding file. Otherwise if
182when trying to password-encrypt an RSA key! This is a bug in the 185environment variable HOME is set, then the seeding file is $HOME/.rnd.
183library; try a later version instead.] 186If neither RANDFILE nor HOME is set, versions up to OpenSSL 0.9.6 will
187use file .rnd in the current directory while OpenSSL 0.9.6a uses no
188default seeding file at all. OpenSSL 0.9.6b and later will behave
189similarly to 0.9.6a, but will use a default of "C:" for HOME on
190Windows systems if the environment variable has not been set.
191
192If the default seeding file does not exist or is too short, the "PRNG
193not seeded" error message may occur.
194
195The openssl command line utility will write back a new state to the
196default seeding file (and create this file if necessary) unless
197there was no sufficient seeding.
198
199Pointing $RANDFILE to an Entropy Gathering Daemon socket does not work.
200Use the "-rand" option of the OpenSSL command line tools instead.
201The $RANDFILE environment variable and $HOME/.rnd are only used by the
202OpenSSL command line tools. Applications using the OpenSSL library
203provide their own configuration options to specify the entropy source,
204please check out the documentation coming the with application.
184 205
185For Solaris 2.6, Tim Nibbe <tnibbe@sprint.net> and others have suggested 206For Solaris 2.6, Tim Nibbe <tnibbe@sprint.net> and others have suggested
186installing the SUNski package from Sun patch 105710-01 (Sparc) which 207installing the SUNski package from Sun patch 105710-01 (Sparc) which
@@ -190,6 +211,18 @@ versions. However, be warned that /dev/random is usually a blocking
190device, which may have some effects on OpenSSL. 211device, which may have some effects on OpenSSL.
191 212
192 213
214* Why do I get an "unable to write 'random state'" error message?
215
216
217Sometimes the openssl command line utility does not abort with
218a "PRNG not seeded" error message, but complains that it is
219"unable to write 'random state'". This message refers to the
220default seeding file (see previous answer). A possible reason
221is that no default filename is known because neither RANDFILE
222nor HOME is set. (Versions up to 0.9.6 used file ".rnd" in the
223current directory in this case, but this has changed with 0.9.6a.)
224
225
193* How do I create certificates or certificate requests? 226* How do I create certificates or certificate requests?
194 227
195Check out the CA.pl(1) manual page. This provides a simple wrapper round 228Check out the CA.pl(1) manual page. This provides a simple wrapper round
@@ -543,5 +576,12 @@ requiring a bi-directional message exchange; both SSL_read() and
543SSL_write() will try to continue any pending handshake. 576SSL_write() will try to continue any pending handshake.
544 577
545 578
579* Why doesn't my server application receive a client certificate?
580
581Due to the TLS protocol definition, a client will only send a certificate,
582if explicitely asked by the server. Use the SSL_VERIFY_PEER flag of the
583SSL_CTX_set_verify() function to enable the use of client certificates.
584
585
546=============================================================================== 586===============================================================================
547 587
diff --git a/src/lib/libssl/src/INSTALL b/src/lib/libssl/src/INSTALL
index a7854f3d10..5bafcd4b5d 100644
--- a/src/lib/libssl/src/INSTALL
+++ b/src/lib/libssl/src/INSTALL
@@ -7,8 +7,11 @@
7 7
8 To install OpenSSL, you will need: 8 To install OpenSSL, you will need:
9 9
10 * make
10 * Perl 5 11 * Perl 5
11 * an ANSI C compiler 12 * an ANSI C compiler
13 * a development environment in form of development libraries and C
14 header files
12 * a supported Unix operating system 15 * a supported Unix operating system
13 16
14 Quick Start 17 Quick Start
@@ -42,9 +45,6 @@
42 --openssldir=DIR Directory for OpenSSL files. If no prefix is specified, 45 --openssldir=DIR Directory for OpenSSL files. If no prefix is specified,
43 the library files and binaries are also installed there. 46 the library files and binaries are also installed there.
44 47
45 rsaref Build with RSADSI's RSAREF toolkit (this assumes that
46 librsaref.a is in the library search path).
47
48 no-threads Don't try to build with support for multi-threaded 48 no-threads Don't try to build with support for multi-threaded
49 applications. 49 applications.
50 50
@@ -127,7 +127,7 @@
127 directory, and the binary will be in the "apps" directory. 127 directory, and the binary will be in the "apps" directory.
128 128
129 If "make" fails, look at the output. There may be reasons for 129 If "make" fails, look at the output. There may be reasons for
130 the failure that isn't a problem in OpenSSL itself (like missing 130 the failure that aren't problems in OpenSSL itself (like missing
131 standard headers). If it is a problem with OpenSSL itself, please 131 standard headers). If it is a problem with OpenSSL itself, please
132 report the problem to <openssl-bugs@openssl.org> (note that your 132 report the problem to <openssl-bugs@openssl.org> (note that your
133 message will be forwarded to a public mailing list). Include the 133 message will be forwarded to a public mailing list). Include the
diff --git a/src/lib/libssl/src/INSTALL.VMS b/src/lib/libssl/src/INSTALL.VMS
index 1fe78a41bb..b8ea2d0a4d 100644
--- a/src/lib/libssl/src/INSTALL.VMS
+++ b/src/lib/libssl/src/INSTALL.VMS
@@ -8,6 +8,7 @@ Intro:
8 8
9This file is divided in the following parts: 9This file is divided in the following parts:
10 10
11 Requirements - Mandatory reading.
11 Checking the distribution - Mandatory reading. 12 Checking the distribution - Mandatory reading.
12 Compilation - Mandatory reading. 13 Compilation - Mandatory reading.
13 Logical names - Mandatory reading. 14 Logical names - Mandatory reading.
@@ -19,6 +20,15 @@ This file is divided in the following parts:
19 TODO - Things that are to come. 20 TODO - Things that are to come.
20 21
21 22
23Requirements:
24=============
25
26To build and install OpenSSL, you will need:
27
28 * DEC C or some other ANSI C compiler. VAX C is *not* supported.
29 [Note: OpenSSL has only been tested with DEC C. Compiling with
30 a different ANSI C compiler may require some work]
31
22Checking the distribution: 32Checking the distribution:
23========================== 33==========================
24 34
diff --git a/src/lib/libssl/src/Makefile.org b/src/lib/libssl/src/Makefile.org
index d24a0b5010..abd4df61a2 100644
--- a/src/lib/libssl/src/Makefile.org
+++ b/src/lib/libssl/src/Makefile.org
@@ -476,20 +476,20 @@ install_docs:
476 $(INSTALL_PREFIX)$(MANDIR)/man3 \ 476 $(INSTALL_PREFIX)$(MANDIR)/man3 \
477 $(INSTALL_PREFIX)$(MANDIR)/man5 \ 477 $(INSTALL_PREFIX)$(MANDIR)/man5 \
478 $(INSTALL_PREFIX)$(MANDIR)/man7 478 $(INSTALL_PREFIX)$(MANDIR)/man7
479 @echo installing man 1 and man 5
480 @for i in doc/apps/*.pod; do \ 479 @for i in doc/apps/*.pod; do \
481 (cd `dirname $$i`; \
482 fn=`basename $$i .pod`; \ 480 fn=`basename $$i .pod`; \
483 sec=`[ "$$fn" = "config" ] && echo 5 || echo 1`; \ 481 if [ "$$fn" = "config" ]; then sec=5; else sec=1; fi; \
482 echo "installing man$$sec/`basename $$i .pod`.$$sec"; \
483 (cd `dirname $$i`; \
484 $(PERL) ../../util/pod2man.pl --section=$$sec --center=OpenSSL \ 484 $(PERL) ../../util/pod2man.pl --section=$$sec --center=OpenSSL \
485 --release=$(VERSION) `basename $$i` \ 485 --release=$(VERSION) `basename $$i` \
486 > $(INSTALL_PREFIX)$(MANDIR)/man$$sec/`basename $$i .pod`.$$sec); \ 486 > $(INSTALL_PREFIX)$(MANDIR)/man$$sec/`basename $$i .pod`.$$sec); \
487 done 487 done
488 @echo installing man 3 and man 7
489 @for i in doc/crypto/*.pod doc/ssl/*.pod; do \ 488 @for i in doc/crypto/*.pod doc/ssl/*.pod; do \
490 (cd `dirname $$i`; \
491 fn=`basename $$i .pod`; \ 489 fn=`basename $$i .pod`; \
492 sec=`[ "$$fn" = "des_modes" ] && echo 7 || echo 3`; \ 490 if [ "$$fn" = "des_modes" ]; then sec=7; else sec=3; fi; \
491 echo "installing man$$sec/`basename $$i .pod`.$$sec"; \
492 (cd `dirname $$i`; \
493 $(PERL) ../../util/pod2man.pl --section=$$sec --center=OpenSSL \ 493 $(PERL) ../../util/pod2man.pl --section=$$sec --center=OpenSSL \
494 --release=$(VERSION) `basename $$i` \ 494 --release=$(VERSION) `basename $$i` \
495 > $(INSTALL_PREFIX)$(MANDIR)/man$$sec/`basename $$i .pod`.$$sec); \ 495 > $(INSTALL_PREFIX)$(MANDIR)/man$$sec/`basename $$i .pod`.$$sec); \
diff --git a/src/lib/libssl/src/NEWS b/src/lib/libssl/src/NEWS
index b9ea61239f..f45d8e5ced 100644
--- a/src/lib/libssl/src/NEWS
+++ b/src/lib/libssl/src/NEWS
@@ -5,6 +5,23 @@
5 This file gives a brief overview of the major changes between each OpenSSL 5 This file gives a brief overview of the major changes between each OpenSSL
6 release. For more details please read the CHANGES file. 6 release. For more details please read the CHANGES file.
7 7
8 Changes between OpenSSL 0.9.6a and OpenSSL 0.9.6b:
9
10 o Security fix: PRNG improvements.
11 o Security fix: RSA OAEP check.
12 o Security fix: Reinsert and fix countermeasure to Bleichbacher's
13 attack.
14 o MIPS bug fix in BIGNUM.
15 o Bug fix in "openssl enc".
16 o Bug fix in X.509 printing routine.
17 o Bug fix in DSA verification routine and DSA S/MIME verification.
18 o Bug fix to make PRNG thread-safe.
19 o Bug fix in RAND_file_name().
20 o Bug fix in compatibility mode trust settings.
21 o Bug fix in blowfish EVP.
22 o Increase default size for BIO buffering filter.
23 o Compatibility fixes in some scripts.
24
8 Major changes between OpenSSL 0.9.6 and OpenSSL 0.9.6a: 25 Major changes between OpenSSL 0.9.6 and OpenSSL 0.9.6a:
9 26
10 o Security fix: change behavior of OpenSSL to avoid using 27 o Security fix: change behavior of OpenSSL to avoid using
diff --git a/src/lib/libssl/src/README b/src/lib/libssl/src/README
index c500744c6b..a2ede5f391 100644
--- a/src/lib/libssl/src/README
+++ b/src/lib/libssl/src/README
@@ -1,8 +1,8 @@
1 1
2 OpenSSL 0.9.6a [engine] 5 Apr 2001 2 OpenSSL 0.9.6b [engine] 9 Jul 2001
3 3
4 4
5 Copyright (c) 1998-2000 The OpenSSL Project 5 Copyright (c) 1998-2001 The OpenSSL Project
6 Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson 6 Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
7 All rights reserved. 7 All rights reserved.
8 8
diff --git a/src/lib/libssl/src/apps/ca.c b/src/lib/libssl/src/apps/ca.c
index 2ab0c4db51..f3fb45b7b4 100644
--- a/src/lib/libssl/src/apps/ca.c
+++ b/src/lib/libssl/src/apps/ca.c
@@ -1247,7 +1247,11 @@ bad:
1247 X509_free(revcert); 1247 X509_free(revcert);
1248 1248
1249 strncpy(buf[0],dbfile,BSIZE-4); 1249 strncpy(buf[0],dbfile,BSIZE-4);
1250#ifndef VMS
1250 strcat(buf[0],".new"); 1251 strcat(buf[0],".new");
1252#else
1253 strcat(buf[0],"-new");
1254#endif
1251 if (BIO_write_filename(out,buf[0]) <= 0) 1255 if (BIO_write_filename(out,buf[0]) <= 0)
1252 { 1256 {
1253 perror(dbfile); 1257 perror(dbfile);
@@ -1257,7 +1261,11 @@ bad:
1257 j=TXT_DB_write(out,db); 1261 j=TXT_DB_write(out,db);
1258 if (j <= 0) goto err; 1262 if (j <= 0) goto err;
1259 strncpy(buf[1],dbfile,BSIZE-4); 1263 strncpy(buf[1],dbfile,BSIZE-4);
1264#ifndef VMS
1260 strcat(buf[1],".old"); 1265 strcat(buf[1],".old");
1266#else
1267 strcat(buf[1],"-old");
1268#endif
1261 if (rename(dbfile,buf[1]) < 0) 1269 if (rename(dbfile,buf[1]) < 0)
1262 { 1270 {
1263 BIO_printf(bio_err,"unable to rename %s to %s\n", dbfile, buf[1]); 1271 BIO_printf(bio_err,"unable to rename %s to %s\n", dbfile, buf[1]);
diff --git a/src/lib/libssl/src/apps/dgst.c b/src/lib/libssl/src/apps/dgst.c
index ab3e2dbb02..61b2a0dc4b 100644
--- a/src/lib/libssl/src/apps/dgst.c
+++ b/src/lib/libssl/src/apps/dgst.c
@@ -74,7 +74,7 @@
74#undef PROG 74#undef PROG
75#define PROG dgst_main 75#define PROG dgst_main
76 76
77void do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, char binout, 77void do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout,
78 EVP_PKEY *key, unsigned char *sigin, int siglen); 78 EVP_PKEY *key, unsigned char *sigin, int siglen);
79 79
80int MAIN(int, char **); 80int MAIN(int, char **);
@@ -95,7 +95,7 @@ int MAIN(int argc, char **argv)
95 int debug=0; 95 int debug=0;
96 const char *outfile = NULL, *keyfile = NULL; 96 const char *outfile = NULL, *keyfile = NULL;
97 const char *sigfile = NULL, *randfile = NULL; 97 const char *sigfile = NULL, *randfile = NULL;
98 char out_bin = -1, want_pub = 0, do_verify = 0; 98 int out_bin = -1, want_pub = 0, do_verify = 0;
99 EVP_PKEY *sigkey = NULL; 99 EVP_PKEY *sigkey = NULL;
100 unsigned char *sigbuf = NULL; 100 unsigned char *sigbuf = NULL;
101 int siglen = 0; 101 int siglen = 0;
@@ -365,7 +365,7 @@ end:
365 EXIT(err); 365 EXIT(err);
366 } 366 }
367 367
368void do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, char binout, 368void do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout,
369 EVP_PKEY *key, unsigned char *sigin, int siglen) 369 EVP_PKEY *key, unsigned char *sigin, int siglen)
370 { 370 {
371 int len; 371 int len;
diff --git a/src/lib/libssl/src/apps/enc.c b/src/lib/libssl/src/apps/enc.c
index b9190ef53f..fcb2581b66 100644
--- a/src/lib/libssl/src/apps/enc.c
+++ b/src/lib/libssl/src/apps/enc.c
@@ -542,6 +542,14 @@ bad:
542 BIO_printf(bio_err,"invalid hex iv value\n"); 542 BIO_printf(bio_err,"invalid hex iv value\n");
543 goto end; 543 goto end;
544 } 544 }
545 if ((hiv == NULL) && (str == NULL))
546 {
547 /* No IV was explicitly set and no IV was generated
548 * during EVP_BytesToKey. Hence the IV is undefined,
549 * making correct decryption impossible. */
550 BIO_printf(bio_err, "iv undefined\n");
551 goto end;
552 }
545 if ((hkey != NULL) && !set_hex(hkey,key,24)) 553 if ((hkey != NULL) && !set_hex(hkey,key,24))
546 { 554 {
547 BIO_printf(bio_err,"invalid hex key value\n"); 555 BIO_printf(bio_err,"invalid hex key value\n");
diff --git a/src/lib/libssl/src/apps/smime.c b/src/lib/libssl/src/apps/smime.c
index 16b940084b..7bf71ef868 100644
--- a/src/lib/libssl/src/apps/smime.c
+++ b/src/lib/libssl/src/apps/smime.c
@@ -299,6 +299,7 @@ int MAIN(int argc, char **argv)
299 BIO_printf (bio_err, "-CApath dir trusted certificates directory\n"); 299 BIO_printf (bio_err, "-CApath dir trusted certificates directory\n");
300 BIO_printf (bio_err, "-CAfile file trusted certificates file\n"); 300 BIO_printf (bio_err, "-CAfile file trusted certificates file\n");
301 BIO_printf (bio_err, "-engine e use engine e, possibly a hardware device.\n"); 301 BIO_printf (bio_err, "-engine e use engine e, possibly a hardware device.\n");
302 BIO_printf (bio_err, "-passin arg input file pass phrase source\n");
302 BIO_printf(bio_err, "-rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR); 303 BIO_printf(bio_err, "-rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
303 BIO_printf(bio_err, " load the file (or the files in the directory) into\n"); 304 BIO_printf(bio_err, " load the file (or the files in the directory) into\n");
304 BIO_printf(bio_err, " the random number generator\n"); 305 BIO_printf(bio_err, " the random number generator\n");
diff --git a/src/lib/libssl/src/apps/speed.c b/src/lib/libssl/src/apps/speed.c
index 3562ea277b..9c91f718e0 100644
--- a/src/lib/libssl/src/apps/speed.c
+++ b/src/lib/libssl/src/apps/speed.c
@@ -83,12 +83,12 @@
83#include <openssl/err.h> 83#include <openssl/err.h>
84#include <openssl/engine.h> 84#include <openssl/engine.h>
85 85
86#if defined(__FreeBSD__) 86#if defined(__FreeBSD__) || defined(__NetBSD__) || defined(__OpenBSD__)
87# define USE_TOD 87# define USE_TOD
88#elif !defined(MSDOS) && (!defined(VMS) || defined(__DECC)) 88#elif !defined(MSDOS) && (!defined(VMS) || defined(__DECC))
89# define TIMES 89# define TIMES
90#endif 90#endif
91#if !defined(_UNICOS) && !defined(__OpenBSD__) && !defined(sgi) && !defined(__FreeBSD__) && !(defined(__bsdi) || defined(__bsdi__)) && !defined(_AIX) && !defined(MPE) 91#if !defined(_UNICOS) && !defined(__OpenBSD__) && !defined(sgi) && !defined(__FreeBSD__) && !(defined(__bsdi) || defined(__bsdi__)) && !defined(_AIX) && !defined(MPE) && !defined(__NetBSD__)
92# define TIMEB 92# define TIMEB
93#endif 93#endif
94 94
diff --git a/src/lib/libssl/src/crypto/asn1/t_x509.c b/src/lib/libssl/src/crypto/asn1/t_x509.c
index 314bdfb1c7..89ae73a6de 100644
--- a/src/lib/libssl/src/crypto/asn1/t_x509.c
+++ b/src/lib/libssl/src/crypto/asn1/t_x509.c
@@ -349,6 +349,8 @@ int X509_NAME_print(BIO *bp, X509_NAME *name, int obase)
349 ll=80-2-obase; 349 ll=80-2-obase;
350 350
351 s=X509_NAME_oneline(name,buf,256); 351 s=X509_NAME_oneline(name,buf,256);
352 if (!*s)
353 return 1;
352 s++; /* skip the first slash */ 354 s++; /* skip the first slash */
353 355
354 l=ll; 356 l=ll;
diff --git a/src/lib/libssl/src/crypto/asn1/x_pubkey.c b/src/lib/libssl/src/crypto/asn1/x_pubkey.c
index b2e2a51477..4397a404b5 100644
--- a/src/lib/libssl/src/crypto/asn1/x_pubkey.c
+++ b/src/lib/libssl/src/crypto/asn1/x_pubkey.c
@@ -234,7 +234,7 @@ EVP_PKEY *X509_PUBKEY_get(X509_PUBKEY *key)
234 a=key->algor; 234 a=key->algor;
235 if (ret->type == EVP_PKEY_DSA) 235 if (ret->type == EVP_PKEY_DSA)
236 { 236 {
237 if (a->parameter->type == V_ASN1_SEQUENCE) 237 if (a->parameter && (a->parameter->type == V_ASN1_SEQUENCE))
238 { 238 {
239 ret->pkey.dsa->write_params=0; 239 ret->pkey.dsa->write_params=0;
240 p=a->parameter->value.sequence->data; 240 p=a->parameter->value.sequence->data;
diff --git a/src/lib/libssl/src/crypto/bio/b_print.c b/src/lib/libssl/src/crypto/bio/b_print.c
index b4f7a85f2e..91a049406e 100644
--- a/src/lib/libssl/src/crypto/bio/b_print.c
+++ b/src/lib/libssl/src/crypto/bio/b_print.c
@@ -109,7 +109,11 @@
109#endif 109#endif
110 110
111#if HAVE_LONG_LONG 111#if HAVE_LONG_LONG
112#define LLONG long long 112# if defined(WIN32) && !defined(__GNUC__)
113# define LLONG _int64
114# else
115# define LLONG long long
116# endif
113#else 117#else
114#define LLONG long 118#define LLONG long
115#endif 119#endif
@@ -152,7 +156,7 @@ static void _dopr(char **sbuffer, char **buffer,
152 156
153/* some handy macros */ 157/* some handy macros */
154#define char_to_int(p) (p - '0') 158#define char_to_int(p) (p - '0')
155#define MAX(p,q) ((p >= q) ? p : q) 159#define OSSL_MAX(p,q) ((p >= q) ? p : q)
156 160
157static void 161static void
158_dopr( 162_dopr(
@@ -503,13 +507,13 @@ fmtint(
503 convert[place] = 0; 507 convert[place] = 0;
504 508
505 zpadlen = max - place; 509 zpadlen = max - place;
506 spadlen = min - MAX(max, place) - (signvalue ? 1 : 0); 510 spadlen = min - OSSL_MAX(max, place) - (signvalue ? 1 : 0);
507 if (zpadlen < 0) 511 if (zpadlen < 0)
508 zpadlen = 0; 512 zpadlen = 0;
509 if (spadlen < 0) 513 if (spadlen < 0)
510 spadlen = 0; 514 spadlen = 0;
511 if (flags & DP_F_ZERO) { 515 if (flags & DP_F_ZERO) {
512 zpadlen = MAX(zpadlen, spadlen); 516 zpadlen = OSSL_MAX(zpadlen, spadlen);
513 spadlen = 0; 517 spadlen = 0;
514 } 518 }
515 if (flags & DP_F_MINUS) 519 if (flags & DP_F_MINUS)
@@ -641,7 +645,7 @@ fmtfp(
641 (caps ? "0123456789ABCDEF" 645 (caps ? "0123456789ABCDEF"
642 : "0123456789abcdef")[fracpart % 10]; 646 : "0123456789abcdef")[fracpart % 10];
643 fracpart = (fracpart / 10); 647 fracpart = (fracpart / 10);
644 } while (fracpart && (fplace < 20)); 648 } while (fplace < max);
645 if (fplace == 20) 649 if (fplace == 20)
646 fplace--; 650 fplace--;
647 fconvert[fplace] = 0; 651 fconvert[fplace] = 0;
diff --git a/src/lib/libssl/src/crypto/bio/bf_buff.c b/src/lib/libssl/src/crypto/bio/bf_buff.c
index f50e8f98a3..c90238bae1 100644
--- a/src/lib/libssl/src/crypto/bio/bf_buff.c
+++ b/src/lib/libssl/src/crypto/bio/bf_buff.c
@@ -70,7 +70,7 @@ static long buffer_ctrl(BIO *h, int cmd, long arg1, void *arg2);
70static int buffer_new(BIO *h); 70static int buffer_new(BIO *h);
71static int buffer_free(BIO *data); 71static int buffer_free(BIO *data);
72static long buffer_callback_ctrl(BIO *h, int cmd, bio_info_cb *fp); 72static long buffer_callback_ctrl(BIO *h, int cmd, bio_info_cb *fp);
73#define DEFAULT_BUFFER_SIZE 1024 73#define DEFAULT_BUFFER_SIZE 4096
74 74
75static BIO_METHOD methods_buffer= 75static BIO_METHOD methods_buffer=
76 { 76 {
diff --git a/src/lib/libssl/src/crypto/bn/asm/mips3.s b/src/lib/libssl/src/crypto/bn/asm/mips3.s
index 45786c00a5..dca4105c7d 100644
--- a/src/lib/libssl/src/crypto/bn/asm/mips3.s
+++ b/src/lib/libssl/src/crypto/bn/asm/mips3.s
@@ -1,5 +1,5 @@
1.rdata 1.rdata
2.asciiz "mips3.s, Version 1.0" 2.asciiz "mips3.s, Version 1.1"
3.asciiz "MIPS III/IV ISA artwork by Andy Polyakov <appro@fy.chalmers.se>" 3.asciiz "MIPS III/IV ISA artwork by Andy Polyakov <appro@fy.chalmers.se>"
4 4
5/* 5/*
@@ -849,6 +849,7 @@ LEAF(bn_mul_comba8)
849 sltu AT,c_1,t_1 849 sltu AT,c_1,t_1
850 daddu t_2,AT 850 daddu t_2,AT
851 daddu c_2,t_2 851 daddu c_2,t_2
852 sltu c_3,c_2,t_2
852 dmultu a_1,b_2 /* mul_add_c(a[1],b[2],c1,c2,c3); */ 853 dmultu a_1,b_2 /* mul_add_c(a[1],b[2],c1,c2,c3); */
853 mflo t_1 854 mflo t_1
854 mfhi t_2 855 mfhi t_2
@@ -856,7 +857,8 @@ LEAF(bn_mul_comba8)
856 sltu AT,c_1,t_1 857 sltu AT,c_1,t_1
857 daddu t_2,AT 858 daddu t_2,AT
858 daddu c_2,t_2 859 daddu c_2,t_2
859 sltu c_3,c_2,t_2 860 sltu AT,c_2,t_2
861 daddu c_3,AT
860 dmultu a_2,b_1 /* mul_add_c(a[2],b[1],c1,c2,c3); */ 862 dmultu a_2,b_1 /* mul_add_c(a[2],b[1],c1,c2,c3); */
861 mflo t_1 863 mflo t_1
862 mfhi t_2 864 mfhi t_2
@@ -884,6 +886,7 @@ LEAF(bn_mul_comba8)
884 sltu AT,c_2,t_1 886 sltu AT,c_2,t_1
885 daddu t_2,AT 887 daddu t_2,AT
886 daddu c_3,t_2 888 daddu c_3,t_2
889 sltu c_1,c_3,t_2
887 dmultu a_3,b_1 /* mul_add_c(a[3],b[1],c2,c3,c1); */ 890 dmultu a_3,b_1 /* mul_add_c(a[3],b[1],c2,c3,c1); */
888 mflo t_1 891 mflo t_1
889 mfhi t_2 892 mfhi t_2
@@ -891,7 +894,8 @@ LEAF(bn_mul_comba8)
891 sltu AT,c_2,t_1 894 sltu AT,c_2,t_1
892 daddu t_2,AT 895 daddu t_2,AT
893 daddu c_3,t_2 896 daddu c_3,t_2
894 sltu c_1,c_3,t_2 897 sltu AT,c_3,t_2
898 daddu c_1,AT
895 dmultu a_2,b_2 /* mul_add_c(a[2],b[2],c2,c3,c1); */ 899 dmultu a_2,b_2 /* mul_add_c(a[2],b[2],c2,c3,c1); */
896 mflo t_1 900 mflo t_1
897 mfhi t_2 901 mfhi t_2
@@ -928,6 +932,7 @@ LEAF(bn_mul_comba8)
928 sltu AT,c_3,t_1 932 sltu AT,c_3,t_1
929 daddu t_2,AT 933 daddu t_2,AT
930 daddu c_1,t_2 934 daddu c_1,t_2
935 sltu c_2,c_1,t_2
931 dmultu a_1,b_4 /* mul_add_c(a[1],b[4],c3,c1,c2); */ 936 dmultu a_1,b_4 /* mul_add_c(a[1],b[4],c3,c1,c2); */
932 mflo t_1 937 mflo t_1
933 mfhi t_2 938 mfhi t_2
@@ -935,7 +940,8 @@ LEAF(bn_mul_comba8)
935 sltu AT,c_3,t_1 940 sltu AT,c_3,t_1
936 daddu t_2,AT 941 daddu t_2,AT
937 daddu c_1,t_2 942 daddu c_1,t_2
938 sltu c_2,c_1,t_2 943 sltu AT,c_1,t_2
944 daddu c_2,AT
939 dmultu a_2,b_3 /* mul_add_c(a[2],b[3],c3,c1,c2); */ 945 dmultu a_2,b_3 /* mul_add_c(a[2],b[3],c3,c1,c2); */
940 mflo t_1 946 mflo t_1
941 mfhi t_2 947 mfhi t_2
@@ -981,6 +987,7 @@ LEAF(bn_mul_comba8)
981 sltu AT,c_1,t_1 987 sltu AT,c_1,t_1
982 daddu t_2,AT 988 daddu t_2,AT
983 daddu c_2,t_2 989 daddu c_2,t_2
990 sltu c_3,c_2,t_2
984 dmultu a_5,b_1 /* mul_add_c(a[5],b[1],c1,c2,c3); */ 991 dmultu a_5,b_1 /* mul_add_c(a[5],b[1],c1,c2,c3); */
985 mflo t_1 992 mflo t_1
986 mfhi t_2 993 mfhi t_2
@@ -988,7 +995,8 @@ LEAF(bn_mul_comba8)
988 sltu AT,c_1,t_1 995 sltu AT,c_1,t_1
989 daddu t_2,AT 996 daddu t_2,AT
990 daddu c_2,t_2 997 daddu c_2,t_2
991 sltu c_3,c_2,t_2 998 sltu AT,c_2,t_2
999 daddu c_3,AT
992 dmultu a_4,b_2 /* mul_add_c(a[4],b[2],c1,c2,c3); */ 1000 dmultu a_4,b_2 /* mul_add_c(a[4],b[2],c1,c2,c3); */
993 mflo t_1 1001 mflo t_1
994 mfhi t_2 1002 mfhi t_2
@@ -1043,6 +1051,7 @@ LEAF(bn_mul_comba8)
1043 sltu AT,c_2,t_1 1051 sltu AT,c_2,t_1
1044 daddu t_2,AT 1052 daddu t_2,AT
1045 daddu c_3,t_2 1053 daddu c_3,t_2
1054 sltu c_1,c_3,t_2
1046 dmultu a_1,b_6 /* mul_add_c(a[1],b[6],c2,c3,c1); */ 1055 dmultu a_1,b_6 /* mul_add_c(a[1],b[6],c2,c3,c1); */
1047 mflo t_1 1056 mflo t_1
1048 mfhi t_2 1057 mfhi t_2
@@ -1050,7 +1059,8 @@ LEAF(bn_mul_comba8)
1050 sltu AT,c_2,t_1 1059 sltu AT,c_2,t_1
1051 daddu t_2,AT 1060 daddu t_2,AT
1052 daddu c_3,t_2 1061 daddu c_3,t_2
1053 sltu c_1,c_3,t_2 1062 sltu AT,c_3,t_2
1063 daddu c_1,AT
1054 dmultu a_2,b_5 /* mul_add_c(a[2],b[5],c2,c3,c1); */ 1064 dmultu a_2,b_5 /* mul_add_c(a[2],b[5],c2,c3,c1); */
1055 mflo t_1 1065 mflo t_1
1056 mfhi t_2 1066 mfhi t_2
@@ -1114,6 +1124,7 @@ LEAF(bn_mul_comba8)
1114 sltu AT,c_3,t_1 1124 sltu AT,c_3,t_1
1115 daddu t_2,AT 1125 daddu t_2,AT
1116 daddu c_1,t_2 1126 daddu c_1,t_2
1127 sltu c_2,c_1,t_2
1117 dmultu a_6,b_2 /* mul_add_c(a[6],b[2],c3,c1,c2); */ 1128 dmultu a_6,b_2 /* mul_add_c(a[6],b[2],c3,c1,c2); */
1118 mflo t_1 1129 mflo t_1
1119 mfhi t_2 1130 mfhi t_2
@@ -1121,7 +1132,8 @@ LEAF(bn_mul_comba8)
1121 sltu AT,c_3,t_1 1132 sltu AT,c_3,t_1
1122 daddu t_2,AT 1133 daddu t_2,AT
1123 daddu c_1,t_2 1134 daddu c_1,t_2
1124 sltu c_2,c_1,t_2 1135 sltu AT,c_1,t_2
1136 daddu c_2,AT
1125 dmultu a_5,b_3 /* mul_add_c(a[5],b[3],c3,c1,c2); */ 1137 dmultu a_5,b_3 /* mul_add_c(a[5],b[3],c3,c1,c2); */
1126 mflo t_1 1138 mflo t_1
1127 mfhi t_2 1139 mfhi t_2
@@ -1176,6 +1188,7 @@ LEAF(bn_mul_comba8)
1176 sltu AT,c_1,t_1 1188 sltu AT,c_1,t_1
1177 daddu t_2,AT 1189 daddu t_2,AT
1178 daddu c_2,t_2 1190 daddu c_2,t_2
1191 sltu c_3,c_2,t_2
1179 dmultu a_3,b_6 /* mul_add_c(a[3],b[6],c1,c2,c3); */ 1192 dmultu a_3,b_6 /* mul_add_c(a[3],b[6],c1,c2,c3); */
1180 mflo t_1 1193 mflo t_1
1181 mfhi t_2 1194 mfhi t_2
@@ -1183,7 +1196,8 @@ LEAF(bn_mul_comba8)
1183 sltu AT,c_1,t_1 1196 sltu AT,c_1,t_1
1184 daddu t_2,AT 1197 daddu t_2,AT
1185 daddu c_2,t_2 1198 daddu c_2,t_2
1186 sltu c_3,c_2,t_2 1199 sltu AT,c_2,t_2
1200 daddu c_3,AT
1187 dmultu a_4,b_5 /* mul_add_c(a[4],b[5],c1,c2,c3); */ 1201 dmultu a_4,b_5 /* mul_add_c(a[4],b[5],c1,c2,c3); */
1188 mflo t_1 1202 mflo t_1
1189 mfhi t_2 1203 mfhi t_2
@@ -1229,6 +1243,7 @@ LEAF(bn_mul_comba8)
1229 sltu AT,c_2,t_1 1243 sltu AT,c_2,t_1
1230 daddu t_2,AT 1244 daddu t_2,AT
1231 daddu c_3,t_2 1245 daddu c_3,t_2
1246 sltu c_1,c_3,t_2
1232 dmultu a_6,b_4 /* mul_add_c(a[6],b[4],c2,c3,c1); */ 1247 dmultu a_6,b_4 /* mul_add_c(a[6],b[4],c2,c3,c1); */
1233 mflo t_1 1248 mflo t_1
1234 mfhi t_2 1249 mfhi t_2
@@ -1236,7 +1251,8 @@ LEAF(bn_mul_comba8)
1236 sltu AT,c_2,t_1 1251 sltu AT,c_2,t_1
1237 daddu t_2,AT 1252 daddu t_2,AT
1238 daddu c_3,t_2 1253 daddu c_3,t_2
1239 sltu c_1,c_3,t_2 1254 sltu AT,c_3,t_2
1255 daddu c_1,AT
1240 dmultu a_5,b_5 /* mul_add_c(a[5],b[5],c2,c3,c1); */ 1256 dmultu a_5,b_5 /* mul_add_c(a[5],b[5],c2,c3,c1); */
1241 mflo t_1 1257 mflo t_1
1242 mfhi t_2 1258 mfhi t_2
@@ -1273,6 +1289,7 @@ LEAF(bn_mul_comba8)
1273 sltu AT,c_3,t_1 1289 sltu AT,c_3,t_1
1274 daddu t_2,AT 1290 daddu t_2,AT
1275 daddu c_1,t_2 1291 daddu c_1,t_2
1292 sltu c_2,c_1,t_2
1276 dmultu a_5,b_6 /* mul_add_c(a[5],b[6],c3,c1,c2); */ 1293 dmultu a_5,b_6 /* mul_add_c(a[5],b[6],c3,c1,c2); */
1277 mflo t_1 1294 mflo t_1
1278 mfhi t_2 1295 mfhi t_2
@@ -1280,7 +1297,8 @@ LEAF(bn_mul_comba8)
1280 sltu AT,c_3,t_1 1297 sltu AT,c_3,t_1
1281 daddu t_2,AT 1298 daddu t_2,AT
1282 daddu c_1,t_2 1299 daddu c_1,t_2
1283 sltu c_2,c_1,t_2 1300 sltu AT,c_1,t_2
1301 daddu c_2,AT
1284 dmultu a_6,b_5 /* mul_add_c(a[6],b[5],c3,c1,c2); */ 1302 dmultu a_6,b_5 /* mul_add_c(a[6],b[5],c3,c1,c2); */
1285 mflo t_1 1303 mflo t_1
1286 mfhi t_2 1304 mfhi t_2
@@ -1308,6 +1326,7 @@ LEAF(bn_mul_comba8)
1308 sltu AT,c_1,t_1 1326 sltu AT,c_1,t_1
1309 daddu t_2,AT 1327 daddu t_2,AT
1310 daddu c_2,t_2 1328 daddu c_2,t_2
1329 sltu c_3,c_2,t_2
1311 dmultu a_6,b_6 /* mul_add_c(a[6],b[6],c1,c2,c3); */ 1330 dmultu a_6,b_6 /* mul_add_c(a[6],b[6],c1,c2,c3); */
1312 mflo t_1 1331 mflo t_1
1313 mfhi t_2 1332 mfhi t_2
@@ -1315,7 +1334,8 @@ LEAF(bn_mul_comba8)
1315 sltu AT,c_1,t_1 1334 sltu AT,c_1,t_1
1316 daddu t_2,AT 1335 daddu t_2,AT
1317 daddu c_2,t_2 1336 daddu c_2,t_2
1318 sltu c_3,c_2,t_2 1337 sltu AT,c_2,t_2
1338 daddu c_3,AT
1319 dmultu a_5,b_7 /* mul_add_c(a[5],b[7],c1,c2,c3); */ 1339 dmultu a_5,b_7 /* mul_add_c(a[5],b[7],c1,c2,c3); */
1320 mflo t_1 1340 mflo t_1
1321 mfhi t_2 1341 mfhi t_2
@@ -1334,6 +1354,7 @@ LEAF(bn_mul_comba8)
1334 sltu AT,c_2,t_1 1354 sltu AT,c_2,t_1
1335 daddu t_2,AT 1355 daddu t_2,AT
1336 daddu c_3,t_2 1356 daddu c_3,t_2
1357 sltu c_1,c_3,t_2
1337 dmultu a_7,b_6 /* mul_add_c(a[7],b[6],c2,c3,c1); */ 1358 dmultu a_7,b_6 /* mul_add_c(a[7],b[6],c2,c3,c1); */
1338 mflo t_1 1359 mflo t_1
1339 mfhi t_2 1360 mfhi t_2
@@ -1341,7 +1362,8 @@ LEAF(bn_mul_comba8)
1341 sltu AT,c_2,t_1 1362 sltu AT,c_2,t_1
1342 daddu t_2,AT 1363 daddu t_2,AT
1343 daddu c_3,t_2 1364 daddu c_3,t_2
1344 sltu c_1,c_3,t_2 1365 sltu AT,c_3,t_2
1366 daddu c_1,AT
1345 sd c_2,104(a0) /* r[13]=c2; */ 1367 sd c_2,104(a0) /* r[13]=c2; */
1346 1368
1347 dmultu a_7,b_7 /* mul_add_c(a[7],b[7],c3,c1,c2); */ 1369 dmultu a_7,b_7 /* mul_add_c(a[7],b[7],c3,c1,c2); */
@@ -1430,6 +1452,7 @@ LEAF(bn_mul_comba4)
1430 sltu AT,c_1,t_1 1452 sltu AT,c_1,t_1
1431 daddu t_2,AT 1453 daddu t_2,AT
1432 daddu c_2,t_2 1454 daddu c_2,t_2
1455 sltu c_3,c_2,t_2
1433 dmultu a_1,b_2 /* mul_add_c(a[1],b[2],c1,c2,c3); */ 1456 dmultu a_1,b_2 /* mul_add_c(a[1],b[2],c1,c2,c3); */
1434 mflo t_1 1457 mflo t_1
1435 mfhi t_2 1458 mfhi t_2
@@ -1437,7 +1460,8 @@ LEAF(bn_mul_comba4)
1437 sltu AT,c_1,t_1 1460 sltu AT,c_1,t_1
1438 daddu t_2,AT 1461 daddu t_2,AT
1439 daddu c_2,t_2 1462 daddu c_2,t_2
1440 sltu c_3,c_2,t_2 1463 sltu AT,c_2,t_2
1464 daddu c_3,AT
1441 dmultu a_2,b_1 /* mul_add_c(a[2],b[1],c1,c2,c3); */ 1465 dmultu a_2,b_1 /* mul_add_c(a[2],b[1],c1,c2,c3); */
1442 mflo t_1 1466 mflo t_1
1443 mfhi t_2 1467 mfhi t_2
@@ -1465,6 +1489,7 @@ LEAF(bn_mul_comba4)
1465 sltu AT,c_2,t_1 1489 sltu AT,c_2,t_1
1466 daddu t_2,AT 1490 daddu t_2,AT
1467 daddu c_3,t_2 1491 daddu c_3,t_2
1492 sltu c_1,c_3,t_2
1468 dmultu a_2,b_2 /* mul_add_c(a[2],b[2],c2,c3,c1); */ 1493 dmultu a_2,b_2 /* mul_add_c(a[2],b[2],c2,c3,c1); */
1469 mflo t_1 1494 mflo t_1
1470 mfhi t_2 1495 mfhi t_2
@@ -1472,7 +1497,8 @@ LEAF(bn_mul_comba4)
1472 sltu AT,c_2,t_1 1497 sltu AT,c_2,t_1
1473 daddu t_2,AT 1498 daddu t_2,AT
1474 daddu c_3,t_2 1499 daddu c_3,t_2
1475 sltu c_1,c_3,t_2 1500 sltu AT,c_3,t_2
1501 daddu c_1,AT
1476 dmultu a_1,b_3 /* mul_add_c(a[1],b[3],c2,c3,c1); */ 1502 dmultu a_1,b_3 /* mul_add_c(a[1],b[3],c2,c3,c1); */
1477 mflo t_1 1503 mflo t_1
1478 mfhi t_2 1504 mfhi t_2
@@ -1491,6 +1517,7 @@ LEAF(bn_mul_comba4)
1491 sltu AT,c_3,t_1 1517 sltu AT,c_3,t_1
1492 daddu t_2,AT 1518 daddu t_2,AT
1493 daddu c_1,t_2 1519 daddu c_1,t_2
1520 sltu c_2,c_1,t_2
1494 dmultu a_3,b_2 /* mul_add_c(a[3],b[2],c3,c1,c2); */ 1521 dmultu a_3,b_2 /* mul_add_c(a[3],b[2],c3,c1,c2); */
1495 mflo t_1 1522 mflo t_1
1496 mfhi t_2 1523 mfhi t_2
@@ -1498,7 +1525,8 @@ LEAF(bn_mul_comba4)
1498 sltu AT,c_3,t_1 1525 sltu AT,c_3,t_1
1499 daddu t_2,AT 1526 daddu t_2,AT
1500 daddu c_1,t_2 1527 daddu c_1,t_2
1501 sltu c_2,c_1,t_2 1528 sltu AT,c_1,t_2
1529 daddu c_2,AT
1502 sd c_3,40(a0) 1530 sd c_3,40(a0)
1503 1531
1504 dmultu a_3,b_3 /* mul_add_c(a[3],b[3],c1,c2,c3); */ 1532 dmultu a_3,b_3 /* mul_add_c(a[3],b[3],c1,c2,c3); */
@@ -1543,28 +1571,30 @@ LEAF(bn_sqr_comba8)
1543 dmultu a_0,a_1 /* mul_add_c2(a[0],b[1],c2,c3,c1); */ 1571 dmultu a_0,a_1 /* mul_add_c2(a[0],b[1],c2,c3,c1); */
1544 mflo t_1 1572 mflo t_1
1545 mfhi t_2 1573 mfhi t_2
1574 slt c_1,t_2,zero
1575 dsll t_2,1
1576 slt a2,t_1,zero
1577 daddu t_2,a2
1578 dsll t_1,1
1546 daddu c_2,t_1 1579 daddu c_2,t_1
1547 sltu AT,c_2,t_1 1580 sltu AT,c_2,t_1
1548 daddu c_3,t_2,AT 1581 daddu c_3,t_2,AT
1549 daddu c_2,t_1
1550 sltu AT,c_2,t_1
1551 daddu t_2,AT
1552 daddu c_3,t_2
1553 sltu c_1,c_3,t_2
1554 sd c_2,8(a0) 1582 sd c_2,8(a0)
1555 1583
1556 dmultu a_2,a_0 /* mul_add_c2(a[2],b[0],c3,c1,c2); */ 1584 dmultu a_2,a_0 /* mul_add_c2(a[2],b[0],c3,c1,c2); */
1557 mflo t_1 1585 mflo t_1
1558 mfhi t_2 1586 mfhi t_2
1559 daddu c_3,t_1 1587 slt c_2,t_2,zero
1560 sltu AT,c_3,t_1 1588 dsll t_2,1
1561 daddu a2,t_2,AT 1589 slt a2,t_1,zero
1562 daddu c_1,a2 1590 daddu t_2,a2
1591 dsll t_1,1
1563 daddu c_3,t_1 1592 daddu c_3,t_1
1564 sltu AT,c_3,t_1 1593 sltu AT,c_3,t_1
1565 daddu t_2,AT 1594 daddu t_2,AT
1566 daddu c_1,t_2 1595 daddu c_1,t_2
1567 sltu c_2,c_1,t_2 1596 sltu AT,c_1,t_2
1597 daddu c_2,AT
1568 dmultu a_1,a_1 /* mul_add_c(a[1],b[1],c3,c1,c2); */ 1598 dmultu a_1,a_1 /* mul_add_c(a[1],b[1],c3,c1,c2); */
1569 mflo t_1 1599 mflo t_1
1570 mfhi t_2 1600 mfhi t_2
@@ -1579,24 +1609,26 @@ LEAF(bn_sqr_comba8)
1579 dmultu a_0,a_3 /* mul_add_c2(a[0],b[3],c1,c2,c3); */ 1609 dmultu a_0,a_3 /* mul_add_c2(a[0],b[3],c1,c2,c3); */
1580 mflo t_1 1610 mflo t_1
1581 mfhi t_2 1611 mfhi t_2
1582 daddu c_1,t_1 1612 slt c_3,t_2,zero
1583 sltu AT,c_1,t_1 1613 dsll t_2,1
1584 daddu a2,t_2,AT 1614 slt a2,t_1,zero
1585 daddu c_2,a2 1615 daddu t_2,a2
1616 dsll t_1,1
1586 daddu c_1,t_1 1617 daddu c_1,t_1
1587 sltu AT,c_1,t_1 1618 sltu AT,c_1,t_1
1588 daddu t_2,AT 1619 daddu t_2,AT
1589 daddu c_2,t_2 1620 daddu c_2,t_2
1590 sltu c_3,c_2,t_2 1621 sltu AT,c_2,t_2
1622 daddu c_3,AT
1591 dmultu a_1,a_2 /* mul_add_c2(a[1],b[2],c1,c2,c3); */ 1623 dmultu a_1,a_2 /* mul_add_c2(a[1],b[2],c1,c2,c3); */
1592 mflo t_1 1624 mflo t_1
1593 mfhi t_2 1625 mfhi t_2
1594 daddu c_1,t_1 1626 slt AT,t_2,zero
1595 sltu AT,c_1,t_1
1596 daddu a2,t_2,AT
1597 daddu c_2,a2
1598 sltu AT,c_2,a2
1599 daddu c_3,AT 1627 daddu c_3,AT
1628 dsll t_2,1
1629 slt a2,t_1,zero
1630 daddu t_2,a2
1631 dsll t_1,1
1600 daddu c_1,t_1 1632 daddu c_1,t_1
1601 sltu AT,c_1,t_1 1633 sltu AT,c_1,t_1
1602 daddu t_2,AT 1634 daddu t_2,AT
@@ -1608,24 +1640,26 @@ LEAF(bn_sqr_comba8)
1608 dmultu a_4,a_0 /* mul_add_c2(a[4],b[0],c2,c3,c1); */ 1640 dmultu a_4,a_0 /* mul_add_c2(a[4],b[0],c2,c3,c1); */
1609 mflo t_1 1641 mflo t_1
1610 mfhi t_2 1642 mfhi t_2
1611 daddu c_2,t_1 1643 slt c_1,t_2,zero
1612 sltu AT,c_2,t_1 1644 dsll t_2,1
1613 daddu a2,t_2,AT 1645 slt a2,t_1,zero
1614 daddu c_3,a2 1646 daddu t_2,a2
1647 dsll t_1,1
1615 daddu c_2,t_1 1648 daddu c_2,t_1
1616 sltu AT,c_2,t_1 1649 sltu AT,c_2,t_1
1617 daddu t_2,AT 1650 daddu t_2,AT
1618 daddu c_3,t_2 1651 daddu c_3,t_2
1619 sltu c_1,c_3,t_2 1652 sltu AT,c_3,t_2
1653 daddu c_1,AT
1620 dmultu a_3,a_1 /* mul_add_c2(a[3],b[1],c2,c3,c1); */ 1654 dmultu a_3,a_1 /* mul_add_c2(a[3],b[1],c2,c3,c1); */
1621 mflo t_1 1655 mflo t_1
1622 mfhi t_2 1656 mfhi t_2
1623 daddu c_2,t_1 1657 slt AT,t_2,zero
1624 sltu AT,c_2,t_1
1625 daddu a2,t_2,AT
1626 daddu c_3,a2
1627 sltu AT,c_3,a2
1628 daddu c_1,AT 1658 daddu c_1,AT
1659 dsll t_2,1
1660 slt a2,t_1,zero
1661 daddu t_2,a2
1662 dsll t_1,1
1629 daddu c_2,t_1 1663 daddu c_2,t_1
1630 sltu AT,c_2,t_1 1664 sltu AT,c_2,t_1
1631 daddu t_2,AT 1665 daddu t_2,AT
@@ -1646,24 +1680,26 @@ LEAF(bn_sqr_comba8)
1646 dmultu a_0,a_5 /* mul_add_c2(a[0],b[5],c3,c1,c2); */ 1680 dmultu a_0,a_5 /* mul_add_c2(a[0],b[5],c3,c1,c2); */
1647 mflo t_1 1681 mflo t_1
1648 mfhi t_2 1682 mfhi t_2
1649 daddu c_3,t_1 1683 slt c_2,t_2,zero
1650 sltu AT,c_3,t_1 1684 dsll t_2,1
1651 daddu a2,t_2,AT 1685 slt a2,t_1,zero
1652 daddu c_1,a2 1686 daddu t_2,a2
1687 dsll t_1,1
1653 daddu c_3,t_1 1688 daddu c_3,t_1
1654 sltu AT,c_3,t_1 1689 sltu AT,c_3,t_1
1655 daddu t_2,AT 1690 daddu t_2,AT
1656 daddu c_1,t_2 1691 daddu c_1,t_2
1657 sltu c_2,c_1,t_2 1692 sltu AT,c_1,t_2
1693 daddu c_2,AT
1658 dmultu a_1,a_4 /* mul_add_c2(a[1],b[4],c3,c1,c2); */ 1694 dmultu a_1,a_4 /* mul_add_c2(a[1],b[4],c3,c1,c2); */
1659 mflo t_1 1695 mflo t_1
1660 mfhi t_2 1696 mfhi t_2
1661 daddu c_3,t_1 1697 slt AT,t_2,zero
1662 sltu AT,c_3,t_1
1663 daddu a2,t_2,AT
1664 daddu c_1,a2
1665 sltu AT,c_1,a2
1666 daddu c_2,AT 1698 daddu c_2,AT
1699 dsll t_2,1
1700 slt a2,t_1,zero
1701 daddu t_2,a2
1702 dsll t_1,1
1667 daddu c_3,t_1 1703 daddu c_3,t_1
1668 sltu AT,c_3,t_1 1704 sltu AT,c_3,t_1
1669 daddu t_2,AT 1705 daddu t_2,AT
@@ -1673,12 +1709,12 @@ LEAF(bn_sqr_comba8)
1673 dmultu a_2,a_3 /* mul_add_c2(a[2],b[3],c3,c1,c2); */ 1709 dmultu a_2,a_3 /* mul_add_c2(a[2],b[3],c3,c1,c2); */
1674 mflo t_1 1710 mflo t_1
1675 mfhi t_2 1711 mfhi t_2
1676 daddu c_3,t_1 1712 slt AT,t_2,zero
1677 sltu AT,c_3,t_1
1678 daddu a2,t_2,AT
1679 daddu c_1,a2
1680 sltu AT,c_1,a2
1681 daddu c_2,AT 1713 daddu c_2,AT
1714 dsll t_2,1
1715 slt a2,t_1,zero
1716 daddu t_2,a2
1717 dsll t_1,1
1682 daddu c_3,t_1 1718 daddu c_3,t_1
1683 sltu AT,c_3,t_1 1719 sltu AT,c_3,t_1
1684 daddu t_2,AT 1720 daddu t_2,AT
@@ -1690,24 +1726,26 @@ LEAF(bn_sqr_comba8)
1690 dmultu a_6,a_0 /* mul_add_c2(a[6],b[0],c1,c2,c3); */ 1726 dmultu a_6,a_0 /* mul_add_c2(a[6],b[0],c1,c2,c3); */
1691 mflo t_1 1727 mflo t_1
1692 mfhi t_2 1728 mfhi t_2
1693 daddu c_1,t_1 1729 slt c_3,t_2,zero
1694 sltu AT,c_1,t_1 1730 dsll t_2,1
1695 daddu a2,t_2,AT 1731 slt a2,t_1,zero
1696 daddu c_2,a2 1732 daddu t_2,a2
1733 dsll t_1,1
1697 daddu c_1,t_1 1734 daddu c_1,t_1
1698 sltu AT,c_1,t_1 1735 sltu AT,c_1,t_1
1699 daddu t_2,AT 1736 daddu t_2,AT
1700 daddu c_2,t_2 1737 daddu c_2,t_2
1701 sltu c_3,c_2,t_2 1738 sltu AT,c_2,t_2
1739 daddu c_3,AT
1702 dmultu a_5,a_1 /* mul_add_c2(a[5],b[1],c1,c2,c3); */ 1740 dmultu a_5,a_1 /* mul_add_c2(a[5],b[1],c1,c2,c3); */
1703 mflo t_1 1741 mflo t_1
1704 mfhi t_2 1742 mfhi t_2
1705 daddu c_1,t_1 1743 slt AT,t_2,zero
1706 sltu AT,c_1,t_1
1707 daddu a2,t_2,AT
1708 daddu c_2,a2
1709 sltu AT,c_2,a2
1710 daddu c_3,AT 1744 daddu c_3,AT
1745 dsll t_2,1
1746 slt a2,t_1,zero
1747 daddu t_2,a2
1748 dsll t_1,1
1711 daddu c_1,t_1 1749 daddu c_1,t_1
1712 sltu AT,c_1,t_1 1750 sltu AT,c_1,t_1
1713 daddu t_2,AT 1751 daddu t_2,AT
@@ -1717,12 +1755,12 @@ LEAF(bn_sqr_comba8)
1717 dmultu a_4,a_2 /* mul_add_c2(a[4],b[2],c1,c2,c3); */ 1755 dmultu a_4,a_2 /* mul_add_c2(a[4],b[2],c1,c2,c3); */
1718 mflo t_1 1756 mflo t_1
1719 mfhi t_2 1757 mfhi t_2
1720 daddu c_1,t_1 1758 slt AT,t_2,zero
1721 sltu AT,c_1,t_1
1722 daddu a2,t_2,AT
1723 daddu c_2,a2
1724 sltu AT,c_2,a2
1725 daddu c_3,AT 1759 daddu c_3,AT
1760 dsll t_2,1
1761 slt a2,t_1,zero
1762 daddu t_2,a2
1763 dsll t_1,1
1726 daddu c_1,t_1 1764 daddu c_1,t_1
1727 sltu AT,c_1,t_1 1765 sltu AT,c_1,t_1
1728 daddu t_2,AT 1766 daddu t_2,AT
@@ -1743,24 +1781,26 @@ LEAF(bn_sqr_comba8)
1743 dmultu a_0,a_7 /* mul_add_c2(a[0],b[7],c2,c3,c1); */ 1781 dmultu a_0,a_7 /* mul_add_c2(a[0],b[7],c2,c3,c1); */
1744 mflo t_1 1782 mflo t_1
1745 mfhi t_2 1783 mfhi t_2
1746 daddu c_2,t_1 1784 slt c_1,t_2,zero
1747 sltu AT,c_2,t_1 1785 dsll t_2,1
1748 daddu a2,t_2,AT 1786 slt a2,t_1,zero
1749 daddu c_3,a2 1787 daddu t_2,a2
1788 dsll t_1,1
1750 daddu c_2,t_1 1789 daddu c_2,t_1
1751 sltu AT,c_2,t_1 1790 sltu AT,c_2,t_1
1752 daddu t_2,AT 1791 daddu t_2,AT
1753 daddu c_3,t_2 1792 daddu c_3,t_2
1754 sltu c_1,c_3,t_2 1793 sltu AT,c_3,t_2
1794 daddu c_1,AT
1755 dmultu a_1,a_6 /* mul_add_c2(a[1],b[6],c2,c3,c1); */ 1795 dmultu a_1,a_6 /* mul_add_c2(a[1],b[6],c2,c3,c1); */
1756 mflo t_1 1796 mflo t_1
1757 mfhi t_2 1797 mfhi t_2
1758 daddu c_2,t_1 1798 slt AT,t_2,zero
1759 sltu AT,c_2,t_1
1760 daddu a2,t_2,AT
1761 daddu c_3,a2
1762 sltu AT,c_3,a2
1763 daddu c_1,AT 1799 daddu c_1,AT
1800 dsll t_2,1
1801 slt a2,t_1,zero
1802 daddu t_2,a2
1803 dsll t_1,1
1764 daddu c_2,t_1 1804 daddu c_2,t_1
1765 sltu AT,c_2,t_1 1805 sltu AT,c_2,t_1
1766 daddu t_2,AT 1806 daddu t_2,AT
@@ -1770,12 +1810,12 @@ LEAF(bn_sqr_comba8)
1770 dmultu a_2,a_5 /* mul_add_c2(a[2],b[5],c2,c3,c1); */ 1810 dmultu a_2,a_5 /* mul_add_c2(a[2],b[5],c2,c3,c1); */
1771 mflo t_1 1811 mflo t_1
1772 mfhi t_2 1812 mfhi t_2
1773 daddu c_2,t_1 1813 slt AT,t_2,zero
1774 sltu AT,c_2,t_1
1775 daddu a2,t_2,AT
1776 daddu c_3,a2
1777 sltu AT,c_3,a2
1778 daddu c_1,AT 1814 daddu c_1,AT
1815 dsll t_2,1
1816 slt a2,t_1,zero
1817 daddu t_2,a2
1818 dsll t_1,1
1779 daddu c_2,t_1 1819 daddu c_2,t_1
1780 sltu AT,c_2,t_1 1820 sltu AT,c_2,t_1
1781 daddu t_2,AT 1821 daddu t_2,AT
@@ -1785,12 +1825,12 @@ LEAF(bn_sqr_comba8)
1785 dmultu a_3,a_4 /* mul_add_c2(a[3],b[4],c2,c3,c1); */ 1825 dmultu a_3,a_4 /* mul_add_c2(a[3],b[4],c2,c3,c1); */
1786 mflo t_1 1826 mflo t_1
1787 mfhi t_2 1827 mfhi t_2
1788 daddu c_2,t_1 1828 slt AT,t_2,zero
1789 sltu AT,c_2,t_1
1790 daddu a2,t_2,AT
1791 daddu c_3,a2
1792 sltu AT,c_3,a2
1793 daddu c_1,AT 1829 daddu c_1,AT
1830 dsll t_2,1
1831 slt a2,t_1,zero
1832 daddu t_2,a2
1833 dsll t_1,1
1794 daddu c_2,t_1 1834 daddu c_2,t_1
1795 sltu AT,c_2,t_1 1835 sltu AT,c_2,t_1
1796 daddu t_2,AT 1836 daddu t_2,AT
@@ -1802,24 +1842,26 @@ LEAF(bn_sqr_comba8)
1802 dmultu a_7,a_1 /* mul_add_c2(a[7],b[1],c3,c1,c2); */ 1842 dmultu a_7,a_1 /* mul_add_c2(a[7],b[1],c3,c1,c2); */
1803 mflo t_1 1843 mflo t_1
1804 mfhi t_2 1844 mfhi t_2
1805 daddu c_3,t_1 1845 slt c_2,t_2,zero
1806 sltu AT,c_3,t_1 1846 dsll t_2,1
1807 daddu a2,t_2,AT 1847 slt a2,t_1,zero
1808 daddu c_1,a2 1848 daddu t_2,a2
1849 dsll t_1,1
1809 daddu c_3,t_1 1850 daddu c_3,t_1
1810 sltu AT,c_3,t_1 1851 sltu AT,c_3,t_1
1811 daddu t_2,AT 1852 daddu t_2,AT
1812 daddu c_1,t_2 1853 daddu c_1,t_2
1813 sltu c_2,c_1,t_2 1854 sltu AT,c_1,t_2
1855 daddu c_2,AT
1814 dmultu a_6,a_2 /* mul_add_c2(a[6],b[2],c3,c1,c2); */ 1856 dmultu a_6,a_2 /* mul_add_c2(a[6],b[2],c3,c1,c2); */
1815 mflo t_1 1857 mflo t_1
1816 mfhi t_2 1858 mfhi t_2
1817 daddu c_3,t_1 1859 slt AT,t_2,zero
1818 sltu AT,c_3,t_1
1819 daddu a2,t_2,AT
1820 daddu c_1,a2
1821 sltu AT,c_1,a2
1822 daddu c_2,AT 1860 daddu c_2,AT
1861 dsll t_2,1
1862 slt a2,t_1,zero
1863 daddu t_2,a2
1864 dsll t_1,1
1823 daddu c_3,t_1 1865 daddu c_3,t_1
1824 sltu AT,c_3,t_1 1866 sltu AT,c_3,t_1
1825 daddu t_2,AT 1867 daddu t_2,AT
@@ -1829,12 +1871,12 @@ LEAF(bn_sqr_comba8)
1829 dmultu a_5,a_3 /* mul_add_c2(a[5],b[3],c3,c1,c2); */ 1871 dmultu a_5,a_3 /* mul_add_c2(a[5],b[3],c3,c1,c2); */
1830 mflo t_1 1872 mflo t_1
1831 mfhi t_2 1873 mfhi t_2
1832 daddu c_3,t_1 1874 slt AT,t_2,zero
1833 sltu AT,c_3,t_1
1834 daddu a2,t_2,AT
1835 daddu c_1,a2
1836 sltu AT,c_1,a2
1837 daddu c_2,AT 1875 daddu c_2,AT
1876 dsll t_2,1
1877 slt a2,t_1,zero
1878 daddu t_2,a2
1879 dsll t_1,1
1838 daddu c_3,t_1 1880 daddu c_3,t_1
1839 sltu AT,c_3,t_1 1881 sltu AT,c_3,t_1
1840 daddu t_2,AT 1882 daddu t_2,AT
@@ -1855,24 +1897,26 @@ LEAF(bn_sqr_comba8)
1855 dmultu a_2,a_7 /* mul_add_c2(a[2],b[7],c1,c2,c3); */ 1897 dmultu a_2,a_7 /* mul_add_c2(a[2],b[7],c1,c2,c3); */
1856 mflo t_1 1898 mflo t_1
1857 mfhi t_2 1899 mfhi t_2
1858 daddu c_1,t_1 1900 slt c_3,t_2,zero
1859 sltu AT,c_1,t_1 1901 dsll t_2,1
1860 daddu a2,t_2,AT 1902 slt a2,t_1,zero
1861 daddu c_2,a2 1903 daddu t_2,a2
1904 dsll t_1,1
1862 daddu c_1,t_1 1905 daddu c_1,t_1
1863 sltu AT,c_1,t_1 1906 sltu AT,c_1,t_1
1864 daddu t_2,AT 1907 daddu t_2,AT
1865 daddu c_2,t_2 1908 daddu c_2,t_2
1866 sltu c_3,c_2,t_2 1909 sltu AT,c_2,t_2
1910 daddu c_3,AT
1867 dmultu a_3,a_6 /* mul_add_c2(a[3],b[6],c1,c2,c3); */ 1911 dmultu a_3,a_6 /* mul_add_c2(a[3],b[6],c1,c2,c3); */
1868 mflo t_1 1912 mflo t_1
1869 mfhi t_2 1913 mfhi t_2
1870 daddu c_1,t_1 1914 slt AT,t_2,zero
1871 sltu AT,c_1,t_1
1872 daddu a2,t_2,AT
1873 daddu c_2,a2
1874 sltu AT,c_2,a2
1875 daddu c_3,AT 1915 daddu c_3,AT
1916 dsll t_2,1
1917 slt a2,t_1,zero
1918 daddu t_2,a2
1919 dsll t_1,1
1876 daddu c_1,t_1 1920 daddu c_1,t_1
1877 sltu AT,c_1,t_1 1921 sltu AT,c_1,t_1
1878 daddu t_2,AT 1922 daddu t_2,AT
@@ -1882,12 +1926,12 @@ LEAF(bn_sqr_comba8)
1882 dmultu a_4,a_5 /* mul_add_c2(a[4],b[5],c1,c2,c3); */ 1926 dmultu a_4,a_5 /* mul_add_c2(a[4],b[5],c1,c2,c3); */
1883 mflo t_1 1927 mflo t_1
1884 mfhi t_2 1928 mfhi t_2
1885 daddu c_1,t_1 1929 slt AT,t_2,zero
1886 sltu AT,c_1,t_1
1887 daddu a2,t_2,AT
1888 daddu c_2,a2
1889 sltu AT,c_2,a2
1890 daddu c_3,AT 1930 daddu c_3,AT
1931 dsll t_2,1
1932 slt a2,t_1,zero
1933 daddu t_2,a2
1934 dsll t_1,1
1891 daddu c_1,t_1 1935 daddu c_1,t_1
1892 sltu AT,c_1,t_1 1936 sltu AT,c_1,t_1
1893 daddu t_2,AT 1937 daddu t_2,AT
@@ -1899,24 +1943,26 @@ LEAF(bn_sqr_comba8)
1899 dmultu a_7,a_3 /* mul_add_c2(a[7],b[3],c2,c3,c1); */ 1943 dmultu a_7,a_3 /* mul_add_c2(a[7],b[3],c2,c3,c1); */
1900 mflo t_1 1944 mflo t_1
1901 mfhi t_2 1945 mfhi t_2
1902 daddu c_2,t_1 1946 slt c_1,t_2,zero
1903 sltu AT,c_2,t_1 1947 dsll t_2,1
1904 daddu a2,t_2,AT 1948 slt a2,t_1,zero
1905 daddu c_3,a2 1949 daddu t_2,a2
1950 dsll t_1,1
1906 daddu c_2,t_1 1951 daddu c_2,t_1
1907 sltu AT,c_2,t_1 1952 sltu AT,c_2,t_1
1908 daddu t_2,AT 1953 daddu t_2,AT
1909 daddu c_3,t_2 1954 daddu c_3,t_2
1910 sltu c_1,c_3,t_2 1955 sltu AT,c_3,t_2
1956 daddu c_1,AT
1911 dmultu a_6,a_4 /* mul_add_c2(a[6],b[4],c2,c3,c1); */ 1957 dmultu a_6,a_4 /* mul_add_c2(a[6],b[4],c2,c3,c1); */
1912 mflo t_1 1958 mflo t_1
1913 mfhi t_2 1959 mfhi t_2
1914 daddu c_2,t_1 1960 slt AT,t_2,zero
1915 sltu AT,c_2,t_1
1916 daddu a2,t_2,AT
1917 daddu c_3,a2
1918 sltu AT,c_3,a2
1919 daddu c_1,AT 1961 daddu c_1,AT
1962 dsll t_2,1
1963 slt a2,t_1,zero
1964 daddu t_2,a2
1965 dsll t_1,1
1920 daddu c_2,t_1 1966 daddu c_2,t_1
1921 sltu AT,c_2,t_1 1967 sltu AT,c_2,t_1
1922 daddu t_2,AT 1968 daddu t_2,AT
@@ -1937,24 +1983,26 @@ LEAF(bn_sqr_comba8)
1937 dmultu a_4,a_7 /* mul_add_c2(a[4],b[7],c3,c1,c2); */ 1983 dmultu a_4,a_7 /* mul_add_c2(a[4],b[7],c3,c1,c2); */
1938 mflo t_1 1984 mflo t_1
1939 mfhi t_2 1985 mfhi t_2
1940 daddu c_3,t_1 1986 slt c_2,t_2,zero
1941 sltu AT,c_3,t_1 1987 dsll t_2,1
1942 daddu a2,t_2,AT 1988 slt a2,t_1,zero
1943 daddu c_1,a2 1989 daddu t_2,a2
1990 dsll t_1,1
1944 daddu c_3,t_1 1991 daddu c_3,t_1
1945 sltu AT,c_3,t_1 1992 sltu AT,c_3,t_1
1946 daddu t_2,AT 1993 daddu t_2,AT
1947 daddu c_1,t_2 1994 daddu c_1,t_2
1948 sltu c_2,c_1,t_2 1995 sltu AT,c_1,t_2
1996 daddu c_2,AT
1949 dmultu a_5,a_6 /* mul_add_c2(a[5],b[6],c3,c1,c2); */ 1997 dmultu a_5,a_6 /* mul_add_c2(a[5],b[6],c3,c1,c2); */
1950 mflo t_1 1998 mflo t_1
1951 mfhi t_2 1999 mfhi t_2
1952 daddu c_3,t_1 2000 slt AT,t_2,zero
1953 sltu AT,c_3,t_1
1954 daddu a2,t_2,AT
1955 daddu c_1,a2
1956 sltu AT,c_1,a2
1957 daddu c_2,AT 2001 daddu c_2,AT
2002 dsll t_2,1
2003 slt a2,t_1,zero
2004 daddu t_2,a2
2005 dsll t_1,1
1958 daddu c_3,t_1 2006 daddu c_3,t_1
1959 sltu AT,c_3,t_1 2007 sltu AT,c_3,t_1
1960 daddu t_2,AT 2008 daddu t_2,AT
@@ -1966,15 +2014,17 @@ LEAF(bn_sqr_comba8)
1966 dmultu a_7,a_5 /* mul_add_c2(a[7],b[5],c1,c2,c3); */ 2014 dmultu a_7,a_5 /* mul_add_c2(a[7],b[5],c1,c2,c3); */
1967 mflo t_1 2015 mflo t_1
1968 mfhi t_2 2016 mfhi t_2
1969 daddu c_1,t_1 2017 slt c_3,t_2,zero
1970 sltu AT,c_1,t_1 2018 dsll t_2,1
1971 daddu a2,t_2,AT 2019 slt a2,t_1,zero
1972 daddu c_2,a2 2020 daddu t_2,a2
2021 dsll t_1,1
1973 daddu c_1,t_1 2022 daddu c_1,t_1
1974 sltu AT,c_1,t_1 2023 sltu AT,c_1,t_1
1975 daddu t_2,AT 2024 daddu t_2,AT
1976 daddu c_2,t_2 2025 daddu c_2,t_2
1977 sltu c_3,c_2,t_2 2026 sltu AT,c_2,t_2
2027 daddu c_3,AT
1978 dmultu a_6,a_6 /* mul_add_c(a[6],b[6],c1,c2,c3); */ 2028 dmultu a_6,a_6 /* mul_add_c(a[6],b[6],c1,c2,c3); */
1979 mflo t_1 2029 mflo t_1
1980 mfhi t_2 2030 mfhi t_2
@@ -1989,15 +2039,17 @@ LEAF(bn_sqr_comba8)
1989 dmultu a_6,a_7 /* mul_add_c2(a[6],b[7],c2,c3,c1); */ 2039 dmultu a_6,a_7 /* mul_add_c2(a[6],b[7],c2,c3,c1); */
1990 mflo t_1 2040 mflo t_1
1991 mfhi t_2 2041 mfhi t_2
1992 daddu c_2,t_1 2042 slt c_1,t_2,zero
1993 sltu AT,c_2,t_1 2043 dsll t_2,1
1994 daddu a2,t_2,AT 2044 slt a2,t_1,zero
1995 daddu c_3,a2 2045 daddu t_2,a2
2046 dsll t_1,1
1996 daddu c_2,t_1 2047 daddu c_2,t_1
1997 sltu AT,c_2,t_1 2048 sltu AT,c_2,t_1
1998 daddu t_2,AT 2049 daddu t_2,AT
1999 daddu c_3,t_2 2050 daddu c_3,t_2
2000 sltu c_1,c_3,t_2 2051 sltu AT,c_3,t_2
2052 daddu c_1,AT
2001 sd c_2,104(a0) 2053 sd c_2,104(a0)
2002 2054
2003 dmultu a_7,a_7 /* mul_add_c(a[7],b[7],c3,c1,c2); */ 2055 dmultu a_7,a_7 /* mul_add_c(a[7],b[7],c3,c1,c2); */
@@ -2028,28 +2080,30 @@ LEAF(bn_sqr_comba4)
2028 dmultu a_0,a_1 /* mul_add_c2(a[0],b[1],c2,c3,c1); */ 2080 dmultu a_0,a_1 /* mul_add_c2(a[0],b[1],c2,c3,c1); */
2029 mflo t_1 2081 mflo t_1
2030 mfhi t_2 2082 mfhi t_2
2083 slt c_1,t_2,zero
2084 dsll t_2,1
2085 slt a2,t_1,zero
2086 daddu t_2,a2
2087 dsll t_1,1
2031 daddu c_2,t_1 2088 daddu c_2,t_1
2032 sltu AT,c_2,t_1 2089 sltu AT,c_2,t_1
2033 daddu c_3,t_2,AT 2090 daddu c_3,t_2,AT
2034 daddu c_2,t_1
2035 sltu AT,c_2,t_1
2036 daddu t_2,AT
2037 daddu c_3,t_2
2038 sltu c_1,c_3,t_2
2039 sd c_2,8(a0) 2091 sd c_2,8(a0)
2040 2092
2041 dmultu a_2,a_0 /* mul_add_c2(a[2],b[0],c3,c1,c2); */ 2093 dmultu a_2,a_0 /* mul_add_c2(a[2],b[0],c3,c1,c2); */
2042 mflo t_1 2094 mflo t_1
2043 mfhi t_2 2095 mfhi t_2
2044 daddu c_3,t_1 2096 slt c_2,t_2,zero
2045 sltu AT,c_3,t_1 2097 dsll t_2,1
2046 daddu a2,t_2,AT 2098 slt a2,t_1,zero
2047 daddu c_1,a2 2099 daddu t_2,a2
2100 dsll t_1,1
2048 daddu c_3,t_1 2101 daddu c_3,t_1
2049 sltu AT,c_3,t_1 2102 sltu AT,c_3,t_1
2050 daddu t_2,AT 2103 daddu t_2,AT
2051 daddu c_1,t_2 2104 daddu c_1,t_2
2052 sltu c_2,c_1,t_2 2105 sltu AT,c_1,t_2
2106 daddu c_2,AT
2053 dmultu a_1,a_1 /* mul_add_c(a[1],b[1],c3,c1,c2); */ 2107 dmultu a_1,a_1 /* mul_add_c(a[1],b[1],c3,c1,c2); */
2054 mflo t_1 2108 mflo t_1
2055 mfhi t_2 2109 mfhi t_2
@@ -2064,24 +2118,26 @@ LEAF(bn_sqr_comba4)
2064 dmultu a_0,a_3 /* mul_add_c2(a[0],b[3],c1,c2,c3); */ 2118 dmultu a_0,a_3 /* mul_add_c2(a[0],b[3],c1,c2,c3); */
2065 mflo t_1 2119 mflo t_1
2066 mfhi t_2 2120 mfhi t_2
2067 daddu c_1,t_1 2121 slt c_3,t_2,zero
2068 sltu AT,c_1,t_1 2122 dsll t_2,1
2069 daddu a2,t_2,AT 2123 slt a2,t_1,zero
2070 daddu c_2,a2 2124 daddu t_2,a2
2125 dsll t_1,1
2071 daddu c_1,t_1 2126 daddu c_1,t_1
2072 sltu AT,c_1,t_1 2127 sltu AT,c_1,t_1
2073 daddu t_2,AT 2128 daddu t_2,AT
2074 daddu c_2,t_2 2129 daddu c_2,t_2
2075 sltu c_3,c_2,t_2 2130 sltu AT,c_2,t_2
2131 daddu c_3,AT
2076 dmultu a_1,a_2 /* mul_add_c(a2[1],b[2],c1,c2,c3); */ 2132 dmultu a_1,a_2 /* mul_add_c(a2[1],b[2],c1,c2,c3); */
2077 mflo t_1 2133 mflo t_1
2078 mfhi t_2 2134 mfhi t_2
2079 daddu c_1,t_1 2135 slt AT,t_2,zero
2080 sltu AT,c_1,t_1
2081 daddu a2,t_2,AT
2082 daddu c_2,a2
2083 sltu AT,c_2,a2
2084 daddu c_3,AT 2136 daddu c_3,AT
2137 dsll t_2,1
2138 slt a2,t_1,zero
2139 daddu t_2,a2
2140 dsll t_1,1
2085 daddu c_1,t_1 2141 daddu c_1,t_1
2086 sltu AT,c_1,t_1 2142 sltu AT,c_1,t_1
2087 daddu t_2,AT 2143 daddu t_2,AT
@@ -2093,15 +2149,17 @@ LEAF(bn_sqr_comba4)
2093 dmultu a_3,a_1 /* mul_add_c2(a[3],b[1],c2,c3,c1); */ 2149 dmultu a_3,a_1 /* mul_add_c2(a[3],b[1],c2,c3,c1); */
2094 mflo t_1 2150 mflo t_1
2095 mfhi t_2 2151 mfhi t_2
2096 daddu c_2,t_1 2152 slt c_1,t_2,zero
2097 sltu AT,c_2,t_1 2153 dsll t_2,1
2098 daddu a2,t_2,AT 2154 slt a2,t_1,zero
2099 daddu c_3,a2 2155 daddu t_2,a2
2156 dsll t_1,1
2100 daddu c_2,t_1 2157 daddu c_2,t_1
2101 sltu AT,c_2,t_1 2158 sltu AT,c_2,t_1
2102 daddu t_2,AT 2159 daddu t_2,AT
2103 daddu c_3,t_2 2160 daddu c_3,t_2
2104 sltu c_1,c_3,t_2 2161 sltu AT,c_3,t_2
2162 daddu c_1,AT
2105 dmultu a_2,a_2 /* mul_add_c(a[2],b[2],c2,c3,c1); */ 2163 dmultu a_2,a_2 /* mul_add_c(a[2],b[2],c2,c3,c1); */
2106 mflo t_1 2164 mflo t_1
2107 mfhi t_2 2165 mfhi t_2
@@ -2116,15 +2174,17 @@ LEAF(bn_sqr_comba4)
2116 dmultu a_2,a_3 /* mul_add_c2(a[2],b[3],c3,c1,c2); */ 2174 dmultu a_2,a_3 /* mul_add_c2(a[2],b[3],c3,c1,c2); */
2117 mflo t_1 2175 mflo t_1
2118 mfhi t_2 2176 mfhi t_2
2119 daddu c_3,t_1 2177 slt c_2,t_2,zero
2120 sltu AT,c_3,t_1 2178 dsll t_2,1
2121 daddu a2,t_2,AT 2179 slt a2,t_1,zero
2122 daddu c_1,a2 2180 daddu t_2,a2
2181 dsll t_1,1
2123 daddu c_3,t_1 2182 daddu c_3,t_1
2124 sltu AT,c_3,t_1 2183 sltu AT,c_3,t_1
2125 daddu t_2,AT 2184 daddu t_2,AT
2126 daddu c_1,t_2 2185 daddu c_1,t_2
2127 sltu c_2,c_1,t_2 2186 sltu AT,c_1,t_2
2187 daddu c_2,AT
2128 sd c_3,40(a0) 2188 sd c_3,40(a0)
2129 2189
2130 dmultu a_3,a_3 /* mul_add_c(a[3],b[3],c1,c2,c3); */ 2190 dmultu a_3,a_3 /* mul_add_c(a[3],b[3],c1,c2,c3); */
diff --git a/src/lib/libssl/src/crypto/cryptlib.c b/src/lib/libssl/src/crypto/cryptlib.c
index 9de60fd528..a7a9262133 100644
--- a/src/lib/libssl/src/crypto/cryptlib.c
+++ b/src/lib/libssl/src/crypto/cryptlib.c
@@ -241,7 +241,7 @@ void CRYPTO_destroy_dynlockid(int i)
241 } 241 }
242 else 242 else
243#endif 243#endif
244 if (--(pointer->references) <= 0) 244 if (pointer->references <= 0)
245 { 245 {
246 sk_CRYPTO_dynlock_set(dyn_locks, i, NULL); 246 sk_CRYPTO_dynlock_set(dyn_locks, i, NULL);
247 } 247 }
@@ -396,16 +396,15 @@ void CRYPTO_lock(int mode, int type, const char *file, int line)
396#endif 396#endif
397 if (type < 0) 397 if (type < 0)
398 { 398 {
399 int i = -type - 1;
400 struct CRYPTO_dynlock_value *pointer 399 struct CRYPTO_dynlock_value *pointer
401 = CRYPTO_get_dynlock_value(i); 400 = CRYPTO_get_dynlock_value(type);
402 401
403 if (pointer) 402 if (pointer && dynlock_lock_callback)
404 { 403 {
405 dynlock_lock_callback(mode, pointer, file, line); 404 dynlock_lock_callback(mode, pointer, file, line);
406 } 405 }
407 406
408 CRYPTO_destroy_dynlockid(i); 407 CRYPTO_destroy_dynlockid(type);
409 } 408 }
410 else 409 else
411 if (locking_callback != NULL) 410 if (locking_callback != NULL)
@@ -431,7 +430,6 @@ int CRYPTO_add_lock(int *pointer, int amount, int type, const char *file,
431 CRYPTO_get_lock_name(type), 430 CRYPTO_get_lock_name(type),
432 file,line); 431 file,line);
433#endif 432#endif
434 *pointer=ret;
435 } 433 }
436 else 434 else
437 { 435 {
diff --git a/src/lib/libssl/src/crypto/dsa/dsa.h b/src/lib/libssl/src/crypto/dsa/dsa.h
index 65689a3426..12b60a8faa 100644
--- a/src/lib/libssl/src/crypto/dsa/dsa.h
+++ b/src/lib/libssl/src/crypto/dsa/dsa.h
@@ -248,6 +248,7 @@ DH *DSA_dup_DH(DSA *r);
248 248
249/* Reason codes. */ 249/* Reason codes. */
250#define DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE 100 250#define DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE 100
251#define DSA_R_MISSING_PARAMETERS 101
251 252
252#ifdef __cplusplus 253#ifdef __cplusplus
253} 254}
diff --git a/src/lib/libssl/src/crypto/dsa/dsa_err.c b/src/lib/libssl/src/crypto/dsa/dsa_err.c
index 2b3ab3a9ad..736aeef7c4 100644
--- a/src/lib/libssl/src/crypto/dsa/dsa_err.c
+++ b/src/lib/libssl/src/crypto/dsa/dsa_err.c
@@ -85,6 +85,7 @@ static ERR_STRING_DATA DSA_str_functs[]=
85static ERR_STRING_DATA DSA_str_reasons[]= 85static ERR_STRING_DATA DSA_str_reasons[]=
86 { 86 {
87{DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE ,"data too large for key size"}, 87{DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE ,"data too large for key size"},
88{DSA_R_MISSING_PARAMETERS ,"missing parameters"},
88{0,NULL} 89{0,NULL}
89 }; 90 };
90 91
diff --git a/src/lib/libssl/src/crypto/dsa/dsa_ossl.c b/src/lib/libssl/src/crypto/dsa/dsa_ossl.c
index 5cbbdddfb9..34c6e9a141 100644
--- a/src/lib/libssl/src/crypto/dsa/dsa_ossl.c
+++ b/src/lib/libssl/src/crypto/dsa/dsa_ossl.c
@@ -108,6 +108,11 @@ static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
108 int i,reason=ERR_R_BN_LIB; 108 int i,reason=ERR_R_BN_LIB;
109 DSA_SIG *ret=NULL; 109 DSA_SIG *ret=NULL;
110 110
111 if (!dsa->p || !dsa->q || !dsa->g)
112 {
113 reason=DSA_R_MISSING_PARAMETERS;
114 goto err;
115 }
111 BN_init(&m); 116 BN_init(&m);
112 BN_init(&xr); 117 BN_init(&xr);
113 s=BN_new(); 118 s=BN_new();
@@ -170,6 +175,11 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp)
170 BIGNUM k,*kinv=NULL,*r=NULL; 175 BIGNUM k,*kinv=NULL,*r=NULL;
171 int ret=0; 176 int ret=0;
172 177
178 if (!dsa->p || !dsa->q || !dsa->g)
179 {
180 DSAerr(DSA_F_DSA_SIGN_SETUP,DSA_R_MISSING_PARAMETERS);
181 return 0;
182 }
173 if (ctx_in == NULL) 183 if (ctx_in == NULL)
174 { 184 {
175 if ((ctx=BN_CTX_new()) == NULL) goto err; 185 if ((ctx=BN_CTX_new()) == NULL) goto err;
@@ -233,6 +243,17 @@ static int dsa_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig,
233 BN_init(&u2); 243 BN_init(&u2);
234 BN_init(&t1); 244 BN_init(&t1);
235 245
246 if (BN_is_zero(sig->r) || sig->r->neg || BN_ucmp(sig->r, dsa->q) >= 0)
247 {
248 ret = 0;
249 goto err;
250 }
251 if (BN_is_zero(sig->s) || sig->s->neg || BN_ucmp(sig->s, dsa->q) >= 0)
252 {
253 ret = 0;
254 goto err;
255 }
256
236 /* Calculate W = inv(S) mod Q 257 /* Calculate W = inv(S) mod Q
237 * save W in u2 */ 258 * save W in u2 */
238 if ((BN_mod_inverse(&u2,sig->s,dsa->q,ctx)) == NULL) goto err; 259 if ((BN_mod_inverse(&u2,sig->s,dsa->q,ctx)) == NULL) goto err;
diff --git a/src/lib/libssl/src/crypto/evp/e_bf.c b/src/lib/libssl/src/crypto/evp/e_bf.c
index 72047f64da..53559b0b65 100644
--- a/src/lib/libssl/src/crypto/evp/e_bf.c
+++ b/src/lib/libssl/src/crypto/evp/e_bf.c
@@ -67,7 +67,7 @@ static int bf_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
67 const unsigned char *iv, int enc); 67 const unsigned char *iv, int enc);
68 68
69IMPLEMENT_BLOCK_CIPHER(bf, bf_ks, BF, bf_ks, NID_bf, 8, 16, 8, 69IMPLEMENT_BLOCK_CIPHER(bf, bf_ks, BF, bf_ks, NID_bf, 8, 16, 8,
70 0, bf_init_key, NULL, 70 EVP_CIPH_VARIABLE_LENGTH, bf_init_key, NULL,
71 EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv, NULL) 71 EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv, NULL)
72 72
73static int bf_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, 73static int bf_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
diff --git a/src/lib/libssl/src/crypto/evp/evp.h b/src/lib/libssl/src/crypto/evp/evp.h
index 76d417b44a..fd43127092 100644
--- a/src/lib/libssl/src/crypto/evp/evp.h
+++ b/src/lib/libssl/src/crypto/evp/evp.h
@@ -553,9 +553,9 @@ int EVP_read_pw_string(char *buf,int length,const char *prompt,int verify);
553void EVP_set_pw_prompt(char *prompt); 553void EVP_set_pw_prompt(char *prompt);
554char * EVP_get_pw_prompt(void); 554char * EVP_get_pw_prompt(void);
555 555
556int EVP_BytesToKey(const EVP_CIPHER *type,EVP_MD *md,unsigned char *salt, 556int EVP_BytesToKey(const EVP_CIPHER *type, EVP_MD *md,
557 unsigned char *data, int datal, int count, 557 const unsigned char *salt, const unsigned char *data, int datal,
558 unsigned char *key,unsigned char *iv); 558 int count, unsigned char *key, unsigned char *iv);
559 559
560int EVP_EncryptInit(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *type, 560int EVP_EncryptInit(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *type,
561 unsigned char *key, unsigned char *iv); 561 unsigned char *key, unsigned char *iv);
diff --git a/src/lib/libssl/src/crypto/evp/evp_key.c b/src/lib/libssl/src/crypto/evp/evp_key.c
index 09b72bf4bd..e7434ef9b2 100644
--- a/src/lib/libssl/src/crypto/evp/evp_key.c
+++ b/src/lib/libssl/src/crypto/evp/evp_key.c
@@ -95,9 +95,9 @@ int EVP_read_pw_string(char *buf, int len, const char *prompt, int verify)
95#endif 95#endif
96 } 96 }
97 97
98int EVP_BytesToKey(const EVP_CIPHER *type, EVP_MD *md, unsigned char *salt, 98int EVP_BytesToKey(const EVP_CIPHER *type, EVP_MD *md,
99 unsigned char *data, int datal, int count, unsigned char *key, 99 const unsigned char *salt, const unsigned char *data, int datal,
100 unsigned char *iv) 100 int count, unsigned char *key, unsigned char *iv)
101 { 101 {
102 EVP_MD_CTX c; 102 EVP_MD_CTX c;
103 unsigned char md_buf[EVP_MAX_MD_SIZE]; 103 unsigned char md_buf[EVP_MAX_MD_SIZE];
diff --git a/src/lib/libssl/src/crypto/opensslv.h b/src/lib/libssl/src/crypto/opensslv.h
index dc50f6d7da..4b25018e49 100644
--- a/src/lib/libssl/src/crypto/opensslv.h
+++ b/src/lib/libssl/src/crypto/opensslv.h
@@ -2,7 +2,7 @@
2#define HEADER_OPENSSLV_H 2#define HEADER_OPENSSLV_H
3 3
4/* Numeric release version identifier: 4/* Numeric release version identifier:
5 * MMNNFFPPS: major minor fix patch status 5 * MNNFFPPS: major minor fix patch status
6 * The status nibble has one of the values 0 for development, 1 to e for betas 6 * The status nibble has one of the values 0 for development, 1 to e for betas
7 * 1 to 14, and f for release. The patch level is exactly that. 7 * 1 to 14, and f for release. The patch level is exactly that.
8 * For example: 8 * For example:
@@ -25,8 +25,8 @@
25 * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for 25 * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for
26 * major minor fix final patch/beta) 26 * major minor fix final patch/beta)
27 */ 27 */
28#define OPENSSL_VERSION_NUMBER 0x0090601fL 28#define OPENSSL_VERSION_NUMBER 0x0090602fL
29#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.6a [engine] 5 Apr 2001" 29#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.6b [engine] 9 Jul 2001"
30#define OPENSSL_VERSION_PTEXT " part of " OPENSSL_VERSION_TEXT 30#define OPENSSL_VERSION_PTEXT " part of " OPENSSL_VERSION_TEXT
31 31
32 32
diff --git a/src/lib/libssl/src/crypto/perlasm/x86unix.pl b/src/lib/libssl/src/crypto/perlasm/x86unix.pl
index 309060ea00..10a7af8bff 100644
--- a/src/lib/libssl/src/crypto/perlasm/x86unix.pl
+++ b/src/lib/libssl/src/crypto/perlasm/x86unix.pl
@@ -79,7 +79,7 @@ sub main'DWP
79 local($addr,$reg1,$reg2,$idx)=@_; 79 local($addr,$reg1,$reg2,$idx)=@_;
80 80
81 $ret=""; 81 $ret="";
82 $addr =~ s/(^|[+ \t])([A-Za-z_]+)($|[+ \t])/$1$under$2$3/; 82 $addr =~ s/(^|[+ \t])([A-Za-z_]+[A-Za-z0-9_]+)($|[+ \t])/$1$under$2$3/;
83 $reg1="$regs{$reg1}" if defined($regs{$reg1}); 83 $reg1="$regs{$reg1}" if defined($regs{$reg1});
84 $reg2="$regs{$reg2}" if defined($regs{$reg2}); 84 $reg2="$regs{$reg2}" if defined($regs{$reg2});
85 $ret.=$addr if ($addr ne "") && ($addr ne 0); 85 $ret.=$addr if ($addr ne "") && ($addr ne 0);
diff --git a/src/lib/libssl/src/crypto/rand/md_rand.c b/src/lib/libssl/src/crypto/rand/md_rand.c
index ae57570608..04b9d695b0 100644
--- a/src/lib/libssl/src/crypto/rand/md_rand.c
+++ b/src/lib/libssl/src/crypto/rand/md_rand.c
@@ -141,10 +141,11 @@ static long md_count[2]={0,0};
141static double entropy=0; 141static double entropy=0;
142static int initialized=0; 142static int initialized=0;
143 143
144/* This should be set to 1 only when ssleay_rand_add() is called inside 144static unsigned int crypto_lock_rand = 0; /* may be set only when a thread
145 an already locked state, so it doesn't try to lock and thereby cause 145 * holds CRYPTO_LOCK_RAND
146 a hang. And it should always be reset back to 0 before unlocking. */ 146 * (to prevent double locking) */
147static int add_do_not_lock=0; 147static unsigned long locking_thread = 0; /* valid iff crypto_lock_rand is set */
148
148 149
149#ifdef PREDICT 150#ifdef PREDICT
150int rand_predictable=0; 151int rand_predictable=0;
@@ -191,6 +192,7 @@ static void ssleay_rand_add(const void *buf, int num, double add)
191 long md_c[2]; 192 long md_c[2];
192 unsigned char local_md[MD_DIGEST_LENGTH]; 193 unsigned char local_md[MD_DIGEST_LENGTH];
193 MD_CTX m; 194 MD_CTX m;
195 int do_not_lock;
194 196
195 /* 197 /*
196 * (Based on the rand(3) manpage) 198 * (Based on the rand(3) manpage)
@@ -207,7 +209,10 @@ static void ssleay_rand_add(const void *buf, int num, double add)
207 * hash function. 209 * hash function.
208 */ 210 */
209 211
210 if (!add_do_not_lock) CRYPTO_w_lock(CRYPTO_LOCK_RAND); 212 /* check if we already have the lock */
213 do_not_lock = crypto_lock_rand && (locking_thread == CRYPTO_thread_id());
214
215 if (!do_not_lock) CRYPTO_w_lock(CRYPTO_LOCK_RAND);
211 st_idx=state_index; 216 st_idx=state_index;
212 217
213 /* use our own copies of the counters so that even 218 /* use our own copies of the counters so that even
@@ -239,7 +244,7 @@ static void ssleay_rand_add(const void *buf, int num, double add)
239 244
240 md_count[1] += (num / MD_DIGEST_LENGTH) + (num % MD_DIGEST_LENGTH > 0); 245 md_count[1] += (num / MD_DIGEST_LENGTH) + (num % MD_DIGEST_LENGTH > 0);
241 246
242 if (!add_do_not_lock) CRYPTO_w_unlock(CRYPTO_LOCK_RAND); 247 if (!do_not_lock) CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
243 248
244 for (i=0; i<num; i+=MD_DIGEST_LENGTH) 249 for (i=0; i<num; i+=MD_DIGEST_LENGTH)
245 { 250 {
@@ -281,7 +286,7 @@ static void ssleay_rand_add(const void *buf, int num, double add)
281 } 286 }
282 memset((char *)&m,0,sizeof(m)); 287 memset((char *)&m,0,sizeof(m));
283 288
284 if (!add_do_not_lock) CRYPTO_w_lock(CRYPTO_LOCK_RAND); 289 if (!do_not_lock) CRYPTO_w_lock(CRYPTO_LOCK_RAND);
285 /* Don't just copy back local_md into md -- this could mean that 290 /* Don't just copy back local_md into md -- this could mean that
286 * other thread's seeding remains without effect (except for 291 * other thread's seeding remains without effect (except for
287 * the incremented counter). By XORing it we keep at least as 292 * the incremented counter). By XORing it we keep at least as
@@ -292,7 +297,7 @@ static void ssleay_rand_add(const void *buf, int num, double add)
292 } 297 }
293 if (entropy < ENTROPY_NEEDED) /* stop counting when we have enough */ 298 if (entropy < ENTROPY_NEEDED) /* stop counting when we have enough */
294 entropy += add; 299 entropy += add;
295 if (!add_do_not_lock) CRYPTO_w_unlock(CRYPTO_LOCK_RAND); 300 if (!do_not_lock) CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
296 301
297#if !defined(THREADS) && !defined(WIN32) 302#if !defined(THREADS) && !defined(WIN32)
298 assert(md_c[1] == md_count[1]); 303 assert(md_c[1] == md_count[1]);
@@ -340,28 +345,31 @@ static int ssleay_rand_bytes(unsigned char *buf, int num)
340 * 345 *
341 * For each group of 10 bytes (or less), we do the following: 346 * For each group of 10 bytes (or less), we do the following:
342 * 347 *
343 * Input into the hash function the top 10 bytes from the 348 * Input into the hash function the local 'md' (which is initialized from
344 * local 'md' (which is initialized from the global 'md' 349 * the global 'md' before any bytes are generated), the bytes that are to
345 * before any bytes are generated), the bytes that are 350 * be overwritten by the random bytes, and bytes from the 'state'
346 * to be overwritten by the random bytes, and bytes from the 351 * (incrementing looping index). From this digest output (which is kept
347 * 'state' (incrementing looping index). From this digest output 352 * in 'md'), the top (up to) 10 bytes are returned to the caller and the
348 * (which is kept in 'md'), the top (up to) 10 bytes are 353 * bottom 10 bytes are xored into the 'state'.
349 * returned to the caller and the bottom (up to) 10 bytes are xored 354 *
350 * into the 'state'.
351 * Finally, after we have finished 'num' random bytes for the 355 * Finally, after we have finished 'num' random bytes for the
352 * caller, 'count' (which is incremented) and the local and global 'md' 356 * caller, 'count' (which is incremented) and the local and global 'md'
353 * are fed into the hash function and the results are kept in the 357 * are fed into the hash function and the results are kept in the
354 * global 'md'. 358 * global 'md'.
355 */ 359 */
356 360
357 if (!initialized)
358 RAND_poll();
359
360 CRYPTO_w_lock(CRYPTO_LOCK_RAND); 361 CRYPTO_w_lock(CRYPTO_LOCK_RAND);
361 add_do_not_lock = 1; /* Since we call ssleay_rand_add while in
362 this locked state. */
363 362
364 initialized = 1; 363 /* prevent ssleay_rand_bytes() from trying to obtain the lock again */
364 crypto_lock_rand = 1;
365 locking_thread = CRYPTO_thread_id();
366
367 if (!initialized)
368 {
369 RAND_poll();
370 initialized = 1;
371 }
372
365 if (!stirred_pool) 373 if (!stirred_pool)
366 do_stir_pool = 1; 374 do_stir_pool = 1;
367 375
@@ -387,11 +395,11 @@ static int ssleay_rand_bytes(unsigned char *buf, int num)
387 395
388 if (do_stir_pool) 396 if (do_stir_pool)
389 { 397 {
390 /* Our output function chains only half of 'md', so we better 398 /* In the output function only half of 'md' remains secret,
391 * make sure that the required entropy gets 'evenly distributed' 399 * so we better make sure that the required entropy gets
392 * through 'state', our randomness pool. The input function 400 * 'evenly distributed' through 'state', our randomness pool.
393 * (ssleay_rand_add) chains all of 'md', which makes it more 401 * The input function (ssleay_rand_add) chains all of 'md',
394 * suitable for this purpose. 402 * which makes it more suitable for this purpose.
395 */ 403 */
396 404
397 int n = STATE_SIZE; /* so that the complete pool gets accessed */ 405 int n = STATE_SIZE; /* so that the complete pool gets accessed */
@@ -425,8 +433,9 @@ static int ssleay_rand_bytes(unsigned char *buf, int num)
425 433
426 md_count[0] += 1; 434 md_count[0] += 1;
427 435
428 add_do_not_lock = 0; /* If this would ever be forgotten, we can 436 /* before unlocking, we must clear 'crypto_lock_rand' */
429 expect any evil god to eat our souls. */ 437 crypto_lock_rand = 0;
438 locking_thread = 0;
430 CRYPTO_w_unlock(CRYPTO_LOCK_RAND); 439 CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
431 440
432 while (num > 0) 441 while (num > 0)
@@ -492,11 +501,12 @@ static int ssleay_rand_bytes(unsigned char *buf, int num)
492static int ssleay_rand_pseudo_bytes(unsigned char *buf, int num) 501static int ssleay_rand_pseudo_bytes(unsigned char *buf, int num)
493 { 502 {
494 int ret; 503 int ret;
504 unsigned long err;
495 505
496 ret = RAND_bytes(buf, num); 506 ret = RAND_bytes(buf, num);
497 if (ret == 0) 507 if (ret == 0)
498 { 508 {
499 long err = ERR_peek_error(); 509 err = ERR_peek_error();
500 if (ERR_GET_LIB(err) == ERR_LIB_RAND && 510 if (ERR_GET_LIB(err) == ERR_LIB_RAND &&
501 ERR_GET_REASON(err) == RAND_R_PRNG_NOT_SEEDED) 511 ERR_GET_REASON(err) == RAND_R_PRNG_NOT_SEEDED)
502 (void)ERR_get_error(); 512 (void)ERR_get_error();
@@ -507,14 +517,37 @@ static int ssleay_rand_pseudo_bytes(unsigned char *buf, int num)
507static int ssleay_rand_status(void) 517static int ssleay_rand_status(void)
508 { 518 {
509 int ret; 519 int ret;
520 int do_not_lock;
510 521
522 /* check if we already have the lock
523 * (could happen if a RAND_poll() implementation calls RAND_status()) */
524 do_not_lock = crypto_lock_rand && (locking_thread == CRYPTO_thread_id());
525
526 if (!do_not_lock)
527 {
528 CRYPTO_w_lock(CRYPTO_LOCK_RAND);
529
530 /* prevent ssleay_rand_bytes() from trying to obtain the lock again */
531 crypto_lock_rand = 1;
532 locking_thread = CRYPTO_thread_id();
533 }
534
511 if (!initialized) 535 if (!initialized)
536 {
512 RAND_poll(); 537 RAND_poll();
538 initialized = 1;
539 }
513 540
514 CRYPTO_w_lock(CRYPTO_LOCK_RAND);
515 initialized = 1;
516 ret = entropy >= ENTROPY_NEEDED; 541 ret = entropy >= ENTROPY_NEEDED;
517 CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
518 542
543 if (!do_not_lock)
544 {
545 /* before unlocking, we must clear 'crypto_lock_rand' */
546 crypto_lock_rand = 0;
547 locking_thread = 0;
548
549 CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
550 }
551
519 return ret; 552 return ret;
520 } 553 }
diff --git a/src/lib/libssl/src/crypto/rand/randfile.c b/src/lib/libssl/src/crypto/rand/randfile.c
index f4376cf8cc..2ffb84c89e 100644
--- a/src/lib/libssl/src/crypto/rand/randfile.c
+++ b/src/lib/libssl/src/crypto/rand/randfile.c
@@ -233,6 +233,12 @@ const char *RAND_file_name(char *buf, size_t size)
233 { 233 {
234 if (issetugid() == 0) 234 if (issetugid() == 0)
235 s=getenv("HOME"); 235 s=getenv("HOME");
236#ifdef DEFAULT_HOME
237 if (s == NULL)
238 {
239 s = DEFAULT_HOME;
240 }
241#endif
236 if (s && *s && strlen(s)+strlen(RFILE)+2 < size) 242 if (s && *s && strlen(s)+strlen(RFILE)+2 < size)
237 { 243 {
238 strlcpy(buf,s,size); 244 strlcpy(buf,s,size);
@@ -242,7 +248,7 @@ const char *RAND_file_name(char *buf, size_t size)
242 strlcat(buf,RFILE,size); 248 strlcat(buf,RFILE,size);
243 ret=buf; 249 ret=buf;
244 } 250 }
245 else 251 else
246 buf[0] = '\0'; /* no file name */ 252 buf[0] = '\0'; /* no file name */
247 } 253 }
248 254
diff --git a/src/lib/libssl/src/crypto/rsa/rsa_oaep.c b/src/lib/libssl/src/crypto/rsa/rsa_oaep.c
index fd0b7f361f..1849e55cd5 100644
--- a/src/lib/libssl/src/crypto/rsa/rsa_oaep.c
+++ b/src/lib/libssl/src/crypto/rsa/rsa_oaep.c
@@ -77,14 +77,16 @@ int RSA_padding_check_PKCS1_OAEP(unsigned char *to, int tlen,
77 int i, dblen, mlen = -1; 77 int i, dblen, mlen = -1;
78 unsigned char *maskeddb; 78 unsigned char *maskeddb;
79 int lzero; 79 int lzero;
80 unsigned char *db, seed[SHA_DIGEST_LENGTH], phash[SHA_DIGEST_LENGTH]; 80 unsigned char *db = NULL, seed[SHA_DIGEST_LENGTH], phash[SHA_DIGEST_LENGTH];
81 81
82 if (--num < 2 * SHA_DIGEST_LENGTH + 1) 82 if (--num < 2 * SHA_DIGEST_LENGTH + 1)
83 { 83 goto decoding_err;
84 RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP, RSA_R_OAEP_DECODING_ERROR);
85 return (-1);
86 }
87 84
85 lzero = num - flen;
86 if (lzero < 0)
87 goto decoding_err;
88 maskeddb = from - lzero + SHA_DIGEST_LENGTH;
89
88 dblen = num - SHA_DIGEST_LENGTH; 90 dblen = num - SHA_DIGEST_LENGTH;
89 db = OPENSSL_malloc(dblen); 91 db = OPENSSL_malloc(dblen);
90 if (db == NULL) 92 if (db == NULL)
@@ -93,9 +95,6 @@ int RSA_padding_check_PKCS1_OAEP(unsigned char *to, int tlen,
93 return (-1); 95 return (-1);
94 } 96 }
95 97
96 lzero = num - flen;
97 maskeddb = from - lzero + SHA_DIGEST_LENGTH;
98
99 MGF1(seed, SHA_DIGEST_LENGTH, maskeddb, dblen); 98 MGF1(seed, SHA_DIGEST_LENGTH, maskeddb, dblen);
100 for (i = lzero; i < SHA_DIGEST_LENGTH; i++) 99 for (i = lzero; i < SHA_DIGEST_LENGTH; i++)
101 seed[i] ^= from[i - lzero]; 100 seed[i] ^= from[i - lzero];
@@ -107,21 +106,20 @@ int RSA_padding_check_PKCS1_OAEP(unsigned char *to, int tlen,
107 SHA1(param, plen, phash); 106 SHA1(param, plen, phash);
108 107
109 if (memcmp(db, phash, SHA_DIGEST_LENGTH) != 0) 108 if (memcmp(db, phash, SHA_DIGEST_LENGTH) != 0)
110 RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP, RSA_R_OAEP_DECODING_ERROR); 109 goto decoding_err;
111 else 110 else
112 { 111 {
113 for (i = SHA_DIGEST_LENGTH; i < dblen; i++) 112 for (i = SHA_DIGEST_LENGTH; i < dblen; i++)
114 if (db[i] != 0x00) 113 if (db[i] != 0x00)
115 break; 114 break;
116 if (db[i] != 0x01 || i++ >= dblen) 115 if (db[i] != 0x01 || i++ >= dblen)
117 RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP, 116 goto decoding_err;
118 RSA_R_OAEP_DECODING_ERROR);
119 else 117 else
120 { 118 {
121 mlen = dblen - i; 119 mlen = dblen - i;
122 if (tlen < mlen) 120 if (tlen < mlen)
123 { 121 {
124 RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_OAEP, RSA_R_DATA_TOO_LARGE); 122 RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP, RSA_R_DATA_TOO_LARGE);
125 mlen = -1; 123 mlen = -1;
126 } 124 }
127 else 125 else
@@ -130,6 +128,13 @@ int RSA_padding_check_PKCS1_OAEP(unsigned char *to, int tlen,
130 } 128 }
131 OPENSSL_free(db); 129 OPENSSL_free(db);
132 return (mlen); 130 return (mlen);
131
132decoding_err:
133 /* to avoid chosen ciphertext attacks, the error message should not reveal
134 * which kind of decoding error happened */
135 RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP, RSA_R_OAEP_DECODING_ERROR);
136 if (db != NULL) OPENSSL_free(db);
137 return -1;
133 } 138 }
134 139
135int MGF1(unsigned char *mask, long len, unsigned char *seed, long seedlen) 140int MGF1(unsigned char *mask, long len, unsigned char *seed, long seedlen)
diff --git a/src/lib/libssl/src/crypto/x509/x509_obj.c b/src/lib/libssl/src/crypto/x509/x509_obj.c
index 6a3ba8eb15..f0271fdfa1 100644
--- a/src/lib/libssl/src/crypto/x509/x509_obj.c
+++ b/src/lib/libssl/src/crypto/x509/x509_obj.c
@@ -214,6 +214,8 @@ int i;
214 } 214 }
215 else 215 else
216 p=buf; 216 p=buf;
217 if (i == 0)
218 *p = '\0';
217 return(p); 219 return(p);
218err: 220err:
219 X509err(X509_F_X509_NAME_ONELINE,ERR_R_MALLOC_FAILURE); 221 X509err(X509_F_X509_NAME_ONELINE,ERR_R_MALLOC_FAILURE);
diff --git a/src/lib/libssl/src/crypto/x509/x509_trs.c b/src/lib/libssl/src/crypto/x509/x509_trs.c
index a7b1543461..86b3b79dcc 100644
--- a/src/lib/libssl/src/crypto/x509/x509_trs.c
+++ b/src/lib/libssl/src/crypto/x509/x509_trs.c
@@ -228,7 +228,8 @@ int X509_TRUST_get_trust(X509_TRUST *xp)
228 228
229static int trust_1oidany(X509_TRUST *trust, X509 *x, int flags) 229static int trust_1oidany(X509_TRUST *trust, X509 *x, int flags)
230{ 230{
231 if(x->aux) return obj_trust(trust->arg1, x, flags); 231 if(x->aux && (x->aux->trust || x->aux->reject))
232 return obj_trust(trust->arg1, x, flags);
232 /* we don't have any trust settings: for compatibility 233 /* we don't have any trust settings: for compatibility
233 * we return trusted if it is self signed 234 * we return trusted if it is self signed
234 */ 235 */
diff --git a/src/lib/libssl/src/doc/apps/enc.pod b/src/lib/libssl/src/doc/apps/enc.pod
index e436ccc37e..a68ddca139 100644
--- a/src/lib/libssl/src/doc/apps/enc.pod
+++ b/src/lib/libssl/src/doc/apps/enc.pod
@@ -96,12 +96,18 @@ of hex digits.
96=item B<-K key> 96=item B<-K key>
97 97
98the actual key to use: this must be represented as a string comprised only 98the actual key to use: this must be represented as a string comprised only
99of hex digits. 99of hex digits. If only the key is specified, the IV must additionally specified
100using the B<-iv> option. When both a key and a password are specified, the
101key given with the B<-K> option will be used and the IV generated from the
102password will be taken. It probably does not make much sense to specify
103both key and password.
100 104
101=item B<-iv IV> 105=item B<-iv IV>
102 106
103the actual IV to use: this must be represented as a string comprised only 107the actual IV to use: this must be represented as a string comprised only
104of hex digits. 108of hex digits. When only the key is specified using the B<-K> option, the
109IV must explicitly be defined. When a password is being specified using
110one of the other options, the IV is generated from this password.
105 111
106=item B<-p> 112=item B<-p>
107 113
diff --git a/src/lib/libssl/src/doc/apps/rsautl.pod b/src/lib/libssl/src/doc/apps/rsautl.pod
index 7a334bc8d6..a7c1681d98 100644
--- a/src/lib/libssl/src/doc/apps/rsautl.pod
+++ b/src/lib/libssl/src/doc/apps/rsautl.pod
@@ -101,11 +101,11 @@ Sign some data using a private key:
101 101
102Recover the signed data 102Recover the signed data
103 103
104 openssl rsautl -sign -in sig -inkey key.pem 104 openssl rsautl -verify -in sig -inkey key.pem
105 105
106Examine the raw signed data: 106Examine the raw signed data:
107 107
108 openssl rsautl -sign -in file -inkey key.pem -raw -hexdump 108 openssl rsautl -verify -in file -inkey key.pem -raw -hexdump
109 109
110 0000 - 00 01 ff ff ff ff ff ff-ff ff ff ff ff ff ff ff ................ 110 0000 - 00 01 ff ff ff ff ff ff-ff ff ff ff ff ff ff ff ................
111 0010 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff ................ 111 0010 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff ................
diff --git a/src/lib/libssl/src/doc/apps/s_server.pod b/src/lib/libssl/src/doc/apps/s_server.pod
index 419383b55d..313116ab66 100644
--- a/src/lib/libssl/src/doc/apps/s_server.pod
+++ b/src/lib/libssl/src/doc/apps/s_server.pod
@@ -7,7 +7,7 @@ s_server - SSL/TLS server program
7 7
8=head1 SYNOPSIS 8=head1 SYNOPSIS
9 9
10B<openssl> B<s_client> 10B<openssl> B<s_server>
11[B<-accept port>] 11[B<-accept port>]
12[B<-context id>] 12[B<-context id>]
13[B<-verify depth>] 13[B<-verify depth>]
diff --git a/src/lib/libssl/src/doc/crypto/bio.pod b/src/lib/libssl/src/doc/crypto/bio.pod
index 24f61dfb56..f9239226ff 100644
--- a/src/lib/libssl/src/doc/crypto/bio.pod
+++ b/src/lib/libssl/src/doc/crypto/bio.pod
@@ -40,7 +40,7 @@ BIO).
40=head1 SEE ALSO 40=head1 SEE ALSO
41 41
42L<BIO_ctrl(3)|BIO_ctrl(3)>, 42L<BIO_ctrl(3)|BIO_ctrl(3)>,
43L<BIO_f_base64(3)|BIO_f_base64(3)>, 43L<BIO_f_base64(3)|BIO_f_base64(3)>, L<BIO_f_buffer(3)|BIO_f_buffer(3)>,
44L<BIO_f_cipher(3)|BIO_f_cipher(3)>, L<BIO_f_md(3)|BIO_f_md(3)>, 44L<BIO_f_cipher(3)|BIO_f_cipher(3)>, L<BIO_f_md(3)|BIO_f_md(3)>,
45L<BIO_f_null(3)|BIO_f_null(3)>, L<BIO_f_ssl(3)|BIO_f_ssl(3)>, 45L<BIO_f_null(3)|BIO_f_null(3)>, L<BIO_f_ssl(3)|BIO_f_ssl(3)>,
46L<BIO_find_type(3)|BIO_find_type(3)>, L<BIO_new(3)|BIO_new(3)>, 46L<BIO_find_type(3)|BIO_find_type(3)>, L<BIO_new(3)|BIO_new(3)>,
diff --git a/src/lib/libssl/src/doc/crypto/rand.pod b/src/lib/libssl/src/doc/crypto/rand.pod
index 9545f0e109..96901f109e 100644
--- a/src/lib/libssl/src/doc/crypto/rand.pod
+++ b/src/lib/libssl/src/doc/crypto/rand.pod
@@ -127,13 +127,12 @@ function and xor).
127When bytes are extracted from the RNG, the following process is used. 127When bytes are extracted from the RNG, the following process is used.
128For each group of 10 bytes (or less), we do the following: 128For each group of 10 bytes (or less), we do the following:
129 129
130Input into the hash function the top 10 bytes from the local 'md' 130Input into the hash function the local 'md' (which is initialized from
131(which is initialized from the global 'md' before any bytes are 131the global 'md' before any bytes are generated), the bytes that are to
132generated), the bytes that are to be overwritten by the random bytes, 132be overwritten by the random bytes, and bytes from the 'state'
133and bytes from the 'state' (incrementing looping index). From this 133(incrementing looping index). From this digest output (which is kept
134digest output (which is kept in 'md'), the top (up to) 10 bytes are 134in 'md'), the top (up to) 10 bytes are returned to the caller and the
135returned to the caller and the bottom (up to) 10 bytes are xored into 135bottom 10 bytes are xored into the 'state'.
136the 'state'.
137 136
138Finally, after we have finished 'num' random bytes for the caller, 137Finally, after we have finished 'num' random bytes for the caller,
139'count' (which is incremented) and the local and global 'md' are fed 138'count' (which is incremented) and the local and global 'md' are fed
diff --git a/src/lib/libssl/src/doc/ssl/SSL_CTX_get_ex_new_index.pod b/src/lib/libssl/src/doc/ssl/SSL_CTX_get_ex_new_index.pod
index 15067438c8..5686faf299 100644
--- a/src/lib/libssl/src/doc/ssl/SSL_CTX_get_ex_new_index.pod
+++ b/src/lib/libssl/src/doc/ssl/SSL_CTX_get_ex_new_index.pod
@@ -40,7 +40,7 @@ SSL_CTX_get_ex_data() is used to retrieve the information for B<idx> from
40B<ctx>. 40B<ctx>.
41 41
42A detailed description for the B<*_get_ex_new_index()> functionality 42A detailed description for the B<*_get_ex_new_index()> functionality
43can be found in L<RSA_get_ex_new_index.pod(3)|RSA_get_ex_new_index.pod(3)>. 43can be found in L<RSA_get_ex_new_index(3)|RSA_get_ex_new_index(3)>.
44The B<*_get_ex_data()> and B<*_set_ex_data()> functionality is described in 44The B<*_get_ex_data()> and B<*_set_ex_data()> functionality is described in
45L<CRYPTO_set_ex_data(3)|CRYPTO_set_ex_data(3)>. 45L<CRYPTO_set_ex_data(3)|CRYPTO_set_ex_data(3)>.
46 46
diff --git a/src/lib/libssl/src/doc/ssl/SSL_CTX_load_verify_locations.pod b/src/lib/libssl/src/doc/ssl/SSL_CTX_load_verify_locations.pod
index 88f18bd5ff..0f63537e78 100644
--- a/src/lib/libssl/src/doc/ssl/SSL_CTX_load_verify_locations.pod
+++ b/src/lib/libssl/src/doc/ssl/SSL_CTX_load_verify_locations.pod
@@ -33,10 +33,6 @@ which can be used e.g. for descriptions of the certificates.
33The B<CAfile> is processed on execution of the SSL_CTX_load_verify_locations() 33The B<CAfile> is processed on execution of the SSL_CTX_load_verify_locations()
34function. 34function.
35 35
36If on an TLS/SSL server no special setting is performed using *client_CA_list()
37functions, the certificates contained in B<CAfile> are listed to the client
38as available CAs during the TLS/SSL handshake.
39
40If B<CApath> is not NULL, it points to a directory containing CA certificates 36If B<CApath> is not NULL, it points to a directory containing CA certificates
41in PEM format. The files each contain one CA certificate. The files are 37in PEM format. The files each contain one CA certificate. The files are
42looked up by the CA subject name hash value, which must hence be available. 38looked up by the CA subject name hash value, which must hence be available.
@@ -50,9 +46,6 @@ The certificates in B<CApath> are only looked up when required, e.g. when
50building the certificate chain or when actually performing the verification 46building the certificate chain or when actually performing the verification
51of a peer certificate. 47of a peer certificate.
52 48
53On a server, the certificates in B<CApath> are not listed as available
54CA certificates to a client during a TLS/SSL handshake.
55
56When looking up CA certificates, the OpenSSL library will first search the 49When looking up CA certificates, the OpenSSL library will first search the
57certificates in B<CAfile>, then those in B<CApath>. Certificate matching 50certificates in B<CAfile>, then those in B<CApath>. Certificate matching
58is done based on the subject name, the key identifier (if present), and the 51is done based on the subject name, the key identifier (if present), and the
@@ -62,6 +55,13 @@ matching the parameters is found, the verification process will be performed;
62no other certificates for the same parameters will be searched in case of 55no other certificates for the same parameters will be searched in case of
63failure. 56failure.
64 57
58In server mode, when requesting a client certificate, the server must send
59the list of CAs of which it will accept client certificates. This list
60is not influenced by the contents of B<CAfile> or B<CApath> and must
61explicitely be set using the
62L<SSL_CTX_set_client_CA_list(3)|SSL_CTX_set_client_CA_list(3)>
63family of functions.
64
65When building its own certificate chain, an OpenSSL client/server will 65When building its own certificate chain, an OpenSSL client/server will
66try to fill in missing certificates from B<CAfile>/B<CApath>, if the 66try to fill in missing certificates from B<CAfile>/B<CApath>, if the
67certificate chain was not explicitly specified (see 67certificate chain was not explicitly specified (see
diff --git a/src/lib/libssl/src/doc/ssl/SSL_CTX_set_client_CA_list.pod b/src/lib/libssl/src/doc/ssl/SSL_CTX_set_client_CA_list.pod
index 81e312761e..632b556d12 100644
--- a/src/lib/libssl/src/doc/ssl/SSL_CTX_set_client_CA_list.pod
+++ b/src/lib/libssl/src/doc/ssl/SSL_CTX_set_client_CA_list.pod
@@ -36,25 +36,23 @@ the chosen B<ssl>, overriding the setting valid for B<ssl>'s SSL_CTX object.
36 36
37When a TLS/SSL server requests a client certificate (see 37When a TLS/SSL server requests a client certificate (see
38B<SSL_CTX_set_verify_options()>), it sends a list of CAs, for which 38B<SSL_CTX_set_verify_options()>), it sends a list of CAs, for which
39it will accept certificates, to the client. If no special list is provided, 39it will accept certificates, to the client.
40the CAs available using the B<CAfile> option in
41L<SSL_CTX_load_verify_locations(3)|SSL_CTX_load_verify_locations(3)>
42are sent.
43 40
44This list can be explicitly set using the SSL_CTX_set_client_CA_list() for 41This list must explicitly be set using SSL_CTX_set_client_CA_list() for
45B<ctx> and SSL_set_client_CA_list() for the specific B<ssl>. The list 42B<ctx> and SSL_set_client_CA_list() for the specific B<ssl>. The list
46specified overrides the previous setting. The CAs listed do not become 43specified overrides the previous setting. The CAs listed do not become
47trusted (B<list> only contains the names, not the complete certificates); use 44trusted (B<list> only contains the names, not the complete certificates); use
48L<SSL_CTX_load_verify_locations(3)|SSL_CTX_load_verify_locations(3)> 45L<SSL_CTX_load_verify_locations(3)|SSL_CTX_load_verify_locations(3)>
49to additionally load them for verification. 46to additionally load them for verification.
50 47
48If the list of acceptable CAs is compiled in a file, the
49L<SSL_load_client_CA_file(3)|SSL_load_client_CA_file(3)>
50function can be used to help importing the necessary data.
51
51SSL_CTX_add_client_CA() and SSL_add_client_CA() can be used to add additional 52SSL_CTX_add_client_CA() and SSL_add_client_CA() can be used to add additional
52items the list of client CAs. If no list was specified before using 53items the list of client CAs. If no list was specified before using
53SSL_CTX_set_client_CA_list() or SSL_set_client_CA_list(), a new client 54SSL_CTX_set_client_CA_list() or SSL_set_client_CA_list(), a new client
54CA list for B<ctx> or B<ssl> (as appropriate) is opened. The CAs implicitly 55CA list for B<ctx> or B<ssl> (as appropriate) is opened.
55specified using
56L<SSL_CTX_load_verify_locations(3)|SSL_CTX_load_verify_locations(3)>
57are no longer used automatically.
58 56
59These functions are only useful for TLS/SSL servers. 57These functions are only useful for TLS/SSL servers.
60 58
@@ -80,11 +78,17 @@ to find out the reason.
80 78
81=back 79=back
82 80
81=head1 EXAMPLES
82
83Scan all certificates in B<CAfile> and list them as acceptable CAs:
84
85 SSL_CTX_set_client_CA_list(ctx,SSL_load_client_CA_file(CAfile));
86
83=head1 SEE ALSO 87=head1 SEE ALSO
84 88
85L<ssl(3)|ssl(3)>, 89L<ssl(3)|ssl(3)>,
86L<SSL_get_client_CA_list(3)|SSL_get_client_CA_list(3)>, 90L<SSL_get_client_CA_list(3)|SSL_get_client_CA_list(3)>,
87L<SSL_load_client_CA_file(3)|SSL_load_client_CA_file(3)> 91L<SSL_load_client_CA_file(3)|SSL_load_client_CA_file(3)>,
88L<SSL_CTX_load_verify_locations(3)|SSL_CTX_load_verify_locations(3)> 92L<SSL_CTX_load_verify_locations(3)|SSL_CTX_load_verify_locations(3)>
89 93
90=cut 94=cut
diff --git a/src/lib/libssl/src/doc/ssl/SSL_CTX_set_session_cache_mode.pod b/src/lib/libssl/src/doc/ssl/SSL_CTX_set_session_cache_mode.pod
index 083766f8d0..8bbfc78720 100644
--- a/src/lib/libssl/src/doc/ssl/SSL_CTX_set_session_cache_mode.pod
+++ b/src/lib/libssl/src/doc/ssl/SSL_CTX_set_session_cache_mode.pod
@@ -101,7 +101,7 @@ L<SSL_CTX_sess_number(3)|SSL_CTX_sess_number(3)>,
101L<SSL_CTX_sess_set_cache_size(3)|SSL_CTX_sess_set_cache_size(3)>, 101L<SSL_CTX_sess_set_cache_size(3)|SSL_CTX_sess_set_cache_size(3)>,
102L<SSL_CTX_sess_set_get_cb(3)|SSL_CTX_sess_set_get_cb(3)>, 102L<SSL_CTX_sess_set_get_cb(3)|SSL_CTX_sess_set_get_cb(3)>,
103L<SSL_CTX_set_session_id_context(3)|SSL_CTX_set_session_id_context(3)>, 103L<SSL_CTX_set_session_id_context(3)|SSL_CTX_set_session_id_context(3)>,
104L<SSL_CTX_set_timeout.pod(3)|SSL_CTX_set_timeout.pod(3)>, 104L<SSL_CTX_set_timeout(3)|SSL_CTX_set_timeout(3)>,
105L<SSL_CTX_flush_sessions(3)|SSL_CTX_flush_sessions(3)> 105L<SSL_CTX_flush_sessions(3)|SSL_CTX_flush_sessions(3)>
106 106
107=cut 107=cut
diff --git a/src/lib/libssl/src/doc/ssl/SSL_SESSION_get_ex_new_index.pod b/src/lib/libssl/src/doc/ssl/SSL_SESSION_get_ex_new_index.pod
index dd5cb4f04b..da0bcf1590 100644
--- a/src/lib/libssl/src/doc/ssl/SSL_SESSION_get_ex_new_index.pod
+++ b/src/lib/libssl/src/doc/ssl/SSL_SESSION_get_ex_new_index.pod
@@ -40,7 +40,7 @@ SSL_SESSION_get_ex_data() is used to retrieve the information for B<idx> from
40B<session>. 40B<session>.
41 41
42A detailed description for the B<*_get_ex_new_index()> functionality 42A detailed description for the B<*_get_ex_new_index()> functionality
43can be found in L<RSA_get_ex_new_index.pod(3)|RSA_get_ex_new_index.pod(3)>. 43can be found in L<RSA_get_ex_new_index(3)|RSA_get_ex_new_index(3)>.
44The B<*_get_ex_data()> and B<*_set_ex_data()> functionality is described in 44The B<*_get_ex_data()> and B<*_set_ex_data()> functionality is described in
45L<CRYPTO_set_ex_data(3)|CRYPTO_set_ex_data(3)>. 45L<CRYPTO_set_ex_data(3)|CRYPTO_set_ex_data(3)>.
46 46
diff --git a/src/lib/libssl/src/doc/ssl/SSL_get_error.pod b/src/lib/libssl/src/doc/ssl/SSL_get_error.pod
index fefaf61936..d95eec78aa 100644
--- a/src/lib/libssl/src/doc/ssl/SSL_get_error.pod
+++ b/src/lib/libssl/src/doc/ssl/SSL_get_error.pod
@@ -69,6 +69,17 @@ to read data. This is mainly because TLS/SSL handshakes may occur at any
69time during the protocol (initiated by either the client or the server); 69time during the protocol (initiated by either the client or the server);
70SSL_read(), SSL_peek(), and SSL_write() will handle any pending handshakes. 70SSL_read(), SSL_peek(), and SSL_write() will handle any pending handshakes.
71 71
72=item SSL_ERROR_WANT_CONNECT
73
74The operation did not complete; the same TLS/SSL I/O function should be
75called again later. The underlying BIO was not connected yet to the peer
76and the call would block in connect(). The SSL function should be
77called again when the connection is established. This messages can only
78appear with a BIO_s_connect() BIO.
79In order to find out, when the connection has been successfully established,
80on many platforms select() or poll() for writing on the socket file descriptor
81can be used.
82
72=item SSL_ERROR_WANT_X509_LOOKUP 83=item SSL_ERROR_WANT_X509_LOOKUP
73 84
74The operation did not complete because an application callback set by 85The operation did not complete because an application callback set by
diff --git a/src/lib/libssl/src/doc/ssl/SSL_get_ex_new_index.pod b/src/lib/libssl/src/doc/ssl/SSL_get_ex_new_index.pod
index 2b69bb1050..6644ef8fbc 100644
--- a/src/lib/libssl/src/doc/ssl/SSL_get_ex_new_index.pod
+++ b/src/lib/libssl/src/doc/ssl/SSL_get_ex_new_index.pod
@@ -40,7 +40,7 @@ SSL_get_ex_data() is used to retrieve the information for B<idx> from
40B<ssl>. 40B<ssl>.
41 41
42A detailed description for the B<*_get_ex_new_index()> functionality 42A detailed description for the B<*_get_ex_new_index()> functionality
43can be found in L<RSA_get_ex_new_index.pod(3)|RSA_get_ex_new_index.pod(3)>. 43can be found in L<RSA_get_ex_new_index(3)|RSA_get_ex_new_index(3)>.
44The B<*_get_ex_data()> and B<*_set_ex_data()> functionality is described in 44The B<*_get_ex_data()> and B<*_set_ex_data()> functionality is described in
45L<CRYPTO_set_ex_data(3)|CRYPTO_set_ex_data(3)>. 45L<CRYPTO_set_ex_data(3)|CRYPTO_set_ex_data(3)>.
46 46
diff --git a/src/lib/libssl/src/doc/ssl/SSL_get_peer_certificate.pod b/src/lib/libssl/src/doc/ssl/SSL_get_peer_certificate.pod
index 1102c7fba9..18d1db5183 100644
--- a/src/lib/libssl/src/doc/ssl/SSL_get_peer_certificate.pod
+++ b/src/lib/libssl/src/doc/ssl/SSL_get_peer_certificate.pod
@@ -17,6 +17,12 @@ peer presented. If the peer did not present a certificate, NULL is returned.
17 17
18=head1 NOTES 18=head1 NOTES
19 19
20Due to the protocol definition, a TLS/SSL server will always send a
21certificate, if present. A client will only send a certificate when
22explicitely requested to do so by the server (see
23L<SSL_CTX_set_verify(3)|SSL_CTX_set_verify(3)>). If an anonymous cipher
24is used, no certificates are sent.
25
20That a certificate is returned does not indicate information about the 26That a certificate is returned does not indicate information about the
21verification state, use L<SSL_get_verify_result(3)|SSL_get_verify_result(3)> 27verification state, use L<SSL_get_verify_result(3)|SSL_get_verify_result(3)>
22to check the verification state. 28to check the verification state.
@@ -43,6 +49,7 @@ The return value points to the certificate presented by the peer.
43 49
44=head1 SEE ALSO 50=head1 SEE ALSO
45 51
46L<ssl(3)|ssl(3)>, L<SSL_get_verify_result(3)|SSL_get_verify_result(3)> 52L<ssl(3)|ssl(3)>, L<SSL_get_verify_result(3)|SSL_get_verify_result(3)>,
53L<SSL_CTX_set_verify(3)|SSL_CTX_set_verify(3)>
47 54
48=cut 55=cut
diff --git a/src/lib/libssl/src/doc/ssl/SSL_read.pod b/src/lib/libssl/src/doc/ssl/SSL_read.pod
index 7db5ee0a22..cc7aa1a547 100644
--- a/src/lib/libssl/src/doc/ssl/SSL_read.pod
+++ b/src/lib/libssl/src/doc/ssl/SSL_read.pod
@@ -29,7 +29,22 @@ initialized to client or server mode. This is not the case if a generic
29method is being used (see L<SSL_CTX_new(3)|SSL_CTX_new(3)>, so that 29method is being used (see L<SSL_CTX_new(3)|SSL_CTX_new(3)>, so that
30L<SSL_set_connect_state(3)|SSL_set_connect_state(3)> or SSL_set_accept_state() 30L<SSL_set_connect_state(3)|SSL_set_connect_state(3)> or SSL_set_accept_state()
31must be used before the first call to an SSL_read() or 31must be used before the first call to an SSL_read() or
32L<SSL_write(3)|SSL_write(3)> function. 32L<SSL_write(3)|SSL_write(3)> function).
33
34SSL_read() works based on the SSL/TLS records. The data are received in
35records (with a maximum record size of 16kB for SSLv3/TLSv1). Only when a
36record has been completely received, it can be processed (decryption and
37check of integrity). Therefore data that was not retrieved at the last
38call of SSL_read() can still be buffered inside the SSL layer and will be
39retrieved on the next call to SSL_read(). If B<num> is higher than the
40number of bytes buffered, SSL_read() will return with the bytes buffered.
41If no more bytes are in the buffer, SSL_read() will trigger the processing
42of the next record. Only when the record has been received and processed
43completely, SSL_read() will return reporting success. At most the contents
44of the record will be returned. As the size of an SSL/TLS record may exceed
45the maximum packet size of the underlying transport (e.g. TCP), it may
46be necessary to read several packets from the transport layer before the
47record is complete and SSL_read() can succeed.
33 48
34If the underlying BIO is B<blocking>, SSL_read() will only return, once the 49If the underlying BIO is B<blocking>, SSL_read() will only return, once the
35read operation has been finished or an error occurred, except when a 50read operation has been finished or an error occurred, except when a
diff --git a/src/lib/libssl/src/doc/ssl/SSL_shutdown.pod b/src/lib/libssl/src/doc/ssl/SSL_shutdown.pod
index 7988dd3c90..c4ae6704e7 100644
--- a/src/lib/libssl/src/doc/ssl/SSL_shutdown.pod
+++ b/src/lib/libssl/src/doc/ssl/SSL_shutdown.pod
@@ -66,7 +66,7 @@ Call SSL_get_error() with the return value B<ret> to find out the reason.
66 66
67L<SSL_get_error(3)|SSL_get_error(3)>, L<SSL_connect(3)|SSL_connect(3)>, 67L<SSL_get_error(3)|SSL_get_error(3)>, L<SSL_connect(3)|SSL_connect(3)>,
68L<SSL_accept(3)|SSL_accept(3)>, L<SSL_set_shutdown(3)|SSL_set_shutdown(3)>, 68L<SSL_accept(3)|SSL_accept(3)>, L<SSL_set_shutdown(3)|SSL_set_shutdown(3)>,
69L<SSL_clear(3)|SSL_clear(3), L<SSL_free(3)|SSL_free(3)>, 69L<SSL_clear(3)|SSL_clear(3)>, L<SSL_free(3)|SSL_free(3)>,
70L<ssl(3)|ssl(3)>, L<bio(3)|bio(3)> 70L<ssl(3)|ssl(3)>, L<bio(3)|bio(3)>
71 71
72=cut 72=cut
diff --git a/src/lib/libssl/src/doc/ssl/SSL_write.pod b/src/lib/libssl/src/doc/ssl/SSL_write.pod
index be1ad76d3b..b0dfefae20 100644
--- a/src/lib/libssl/src/doc/ssl/SSL_write.pod
+++ b/src/lib/libssl/src/doc/ssl/SSL_write.pod
@@ -50,6 +50,17 @@ non-blocking socket, nothing is to be done, but select() can be used to check
50for the required condition. When using a buffering BIO, like a BIO pair, data 50for the required condition. When using a buffering BIO, like a BIO pair, data
51must be written into or retrieved out of the BIO before being able to continue. 51must be written into or retrieved out of the BIO before being able to continue.
52 52
53SSL_write() will only return with success, when the complete contents
54of B<buf> of length B<num> has been written. This default behaviour
55can be changed with the SSL_MODE_ENABLE_PARTIAL_WRITE option of
56L<SSL_CTX_set_mode(3)|SSL_CTX_set_mode(3)>. When this flag is set,
57SSL_write() will also return with success, when a partial write has been
58successfully completed. In this case the SSL_write() operation is considered
59completed. The bytes are sent and a new SSL_write() operation with a new
60buffer (with the already sent bytes removed) must be started.
61A partial write is performed with the size of a message block, which is
6216kB for SSLv3/TLSv1.
63
53=head1 WARNING 64=head1 WARNING
54 65
55When an SSL_write() operation has to be repeated because of 66When an SSL_write() operation has to be repeated because of
diff --git a/src/lib/libssl/src/e_os.h b/src/lib/libssl/src/e_os.h
index fc61e0e00b..44aec41406 100644
--- a/src/lib/libssl/src/e_os.h
+++ b/src/lib/libssl/src/e_os.h
@@ -223,6 +223,7 @@ extern "C" {
223# define SSLEAY_CONF OPENSSL_CONF 223# define SSLEAY_CONF OPENSSL_CONF
224# define NUL_DEV "nul" 224# define NUL_DEV "nul"
225# define RFILE ".rnd" 225# define RFILE ".rnd"
226# define DEFAULT_HOME "C:"
226 227
227#else /* The non-microsoft world world */ 228#else /* The non-microsoft world world */
228 229
diff --git a/src/lib/libssl/src/ssl/s2_srvr.c b/src/lib/libssl/src/ssl/s2_srvr.c
index 1ed02540ae..2fa2f310a8 100644
--- a/src/lib/libssl/src/ssl/s2_srvr.c
+++ b/src/lib/libssl/src/ssl/s2_srvr.c
@@ -405,12 +405,13 @@ static int get_client_master_key(SSL *s)
405 /* bad decrypt */ 405 /* bad decrypt */
406#if 1 406#if 1
407 /* If a bad decrypt, continue with protocol but with a 407 /* If a bad decrypt, continue with protocol but with a
408 * dud master secret */ 408 * random master secret (Bleichenbacher attack) */
409 if ((i < 0) || 409 if ((i < 0) ||
410 ((!is_export && (i != EVP_CIPHER_key_length(c))) 410 ((!is_export && (i != EVP_CIPHER_key_length(c)))
411 || (is_export && ((i != ek) || (s->s2->tmp.clear+i != 411 || (is_export && ((i != ek) || (s->s2->tmp.clear+i !=
412 EVP_CIPHER_key_length(c)))))) 412 EVP_CIPHER_key_length(c))))))
413 { 413 {
414 ERR_clear_error();
414 if (is_export) 415 if (is_export)
415 i=ek; 416 i=ek;
416 else 417 else
diff --git a/src/lib/libssl/src/ssl/s3_enc.c b/src/lib/libssl/src/ssl/s3_enc.c
index 9f52c39ca9..8709da9175 100644
--- a/src/lib/libssl/src/ssl/s3_enc.c
+++ b/src/lib/libssl/src/ssl/s3_enc.c
@@ -356,7 +356,7 @@ int ssl3_enc(SSL *s, int send)
356 if ((s->session == NULL) || (ds == NULL) || 356 if ((s->session == NULL) || (ds == NULL) ||
357 (enc == NULL)) 357 (enc == NULL))
358 { 358 {
359 memcpy(rec->data,rec->input,rec->length); 359 memmove(rec->data,rec->input,rec->length);
360 rec->input=rec->data; 360 rec->input=rec->data;
361 } 361 }
362 else 362 else
@@ -366,7 +366,6 @@ int ssl3_enc(SSL *s, int send)
366 366
367 /* COMPRESS */ 367 /* COMPRESS */
368 368
369 /* This should be using (bs-1) and bs instead of 7 and 8 */
370 if ((bs != 1) && send) 369 if ((bs != 1) && send)
371 { 370 {
372 i=bs-((int)l%bs); 371 i=bs-((int)l%bs);
@@ -376,12 +375,24 @@ int ssl3_enc(SSL *s, int send)
376 rec->length+=i; 375 rec->length+=i;
377 rec->input[l-1]=(i-1); 376 rec->input[l-1]=(i-1);
378 } 377 }
379 378
379 if (!send)
380 {
381 if (l == 0 || l%bs != 0)
382 {
383 SSLerr(SSL_F_SSL3_ENC,SSL_R_BLOCK_CIPHER_PAD_IS_WRONG);
384 ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECRYPT_ERROR);
385 return(0);
386 }
387 }
388
380 EVP_Cipher(ds,rec->data,rec->input,l); 389 EVP_Cipher(ds,rec->data,rec->input,l);
381 390
382 if ((bs != 1) && !send) 391 if ((bs != 1) && !send)
383 { 392 {
384 i=rec->data[l-1]+1; 393 i=rec->data[l-1]+1;
394 /* SSL 3.0 bounds the number of padding bytes by the block size;
395 * padding bytes (except that last) are arbitrary */
385 if (i > bs) 396 if (i > bs)
386 { 397 {
387 SSLerr(SSL_F_SSL3_ENC,SSL_R_BLOCK_CIPHER_PAD_IS_WRONG); 398 SSLerr(SSL_F_SSL3_ENC,SSL_R_BLOCK_CIPHER_PAD_IS_WRONG);
diff --git a/src/lib/libssl/src/ssl/s3_srvr.c b/src/lib/libssl/src/ssl/s3_srvr.c
index d04232960e..258af84867 100644
--- a/src/lib/libssl/src/ssl/s3_srvr.c
+++ b/src/lib/libssl/src/ssl/s3_srvr.c
@@ -1322,14 +1322,15 @@ static int ssl3_get_client_key_exchange(SSL *s)
1322 1322
1323 i=RSA_private_decrypt((int)n,p,p,rsa,RSA_PKCS1_PADDING); 1323 i=RSA_private_decrypt((int)n,p,p,rsa,RSA_PKCS1_PADDING);
1324 1324
1325 al = -1;
1326
1325 if (i != SSL_MAX_MASTER_KEY_LENGTH) 1327 if (i != SSL_MAX_MASTER_KEY_LENGTH)
1326 { 1328 {
1327 al=SSL_AD_DECODE_ERROR; 1329 al=SSL_AD_DECODE_ERROR;
1328 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_BAD_RSA_DECRYPT); 1330 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_BAD_RSA_DECRYPT);
1329 goto f_err;
1330 } 1331 }
1331 1332
1332 if (!((p[0] == (s->client_version>>8)) && (p[1] == (s->client_version & 0xff)))) 1333 if ((al == -1) && !((p[0] == (s->client_version>>8)) && (p[1] == (s->client_version & 0xff))))
1333 { 1334 {
1334 /* The premaster secret must contain the same version number as the 1335 /* The premaster secret must contain the same version number as the
1335 * ClientHello to detect version rollback attacks (strangely, the 1336 * ClientHello to detect version rollback attacks (strangely, the
@@ -1347,6 +1348,27 @@ static int ssl3_get_client_key_exchange(SSL *s)
1347 } 1348 }
1348 } 1349 }
1349 1350
1351 if (al != -1)
1352 {
1353#if 0
1354 goto f_err;
1355#else
1356 /* Some decryption failure -- use random value instead as countermeasure
1357 * against Bleichenbacher's attack on PKCS #1 v1.5 RSA padding
1358 * (see RFC 2246, section 7.4.7.1).
1359 * But note that due to length and protocol version checking, the
1360 * attack is impractical anyway (see section 5 in D. Bleichenbacher:
1361 * "Chosen Ciphertext Attacks Against Protocols Based on the RSA
1362 * Encryption Standard PKCS #1", CRYPTO '98, LNCS 1462, pp. 1-12).
1363 */
1364 ERR_clear_error();
1365 i = SSL_MAX_MASTER_KEY_LENGTH;
1366 p[0] = s->client_version >> 8;
1367 p[1] = s->client_version & 0xff;
1368 RAND_pseudo_bytes(p+2, i-2); /* should be RAND_bytes, but we cannot work around a failure */
1369#endif
1370 }
1371
1350 s->session->master_key_length= 1372 s->session->master_key_length=
1351 s->method->ssl3_enc->generate_master_secret(s, 1373 s->method->ssl3_enc->generate_master_secret(s,
1352 s->session->master_key, 1374 s->session->master_key,
diff --git a/src/lib/libssl/src/ssl/t1_enc.c b/src/lib/libssl/src/ssl/t1_enc.c
index d10a23af8e..a0758e9261 100644
--- a/src/lib/libssl/src/ssl/t1_enc.c
+++ b/src/lib/libssl/src/ssl/t1_enc.c
@@ -420,7 +420,7 @@ int tls1_enc(SSL *s, int send)
420 if ((s->session == NULL) || (ds == NULL) || 420 if ((s->session == NULL) || (ds == NULL) ||
421 (enc == NULL)) 421 (enc == NULL))
422 { 422 {
423 memcpy(rec->data,rec->input,rec->length); 423 memmove(rec->data,rec->input,rec->length);
424 rec->input=rec->data; 424 rec->input=rec->data;
425 } 425 }
426 else 426 else
@@ -447,11 +447,21 @@ int tls1_enc(SSL *s, int send)
447 rec->length+=i; 447 rec->length+=i;
448 } 448 }
449 449
450 if (!send)
451 {
452 if (l == 0 || l%bs != 0)
453 {
454 SSLerr(SSL_F_TLS1_ENC,SSL_R_BLOCK_CIPHER_PAD_IS_WRONG);
455 ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECRYPT_ERROR);
456 return(0);
457 }
458 }
459
450 EVP_Cipher(ds,rec->data,rec->input,l); 460 EVP_Cipher(ds,rec->data,rec->input,l);
451 461
452 if ((bs != 1) && !send) 462 if ((bs != 1) && !send)
453 { 463 {
454 ii=i=rec->data[l-1]; 464 ii=i=rec->data[l-1]; /* padding_length */
455 i++; 465 i++;
456 if (s->options&SSL_OP_TLS_BLOCK_PADDING_BUG) 466 if (s->options&SSL_OP_TLS_BLOCK_PADDING_BUG)
457 { 467 {
@@ -462,6 +472,8 @@ int tls1_enc(SSL *s, int send)
462 if (s->s3->flags & TLS1_FLAGS_TLS_PADDING_BUG) 472 if (s->s3->flags & TLS1_FLAGS_TLS_PADDING_BUG)
463 i--; 473 i--;
464 } 474 }
475 /* TLS 1.0 does not bound the number of padding bytes by the block size.
476 * All of them must have value 'padding_length'. */
465 if (i > (int)rec->length) 477 if (i > (int)rec->length)
466 { 478 {
467 SSLerr(SSL_F_TLS1_ENC,SSL_R_BLOCK_CIPHER_PAD_IS_WRONG); 479 SSLerr(SSL_F_TLS1_ENC,SSL_R_BLOCK_CIPHER_PAD_IS_WRONG);
diff --git a/src/lib/libssl/src/test/Makefile.ssl b/src/lib/libssl/src/test/Makefile.ssl
index 9c7b7dd158..7384243cbd 100644
--- a/src/lib/libssl/src/test/Makefile.ssl
+++ b/src/lib/libssl/src/test/Makefile.ssl
@@ -192,7 +192,7 @@ test_bn:
192 @./$(BNTEST) >tmp.bntest 192 @./$(BNTEST) >tmp.bntest
193 @echo quit >>tmp.bntest 193 @echo quit >>tmp.bntest
194 @echo "running bc" 194 @echo "running bc"
195 @<tmp.bntest sh -c "`sh ./bctest || true`" | $(PERL) -e '$$i=0; while (<STDIN>) {if (/^test (.*)/) {print STDERR "\nverify $$1";} elsif (!/^0$$/) {die "\nFailed! bc: $$_";} else {print STDERR "."; $$i++;}} print STDERR "\n$$i tests passed\n"' 195 @<tmp.bntest sh -c "`sh ./bctest ignore`" | $(PERL) -e '$$i=0; while (<STDIN>) {if (/^test (.*)/) {print STDERR "\nverify $$1";} elsif (!/^0$$/) {die "\nFailed! bc: $$_";} else {print STDERR "."; $$i++;}} print STDERR "\n$$i tests passed\n"'
196 @echo 'test a^b%c implementations' 196 @echo 'test a^b%c implementations'
197 ./$(EXPTEST) 197 ./$(EXPTEST)
198 198
diff --git a/src/lib/libssl/src/test/bctest b/src/lib/libssl/src/test/bctest
new file mode 100644
index 0000000000..bdb3218f7a
--- /dev/null
+++ b/src/lib/libssl/src/test/bctest
@@ -0,0 +1,111 @@
1#!/bin/sh
2
3# This script is used by test/Makefile.ssl to check whether a sane 'bc'
4# is installed.
5# ('make test_bn' should not try to run 'bc' if it does not exist or if
6# it is a broken 'bc' version that is known to cause trouble.)
7#
8# If 'bc' works, we also test if it knows the 'print' command.
9#
10# In any case, output an appropriate command line for running (or not
11# running) bc.
12
13
14IFS=:
15try_without_dir=true
16# First we try "bc", then "$dir/bc" for each item in $PATH.
17for dir in dummy:$PATH; do
18 if [ "$try_without_dir" = true ]; then
19 # first iteration
20 bc=bc
21 try_without_dir=false
22 else
23 # second and later iterations
24 bc="$dir/bc"
25 if [ ! -f "$bc" ]; then # '-x' is not available on Ultrix
26 bc=''
27 fi
28 fi
29
30 if [ ! "$bc" = '' ]; then
31 failure=none
32
33
34 # Test for SunOS 5.[78] bc bug
35 "$bc" >tmp.bctest <<\EOF
36obase=16
37ibase=16
38a=AD88C418F31B3FC712D0425001D522B3AE9134FF3A98C13C1FCC1682211195406C1A6C66C6A\
39CEEC1A0EC16950233F77F1C2F2363D56DD71A36C57E0B2511FC4BA8F22D261FE2E9356D99AF57\
4010F3817C0E05BF79C423C3F66FDF321BE8D3F18F625D91B670931C1EF25F28E489BDA1C5422D1\
41C3F6F7A1AD21585746ECC4F10A14A778AF56F08898E965E9909E965E0CB6F85B514150C644759\
423BE731877B16EA07B552088FF2EA728AC5E0FF3A23EB939304519AB8B60F2C33D6BA0945B66F0\
434FC3CADF855448B24A9D7640BCF473E
44b=DCE91E7D120B983EA9A104B5A96D634DD644C37657B1C7860B45E6838999B3DCE5A555583C6\
459209E41F413422954175A06E67FFEF6746DD652F0F48AEFECC3D8CAC13523BDAAD3F5AF4212BD\
468B3CD64126E1A82E190228020C05B91C8B141F1110086FC2A4C6ED631EBA129D04BB9A19FC53D\
473ED0E2017D60A68775B75481449
48(a/b)*b + (a%b) - a
49EOF
50 if [ 0 != "`cat tmp.bctest`" ]; then
51 failure=SunOStest
52 fi
53
54
55 if [ "$failure" = none ]; then
56 # Test for SCO bc bug.
57 "$bc" >tmp.bctest <<\EOF
58obase=16
59ibase=16
60-FFDD63BA1A4648F0D804F8A1C66C53F0D2110590E8A3907EC73B4AEC6F15AC177F176F2274D2\
619DC8022EA0D7DD3ABE9746D2D46DD3EA5B5F6F69DF12877E0AC5E7F5ADFACEE54573F5D256A06\
6211B5D2BC24947724E22AE4EC3FB0C39D9B4694A01AFE5E43B4D99FB9812A0E4A5773D8B254117\
631239157EC6E3D8D50199 * -FFDD63BA1A4648F0D804F8A1C66C53F0D2110590E8A3907EC73B4\
64AEC6F15AC177F176F2274D29DC8022EA0D7DD3ABE9746D2D46DD3EA5B5F6F69DF12877E0AC5E7\
65F5ADFACEE54573F5D256A0611B5D2BC24947724E22AE4EC3FB0C39D9B4694A01AFE5E43B4D99F\
66B9812A0E4A5773D8B2541171239157EC6E3D8D50199 - FFBACC221682DA464B6D7F123482522\
6702EDAEDCA38C3B69E9B7BBCD6165A9CD8716C4903417F23C09A85B851961F92C217258CEEB866\
6885EFCC5DD131853A02C07A873B8E2AF2E40C6D5ED598CD0E8F35AD49F3C3A17FDB7653E4E2DC4\
69A8D23CC34686EE4AD01F7407A7CD74429AC6D36DBF0CB6A3E302D0E5BDFCD048A3B90C1BE5AA8\
70E16C3D5884F9136B43FF7BB443764153D4AEC176C681B078F4CC53D6EB6AB76285537DDEE7C18\
718C72441B52EDBDDBC77E02D34E513F2AABF92F44109CAFE8242BD0ECBAC5604A94B02EA44D43C\
7204E9476E6FBC48043916BFA1485C6093603600273C9C33F13114D78064AE42F3DC466C7DA543D\
7389C8D71
74AD534AFBED2FA39EE9F40E20FCF9E2C861024DB98DDCBA1CD118C49CA55EEBC20D6BA51B2271C\
75928B693D6A73F67FEB1B4571448588B46194617D25D910C6A9A130CC963155CF34079CB218A44\
768A1F57E276D92A33386DDCA3D241DB78C8974ABD71DD05B0FA555709C9910D745185E6FE108E3\
7737F1907D0C56F8BFBF52B9704 % -E557905B56B13441574CAFCE2BD257A750B1A8B2C88D0E36\
78E18EF7C38DAC80D3948E17ED63AFF3B3467866E3B89D09A81B3D16B52F6A3C7134D3C6F5123E9\
79F617E3145BBFBE9AFD0D6E437EA4FF6F04BC67C4F1458B4F0F47B64 - 1C2BBBB19B74E86FD32\
809E8DB6A8C3B1B9986D57ED5419C2E855F7D5469E35E76334BB42F4C43E3F3A31B9697C171DAC4\
81D97935A7E1A14AD209D6CF811F55C6DB83AA9E6DFECFCD6669DED7171EE22A40C6181615CAF3F\
825296964
83EOF
84 if [ "0
850" != "`cat tmp.bctest`" ]; then
86 failure=SCOtest
87 fi
88 fi
89
90
91 if [ "$failure" = none ]; then
92 # bc works; now check if it knows the 'print' command.
93 if [ "OK" = "`echo 'print \"OK\"' | $bc 2>/dev/null`" ]
94 then
95 echo "$bc"
96 else
97 echo "sed 's/print.*//' | $bc"
98 fi
99 exit 0
100 fi
101
102 echo "$bc does not work properly ('$failure' failed). Looking for another bc ..." >&2
103 fi
104done
105
106echo "No working bc found. Consider installing GNU bc." >&2
107if [ "$1" = ignore ]; then
108 echo "cat >/dev/null"
109 exit 0
110fi
111exit 1
diff --git a/src/lib/libssl/ssl/shlib_version b/src/lib/libssl/ssl/shlib_version
index 3066b9771e..900b4048a9 100644
--- a/src/lib/libssl/ssl/shlib_version
+++ b/src/lib/libssl/ssl/shlib_version
@@ -1,2 +1,2 @@
1major=5 1major=5
2minor=0 2minor=1
diff --git a/src/lib/libssl/t1_enc.c b/src/lib/libssl/t1_enc.c
index d10a23af8e..a0758e9261 100644
--- a/src/lib/libssl/t1_enc.c
+++ b/src/lib/libssl/t1_enc.c
@@ -420,7 +420,7 @@ int tls1_enc(SSL *s, int send)
420 if ((s->session == NULL) || (ds == NULL) || 420 if ((s->session == NULL) || (ds == NULL) ||
421 (enc == NULL)) 421 (enc == NULL))
422 { 422 {
423 memcpy(rec->data,rec->input,rec->length); 423 memmove(rec->data,rec->input,rec->length);
424 rec->input=rec->data; 424 rec->input=rec->data;
425 } 425 }
426 else 426 else
@@ -447,11 +447,21 @@ int tls1_enc(SSL *s, int send)
447 rec->length+=i; 447 rec->length+=i;
448 } 448 }
449 449
450 if (!send)
451 {
452 if (l == 0 || l%bs != 0)
453 {
454 SSLerr(SSL_F_TLS1_ENC,SSL_R_BLOCK_CIPHER_PAD_IS_WRONG);
455 ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECRYPT_ERROR);
456 return(0);
457 }
458 }
459
450 EVP_Cipher(ds,rec->data,rec->input,l); 460 EVP_Cipher(ds,rec->data,rec->input,l);
451 461
452 if ((bs != 1) && !send) 462 if ((bs != 1) && !send)
453 { 463 {
454 ii=i=rec->data[l-1]; 464 ii=i=rec->data[l-1]; /* padding_length */
455 i++; 465 i++;
456 if (s->options&SSL_OP_TLS_BLOCK_PADDING_BUG) 466 if (s->options&SSL_OP_TLS_BLOCK_PADDING_BUG)
457 { 467 {
@@ -462,6 +472,8 @@ int tls1_enc(SSL *s, int send)
462 if (s->s3->flags & TLS1_FLAGS_TLS_PADDING_BUG) 472 if (s->s3->flags & TLS1_FLAGS_TLS_PADDING_BUG)
463 i--; 473 i--;
464 } 474 }
475 /* TLS 1.0 does not bound the number of padding bytes by the block size.
476 * All of them must have value 'padding_length'. */
465 if (i > (int)rec->length) 477 if (i > (int)rec->length)
466 { 478 {
467 SSLerr(SSL_F_TLS1_ENC,SSL_R_BLOCK_CIPHER_PAD_IS_WRONG); 479 SSLerr(SSL_F_TLS1_ENC,SSL_R_BLOCK_CIPHER_PAD_IS_WRONG);
diff --git a/src/lib/libssl/test/Makefile.ssl b/src/lib/libssl/test/Makefile.ssl
index 9c7b7dd158..7384243cbd 100644
--- a/src/lib/libssl/test/Makefile.ssl
+++ b/src/lib/libssl/test/Makefile.ssl
@@ -192,7 +192,7 @@ test_bn:
192 @./$(BNTEST) >tmp.bntest 192 @./$(BNTEST) >tmp.bntest
193 @echo quit >>tmp.bntest 193 @echo quit >>tmp.bntest
194 @echo "running bc" 194 @echo "running bc"
195 @<tmp.bntest sh -c "`sh ./bctest || true`" | $(PERL) -e '$$i=0; while (<STDIN>) {if (/^test (.*)/) {print STDERR "\nverify $$1";} elsif (!/^0$$/) {die "\nFailed! bc: $$_";} else {print STDERR "."; $$i++;}} print STDERR "\n$$i tests passed\n"' 195 @<tmp.bntest sh -c "`sh ./bctest ignore`" | $(PERL) -e '$$i=0; while (<STDIN>) {if (/^test (.*)/) {print STDERR "\nverify $$1";} elsif (!/^0$$/) {die "\nFailed! bc: $$_";} else {print STDERR "."; $$i++;}} print STDERR "\n$$i tests passed\n"'
196 @echo 'test a^b%c implementations' 196 @echo 'test a^b%c implementations'
197 ./$(EXPTEST) 197 ./$(EXPTEST)
198 198
diff --git a/src/lib/libssl/test/bctest b/src/lib/libssl/test/bctest
new file mode 100644
index 0000000000..bdb3218f7a
--- /dev/null
+++ b/src/lib/libssl/test/bctest
@@ -0,0 +1,111 @@
1#!/bin/sh
2
3# This script is used by test/Makefile.ssl to check whether a sane 'bc'
4# is installed.
5# ('make test_bn' should not try to run 'bc' if it does not exist or if
6# it is a broken 'bc' version that is known to cause trouble.)
7#
8# If 'bc' works, we also test if it knows the 'print' command.
9#
10# In any case, output an appropriate command line for running (or not
11# running) bc.
12
13
14IFS=:
15try_without_dir=true
16# First we try "bc", then "$dir/bc" for each item in $PATH.
17for dir in dummy:$PATH; do
18 if [ "$try_without_dir" = true ]; then
19 # first iteration
20 bc=bc
21 try_without_dir=false
22 else
23 # second and later iterations
24 bc="$dir/bc"
25 if [ ! -f "$bc" ]; then # '-x' is not available on Ultrix
26 bc=''
27 fi
28 fi
29
30 if [ ! "$bc" = '' ]; then
31 failure=none
32
33
34 # Test for SunOS 5.[78] bc bug
35 "$bc" >tmp.bctest <<\EOF
36obase=16
37ibase=16
38a=AD88C418F31B3FC712D0425001D522B3AE9134FF3A98C13C1FCC1682211195406C1A6C66C6A\
39CEEC1A0EC16950233F77F1C2F2363D56DD71A36C57E0B2511FC4BA8F22D261FE2E9356D99AF57\
4010F3817C0E05BF79C423C3F66FDF321BE8D3F18F625D91B670931C1EF25F28E489BDA1C5422D1\
41C3F6F7A1AD21585746ECC4F10A14A778AF56F08898E965E9909E965E0CB6F85B514150C644759\
423BE731877B16EA07B552088FF2EA728AC5E0FF3A23EB939304519AB8B60F2C33D6BA0945B66F0\
434FC3CADF855448B24A9D7640BCF473E
44b=DCE91E7D120B983EA9A104B5A96D634DD644C37657B1C7860B45E6838999B3DCE5A555583C6\
459209E41F413422954175A06E67FFEF6746DD652F0F48AEFECC3D8CAC13523BDAAD3F5AF4212BD\
468B3CD64126E1A82E190228020C05B91C8B141F1110086FC2A4C6ED631EBA129D04BB9A19FC53D\
473ED0E2017D60A68775B75481449
48(a/b)*b + (a%b) - a
49EOF
50 if [ 0 != "`cat tmp.bctest`" ]; then
51 failure=SunOStest
52 fi
53
54
55 if [ "$failure" = none ]; then
56 # Test for SCO bc bug.
57 "$bc" >tmp.bctest <<\EOF
58obase=16
59ibase=16
60-FFDD63BA1A4648F0D804F8A1C66C53F0D2110590E8A3907EC73B4AEC6F15AC177F176F2274D2\
619DC8022EA0D7DD3ABE9746D2D46DD3EA5B5F6F69DF12877E0AC5E7F5ADFACEE54573F5D256A06\
6211B5D2BC24947724E22AE4EC3FB0C39D9B4694A01AFE5E43B4D99FB9812A0E4A5773D8B254117\
631239157EC6E3D8D50199 * -FFDD63BA1A4648F0D804F8A1C66C53F0D2110590E8A3907EC73B4\
64AEC6F15AC177F176F2274D29DC8022EA0D7DD3ABE9746D2D46DD3EA5B5F6F69DF12877E0AC5E7\
65F5ADFACEE54573F5D256A0611B5D2BC24947724E22AE4EC3FB0C39D9B4694A01AFE5E43B4D99F\
66B9812A0E4A5773D8B2541171239157EC6E3D8D50199 - FFBACC221682DA464B6D7F123482522\
6702EDAEDCA38C3B69E9B7BBCD6165A9CD8716C4903417F23C09A85B851961F92C217258CEEB866\
6885EFCC5DD131853A02C07A873B8E2AF2E40C6D5ED598CD0E8F35AD49F3C3A17FDB7653E4E2DC4\
69A8D23CC34686EE4AD01F7407A7CD74429AC6D36DBF0CB6A3E302D0E5BDFCD048A3B90C1BE5AA8\
70E16C3D5884F9136B43FF7BB443764153D4AEC176C681B078F4CC53D6EB6AB76285537DDEE7C18\
718C72441B52EDBDDBC77E02D34E513F2AABF92F44109CAFE8242BD0ECBAC5604A94B02EA44D43C\
7204E9476E6FBC48043916BFA1485C6093603600273C9C33F13114D78064AE42F3DC466C7DA543D\
7389C8D71
74AD534AFBED2FA39EE9F40E20FCF9E2C861024DB98DDCBA1CD118C49CA55EEBC20D6BA51B2271C\
75928B693D6A73F67FEB1B4571448588B46194617D25D910C6A9A130CC963155CF34079CB218A44\
768A1F57E276D92A33386DDCA3D241DB78C8974ABD71DD05B0FA555709C9910D745185E6FE108E3\
7737F1907D0C56F8BFBF52B9704 % -E557905B56B13441574CAFCE2BD257A750B1A8B2C88D0E36\
78E18EF7C38DAC80D3948E17ED63AFF3B3467866E3B89D09A81B3D16B52F6A3C7134D3C6F5123E9\
79F617E3145BBFBE9AFD0D6E437EA4FF6F04BC67C4F1458B4F0F47B64 - 1C2BBBB19B74E86FD32\
809E8DB6A8C3B1B9986D57ED5419C2E855F7D5469E35E76334BB42F4C43E3F3A31B9697C171DAC4\
81D97935A7E1A14AD209D6CF811F55C6DB83AA9E6DFECFCD6669DED7171EE22A40C6181615CAF3F\
825296964
83EOF
84 if [ "0
850" != "`cat tmp.bctest`" ]; then
86 failure=SCOtest
87 fi
88 fi
89
90
91 if [ "$failure" = none ]; then
92 # bc works; now check if it knows the 'print' command.
93 if [ "OK" = "`echo 'print \"OK\"' | $bc 2>/dev/null`" ]
94 then
95 echo "$bc"
96 else
97 echo "sed 's/print.*//' | $bc"
98 fi
99 exit 0
100 fi
101
102 echo "$bc does not work properly ('$failure' failed). Looking for another bc ..." >&2
103 fi
104done
105
106echo "No working bc found. Consider installing GNU bc." >&2
107if [ "$1" = ignore ]; then
108 echo "cat >/dev/null"
109 exit 0
110fi
111exit 1
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-20 15:17:56 +0000