summaryrefslogtreecommitdiff
path: root/src/lib/libssl/src
diff options
context:
space:
mode:
authordjm <>2009-01-05 21:36:39 +0000
committerdjm <>2009-01-05 21:36:39 +0000
commit3be551b5922b665fd4e18cd65b857b9f92a0b6c8 (patch)
treee0d2d687fbd4e4e9eb6bc4b178ea069817f0aba4 /src/lib/libssl/src
parent822633f8798a6b4646a8b092e7c67f511cdbdba2 (diff)
downloadopenbsd-3be551b5922b665fd4e18cd65b857b9f92a0b6c8.tar.gz
openbsd-3be551b5922b665fd4e18cd65b857b9f92a0b6c8.tar.bz2
openbsd-3be551b5922b665fd4e18cd65b857b9f92a0b6c8.zip
update to openssl-0.9.8i; tested by several, especially krw@
Diffstat (limited to 'src/lib/libssl/src')
-rw-r--r--src/lib/libssl/src/CHANGES54
-rw-r--r--src/lib/libssl/src/ChangeLog.0_9_7-stable_not-in-head163
-rw-r--r--src/lib/libssl/src/ChangeLog.0_9_7-stable_not-in-head_FIPS1494
-rw-r--r--src/lib/libssl/src/Configure16
-rw-r--r--src/lib/libssl/src/FAQ49
-rw-r--r--src/lib/libssl/src/Makefile6
-rw-r--r--src/lib/libssl/src/Makefile.shared8
-rw-r--r--src/lib/libssl/src/NEWS8
-rw-r--r--src/lib/libssl/src/README2
-rw-r--r--src/lib/libssl/src/apps/Makefile322
-rw-r--r--src/lib/libssl/src/apps/dsa.c38
-rw-r--r--src/lib/libssl/src/apps/openssl.c18
-rw-r--r--src/lib/libssl/src/apps/pkcs12.c11
-rw-r--r--src/lib/libssl/src/apps/s_client.c32
-rw-r--r--src/lib/libssl/src/crypto/asn1/asn_mime.c2
-rw-r--r--src/lib/libssl/src/crypto/asn1/t_x509.c11
-rw-r--r--src/lib/libssl/src/crypto/bio/bss_dgram.c64
-rw-r--r--src/lib/libssl/src/crypto/bn/Makefile1
-rw-r--r--src/lib/libssl/src/crypto/bn/bn_div.c15
-rw-r--r--src/lib/libssl/src/crypto/bn/bn_gf2m.c6
-rw-r--r--src/lib/libssl/src/crypto/bn/bn_nist.c184
-rw-r--r--src/lib/libssl/src/crypto/cms/cms_smime.c6
-rw-r--r--src/lib/libssl/src/crypto/cryptlib.h1
-rw-r--r--src/lib/libssl/src/crypto/crypto.h1
-rw-r--r--src/lib/libssl/src/crypto/dh/Makefile20
-rw-r--r--src/lib/libssl/src/crypto/dsa/Makefile11
-rw-r--r--src/lib/libssl/src/crypto/ecdh/Makefile32
-rw-r--r--src/lib/libssl/src/crypto/ecdsa/Makefile48
-rw-r--r--src/lib/libssl/src/crypto/engine/Makefile390
-rw-r--r--src/lib/libssl/src/crypto/engine/eng_all.c3
-rw-r--r--src/lib/libssl/src/crypto/engine/eng_cnf.c9
-rw-r--r--src/lib/libssl/src/crypto/engine/eng_err.c3
-rw-r--r--src/lib/libssl/src/crypto/engine/eng_int.h2
-rw-r--r--src/lib/libssl/src/crypto/engine/eng_pkey.c42
-rw-r--r--src/lib/libssl/src/crypto/engine/engine.h16
-rw-r--r--src/lib/libssl/src/crypto/err/err.c1
-rw-r--r--src/lib/libssl/src/crypto/err/err.h4
-rw-r--r--src/lib/libssl/src/crypto/evp/Makefile54
-rw-r--r--src/lib/libssl/src/crypto/evp/evp.h2
-rw-r--r--src/lib/libssl/src/crypto/evp/evp_enc.c13
-rw-r--r--src/lib/libssl/src/crypto/hmac/hmac.c7
-rw-r--r--src/lib/libssl/src/crypto/hmac/hmac.h1
-rw-r--r--src/lib/libssl/src/crypto/md32_common.h2
-rw-r--r--src/lib/libssl/src/crypto/objects/obj_mac.num66
-rw-r--r--src/lib/libssl/src/crypto/objects/objects.txt105
-rw-r--r--src/lib/libssl/src/crypto/opensslv.h6
-rw-r--r--src/lib/libssl/src/crypto/ossl_typ.h2
-rw-r--r--src/lib/libssl/src/crypto/pkcs12/p12_crt.c26
-rw-r--r--src/lib/libssl/src/crypto/rand/Makefile17
-rw-r--r--src/lib/libssl/src/crypto/rsa/Makefile13
-rw-r--r--src/lib/libssl/src/crypto/rsa/rsa.h2
-rw-r--r--src/lib/libssl/src/crypto/rsa/rsa_eay.c39
-rw-r--r--src/lib/libssl/src/crypto/rsa/rsa_ssl.c2
-rw-r--r--src/lib/libssl/src/crypto/sha/asm/sha1-586.pl2
-rw-r--r--src/lib/libssl/src/crypto/stack/safestack.h44
-rw-r--r--src/lib/libssl/src/crypto/x509/x509_att.c12
-rw-r--r--src/lib/libssl/src/crypto/x509/x509_vfy.c12
-rw-r--r--src/lib/libssl/src/crypto/x509v3/pcy_data.c8
-rw-r--r--src/lib/libssl/src/crypto/x509v3/pcy_tree.c18
-rw-r--r--src/lib/libssl/src/crypto/x509v3/v3_addr.c12
-rw-r--r--src/lib/libssl/src/crypto/x509v3/v3_asid.c2
-rw-r--r--src/lib/libssl/src/crypto/x509v3/v3_purp.c6
-rw-r--r--src/lib/libssl/src/crypto/x509v3/x509v3.h4
-rw-r--r--src/lib/libssl/src/doc/ssl/SSL_read.pod6
-rw-r--r--src/lib/libssl/src/engines/Makefile115
-rw-r--r--src/lib/libssl/src/engines/e_capi.c1781
-rw-r--r--src/lib/libssl/src/engines/e_capi.ec1
-rw-r--r--src/lib/libssl/src/engines/e_capi_err.c183
-rw-r--r--src/lib/libssl/src/engines/e_capi_err.h123
-rw-r--r--src/lib/libssl/src/engines/e_gmp.c15
-rw-r--r--src/lib/libssl/src/openssl.spec2
-rw-r--r--src/lib/libssl/src/ssl/Makefile965
-rw-r--r--src/lib/libssl/src/ssl/d1_clnt.c3
-rw-r--r--src/lib/libssl/src/ssl/d1_pkt.c21
-rw-r--r--src/lib/libssl/src/ssl/d1_srvr.c6
-rw-r--r--src/lib/libssl/src/ssl/dtls1.h7
-rw-r--r--src/lib/libssl/src/ssl/s23_clnt.c16
-rw-r--r--src/lib/libssl/src/ssl/s23_srvr.c9
-rw-r--r--src/lib/libssl/src/ssl/s3_clnt.c42
-rw-r--r--src/lib/libssl/src/ssl/s3_enc.c4
-rw-r--r--src/lib/libssl/src/ssl/s3_lib.c40
-rw-r--r--src/lib/libssl/src/ssl/s3_pkt.c7
-rw-r--r--src/lib/libssl/src/ssl/s3_srvr.c8
-rw-r--r--src/lib/libssl/src/ssl/ssl.h16
-rw-r--r--src/lib/libssl/src/ssl/ssl_asn1.c2
-rw-r--r--src/lib/libssl/src/ssl/ssl_ciph.c10
-rw-r--r--src/lib/libssl/src/ssl/ssl_err.c5
-rw-r--r--src/lib/libssl/src/ssl/ssl_lib.c36
-rw-r--r--src/lib/libssl/src/ssl/ssl_locl.h4
-rw-r--r--src/lib/libssl/src/ssl/ssl_sess.c22
-rw-r--r--src/lib/libssl/src/ssl/ssltest.c41
-rw-r--r--src/lib/libssl/src/ssl/t1_enc.c4
-rw-r--r--src/lib/libssl/src/ssl/t1_lib.c14
-rw-r--r--src/lib/libssl/src/test/Makefile83
-rw-r--r--src/lib/libssl/src/util/libeay.num58
-rw-r--r--src/lib/libssl/src/util/mk1mf.pl4
-rw-r--r--src/lib/libssl/src/util/mkdef.pl6
-rw-r--r--src/lib/libssl/src/util/pl/VC-32.pl8
-rw-r--r--src/lib/libssl/src/util/ssleay.num1
99 files changed, 4426 insertions, 2812 deletions
diff --git a/src/lib/libssl/src/CHANGES b/src/lib/libssl/src/CHANGES
index 217aa70dcb..72cc168f6a 100644
--- a/src/lib/libssl/src/CHANGES
+++ b/src/lib/libssl/src/CHANGES
@@ -2,6 +2,60 @@
2 OpenSSL CHANGES 2 OpenSSL CHANGES
3 _______________ 3 _______________
4 4
5 Changes between 0.9.8h and 0.9.8i [15 Sep 2008]
6
7 *) Fix a state transitition in s3_srvr.c and d1_srvr.c
8 (was using SSL3_ST_CW_CLNT_HELLO_B, should be ..._ST_SW_SRVR_...).
9 [Nagendra Modadugu]
10
11 *) The fix in 0.9.8c that supposedly got rid of unsafe
12 double-checked locking was incomplete for RSA blinding,
13 addressing just one layer of what turns out to have been
14 doubly unsafe triple-checked locking.
15
16 So now fix this for real by retiring the MONT_HELPER macro
17 in crypto/rsa/rsa_eay.c.
18
19 [Bodo Moeller; problem pointed out by Marius Schilder]
20
21 *) Various precautionary measures:
22
23 - Avoid size_t integer overflow in HASH_UPDATE (md32_common.h).
24
25 - Avoid a buffer overflow in d2i_SSL_SESSION() (ssl_asn1.c).
26 (NB: This would require knowledge of the secret session ticket key
27 to exploit, in which case you'd be SOL either way.)
28
29 - Change bn_nist.c so that it will properly handle input BIGNUMs
30 outside the expected range.
31
32 - Enforce the 'num' check in BN_div() (bn_div.c) for non-BN_DEBUG
33 builds.
34
35 [Neel Mehta, Bodo Moeller]
36
37 *) Add support for Local Machine Keyset attribute in PKCS#12 files.
38 [Steve Henson]
39
40 *) Fix BN_GF2m_mod_arr() top-bit cleanup code.
41 [Huang Ying]
42
43 *) Expand ENGINE to support engine supplied SSL client certificate functions.
44
45 This work was sponsored by Logica.
46 [Steve Henson]
47
48 *) Add CryptoAPI ENGINE to support use of RSA and DSA keys held in Windows
49 keystores. Support for SSL/TLS client authentication too.
50 Not compiled unless enable-capieng specified to Configure.
51
52 This work was sponsored by Logica.
53 [Steve Henson]
54
55 *) Allow engines to be "soft loaded" - i.e. optionally don't die if
56 the load fails. Useful for distros.
57 [Ben Laurie and the FreeBSD team]
58
5 Changes between 0.9.8g and 0.9.8h [28 May 2008] 59 Changes between 0.9.8g and 0.9.8h [28 May 2008]
6 60
7 *) Fix flaw if 'Server Key exchange message' is omitted from a TLS 61 *) Fix flaw if 'Server Key exchange message' is omitted from a TLS
diff --git a/src/lib/libssl/src/ChangeLog.0_9_7-stable_not-in-head b/src/lib/libssl/src/ChangeLog.0_9_7-stable_not-in-head
index 1203a22158..e69de29bb2 100644
--- a/src/lib/libssl/src/ChangeLog.0_9_7-stable_not-in-head
+++ b/src/lib/libssl/src/ChangeLog.0_9_7-stable_not-in-head
@@ -1,163 +0,0 @@
1This file, together with ChangeLog.0_9_7-stable_not-in-head_FIPS,
2provides a collection of those CVS change log entries for the
30.9.7 branch (OpenSSL_0_9_7-stable) that do not appear similarly in
40.9.8-dev (CVS head).
5
6ChangeLog.0_9_7-stable_not-in-head_FIPS - "FIPS" related changes
7ChangeLog.0_9_7-stable_not-in-head - everything else
8
9Some obvious false positives have been eliminated: e.g., we do not
10care about a simple "make update"; and we don't care about changes
11identified to the 0.9.7 branch that were explicitly identified as
12backports from head.
13
14Eliminating all other entries (and finally this file and its
15compantion), either as false positives or as things that should go
16into 0.9.8, remains to be done. Any additional changes to 0.9.7 that
17are not immediately put into 0.9.8, but belong there as well, should
18be added to the end of this file.
19
20
212002-11-04 17:33 levitte
22
23 Changed:
24 Configure (1.314.2.38), "Exp", lines: +4 -2
25
26 Return my normal debug targets to something not so extreme, and
27 make the extreme ones special (or 'extreme', if you will :-)).
28
292002-12-16 19:17 appro
30
31 Changed:
32 crypto/bn/bn_lcl.h (1.23.2.3), "Exp", lines: +3 -0
33 crypto/bn/bn_mul.c (1.28.2.4), "Exp", lines: +84 -445
34
35 This is rollback to 0.9.6h bn_mul.c to address problem reported in
36 RT#272.
37
382003-07-27 15:46 ben
39
40 Changed:
41 crypto/aes/aes.h (1.1.2.5), "Exp", lines: +3 -0
42 crypto/aes/aes_cfb.c (1.1.2.4), "Exp", lines: +57 -0
43
44 Add untested CFB-r mode. Will be tested soon.
45
462003-07-28 17:07 ben
47
48 Changed:
49 Makefile.org (1.154.2.69), "Exp", lines: +5 -1
50 crypto/aes/aes.h (1.1.2.6), "Exp", lines: +3 -0
51 crypto/aes/aes_cfb.c (1.1.2.5), "Exp", lines: +19 -0
52 crypto/dsa/Makefile.ssl (1.49.2.6), "Exp", lines: +3 -2
53 crypto/err/Makefile.ssl (1.48.2.4), "Exp", lines: +17 -16
54 crypto/evp/e_aes.c (1.6.2.5), "Exp", lines: +8 -0
55 crypto/evp/e_des.c (1.5.2.2), "Exp", lines: +1 -1
56 crypto/evp/e_des3.c (1.8.2.3), "Exp", lines: +2 -2
57 crypto/evp/evp.h (1.86.2.11), "Exp", lines: +28 -11
58 crypto/evp/evp_locl.h (1.7.2.3), "Exp", lines: +2 -2
59 crypto/objects/obj_dat.h (1.49.2.13), "Exp", lines: +10 -5
60 crypto/objects/obj_mac.h (1.19.2.13), "Exp", lines: +5 -0
61 crypto/objects/obj_mac.num (1.15.2.9), "Exp", lines: +1 -0
62 crypto/objects/objects.txt (1.20.2.14), "Exp", lines: +4 -0
63 fips/Makefile.ssl (1.1.2.3), "Exp", lines: +7 -0
64 fips/aes/Makefile.ssl (1.1.2.2), "Exp", lines: +23 -1
65 fips/aes/fips_aesavs.c (1.1.2.3), "Exp", lines: +9 -1
66 test/Makefile.ssl (1.84.2.30), "Exp", lines: +101 -43
67
68 Add support for partial CFB modes, make tests work, update
69 dependencies.
70
712003-07-29 12:56 ben
72
73 Changed:
74 crypto/aes/aes_cfb.c (1.1.2.6), "Exp", lines: +9 -6
75 crypto/evp/c_allc.c (1.8.2.3), "Exp", lines: +1 -0
76 crypto/evp/evp_test.c (1.14.2.11), "Exp", lines: +17 -8
77 crypto/evp/evptests.txt (1.9.2.2), "Exp", lines: +48 -1
78
79 Working CFB1 and test vectors.
80
812003-07-29 15:24 ben
82
83 Changed:
84 crypto/evp/e_aes.c (1.6.2.6), "Exp", lines: +14 -0
85 crypto/objects/obj_dat.h (1.49.2.14), "Exp", lines: +15 -5
86 crypto/objects/obj_mac.h (1.19.2.14), "Exp", lines: +10 -0
87 crypto/objects/obj_mac.num (1.15.2.10), "Exp", lines: +2 -0
88 crypto/objects/objects.txt (1.20.2.15), "Exp", lines: +2 -0
89 fips/aes/Makefile.ssl (1.1.2.3), "Exp", lines: +1 -1
90 fips/aes/fips_aesavs.c (1.1.2.4), "Exp", lines: +34 -19
91
92 The rest of the keysizes for CFB1, working AES AVS test for CFB1.
93
942003-07-29 19:05 ben
95
96 Changed:
97 crypto/aes/aes.h (1.1.2.7), "Exp", lines: +3 -0
98 crypto/aes/aes_cfb.c (1.1.2.7), "Exp", lines: +14 -0
99 crypto/evp/c_allc.c (1.8.2.4), "Exp", lines: +1 -0
100 crypto/evp/e_aes.c (1.6.2.7), "Exp", lines: +4 -9
101 crypto/evp/evptests.txt (1.9.2.3), "Exp", lines: +48 -0
102 crypto/objects/obj_dat.h (1.49.2.15), "Exp", lines: +20 -5
103 crypto/objects/obj_mac.h (1.19.2.15), "Exp", lines: +15 -0
104 crypto/objects/obj_mac.num (1.15.2.11), "Exp", lines: +3 -0
105 crypto/objects/objects.txt (1.20.2.16), "Exp", lines: +3 -0
106 fips/aes/fips_aesavs.c (1.1.2.7), "Exp", lines: +11 -0
107
108 AES CFB8.
109
1102003-07-30 20:30 ben
111
112 Changed:
113 Makefile.org (1.154.2.70), "Exp", lines: +16 -5
114 crypto/des/cfb_enc.c (1.7.2.1), "Exp", lines: +2 -1
115 crypto/des/des_enc.c (1.11.2.2), "Exp", lines: +4 -0
116 crypto/evp/e_aes.c (1.6.2.8), "Exp", lines: +7 -14
117 crypto/evp/e_des.c (1.5.2.3), "Exp", lines: +37 -1
118 crypto/evp/evp.h (1.86.2.12), "Exp", lines: +6 -0
119 crypto/evp/evp_locl.h (1.7.2.4), "Exp", lines: +9 -0
120 crypto/objects/obj_dat.h (1.49.2.16), "Exp", lines: +48 -23
121 crypto/objects/obj_mac.h (1.19.2.16), "Exp", lines: +31 -6
122 crypto/objects/obj_mac.num (1.15.2.12), "Exp", lines: +5 -0
123 crypto/objects/objects.txt (1.20.2.17), "Exp", lines: +12 -6
124 fips/Makefile.ssl (1.1.2.4), "Exp", lines: +8 -1
125 fips/fips_make_sha1 (1.1.2.3), "Exp", lines: +3 -0
126 fips/aes/Makefile.ssl (1.1.2.4), "Exp", lines: +1 -1
127 fips/des/.cvsignore (1.1.2.1), "Exp", lines: +3 -0
128 fips/des/Makefile.ssl (1.1.2.1), "Exp", lines: +96 -0
129 fips/des/fingerprint.sha1 (1.1.2.1), "Exp", lines: +2 -0
130 fips/des/fips_des_enc.c (1.1.2.1), "Exp", lines: +288 -0
131 fips/des/fips_des_locl.h (1.1.2.1), "Exp", lines: +428 -0
132 fips/des/fips_desmovs.c (1.1.2.1), "Exp", lines: +659 -0
133
134 Whoops, forgot FIPS DES, also add EVPs for DES CFB1 and 8.
135
1362003-08-01 12:25 ben
137
138 Changed:
139 crypto/des/cfb_enc.c (1.7.2.2), "Exp", lines: +45 -36
140 crypto/evp/c_allc.c (1.8.2.5), "Exp", lines: +2 -0
141 crypto/evp/e_des.c (1.5.2.4), "Exp", lines: +8 -3
142 crypto/evp/evptests.txt (1.9.2.4), "Exp", lines: +6 -0
143
144 Fix DES CFB-r.
145
1462003-08-01 12:31 ben
147
148 Changed:
149 crypto/evp/evptests.txt (1.9.2.5), "Exp", lines: +4 -0
150
151 DES CFB8 test.
152
1532005-04-19 16:21 appro
154
155 Changed:
156 Configure (1.314.2.117), "Exp", lines: +24 -21
157 Makefile.org (1.154.2.100), "Exp", lines: +1 -11
158 TABLE (1.99.2.52), "Exp", lines: +20 -20
159 apps/Makefile (1.1.4.15), "Exp", lines: +1 -1
160 test/Makefile (1.1.4.12), "Exp", lines: +1 -1
161
162 Enable shared link on HP-UX.
163
diff --git a/src/lib/libssl/src/ChangeLog.0_9_7-stable_not-in-head_FIPS b/src/lib/libssl/src/ChangeLog.0_9_7-stable_not-in-head_FIPS
index 1e6c88f77a..e69de29bb2 100644
--- a/src/lib/libssl/src/ChangeLog.0_9_7-stable_not-in-head_FIPS
+++ b/src/lib/libssl/src/ChangeLog.0_9_7-stable_not-in-head_FIPS
@@ -1,1494 +0,0 @@
1See file ChangeLog.0_9_7-stable_not-in-head for explanations.
2This is the "FIPS"-related part.
3
4
5
62003-07-27 19:00 ben
7
8 Changed:
9 Configure (1.314.2.85), "Exp", lines: +2 -0
10 Makefile.org (1.154.2.67), "Exp", lines: +12 -3
11 crypto/cryptlib.c (1.32.2.9), "Exp", lines: +5 -0
12 crypto/md32_common.h (1.22.2.4), "Exp", lines: +11 -0
13 crypto/aes/Makefile.ssl (1.4.2.6), "Exp", lines: +2 -1
14 crypto/aes/aes_core.c (1.1.2.4), "Exp", lines: +4 -0
15 crypto/des/des.h (1.40.2.4), "Exp", lines: +1 -1
16 crypto/des/des_old.c (1.11.2.4), "Exp", lines: +1 -1
17 crypto/des/destest.c (1.30.2.6), "Exp", lines: +2 -2
18 crypto/des/ecb3_enc.c (1.8.2.1), "Exp", lines: +1 -3
19 crypto/dsa/Makefile.ssl (1.49.2.5), "Exp", lines: +7 -4
20 crypto/dsa/dsa_ossl.c (1.12.2.4), "Exp", lines: +2 -0
21 crypto/dsa/dsa_sign.c (1.10.2.3), "Exp", lines: +12 -0
22 crypto/dsa/dsa_vrf.c (1.10.2.3), "Exp", lines: +8 -0
23 crypto/engine/engine.h (1.36.2.6), "Exp", lines: +4 -0
24 crypto/err/err.h (1.35.2.3), "Exp", lines: +2 -0
25 crypto/err/err_all.c (1.17.2.2), "Exp", lines: +4 -0
26 crypto/err/openssl.ec (1.11.2.1), "Exp", lines: +1 -0
27 crypto/evp/Makefile.ssl (1.64.2.8), "Exp", lines: +8 -7
28 crypto/evp/c_all.c (1.7.8.7), "Exp", lines: +1 -0
29 crypto/evp/e_aes.c (1.6.2.4), "Exp", lines: +12 -4
30 crypto/evp/e_des3.c (1.8.2.2), "Exp", lines: +1 -1
31 crypto/evp/evp.h (1.86.2.10), "Exp", lines: +2 -0
32 crypto/evp/evp_err.c (1.23.2.1), "Exp", lines: +3 -1
33 crypto/md4/Makefile.ssl (1.6.2.4), "Exp", lines: +7 -4
34 crypto/md5/Makefile.ssl (1.33.2.7), "Exp", lines: +7 -4
35 crypto/rand/Makefile.ssl (1.56.2.4), "Exp", lines: +17 -15
36 crypto/rand/md_rand.c (1.69.2.2), "Exp", lines: +9 -0
37 crypto/rand/rand.h (1.26.2.5), "Exp", lines: +2 -0
38 crypto/rand/rand_err.c (1.6.2.1), "Exp", lines: +3 -1
39 crypto/rand/rand_lib.c (1.15.2.2), "Exp", lines: +11 -0
40 crypto/ripemd/Makefile.ssl (1.25.2.5), "Exp", lines: +7 -2
41 crypto/sha/Makefile.ssl (1.26.2.5), "Exp", lines: +16 -6
42 fips/.cvsignore (1.1.2.1), "Exp", lines: +1 -0
43 fips/Makefile.ssl (1.1.2.1), "Exp", lines: +155 -0
44 fips/fingerprint.sha1 (1.1.2.1), "Exp", lines: +3 -0
45 fips/fips.c (1.1.2.1), "Exp", lines: +74 -0
46 fips/fips.h (1.1.2.1), "Exp", lines: +85 -0
47 fips/fips_check_sha1 (1.1.2.1), "Exp", lines: +7 -0
48 fips/fips_err.c (1.1.2.1), "Exp", lines: +96 -0
49 fips/fips_make_sha1 (1.1.2.1), "Exp", lines: +21 -0
50 fips/lib (1.1.2.1), "Exp", lines: +0 -0
51 fips/aes/.cvsignore (1.1.2.1), "Exp", lines: +4 -0
52 fips/aes/Makefile.ssl (1.1.2.1), "Exp", lines: +95 -0
53 fips/aes/fingerprint.sha1 (1.1.2.1), "Exp", lines: +2 -0
54 fips/aes/fips_aes_core.c (1.1.2.1), "Exp", lines: +1260 -0
55 fips/aes/fips_aes_locl.h (1.1.2.1), "Exp", lines: +85 -0
56 fips/aes/fips_aesavs.c (1.1.2.1), "Exp", lines: +896 -0
57 fips/dsa/.cvsignore (1.1.2.1), "Exp", lines: +2 -0
58 fips/dsa/Makefile.ssl (1.1.2.1), "Exp", lines: +95 -0
59 fips/dsa/fingerprint.sha1 (1.1.2.1), "Exp", lines: +1 -0
60 fips/dsa/fips_dsa_ossl.c (1.1.2.1), "Exp", lines: +366 -0
61 fips/dsa/fips_dsatest.c (1.1.2.1), "Exp", lines: +252 -0
62 fips/rand/.cvsignore (1.1.2.1), "Exp", lines: +2 -0
63 fips/rand/Makefile.ssl (1.1.2.1), "Exp", lines: +94 -0
64 fips/rand/fingerprint.sha1 (1.1.2.1), "Exp", lines: +2 -0
65 fips/rand/fips_rand.c (1.1.2.1), "Exp", lines: +236 -0
66 fips/rand/fips_rand.h (1.1.2.1), "Exp", lines: +55 -0
67 fips/rand/fips_randtest.c (1.1.2.1), "Exp", lines: +348 -0
68 fips/sha1/.cvsignore (1.1.2.1), "Exp", lines: +3 -0
69 fips/sha1/Makefile.ssl (1.1.2.1), "Exp", lines: +94 -0
70 fips/sha1/fingerprint.sha1 (1.1.2.1), "Exp", lines: +3 -0
71 fips/sha1/fips_md32_common.h (1.1.2.1), "Exp", lines: +637 -0
72 fips/sha1/fips_sha1dgst.c (1.1.2.1), "Exp", lines: +76 -0
73 fips/sha1/fips_sha1test.c (1.1.2.1), "Exp", lines: +128 -0
74 fips/sha1/fips_sha_locl.h (1.1.2.1), "Exp", lines: +472 -0
75 fips/sha1/fips_standalone_sha1.c (1.1.2.1), "Exp", lines: +101 -0
76 fips/sha1/standalone.sha1 (1.1.2.1), "Exp", lines: +4 -0
77 test/Makefile.ssl (1.84.2.29), "Exp", lines: +81 -13
78 util/mkerr.pl (1.18.2.4), "Exp", lines: +2 -1
79
80 Unfinished FIPS stuff for review/improvement.
81
822003-07-27 19:19 ben
83
84 Changed:
85 fips/fips_check_sha1 (1.1.2.2), "Exp", lines: +1 -1
86
87 Use unified diff.
88
892003-07-27 19:23 ben
90
91 Changed:
92 fips/Makefile.ssl (1.1.2.2), "Exp", lines: +3 -3
93 fips/fingerprint.sha1 (1.1.2.2), "Exp", lines: +2 -1
94 fips/fips_make_sha1 (1.1.2.2), "Exp", lines: +1 -1
95
96 Build in non-FIPS mode.
97
982003-07-27 23:13 ben
99
100 Changed:
101 Makefile.org (1.154.2.68), "Exp", lines: +1 -1
102 fips/fips_check_sha1 (1.1.2.3), "Exp", lines: +2 -1
103 fips/aes/fips_aesavs.c (1.1.2.2), "Exp", lines: +2 -0
104 fips/dsa/fips_dsa_ossl.c (1.1.2.2), "Exp", lines: +8 -0
105 fips/dsa/fips_dsatest.c (1.1.2.2), "Exp", lines: +2 -1
106 fips/sha1/fingerprint.sha1 (1.1.2.2), "Exp", lines: +1 -1
107 fips/sha1/fips_sha1dgst.c (1.1.2.2), "Exp", lines: +5 -1
108 fips/sha1/fips_standalone_sha1.c (1.1.2.2), "Exp", lines: +2 -0
109 fips/sha1/standalone.sha1 (1.1.2.2), "Exp", lines: +1 -1
110
111 Build when not FIPS.
112
1132003-07-28 11:56 ben
114
115 Changed:
116 fips/dsa/fingerprint.sha1 (1.1.2.2), "Exp", lines: +1 -1
117 fips/sha1/standalone.sha1 (1.1.2.3), "Exp", lines: +1 -1
118
119 New fingerprints.
120
1212003-07-29 16:06 ben
122
123 Changed:
124 fips/aes/fips_aesavs.c (1.1.2.5), "Exp", lines: +295 -303
125
126 Reformat.
127
1282003-07-29 16:34 ben
129
130 Changed:
131 fips/aes/fips_aesavs.c (1.1.2.6), "Exp", lines: +43 -17
132
133 MMT for CFB1
134
1352003-07-29 17:17 ben
136
137 Changed:
138 fips/fips_err_wrapper.c (1.1.2.1), "Exp", lines: +5 -0
139 fips/sha1/sha1hashes.txt (1.1.2.1), "Exp", lines: +342 -0
140 fips/sha1/sha1vectors.txt (1.1.2.1), "Exp", lines: +2293 -0
141
142 Missing files.
143
1442003-07-31 23:30 levitte
145
146 Changed:
147 Makefile.org (1.154.2.71), "Exp", lines: +2 -0
148
149 If FDIRS is to be treated like SDIRS, let's not forget to
150 initialize it in Makefile.org.
151
1522003-07-31 23:41 levitte
153
154 Changed:
155 fips/sha1/fips_sha1test.c (1.1.2.2), "Exp", lines: +3 -3
156
157 No C++ comments in C programs!
158
1592003-08-01 15:07 steve
160
161 Changed:
162 fips/aes/fips_aesavs.c (1.1.2.8), "Exp", lines: +3 -3
163
164 Replace C++ style comments.
165
1662003-08-03 14:22 ben
167
168 Changed:
169 fips/des/fips_desmovs.c (1.1.2.2), "Exp", lines: +55 -37
170
171 Make tests work (CFB1 still doesn't produce the right answers,
172 strangely).
173
1742003-08-08 12:08 levitte
175
176 Changed:
177 fips/des/fips_des_enc.c (1.1.2.2), "Exp", lines: +9 -0
178
179 Avoid clashing with the regular DES functions when not compiling
180 with -DFIPS. This is basically only visible when building with
181 shared library supoort...
182
1832003-08-11 11:36 levitte
184
185 Deleted:
186 fips/sha1/.cvsignore (1.1.2.2)
187 fips/sha1/Makefile.ssl (1.1.2.3)
188 fips/sha1/fingerprint.sha1 (1.1.2.3)
189 fips/sha1/fips_md32_common.h (1.1.2.2)
190 fips/sha1/fips_sha1dgst.c (1.1.2.3)
191 fips/sha1/fips_sha1test.c (1.1.2.3)
192 fips/sha1/fips_sha_locl.h (1.1.2.2)
193 fips/sha1/fips_standalone_sha1.c (1.1.2.3)
194 fips/sha1/sha1hashes.txt (1.1.2.2)
195 fips/sha1/sha1vectors.txt (1.1.2.2)
196 fips/sha1/standalone.sha1 (1.1.2.4)
197 fips/dsa/.cvsignore (1.1.2.2)
198 fips/dsa/Makefile.ssl (1.1.2.2)
199 fips/dsa/fingerprint.sha1 (1.1.2.3)
200 fips/dsa/fips_dsa_ossl.c (1.1.2.3)
201 fips/dsa/fips_dsatest.c (1.1.2.3)
202 fips/rand/.cvsignore (1.1.2.2)
203 fips/rand/Makefile.ssl (1.1.2.2)
204 fips/rand/fingerprint.sha1 (1.1.2.2)
205 fips/rand/fips_rand.c (1.1.2.2)
206 fips/rand/fips_rand.h (1.1.2.2)
207 fips/rand/fips_randtest.c (1.1.2.2)
208 fips/des/.cvsignore (1.1.2.2)
209 fips/des/Makefile.ssl (1.1.2.3)
210 fips/des/fingerprint.sha1 (1.1.2.2)
211 fips/des/fips_des_enc.c (1.1.2.3)
212 fips/des/fips_des_locl.h (1.1.2.2)
213 fips/des/fips_desmovs.c (1.1.2.3)
214 fips/aes/.cvsignore (1.1.2.2)
215 fips/aes/Makefile.ssl (1.1.2.5)
216 fips/aes/fingerprint.sha1 (1.1.2.2)
217 fips/aes/fips_aes_core.c (1.1.2.2)
218 fips/aes/fips_aes_locl.h (1.1.2.2)
219 fips/aes/fips_aesavs.c (1.1.2.9)
220 fips/.cvsignore (1.1.2.2)
221 fips/Makefile.ssl (1.1.2.6)
222 fips/fingerprint.sha1 (1.1.2.3)
223 fips/fips.c (1.1.2.2)
224 fips/fips.h (1.1.2.2)
225 fips/fips_check_sha1 (1.1.2.4)
226 fips/fips_err.c (1.1.2.2)
227 fips/fips_err_wrapper.c (1.1.2.2)
228 fips/fips_make_sha1 (1.1.2.4)
229 fips/lib (1.1.2.2)
230 Changed:
231 util/libeay.num (1.173.2.16), "Exp", lines: +11 -38
232 util/mkerr.pl (1.18.2.5), "Exp", lines: +1 -2
233 test/Makefile.ssl (1.84.2.31), "Exp", lines: +54 -180
234 crypto/ripemd/Makefile.ssl (1.25.2.6), "Exp", lines: +2 -7
235 crypto/sha/Makefile.ssl (1.26.2.6), "Exp", lines: +6 -16
236 crypto/rand/Makefile.ssl (1.56.2.5), "Exp", lines: +15 -17
237 crypto/rand/md_rand.c (1.69.2.3), "Exp", lines: +0 -9
238 crypto/rand/rand.h (1.26.2.6), "Exp", lines: +0 -2
239 crypto/rand/rand_err.c (1.6.2.2), "Exp", lines: +1 -3
240 crypto/rand/rand_lib.c (1.15.2.3), "Exp", lines: +0 -11
241 crypto/objects/obj_dat.h (1.49.2.18), "Exp", lines: +3 -27
242 crypto/objects/obj_mac.h (1.19.2.18), "Exp", lines: +0 -32
243 crypto/objects/obj_mac.num (1.15.2.14), "Exp", lines: +0 -8
244 crypto/objects/objects.txt (1.20.2.19), "Exp", lines: +0 -11
245 crypto/md4/Makefile.ssl (1.6.2.5), "Exp", lines: +4 -7
246 crypto/md5/Makefile.ssl (1.33.2.8), "Exp", lines: +4 -7
247 crypto/evp/Makefile.ssl (1.64.2.9), "Exp", lines: +7 -8
248 crypto/evp/c_allc.c (1.8.2.6), "Exp", lines: +0 -4
249 crypto/evp/e_aes.c (1.6.2.9), "Exp", lines: +4 -22
250 crypto/evp/e_des.c (1.5.2.5), "Exp", lines: +2 -43
251 crypto/evp/e_des3.c (1.8.2.4), "Exp", lines: +3 -3
252 crypto/evp/evp.h (1.86.2.13), "Exp", lines: +11 -36
253 crypto/evp/evp_err.c (1.23.2.2), "Exp", lines: +1 -3
254 crypto/evp/evp_lib.c (1.6.8.3), "Exp", lines: +0 -24
255 crypto/evp/evp_locl.h (1.7.2.5), "Exp", lines: +2 -11
256 crypto/evp/evp_test.c (1.14.2.12), "Exp", lines: +8 -17
257 crypto/evp/evptests.txt (1.9.2.6), "Exp", lines: +1 -106
258 crypto/dsa/Makefile.ssl (1.49.2.7), "Exp", lines: +6 -10
259 crypto/dsa/dsa_ossl.c (1.12.2.5), "Exp", lines: +0 -2
260 crypto/dsa/dsa_sign.c (1.10.2.4), "Exp", lines: +0 -12
261 crypto/dsa/dsa_vrf.c (1.10.2.4), "Exp", lines: +0 -8
262 crypto/err/Makefile.ssl (1.48.2.5), "Exp", lines: +16 -17
263 crypto/err/err.h (1.35.2.4), "Exp", lines: +0 -2
264 crypto/err/err_all.c (1.17.2.3), "Exp", lines: +0 -4
265 crypto/err/openssl.ec (1.11.2.2), "Exp", lines: +0 -1
266 crypto/des/des.h (1.40.2.5), "Exp", lines: +1 -1
267 crypto/des/des_enc.c (1.11.2.3), "Exp", lines: +0 -4
268 crypto/des/des_old.c (1.11.2.5), "Exp", lines: +1 -1
269 crypto/des/destest.c (1.30.2.7), "Exp", lines: +2 -2
270 crypto/des/ecb3_enc.c (1.8.2.2), "Exp", lines: +3 -1
271 crypto/aes/Makefile.ssl (1.4.2.7), "Exp", lines: +1 -2
272 crypto/aes/aes.h (1.1.2.8), "Exp", lines: +0 -9
273 crypto/aes/aes_cfb.c (1.1.2.8), "Exp", lines: +0 -93
274 crypto/aes/aes_core.c (1.1.2.5), "Exp", lines: +0 -4
275 crypto/cryptlib.c (1.32.2.10), "Exp", lines: +0 -5
276 crypto/md32_common.h (1.22.2.5), "Exp", lines: +0 -11
277 Configure (1.314.2.86), "Exp", lines: +0 -2
278 Makefile.org (1.154.2.72), "Exp", lines: +8 -34
279 TABLE (1.99.2.30), "Exp", lines: +0 -50
280
281 A new branch for FIPS-related changes has been created with the
282 name OpenSSL-fips-0_9_7-stable.
283
284 Since the 0.9.7-stable branch is supposed to be in freeze
285 and should only contain bug corrections, this change removes the
286 FIPS changes from that branch.
287
2882004-05-11 14:44 ben
289
290 Deleted:
291 apps/Makefile.ssl (1.100.2.27)
292 crypto/Makefile.ssl (1.84.2.12)
293 crypto/aes/Makefile.ssl (1.4.2.9)
294 crypto/asn1/Makefile.ssl (1.77.2.7)
295 crypto/bf/Makefile.ssl (1.25.2.6)
296 crypto/bio/Makefile.ssl (1.52.2.4)
297 crypto/bn/Makefile.ssl (1.65.2.9)
298 crypto/buffer/Makefile.ssl (1.32.2.4)
299 crypto/cast/Makefile.ssl (1.31.2.6)
300 crypto/comp/Makefile.ssl (1.32.2.4)
301 crypto/conf/Makefile.ssl (1.38.2.8)
302 crypto/des/Makefile.ssl (1.61.2.13)
303 crypto/dh/Makefile.ssl (1.43.2.5)
304 crypto/dsa/Makefile.ssl (1.49.2.9)
305 crypto/dso/Makefile.ssl (1.11.2.4)
306 crypto/ec/Makefile.ssl (1.7.2.4)
307 crypto/engine/Makefile.ssl (1.30.2.13)
308 crypto/err/Makefile.ssl (1.48.2.7)
309 crypto/evp/Makefile.ssl (1.64.2.12)
310 crypto/hmac/Makefile.ssl (1.33.2.6)
311 crypto/idea/Makefile.ssl (1.20.2.4)
312 crypto/krb5/Makefile.ssl (1.5.2.6)
313 crypto/lhash/Makefile.ssl (1.28.2.4)
314 crypto/md2/Makefile.ssl (1.29.2.5)
315 crypto/md4/Makefile.ssl (1.6.2.7)
316 crypto/md5/Makefile.ssl (1.33.2.10)
317 crypto/mdc2/Makefile.ssl (1.30.2.4)
318 crypto/objects/Makefile.ssl (1.46.2.6)
319 crypto/ocsp/Makefile.ssl (1.19.2.7)
320 crypto/pem/Makefile.ssl (1.51.2.5)
321 crypto/pkcs12/Makefile.ssl (1.37.2.5)
322 crypto/pkcs7/Makefile.ssl (1.47.2.5)
323 crypto/rand/Makefile.ssl (1.56.2.8)
324 crypto/rc2/Makefile.ssl (1.20.2.4)
325 crypto/rc4/Makefile.ssl (1.25.2.6)
326 crypto/rc5/Makefile.ssl (1.22.2.6)
327 crypto/ripemd/Makefile.ssl (1.25.2.9)
328 crypto/rsa/Makefile.ssl (1.53.2.6)
329 crypto/sha/Makefile.ssl (1.26.2.9)
330 crypto/stack/Makefile.ssl (1.28.2.4)
331 crypto/txt_db/Makefile.ssl (1.26.2.4)
332 crypto/ui/Makefile.ssl (1.10.2.6)
333 crypto/x509/Makefile.ssl (1.56.2.5)
334 crypto/x509v3/Makefile.ssl (1.62.2.5)
335 ssl/Makefile.ssl (1.53.2.11)
336 test/Makefile.ssl (1.84.2.36)
337 tools/Makefile.ssl (1.9.2.4)
338 Changed:
339 .cvsignore (1.7.6.2), "Exp", lines: +2 -1
340 Configure (1.314.2.92), "Exp", lines: +38 -8
341 FAQ (1.61.2.31), "Exp", lines: +1 -1
342 INSTALL (1.45.2.9), "Exp", lines: +2 -2
343 INSTALL.W32 (1.30.2.14), "Exp", lines: +9 -4
344 Makefile.org (1.154.2.78), "Exp", lines: +51 -19
345 PROBLEMS (1.4.2.10), "Exp", lines: +2 -2
346 e_os.h (1.56.2.17), "Exp", lines: +20 -1
347 apps/.cvsignore (1.5.8.1), "Exp", lines: +1 -0
348 apps/Makefile (1.1.4.1), "Exp", lines: +1147 -0
349 apps/apps.c (1.49.2.27), "Exp", lines: +0 -10
350 apps/ca.c (1.102.2.31), "Exp", lines: +0 -10
351 apps/dgst.c (1.23.2.10), "Exp", lines: +39 -11
352 apps/openssl.c (1.48.2.9), "Exp", lines: +19 -0
353 crypto/Makefile (1.1.4.1), "Exp", lines: +217 -0
354 crypto/cryptlib.c (1.32.2.11), "Exp", lines: +5 -0
355 crypto/crypto-lib.com (1.53.2.12), "Exp", lines: +1 -1
356 crypto/md32_common.h (1.22.2.6), "Exp", lines: +12 -0
357 crypto/aes/Makefile (1.1.4.1), "Exp", lines: +102 -0
358 crypto/aes/aes.h (1.1.2.9), "Exp", lines: +9 -0
359 crypto/aes/aes_cfb.c (1.1.2.9), "Exp", lines: +93 -0
360 crypto/aes/aes_core.c (1.1.2.6), "Exp", lines: +4 -0
361 crypto/asn1/Makefile (1.1.4.1), "Exp", lines: +1150 -0
362 crypto/bf/Makefile (1.1.4.1), "Exp", lines: +113 -0
363 crypto/bio/Makefile (1.1.4.1), "Exp", lines: +214 -0
364 crypto/bio/bio.h (1.56.2.6), "Exp", lines: +1 -0
365 crypto/bn/Makefile (1.1.4.1), "Exp", lines: +324 -0
366 crypto/bn/bntest.c (1.55.2.4), "Exp", lines: +1 -1
367 crypto/buffer/Makefile (1.1.4.1), "Exp", lines: +92 -0
368 crypto/cast/Makefile (1.1.4.1), "Exp", lines: +118 -0
369 crypto/cast/asm/.cvsignore (1.2.8.1), "Exp", lines: +1 -0
370 crypto/comp/Makefile (1.1.4.1), "Exp", lines: +112 -0
371 crypto/conf/Makefile (1.1.4.1), "Exp", lines: +181 -0
372 crypto/des/Makefile (1.1.4.1), "Exp", lines: +314 -0
373 crypto/des/cfb64ede.c (1.6.2.4), "Exp", lines: +111 -0
374 crypto/des/des.h (1.40.2.6), "Exp", lines: +5 -1
375 crypto/des/des_enc.c (1.11.2.4), "Exp", lines: +8 -0
376 crypto/des/des_old.c (1.11.2.6), "Exp", lines: +1 -1
377 crypto/des/destest.c (1.30.2.8), "Exp", lines: +2 -2
378 crypto/des/ecb3_enc.c (1.8.2.3), "Exp", lines: +1 -3
379 crypto/des/set_key.c (1.18.2.2), "Exp", lines: +4 -0
380 crypto/dh/Makefile (1.1.4.1), "Exp", lines: +131 -0
381 crypto/dsa/Makefile (1.1.4.1), "Exp", lines: +173 -0
382 crypto/dsa/dsa_gen.c (1.19.2.1), "Exp", lines: +4 -1
383 crypto/dsa/dsa_key.c (1.9.2.1), "Exp", lines: +2 -0
384 crypto/dsa/dsa_ossl.c (1.12.2.6), "Exp", lines: +2 -0
385 crypto/dsa/dsa_sign.c (1.10.2.5), "Exp", lines: +12 -0
386 crypto/dsa/dsa_vrf.c (1.10.2.5), "Exp", lines: +8 -0
387 crypto/dso/Makefile (1.1.4.1), "Exp", lines: +140 -0
388 crypto/ec/Makefile (1.1.4.1), "Exp", lines: +126 -0
389 crypto/engine/Makefile (1.1.4.1), "Exp", lines: +536 -0
390 crypto/engine/hw_cryptodev.c (1.1.2.6), "Exp", lines: +6 -2
391 crypto/err/Makefile (1.1.4.1), "Exp", lines: +118 -0
392 crypto/err/err.h (1.35.2.6), "Exp", lines: +2 -0
393 crypto/err/err_all.c (1.17.2.4), "Exp", lines: +4 -0
394 crypto/err/openssl.ec (1.11.2.3), "Exp", lines: +1 -0
395 crypto/evp/Makefile (1.1.4.1), "Exp", lines: +1057 -0
396 crypto/evp/bio_md.c (1.11.2.1), "Exp", lines: +6 -0
397 crypto/evp/c_allc.c (1.8.2.7), "Exp", lines: +8 -0
398 crypto/evp/e_aes.c (1.6.2.10), "Exp", lines: +22 -4
399 crypto/evp/e_des.c (1.5.2.8), "Exp", lines: +36 -3
400 crypto/evp/e_des3.c (1.8.2.7), "Exp", lines: +43 -4
401 crypto/evp/evp.h (1.86.2.15), "Exp", lines: +39 -11
402 crypto/evp/evp_err.c (1.23.2.3), "Exp", lines: +3 -1
403 crypto/evp/evp_lib.c (1.6.8.4), "Exp", lines: +24 -0
404 crypto/evp/evp_locl.h (1.7.2.6), "Exp", lines: +11 -2
405 crypto/evp/evp_test.c (1.14.2.13), "Exp", lines: +17 -8
406 crypto/evp/evptests.txt (1.9.2.7), "Exp", lines: +106 -1
407 crypto/hmac/Makefile (1.1.4.1), "Exp", lines: +99 -0
408 crypto/idea/Makefile (1.1.4.1), "Exp", lines: +89 -0
409 crypto/krb5/Makefile (1.1.4.1), "Exp", lines: +88 -0
410 crypto/lhash/Makefile (1.1.4.1), "Exp", lines: +91 -0
411 crypto/md2/Makefile (1.1.4.1), "Exp", lines: +91 -0
412 crypto/md4/Makefile (1.1.4.1), "Exp", lines: +93 -0
413 crypto/md5/Makefile (1.1.4.1), "Exp", lines: +129 -0
414 crypto/mdc2/Makefile (1.1.4.1), "Exp", lines: +96 -0
415 crypto/objects/Makefile (1.1.4.1), "Exp", lines: +121 -0
416 crypto/objects/obj_dat.h (1.49.2.19), "Exp", lines: +33 -3
417 crypto/objects/obj_mac.h (1.19.2.19), "Exp", lines: +40 -0
418 crypto/objects/obj_mac.num (1.15.2.15), "Exp", lines: +10 -0
419 crypto/objects/objects.txt (1.20.2.20), "Exp", lines: +13 -0
420 crypto/ocsp/Makefile (1.1.4.1), "Exp", lines: +291 -0
421 crypto/pem/Makefile (1.1.4.1), "Exp", lines: +334 -0
422 crypto/pkcs12/Makefile (1.1.4.1), "Exp", lines: +415 -0
423 crypto/pkcs7/Makefile (1.1.4.1), "Exp", lines: +241 -0
424 crypto/rand/Makefile (1.1.4.1), "Exp", lines: +196 -0
425 crypto/rand/md_rand.c (1.69.2.4), "Exp", lines: +9 -0
426 crypto/rand/rand.h (1.26.2.7), "Exp", lines: +3 -0
427 crypto/rand/rand_err.c (1.6.2.3), "Exp", lines: +4 -1
428 crypto/rand/rand_lib.c (1.15.2.4), "Exp", lines: +11 -0
429 crypto/rc2/Makefile (1.1.4.1), "Exp", lines: +89 -0
430 crypto/rc4/Makefile (1.1.4.1), "Exp", lines: +108 -0
431 crypto/rc5/Makefile (1.1.4.1), "Exp", lines: +106 -0
432 crypto/ripemd/Makefile (1.1.4.1), "Exp", lines: +111 -0
433 crypto/rsa/Makefile (1.1.4.1), "Exp", lines: +239 -0
434 crypto/rsa/rsa_eay.c (1.28.2.9), "Exp", lines: +1 -1
435 crypto/rsa/rsa_gen.c (1.8.6.1), "Exp", lines: +3 -0
436 crypto/sha/Makefile (1.1.4.1), "Exp", lines: +118 -0
437 crypto/sha/sha1dgst.c (1.21.2.1), "Exp", lines: +8 -0
438 crypto/stack/Makefile (1.1.4.1), "Exp", lines: +86 -0
439 crypto/txt_db/Makefile (1.1.4.1), "Exp", lines: +86 -0
440 crypto/ui/Makefile (1.1.4.1), "Exp", lines: +115 -0
441 crypto/x509/Makefile (1.1.4.1), "Exp", lines: +592 -0
442 crypto/x509v3/Makefile (1.1.4.1), "Exp", lines: +601 -0
443 fips/Makefile (1.1.4.1), "Exp", lines: +202 -0
444 fips/fingerprint.sha1 (1.1.2.4), "Exp", lines: +4 -4
445 fips/fips.c (1.1.2.3), "Exp", lines: +120 -5
446 fips/fips.h (1.1.2.3), "Exp", lines: +42 -2
447 fips/fips_check_sha1 (1.1.2.5), "Exp", lines: +2 -2
448 fips/fips_err.h (1.1.4.1), "Exp", lines: +117 -0
449 fips/fips_err_wrapper.c (1.1.2.3), "Exp", lines: +4 -2
450 fips/fips_locl.h (1.1.4.1), "Exp", lines: +62 -0
451 fips/fips_make_sha1 (1.1.2.5), "Exp", lines: +9 -6
452 fips/fips_test_suite.c (1.1.4.1), "Exp", lines: +302 -0
453 fips/openssl_fips_fingerprint (1.1.4.1), "Exp", lines: +25 -0
454 fips/aes/Makefile (1.1.4.1), "Exp", lines: +131 -0
455 fips/aes/fingerprint.sha1 (1.1.2.3), "Exp", lines: +3 -2
456 fips/aes/fips_aes_core.c (1.1.2.3), "Exp", lines: +5 -2
457 fips/aes/fips_aes_locl.h (1.1.2.3), "Exp", lines: +0 -0
458 fips/aes/fips_aes_selftest.c (1.1.4.1), "Exp", lines: +112 -0
459 fips/aes/fips_aesavs.c (1.1.2.10), "Exp", lines: +12 -6
460 fips/des/Makefile (1.1.4.1), "Exp", lines: +155 -0
461 fips/des/fingerprint.sha1 (1.1.2.3), "Exp", lines: +5 -2
462 fips/des/fips_des_enc.c (1.1.2.4), "Exp", lines: +16 -3
463 fips/des/fips_des_locl.h (1.1.2.3), "Exp", lines: +1 -1
464 fips/des/fips_des_selftest.c (1.1.4.1), "Exp", lines: +200 -0
465 fips/des/fips_desmovs.c (1.1.2.4), "Exp", lines: +186 -79
466 fips/des/fips_set_key.c (1.1.4.1), "Exp", lines: +415 -0
467 fips/des/asm/fips-dx86-elf.s (1.1.4.1), "Exp", lines: +2697 -0
468 fips/dsa/Makefile (1.1.4.1), "Exp", lines: +159 -0
469 fips/dsa/fingerprint.sha1 (1.1.2.4), "Exp", lines: +3 -1
470 fips/dsa/fips_dsa_gen.c (1.1.4.1), "Exp", lines: +373 -0
471 fips/dsa/fips_dsa_ossl.c (1.1.2.4), "Exp", lines: +16 -3
472 fips/dsa/fips_dsa_selftest.c (1.1.4.1), "Exp", lines: +168 -0
473 fips/dsa/fips_dsatest.c (1.1.2.4), "Exp", lines: +10 -6
474 fips/dsa/fips_dssvs.c (1.1.4.1), "Exp", lines: +306 -0
475 fips/rand/Makefile (1.1.4.1), "Exp", lines: +104 -0
476 fips/rand/fingerprint.sha1 (1.1.2.3), "Exp", lines: +2 -2
477 fips/rand/fips_rand.c (1.1.2.3), "Exp", lines: +60 -10
478 fips/rand/fips_rand.h (1.1.2.3), "Exp", lines: +19 -1
479 fips/rand/fips_randtest.c (1.1.2.3), "Exp", lines: +31 -10
480 fips/rsa/Makefile (1.1.4.1), "Exp", lines: +112 -0
481 fips/rsa/fingerprint.sha1 (1.1.4.1), "Exp", lines: +3 -0
482 fips/rsa/fips_rsa_eay.c (1.1.4.1), "Exp", lines: +735 -0
483 fips/rsa/fips_rsa_gen.c (1.1.4.1), "Exp", lines: +249 -0
484 fips/rsa/fips_rsa_selftest.c (1.1.4.1), "Exp", lines: +207 -0
485 fips/sha1/.cvsignore (1.1.2.3), "Exp", lines: +1 -2
486 fips/sha1/Makefile (1.1.4.1), "Exp", lines: +158 -0
487 fips/sha1/fingerprint.sha1 (1.1.2.4), "Exp", lines: +5 -3
488 fips/sha1/fips_md32_common.h (1.1.2.3), "Exp", lines: +0 -0
489 fips/sha1/fips_sha1_selftest.c (1.1.4.1), "Exp", lines: +97 -0
490 fips/sha1/fips_sha1dgst.c (1.1.2.4), "Exp", lines: +4 -4
491 fips/sha1/fips_sha1test.c (1.1.2.4), "Exp", lines: +17 -0
492 fips/sha1/fips_sha_locl.h (1.1.2.3), "Exp", lines: +7 -0
493 fips/sha1/fips_standalone_sha1.c (1.1.2.4), "Exp", lines: +60 -7
494 fips/sha1/sha1hashes.txt (1.1.2.3), "Exp", lines: +0 -0
495 fips/sha1/sha1vectors.txt (1.1.2.3), "Exp", lines: +0 -0
496 fips/sha1/standalone.sha1 (1.1.2.5), "Exp", lines: +6 -4
497 fips/sha1/asm/sx86-elf.s (1.1.4.1), "Exp", lines: +1568 -0
498 ms/do_masm.bat (1.1.8.2), "Exp", lines: +12 -10
499 ms/do_ms.bat (1.4.8.2), "Exp", lines: +11 -11
500 ms/do_nasm.bat (1.1.8.2), "Exp", lines: +12 -11
501 ms/do_nt.bat (1.2.8.1), "Exp", lines: +4 -4
502 shlib/hpux10-cc.sh (1.3.2.2), "Exp", lines: +3 -3
503 ssl/Makefile (1.1.4.1), "Exp", lines: +1019 -0
504 ssl/s3_clnt.c (1.53.2.16), "Exp", lines: +10 -0
505 ssl/s3_srvr.c (1.85.2.21), "Exp", lines: +9 -0
506 ssl/ssl_cert.c (1.48.2.7), "Exp", lines: +9 -0
507 ssl/ssl_lib.c (1.110.2.12), "Exp", lines: +13 -1
508 ssl/ssltest.c (1.53.2.23), "Exp", lines: +33 -1
509 ssl/t1_enc.c (1.27.2.8), "Exp", lines: +19 -1
510 test/.cvsignore (1.4.8.1), "Exp", lines: +4 -0
511 test/Makefile (1.1.4.1), "Exp", lines: +941 -0
512 test/bctest (1.14.2.1), "Exp", lines: +1 -1
513 test/testenc (1.3.8.1), "Exp", lines: +1 -1
514 test/testfipsssl (1.1.4.1), "Exp", lines: +113 -0
515 tools/Makefile (1.1.4.1), "Exp", lines: +61 -0
516 util/cygwin.sh (1.1.2.5), "Exp", lines: +3 -3
517 util/domd (1.6.2.3), "Exp", lines: +5 -5
518 util/fixNT.sh (1.1.1.2.8.1), "Exp", lines: +3 -3
519 util/libeay.num (1.173.2.19), "Exp", lines: +55 -11
520 util/mk1mf.pl (1.41.2.10), "Exp", lines: +6 -4
521 util/mkdef.pl (1.67.2.7), "Exp", lines: +11 -4
522 util/mkerr.pl (1.18.2.6), "Exp", lines: +2 -1
523 util/mkfiles.pl (1.12.2.1), "Exp", lines: +8 -1
524 util/pod2mantest (1.1.2.7), "Exp", lines: +1 -1
525 util/selftest.pl (1.18.2.1), "Exp", lines: +2 -2
526 util/pl/BC-16.pl (1.2.2.1), "Exp", lines: +1 -1
527 util/pl/BC-32.pl (1.11.2.4), "Exp", lines: +1 -1
528 util/pl/Mingw32.pl (1.12.6.5), "Exp", lines: +1 -1
529 util/pl/OS2-EMX.pl (1.1.2.3), "Exp", lines: +1 -1
530 util/pl/VC-16.pl (1.3.2.1), "Exp", lines: +2 -2
531 util/pl/VC-32.pl (1.11.2.3), "Exp", lines: +2 -2
532 util/pl/VC-CE.pl (1.1.2.5), "Exp", lines: +1 -1
533 util/pl/ultrix.pl (1.2.8.1), "Exp", lines: +1 -1
534
535 Pull FIPS back into stable.
536
5372004-05-12 10:27 levitte
538
539 Changed:
540 apps/Makefile (1.1.4.2), "Exp", lines: +3 -1
541
542 Only check for FIPS signatures when FIPS is enabled.
543
5442004-05-12 10:28 levitte
545
546 Changed:
547 crypto/des/FILES0 (1.1.4.2), "Exp", lines: +1 -1
548
549 Makefile.ssl changed name to Makefile.
550
5512004-05-12 10:28 levitte
552
553 Changed:
554 fips/rand/fips_rand.c (1.1.2.4), "Exp", lines: +5 -1
555
556 Only really build this file when OPENSSL_FIPS is defined. And oh,
557 let's keep internal variables static.
558
5592004-05-12 10:42 levitte
560
561 Changed:
562 fips/rand/fingerprint.sha1 (1.1.2.4), "Exp", lines: +1 -1
563
564 I forgot to modify the signature for fips_rand.c...
565
5662004-05-12 10:46 levitte
567
568 Changed:
569 fips/rsa/.cvsignore (1.1.4.1), "Exp", lines: +1 -0
570 fips/.cvsignore (1.1.2.3), "Exp", lines: +1 -1
571 fips/aes/.cvsignore (1.1.2.3), "Exp", lines: +0 -3
572 fips/des/.cvsignore (1.1.2.3), "Exp", lines: +0 -2
573 fips/dsa/.cvsignore (1.1.2.3), "Exp", lines: +0 -1
574 fips/rand/.cvsignore (1.1.2.3), "Exp", lines: +0 -1
575
576 Ignore the 'lib' timestamp file.
577
5782004-05-12 12:07 levitte
579
580 Changed:
581 fips/.cvsignore (1.1.2.4), "Exp", lines: +1 -0
582 fips/aes/.cvsignore (1.1.2.4), "Exp", lines: +1 -0
583 fips/des/.cvsignore (1.1.2.4), "Exp", lines: +1 -0
584 fips/dsa/.cvsignore (1.1.2.4), "Exp", lines: +1 -0
585 fips/rand/.cvsignore (1.1.2.4), "Exp", lines: +1 -0
586 fips/rsa/.cvsignore (1.1.4.2), "Exp", lines: +1 -0
587 fips/sha1/.cvsignore (1.1.2.4), "Exp", lines: +1 -0
588
589 Ignore 'Makefile.save'
590
5912004-05-12 16:11 ben
592
593 Changed:
594 crypto/rand/rand.h (1.26.2.8), "Exp", lines: +2 -0
595 crypto/rand/rand_err.c (1.6.2.4), "Exp", lines: +2 -0
596 fips/fingerprint.sha1 (1.1.2.5), "Exp", lines: +1 -1
597 fips/fips.c (1.1.2.4), "Exp", lines: +5 -1
598 fips/rand/fingerprint.sha1 (1.1.2.5), "Exp", lines: +1 -1
599 fips/rand/fips_rand.c (1.1.2.5), "Exp", lines: +29 -0
600
601 Blow up in people's faces if they don't reseed.
602
6032004-05-15 19:51 ben
604
605 Changed:
606 crypto/dh/dh.h (1.23.2.6), "Exp", lines: +1 -0
607 crypto/dh/dh_err.c (1.6.2.3), "Exp", lines: +2 -1
608 crypto/dh/dh_gen.c (1.8.8.2), "Exp", lines: +9 -0
609 fips/fips_test_suite.c (1.1.4.2), "Exp", lines: +4 -3
610 fips/aes/fips_aesavs.c (1.1.2.11), "Exp", lines: +49 -1
611 fips/des/fingerprint.sha1 (1.1.2.4), "Exp", lines: +1 -1
612 fips/des/fips_desmovs.c (1.1.2.5), "Exp", lines: +49 -1
613 fips/des/fips_set_key.c (1.1.4.2), "Exp", lines: +2 -0
614 fips/sha1/fingerprint.sha1 (1.1.2.5), "Exp", lines: +1 -1
615 fips/sha1/fips_md32_common.h (1.1.2.4), "Exp", lines: +3 -0
616 fips/sha1/standalone.sha1 (1.1.2.6), "Exp", lines: +1 -1
617
618 Fix self-tests, ban some things in FIPS mode, fix copyrights.
619
6202004-05-17 06:28 levitte
621
622 Changed:
623 util/mk1mf.pl (1.41.2.11), "Exp", lines: +8 -2
624 util/pl/BC-16.pl (1.2.2.2), "Exp", lines: +9 -4
625 util/pl/BC-32.pl (1.11.2.5), "Exp", lines: +8 -3
626 util/pl/Mingw32.pl (1.12.6.6), "Exp", lines: +7 -2
627 util/pl/OS2-EMX.pl (1.1.2.4), "Exp", lines: +7 -2
628 util/pl/VC-16.pl (1.3.2.2), "Exp", lines: +7 -2
629 util/pl/VC-32.pl (1.11.2.4), "Exp", lines: +7 -2
630 util/pl/VC-CE.pl (1.1.2.6), "Exp", lines: +7 -2
631 util/pl/linux.pl (1.3.6.1), "Exp", lines: +7 -2
632 util/pl/ultrix.pl (1.2.8.2), "Exp", lines: +7 -2
633 util/pl/unix.pl (1.2.8.1), "Exp", lines: +7 -2
634
635 Generate SHA1 files on Windows and other platforms supported by
636 mk1mf.pl, when building in FIPS mode.
637
638 Note: UNTESTED!
639
6402004-05-17 06:30 levitte
641
642 Changed:
643 apps/apps.h (1.44.2.14), "Exp", lines: +3 -0
644 apps/openssl.c (1.48.2.10), "Exp", lines: +9 -5
645
646 Make sure the applications know when we are running in FIPS mode.
647 We can't use the variable in libcrypto, since it's supposedly
648 unknown.
649
650 Note: currently only supported in MONOLITH mode.
651
6522004-05-17 06:31 levitte
653
654 Changed:
655 apps/enc.c (1.35.2.9), "Exp", lines: +10 -1
656
657 When in FIPS mode, use SHA1 to digest the key, rather than MD5, as
658 MD5 isn't a FIPS-approved algorithm.
659
660 Note: this means the user needs to keep track of this, and
661 we need to add support for that...
662
6632004-05-19 16:16 levitte
664
665 Changed:
666 fips/rsa/fingerprint.sha1 (1.1.4.2), "Exp", lines: +2 -2
667 fips/rsa/fips_rsa_eay.c (1.1.4.2), "Exp", lines: +8 -8
668 fips/rsa/fips_rsa_gen.c (1.1.4.2), "Exp", lines: +1 -1
669 fips/dsa/fingerprint.sha1 (1.1.2.5), "Exp", lines: +2 -2
670 fips/dsa/fips_dsa_gen.c (1.1.4.2), "Exp", lines: +2 -2
671 fips/dsa/fips_dsa_ossl.c (1.1.2.5), "Exp", lines: +4 -4
672 fips/aes/fingerprint.sha1 (1.1.2.4), "Exp", lines: +1 -1
673 fips/aes/fips_aes_core.c (1.1.2.4), "Exp", lines: +5 -5
674 crypto/rsa/rsa.h (1.36.2.11), "Exp", lines: +4 -0
675 crypto/aes/aes.h (1.1.2.10), "Exp", lines: +6 -0
676 crypto/dsa/dsa.h (1.26.2.5), "Exp", lines: +4 -0
677
678 Define FIPS_*_SIZE_T for AES, DSA and RSA as well, in preparation
679 for size_t-ification of those algorithms in future version of
680 OpenSSL...
681
6822004-05-27 11:33 levitte
683
684 Changed:
685 makevms.com (1.35.2.3), "Exp", lines: +27 -0
686
687 Copy the FIPS files to the temporary openssl include directory.
688
6892004-05-27 12:04 levitte
690
691 Changed:
692 fips/fips-lib.com (1.1.2.1), "Exp", lines: +1179 -0
693 makevms.com (1.35.2.4), "Exp", lines: +8 -0
694
695 Compile the FIPS directory on VMS as well. fips-lib.com is
696 essentially a copy of crypto-lib.com, with just a few edits.
697
6982004-05-27 12:07 levitte
699
700 Changed:
701 fips/install.com (1.1.2.1), "Exp", lines: +55 -0
702 install.com (1.4.2.2), "Exp", lines: +6 -6
703
704 Run an installation of FIPS stuff as well.
705
7062004-05-27 12:19 levitte
707
708 Changed:
709 test/maketests.com (1.13.2.5), "Exp", lines: +3 -3
710 apps/makeapps.com (1.18.2.5), "Exp", lines: +3 -3
711
712 Make sure o_str.h is reachable.
713
7142004-06-19 15:15 ben
715
716 Changed:
717 Makefile.org (1.154.2.80), "Exp", lines: +1 -1
718 crypto/dh/dh.h (1.23.2.7), "Exp", lines: +0 -1
719 crypto/dh/dh_check.c (1.6.2.1), "Exp", lines: +4 -0
720 crypto/dh/dh_err.c (1.6.2.4), "Exp", lines: +0 -1
721 crypto/dh/dh_gen.c (1.8.8.3), "Exp", lines: +5 -9
722 crypto/dh/dh_key.c (1.16.2.3), "Exp", lines: +4 -0
723 fips/Makefile (1.1.4.2), "Exp", lines: +13 -14
724 fips/fingerprint.sha1 (1.1.2.6), "Exp", lines: +2 -2
725 fips/fips.h (1.1.2.4), "Exp", lines: +1 -0
726 fips/fips_err.h (1.1.4.2), "Exp", lines: +1 -0
727 fips/fips_make_sha1 (1.1.2.6), "Exp", lines: +3 -0
728 fips/fips_test_suite.c (1.1.4.3), "Exp", lines: +13 -9
729 fips/openssl_fips_fingerprint (1.1.4.2), "Exp", lines: +1 -2
730
731 The version that was actually submitted for FIPS testing.
732
7332004-06-19 15:16 ben
734
735 Changed:
736 fips/dh/Makefile (1.1.2.1), "Exp", lines: +92 -0
737 fips/dh/fingerprint.sha1 (1.1.2.1), "Exp", lines: +3 -0
738 fips/dh/fips_dh_check.c (1.1.2.1), "Exp", lines: +119 -0
739 fips/dh/fips_dh_gen.c (1.1.2.1), "Exp", lines: +182 -0
740 fips/dh/fips_dh_key.c (1.1.2.1), "Exp", lines: +222 -0
741
742 Add Diffie-Hellman to FIPS.
743
7442004-06-19 15:18 ben
745
746 Changed:
747 fips/.cvsignore (1.1.2.5), "Exp", lines: +2 -0
748 fips/dh/.cvsignore (1.1.2.1), "Exp", lines: +1 -0
749
750 Update ignores.
751
7522004-06-21 11:07 levitte
753
754 Changed:
755 fips/aes/Makefile (1.1.4.2), "Exp", lines: +7 -5
756 fips/des/Makefile (1.1.4.2), "Exp", lines: +7 -5
757 fips/dh/Makefile (1.1.2.2), "Exp", lines: +7 -6
758 fips/dsa/Makefile (1.1.4.2), "Exp", lines: +7 -6
759 fips/rsa/Makefile (1.1.4.2), "Exp", lines: +7 -6
760 fips/sha1/Makefile (1.1.4.2), "Exp", lines: +7 -5
761
762 Make sure we don't try to loop over an empty EXHEADER. In the
763 Makefiles where this was fixed by commenting away code, change it
764 to check for an empty EXHEADER instead, so we have less hassle in a
765 future where EXHEADER changes.
766
767 PR: 900
768
7692004-06-21 20:05 levitte
770
771 Changed:
772 Makefile.org (1.154.2.82), "Exp", lines: +3 -1
773
774 Standard sh doesn't tolerate ! as part of the conditional command.
775
776 PR: 900
777
7782004-06-28 22:33 levitte
779
780 Changed:
781 fips/dh/fips_dh_check.c (1.1.2.2), "Exp", lines: +6 -0
782 fips/dh/fips_dh_gen.c (1.1.2.2), "Exp", lines: +6 -2
783 fips/dh/fips_dh_key.c (1.1.2.2), "Exp", lines: +8 -0
784
785 Make sure the FIPS stuff is only really compiled when in FIPS mode.
786
7872004-07-12 19:59 ben
788
789 Changed:
790 fips/fips_test_suite.c (1.1.4.4), "Exp", lines: +39 -6
791 fips/dh/fingerprint.sha1 (1.1.2.2), "Exp", lines: +3 -3
792
793 Corrected test program.
794
7952004-07-17 14:48 appro
796
797 Changed:
798 fips/des/Makefile (1.1.4.3), "Exp", lines: +1 -1
799
800 Eliminate enforced -g from CFLAGS. It switches off optimization
801 with some compilers, e.g. DEC C.
802
8032004-07-21 19:41 steve
804
805 Changed:
806 crypto/pem/pem_all.c (1.20.2.1), "Exp", lines: +119 -0
807
808 When in FIPS mode write private keys in PKCS#8 and PBES2 format to
809 avoid use of prohibited MD5 algorithm.
810
8112004-07-23 15:20 ben
812
813 Changed:
814 fips/rand/fingerprint.sha1 (1.1.2.7), "Exp", lines: +1 -1
815 fips/rand/fips_rand.c (1.1.2.7), "Exp", lines: +22 -7
816 fips/rand/fips_randtest.c (1.1.2.5), "Exp", lines: +2 -2
817
818 Convert to X9.31.
819
8202004-07-21 19:35 steve
821
822 Changed:
823 fips/fingerprint.sha1 (1.1.2.7), "Exp", lines: +1 -1
824 fips/fips.c (1.1.2.5), "Exp", lines: +3 -3
825 fips/rsa/fingerprint.sha1 (1.1.4.3), "Exp", lines: +1 -1
826 fips/rsa/fips_rsa_selftest.c (1.1.4.2), "Exp", lines: +8 -8
827
828 Avoid compiler warnings.
829
8302004-07-27 02:17 steve
831
832 Changed:
833 fips/fips_test_suite.c (1.1.4.5), "Exp", lines: +9 -8
834
835 Stop compiler warnings.
836
8372004-07-27 02:20 steve
838
839 Changed:
840 crypto/err/err.c (1.51.2.6), "Exp", lines: +1 -0
841
842 Add FIPS name to error library.
843
8442004-07-27 14:22 steve
845
846 Changed:
847 Makefile.org (1.154.2.84), "Exp", lines: +3 -3
848 fips/fips_check_sha1 (1.1.2.6), "Exp", lines: +1 -1
849 fips/openssl_fips_fingerprint (1.1.4.3), "Exp", lines: +1 -1
850
851 Rename libcrypto.sha1 to libcrypto.a.sha1
852
8532004-07-27 20:28 steve
854
855 Changed:
856 ssl/s3_lib.c (1.57.2.11), "Exp", lines: +33 -33
857 ssl/ssl.h (1.126.2.20), "Exp", lines: +1 -0
858 ssl/ssl_ciph.c (1.33.2.9), "Exp", lines: +11 -0
859 ssl/ssl_locl.h (1.47.2.3), "Exp", lines: +2 -1
860
861 New cipher "strength" FIPS which specifies that a cipher suite is
862 FIPS compatible.
863
864 New cipherstring "FIPS" is all FIPS compatible ciphersuites
865 except eNULL.
866
867 Only allow FIPS ciphersuites in FIPS mode.
868
8692004-07-28 04:24 levitte
870
871 Changed:
872 makevms.com (1.35.2.6), "Exp", lines: +2 -2
873
874 From the FIPS directory, darnit!
875
8762004-07-28 15:47 levitte
877
878 Changed:
879 makevms.com (1.35.2.7), "Exp", lines: +5 -1
880
881 Define OPENSSL_FIPS in opensslconf.h if a logical name with the
882 same name is defined.
883
884 Go up one directory level before dealing with FIPS stuff.
885
8862004-07-30 00:26 levitte
887
888 Changed:
889 fips/fips-lib.com (1.1.2.2), "Exp", lines: +3 -3
890
891 We're building crypto stuff, not ssl stuff. Additionally, we're in
892 the fips subdirectory, not the crypto one...
893
8942004-07-30 16:37 levitte
895
896 Changed:
897 fips/sha1/fingerprint.sha1 (1.1.2.7), "Exp", lines: +2 -2
898 fips/sha1/fips_md32_common.h (1.1.2.6), "Exp", lines: +1 -1
899 fips/sha1/fips_sha_locl.h (1.1.2.5), "Exp", lines: +2 -2
900 fips/sha1/fips_standalone_sha1.c (1.1.2.5), "Exp", lines: +1 -1
901 fips/sha1/standalone.sha1 (1.1.2.8), "Exp", lines: +3 -3
902 ssl/ssl_ciph.c (1.33.2.10), "Exp", lines: +2 -2
903 fips/rsa/fingerprint.sha1 (1.1.4.4), "Exp", lines: +2 -2
904 fips/rsa/fips_rsa_eay.c (1.1.4.3), "Exp", lines: +1 -1
905 fips/rsa/fips_rsa_gen.c (1.1.4.3), "Exp", lines: +1 -1
906 fips/dh/fingerprint.sha1 (1.1.2.3), "Exp", lines: +1 -1
907 fips/dh/fips_dh_gen.c (1.1.2.3), "Exp", lines: +1 -1
908 fips/dsa/fingerprint.sha1 (1.1.2.6), "Exp", lines: +2 -2
909 fips/dsa/fips_dsa_gen.c (1.1.4.3), "Exp", lines: +4 -3
910 fips/dsa/fips_dsa_ossl.c (1.1.2.6), "Exp", lines: +2 -2
911 fips/des/fingerprint.sha1 (1.1.2.5), "Exp", lines: +2 -2
912 fips/des/fips_des_enc.c (1.1.2.5), "Exp", lines: +2 -2
913 fips/des/fips_set_key.c (1.1.4.3), "Exp", lines: +3 -3
914 fips/fingerprint.sha1 (1.1.2.8), "Exp", lines: +2 -2
915 fips/fips.c (1.1.2.6), "Exp", lines: +76 -23
916 fips/fips.h (1.1.2.5), "Exp", lines: +2 -3
917 fips/fips_locl.h (1.1.4.2), "Exp", lines: +7 -2
918 fips/aes/fingerprint.sha1 (1.1.2.5), "Exp", lines: +1 -1
919 fips/aes/fips_aes_core.c (1.1.2.5), "Exp", lines: +1 -1
920 crypto/rand/md_rand.c (1.69.2.5), "Exp", lines: +1 -1
921 crypto/rand/rand_lib.c (1.15.2.5), "Exp", lines: +2 -1
922 crypto/dsa/dsa_sign.c (1.10.2.6), "Exp", lines: +2 -2
923 crypto/dsa/dsa_vrf.c (1.10.2.6), "Exp", lines: +1 -1
924 crypto/pem/pem_all.c (1.20.2.2), "Exp", lines: +2 -2
925 crypto/cryptlib.c (1.32.2.12), "Exp", lines: +122 -6
926 crypto/crypto.h (1.62.2.8), "Exp", lines: +8 -1
927 crypto/md32_common.h (1.22.2.7), "Exp", lines: +2 -2
928
929 To protect FIPS-related global variables, add locking mechanisms
930 around them.
931
932 NOTE: because two new locks are added, this adds potential
933 binary incompatibility with earlier versions in the 0.9.7 series.
934 However, those locks will only ever be touched when FIPS_mode_set()
935 is called and after, thanks to a variable that's only changed from
936 0 to 1 once (when FIPS_mode_set() is called). So basically, as
937 long as FIPS mode hasn't been engaged explicitely by the calling
938 application, the new locks are treated as if they didn't exist at
939 all, thus not becoming a problem. Applications that are built or
940 rebuilt to use FIPS functionality will need to be recompiled in any
941 case, thus not being a problem either.
942
9432004-08-02 16:15 levitte
944
945 Changed:
946 crypto/cryptlib.c (1.32.2.13), "Exp", lines: +4 -4
947
948 Let's lock a write lock when changing values, shall we?
949
950 Thanks to Dr Stephen Henson <shenson@drh-consultancy.co.uk>
951 for making me aware of this error.
952
9532004-08-05 20:11 steve
954
955 Changed:
956 fips/fingerprint.sha1 (1.1.2.9), "Exp", lines: +1 -1
957 fips/fips.c (1.1.2.7), "Exp", lines: +1 -1
958
959 Stop compiler giving bogus shadow warning.
960
9612004-08-09 14:13 levitte
962
963 Changed:
964 makevms.com (1.35.2.8), "Exp", lines: +1 -1
965
966 In the fips directory, we use FIPS-LIB.COM, not CRYPTO-LIB.COM...
967
9682004-08-09 14:14 levitte
969
970 Changed:
971 fips/fips-lib.com (1.1.2.3), "Exp", lines: +4 -4
972
973 Correct typos and include directory specifications.
974
9752004-08-10 11:11 levitte
976
977 Changed:
978 fips/fips-lib.com (1.1.2.4), "Exp", lines: +2 -1
979
980 Update the VMS fips library builder with the DH library.
981
9822004-08-10 12:04 levitte
983
984 Changed:
985 fips/rand/fingerprint.sha1 (1.1.2.8), "Exp", lines: +1 -1
986 fips/rand/fips_rand.c (1.1.2.8), "Exp", lines: +7 -1
987
988 With DEC C in ANSI C mode, we need to define _XOPEN_SOURCE_EXTENDED
989 to get struct timeval and gettimeofday().
990
9912004-09-06 16:19 levitte
992
993 Changed:
994 fips/fips.c (1.1.2.8), "Exp", lines: +5 -4
995
996 Replace the bogus checks of n with proper uses of feof(), ferror()
997 and clearerr().
998
9992004-09-06 16:21 levitte
1000
1001 Changed:
1002 fips/sha1/fips_sha_locl.h (1.1.2.6), "Exp", lines: +2 -2
1003
1004 num is an unsigned long, but since it was transfered from
1005 crypto/sha/sha_locl.h, where it is in fact an int, we need to check
1006 for less-than-zero as if it was an int...
1007
10082004-10-08 12:03 ben
1009
1010 Changed:
1011 fips/fingerprint.sha1 (1.1.2.10), "Exp", lines: +1 -1
1012 fips/sha1/fingerprint.sha1 (1.1.2.8), "Exp", lines: +1 -1
1013 fips/sha1/standalone.sha1 (1.1.2.9), "Exp", lines: +1 -1
1014
1015 Update fingerprints.
1016
10172004-10-14 07:51 levitte
1018
1019 Changed:
1020 VMS/mkshared.com (1.3.2.1), "Exp", lines: +8 -0
1021
1022 We need to check for OPENSSL_FIPS when building shared libraries,
1023 so we get correct transfer vectors for those functions when
1024 required.
1025
10262004-10-26 13:47 steve
1027
1028 Changed:
1029 util/mkfiles.pl (1.12.2.2), "Exp", lines: +1 -0
1030
1031 Add fips/dh directory to mkfiles.pl
1032
10332004-10-26 14:17 levitte
1034
1035 Changed:
1036 fips/sha1/Makefile (1.1.4.4), "Exp", lines: +3 -1
1037 util/mkfiles.pl (1.12.2.3), "Exp", lines: +1 -0
1038 fips/Makefile (1.1.4.5), "Exp", lines: +7 -1
1039 crypto/sha/Makefile (1.1.4.4), "Exp", lines: +1 -7
1040
1041 fips/dh was missing in mkfiles.pl. make update
1042
10432004-10-26 15:01 steve
1044
1045 Changed:
1046 util/mkfiles.pl (1.12.2.4), "Exp", lines: +0 -1
1047
1048 Only add fips/dh once...
1049
10502004-11-01 09:20 levitte
1051
1052 Changed:
1053 fips/rand/fingerprint.sha1 (1.1.2.9), "Exp", lines: +1 -1
1054 fips/rand/fips_rand.c (1.1.2.9), "Exp", lines: +3 -1
1055
1056 Make sure _XOPEN_SOURCE_EXTENDED is correctly defined, and only if
1057 not already defined.
1058
10592004-12-09 19:03 appro
1060
1061 vChanged:
1062 crypto/Makefile (1.1.4.4), "Exp", lines: +2 -0
1063
1064 Postpone linking of shared libcrypto in FIPS build.
1065
10662004-12-09 19:13 appro
1067
1068 Changed:
1069 fips/fingerprint.sha1 (1.1.2.11), "Exp", lines: +1 -1
1070 fips/fips.c (1.1.2.9), "Exp", lines: +13 -1
1071 fips/openssl_fips_fingerprint (1.1.4.4), "Exp", lines: +4 -2
1072
1073 Cygwin specific FIPS fix-ups.
1074
10752004-12-09 23:43 appro
1076
1077 Changed:
1078 Configure (1.314.2.100), "Exp", lines: +2 -3
1079 crypto/des/des_enc.c (1.11.2.5), "Exp", lines: +2 -2
1080
1081 Eliminate false dependency on 386 config option is FIPS context.
1082 At the same time limit assembler support to ELF platforms [that's
1083 what is there, ELF modules].
1084
10852004-12-10 12:37 appro
1086
1087 Changed:
1088 Configure (1.314.2.101), "Exp", lines: +10 -3
1089 crypto/des/des_enc.c (1.11.2.6), "Exp", lines: +2 -2
1090
1091 Respect no-asm with fips option and disable FIPS DES assembler in
1092 shared context [because it's not PIC].
1093
10942004-12-10 14:15 appro
1095
1096 Changed:
1097 fips/sha1/fingerprint.sha1 (1.1.2.10), "Exp", lines: +1 -1
1098 fips/sha1/standalone.sha1 (1.1.2.11), "Exp", lines: +1 -1
1099 fips/sha1/asm/sx86-elf.s (1.1.4.3), "Exp", lines: +32 -32
1100
1101 Solaris x86 assembler update.
1102
11032004-12-10 17:30 appro
1104
1105 Changed:
1106 fips/fips_check_sha1 (1.1.2.7), "Exp", lines: +1 -1
1107 fips/openssl_fips_fingerprint (1.1.4.5), "Exp", lines: +1 -1
1108 fips/sha1/Makefile (1.1.4.6), "Exp", lines: +1 -1
1109
1110 Adapt FIPS sub-tree for mingw.
1111
11122005-01-03 18:46 steve
1113
1114 Changed:
1115 fips/rsa/fingerprint.sha1 (1.1.4.5), "Exp", lines: +1 -1
1116 fips/rsa/fips_rsa_selftest.c (1.1.4.3), "Exp", lines: +55 -11
1117
1118 RSA KAT.
1119
11202005-01-11 17:54 levitte
1121
1122 Changed:
1123 fips/rsa/fingerprint.sha1 (1.1.4.6), "Exp", lines: +1 -1
1124 fips/rsa/fips_rsa_selftest.c (1.1.4.4), "Exp", lines: +2 -2
1125
1126 Clear signed vs. unsigned conflicts. Change the fingerprint
1127 accordingly.
1128
11292005-01-11 19:25 levitte
1130
1131 Changed:
1132 ssl/ssltest.c (1.53.2.24), "Exp", lines: +2 -2
1133 fips/rand/fips_randtest.c (1.1.2.6), "Exp", lines: +3 -3
1134 fips/sha1/fips_sha1test.c (1.1.2.5), "Exp", lines: +10 -4
1135 fips/des/fips_desmovs.c (1.1.2.6), "Exp", lines: +8 -7
1136 fips/dsa/fips_dsatest.c (1.1.2.5), "Exp", lines: +2 -2
1137 apps/openssl.c (1.48.2.12), "Exp", lines: +1 -1
1138 fips/aes/fips_aesavs.c (1.1.2.12), "Exp", lines: +8 -7
1139
1140 Use EXIT() instead of exit().
1141
11422005-01-26 21:00 steve
1143
1144 Changed:
1145 apps/dgst.c (1.23.2.13), "Exp", lines: +10 -0
1146 apps/pkcs12.c (1.60.2.13), "Exp", lines: +8 -1
1147 crypto/crypto.h (1.62.2.9), "Exp", lines: +49 -0
1148 crypto/md32_common.h (1.22.2.9), "Exp", lines: +1 -1
1149 crypto/bf/bf_skey.c (1.6.2.1), "Exp", lines: +2 -1
1150 crypto/bf/blowfish.h (1.9.2.1), "Exp", lines: +4 -1
1151 crypto/cast/c_skey.c (1.5.6.1), "Exp", lines: +3 -1
1152 crypto/cast/cast.h (1.7.2.1), "Exp", lines: +4 -1
1153 crypto/evp/bio_md.c (1.11.2.3), "Exp", lines: +2 -7
1154 crypto/evp/digest.c (1.21.2.7), "Exp", lines: +11 -0
1155 crypto/evp/e_aes.c (1.6.2.11), "Exp", lines: +11 -11
1156 crypto/evp/e_des.c (1.5.2.9), "Exp", lines: +5 -3
1157 crypto/evp/e_des3.c (1.8.2.8), "Exp", lines: +6 -6
1158 crypto/evp/evp.h (1.86.2.16), "Exp", lines: +17 -0
1159 crypto/evp/evp_enc.c (1.28.2.11), "Exp", lines: +15 -1
1160 crypto/evp/evp_err.c (1.23.2.4), "Exp", lines: +6 -1
1161 crypto/evp/evp_locl.h (1.7.2.7), "Exp", lines: +17 -2
1162 crypto/evp/m_dss.c (1.8.2.1), "Exp", lines: +1 -1
1163 crypto/evp/m_md2.c (1.9.2.1), "Exp", lines: +1 -0
1164 crypto/evp/m_md4.c (1.8.2.1), "Exp", lines: +1 -0
1165 crypto/evp/m_md5.c (1.9.2.1), "Exp", lines: +1 -0
1166 crypto/evp/m_mdc2.c (1.9.2.1), "Exp", lines: +1 -0
1167 crypto/evp/m_sha.c (1.8.2.2), "Exp", lines: +1 -0
1168 crypto/evp/m_sha1.c (1.8.2.1), "Exp", lines: +1 -1
1169 crypto/evp/names.c (1.7.2.1), "Exp", lines: +3 -0
1170 crypto/hmac/hmac.c (1.12.2.3), "Exp", lines: +7 -0
1171 crypto/hmac/hmac.h (1.14.2.2), "Exp", lines: +1 -0
1172 crypto/idea/i_skey.c (1.5.6.1), "Exp", lines: +13 -0
1173 crypto/idea/idea.h (1.10.2.1), "Exp", lines: +4 -0
1174 crypto/md2/md2.h (1.11.2.1), "Exp", lines: +3 -0
1175 crypto/md2/md2_dgst.c (1.13.2.4), "Exp", lines: +3 -1
1176 crypto/md4/md4.h (1.3.2.1), "Exp", lines: +3 -0
1177 crypto/md4/md4_dgst.c (1.2.2.2), "Exp", lines: +1 -1
1178 crypto/md5/md5.h (1.10.2.3), "Exp", lines: +3 -0
1179 crypto/md5/md5_dgst.c (1.16.2.2), "Exp", lines: +1 -1
1180 crypto/mdc2/mdc2.h (1.9.2.1), "Exp", lines: +3 -1
1181 crypto/mdc2/mdc2dgst.c (1.13.2.1), "Exp", lines: +3 -1
1182 crypto/rc2/rc2.h (1.10.2.1), "Exp", lines: +4 -1
1183 crypto/rc2/rc2_skey.c (1.4.6.1), "Exp", lines: +13 -0
1184 crypto/rc4/rc4.h (1.10.2.2), "Exp", lines: +3 -0
1185 crypto/rc4/rc4_skey.c (1.10.8.2), "Exp", lines: +2 -1
1186 crypto/rc5/rc5.h (1.5.2.1), "Exp", lines: +4 -1
1187 crypto/rc5/rc5_skey.c (1.4.6.1), "Exp", lines: +14 -0
1188 crypto/ripemd/ripemd.h (1.8.2.1), "Exp", lines: +3 -0
1189 crypto/ripemd/rmd_dgst.c (1.13.2.2), "Exp", lines: +2 -1
1190 crypto/sha/sha.h (1.11.2.2), "Exp", lines: +3 -0
1191 crypto/sha/sha_locl.h (1.16.2.3), "Exp", lines: +4 -0
1192 crypto/x509/x509_cmp.c (1.22.2.4), "Exp", lines: +7 -1
1193 crypto/x509/x509_vfy.c (1.56.2.13), "Exp", lines: +1 -1
1194 ssl/s3_clnt.c (1.53.2.18), "Exp", lines: +2 -0
1195 ssl/s3_enc.c (1.31.2.9), "Exp", lines: +3 -0
1196 ssl/s3_srvr.c (1.85.2.23), "Exp", lines: +2 -0
1197 ssl/t1_enc.c (1.27.2.9), "Exp", lines: +2 -0
1198
1199 FIPS algorithm blocking.
1200
1201 Non FIPS algorithms are not normally allowed in FIPS mode.
1202
1203 Any attempt to use them via high level functions will
1204 return an error.
1205
1206 The low level non-FIPS algorithm functions cannot return
1207 errors so they produce assertion failures. HMAC also has to give an
1208 assertion error because it (erroneously) can't return an error
1209 either.
1210
1211 There are exceptions (such as MD5 in TLS and non
1212 cryptographic use of algorithms) and applications can override the
1213 blocking and use non FIPS algorithms anyway.
1214
1215 For low level functions the override is perfomed by
1216 prefixing the algorithm initalization function with "private_" for
1217 example private_MD5_Init().
1218
1219 For high level functions an override is performed by
1220 setting a flag in the context.
1221
12222005-01-27 02:49 steve
1223
1224 Changed:
1225 apps/dgst.c (1.23.2.14), "Exp", lines: +9 -5
1226 crypto/crypto.h (1.62.2.10), "Exp", lines: +3 -0
1227 crypto/evp/digest.c (1.21.2.8), "Exp", lines: +34 -0
1228 crypto/hmac/hmac.c (1.12.2.4), "Exp", lines: +9 -0
1229
1230 More FIPS algorithm blocking.
1231
1232 Catch attempted use of non FIPS algorithms with HMAC.
1233
1234 Give an assertion error for applications that ignore FIPS
1235 digest errors.
1236
1237 Make -non-fips-allow work with dgst and HMAC.
1238
12392005-01-28 15:03 steve
1240
1241 Changed:
1242 apps/dgst.c (1.23.2.15), "Exp", lines: +2 -1
1243 apps/enc.c (1.35.2.13), "Exp", lines: +38 -4
1244 crypto/evp/e_rc4.c (1.11.2.2), "Exp", lines: +1 -0
1245 crypto/evp/evp.h (1.86.2.17), "Exp", lines: +3 -0
1246 crypto/evp/evp_enc.c (1.28.2.12), "Exp", lines: +60 -15
1247 crypto/evp/evp_locl.h (1.7.2.8), "Exp", lines: +1 -0
1248 test/testenc (1.3.8.2), "Exp", lines: +8 -8
1249
1250 Further FIPS algorithm blocking.
1251
1252 Fixes to cipher blocking and enabling code.
1253
1254 Add option -non-fips-allow to 'enc' and update testenc.
1255
12562005-01-31 02:33 steve
1257
1258 Changed:
1259 ssl/s23_clnt.c (1.20.2.7), "Exp", lines: +16 -0
1260 ssl/s23_srvr.c (1.41.2.6), "Exp", lines: +9 -0
1261 ssl/s3_clnt.c (1.53.2.19), "Exp", lines: +0 -8
1262 ssl/s3_enc.c (1.31.2.10), "Exp", lines: +1 -0
1263 ssl/s3_srvr.c (1.85.2.24), "Exp", lines: +0 -8
1264 ssl/ssl.h (1.126.2.21), "Exp", lines: +1 -0
1265 ssl/ssl_cert.c (1.48.2.10), "Exp", lines: +0 -8
1266 ssl/ssl_err.c (1.41.2.4), "Exp", lines: +2 -1
1267 ssl/ssl_lib.c (1.110.2.13), "Exp", lines: +8 -9
1268 ssl/t1_enc.c (1.27.2.10), "Exp", lines: +0 -18
1269
1270 Only allow TLS is FIPS mode.
1271
1272 Remove old FIPS_allow_md5() calls.
1273
12742005-02-05 19:24 steve
1275
1276 Changed:
1277 apps/req.c (1.88.2.18), "Exp", lines: +8 -1
1278 apps/x509.c (1.67.2.20), "Exp", lines: +8 -1
1279
1280 In FIPS mode use SHA1 as default digest in x509 and req utilities.
1281
12822005-03-15 10:46 appro
1283
1284 Changed:
1285 Makefile.org (1.154.2.96), "Exp", lines: +1 -1
1286 crypto/Makefile (1.1.4.6), "Exp", lines: +2 -3
1287 fips/Makefile (1.1.4.8), "Exp", lines: +4 -1
1288
1289 Real Bourne shell doesn't accept ! as in "if ! grep ..." Fix this
1290 in crypto/Makefile and make Makefile.org and fips/Makefile more
1291 discreet.
1292
12932005-03-22 18:29 steve
1294
1295 Changed:
1296 fips/fingerprint.sha1 (1.1.2.12), "Exp", lines: +1 -1
1297 fips/fips.c (1.1.2.10), "Exp", lines: +1 -0
1298
1299 Fix memory leak.
1300
13012005-03-27 05:36 steve
1302
1303 Changed:
1304 crypto/evp/e_null.c (1.9.2.1), "Exp", lines: +1 -1
1305 ssl/s3_lib.c (1.57.2.13), "Exp", lines: +3 -3
1306
1307 Allow 'null' cipher and appropriate Kerberos ciphersuites in FIPS
1308 mode.
1309
13102005-04-14 14:44 steve
1311
1312 Changed:
1313 fips/fipshashes.sha1 (1.1.2.1), "Exp", lines: +29 -0
1314 util/checkhash.pl (1.1.2.1), "Exp", lines: +181 -0
1315
1316 Perl script that checks or rebuilds FIPS hash files. This works on
1317 both Unix and Windows.
1318
1319 Merge all FIPS hash files into a single hash file
1320 fips/fips.sha1
1321
13222005-04-15 05:27 steve
1323
1324 Changed:
1325 fips/Makefile (1.1.4.9), "Exp", lines: +1 -1
1326 fips/aes/Makefile (1.1.4.4), "Exp", lines: +1 -4
1327 fips/des/Makefile (1.1.4.6), "Exp", lines: +1 -4
1328 fips/dh/Makefile (1.1.2.5), "Exp", lines: +1 -4
1329 fips/dsa/Makefile (1.1.4.4), "Exp", lines: +1 -4
1330 fips/rand/Makefile (1.1.4.3), "Exp", lines: +1 -4
1331 fips/rsa/Makefile (1.1.4.5), "Exp", lines: +1 -4
1332 fips/sha1/Makefile (1.1.4.9), "Exp", lines: +1 -7
1333
1334 Update hash checking in makefiles to use new perl script.
1335
13362005-04-17 06:37 steve
1337
1338 Changed:
1339 util/checkhash.pl (1.1.2.2), "Exp", lines: +163 -127
1340
1341 Modify checkhash.pl so it can be run standalone or included as a
1342 funtion in another perl script.
1343
13442005-04-17 16:00 appro
1345
1346 Changed:
1347 fips/sha1/Makefile (1.1.4.10), "Exp", lines: +9 -5
1348
1349 Bring back fips_standalone_sha1.
1350
13512005-04-17 16:17 appro
1352
1353 Deleted:
1354 fips/sha1/asm/sx86-elf.s (1.1.4.4)
1355 Changed:
1356 Configure (1.314.2.114), "Exp", lines: +1 -1
1357 fips/fipshashes.sha1 (1.1.2.2), "Exp", lines: +1 -1
1358 fips/sha1/Makefile (1.1.4.11), "Exp", lines: +1 -1
1359 fips/sha1/standalone.sha1 (1.1.2.13), "Exp", lines: +1 -1
1360 fips/sha1/asm/fips-sx86-elf.s (1.1.2.1), "Exp", lines: +1568 -0
1361
1362 Rename fips/sha1/sx86-elf.s to fips/sha1/fips-sx86-elf.s.
1363
13642005-04-17 16:21 steve
1365
1366 Changed:
1367 util/checkhash.pl (1.1.2.3), "Exp", lines: +2 -0
1368
1369 Return 0 for successful hash check.
1370
13712005-04-17 16:54 appro
1372
1373 Changed:
1374 Configure (1.314.2.116), "Exp", lines: +8 -1
1375 Makefile.org (1.154.2.99), "Exp", lines: +3 -2
1376 crypto/aes/aes_cbc.c (1.1.2.11), "Exp", lines: +2 -0
1377 fips/fipshashes.sha1 (1.1.2.4), "Exp", lines: +1 -0
1378 fips/aes/Makefile (1.1.4.5), "Exp", lines: +4 -2
1379 fips/aes/asm/fips-ax86-elf.s (1.1.2.1), "Exp", lines: +1822 -0
1380
1381 Throw in fips/aes/asm/fips-ax86-elf.s.
1382
13832005-04-17 16:35 appro
1384
1385 Changed:
1386 Configure (1.314.2.115), "Exp", lines: +1 -1
1387 fips/fipshashes.sha1 (1.1.2.3), "Exp", lines: +1 -1
1388 fips/des/asm/fips-dx86-elf.s (1.1.4.2), "Exp", lines: +108 -98
1389
1390 Regenerate fips/des/asm/fips-dx86-elf.s with -fPIC flag.
1391
13922005-04-17 17:26 appro
1393
1394 Changed:
1395 crypto/cryptlib.c (1.32.2.18), "Exp", lines: +6 -55
1396 crypto/crypto.h (1.62.2.11), "Exp", lines: +0 -3
1397 fips/fips.c (1.1.2.11), "Exp", lines: +62 -8
1398 fips/fips.h (1.1.2.7), "Exp", lines: +2 -3
1399 fips/fips_locl.h (1.1.4.3), "Exp", lines: +6 -3
1400 fips/fipshashes.sha1 (1.1.2.5), "Exp", lines: +4 -4
1401 fips/rand/fips_rand.c (1.1.2.10), "Exp", lines: +3 -1
1402 fips/rsa/fips_rsa_gen.c (1.1.4.4), "Exp", lines: +4 -2
1403
1404 Resolve minor binary compatibility issues in fips.
1405
14062005-04-17 18:22 appro
1407
1408 Changed:
1409 fips/fipshashes.sha1 (1.1.2.6), "Exp", lines: +12 -12
1410 fips/des/fips_des_locl.h (1.1.2.4), "Exp", lines: +1 -1
1411 fips/des/fips_set_key.c (1.1.4.4), "Exp", lines: +2 -2
1412 fips/dh/fips_dh_key.c (1.1.2.3), "Exp", lines: +1 -1
1413 fips/dsa/fips_dsa_ossl.c (1.1.2.7), "Exp", lines: +1 -1
1414 fips/dsa/fips_dsa_selftest.c (1.1.4.2), "Exp", lines: +3 -3
1415 fips/rand/fips_rand.c (1.1.2.11), "Exp", lines: +2 -2
1416 fips/rand/fips_rand.h (1.1.2.5), "Exp", lines: +1 -1
1417 fips/rsa/fips_rsa_eay.c (1.1.4.4), "Exp", lines: +1 -1
1418 fips/rsa/fips_rsa_gen.c (1.1.4.5), "Exp", lines: +1 -1
1419 fips/rsa/fips_rsa_selftest.c (1.1.4.5), "Exp", lines: +11 -11
1420 fips/sha1/fips_sha1_selftest.c (1.1.4.2), "Exp", lines: +1 -1
1421 fips/sha1/fips_sha1dgst.c (1.1.2.5), "Exp", lines: +1 -1
1422 fips/sha1/standalone.sha1 (1.1.2.14), "Exp", lines: +2 -2
1423
1424 Minor fips const-ification.
1425
14262005-04-18 07:02 steve
1427
1428 Changed:
1429 crypto/bf/bf_skey.c (1.6.2.2), "Exp", lines: +1 -0
1430 crypto/cast/c_skey.c (1.5.6.2), "Exp", lines: +1 -0
1431 crypto/idea/i_skey.c (1.5.6.2), "Exp", lines: +1 -0
1432 crypto/rc2/rc2_skey.c (1.4.6.2), "Exp", lines: +1 -0
1433 crypto/rc4/rc4_skey.c (1.10.8.3), "Exp", lines: +1 -0
1434 crypto/rc5/rc5_skey.c (1.4.6.2), "Exp", lines: +1 -0
1435
1436 Pick up definition of FIPS_mode() in fips.h to avoid warnings.
1437
14382005-04-18 10:34 steve
1439
1440 Deleted:
1441 fips/fingerprint.sha1 (1.1.2.14)
1442 fips/fips_check_sha1 (1.1.2.8)
1443 fips/fips_make_sha1 (1.1.2.7)
1444 fips/aes/fingerprint.sha1 (1.1.2.7)
1445 fips/des/fingerprint.sha1 (1.1.2.6)
1446 fips/dh/fingerprint.sha1 (1.1.2.4)
1447 fips/dsa/fingerprint.sha1 (1.1.2.7)
1448 fips/rand/fingerprint.sha1 (1.1.2.10)
1449 fips/rsa/fingerprint.sha1 (1.1.4.7)
1450 fips/sha1/fingerprint.sha1 (1.1.2.12)
1451 Changed:
1452 fips/sha1/Makefile (1.1.4.12), "Exp", lines: +1 -4
1453
1454 Remove obsolete fingerprint.sha1 files and associated scripts.
1455 Delete test in fips/sha1/Makefile: the top level test checks the
1456 same files.
1457
14582005-04-19 09:11 appro
1459
1460 Deleted:
1461 fips/fipshashes.sha1 (1.1.2.7)
1462 fips/sha1/standalone.sha1 (1.1.2.15)
1463 Changed:
1464 fips/fipshashes.c (1.1.2.1), "Exp", lines: +32 -0
1465 util/checkhash.pl (1.1.2.4), "Exp", lines: +7 -4
1466
1467 Maintain fingerprint hashes as C source.
1468
14692005-04-19 09:17 appro
1470
1471 Changed:
1472 util/checkhash.pl (1.1.2.5), "Exp", lines: +1 -1
1473
1474 Complete the transition C-code hashes.
1475
14762005-04-21 19:06 steve
1477
1478 Changed:
1479 apps/openssl.c (1.48.2.13), "Exp", lines: +0 -2
1480 fips/fips.c (1.1.2.12), "Exp", lines: +0 -27
1481 fips/fips.h (1.1.2.8), "Exp", lines: +0 -2
1482 fips/fipshashes.c (1.1.2.2), "Exp", lines: +2 -2
1483
1484 Remove defunct FIPS_allow_md5() and related functions.
1485
14862005-04-22 06:15 appro
1487
1488 Changed:
1489 fips/fips.c (1.1.2.13), "Exp", lines: +3 -3
1490 fips/fips_err.h (1.1.4.4), "Exp", lines: +3 -3
1491 fips/fipshashes.c (1.1.2.4), "Exp", lines: +2 -2
1492
1493 Move some variables to .bss.
1494
diff --git a/src/lib/libssl/src/Configure b/src/lib/libssl/src/Configure
index 1a9a59f969..f24d738feb 100644
--- a/src/lib/libssl/src/Configure
+++ b/src/lib/libssl/src/Configure
@@ -407,12 +407,12 @@ my %table=(
407 407
408#### IBM's AIX. 408#### IBM's AIX.
409"aix3-cc", "cc:-O -DB_ENDIAN -qmaxmem=16384::(unknown):AIX::BN_LLONG RC4_CHAR:::", 409"aix3-cc", "cc:-O -DB_ENDIAN -qmaxmem=16384::(unknown):AIX::BN_LLONG RC4_CHAR:::",
410"aix-gcc", "gcc:-O -DB_ENDIAN::-D_THREAD_SAFE:AIX::BN_LLONG RC4_CHAR::aix_ppc32.o::::::::::dlfcn:aix-shared:::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)::-X 32", 410"aix-gcc", "gcc:-O -DB_ENDIAN::-pthread:AIX::BN_LLONG RC4_CHAR::aix_ppc32.o::::::::::dlfcn:aix-shared::-shared -Wl,-G:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)::-X 32",
411"aix64-gcc","gcc:-maix64 -O -DB_ENDIAN::-D_THREAD_SAFE:AIX::SIXTY_FOUR_BIT_LONG RC4_CHAR::aix_ppc64.o::::::::::dlfcn:aix-shared::-maix64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)::-X64", 411"aix64-gcc","gcc:-maix64 -O -DB_ENDIAN::-pthread:AIX::SIXTY_FOUR_BIT_LONG RC4_CHAR::aix_ppc64.o::::::::::dlfcn:aix-shared::-maix64 -shared -Wl,-G:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)::-X64",
412# Below targets assume AIX 5. Idea is to effectively disregard $OBJECT_MODE 412# Below targets assume AIX 5. Idea is to effectively disregard $OBJECT_MODE
413# at build time. $OBJECT_MODE is respected at ./config stage! 413# at build time. $OBJECT_MODE is respected at ./config stage!
414"aix-cc", "cc:-q32 -O -DB_ENDIAN -qmaxmem=16384 -qro -qroconst::-qthreaded:AIX::BN_LLONG RC4_CHAR::aix_ppc32.o::::::::::dlfcn:aix-shared::-q32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)::-X 32", 414"aix-cc", "cc:-q32 -O -DB_ENDIAN -qmaxmem=16384 -qro -qroconst::-qthreaded:AIX::BN_LLONG RC4_CHAR::aix_ppc32.o::::::::::dlfcn:aix-shared::-q32 -G:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)::-X 32",
415"aix64-cc", "cc:-q64 -O -DB_ENDIAN -qmaxmem=16384 -qro -qroconst::-qthreaded:AIX::SIXTY_FOUR_BIT_LONG RC4_CHAR::aix_ppc64.o::::::::::dlfcn:aix-shared::-q64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)::-X 64", 415"aix64-cc", "cc:-q64 -O -DB_ENDIAN -qmaxmem=16384 -qro -qroconst::-qthreaded:AIX::SIXTY_FOUR_BIT_LONG RC4_CHAR::aix_ppc64.o::::::::::dlfcn:aix-shared::-q64 -G:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)::-X 64",
416 416
417# 417#
418# Cray T90 and similar (SDSC) 418# Cray T90 and similar (SDSC)
@@ -510,8 +510,9 @@ my %table=(
510##### MacOS X (a.k.a. Rhapsody or Darwin) setup 510##### MacOS X (a.k.a. Rhapsody or Darwin) setup
511"rhapsody-ppc-cc","cc:-O3 -DB_ENDIAN::(unknown):MACOSX_RHAPSODY::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${no_asm}::", 511"rhapsody-ppc-cc","cc:-O3 -DB_ENDIAN::(unknown):MACOSX_RHAPSODY::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${no_asm}::",
512"darwin-ppc-cc","cc:-arch ppc -O3 -DB_ENDIAN::-D_REENTRANT:MACOSX:-Wl,-search_paths_first%:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::osx_ppc32.o::::::::::dlfcn:darwin-shared:-fPIC -fno-common:-arch ppc -dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib", 512"darwin-ppc-cc","cc:-arch ppc -O3 -DB_ENDIAN::-D_REENTRANT:MACOSX:-Wl,-search_paths_first%:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::osx_ppc32.o::::::::::dlfcn:darwin-shared:-fPIC -fno-common:-arch ppc -dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib",
513"darwin64-ppc-cc","cc:-arch ppc64 -O3 -DB_ENDIAN::-D_REENTRANT:MACOSX:-Wl,-search_paths_first%:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:ppccpuid_osx64.o:osx_ppc64.o osx_ppc64-mont.o:::::sha1-ppc_osx64.o sha256-ppc_osx64.o sha512-ppc_osx64.o:::::dlfcn:darwin-shared:-fPIC -fno-common:-arch ppc64 -dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib", 513"darwin64-ppc-cc","cc:-arch ppc64 -O3 -DB_ENDIAN::-D_REENTRANT:MACOSX:-Wl,-search_paths_first%:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::osx_ppc64.o::::::::::dlfcn:darwin-shared:-fPIC -fno-common:-arch ppc64 -dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib",
514"darwin-i386-cc","cc:-arch i386 -O3 -fomit-frame-pointer -fno-common::-D_REENTRANT:MACOSX:-Wl,-search_paths_first%:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${no_asm}:dlfcn:darwin-shared:-fPIC -fno-common:-arch i386 -dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib", 514"darwin-i386-cc","cc:-arch i386 -O3 -fomit-frame-pointer -DL_ENDIAN::-D_REENTRANT:MACOSX:-Wl,-search_paths_first%:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${no_asm}:dlfcn:darwin-shared:-fPIC -fno-common:-arch i386 -dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib",
515"debug-darwin-i386-cc","cc:-arch i386 -g3 -DL_ENDIAN::-D_REENTRANT:MACOSX:-Wl,-search_paths_first%:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${no_asm}:dlfcn:darwin-shared:-fPIC -fno-common:-arch i386 -dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib",
515"darwin64-x86_64-cc","cc:-arch x86_64 -O3 -fomit-frame-pointer -DL_ENDIAN -DMD32_REG_T=int -Wall::-D_REENTRANT:MACOSX:-Wl,-search_paths_first%:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK BF_PTR2 DES_INT DES_UNROLL:${no_asm}:dlfcn:darwin-shared:-fPIC -fno-common:-arch x86_64 -dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib", 516"darwin64-x86_64-cc","cc:-arch x86_64 -O3 -fomit-frame-pointer -DL_ENDIAN -DMD32_REG_T=int -Wall::-D_REENTRANT:MACOSX:-Wl,-search_paths_first%:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK BF_PTR2 DES_INT DES_UNROLL:${no_asm}:dlfcn:darwin-shared:-fPIC -fno-common:-arch x86_64 -dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib",
516"debug-darwin-ppc-cc","cc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -DB_ENDIAN -g -Wall -O::-D_REENTRANT:MACOSX::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::osx_ppc32.o::::::::::dlfcn:darwin-shared:-fPIC -fno-common:-dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib", 517"debug-darwin-ppc-cc","cc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -DB_ENDIAN -g -Wall -O::-D_REENTRANT:MACOSX::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::osx_ppc32.o::::::::::dlfcn:darwin-shared:-fPIC -fno-common:-dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib",
517 518
@@ -616,6 +617,7 @@ my $perl;
616 617
617my %disabled = ( # "what" => "comment" 618my %disabled = ( # "what" => "comment"
618 "camellia" => "default", 619 "camellia" => "default",
620 "capieng" => "default",
619 "cms" => "default", 621 "cms" => "default",
620 "gmp" => "default", 622 "gmp" => "default",
621 "mdc2" => "default", 623 "mdc2" => "default",
@@ -634,7 +636,7 @@ my %disabled = ( # "what" => "comment"
634# For symmetry, "disable-..." is a synonym for "no-...". 636# For symmetry, "disable-..." is a synonym for "no-...".
635 637
636# This is what $depflags will look like with the above default: 638# This is what $depflags will look like with the above default:
637my $default_depflags = "-DOPENSSL_NO_CAMELLIA -DOPENSSL_NO_CMS -DOPENSSL_NO_GMP -DOPENSSL_NO_MDC2 -DOPENSSL_NO_RC5 -DOPENSSL_NO_RFC3779 -DOPENSSL_NO_SEED -DOPENSSL_NO_TLSEXT "; 639my $default_depflags = "-DOPENSSL_NO_CAMELLIA -DOPENSSL_NO_CAPIENG -DOPENSSL_NO_CMS -DOPENSSL_NO_GMP -DOPENSSL_NO_MDC2 -DOPENSSL_NO_RC5 -DOPENSSL_NO_RFC3779 -DOPENSSL_NO_SEED -DOPENSSL_NO_TLSEXT ";
638 640
639 641
640my $no_sse2=0; 642my $no_sse2=0;
diff --git a/src/lib/libssl/src/FAQ b/src/lib/libssl/src/FAQ
index 09f700cc3a..1b14ffe9a4 100644
--- a/src/lib/libssl/src/FAQ
+++ b/src/lib/libssl/src/FAQ
@@ -32,6 +32,7 @@ OpenSSL - Frequently Asked Questions
32* How do I install a CA certificate into a browser? 32* How do I install a CA certificate into a browser?
33* Why is OpenSSL x509 DN output not conformant to RFC2253? 33* Why is OpenSSL x509 DN output not conformant to RFC2253?
34* What is a "128 bit certificate"? Can I create one with OpenSSL? 34* What is a "128 bit certificate"? Can I create one with OpenSSL?
35* Why does OpenSSL set the authority key identifier extension incorrectly?
35* How can I set up a bundle of commercial root CA certificates? 36* How can I set up a bundle of commercial root CA certificates?
36 37
37[BUILD] Questions about building and testing OpenSSL 38[BUILD] Questions about building and testing OpenSSL
@@ -68,6 +69,7 @@ OpenSSL - Frequently Asked Questions
68* Why does compilation fail due to an undefined symbol NID_uniqueIdentifier? 69* Why does compilation fail due to an undefined symbol NID_uniqueIdentifier?
69* I think I've detected a memory leak, is this a bug? 70* I think I've detected a memory leak, is this a bug?
70* Why does Valgrind complain about the use of uninitialized data? 71* Why does Valgrind complain about the use of uninitialized data?
72* Why doesn't a memory BIO work when a file does?
71 73
72=============================================================================== 74===============================================================================
73 75
@@ -76,7 +78,7 @@ OpenSSL - Frequently Asked Questions
76* Which is the current version of OpenSSL? 78* Which is the current version of OpenSSL?
77 79
78The current version is available from <URL: http://www.openssl.org>. 80The current version is available from <URL: http://www.openssl.org>.
79OpenSSL 0.9.8h was released on May 28th, 2008. 81OpenSSL 0.9.8i was released on Sep 15th, 2008.
80 82
81In addition to the current stable release, you can also access daily 83In addition to the current stable release, you can also access daily
82snapshots of the OpenSSL development version at <URL: 84snapshots of the OpenSSL development version at <URL:
@@ -403,10 +405,10 @@ You can't generally create such a certificate using OpenSSL but there is no
403need to any more. Nowadays web browsers using unrestricted strong encryption 405need to any more. Nowadays web browsers using unrestricted strong encryption
404are generally available. 406are generally available.
405 407
406When there were tight export restrictions on the export of strong encryption 408When there were tight restrictions on the export of strong encryption
407software from the US only weak encryption algorithms could be freely exported 409software from the US only weak encryption algorithms could be freely exported
408(initially 40 bit and then 56 bit). It was widely recognised that this was 410(initially 40 bit and then 56 bit). It was widely recognised that this was
409inadequate. A relaxation the rules allowed the use of strong encryption but 411inadequate. A relaxation of the rules allowed the use of strong encryption but
410only to an authorised server. 412only to an authorised server.
411 413
412Two slighly different techniques were developed to support this, one used by 414Two slighly different techniques were developed to support this, one used by
@@ -427,6 +429,25 @@ The export laws were later changed to allow almost unrestricted use of strong
427encryption so these certificates are now obsolete. 429encryption so these certificates are now obsolete.
428 430
429 431
432* Why does OpenSSL set the authority key identifier (AKID) extension incorrectly?
433
434It doesn't: this extension is often the cause of confusion.
435
436Consider a certificate chain A->B->C so that A signs B and B signs C. Suppose
437certificate C contains AKID.
438
439The purpose of this extension is to identify the authority certificate B. This
440can be done either by including the subject key identifier of B or its issuer
441name and serial number.
442
443In this latter case because it is identifying certifcate B it must contain the
444issuer name and serial number of B.
445
446It is often wrongly assumed that it should contain the subject name of B. If it
447did this would be redundant information because it would duplicate the issuer
448name of C.
449
450
430* How can I set up a bundle of commercial root CA certificates? 451* How can I set up a bundle of commercial root CA certificates?
431 452
432The OpenSSL software is shipped without any root CA certificate as the 453The OpenSSL software is shipped without any root CA certificate as the
@@ -920,5 +941,25 @@ OpenSSL library has been compiled with the PURIFY macro defined (-DPURIFY)
920to get rid of these warnings. 941to get rid of these warnings.
921 942
922 943
923=============================================================================== 944* Why doesn't a memory BIO work when a file does?
924 945
946This can occur in several cases for example reading an S/MIME email message.
947The reason is that a memory BIO can do one of two things when all the data
948has been read from it.
949
950The default behaviour is to indicate that no more data is available and that
951the call should be retried, this is to allow the application to fill up the BIO
952again if necessary.
953
954Alternatively it can indicate that no more data is available and that EOF has
955been reached.
956
957If a memory BIO is to behave in the same way as a file this second behaviour
958is needed. This must be done by calling:
959
960 BIO_set_mem_eof_return(bio, 0);
961
962See the manual pages for more details.
963
964
965===============================================================================
diff --git a/src/lib/libssl/src/Makefile b/src/lib/libssl/src/Makefile
index 5aec3a2099..43b1d9796a 100644
--- a/src/lib/libssl/src/Makefile
+++ b/src/lib/libssl/src/Makefile
@@ -4,7 +4,7 @@
4## Makefile for OpenSSL 4## Makefile for OpenSSL
5## 5##
6 6
7VERSION=0.9.8h 7VERSION=0.9.8i
8MAJOR=0 8MAJOR=0
9MINOR=9.8 9MINOR=9.8
10SHLIB_VERSION_NUMBER=0.9.8 10SHLIB_VERSION_NUMBER=0.9.8
@@ -13,7 +13,7 @@ SHLIB_MAJOR=0
13SHLIB_MINOR=9.8 13SHLIB_MINOR=9.8
14SHLIB_EXT= 14SHLIB_EXT=
15PLATFORM=dist 15PLATFORM=dist
16OPTIONS= no-camellia no-cms no-gmp no-krb5 no-mdc2 no-montasm no-rc5 no-rfc3779 no-seed no-shared no-tlsext no-zlib no-zlib-dynamic 16OPTIONS= no-camellia no-capieng no-cms no-gmp no-krb5 no-mdc2 no-montasm no-rc5 no-rfc3779 no-seed no-shared no-tlsext no-zlib no-zlib-dynamic
17CONFIGURE_ARGS=dist 17CONFIGURE_ARGS=dist
18SHLIB_TARGET= 18SHLIB_TARGET=
19 19
@@ -61,7 +61,7 @@ OPENSSLDIR=/usr/local/ssl
61 61
62CC= cc 62CC= cc
63CFLAG= -O 63CFLAG= -O
64DEPFLAG= -DOPENSSL_NO_CAMELLIA -DOPENSSL_NO_CMS -DOPENSSL_NO_GMP -DOPENSSL_NO_MDC2 -DOPENSSL_NO_RC5 -DOPENSSL_NO_RFC3779 -DOPENSSL_NO_SEED -DOPENSSL_NO_TLSEXT 64DEPFLAG= -DOPENSSL_NO_CAMELLIA -DOPENSSL_NO_CAPIENG -DOPENSSL_NO_CMS -DOPENSSL_NO_GMP -DOPENSSL_NO_MDC2 -DOPENSSL_NO_RC5 -DOPENSSL_NO_RFC3779 -DOPENSSL_NO_SEED -DOPENSSL_NO_TLSEXT
65PEX_LIBS= 65PEX_LIBS=
66EX_LIBS= 66EX_LIBS=
67EXE_EXT= 67EXE_EXT=
diff --git a/src/lib/libssl/src/Makefile.shared b/src/lib/libssl/src/Makefile.shared
index 97035a3c01..c6006f70bf 100644
--- a/src/lib/libssl/src/Makefile.shared
+++ b/src/lib/libssl/src/Makefile.shared
@@ -491,23 +491,23 @@ link_app.hpux:
491 491
492link_o.aix: 492link_o.aix:
493 @ $(CALC_VERSIONS); \ 493 @ $(CALC_VERSIONS); \
494 OBJECT_MODE=`expr x$(SHARED_LDFLAGS) : 'x\-[a-z]*\(64\)'` || :; \ 494 OBJECT_MODE=`expr "x$(SHARED_LDFLAGS)" : 'x\-[a-z]*\(64\)'` || :; \
495 OBJECT_MODE=$${OBJECT_MODE:-32}; export OBJECT_MODE; \ 495 OBJECT_MODE=$${OBJECT_MODE:-32}; export OBJECT_MODE; \
496 SHLIB=lib$(LIBNAME).so; \ 496 SHLIB=lib$(LIBNAME).so; \
497 SHLIB_SUFFIX=; \ 497 SHLIB_SUFFIX=; \
498 ALLSYMSFLAGS=''; \ 498 ALLSYMSFLAGS=''; \
499 NOALLSYMSFLAGS=''; \ 499 NOALLSYMSFLAGS=''; \
500 SHAREDFLAGS='$(CFLAGS) $(SHARED_LDFLAGS) -Wl,-G,-bexpall,-bnolibpath,-bM:SRE'; \ 500 SHAREDFLAGS='$(CFLAGS) $(SHARED_LDFLAGS) -Wl,-bexpall,-bnolibpath,-bM:SRE'; \
501 $(LINK_SO_O); 501 $(LINK_SO_O);
502link_a.aix: 502link_a.aix:
503 @ $(CALC_VERSIONS); \ 503 @ $(CALC_VERSIONS); \
504 OBJECT_MODE=`expr x$(SHARED_LDFLAGS) : 'x\-[a-z]*\(64\)'` || : ; \ 504 OBJECT_MODE=`expr "x$(SHARED_LDFLAGS)" : 'x\-[a-z]*\(64\)'` || : ; \
505 OBJECT_MODE=$${OBJECT_MODE:-32}; export OBJECT_MODE; \ 505 OBJECT_MODE=$${OBJECT_MODE:-32}; export OBJECT_MODE; \
506 SHLIB=lib$(LIBNAME).so; \ 506 SHLIB=lib$(LIBNAME).so; \
507 SHLIB_SUFFIX=; \ 507 SHLIB_SUFFIX=; \
508 ALLSYMSFLAGS='-bnogc'; \ 508 ALLSYMSFLAGS='-bnogc'; \
509 NOALLSYMSFLAGS=''; \ 509 NOALLSYMSFLAGS=''; \
510 SHAREDFLAGS='$(CFLAGS) $(SHARED_LDFLAGS) -Wl,-G,-bexpall,-bnolibpath,-bM:SRE'; \ 510 SHAREDFLAGS='$(CFLAGS) $(SHARED_LDFLAGS) -Wl,-bexpall,-bnolibpath,-bM:SRE'; \
511 $(LINK_SO_A_VIA_O) 511 $(LINK_SO_A_VIA_O)
512link_app.aix: 512link_app.aix:
513 LDFLAGS="$(CFLAGS) -Wl,-brtl,-blibpath:$(LIBRPATH):$${LIBPATH:-/usr/lib:/lib}"; \ 513 LDFLAGS="$(CFLAGS) -Wl,-brtl,-blibpath:$(LIBRPATH):$${LIBPATH:-/usr/lib:/lib}"; \
diff --git a/src/lib/libssl/src/NEWS b/src/lib/libssl/src/NEWS
index 40ded1aebf..6488ffa122 100644
--- a/src/lib/libssl/src/NEWS
+++ b/src/lib/libssl/src/NEWS
@@ -5,8 +5,16 @@
5 This file gives a brief overview of the major changes between each OpenSSL 5 This file gives a brief overview of the major changes between each OpenSSL
6 release. For more details please read the CHANGES file. 6 release. For more details please read the CHANGES file.
7 7
8 Major changes between OpenSSL 0.9.8g and OpenSSL 0.9.8h:
9
10 o CryptoAPI ENGINE support.
11 o Various precautionary measures.
12 o Fix for bugs affecting certificate request creation.
13 o Support for local machine keyset attribute in PKCS#12 files.
14
8 Major changes between OpenSSL 0.9.8f and OpenSSL 0.9.8g: 15 Major changes between OpenSSL 0.9.8f and OpenSSL 0.9.8g:
9 16
17 o Backport of CMS functionality to 0.9.8.
10 o Fixes for bugs introduced with 0.9.8f. 18 o Fixes for bugs introduced with 0.9.8f.
11 19
12 Major changes between OpenSSL 0.9.8e and OpenSSL 0.9.8f: 20 Major changes between OpenSSL 0.9.8e and OpenSSL 0.9.8f:
diff --git a/src/lib/libssl/src/README b/src/lib/libssl/src/README
index df02ae076d..a2d87d4a49 100644
--- a/src/lib/libssl/src/README
+++ b/src/lib/libssl/src/README
@@ -1,5 +1,5 @@
1 1
2 OpenSSL 0.9.8h 2 OpenSSL 0.9.8i
3 3
4 Copyright (c) 1998-2008 The OpenSSL Project 4 Copyright (c) 1998-2008 The OpenSSL Project
5 Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson 5 Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
diff --git a/src/lib/libssl/src/apps/Makefile b/src/lib/libssl/src/apps/Makefile
index 92ae515b44..7eade4e274 100644
--- a/src/lib/libssl/src/apps/Makefile
+++ b/src/lib/libssl/src/apps/Makefile
@@ -239,20 +239,21 @@ ciphers.o: ../include/openssl/crypto.h ../include/openssl/dtls1.h
239ciphers.o: ../include/openssl/e_os2.h ../include/openssl/ec.h 239ciphers.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
240ciphers.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h 240ciphers.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
241ciphers.o: ../include/openssl/engine.h ../include/openssl/err.h 241ciphers.o: ../include/openssl/engine.h ../include/openssl/err.h
242ciphers.o: ../include/openssl/evp.h ../include/openssl/kssl.h 242ciphers.o: ../include/openssl/evp.h ../include/openssl/hmac.h
243ciphers.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h 243ciphers.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
244ciphers.o: ../include/openssl/objects.h ../include/openssl/ocsp.h 244ciphers.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
245ciphers.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h 245ciphers.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h
246ciphers.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h 246ciphers.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
247ciphers.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h 247ciphers.o: ../include/openssl/pem.h ../include/openssl/pem2.h
248ciphers.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h 248ciphers.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h
249ciphers.o: ../include/openssl/safestack.h ../include/openssl/sha.h 249ciphers.o: ../include/openssl/pqueue.h ../include/openssl/safestack.h
250ciphers.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h 250ciphers.o: ../include/openssl/sha.h ../include/openssl/ssl.h
251ciphers.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h 251ciphers.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
252ciphers.o: ../include/openssl/stack.h ../include/openssl/symhacks.h 252ciphers.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
253ciphers.o: ../include/openssl/tls1.h ../include/openssl/txt_db.h 253ciphers.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
254ciphers.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h 254ciphers.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
255ciphers.o: ../include/openssl/x509v3.h apps.h ciphers.c 255ciphers.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h
256ciphers.o: ciphers.c
256cms.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h 257cms.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
257cms.o: ../include/openssl/buffer.h ../include/openssl/conf.h 258cms.o: ../include/openssl/buffer.h ../include/openssl/conf.h
258cms.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h 259cms.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
@@ -419,20 +420,21 @@ engine.o: ../include/openssl/crypto.h ../include/openssl/dtls1.h
419engine.o: ../include/openssl/e_os2.h ../include/openssl/ec.h 420engine.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
420engine.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h 421engine.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
421engine.o: ../include/openssl/engine.h ../include/openssl/err.h 422engine.o: ../include/openssl/engine.h ../include/openssl/err.h
422engine.o: ../include/openssl/evp.h ../include/openssl/kssl.h 423engine.o: ../include/openssl/evp.h ../include/openssl/hmac.h
423engine.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h 424engine.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
424engine.o: ../include/openssl/objects.h ../include/openssl/ocsp.h 425engine.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
425engine.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h 426engine.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h
426engine.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h 427engine.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
427engine.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h 428engine.o: ../include/openssl/pem.h ../include/openssl/pem2.h
428engine.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h 429engine.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h
429engine.o: ../include/openssl/safestack.h ../include/openssl/sha.h 430engine.o: ../include/openssl/pqueue.h ../include/openssl/safestack.h
430engine.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h 431engine.o: ../include/openssl/sha.h ../include/openssl/ssl.h
431engine.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h 432engine.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
432engine.o: ../include/openssl/stack.h ../include/openssl/symhacks.h 433engine.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
433engine.o: ../include/openssl/tls1.h ../include/openssl/txt_db.h 434engine.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
434engine.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h 435engine.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
435engine.o: ../include/openssl/x509v3.h apps.h engine.c 436engine.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h
437engine.o: engine.c
436errstr.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h 438errstr.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
437errstr.o: ../include/openssl/bn.h ../include/openssl/buffer.h 439errstr.o: ../include/openssl/bn.h ../include/openssl/buffer.h
438errstr.o: ../include/openssl/comp.h ../include/openssl/conf.h 440errstr.o: ../include/openssl/comp.h ../include/openssl/conf.h
@@ -440,20 +442,21 @@ errstr.o: ../include/openssl/crypto.h ../include/openssl/dtls1.h
440errstr.o: ../include/openssl/e_os2.h ../include/openssl/ec.h 442errstr.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
441errstr.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h 443errstr.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
442errstr.o: ../include/openssl/engine.h ../include/openssl/err.h 444errstr.o: ../include/openssl/engine.h ../include/openssl/err.h
443errstr.o: ../include/openssl/evp.h ../include/openssl/kssl.h 445errstr.o: ../include/openssl/evp.h ../include/openssl/hmac.h
444errstr.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h 446errstr.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
445errstr.o: ../include/openssl/objects.h ../include/openssl/ocsp.h 447errstr.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
446errstr.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h 448errstr.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h
447errstr.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h 449errstr.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
448errstr.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h 450errstr.o: ../include/openssl/pem.h ../include/openssl/pem2.h
449errstr.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h 451errstr.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h
450errstr.o: ../include/openssl/safestack.h ../include/openssl/sha.h 452errstr.o: ../include/openssl/pqueue.h ../include/openssl/safestack.h
451errstr.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h 453errstr.o: ../include/openssl/sha.h ../include/openssl/ssl.h
452errstr.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h 454errstr.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
453errstr.o: ../include/openssl/stack.h ../include/openssl/symhacks.h 455errstr.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
454errstr.o: ../include/openssl/tls1.h ../include/openssl/txt_db.h 456errstr.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
455errstr.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h 457errstr.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
456errstr.o: ../include/openssl/x509v3.h apps.h errstr.c 458errstr.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h
459errstr.o: errstr.c
457gendh.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h 460gendh.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
458gendh.o: ../include/openssl/bn.h ../include/openssl/buffer.h 461gendh.o: ../include/openssl/bn.h ../include/openssl/buffer.h
459gendh.o: ../include/openssl/conf.h ../include/openssl/crypto.h 462gendh.o: ../include/openssl/conf.h ../include/openssl/crypto.h
@@ -531,20 +534,20 @@ ocsp.o: ../include/openssl/crypto.h ../include/openssl/dtls1.h
531ocsp.o: ../include/openssl/e_os2.h ../include/openssl/ec.h 534ocsp.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
532ocsp.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h 535ocsp.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
533ocsp.o: ../include/openssl/engine.h ../include/openssl/err.h 536ocsp.o: ../include/openssl/engine.h ../include/openssl/err.h
534ocsp.o: ../include/openssl/evp.h ../include/openssl/kssl.h 537ocsp.o: ../include/openssl/evp.h ../include/openssl/hmac.h
535ocsp.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h 538ocsp.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
536ocsp.o: ../include/openssl/objects.h ../include/openssl/ocsp.h 539ocsp.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
537ocsp.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h 540ocsp.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h
538ocsp.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h 541ocsp.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
539ocsp.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h 542ocsp.o: ../include/openssl/pem.h ../include/openssl/pem2.h
540ocsp.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h 543ocsp.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h
541ocsp.o: ../include/openssl/safestack.h ../include/openssl/sha.h 544ocsp.o: ../include/openssl/pqueue.h ../include/openssl/safestack.h
542ocsp.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h 545ocsp.o: ../include/openssl/sha.h ../include/openssl/ssl.h
543ocsp.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h 546ocsp.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
544ocsp.o: ../include/openssl/stack.h ../include/openssl/symhacks.h 547ocsp.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
545ocsp.o: ../include/openssl/tls1.h ../include/openssl/txt_db.h 548ocsp.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
546ocsp.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h 549ocsp.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
547ocsp.o: ../include/openssl/x509v3.h apps.h ocsp.c 550ocsp.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h ocsp.c
548openssl.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h 551openssl.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
549openssl.o: ../include/openssl/bn.h ../include/openssl/buffer.h 552openssl.o: ../include/openssl/bn.h ../include/openssl/buffer.h
550openssl.o: ../include/openssl/comp.h ../include/openssl/conf.h 553openssl.o: ../include/openssl/comp.h ../include/openssl/conf.h
@@ -552,20 +555,21 @@ openssl.o: ../include/openssl/crypto.h ../include/openssl/dtls1.h
552openssl.o: ../include/openssl/e_os2.h ../include/openssl/ec.h 555openssl.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
553openssl.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h 556openssl.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
554openssl.o: ../include/openssl/engine.h ../include/openssl/err.h 557openssl.o: ../include/openssl/engine.h ../include/openssl/err.h
555openssl.o: ../include/openssl/evp.h ../include/openssl/kssl.h 558openssl.o: ../include/openssl/evp.h ../include/openssl/hmac.h
556openssl.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h 559openssl.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
557openssl.o: ../include/openssl/objects.h ../include/openssl/ocsp.h 560openssl.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
558openssl.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h 561openssl.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h
559openssl.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h 562openssl.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
560openssl.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h 563openssl.o: ../include/openssl/pem.h ../include/openssl/pem2.h
561openssl.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h 564openssl.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h
562openssl.o: ../include/openssl/safestack.h ../include/openssl/sha.h 565openssl.o: ../include/openssl/pqueue.h ../include/openssl/safestack.h
563openssl.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h 566openssl.o: ../include/openssl/sha.h ../include/openssl/ssl.h
564openssl.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h 567openssl.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
565openssl.o: ../include/openssl/stack.h ../include/openssl/symhacks.h 568openssl.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
566openssl.o: ../include/openssl/tls1.h ../include/openssl/txt_db.h 569openssl.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
567openssl.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h 570openssl.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
568openssl.o: ../include/openssl/x509v3.h apps.h openssl.c progs.h s_apps.h 571openssl.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h
572openssl.o: openssl.c progs.h s_apps.h
569passwd.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h 573passwd.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
570passwd.o: ../include/openssl/buffer.h ../include/openssl/conf.h 574passwd.o: ../include/openssl/buffer.h ../include/openssl/conf.h
571passwd.o: ../include/openssl/crypto.h ../include/openssl/des.h 575passwd.o: ../include/openssl/crypto.h ../include/openssl/des.h
@@ -720,20 +724,21 @@ s_cb.o: ../include/openssl/crypto.h ../include/openssl/dtls1.h
720s_cb.o: ../include/openssl/e_os2.h ../include/openssl/ec.h 724s_cb.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
721s_cb.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h 725s_cb.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
722s_cb.o: ../include/openssl/engine.h ../include/openssl/err.h 726s_cb.o: ../include/openssl/engine.h ../include/openssl/err.h
723s_cb.o: ../include/openssl/evp.h ../include/openssl/kssl.h 727s_cb.o: ../include/openssl/evp.h ../include/openssl/hmac.h
724s_cb.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h 728s_cb.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
725s_cb.o: ../include/openssl/objects.h ../include/openssl/ocsp.h 729s_cb.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
726s_cb.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h 730s_cb.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h
727s_cb.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h 731s_cb.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
728s_cb.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h 732s_cb.o: ../include/openssl/pem.h ../include/openssl/pem2.h
729s_cb.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h 733s_cb.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h
730s_cb.o: ../include/openssl/safestack.h ../include/openssl/sha.h 734s_cb.o: ../include/openssl/pqueue.h ../include/openssl/safestack.h
731s_cb.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h 735s_cb.o: ../include/openssl/sha.h ../include/openssl/ssl.h
732s_cb.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h 736s_cb.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
733s_cb.o: ../include/openssl/stack.h ../include/openssl/symhacks.h 737s_cb.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
734s_cb.o: ../include/openssl/tls1.h ../include/openssl/txt_db.h 738s_cb.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
735s_cb.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h 739s_cb.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
736s_cb.o: ../include/openssl/x509v3.h apps.h s_apps.h s_cb.c 740s_cb.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h
741s_cb.o: s_apps.h s_cb.c
737s_client.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h 742s_client.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
738s_client.o: ../include/openssl/bn.h ../include/openssl/buffer.h 743s_client.o: ../include/openssl/bn.h ../include/openssl/buffer.h
739s_client.o: ../include/openssl/comp.h ../include/openssl/conf.h 744s_client.o: ../include/openssl/comp.h ../include/openssl/conf.h
@@ -741,21 +746,21 @@ s_client.o: ../include/openssl/crypto.h ../include/openssl/dtls1.h
741s_client.o: ../include/openssl/e_os2.h ../include/openssl/ec.h 746s_client.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
742s_client.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h 747s_client.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
743s_client.o: ../include/openssl/engine.h ../include/openssl/err.h 748s_client.o: ../include/openssl/engine.h ../include/openssl/err.h
744s_client.o: ../include/openssl/evp.h ../include/openssl/kssl.h 749s_client.o: ../include/openssl/evp.h ../include/openssl/hmac.h
745s_client.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h 750s_client.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
746s_client.o: ../include/openssl/objects.h ../include/openssl/ocsp.h 751s_client.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
747s_client.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h 752s_client.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h
748s_client.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h 753s_client.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
749s_client.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h 754s_client.o: ../include/openssl/pem.h ../include/openssl/pem2.h
750s_client.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h 755s_client.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h
751s_client.o: ../include/openssl/rand.h ../include/openssl/safestack.h 756s_client.o: ../include/openssl/pqueue.h ../include/openssl/rand.h
752s_client.o: ../include/openssl/sha.h ../include/openssl/ssl.h 757s_client.o: ../include/openssl/safestack.h ../include/openssl/sha.h
753s_client.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h 758s_client.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
754s_client.o: ../include/openssl/ssl3.h ../include/openssl/stack.h 759s_client.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
755s_client.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h 760s_client.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
756s_client.o: ../include/openssl/txt_db.h ../include/openssl/x509.h 761s_client.o: ../include/openssl/tls1.h ../include/openssl/txt_db.h
757s_client.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h 762s_client.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
758s_client.o: s_apps.h s_client.c timeouts.h 763s_client.o: ../include/openssl/x509v3.h apps.h s_apps.h s_client.c timeouts.h
759s_server.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h 764s_server.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
760s_server.o: ../include/openssl/bn.h ../include/openssl/buffer.h 765s_server.o: ../include/openssl/bn.h ../include/openssl/buffer.h
761s_server.o: ../include/openssl/comp.h ../include/openssl/conf.h 766s_server.o: ../include/openssl/comp.h ../include/openssl/conf.h
@@ -764,22 +769,23 @@ s_server.o: ../include/openssl/dsa.h ../include/openssl/dtls1.h
764s_server.o: ../include/openssl/e_os2.h ../include/openssl/ec.h 769s_server.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
765s_server.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h 770s_server.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
766s_server.o: ../include/openssl/engine.h ../include/openssl/err.h 771s_server.o: ../include/openssl/engine.h ../include/openssl/err.h
767s_server.o: ../include/openssl/evp.h ../include/openssl/kssl.h 772s_server.o: ../include/openssl/evp.h ../include/openssl/hmac.h
768s_server.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h 773s_server.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
769s_server.o: ../include/openssl/objects.h ../include/openssl/ocsp.h 774s_server.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
770s_server.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h 775s_server.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h
771s_server.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h 776s_server.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
772s_server.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h 777s_server.o: ../include/openssl/pem.h ../include/openssl/pem2.h
773s_server.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h 778s_server.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h
774s_server.o: ../include/openssl/rand.h ../include/openssl/rsa.h 779s_server.o: ../include/openssl/pqueue.h ../include/openssl/rand.h
775s_server.o: ../include/openssl/safestack.h ../include/openssl/sha.h 780s_server.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
776s_server.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h 781s_server.o: ../include/openssl/sha.h ../include/openssl/ssl.h
777s_server.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h 782s_server.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
778s_server.o: ../include/openssl/stack.h ../include/openssl/store.h 783s_server.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
779s_server.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h 784s_server.o: ../include/openssl/store.h ../include/openssl/symhacks.h
780s_server.o: ../include/openssl/txt_db.h ../include/openssl/ui.h 785s_server.o: ../include/openssl/tls1.h ../include/openssl/txt_db.h
781s_server.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h 786s_server.o: ../include/openssl/ui.h ../include/openssl/x509.h
782s_server.o: ../include/openssl/x509v3.h apps.h s_apps.h s_server.c timeouts.h 787s_server.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h
788s_server.o: s_apps.h s_server.c timeouts.h
783s_socket.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h 789s_socket.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
784s_socket.o: ../include/openssl/bn.h ../include/openssl/buffer.h 790s_socket.o: ../include/openssl/bn.h ../include/openssl/buffer.h
785s_socket.o: ../include/openssl/comp.h ../include/openssl/conf.h 791s_socket.o: ../include/openssl/comp.h ../include/openssl/conf.h
@@ -787,20 +793,20 @@ s_socket.o: ../include/openssl/crypto.h ../include/openssl/dtls1.h
787s_socket.o: ../include/openssl/e_os2.h ../include/openssl/ec.h 793s_socket.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
788s_socket.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h 794s_socket.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
789s_socket.o: ../include/openssl/engine.h ../include/openssl/evp.h 795s_socket.o: ../include/openssl/engine.h ../include/openssl/evp.h
790s_socket.o: ../include/openssl/kssl.h ../include/openssl/lhash.h 796s_socket.o: ../include/openssl/hmac.h ../include/openssl/kssl.h
791s_socket.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h 797s_socket.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
792s_socket.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h 798s_socket.o: ../include/openssl/objects.h ../include/openssl/ocsp.h
793s_socket.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h 799s_socket.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
794s_socket.o: ../include/openssl/pem.h ../include/openssl/pem2.h 800s_socket.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
795s_socket.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h 801s_socket.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
796s_socket.o: ../include/openssl/pqueue.h ../include/openssl/safestack.h 802s_socket.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h
797s_socket.o: ../include/openssl/sha.h ../include/openssl/ssl.h 803s_socket.o: ../include/openssl/safestack.h ../include/openssl/sha.h
798s_socket.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h 804s_socket.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
799s_socket.o: ../include/openssl/ssl3.h ../include/openssl/stack.h 805s_socket.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
800s_socket.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h 806s_socket.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
801s_socket.o: ../include/openssl/txt_db.h ../include/openssl/x509.h 807s_socket.o: ../include/openssl/tls1.h ../include/openssl/txt_db.h
802s_socket.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h 808s_socket.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
803s_socket.o: s_apps.h s_socket.c 809s_socket.o: ../include/openssl/x509v3.h apps.h s_apps.h s_socket.c
804s_time.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h 810s_time.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
805s_time.o: ../include/openssl/bn.h ../include/openssl/buffer.h 811s_time.o: ../include/openssl/bn.h ../include/openssl/buffer.h
806s_time.o: ../include/openssl/comp.h ../include/openssl/conf.h 812s_time.o: ../include/openssl/comp.h ../include/openssl/conf.h
@@ -808,20 +814,21 @@ s_time.o: ../include/openssl/crypto.h ../include/openssl/dtls1.h
808s_time.o: ../include/openssl/e_os2.h ../include/openssl/ec.h 814s_time.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
809s_time.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h 815s_time.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
810s_time.o: ../include/openssl/engine.h ../include/openssl/err.h 816s_time.o: ../include/openssl/engine.h ../include/openssl/err.h
811s_time.o: ../include/openssl/evp.h ../include/openssl/kssl.h 817s_time.o: ../include/openssl/evp.h ../include/openssl/hmac.h
812s_time.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h 818s_time.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
813s_time.o: ../include/openssl/objects.h ../include/openssl/ocsp.h 819s_time.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
814s_time.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h 820s_time.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h
815s_time.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h 821s_time.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
816s_time.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h 822s_time.o: ../include/openssl/pem.h ../include/openssl/pem2.h
817s_time.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h 823s_time.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h
818s_time.o: ../include/openssl/safestack.h ../include/openssl/sha.h 824s_time.o: ../include/openssl/pqueue.h ../include/openssl/safestack.h
819s_time.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h 825s_time.o: ../include/openssl/sha.h ../include/openssl/ssl.h
820s_time.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h 826s_time.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
821s_time.o: ../include/openssl/stack.h ../include/openssl/symhacks.h 827s_time.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
822s_time.o: ../include/openssl/tls1.h ../include/openssl/txt_db.h 828s_time.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
823s_time.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h 829s_time.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
824s_time.o: ../include/openssl/x509v3.h apps.h s_apps.h s_time.c 830s_time.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h
831s_time.o: s_apps.h s_time.c
825sess_id.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h 832sess_id.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
826sess_id.o: ../include/openssl/bn.h ../include/openssl/buffer.h 833sess_id.o: ../include/openssl/bn.h ../include/openssl/buffer.h
827sess_id.o: ../include/openssl/comp.h ../include/openssl/conf.h 834sess_id.o: ../include/openssl/comp.h ../include/openssl/conf.h
@@ -829,20 +836,21 @@ sess_id.o: ../include/openssl/crypto.h ../include/openssl/dtls1.h
829sess_id.o: ../include/openssl/e_os2.h ../include/openssl/ec.h 836sess_id.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
830sess_id.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h 837sess_id.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
831sess_id.o: ../include/openssl/engine.h ../include/openssl/err.h 838sess_id.o: ../include/openssl/engine.h ../include/openssl/err.h
832sess_id.o: ../include/openssl/evp.h ../include/openssl/kssl.h 839sess_id.o: ../include/openssl/evp.h ../include/openssl/hmac.h
833sess_id.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h 840sess_id.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
834sess_id.o: ../include/openssl/objects.h ../include/openssl/ocsp.h 841sess_id.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
835sess_id.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h 842sess_id.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h
836sess_id.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h 843sess_id.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
837sess_id.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h 844sess_id.o: ../include/openssl/pem.h ../include/openssl/pem2.h
838sess_id.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h 845sess_id.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h
839sess_id.o: ../include/openssl/safestack.h ../include/openssl/sha.h 846sess_id.o: ../include/openssl/pqueue.h ../include/openssl/safestack.h
840sess_id.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h 847sess_id.o: ../include/openssl/sha.h ../include/openssl/ssl.h
841sess_id.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h 848sess_id.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
842sess_id.o: ../include/openssl/stack.h ../include/openssl/symhacks.h 849sess_id.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
843sess_id.o: ../include/openssl/tls1.h ../include/openssl/txt_db.h 850sess_id.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
844sess_id.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h 851sess_id.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
845sess_id.o: ../include/openssl/x509v3.h apps.h sess_id.c 852sess_id.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h
853sess_id.o: sess_id.c
846smime.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h 854smime.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
847smime.o: ../include/openssl/buffer.h ../include/openssl/conf.h 855smime.o: ../include/openssl/buffer.h ../include/openssl/conf.h
848smime.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h 856smime.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
diff --git a/src/lib/libssl/src/apps/dsa.c b/src/lib/libssl/src/apps/dsa.c
index 9e103037dd..7518a2fe96 100644
--- a/src/lib/libssl/src/apps/dsa.c
+++ b/src/lib/libssl/src/apps/dsa.c
@@ -240,37 +240,27 @@ bad:
240 goto end; 240 goto end;
241 } 241 }
242 242
243 in=BIO_new(BIO_s_file());
244 out=BIO_new(BIO_s_file()); 243 out=BIO_new(BIO_s_file());
245 if ((in == NULL) || (out == NULL)) 244 if (out == NULL)
246 { 245 {
247 ERR_print_errors(bio_err); 246 ERR_print_errors(bio_err);
248 goto end; 247 goto end;
249 } 248 }
250 249
251 if (infile == NULL)
252 BIO_set_fp(in,stdin,BIO_NOCLOSE);
253 else
254 {
255 if (BIO_read_filename(in,infile) <= 0)
256 {
257 perror(infile);
258 goto end;
259 }
260 }
261
262 BIO_printf(bio_err,"read DSA key\n"); 250 BIO_printf(bio_err,"read DSA key\n");
263 if (informat == FORMAT_ASN1) { 251 {
264 if(pubin) dsa=d2i_DSA_PUBKEY_bio(in,NULL); 252 EVP_PKEY *pkey;
265 else dsa=d2i_DSAPrivateKey_bio(in,NULL); 253 if (pubin)
266 } else if (informat == FORMAT_PEM) { 254 pkey = load_pubkey(bio_err, infile, informat, 1,
267 if(pubin) dsa=PEM_read_bio_DSA_PUBKEY(in,NULL, NULL, NULL); 255 passin, e, "Public Key");
268 else dsa=PEM_read_bio_DSAPrivateKey(in,NULL,NULL,passin); 256 else
269 } else 257 pkey = load_key(bio_err, infile, informat, 1,
270 { 258 passin, e, "Private Key");
271 BIO_printf(bio_err,"bad input format specified for key\n"); 259
272 goto end; 260 if (pkey != NULL)
273 } 261 dsa = pkey == NULL ? NULL : EVP_PKEY_get1_DSA(pkey);
262 EVP_PKEY_free(pkey);
263 }
274 if (dsa == NULL) 264 if (dsa == NULL)
275 { 265 {
276 BIO_printf(bio_err,"unable to load Key\n"); 266 BIO_printf(bio_err,"unable to load Key\n");
diff --git a/src/lib/libssl/src/apps/openssl.c b/src/lib/libssl/src/apps/openssl.c
index 47aee5b712..ec25f990fe 100644
--- a/src/lib/libssl/src/apps/openssl.c
+++ b/src/lib/libssl/src/apps/openssl.c
@@ -273,9 +273,21 @@ int main(int Argc, char *Argv[])
273 i=NCONF_load(config,p,&errline); 273 i=NCONF_load(config,p,&errline);
274 if (i == 0) 274 if (i == 0)
275 { 275 {
276 NCONF_free(config); 276 if (ERR_GET_REASON(ERR_peek_last_error())
277 config = NULL; 277 == CONF_R_NO_SUCH_FILE)
278 ERR_clear_error(); 278 {
279 BIO_printf(bio_err,
280 "WARNING: can't open config file: %s\n",p);
281 ERR_clear_error();
282 NCONF_free(config);
283 config = NULL;
284 }
285 else
286 {
287 ERR_print_errors(bio_err);
288 NCONF_free(config);
289 exit(1);
290 }
279 } 291 }
280 292
281 prog=prog_init(); 293 prog=prog_init();
diff --git a/src/lib/libssl/src/apps/pkcs12.c b/src/lib/libssl/src/apps/pkcs12.c
index 7c71b1a88f..268390ebe8 100644
--- a/src/lib/libssl/src/apps/pkcs12.c
+++ b/src/lib/libssl/src/apps/pkcs12.c
@@ -100,6 +100,7 @@ int MAIN(int argc, char **argv)
100 char **args; 100 char **args;
101 char *name = NULL; 101 char *name = NULL;
102 char *csp_name = NULL; 102 char *csp_name = NULL;
103 int add_lmk = 0;
103 PKCS12 *p12 = NULL; 104 PKCS12 *p12 = NULL;
104 char pass[50], macpass[50]; 105 char pass[50], macpass[50];
105 int export_cert = 0; 106 int export_cert = 0;
@@ -224,7 +225,9 @@ int MAIN(int argc, char **argv)
224 args++; 225 args++;
225 name = *args; 226 name = *args;
226 } else badarg = 1; 227 } else badarg = 1;
227 } else if (!strcmp (*args, "-CSP")) { 228 } else if (!strcmp (*args, "-LMK"))
229 add_lmk = 1;
230 else if (!strcmp (*args, "-CSP")) {
228 if (args[1]) { 231 if (args[1]) {
229 args++; 232 args++;
230 csp_name = *args; 233 csp_name = *args;
@@ -338,6 +341,8 @@ int MAIN(int argc, char **argv)
338 BIO_printf(bio_err, "-rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR); 341 BIO_printf(bio_err, "-rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
339 BIO_printf(bio_err, " load the file (or the files in the directory) into\n"); 342 BIO_printf(bio_err, " load the file (or the files in the directory) into\n");
340 BIO_printf(bio_err, " the random number generator\n"); 343 BIO_printf(bio_err, " the random number generator\n");
344 BIO_printf(bio_err, "-CSP name Microsoft CSP name\n");
345 BIO_printf(bio_err, "-LMK Add local machine keyset attribute to private key\n");
341 goto end; 346 goto end;
342 } 347 }
343 348
@@ -562,7 +567,9 @@ int MAIN(int argc, char **argv)
562 if (csp_name && key) 567 if (csp_name && key)
563 EVP_PKEY_add1_attr_by_NID(key, NID_ms_csp_name, 568 EVP_PKEY_add1_attr_by_NID(key, NID_ms_csp_name,
564 MBSTRING_ASC, (unsigned char *)csp_name, -1); 569 MBSTRING_ASC, (unsigned char *)csp_name, -1);
565 570
571 if (add_lmk && key)
572 EVP_PKEY_add1_attr_by_NID(key, NID_LocalKeySet, 0, NULL, -1);
566 573
567#ifdef CRYPTO_MDEBUG 574#ifdef CRYPTO_MDEBUG
568 CRYPTO_pop_info(); 575 CRYPTO_pop_info();
diff --git a/src/lib/libssl/src/apps/s_client.c b/src/lib/libssl/src/apps/s_client.c
index 3a52853c82..78ac95c512 100644
--- a/src/lib/libssl/src/apps/s_client.c
+++ b/src/lib/libssl/src/apps/s_client.c
@@ -321,7 +321,8 @@ int MAIN(int argc, char **argv)
321 char *inrand=NULL; 321 char *inrand=NULL;
322#ifndef OPENSSL_NO_ENGINE 322#ifndef OPENSSL_NO_ENGINE
323 char *engine_id=NULL; 323 char *engine_id=NULL;
324 ENGINE *e=NULL; 324 char *ssl_client_engine_id=NULL;
325 ENGINE *e=NULL, *ssl_client_engine=NULL;
325#endif 326#endif
326#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_NETWARE) 327#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_NETWARE)
327 struct timeval tv; 328 struct timeval tv;
@@ -559,6 +560,11 @@ int MAIN(int argc, char **argv)
559 if (--argc < 1) goto bad; 560 if (--argc < 1) goto bad;
560 engine_id = *(++argv); 561 engine_id = *(++argv);
561 } 562 }
563 else if (strcmp(*argv,"-ssl_client_engine") == 0)
564 {
565 if (--argc < 1) goto bad;
566 ssl_client_engine_id = *(++argv);
567 }
562#endif 568#endif
563 else if (strcmp(*argv,"-rand") == 0) 569 else if (strcmp(*argv,"-rand") == 0)
564 { 570 {
@@ -596,6 +602,16 @@ bad:
596 602
597#ifndef OPENSSL_NO_ENGINE 603#ifndef OPENSSL_NO_ENGINE
598 e = setup_engine(bio_err, engine_id, 1); 604 e = setup_engine(bio_err, engine_id, 1);
605 if (ssl_client_engine_id)
606 {
607 ssl_client_engine = ENGINE_by_id(ssl_client_engine_id);
608 if (!ssl_client_engine)
609 {
610 BIO_printf(bio_err,
611 "Error getting client auth engine\n");
612 goto end;
613 }
614 }
599#endif 615#endif
600 if (!app_passwd(bio_err, passarg, NULL, &pass, NULL)) 616 if (!app_passwd(bio_err, passarg, NULL, &pass, NULL))
601 { 617 {
@@ -663,6 +679,20 @@ bad:
663 goto end; 679 goto end;
664 } 680 }
665 681
682#ifndef OPENSSL_NO_ENGINE
683 if (ssl_client_engine)
684 {
685 if (!SSL_CTX_set_client_cert_engine(ctx, ssl_client_engine))
686 {
687 BIO_puts(bio_err, "Error setting client auth engine\n");
688 ERR_print_errors(bio_err);
689 ENGINE_free(ssl_client_engine);
690 goto end;
691 }
692 ENGINE_free(ssl_client_engine);
693 }
694#endif
695
666 if (bugs) 696 if (bugs)
667 SSL_CTX_set_options(ctx,SSL_OP_ALL|off); 697 SSL_CTX_set_options(ctx,SSL_OP_ALL|off);
668 else 698 else
diff --git a/src/lib/libssl/src/crypto/asn1/asn_mime.c b/src/lib/libssl/src/crypto/asn1/asn_mime.c
index fe7c4ec7ab..bc80b20d63 100644
--- a/src/lib/libssl/src/crypto/asn1/asn_mime.c
+++ b/src/lib/libssl/src/crypto/asn1/asn_mime.c
@@ -526,6 +526,8 @@ int SMIME_text(BIO *in, BIO *out)
526 sk_MIME_HEADER_pop_free(headers, mime_hdr_free); 526 sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
527 while ((len = BIO_read(in, iobuf, sizeof(iobuf))) > 0) 527 while ((len = BIO_read(in, iobuf, sizeof(iobuf))) > 0)
528 BIO_write(out, iobuf, len); 528 BIO_write(out, iobuf, len);
529 if (len < 0)
530 return 0;
529 return 1; 531 return 1;
530} 532}
531 533
diff --git a/src/lib/libssl/src/crypto/asn1/t_x509.c b/src/lib/libssl/src/crypto/asn1/t_x509.c
index 26d3361722..cb76c32c8d 100644
--- a/src/lib/libssl/src/crypto/asn1/t_x509.c
+++ b/src/lib/libssl/src/crypto/asn1/t_x509.c
@@ -393,8 +393,9 @@ int ASN1_GENERALIZEDTIME_print(BIO *bp, ASN1_GENERALIZEDTIME *tm)
393 d= (v[6]-'0')*10+(v[7]-'0'); 393 d= (v[6]-'0')*10+(v[7]-'0');
394 h= (v[8]-'0')*10+(v[9]-'0'); 394 h= (v[8]-'0')*10+(v[9]-'0');
395 m= (v[10]-'0')*10+(v[11]-'0'); 395 m= (v[10]-'0')*10+(v[11]-'0');
396 if ( (v[12] >= '0') && (v[12] <= '9') && 396 if (i >= 14 &&
397 (v[13] >= '0') && (v[13] <= '9')) 397 (v[12] >= '0') && (v[12] <= '9') &&
398 (v[13] >= '0') && (v[13] <= '9'))
398 s= (v[12]-'0')*10+(v[13]-'0'); 399 s= (v[12]-'0')*10+(v[13]-'0');
399 400
400 if (BIO_printf(bp,"%s %2d %02d:%02d:%02d %d%s", 401 if (BIO_printf(bp,"%s %2d %02d:%02d:%02d %d%s",
@@ -428,8 +429,9 @@ int ASN1_UTCTIME_print(BIO *bp, ASN1_UTCTIME *tm)
428 d= (v[4]-'0')*10+(v[5]-'0'); 429 d= (v[4]-'0')*10+(v[5]-'0');
429 h= (v[6]-'0')*10+(v[7]-'0'); 430 h= (v[6]-'0')*10+(v[7]-'0');
430 m= (v[8]-'0')*10+(v[9]-'0'); 431 m= (v[8]-'0')*10+(v[9]-'0');
431 if ( (v[10] >= '0') && (v[10] <= '9') && 432 if (i >=12 &&
432 (v[11] >= '0') && (v[11] <= '9')) 433 (v[10] >= '0') && (v[10] <= '9') &&
434 (v[11] >= '0') && (v[11] <= '9'))
433 s= (v[10]-'0')*10+(v[11]-'0'); 435 s= (v[10]-'0')*10+(v[11]-'0');
434 436
435 if (BIO_printf(bp,"%s %2d %02d:%02d:%02d %d%s", 437 if (BIO_printf(bp,"%s %2d %02d:%02d:%02d %d%s",
@@ -501,4 +503,3 @@ err:
501 OPENSSL_free(b); 503 OPENSSL_free(b);
502 return(ret); 504 return(ret);
503 } 505 }
504
diff --git a/src/lib/libssl/src/crypto/bio/bss_dgram.c b/src/lib/libssl/src/crypto/bio/bss_dgram.c
index ea2c3fff63..c3da6dc82f 100644
--- a/src/lib/libssl/src/crypto/bio/bss_dgram.c
+++ b/src/lib/libssl/src/crypto/bio/bss_dgram.c
@@ -82,7 +82,7 @@ static int dgram_new(BIO *h);
82static int dgram_free(BIO *data); 82static int dgram_free(BIO *data);
83static int dgram_clear(BIO *bio); 83static int dgram_clear(BIO *bio);
84 84
85int BIO_dgram_should_retry(int s); 85static int BIO_dgram_should_retry(int s);
86 86
87static BIO_METHOD methods_dgramp= 87static BIO_METHOD methods_dgramp=
88 { 88 {
@@ -345,30 +345,90 @@ static long dgram_ctrl(BIO *b, int cmd, long num, void *ptr)
345 345
346 memcpy(&(data->peer), to, sizeof(struct sockaddr)); 346 memcpy(&(data->peer), to, sizeof(struct sockaddr));
347 break; 347 break;
348#if defined(SO_RCVTIMEO)
348 case BIO_CTRL_DGRAM_SET_RECV_TIMEOUT: 349 case BIO_CTRL_DGRAM_SET_RECV_TIMEOUT:
350#ifdef OPENSSL_SYS_WINDOWS
351 {
352 struct timeval *tv = (struct timeval *)ptr;
353 int timeout = tv->tv_sec * 1000 + tv->tv_usec/1000;
354 if (setsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO,
355 (void*)&timeout, sizeof(timeout)) < 0)
356 { perror("setsockopt"); ret = -1; }
357 }
358#else
349 if ( setsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO, ptr, 359 if ( setsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO, ptr,
350 sizeof(struct timeval)) < 0) 360 sizeof(struct timeval)) < 0)
351 { perror("setsockopt"); ret = -1; } 361 { perror("setsockopt"); ret = -1; }
362#endif
352 break; 363 break;
353 case BIO_CTRL_DGRAM_GET_RECV_TIMEOUT: 364 case BIO_CTRL_DGRAM_GET_RECV_TIMEOUT:
365#ifdef OPENSSL_SYS_WINDOWS
366 {
367 int timeout, sz = sizeof(timeout);
368 struct timeval *tv = (struct timeval *)ptr;
369 if (getsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO,
370 (void*)&timeout, &sz) < 0)
371 { perror("getsockopt"); ret = -1; }
372 else
373 {
374 tv->tv_sec = timeout / 1000;
375 tv->tv_usec = (timeout % 1000) * 1000;
376 ret = sizeof(*tv);
377 }
378 }
379#else
354 if ( getsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO, 380 if ( getsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO,
355 ptr, (void *)&ret) < 0) 381 ptr, (void *)&ret) < 0)
356 { perror("getsockopt"); ret = -1; } 382 { perror("getsockopt"); ret = -1; }
383#endif
357 break; 384 break;
385#endif
386#if defined(SO_SNDTIMEO)
358 case BIO_CTRL_DGRAM_SET_SEND_TIMEOUT: 387 case BIO_CTRL_DGRAM_SET_SEND_TIMEOUT:
388#ifdef OPENSSL_SYS_WINDOWS
389 {
390 struct timeval *tv = (struct timeval *)ptr;
391 int timeout = tv->tv_sec * 1000 + tv->tv_usec/1000;
392 if (setsockopt(b->num, SOL_SOCKET, SO_SNDTIMEO,
393 (void*)&timeout, sizeof(timeout)) < 0)
394 { perror("setsockopt"); ret = -1; }
395 }
396#else
359 if ( setsockopt(b->num, SOL_SOCKET, SO_SNDTIMEO, ptr, 397 if ( setsockopt(b->num, SOL_SOCKET, SO_SNDTIMEO, ptr,
360 sizeof(struct timeval)) < 0) 398 sizeof(struct timeval)) < 0)
361 { perror("setsockopt"); ret = -1; } 399 { perror("setsockopt"); ret = -1; }
400#endif
362 break; 401 break;
363 case BIO_CTRL_DGRAM_GET_SEND_TIMEOUT: 402 case BIO_CTRL_DGRAM_GET_SEND_TIMEOUT:
403#ifdef OPENSSL_SYS_WINDOWS
404 {
405 int timeout, sz = sizeof(timeout);
406 struct timeval *tv = (struct timeval *)ptr;
407 if (getsockopt(b->num, SOL_SOCKET, SO_SNDTIMEO,
408 (void*)&timeout, &sz) < 0)
409 { perror("getsockopt"); ret = -1; }
410 else
411 {
412 tv->tv_sec = timeout / 1000;
413 tv->tv_usec = (timeout % 1000) * 1000;
414 ret = sizeof(*tv);
415 }
416 }
417#else
364 if ( getsockopt(b->num, SOL_SOCKET, SO_SNDTIMEO, 418 if ( getsockopt(b->num, SOL_SOCKET, SO_SNDTIMEO,
365 ptr, (void *)&ret) < 0) 419 ptr, (void *)&ret) < 0)
366 { perror("getsockopt"); ret = -1; } 420 { perror("getsockopt"); ret = -1; }
421#endif
367 break; 422 break;
423#endif
368 case BIO_CTRL_DGRAM_GET_SEND_TIMER_EXP: 424 case BIO_CTRL_DGRAM_GET_SEND_TIMER_EXP:
369 /* fall-through */ 425 /* fall-through */
370 case BIO_CTRL_DGRAM_GET_RECV_TIMER_EXP: 426 case BIO_CTRL_DGRAM_GET_RECV_TIMER_EXP:
427#ifdef OPENSSL_SYS_WINDOWS
428 if ( data->_errno == WSAETIMEDOUT)
429#else
371 if ( data->_errno == EAGAIN) 430 if ( data->_errno == EAGAIN)
431#endif
372 { 432 {
373 ret = 1; 433 ret = 1;
374 data->_errno = 0; 434 data->_errno = 0;
@@ -403,7 +463,7 @@ static int dgram_puts(BIO *bp, const char *str)
403 return(ret); 463 return(ret);
404 } 464 }
405 465
406int BIO_dgram_should_retry(int i) 466static int BIO_dgram_should_retry(int i)
407 { 467 {
408 int err; 468 int err;
409 469
diff --git a/src/lib/libssl/src/crypto/bn/Makefile b/src/lib/libssl/src/crypto/bn/Makefile
index e97c751390..0491e3db4c 100644
--- a/src/lib/libssl/src/crypto/bn/Makefile
+++ b/src/lib/libssl/src/crypto/bn/Makefile
@@ -116,6 +116,7 @@ linux_ppc64.s: asm/ppc.pl; $(PERL) $< $@
116aix_ppc32.s: asm/ppc.pl; $(PERL) asm/ppc.pl $@ 116aix_ppc32.s: asm/ppc.pl; $(PERL) asm/ppc.pl $@
117aix_ppc64.s: asm/ppc.pl; $(PERL) asm/ppc.pl $@ 117aix_ppc64.s: asm/ppc.pl; $(PERL) asm/ppc.pl $@
118osx_ppc32.s: asm/ppc.pl; $(PERL) $< $@ 118osx_ppc32.s: asm/ppc.pl; $(PERL) $< $@
119osx_ppc64.s: asm/ppc.pl; $(PERL) $< $@
119 120
120files: 121files:
121 $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO 122 $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
diff --git a/src/lib/libssl/src/crypto/bn/bn_div.c b/src/lib/libssl/src/crypto/bn/bn_div.c
index 8655eb118e..1e8e57626b 100644
--- a/src/lib/libssl/src/crypto/bn/bn_div.c
+++ b/src/lib/libssl/src/crypto/bn/bn_div.c
@@ -187,6 +187,17 @@ int BN_div(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num, const BIGNUM *divisor,
187 BN_ULONG d0,d1; 187 BN_ULONG d0,d1;
188 int num_n,div_n; 188 int num_n,div_n;
189 189
190 /* Invalid zero-padding would have particularly bad consequences
191 * in the case of 'num', so don't just rely on bn_check_top() for this one
192 * (bn_check_top() works only for BN_DEBUG builds) */
193 if (num->top > 0 && num->d[num->top - 1] == 0)
194 {
195 BNerr(BN_F_BN_DIV,BN_R_NOT_INITIALIZED);
196 return 0;
197 }
198
199 bn_check_top(num);
200
190 if ((BN_get_flags(num, BN_FLG_CONSTTIME) != 0) || (BN_get_flags(divisor, BN_FLG_CONSTTIME) != 0)) 201 if ((BN_get_flags(num, BN_FLG_CONSTTIME) != 0) || (BN_get_flags(divisor, BN_FLG_CONSTTIME) != 0))
191 { 202 {
192 return BN_div_no_branch(dv, rm, num, divisor, ctx); 203 return BN_div_no_branch(dv, rm, num, divisor, ctx);
@@ -194,7 +205,7 @@ int BN_div(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num, const BIGNUM *divisor,
194 205
195 bn_check_top(dv); 206 bn_check_top(dv);
196 bn_check_top(rm); 207 bn_check_top(rm);
197 bn_check_top(num); 208 /* bn_check_top(num); */ /* 'num' has been checked already */
198 bn_check_top(divisor); 209 bn_check_top(divisor);
199 210
200 if (BN_is_zero(divisor)) 211 if (BN_is_zero(divisor))
@@ -419,7 +430,7 @@ static int BN_div_no_branch(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num,
419 430
420 bn_check_top(dv); 431 bn_check_top(dv);
421 bn_check_top(rm); 432 bn_check_top(rm);
422 bn_check_top(num); 433 /* bn_check_top(num); */ /* 'num' has been checked in BN_div() */
423 bn_check_top(divisor); 434 bn_check_top(divisor);
424 435
425 if (BN_is_zero(divisor)) 436 if (BN_is_zero(divisor))
diff --git a/src/lib/libssl/src/crypto/bn/bn_gf2m.c b/src/lib/libssl/src/crypto/bn/bn_gf2m.c
index 6a793857e1..306f029f27 100644
--- a/src/lib/libssl/src/crypto/bn/bn_gf2m.c
+++ b/src/lib/libssl/src/crypto/bn/bn_gf2m.c
@@ -384,7 +384,11 @@ int BN_GF2m_mod_arr(BIGNUM *r, const BIGNUM *a, const unsigned int p[])
384 if (zz == 0) break; 384 if (zz == 0) break;
385 d1 = BN_BITS2 - d0; 385 d1 = BN_BITS2 - d0;
386 386
387 if (d0) z[dN] = (z[dN] << d1) >> d1; /* clear up the top d1 bits */ 387 /* clear up the top d1 bits */
388 if (d0)
389 z[dN] = (z[dN] << d1) >> d1;
390 else
391 z[dN] = 0;
388 z[0] ^= zz; /* reduction t^0 component */ 392 z[0] ^= zz; /* reduction t^0 component */
389 393
390 for (k = 1; p[k] != 0; k++) 394 for (k = 1; p[k] != 0; k++)
diff --git a/src/lib/libssl/src/crypto/bn/bn_nist.c b/src/lib/libssl/src/crypto/bn/bn_nist.c
index e14232fdbb..1fc94f55c3 100644
--- a/src/lib/libssl/src/crypto/bn/bn_nist.c
+++ b/src/lib/libssl/src/crypto/bn/bn_nist.c
@@ -59,6 +59,7 @@
59#include "bn_lcl.h" 59#include "bn_lcl.h"
60#include "cryptlib.h" 60#include "cryptlib.h"
61 61
62
62#define BN_NIST_192_TOP (192+BN_BITS2-1)/BN_BITS2 63#define BN_NIST_192_TOP (192+BN_BITS2-1)/BN_BITS2
63#define BN_NIST_224_TOP (224+BN_BITS2-1)/BN_BITS2 64#define BN_NIST_224_TOP (224+BN_BITS2-1)/BN_BITS2
64#define BN_NIST_256_TOP (256+BN_BITS2-1)/BN_BITS2 65#define BN_NIST_256_TOP (256+BN_BITS2-1)/BN_BITS2
@@ -101,60 +102,98 @@ static const BN_ULONG _nist_p_521[] = {0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,
101 0xFFFFFFFF,0x000001FF}; 102 0xFFFFFFFF,0x000001FF};
102#endif 103#endif
103 104
105
106static const BIGNUM _bignum_nist_p_192 =
107 {
108 (BN_ULONG *)_nist_p_192,
109 BN_NIST_192_TOP,
110 BN_NIST_192_TOP,
111 0,
112 BN_FLG_STATIC_DATA
113 };
114
115static const BIGNUM _bignum_nist_p_224 =
116 {
117 (BN_ULONG *)_nist_p_224,
118 BN_NIST_224_TOP,
119 BN_NIST_224_TOP,
120 0,
121 BN_FLG_STATIC_DATA
122 };
123
124static const BIGNUM _bignum_nist_p_256 =
125 {
126 (BN_ULONG *)_nist_p_256,
127 BN_NIST_256_TOP,
128 BN_NIST_256_TOP,
129 0,
130 BN_FLG_STATIC_DATA
131 };
132
133static const BIGNUM _bignum_nist_p_384 =
134 {
135 (BN_ULONG *)_nist_p_384,
136 BN_NIST_384_TOP,
137 BN_NIST_384_TOP,
138 0,
139 BN_FLG_STATIC_DATA
140 };
141
142static const BIGNUM _bignum_nist_p_521 =
143 {
144 (BN_ULONG *)_nist_p_521,
145 BN_NIST_521_TOP,
146 BN_NIST_521_TOP,
147 0,
148 BN_FLG_STATIC_DATA
149 };
150
151
104const BIGNUM *BN_get0_nist_prime_192(void) 152const BIGNUM *BN_get0_nist_prime_192(void)
105 { 153 {
106 static BIGNUM const_nist_192 = { (BN_ULONG *)_nist_p_192, 154 return &_bignum_nist_p_192;
107 BN_NIST_192_TOP, BN_NIST_192_TOP, 0, BN_FLG_STATIC_DATA };
108 return &const_nist_192;
109 } 155 }
110 156
111const BIGNUM *BN_get0_nist_prime_224(void) 157const BIGNUM *BN_get0_nist_prime_224(void)
112 { 158 {
113 static BIGNUM const_nist_224 = { (BN_ULONG *)_nist_p_224, 159 return &_bignum_nist_p_224;
114 BN_NIST_224_TOP, BN_NIST_224_TOP, 0, BN_FLG_STATIC_DATA };
115 return &const_nist_224;
116 } 160 }
117 161
118const BIGNUM *BN_get0_nist_prime_256(void) 162const BIGNUM *BN_get0_nist_prime_256(void)
119 { 163 {
120 static BIGNUM const_nist_256 = { (BN_ULONG *)_nist_p_256, 164 return &_bignum_nist_p_256;
121 BN_NIST_256_TOP, BN_NIST_256_TOP, 0, BN_FLG_STATIC_DATA };
122 return &const_nist_256;
123 } 165 }
124 166
125const BIGNUM *BN_get0_nist_prime_384(void) 167const BIGNUM *BN_get0_nist_prime_384(void)
126 { 168 {
127 static BIGNUM const_nist_384 = { (BN_ULONG *)_nist_p_384, 169 return &_bignum_nist_p_384;
128 BN_NIST_384_TOP, BN_NIST_384_TOP, 0, BN_FLG_STATIC_DATA };
129 return &const_nist_384;
130 } 170 }
131 171
132const BIGNUM *BN_get0_nist_prime_521(void) 172const BIGNUM *BN_get0_nist_prime_521(void)
133 { 173 {
134 static BIGNUM const_nist_521 = { (BN_ULONG *)_nist_p_521, 174 return &_bignum_nist_p_521;
135 BN_NIST_521_TOP, BN_NIST_521_TOP, 0, BN_FLG_STATIC_DATA };
136 return &const_nist_521;
137 } 175 }
138 176
139#define BN_NIST_ADD_ONE(a) while (!(*(a)=(*(a)+1)&BN_MASK2)) ++(a);
140 177
141static void nist_cp_bn_0(BN_ULONG *buf, BN_ULONG *a, int top, int max) 178static void nist_cp_bn_0(BN_ULONG *buf, BN_ULONG *a, int top, int max)
142 { 179 {
143 int i; 180 int i;
144 BN_ULONG *_tmp1 = (buf), *_tmp2 = (a); 181 BN_ULONG *_tmp1 = (buf), *_tmp2 = (a);
145 for (i = (top); i != 0; i--) 182
146 *_tmp1++ = *_tmp2++; 183 OPENSSL_assert(top <= max);
147 for (i = (max) - (top); i != 0; i--) 184 for (i = (top); i != 0; i--)
148 *_tmp1++ = (BN_ULONG) 0; 185 *_tmp1++ = *_tmp2++;
149 } 186 for (i = (max) - (top); i != 0; i--)
187 *_tmp1++ = (BN_ULONG) 0;
188 }
150 189
151static void nist_cp_bn(BN_ULONG *buf, BN_ULONG *a, int top) 190static void nist_cp_bn(BN_ULONG *buf, BN_ULONG *a, int top)
152 { 191 {
153 int i; 192 int i;
154 BN_ULONG *_tmp1 = (buf), *_tmp2 = (a); 193 BN_ULONG *_tmp1 = (buf), *_tmp2 = (a);
155 for (i = (top); i != 0; i--) 194 for (i = (top); i != 0; i--)
156 *_tmp1++ = *_tmp2++; 195 *_tmp1++ = *_tmp2++;
157 } 196 }
158 197
159#if BN_BITS2 == 64 198#if BN_BITS2 == 64
160#define bn_cp_64(to, n, from, m) (to)[n] = (m>=0)?((from)[m]):0; 199#define bn_cp_64(to, n, from, m) (to)[n] = (m>=0)?((from)[m]):0;
@@ -199,6 +238,11 @@ int BN_nist_mod_192(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
199 *res; 238 *res;
200 size_t mask; 239 size_t mask;
201 240
241 field = &_bignum_nist_p_192; /* just to make sure */
242
243 if (BN_is_negative(a) || a->top > 2*BN_NIST_192_TOP)
244 return BN_nnmod(r, field, a, ctx);
245
202 i = BN_ucmp(field, a); 246 i = BN_ucmp(field, a);
203 if (i == 0) 247 if (i == 0)
204 { 248 {
@@ -208,9 +252,6 @@ int BN_nist_mod_192(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
208 else if (i > 0) 252 else if (i > 0)
209 return (r == a) ? 1 : (BN_copy(r ,a) != NULL); 253 return (r == a) ? 1 : (BN_copy(r ,a) != NULL);
210 254
211 if (top == BN_NIST_192_TOP)
212 return BN_usub(r, a, field);
213
214 if (r != a) 255 if (r != a)
215 { 256 {
216 if (!bn_wexpand(r, BN_NIST_192_TOP)) 257 if (!bn_wexpand(r, BN_NIST_192_TOP))
@@ -245,6 +286,11 @@ int BN_nist_mod_192(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
245 r->top = BN_NIST_192_TOP; 286 r->top = BN_NIST_192_TOP;
246 bn_correct_top(r); 287 bn_correct_top(r);
247 288
289 if (BN_ucmp(field, r) <= 0)
290 {
291 if (!BN_usub(r, r, field)) return 0;
292 }
293
248 return 1; 294 return 1;
249 } 295 }
250 296
@@ -272,6 +318,11 @@ int BN_nist_mod_224(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
272 *res; 318 *res;
273 size_t mask; 319 size_t mask;
274 320
321 field = &_bignum_nist_p_224; /* just to make sure */
322
323 if (BN_is_negative(a) || a->top > 2*BN_NIST_224_TOP)
324 return BN_nnmod(r, field, a, ctx);
325
275 i = BN_ucmp(field, a); 326 i = BN_ucmp(field, a);
276 if (i == 0) 327 if (i == 0)
277 { 328 {
@@ -281,9 +332,6 @@ int BN_nist_mod_224(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
281 else if (i > 0) 332 else if (i > 0)
282 return (r == a)? 1 : (BN_copy(r ,a) != NULL); 333 return (r == a)? 1 : (BN_copy(r ,a) != NULL);
283 334
284 if (top == BN_NIST_224_TOP)
285 return BN_usub(r, a, field);
286
287 if (r != a) 335 if (r != a)
288 { 336 {
289 if (!bn_wexpand(r, BN_NIST_224_TOP)) 337 if (!bn_wexpand(r, BN_NIST_224_TOP))
@@ -333,6 +381,11 @@ int BN_nist_mod_224(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
333 r->top = BN_NIST_224_TOP; 381 r->top = BN_NIST_224_TOP;
334 bn_correct_top(r); 382 bn_correct_top(r);
335 383
384 if (BN_ucmp(field, r) <= 0)
385 {
386 if (!BN_usub(r, r, field)) return 0;
387 }
388
336 return 1; 389 return 1;
337#else /* BN_BITS!=32 */ 390#else /* BN_BITS!=32 */
338 return 0; 391 return 0;
@@ -364,6 +417,11 @@ int BN_nist_mod_256(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
364 *res; 417 *res;
365 size_t mask; 418 size_t mask;
366 419
420 field = &_bignum_nist_p_256; /* just to make sure */
421
422 if (BN_is_negative(a) || a->top > 2*BN_NIST_256_TOP)
423 return BN_nnmod(r, field, a, ctx);
424
367 i = BN_ucmp(field, a); 425 i = BN_ucmp(field, a);
368 if (i == 0) 426 if (i == 0)
369 { 427 {
@@ -373,9 +431,6 @@ int BN_nist_mod_256(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
373 else if (i > 0) 431 else if (i > 0)
374 return (r == a)? 1 : (BN_copy(r ,a) != NULL); 432 return (r == a)? 1 : (BN_copy(r ,a) != NULL);
375 433
376 if (top == BN_NIST_256_TOP)
377 return BN_usub(r, a, field);
378
379 if (r != a) 434 if (r != a)
380 { 435 {
381 if (!bn_wexpand(r, BN_NIST_256_TOP)) 436 if (!bn_wexpand(r, BN_NIST_256_TOP))
@@ -470,6 +525,11 @@ int BN_nist_mod_256(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
470 r->top = BN_NIST_256_TOP; 525 r->top = BN_NIST_256_TOP;
471 bn_correct_top(r); 526 bn_correct_top(r);
472 527
528 if (BN_ucmp(field, r) <= 0)
529 {
530 if (!BN_usub(r, r, field)) return 0;
531 }
532
473 return 1; 533 return 1;
474#else /* BN_BITS!=32 */ 534#else /* BN_BITS!=32 */
475 return 0; 535 return 0;
@@ -505,6 +565,11 @@ int BN_nist_mod_384(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
505 *res; 565 *res;
506 size_t mask; 566 size_t mask;
507 567
568 field = &_bignum_nist_p_384; /* just to make sure */
569
570 if (BN_is_negative(a) || a->top > 2*BN_NIST_384_TOP)
571 return BN_nnmod(r, field, a, ctx);
572
508 i = BN_ucmp(field, a); 573 i = BN_ucmp(field, a);
509 if (i == 0) 574 if (i == 0)
510 { 575 {
@@ -514,9 +579,6 @@ int BN_nist_mod_384(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
514 else if (i > 0) 579 else if (i > 0)
515 return (r == a)? 1 : (BN_copy(r ,a) != NULL); 580 return (r == a)? 1 : (BN_copy(r ,a) != NULL);
516 581
517 if (top == BN_NIST_384_TOP)
518 return BN_usub(r, a, field);
519
520 if (r != a) 582 if (r != a)
521 { 583 {
522 if (!bn_wexpand(r, BN_NIST_384_TOP)) 584 if (!bn_wexpand(r, BN_NIST_384_TOP))
@@ -631,6 +693,11 @@ int BN_nist_mod_384(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
631 r->top = BN_NIST_384_TOP; 693 r->top = BN_NIST_384_TOP;
632 bn_correct_top(r); 694 bn_correct_top(r);
633 695
696 if (BN_ucmp(field, r) <= 0)
697 {
698 if (!BN_usub(r, r, field)) return 0;
699 }
700
634 return 1; 701 return 1;
635#else /* BN_BITS!=32 */ 702#else /* BN_BITS!=32 */
636 return 0; 703 return 0;
@@ -646,14 +713,35 @@ int BN_nist_mod_521(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
646#define BN_NIST_521_TOP_MASK (BN_ULONG)0x1FF 713#define BN_NIST_521_TOP_MASK (BN_ULONG)0x1FF
647#endif 714#endif
648 int top, ret = 0; 715 int top, ret = 0;
649 BN_ULONG *r_d;
650 BIGNUM *tmp; 716 BIGNUM *tmp;
651 717
718 field = &_bignum_nist_p_521; /* just to make sure */
719
720 if (BN_is_negative(a))
721 return BN_nnmod(r, field, a, ctx);
722
652 /* check whether a reduction is necessary */ 723 /* check whether a reduction is necessary */
653 top = a->top; 724 top = a->top;
654 if (top < BN_NIST_521_TOP || ( top == BN_NIST_521_TOP && 725 if (top < BN_NIST_521_TOP || ( top == BN_NIST_521_TOP &&
655 (!(a->d[BN_NIST_521_TOP-1] & ~(BN_NIST_521_TOP_MASK))))) 726 (!(a->d[BN_NIST_521_TOP-1] & ~(BN_NIST_521_TOP_MASK)))))
656 return (r == a)? 1 : (BN_copy(r ,a) != NULL); 727 {
728 int i = BN_ucmp(field, a);
729 if (i == 0)
730 {
731 BN_zero(r);
732 return 1;
733 }
734 else
735 {
736#ifdef BN_DEBUG
737 OPENSSL_assert(i > 0); /* because 'field' is 1111...1111 */
738#endif
739 return (r == a)? 1 : (BN_copy(r ,a) != NULL);
740 }
741 }
742
743 if (BN_num_bits(a) > 2*521)
744 return BN_nnmod(r, field, a, ctx);
657 745
658 BN_CTX_start(ctx); 746 BN_CTX_start(ctx);
659 tmp = BN_CTX_get(ctx); 747 tmp = BN_CTX_get(ctx);
@@ -673,15 +761,11 @@ int BN_nist_mod_521(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
673 761
674 if (!BN_uadd(r, tmp, r)) 762 if (!BN_uadd(r, tmp, r))
675 goto err; 763 goto err;
676 top = r->top; 764
677 r_d = r->d; 765 if (BN_ucmp(field, r) <= 0)
678 if (top == BN_NIST_521_TOP &&
679 (r_d[BN_NIST_521_TOP-1] & ~(BN_NIST_521_TOP_MASK)))
680 { 766 {
681 BN_NIST_ADD_ONE(r_d) 767 if (!BN_usub(r, r, field)) goto err;
682 r->d[BN_NIST_521_TOP-1] &= BN_NIST_521_TOP_MASK;
683 } 768 }
684 bn_correct_top(r);
685 769
686 ret = 1; 770 ret = 1;
687err: 771err:
diff --git a/src/lib/libssl/src/crypto/cms/cms_smime.c b/src/lib/libssl/src/crypto/cms/cms_smime.c
index f79c504e91..b35d28d411 100644
--- a/src/lib/libssl/src/crypto/cms/cms_smime.c
+++ b/src/lib/libssl/src/crypto/cms/cms_smime.c
@@ -89,11 +89,13 @@ static int cms_copy_content(BIO *out, BIO *in, unsigned int flags)
89 if (!BIO_get_cipher_status(in)) 89 if (!BIO_get_cipher_status(in))
90 goto err; 90 goto err;
91 } 91 }
92 if (i < 0)
93 goto err;
92 break; 94 break;
93 } 95 }
94 96
95 if (tmpout) 97 if (tmpout && (BIO_write(tmpout, buf, i) != i))
96 BIO_write(tmpout, buf, i); 98 goto err;
97 } 99 }
98 100
99 if(flags & CMS_TEXT) 101 if(flags & CMS_TEXT)
diff --git a/src/lib/libssl/src/crypto/cryptlib.h b/src/lib/libssl/src/crypto/cryptlib.h
index 5ceaa964b5..fc249c57f3 100644
--- a/src/lib/libssl/src/crypto/cryptlib.h
+++ b/src/lib/libssl/src/crypto/cryptlib.h
@@ -103,7 +103,6 @@ extern unsigned long OPENSSL_ia32cap_P;
103void OPENSSL_showfatal(const char *,...); 103void OPENSSL_showfatal(const char *,...);
104void *OPENSSL_stderr(void); 104void *OPENSSL_stderr(void);
105extern int OPENSSL_NONPIC_relocated; 105extern int OPENSSL_NONPIC_relocated;
106int OPENSSL_isservice(void);
107 106
108#ifdef __cplusplus 107#ifdef __cplusplus
109} 108}
diff --git a/src/lib/libssl/src/crypto/crypto.h b/src/lib/libssl/src/crypto/crypto.h
index d2b5ffe332..fe2c1d6403 100644
--- a/src/lib/libssl/src/crypto/crypto.h
+++ b/src/lib/libssl/src/crypto/crypto.h
@@ -521,6 +521,7 @@ void OpenSSLDie(const char *file,int line,const char *assertion);
521 521
522unsigned long *OPENSSL_ia32cap_loc(void); 522unsigned long *OPENSSL_ia32cap_loc(void);
523#define OPENSSL_ia32cap (*(OPENSSL_ia32cap_loc())) 523#define OPENSSL_ia32cap (*(OPENSSL_ia32cap_loc()))
524int OPENSSL_isservice(void);
524 525
525/* BEGIN ERROR CODES */ 526/* BEGIN ERROR CODES */
526/* The following lines are auto generated by the script mkerr.pl. Any changes 527/* The following lines are auto generated by the script mkerr.pl. Any changes
diff --git a/src/lib/libssl/src/crypto/dh/Makefile b/src/lib/libssl/src/crypto/dh/Makefile
index d368e33b4c..950cad9c5b 100644
--- a/src/lib/libssl/src/crypto/dh/Makefile
+++ b/src/lib/libssl/src/crypto/dh/Makefile
@@ -123,11 +123,17 @@ dh_key.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
123dh_key.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h 123dh_key.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h
124dh_key.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h 124dh_key.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
125dh_key.o: ../../include/openssl/symhacks.h ../cryptlib.h dh_key.c 125dh_key.o: ../../include/openssl/symhacks.h ../cryptlib.h dh_key.c
126dh_lib.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h 126dh_lib.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
127dh_lib.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h 127dh_lib.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
128dh_lib.o: ../../include/openssl/dh.h ../../include/openssl/e_os2.h 128dh_lib.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
129dh_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
130dh_lib.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
129dh_lib.o: ../../include/openssl/engine.h ../../include/openssl/err.h 131dh_lib.o: ../../include/openssl/engine.h ../../include/openssl/err.h
130dh_lib.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h 132dh_lib.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
131dh_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h 133dh_lib.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
132dh_lib.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h 134dh_lib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
133dh_lib.o: ../../include/openssl/symhacks.h ../cryptlib.h dh_lib.c 135dh_lib.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
136dh_lib.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
137dh_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
138dh_lib.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
139dh_lib.o: ../cryptlib.h dh_lib.c
diff --git a/src/lib/libssl/src/crypto/dsa/Makefile b/src/lib/libssl/src/crypto/dsa/Makefile
index 676baf7d49..5493f19e85 100644
--- a/src/lib/libssl/src/crypto/dsa/Makefile
+++ b/src/lib/libssl/src/crypto/dsa/Makefile
@@ -126,11 +126,16 @@ dsa_lib.o: ../../e_os.h ../../include/openssl/asn1.h
126dsa_lib.o: ../../include/openssl/bio.h ../../include/openssl/bn.h 126dsa_lib.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
127dsa_lib.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h 127dsa_lib.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
128dsa_lib.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h 128dsa_lib.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
129dsa_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h 129dsa_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
130dsa_lib.o: ../../include/openssl/err.h ../../include/openssl/lhash.h 130dsa_lib.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
131dsa_lib.o: ../../include/openssl/engine.h ../../include/openssl/err.h
132dsa_lib.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
133dsa_lib.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
131dsa_lib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h 134dsa_lib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
132dsa_lib.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h 135dsa_lib.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
136dsa_lib.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
133dsa_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h 137dsa_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
138dsa_lib.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
134dsa_lib.o: ../cryptlib.h dsa_lib.c 139dsa_lib.o: ../cryptlib.h dsa_lib.c
135dsa_ossl.o: ../../e_os.h ../../include/openssl/asn1.h 140dsa_ossl.o: ../../e_os.h ../../include/openssl/asn1.h
136dsa_ossl.o: ../../include/openssl/bio.h ../../include/openssl/bn.h 141dsa_ossl.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
diff --git a/src/lib/libssl/src/crypto/ecdh/Makefile b/src/lib/libssl/src/crypto/ecdh/Makefile
index 95aa69fea5..65d8904ee8 100644
--- a/src/lib/libssl/src/crypto/ecdh/Makefile
+++ b/src/lib/libssl/src/crypto/ecdh/Makefile
@@ -84,20 +84,30 @@ ech_err.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
84ech_err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h 84ech_err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
85ech_err.o: ech_err.c 85ech_err.o: ech_err.c
86ech_key.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h 86ech_key.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
87ech_key.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h 87ech_key.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
88ech_key.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h 88ech_key.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
89ech_key.o: ../../include/openssl/engine.h ../../include/openssl/opensslconf.h 89ech_key.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
90ech_key.o: ../../include/openssl/engine.h ../../include/openssl/evp.h
91ech_key.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
92ech_key.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
90ech_key.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h 93ech_key.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
91ech_key.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h 94ech_key.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
92ech_key.o: ../../include/openssl/symhacks.h ech_key.c ech_locl.h 95ech_key.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
96ech_key.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
97ech_key.o: ../../include/openssl/x509_vfy.h ech_key.c ech_locl.h
93ech_lib.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h 98ech_lib.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
94ech_lib.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h 99ech_lib.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
95ech_lib.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h 100ech_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
101ech_lib.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
96ech_lib.o: ../../include/openssl/engine.h ../../include/openssl/err.h 102ech_lib.o: ../../include/openssl/engine.h ../../include/openssl/err.h
97ech_lib.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h 103ech_lib.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
98ech_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h 104ech_lib.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
99ech_lib.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h 105ech_lib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
100ech_lib.o: ../../include/openssl/symhacks.h ech_lib.c ech_locl.h 106ech_lib.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
107ech_lib.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
108ech_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
109ech_lib.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
110ech_lib.o: ech_lib.c ech_locl.h
101ech_ossl.o: ../../e_os.h ../../include/openssl/asn1.h 111ech_ossl.o: ../../e_os.h ../../include/openssl/asn1.h
102ech_ossl.o: ../../include/openssl/bio.h ../../include/openssl/bn.h 112ech_ossl.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
103ech_ossl.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h 113ech_ossl.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
diff --git a/src/lib/libssl/src/crypto/ecdsa/Makefile b/src/lib/libssl/src/crypto/ecdsa/Makefile
index 16a93cd3ae..9b48d5641f 100644
--- a/src/lib/libssl/src/crypto/ecdsa/Makefile
+++ b/src/lib/libssl/src/crypto/ecdsa/Makefile
@@ -92,14 +92,18 @@ ecs_err.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
92ecs_err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h 92ecs_err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
93ecs_err.o: ecs_err.c 93ecs_err.o: ecs_err.c
94ecs_lib.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h 94ecs_lib.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
95ecs_lib.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h 95ecs_lib.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
96ecs_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h 96ecs_lib.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
97ecs_lib.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
97ecs_lib.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h 98ecs_lib.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h
98ecs_lib.o: ../../include/openssl/err.h ../../include/openssl/lhash.h 99ecs_lib.o: ../../include/openssl/err.h ../../include/openssl/evp.h
99ecs_lib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h 100ecs_lib.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
100ecs_lib.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h 101ecs_lib.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
101ecs_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h 102ecs_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
102ecs_lib.o: ecs_lib.c ecs_locl.h 103ecs_lib.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
104ecs_lib.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
105ecs_lib.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
106ecs_lib.o: ../../include/openssl/x509_vfy.h ecs_lib.c ecs_locl.h
103ecs_ossl.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h 107ecs_ossl.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
104ecs_ossl.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h 108ecs_ossl.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h
105ecs_ossl.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h 109ecs_ossl.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
@@ -110,16 +114,26 @@ ecs_ossl.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
110ecs_ossl.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h 114ecs_ossl.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
111ecs_ossl.o: ../../include/openssl/symhacks.h ecs_locl.h ecs_ossl.c 115ecs_ossl.o: ../../include/openssl/symhacks.h ecs_locl.h ecs_ossl.c
112ecs_sign.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h 116ecs_sign.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
113ecs_sign.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h 117ecs_sign.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
114ecs_sign.o: ../../include/openssl/ec.h ../../include/openssl/ecdsa.h 118ecs_sign.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
115ecs_sign.o: ../../include/openssl/engine.h ../../include/openssl/opensslconf.h 119ecs_sign.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
120ecs_sign.o: ../../include/openssl/engine.h ../../include/openssl/evp.h
121ecs_sign.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
122ecs_sign.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
116ecs_sign.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h 123ecs_sign.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
117ecs_sign.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h 124ecs_sign.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
118ecs_sign.o: ../../include/openssl/symhacks.h ecs_locl.h ecs_sign.c 125ecs_sign.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
126ecs_sign.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
127ecs_sign.o: ../../include/openssl/x509_vfy.h ecs_locl.h ecs_sign.c
119ecs_vrf.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h 128ecs_vrf.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
120ecs_vrf.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h 129ecs_vrf.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
121ecs_vrf.o: ../../include/openssl/ec.h ../../include/openssl/ecdsa.h 130ecs_vrf.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
122ecs_vrf.o: ../../include/openssl/engine.h ../../include/openssl/opensslconf.h 131ecs_vrf.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
132ecs_vrf.o: ../../include/openssl/engine.h ../../include/openssl/evp.h
133ecs_vrf.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
134ecs_vrf.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
123ecs_vrf.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h 135ecs_vrf.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
124ecs_vrf.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h 136ecs_vrf.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
125ecs_vrf.o: ../../include/openssl/symhacks.h ecs_locl.h ecs_vrf.c 137ecs_vrf.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
138ecs_vrf.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
139ecs_vrf.o: ../../include/openssl/x509_vfy.h ecs_locl.h ecs_vrf.c
diff --git a/src/lib/libssl/src/crypto/engine/Makefile b/src/lib/libssl/src/crypto/engine/Makefile
index 13f211a0ae..47cc619b8a 100644
--- a/src/lib/libssl/src/crypto/engine/Makefile
+++ b/src/lib/libssl/src/crypto/engine/Makefile
@@ -82,88 +82,142 @@ clean:
82 82
83# DO NOT DELETE THIS LINE -- make depend depends on it. 83# DO NOT DELETE THIS LINE -- make depend depends on it.
84 84
85eng_all.o: ../../e_os.h ../../include/openssl/bio.h 85eng_all.o: ../../e_os.h ../../include/openssl/asn1.h
86eng_all.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h 86eng_all.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
87eng_all.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h 87eng_all.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
88eng_all.o: ../../include/openssl/err.h ../../include/openssl/lhash.h 88eng_all.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
89eng_all.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h 89eng_all.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h
90eng_all.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h 90eng_all.o: ../../include/openssl/err.h ../../include/openssl/evp.h
91eng_all.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h 91eng_all.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
92eng_all.o: ../cryptlib.h eng_all.c eng_int.h 92eng_all.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
93eng_cnf.o: ../../e_os.h ../../include/openssl/bio.h 93eng_all.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
94eng_cnf.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h 94eng_all.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
95eng_cnf.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h 95eng_all.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
96eng_all.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
97eng_all.o: ../../include/openssl/x509_vfy.h ../cryptlib.h eng_all.c eng_int.h
98eng_cnf.o: ../../e_os.h ../../include/openssl/asn1.h
99eng_cnf.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
100eng_cnf.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
101eng_cnf.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
102eng_cnf.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
96eng_cnf.o: ../../include/openssl/engine.h ../../include/openssl/err.h 103eng_cnf.o: ../../include/openssl/engine.h ../../include/openssl/err.h
97eng_cnf.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h 104eng_cnf.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
98eng_cnf.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h 105eng_cnf.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
99eng_cnf.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h 106eng_cnf.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
100eng_cnf.o: ../../include/openssl/symhacks.h ../cryptlib.h eng_cnf.c eng_int.h 107eng_cnf.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
108eng_cnf.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
109eng_cnf.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
110eng_cnf.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
111eng_cnf.o: ../cryptlib.h eng_cnf.c eng_int.h
101eng_cryptodev.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h 112eng_cryptodev.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
102eng_cryptodev.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h 113eng_cryptodev.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
103eng_cryptodev.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h 114eng_cryptodev.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
104eng_cryptodev.o: ../../include/openssl/evp.h ../../include/openssl/obj_mac.h 115eng_cryptodev.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
116eng_cryptodev.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h
117eng_cryptodev.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
118eng_cryptodev.o: ../../include/openssl/obj_mac.h
105eng_cryptodev.o: ../../include/openssl/objects.h 119eng_cryptodev.o: ../../include/openssl/objects.h
106eng_cryptodev.o: ../../include/openssl/opensslconf.h 120eng_cryptodev.o: ../../include/openssl/opensslconf.h
107eng_cryptodev.o: ../../include/openssl/opensslv.h 121eng_cryptodev.o: ../../include/openssl/opensslv.h
108eng_cryptodev.o: ../../include/openssl/ossl_typ.h 122eng_cryptodev.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
109eng_cryptodev.o: ../../include/openssl/safestack.h 123eng_cryptodev.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
110eng_cryptodev.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h 124eng_cryptodev.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
125eng_cryptodev.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
111eng_cryptodev.o: eng_cryptodev.c 126eng_cryptodev.o: eng_cryptodev.c
112eng_ctrl.o: ../../e_os.h ../../include/openssl/bio.h 127eng_ctrl.o: ../../e_os.h ../../include/openssl/asn1.h
113eng_ctrl.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h 128eng_ctrl.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
114eng_ctrl.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h 129eng_ctrl.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
115eng_ctrl.o: ../../include/openssl/err.h ../../include/openssl/lhash.h 130eng_ctrl.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
116eng_ctrl.o: ../../include/openssl/opensslconf.h 131eng_ctrl.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h
132eng_ctrl.o: ../../include/openssl/err.h ../../include/openssl/evp.h
133eng_ctrl.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
134eng_ctrl.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
117eng_ctrl.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h 135eng_ctrl.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
118eng_ctrl.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h 136eng_ctrl.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
119eng_ctrl.o: ../../include/openssl/symhacks.h ../cryptlib.h eng_ctrl.c eng_int.h 137eng_ctrl.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
120eng_dyn.o: ../../e_os.h ../../include/openssl/bio.h 138eng_ctrl.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
121eng_dyn.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h 139eng_ctrl.o: ../../include/openssl/x509_vfy.h ../cryptlib.h eng_ctrl.c eng_int.h
122eng_dyn.o: ../../include/openssl/dso.h ../../include/openssl/e_os2.h 140eng_dyn.o: ../../e_os.h ../../include/openssl/asn1.h
141eng_dyn.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
142eng_dyn.o: ../../include/openssl/crypto.h ../../include/openssl/dso.h
143eng_dyn.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
144eng_dyn.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
123eng_dyn.o: ../../include/openssl/engine.h ../../include/openssl/err.h 145eng_dyn.o: ../../include/openssl/engine.h ../../include/openssl/err.h
124eng_dyn.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h 146eng_dyn.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
125eng_dyn.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h 147eng_dyn.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
126eng_dyn.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h 148eng_dyn.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
127eng_dyn.o: ../../include/openssl/symhacks.h ../cryptlib.h eng_dyn.c eng_int.h 149eng_dyn.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
128eng_err.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h 150eng_dyn.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
129eng_err.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h 151eng_dyn.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
130eng_err.o: ../../include/openssl/err.h ../../include/openssl/lhash.h 152eng_dyn.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
153eng_dyn.o: ../cryptlib.h eng_dyn.c eng_int.h
154eng_err.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
155eng_err.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
156eng_err.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
157eng_err.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
158eng_err.o: ../../include/openssl/engine.h ../../include/openssl/err.h
159eng_err.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
160eng_err.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
131eng_err.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h 161eng_err.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
132eng_err.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h 162eng_err.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
163eng_err.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
133eng_err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h 164eng_err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
165eng_err.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
134eng_err.o: eng_err.c 166eng_err.o: eng_err.c
135eng_fat.o: ../../e_os.h ../../include/openssl/bio.h 167eng_fat.o: ../../e_os.h ../../include/openssl/asn1.h
136eng_fat.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h 168eng_fat.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
137eng_fat.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h 169eng_fat.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
170eng_fat.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
171eng_fat.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
138eng_fat.o: ../../include/openssl/engine.h ../../include/openssl/err.h 172eng_fat.o: ../../include/openssl/engine.h ../../include/openssl/err.h
139eng_fat.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h 173eng_fat.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
140eng_fat.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h 174eng_fat.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
141eng_fat.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h 175eng_fat.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
142eng_fat.o: ../../include/openssl/symhacks.h ../cryptlib.h eng_fat.c eng_int.h 176eng_fat.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
143eng_init.o: ../../e_os.h ../../include/openssl/bio.h 177eng_fat.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
144eng_init.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h 178eng_fat.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
145eng_init.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h 179eng_fat.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
146eng_init.o: ../../include/openssl/err.h ../../include/openssl/lhash.h 180eng_fat.o: ../cryptlib.h eng_fat.c eng_int.h
147eng_init.o: ../../include/openssl/opensslconf.h 181eng_init.o: ../../e_os.h ../../include/openssl/asn1.h
182eng_init.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
183eng_init.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
184eng_init.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
185eng_init.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h
186eng_init.o: ../../include/openssl/err.h ../../include/openssl/evp.h
187eng_init.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
188eng_init.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
148eng_init.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h 189eng_init.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
149eng_init.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h 190eng_init.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
150eng_init.o: ../../include/openssl/symhacks.h ../cryptlib.h eng_init.c eng_int.h 191eng_init.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
151eng_lib.o: ../../e_os.h ../../include/openssl/bio.h 192eng_init.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
152eng_lib.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h 193eng_init.o: ../../include/openssl/x509_vfy.h ../cryptlib.h eng_init.c eng_int.h
153eng_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h 194eng_lib.o: ../../e_os.h ../../include/openssl/asn1.h
154eng_lib.o: ../../include/openssl/err.h ../../include/openssl/lhash.h 195eng_lib.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
155eng_lib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h 196eng_lib.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
156eng_lib.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h 197eng_lib.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
157eng_lib.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h 198eng_lib.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h
158eng_lib.o: ../../include/openssl/symhacks.h ../cryptlib.h eng_int.h eng_lib.c 199eng_lib.o: ../../include/openssl/err.h ../../include/openssl/evp.h
159eng_list.o: ../../e_os.h ../../include/openssl/bio.h 200eng_lib.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
160eng_list.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h 201eng_lib.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
161eng_list.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h 202eng_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
162eng_list.o: ../../include/openssl/err.h ../../include/openssl/lhash.h 203eng_lib.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
163eng_list.o: ../../include/openssl/opensslconf.h 204eng_lib.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
205eng_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
206eng_lib.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
207eng_lib.o: ../cryptlib.h eng_int.h eng_lib.c
208eng_list.o: ../../e_os.h ../../include/openssl/asn1.h
209eng_list.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
210eng_list.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
211eng_list.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
212eng_list.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h
213eng_list.o: ../../include/openssl/err.h ../../include/openssl/evp.h
214eng_list.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
215eng_list.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
164eng_list.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h 216eng_list.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
165eng_list.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h 217eng_list.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
166eng_list.o: ../../include/openssl/symhacks.h ../cryptlib.h eng_int.h eng_list.c 218eng_list.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
219eng_list.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
220eng_list.o: ../../include/openssl/x509_vfy.h ../cryptlib.h eng_int.h eng_list.c
167eng_openssl.o: ../../e_os.h ../../include/openssl/asn1.h 221eng_openssl.o: ../../e_os.h ../../include/openssl/asn1.h
168eng_openssl.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h 222eng_openssl.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
169eng_openssl.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h 223eng_openssl.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
@@ -183,106 +237,166 @@ eng_openssl.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
183eng_openssl.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h 237eng_openssl.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
184eng_openssl.o: ../../include/openssl/x509_vfy.h ../cryptlib.h eng_openssl.c 238eng_openssl.o: ../../include/openssl/x509_vfy.h ../cryptlib.h eng_openssl.c
185eng_padlock.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h 239eng_padlock.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
186eng_padlock.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h 240eng_padlock.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
187eng_padlock.o: ../../include/openssl/dso.h ../../include/openssl/e_os2.h 241eng_padlock.o: ../../include/openssl/crypto.h ../../include/openssl/dso.h
242eng_padlock.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
243eng_padlock.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
188eng_padlock.o: ../../include/openssl/engine.h ../../include/openssl/err.h 244eng_padlock.o: ../../include/openssl/engine.h ../../include/openssl/err.h
189eng_padlock.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h 245eng_padlock.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
190eng_padlock.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h 246eng_padlock.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
191eng_padlock.o: ../../include/openssl/opensslconf.h 247eng_padlock.o: ../../include/openssl/opensslconf.h
192eng_padlock.o: ../../include/openssl/opensslv.h 248eng_padlock.o: ../../include/openssl/opensslv.h
193eng_padlock.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h 249eng_padlock.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
194eng_padlock.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h 250eng_padlock.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
195eng_padlock.o: ../../include/openssl/symhacks.h eng_padlock.c 251eng_padlock.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
196eng_pkey.o: ../../e_os.h ../../include/openssl/bio.h 252eng_padlock.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
197eng_pkey.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h 253eng_padlock.o: ../../include/openssl/x509_vfy.h eng_padlock.c
198eng_pkey.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h 254eng_pkey.o: ../../e_os.h ../../include/openssl/asn1.h
199eng_pkey.o: ../../include/openssl/err.h ../../include/openssl/lhash.h 255eng_pkey.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
200eng_pkey.o: ../../include/openssl/opensslconf.h 256eng_pkey.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
257eng_pkey.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
258eng_pkey.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h
259eng_pkey.o: ../../include/openssl/err.h ../../include/openssl/evp.h
260eng_pkey.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
261eng_pkey.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
201eng_pkey.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h 262eng_pkey.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
202eng_pkey.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h 263eng_pkey.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
203eng_pkey.o: ../../include/openssl/symhacks.h ../cryptlib.h eng_int.h eng_pkey.c 264eng_pkey.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
265eng_pkey.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
266eng_pkey.o: ../../include/openssl/x509_vfy.h ../cryptlib.h eng_int.h eng_pkey.c
204eng_table.o: ../../e_os.h ../../include/openssl/asn1.h 267eng_table.o: ../../e_os.h ../../include/openssl/asn1.h
205eng_table.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h 268eng_table.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
206eng_table.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h 269eng_table.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
207eng_table.o: ../../include/openssl/engine.h ../../include/openssl/err.h 270eng_table.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
208eng_table.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h 271eng_table.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h
209eng_table.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h 272eng_table.o: ../../include/openssl/err.h ../../include/openssl/evp.h
273eng_table.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
274eng_table.o: ../../include/openssl/objects.h
210eng_table.o: ../../include/openssl/opensslconf.h 275eng_table.o: ../../include/openssl/opensslconf.h
211eng_table.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h 276eng_table.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
212eng_table.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h 277eng_table.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
213eng_table.o: ../../include/openssl/symhacks.h ../cryptlib.h eng_int.h 278eng_table.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
279eng_table.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
280eng_table.o: ../../include/openssl/x509_vfy.h ../cryptlib.h eng_int.h
214eng_table.o: eng_table.c 281eng_table.o: eng_table.c
215tb_cipher.o: ../../e_os.h ../../include/openssl/bio.h 282tb_cipher.o: ../../e_os.h ../../include/openssl/asn1.h
216tb_cipher.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h 283tb_cipher.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
217tb_cipher.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h 284tb_cipher.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
218tb_cipher.o: ../../include/openssl/err.h ../../include/openssl/lhash.h 285tb_cipher.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
286tb_cipher.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h
287tb_cipher.o: ../../include/openssl/err.h ../../include/openssl/evp.h
288tb_cipher.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
289tb_cipher.o: ../../include/openssl/objects.h
219tb_cipher.o: ../../include/openssl/opensslconf.h 290tb_cipher.o: ../../include/openssl/opensslconf.h
220tb_cipher.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h 291tb_cipher.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
221tb_cipher.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h 292tb_cipher.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
222tb_cipher.o: ../../include/openssl/symhacks.h ../cryptlib.h eng_int.h 293tb_cipher.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
294tb_cipher.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
295tb_cipher.o: ../../include/openssl/x509_vfy.h ../cryptlib.h eng_int.h
223tb_cipher.o: tb_cipher.c 296tb_cipher.o: tb_cipher.c
224tb_dh.o: ../../e_os.h ../../include/openssl/bio.h 297tb_dh.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
225tb_dh.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h 298tb_dh.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
226tb_dh.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h 299tb_dh.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
227tb_dh.o: ../../include/openssl/err.h ../../include/openssl/lhash.h 300tb_dh.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
301tb_dh.o: ../../include/openssl/engine.h ../../include/openssl/err.h
302tb_dh.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
303tb_dh.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
228tb_dh.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h 304tb_dh.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
229tb_dh.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h 305tb_dh.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
306tb_dh.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
230tb_dh.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h 307tb_dh.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
308tb_dh.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
231tb_dh.o: ../cryptlib.h eng_int.h tb_dh.c 309tb_dh.o: ../cryptlib.h eng_int.h tb_dh.c
232tb_digest.o: ../../e_os.h ../../include/openssl/bio.h 310tb_digest.o: ../../e_os.h ../../include/openssl/asn1.h
233tb_digest.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h 311tb_digest.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
234tb_digest.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h 312tb_digest.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
235tb_digest.o: ../../include/openssl/err.h ../../include/openssl/lhash.h 313tb_digest.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
314tb_digest.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h
315tb_digest.o: ../../include/openssl/err.h ../../include/openssl/evp.h
316tb_digest.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
317tb_digest.o: ../../include/openssl/objects.h
236tb_digest.o: ../../include/openssl/opensslconf.h 318tb_digest.o: ../../include/openssl/opensslconf.h
237tb_digest.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h 319tb_digest.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
238tb_digest.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h 320tb_digest.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
239tb_digest.o: ../../include/openssl/symhacks.h ../cryptlib.h eng_int.h 321tb_digest.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
322tb_digest.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
323tb_digest.o: ../../include/openssl/x509_vfy.h ../cryptlib.h eng_int.h
240tb_digest.o: tb_digest.c 324tb_digest.o: tb_digest.c
241tb_dsa.o: ../../e_os.h ../../include/openssl/bio.h 325tb_dsa.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
242tb_dsa.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h 326tb_dsa.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
243tb_dsa.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h 327tb_dsa.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
244tb_dsa.o: ../../include/openssl/err.h ../../include/openssl/lhash.h 328tb_dsa.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
329tb_dsa.o: ../../include/openssl/engine.h ../../include/openssl/err.h
330tb_dsa.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
331tb_dsa.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
245tb_dsa.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h 332tb_dsa.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
246tb_dsa.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h 333tb_dsa.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
334tb_dsa.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
247tb_dsa.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h 335tb_dsa.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
336tb_dsa.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
248tb_dsa.o: ../cryptlib.h eng_int.h tb_dsa.c 337tb_dsa.o: ../cryptlib.h eng_int.h tb_dsa.c
249tb_ecdh.o: ../../e_os.h ../../include/openssl/bio.h 338tb_ecdh.o: ../../e_os.h ../../include/openssl/asn1.h
250tb_ecdh.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h 339tb_ecdh.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
251tb_ecdh.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h 340tb_ecdh.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
252tb_ecdh.o: ../../include/openssl/err.h ../../include/openssl/lhash.h 341tb_ecdh.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
253tb_ecdh.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h 342tb_ecdh.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h
254tb_ecdh.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h 343tb_ecdh.o: ../../include/openssl/err.h ../../include/openssl/evp.h
255tb_ecdh.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h 344tb_ecdh.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
256tb_ecdh.o: ../cryptlib.h eng_int.h tb_ecdh.c 345tb_ecdh.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
257tb_ecdsa.o: ../../e_os.h ../../include/openssl/bio.h 346tb_ecdh.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
258tb_ecdsa.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h 347tb_ecdh.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
259tb_ecdsa.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h 348tb_ecdh.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
260tb_ecdsa.o: ../../include/openssl/err.h ../../include/openssl/lhash.h 349tb_ecdh.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
261tb_ecdsa.o: ../../include/openssl/opensslconf.h 350tb_ecdh.o: ../../include/openssl/x509_vfy.h ../cryptlib.h eng_int.h tb_ecdh.c
351tb_ecdsa.o: ../../e_os.h ../../include/openssl/asn1.h
352tb_ecdsa.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
353tb_ecdsa.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
354tb_ecdsa.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
355tb_ecdsa.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h
356tb_ecdsa.o: ../../include/openssl/err.h ../../include/openssl/evp.h
357tb_ecdsa.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
358tb_ecdsa.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
262tb_ecdsa.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h 359tb_ecdsa.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
263tb_ecdsa.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h 360tb_ecdsa.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
264tb_ecdsa.o: ../../include/openssl/symhacks.h ../cryptlib.h eng_int.h tb_ecdsa.c 361tb_ecdsa.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
265tb_rand.o: ../../e_os.h ../../include/openssl/bio.h 362tb_ecdsa.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
266tb_rand.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h 363tb_ecdsa.o: ../../include/openssl/x509_vfy.h ../cryptlib.h eng_int.h tb_ecdsa.c
267tb_rand.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h 364tb_rand.o: ../../e_os.h ../../include/openssl/asn1.h
268tb_rand.o: ../../include/openssl/err.h ../../include/openssl/lhash.h 365tb_rand.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
269tb_rand.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h 366tb_rand.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
270tb_rand.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h 367tb_rand.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
271tb_rand.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h 368tb_rand.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h
272tb_rand.o: ../cryptlib.h eng_int.h tb_rand.c 369tb_rand.o: ../../include/openssl/err.h ../../include/openssl/evp.h
273tb_rsa.o: ../../e_os.h ../../include/openssl/bio.h 370tb_rand.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
371tb_rand.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
372tb_rand.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
373tb_rand.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
374tb_rand.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
375tb_rand.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
376tb_rand.o: ../../include/openssl/x509_vfy.h ../cryptlib.h eng_int.h tb_rand.c
377tb_rsa.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
274tb_rsa.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h 378tb_rsa.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
275tb_rsa.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h 379tb_rsa.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
276tb_rsa.o: ../../include/openssl/err.h ../../include/openssl/lhash.h 380tb_rsa.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
381tb_rsa.o: ../../include/openssl/engine.h ../../include/openssl/err.h
382tb_rsa.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
383tb_rsa.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
277tb_rsa.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h 384tb_rsa.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
278tb_rsa.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h 385tb_rsa.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
386tb_rsa.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
279tb_rsa.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h 387tb_rsa.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
388tb_rsa.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
280tb_rsa.o: ../cryptlib.h eng_int.h tb_rsa.c 389tb_rsa.o: ../cryptlib.h eng_int.h tb_rsa.c
281tb_store.o: ../../e_os.h ../../include/openssl/bio.h 390tb_store.o: ../../e_os.h ../../include/openssl/asn1.h
282tb_store.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h 391tb_store.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
283tb_store.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h 392tb_store.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
284tb_store.o: ../../include/openssl/err.h ../../include/openssl/lhash.h 393tb_store.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
285tb_store.o: ../../include/openssl/opensslconf.h 394tb_store.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h
395tb_store.o: ../../include/openssl/err.h ../../include/openssl/evp.h
396tb_store.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
397tb_store.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
286tb_store.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h 398tb_store.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
287tb_store.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h 399tb_store.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
288tb_store.o: ../../include/openssl/symhacks.h ../cryptlib.h eng_int.h tb_store.c 400tb_store.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
401tb_store.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
402tb_store.o: ../../include/openssl/x509_vfy.h ../cryptlib.h eng_int.h tb_store.c
diff --git a/src/lib/libssl/src/crypto/engine/eng_all.c b/src/lib/libssl/src/crypto/engine/eng_all.c
index 8599046717..d29cd57dc2 100644
--- a/src/lib/libssl/src/crypto/engine/eng_all.c
+++ b/src/lib/libssl/src/crypto/engine/eng_all.c
@@ -107,6 +107,9 @@ void ENGINE_load_builtin_engines(void)
107#if defined(__OpenBSD__) || defined(__FreeBSD__) 107#if defined(__OpenBSD__) || defined(__FreeBSD__)
108 ENGINE_load_cryptodev(); 108 ENGINE_load_cryptodev();
109#endif 109#endif
110#if defined(OPENSSL_SYS_WIN32) && !defined(OPENSSL_NO_CAPIENG)
111 ENGINE_load_capi();
112#endif
110#endif 113#endif
111 } 114 }
112 115
diff --git a/src/lib/libssl/src/crypto/engine/eng_cnf.c b/src/lib/libssl/src/crypto/engine/eng_cnf.c
index a97e01e619..8417ddaaef 100644
--- a/src/lib/libssl/src/crypto/engine/eng_cnf.c
+++ b/src/lib/libssl/src/crypto/engine/eng_cnf.c
@@ -98,6 +98,8 @@ static int int_engine_configure(char *name, char *value, const CONF *cnf)
98 CONF_VALUE *ecmd; 98 CONF_VALUE *ecmd;
99 char *ctrlname, *ctrlvalue; 99 char *ctrlname, *ctrlvalue;
100 ENGINE *e = NULL; 100 ENGINE *e = NULL;
101 int soft = 0;
102
101 name = skip_dot(name); 103 name = skip_dot(name);
102#ifdef ENGINE_CONF_DEBUG 104#ifdef ENGINE_CONF_DEBUG
103 fprintf(stderr, "Configuring engine %s\n", name); 105 fprintf(stderr, "Configuring engine %s\n", name);
@@ -125,6 +127,8 @@ static int int_engine_configure(char *name, char *value, const CONF *cnf)
125 /* Override engine name to use */ 127 /* Override engine name to use */
126 if (!strcmp(ctrlname, "engine_id")) 128 if (!strcmp(ctrlname, "engine_id"))
127 name = ctrlvalue; 129 name = ctrlvalue;
130 else if (!strcmp(ctrlname, "soft_load"))
131 soft = 1;
128 /* Load a dynamic ENGINE */ 132 /* Load a dynamic ENGINE */
129 else if (!strcmp(ctrlname, "dynamic_path")) 133 else if (!strcmp(ctrlname, "dynamic_path"))
130 { 134 {
@@ -147,6 +151,11 @@ static int int_engine_configure(char *name, char *value, const CONF *cnf)
147 if (!e) 151 if (!e)
148 { 152 {
149 e = ENGINE_by_id(name); 153 e = ENGINE_by_id(name);
154 if (!e && soft)
155 {
156 ERR_clear_error();
157 return 1;
158 }
150 if (!e) 159 if (!e)
151 return 0; 160 return 0;
152 } 161 }
diff --git a/src/lib/libssl/src/crypto/engine/eng_err.c b/src/lib/libssl/src/crypto/engine/eng_err.c
index 369f2e22d3..574ffbb5c0 100644
--- a/src/lib/libssl/src/crypto/engine/eng_err.c
+++ b/src/lib/libssl/src/crypto/engine/eng_err.c
@@ -1,6 +1,6 @@
1/* crypto/engine/eng_err.c */ 1/* crypto/engine/eng_err.c */
2/* ==================================================================== 2/* ====================================================================
3 * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved. 3 * Copyright (c) 1999-2008 The OpenSSL Project. All rights reserved.
4 * 4 *
5 * Redistribution and use in source and binary forms, with or without 5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions 6 * modification, are permitted provided that the following conditions
@@ -92,6 +92,7 @@ static ERR_STRING_DATA ENGINE_str_functs[]=
92{ERR_FUNC(ENGINE_F_ENGINE_LIST_REMOVE), "ENGINE_LIST_REMOVE"}, 92{ERR_FUNC(ENGINE_F_ENGINE_LIST_REMOVE), "ENGINE_LIST_REMOVE"},
93{ERR_FUNC(ENGINE_F_ENGINE_LOAD_PRIVATE_KEY), "ENGINE_load_private_key"}, 93{ERR_FUNC(ENGINE_F_ENGINE_LOAD_PRIVATE_KEY), "ENGINE_load_private_key"},
94{ERR_FUNC(ENGINE_F_ENGINE_LOAD_PUBLIC_KEY), "ENGINE_load_public_key"}, 94{ERR_FUNC(ENGINE_F_ENGINE_LOAD_PUBLIC_KEY), "ENGINE_load_public_key"},
95{ERR_FUNC(ENGINE_F_ENGINE_LOAD_SSL_CLIENT_CERT), "ENGINE_load_ssl_client_cert"},
95{ERR_FUNC(ENGINE_F_ENGINE_NEW), "ENGINE_new"}, 96{ERR_FUNC(ENGINE_F_ENGINE_NEW), "ENGINE_new"},
96{ERR_FUNC(ENGINE_F_ENGINE_REMOVE), "ENGINE_remove"}, 97{ERR_FUNC(ENGINE_F_ENGINE_REMOVE), "ENGINE_remove"},
97{ERR_FUNC(ENGINE_F_ENGINE_SET_DEFAULT_STRING), "ENGINE_set_default_string"}, 98{ERR_FUNC(ENGINE_F_ENGINE_SET_DEFAULT_STRING), "ENGINE_set_default_string"},
diff --git a/src/lib/libssl/src/crypto/engine/eng_int.h b/src/lib/libssl/src/crypto/engine/eng_int.h
index a5b1edebf4..a66f107a44 100644
--- a/src/lib/libssl/src/crypto/engine/eng_int.h
+++ b/src/lib/libssl/src/crypto/engine/eng_int.h
@@ -170,6 +170,8 @@ struct engine_st
170 ENGINE_LOAD_KEY_PTR load_privkey; 170 ENGINE_LOAD_KEY_PTR load_privkey;
171 ENGINE_LOAD_KEY_PTR load_pubkey; 171 ENGINE_LOAD_KEY_PTR load_pubkey;
172 172
173 ENGINE_SSL_CLIENT_CERT_PTR load_ssl_client_cert;
174
173 const ENGINE_CMD_DEFN *cmd_defns; 175 const ENGINE_CMD_DEFN *cmd_defns;
174 int flags; 176 int flags;
175 /* reference count on the structure itself */ 177 /* reference count on the structure itself */
diff --git a/src/lib/libssl/src/crypto/engine/eng_pkey.c b/src/lib/libssl/src/crypto/engine/eng_pkey.c
index bc8b21abec..1dfa2e3664 100644
--- a/src/lib/libssl/src/crypto/engine/eng_pkey.c
+++ b/src/lib/libssl/src/crypto/engine/eng_pkey.c
@@ -69,6 +69,13 @@ int ENGINE_set_load_pubkey_function(ENGINE *e, ENGINE_LOAD_KEY_PTR loadpub_f)
69 return 1; 69 return 1;
70 } 70 }
71 71
72int ENGINE_set_load_ssl_client_cert_function(ENGINE *e,
73 ENGINE_SSL_CLIENT_CERT_PTR loadssl_f)
74 {
75 e->load_ssl_client_cert = loadssl_f;
76 return 1;
77 }
78
72ENGINE_LOAD_KEY_PTR ENGINE_get_load_privkey_function(const ENGINE *e) 79ENGINE_LOAD_KEY_PTR ENGINE_get_load_privkey_function(const ENGINE *e)
73 { 80 {
74 return e->load_privkey; 81 return e->load_privkey;
@@ -79,6 +86,11 @@ ENGINE_LOAD_KEY_PTR ENGINE_get_load_pubkey_function(const ENGINE *e)
79 return e->load_pubkey; 86 return e->load_pubkey;
80 } 87 }
81 88
89ENGINE_SSL_CLIENT_CERT_PTR ENGINE_get_ssl_client_cert_function(const ENGINE *e)
90 {
91 return e->load_ssl_client_cert;
92 }
93
82/* API functions to load public/private keys */ 94/* API functions to load public/private keys */
83 95
84EVP_PKEY *ENGINE_load_private_key(ENGINE *e, const char *key_id, 96EVP_PKEY *ENGINE_load_private_key(ENGINE *e, const char *key_id,
@@ -152,3 +164,33 @@ EVP_PKEY *ENGINE_load_public_key(ENGINE *e, const char *key_id,
152 } 164 }
153 return pkey; 165 return pkey;
154 } 166 }
167
168int ENGINE_load_ssl_client_cert(ENGINE *e, SSL *s,
169 STACK_OF(X509_NAME) *ca_dn, X509 **pcert, EVP_PKEY **ppkey,
170 STACK_OF(X509) **pother, UI_METHOD *ui_method, void *callback_data)
171 {
172
173 if(e == NULL)
174 {
175 ENGINEerr(ENGINE_F_ENGINE_LOAD_SSL_CLIENT_CERT,
176 ERR_R_PASSED_NULL_PARAMETER);
177 return 0;
178 }
179 CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
180 if(e->funct_ref == 0)
181 {
182 CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
183 ENGINEerr(ENGINE_F_ENGINE_LOAD_SSL_CLIENT_CERT,
184 ENGINE_R_NOT_INITIALISED);
185 return 0;
186 }
187 CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
188 if (!e->load_ssl_client_cert)
189 {
190 ENGINEerr(ENGINE_F_ENGINE_LOAD_SSL_CLIENT_CERT,
191 ENGINE_R_NO_LOAD_FUNCTION);
192 return 0;
193 }
194 return e->load_ssl_client_cert(e, s, ca_dn, pcert, ppkey, pother,
195 ui_method, callback_data);
196 }
diff --git a/src/lib/libssl/src/crypto/engine/engine.h b/src/lib/libssl/src/crypto/engine/engine.h
index 3ec59338ff..f503595ece 100644
--- a/src/lib/libssl/src/crypto/engine/engine.h
+++ b/src/lib/libssl/src/crypto/engine/engine.h
@@ -93,6 +93,8 @@
93#include <openssl/err.h> 93#include <openssl/err.h>
94#endif 94#endif
95 95
96#include <openssl/x509.h>
97
96#include <openssl/ossl_typ.h> 98#include <openssl/ossl_typ.h>
97#include <openssl/symhacks.h> 99#include <openssl/symhacks.h>
98 100
@@ -278,6 +280,9 @@ typedef int (*ENGINE_CTRL_FUNC_PTR)(ENGINE *, int, long, void *, void (*f)(void)
278/* Generic load_key function pointer */ 280/* Generic load_key function pointer */
279typedef EVP_PKEY * (*ENGINE_LOAD_KEY_PTR)(ENGINE *, const char *, 281typedef EVP_PKEY * (*ENGINE_LOAD_KEY_PTR)(ENGINE *, const char *,
280 UI_METHOD *ui_method, void *callback_data); 282 UI_METHOD *ui_method, void *callback_data);
283typedef int (*ENGINE_SSL_CLIENT_CERT_PTR)(ENGINE *, SSL *ssl,
284 STACK_OF(X509_NAME) *ca_dn, X509 **pcert, EVP_PKEY **pkey,
285 STACK_OF(X509) **pother, UI_METHOD *ui_method, void *callback_data);
281/* These callback types are for an ENGINE's handler for cipher and digest logic. 286/* These callback types are for an ENGINE's handler for cipher and digest logic.
282 * These handlers have these prototypes; 287 * These handlers have these prototypes;
283 * int foo(ENGINE *e, const EVP_CIPHER **cipher, const int **nids, int nid); 288 * int foo(ENGINE *e, const EVP_CIPHER **cipher, const int **nids, int nid);
@@ -334,6 +339,9 @@ void ENGINE_load_ubsec(void);
334void ENGINE_load_cryptodev(void); 339void ENGINE_load_cryptodev(void);
335void ENGINE_load_padlock(void); 340void ENGINE_load_padlock(void);
336void ENGINE_load_builtin_engines(void); 341void ENGINE_load_builtin_engines(void);
342#ifndef OPENSSL_NO_CAPIENG
343void ENGINE_load_capi(void);
344#endif
337 345
338/* Get and set global flags (ENGINE_TABLE_FLAG_***) for the implementation 346/* Get and set global flags (ENGINE_TABLE_FLAG_***) for the implementation
339 * "registry" handling. */ 347 * "registry" handling. */
@@ -459,6 +467,8 @@ int ENGINE_set_finish_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR finish_f);
459int ENGINE_set_ctrl_function(ENGINE *e, ENGINE_CTRL_FUNC_PTR ctrl_f); 467int ENGINE_set_ctrl_function(ENGINE *e, ENGINE_CTRL_FUNC_PTR ctrl_f);
460int ENGINE_set_load_privkey_function(ENGINE *e, ENGINE_LOAD_KEY_PTR loadpriv_f); 468int ENGINE_set_load_privkey_function(ENGINE *e, ENGINE_LOAD_KEY_PTR loadpriv_f);
461int ENGINE_set_load_pubkey_function(ENGINE *e, ENGINE_LOAD_KEY_PTR loadpub_f); 469int ENGINE_set_load_pubkey_function(ENGINE *e, ENGINE_LOAD_KEY_PTR loadpub_f);
470int ENGINE_set_load_ssl_client_cert_function(ENGINE *e,
471 ENGINE_SSL_CLIENT_CERT_PTR loadssl_f);
462int ENGINE_set_ciphers(ENGINE *e, ENGINE_CIPHERS_PTR f); 472int ENGINE_set_ciphers(ENGINE *e, ENGINE_CIPHERS_PTR f);
463int ENGINE_set_digests(ENGINE *e, ENGINE_DIGESTS_PTR f); 473int ENGINE_set_digests(ENGINE *e, ENGINE_DIGESTS_PTR f);
464int ENGINE_set_flags(ENGINE *e, int flags); 474int ENGINE_set_flags(ENGINE *e, int flags);
@@ -494,6 +504,7 @@ ENGINE_GEN_INT_FUNC_PTR ENGINE_get_finish_function(const ENGINE *e);
494ENGINE_CTRL_FUNC_PTR ENGINE_get_ctrl_function(const ENGINE *e); 504ENGINE_CTRL_FUNC_PTR ENGINE_get_ctrl_function(const ENGINE *e);
495ENGINE_LOAD_KEY_PTR ENGINE_get_load_privkey_function(const ENGINE *e); 505ENGINE_LOAD_KEY_PTR ENGINE_get_load_privkey_function(const ENGINE *e);
496ENGINE_LOAD_KEY_PTR ENGINE_get_load_pubkey_function(const ENGINE *e); 506ENGINE_LOAD_KEY_PTR ENGINE_get_load_pubkey_function(const ENGINE *e);
507ENGINE_SSL_CLIENT_CERT_PTR ENGINE_get_ssl_client_cert_function(const ENGINE *e);
497ENGINE_CIPHERS_PTR ENGINE_get_ciphers(const ENGINE *e); 508ENGINE_CIPHERS_PTR ENGINE_get_ciphers(const ENGINE *e);
498ENGINE_DIGESTS_PTR ENGINE_get_digests(const ENGINE *e); 509ENGINE_DIGESTS_PTR ENGINE_get_digests(const ENGINE *e);
499const EVP_CIPHER *ENGINE_get_cipher(ENGINE *e, int nid); 510const EVP_CIPHER *ENGINE_get_cipher(ENGINE *e, int nid);
@@ -529,6 +540,10 @@ EVP_PKEY *ENGINE_load_private_key(ENGINE *e, const char *key_id,
529 UI_METHOD *ui_method, void *callback_data); 540 UI_METHOD *ui_method, void *callback_data);
530EVP_PKEY *ENGINE_load_public_key(ENGINE *e, const char *key_id, 541EVP_PKEY *ENGINE_load_public_key(ENGINE *e, const char *key_id,
531 UI_METHOD *ui_method, void *callback_data); 542 UI_METHOD *ui_method, void *callback_data);
543int ENGINE_load_ssl_client_cert(ENGINE *e, SSL *s,
544 STACK_OF(X509_NAME) *ca_dn, X509 **pcert, EVP_PKEY **ppkey,
545 STACK_OF(X509) **pother,
546 UI_METHOD *ui_method, void *callback_data);
532 547
533/* This returns a pointer for the current ENGINE structure that 548/* This returns a pointer for the current ENGINE structure that
534 * is (by default) performing any RSA operations. The value returned 549 * is (by default) performing any RSA operations. The value returned
@@ -723,6 +738,7 @@ void ERR_load_ENGINE_strings(void);
723#define ENGINE_F_ENGINE_LIST_REMOVE 121 738#define ENGINE_F_ENGINE_LIST_REMOVE 121
724#define ENGINE_F_ENGINE_LOAD_PRIVATE_KEY 150 739#define ENGINE_F_ENGINE_LOAD_PRIVATE_KEY 150
725#define ENGINE_F_ENGINE_LOAD_PUBLIC_KEY 151 740#define ENGINE_F_ENGINE_LOAD_PUBLIC_KEY 151
741#define ENGINE_F_ENGINE_LOAD_SSL_CLIENT_CERT 192
726#define ENGINE_F_ENGINE_NEW 122 742#define ENGINE_F_ENGINE_NEW 122
727#define ENGINE_F_ENGINE_REMOVE 123 743#define ENGINE_F_ENGINE_REMOVE 123
728#define ENGINE_F_ENGINE_SET_DEFAULT_STRING 189 744#define ENGINE_F_ENGINE_SET_DEFAULT_STRING 189
diff --git a/src/lib/libssl/src/crypto/err/err.c b/src/lib/libssl/src/crypto/err/err.c
index b6ff070e8f..7952e70ab0 100644
--- a/src/lib/libssl/src/crypto/err/err.c
+++ b/src/lib/libssl/src/crypto/err/err.c
@@ -149,6 +149,7 @@ static ERR_STRING_DATA ERR_str_libraries[]=
149{ERR_PACK(ERR_LIB_DSO,0,0) ,"DSO support routines"}, 149{ERR_PACK(ERR_LIB_DSO,0,0) ,"DSO support routines"},
150{ERR_PACK(ERR_LIB_ENGINE,0,0) ,"engine routines"}, 150{ERR_PACK(ERR_LIB_ENGINE,0,0) ,"engine routines"},
151{ERR_PACK(ERR_LIB_OCSP,0,0) ,"OCSP routines"}, 151{ERR_PACK(ERR_LIB_OCSP,0,0) ,"OCSP routines"},
152{ERR_PACK(ERR_LIB_FIPS,0,0) ,"FIPS routines"},
152{ERR_PACK(ERR_LIB_CMS,0,0) ,"CMS routines"}, 153{ERR_PACK(ERR_LIB_CMS,0,0) ,"CMS routines"},
153{0,NULL}, 154{0,NULL},
154 }; 155 };
diff --git a/src/lib/libssl/src/crypto/err/err.h b/src/lib/libssl/src/crypto/err/err.h
index bf28fce492..8d9f0da172 100644
--- a/src/lib/libssl/src/crypto/err/err.h
+++ b/src/lib/libssl/src/crypto/err/err.h
@@ -140,7 +140,8 @@ typedef struct err_state_st
140#define ERR_LIB_ECDSA 42 140#define ERR_LIB_ECDSA 42
141#define ERR_LIB_ECDH 43 141#define ERR_LIB_ECDH 43
142#define ERR_LIB_STORE 44 142#define ERR_LIB_STORE 44
143#define ERR_LIB_CMS 45 143#define ERR_LIB_FIPS 45
144#define ERR_LIB_CMS 46
144 145
145#define ERR_LIB_USER 128 146#define ERR_LIB_USER 128
146 147
@@ -172,6 +173,7 @@ typedef struct err_state_st
172#define ECDSAerr(f,r) ERR_PUT_error(ERR_LIB_ECDSA,(f),(r),__FILE__,__LINE__) 173#define ECDSAerr(f,r) ERR_PUT_error(ERR_LIB_ECDSA,(f),(r),__FILE__,__LINE__)
173#define ECDHerr(f,r) ERR_PUT_error(ERR_LIB_ECDH,(f),(r),__FILE__,__LINE__) 174#define ECDHerr(f,r) ERR_PUT_error(ERR_LIB_ECDH,(f),(r),__FILE__,__LINE__)
174#define STOREerr(f,r) ERR_PUT_error(ERR_LIB_STORE,(f),(r),__FILE__,__LINE__) 175#define STOREerr(f,r) ERR_PUT_error(ERR_LIB_STORE,(f),(r),__FILE__,__LINE__)
176#define FIPSerr(f,r) ERR_PUT_error(ERR_LIB_FIPS,(f),(r),__FILE__,__LINE__)
175#define CMSerr(f,r) ERR_PUT_error(ERR_LIB_CMS,(f),(r),__FILE__,__LINE__) 177#define CMSerr(f,r) ERR_PUT_error(ERR_LIB_CMS,(f),(r),__FILE__,__LINE__)
176 178
177/* Borland C seems too stupid to be able to shift and do longs in 179/* Borland C seems too stupid to be able to shift and do longs in
diff --git a/src/lib/libssl/src/crypto/evp/Makefile b/src/lib/libssl/src/crypto/evp/Makefile
index 8f2555c7e5..9de56dc03d 100644
--- a/src/lib/libssl/src/crypto/evp/Makefile
+++ b/src/lib/libssl/src/crypto/evp/Makefile
@@ -135,13 +135,17 @@ bio_ok.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
135bio_ok.o: ../../include/openssl/symhacks.h ../cryptlib.h bio_ok.c 135bio_ok.o: ../../include/openssl/symhacks.h ../cryptlib.h bio_ok.c
136c_all.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h 136c_all.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
137c_all.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h 137c_all.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
138c_all.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h 138c_all.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
139c_all.o: ../../include/openssl/err.h ../../include/openssl/evp.h 139c_all.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
140c_all.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h 140c_all.o: ../../include/openssl/engine.h ../../include/openssl/err.h
141c_all.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h 141c_all.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
142c_all.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h 142c_all.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
143c_all.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h 143c_all.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
144c_all.o: ../../include/openssl/symhacks.h ../cryptlib.h c_all.c 144c_all.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
145c_all.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
146c_all.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
147c_all.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
148c_all.o: ../cryptlib.h c_all.c
145c_allc.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h 149c_allc.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
146c_allc.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h 150c_allc.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
147c_allc.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h 151c_allc.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
@@ -170,13 +174,17 @@ c_alld.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
170c_alld.o: ../cryptlib.h c_alld.c 174c_alld.o: ../cryptlib.h c_alld.c
171digest.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h 175digest.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
172digest.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h 176digest.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
173digest.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h 177digest.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
174digest.o: ../../include/openssl/err.h ../../include/openssl/evp.h 178digest.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
175digest.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h 179digest.o: ../../include/openssl/engine.h ../../include/openssl/err.h
176digest.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h 180digest.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
177digest.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h 181digest.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
178digest.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h 182digest.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
179digest.o: ../../include/openssl/symhacks.h ../cryptlib.h digest.c 183digest.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
184digest.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
185digest.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
186digest.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
187digest.o: ../cryptlib.h digest.c
180e_aes.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h 188e_aes.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
181e_aes.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h 189e_aes.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h
182e_aes.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h 190e_aes.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
@@ -312,13 +320,17 @@ evp_acnf.o: ../../include/openssl/symhacks.h ../cryptlib.h evp_acnf.c
312evp_enc.o: ../../e_os.h ../../include/openssl/asn1.h 320evp_enc.o: ../../e_os.h ../../include/openssl/asn1.h
313evp_enc.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h 321evp_enc.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
314evp_enc.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h 322evp_enc.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
315evp_enc.o: ../../include/openssl/engine.h ../../include/openssl/err.h 323evp_enc.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
316evp_enc.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h 324evp_enc.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h
317evp_enc.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h 325evp_enc.o: ../../include/openssl/err.h ../../include/openssl/evp.h
318evp_enc.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h 326evp_enc.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
319evp_enc.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h 327evp_enc.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
320evp_enc.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h 328evp_enc.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
321evp_enc.o: ../../include/openssl/symhacks.h ../cryptlib.h evp_enc.c evp_locl.h 329evp_enc.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
330evp_enc.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
331evp_enc.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
332evp_enc.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
333evp_enc.o: ../cryptlib.h evp_enc.c evp_locl.h
322evp_err.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h 334evp_err.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
323evp_err.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h 335evp_err.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
324evp_err.o: ../../include/openssl/err.h ../../include/openssl/evp.h 336evp_err.o: ../../include/openssl/err.h ../../include/openssl/evp.h
diff --git a/src/lib/libssl/src/crypto/evp/evp.h b/src/lib/libssl/src/crypto/evp/evp.h
index c19d764c15..1aa2d6fb35 100644
--- a/src/lib/libssl/src/crypto/evp/evp.h
+++ b/src/lib/libssl/src/crypto/evp/evp.h
@@ -303,6 +303,8 @@ struct env_md_ctx_st
303 * cleaned */ 303 * cleaned */
304#define EVP_MD_CTX_FLAG_REUSE 0x0004 /* Don't free up ctx->md_data 304#define EVP_MD_CTX_FLAG_REUSE 0x0004 /* Don't free up ctx->md_data
305 * in EVP_MD_CTX_cleanup */ 305 * in EVP_MD_CTX_cleanup */
306#define EVP_MD_CTX_FLAG_NON_FIPS_ALLOW 0x0008 /* Allow use of non FIPS digest
307 * in FIPS mode */
306 308
307struct evp_cipher_st 309struct evp_cipher_st
308 { 310 {
diff --git a/src/lib/libssl/src/crypto/evp/evp_enc.c b/src/lib/libssl/src/crypto/evp/evp_enc.c
index a1904993bf..6e582c458d 100644
--- a/src/lib/libssl/src/crypto/evp/evp_enc.c
+++ b/src/lib/libssl/src/crypto/evp/evp_enc.c
@@ -279,7 +279,12 @@ int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
279 { 279 {
280 int i,j,bl; 280 int i,j,bl;
281 281
282 OPENSSL_assert(inl > 0); 282 if (inl <= 0)
283 {
284 *outl = 0;
285 return inl == 0;
286 }
287
283 if(ctx->buf_len == 0 && (inl&(ctx->block_mask)) == 0) 288 if(ctx->buf_len == 0 && (inl&(ctx->block_mask)) == 0)
284 { 289 {
285 if(ctx->cipher->do_cipher(ctx,out,in,inl)) 290 if(ctx->cipher->do_cipher(ctx,out,in,inl))
@@ -381,10 +386,10 @@ int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
381 int fix_len; 386 int fix_len;
382 unsigned int b; 387 unsigned int b;
383 388
384 if (inl == 0) 389 if (inl <= 0)
385 { 390 {
386 *outl=0; 391 *outl = 0;
387 return 1; 392 return inl == 0;
388 } 393 }
389 394
390 if (ctx->flags & EVP_CIPH_NO_PADDING) 395 if (ctx->flags & EVP_CIPH_NO_PADDING)
diff --git a/src/lib/libssl/src/crypto/hmac/hmac.c b/src/lib/libssl/src/crypto/hmac/hmac.c
index c45e001492..1d140f7adb 100644
--- a/src/lib/libssl/src/crypto/hmac/hmac.c
+++ b/src/lib/libssl/src/crypto/hmac/hmac.c
@@ -171,3 +171,10 @@ unsigned char *HMAC(const EVP_MD *evp_md, const void *key, int key_len,
171 return(md); 171 return(md);
172 } 172 }
173 173
174void HMAC_CTX_set_flags(HMAC_CTX *ctx, unsigned long flags)
175 {
176 EVP_MD_CTX_set_flags(&ctx->i_ctx, flags);
177 EVP_MD_CTX_set_flags(&ctx->o_ctx, flags);
178 EVP_MD_CTX_set_flags(&ctx->md_ctx, flags);
179 }
180
diff --git a/src/lib/libssl/src/crypto/hmac/hmac.h b/src/lib/libssl/src/crypto/hmac/hmac.h
index 719fc408ac..fc38ffb52b 100644
--- a/src/lib/libssl/src/crypto/hmac/hmac.h
+++ b/src/lib/libssl/src/crypto/hmac/hmac.h
@@ -100,6 +100,7 @@ unsigned char *HMAC(const EVP_MD *evp_md, const void *key, int key_len,
100 const unsigned char *d, size_t n, unsigned char *md, 100 const unsigned char *d, size_t n, unsigned char *md,
101 unsigned int *md_len); 101 unsigned int *md_len);
102 102
103void HMAC_CTX_set_flags(HMAC_CTX *ctx, unsigned long flags);
103 104
104#ifdef __cplusplus 105#ifdef __cplusplus
105} 106}
diff --git a/src/lib/libssl/src/crypto/md32_common.h b/src/lib/libssl/src/crypto/md32_common.h
index 089c450290..61bcd9786f 100644
--- a/src/lib/libssl/src/crypto/md32_common.h
+++ b/src/lib/libssl/src/crypto/md32_common.h
@@ -301,7 +301,7 @@ int HASH_UPDATE (HASH_CTX *c, const void *data_, size_t len)
301 { 301 {
302 p=(unsigned char *)c->data; 302 p=(unsigned char *)c->data;
303 303
304 if ((n+len) >= HASH_CBLOCK) 304 if (len >= HASH_CBLOCK || len+n >= HASH_CBLOCK)
305 { 305 {
306 memcpy (p+n,data,HASH_CBLOCK-n); 306 memcpy (p+n,data,HASH_CBLOCK-n);
307 HASH_BLOCK_DATA_ORDER (c,p,1); 307 HASH_BLOCK_DATA_ORDER (c,p,1);
diff --git a/src/lib/libssl/src/crypto/objects/obj_mac.num b/src/lib/libssl/src/crypto/objects/obj_mac.num
index 47815b1e4e..53c9cb0d6a 100644
--- a/src/lib/libssl/src/crypto/objects/obj_mac.num
+++ b/src/lib/libssl/src/crypto/objects/obj_mac.num
@@ -788,3 +788,69 @@ id_ct_asciiTextWithCRLF 787
788id_aes128_wrap 788 788id_aes128_wrap 788
789id_aes192_wrap 789 789id_aes192_wrap 789
790id_aes256_wrap 790 790id_aes256_wrap 790
791ecdsa_with_Recommended 791
792ecdsa_with_Specified 792
793ecdsa_with_SHA224 793
794ecdsa_with_SHA256 794
795ecdsa_with_SHA384 795
796ecdsa_with_SHA512 796
797hmacWithMD5 797
798hmacWithSHA224 798
799hmacWithSHA256 799
800hmacWithSHA384 800
801hmacWithSHA512 801
802dsa_with_SHA224 802
803dsa_with_SHA256 803
804whirlpool 804
805cryptopro 805
806cryptocom 806
807id_GostR3411_94_with_GostR3410_2001 807
808id_GostR3411_94_with_GostR3410_94 808
809id_GostR3411_94 809
810id_HMACGostR3411_94 810
811id_GostR3410_2001 811
812id_GostR3410_94 812
813id_Gost28147_89 813
814gost89_cnt 814
815id_Gost28147_89_MAC 815
816id_GostR3411_94_prf 816
817id_GostR3410_2001DH 817
818id_GostR3410_94DH 818
819id_Gost28147_89_CryptoPro_KeyMeshing 819
820id_Gost28147_89_None_KeyMeshing 820
821id_GostR3411_94_TestParamSet 821
822id_GostR3411_94_CryptoProParamSet 822
823id_Gost28147_89_TestParamSet 823
824id_Gost28147_89_CryptoPro_A_ParamSet 824
825id_Gost28147_89_CryptoPro_B_ParamSet 825
826id_Gost28147_89_CryptoPro_C_ParamSet 826
827id_Gost28147_89_CryptoPro_D_ParamSet 827
828id_Gost28147_89_CryptoPro_Oscar_1_1_ParamSet 828
829id_Gost28147_89_CryptoPro_Oscar_1_0_ParamSet 829
830id_Gost28147_89_CryptoPro_RIC_1_ParamSet 830
831id_GostR3410_94_TestParamSet 831
832id_GostR3410_94_CryptoPro_A_ParamSet 832
833id_GostR3410_94_CryptoPro_B_ParamSet 833
834id_GostR3410_94_CryptoPro_C_ParamSet 834
835id_GostR3410_94_CryptoPro_D_ParamSet 835
836id_GostR3410_94_CryptoPro_XchA_ParamSet 836
837id_GostR3410_94_CryptoPro_XchB_ParamSet 837
838id_GostR3410_94_CryptoPro_XchC_ParamSet 838
839id_GostR3410_2001_TestParamSet 839
840id_GostR3410_2001_CryptoPro_A_ParamSet 840
841id_GostR3410_2001_CryptoPro_B_ParamSet 841
842id_GostR3410_2001_CryptoPro_C_ParamSet 842
843id_GostR3410_2001_CryptoPro_XchA_ParamSet 843
844id_GostR3410_2001_CryptoPro_XchB_ParamSet 844
845id_GostR3410_94_a 845
846id_GostR3410_94_aBis 846
847id_GostR3410_94_b 847
848id_GostR3410_94_bBis 848
849id_Gost28147_89_cc 849
850id_GostR3410_94_cc 850
851id_GostR3410_2001_cc 851
852id_GostR3411_94_with_GostR3410_94_cc 852
853id_GostR3411_94_with_GostR3410_2001_cc 853
854id_GostR3410_2001_ParamSet_cc 854
855hmac 855
856LocalKeySet 856
diff --git a/src/lib/libssl/src/crypto/objects/objects.txt b/src/lib/libssl/src/crypto/objects/objects.txt
index 34c8d1d647..e009702e55 100644
--- a/src/lib/libssl/src/crypto/objects/objects.txt
+++ b/src/lib/libssl/src/crypto/objects/objects.txt
@@ -79,6 +79,12 @@ X9-62_primeCurve 7 : prime256v1
79!Alias id-ecSigType ansi-X9-62 4 79!Alias id-ecSigType ansi-X9-62 4
80!global 80!global
81X9-62_id-ecSigType 1 : ecdsa-with-SHA1 81X9-62_id-ecSigType 1 : ecdsa-with-SHA1
82X9-62_id-ecSigType 2 : ecdsa-with-Recommended
83X9-62_id-ecSigType 3 : ecdsa-with-Specified
84ecdsa-with-Specified 1 : ecdsa-with-SHA224
85ecdsa-with-Specified 2 : ecdsa-with-SHA256
86ecdsa-with-Specified 3 : ecdsa-with-SHA384
87ecdsa-with-Specified 4 : ecdsa-with-SHA512
82 88
83# SECG curve OIDs from "SEC 2: Recommended Elliptic Curve Domain Parameters" 89# SECG curve OIDs from "SEC 2: Recommended Elliptic Curve Domain Parameters"
84# (http://www.secg.org/) 90# (http://www.secg.org/)
@@ -313,6 +319,7 @@ pkcs9 20 : : friendlyName
313pkcs9 21 : : localKeyID 319pkcs9 21 : : localKeyID
314!Cname ms-csp-name 320!Cname ms-csp-name
3151 3 6 1 4 1 311 17 1 : CSPName : Microsoft CSP Name 3211 3 6 1 4 1 311 17 1 : CSPName : Microsoft CSP Name
3221 3 6 1 4 1 311 17 2 : LocalKeySet : Microsoft Local Key set
316!Alias certTypes pkcs9 22 323!Alias certTypes pkcs9 22
317certTypes 1 : : x509Certificate 324certTypes 1 : : x509Certificate
318certTypes 2 : : sdsiCertificate 325certTypes 2 : : sdsiCertificate
@@ -348,7 +355,15 @@ rsadsi 2 2 : MD2 : md2
348rsadsi 2 4 : MD4 : md4 355rsadsi 2 4 : MD4 : md4
349rsadsi 2 5 : MD5 : md5 356rsadsi 2 5 : MD5 : md5
350 : MD5-SHA1 : md5-sha1 357 : MD5-SHA1 : md5-sha1
358rsadsi 2 6 : : hmacWithMD5
351rsadsi 2 7 : : hmacWithSHA1 359rsadsi 2 7 : : hmacWithSHA1
360
361# From RFC4231
362rsadsi 2 8 : : hmacWithSHA224
363rsadsi 2 9 : : hmacWithSHA256
364rsadsi 2 10 : : hmacWithSHA384
365rsadsi 2 11 : : hmacWithSHA512
366
352rsadsi 3 2 : RC2-CBC : rc2-cbc 367rsadsi 3 2 : RC2-CBC : rc2-cbc
353 : RC2-ECB : rc2-ecb 368 : RC2-ECB : rc2-ecb
354!Cname rc2-cfb64 369!Cname rc2-cfb64
@@ -833,6 +848,11 @@ nist_hashalgs 2 : SHA384 : sha384
833nist_hashalgs 3 : SHA512 : sha512 848nist_hashalgs 3 : SHA512 : sha512
834nist_hashalgs 4 : SHA224 : sha224 849nist_hashalgs 4 : SHA224 : sha224
835 850
851# OIDs for dsa-with-sha224 and dsa-with-sha256
852!Alias dsa_with_sha2 nistAlgorithms 3
853dsa_with_sha2 1 : dsa_with_SHA224
854dsa_with_sha2 2 : dsa_with_SHA256
855
836# Hold instruction CRL entry extension 856# Hold instruction CRL entry extension
837!Cname hold-instruction-code 857!Cname hold-instruction-code
838id-ce 23 : holdInstructionCode : Hold Instruction Code 858id-ce 23 : holdInstructionCode : Hold Instruction Code
@@ -1070,13 +1090,93 @@ rsadsi 1 1 6 : rsaOAEPEncryptionSET
1070 : Oakley-EC2N-3 : ipsec3 1090 : Oakley-EC2N-3 : ipsec3
1071 : Oakley-EC2N-4 : ipsec4 1091 : Oakley-EC2N-4 : ipsec4
1072 1092
1093iso 0 10118 3 0 55 : whirlpool
1094
1095# GOST OIDs
1096
1097member-body 643 2 2 : cryptopro
1098member-body 643 2 9 : cryptocom
1099
1100cryptopro 3 : id-GostR3411-94-with-GostR3410-2001 : GOST R 34.11-94 with GOST R 34.10-2001
1101cryptopro 4 : id-GostR3411-94-with-GostR3410-94 : GOST R 34.11-94 with GOST R 34.10-94
1102!Cname id-GostR3411-94
1103cryptopro 9 : md_gost94 : GOST R 34.11-94
1104cryptopro 10 : id-HMACGostR3411-94 : HMAC GOST 34.11-94
1105!Cname id-GostR3410-2001
1106cryptopro 19 : gost2001 : GOST R 34.10-2001
1107!Cname id-GostR3410-94
1108cryptopro 20 : gost94 : GOST R 34.10-94
1109!Cname id-Gost28147-89
1110cryptopro 21 : gost89 : GOST 28147-89
1111 : gost89-cnt
1112!Cname id-Gost28147-89-MAC
1113cryptopro 22 : gost-mac : GOST 28147-89 MAC
1114!Cname id-GostR3411-94-prf
1115cryptopro 23 : prf-gostr3411-94 : GOST R 34.11-94 PRF
1116cryptopro 98 : id-GostR3410-2001DH : GOST R 34.10-2001 DH
1117cryptopro 99 : id-GostR3410-94DH : GOST R 34.10-94 DH
1118
1119cryptopro 14 1 : id-Gost28147-89-CryptoPro-KeyMeshing
1120cryptopro 14 0 : id-Gost28147-89-None-KeyMeshing
1121
1122# GOST parameter set OIDs
1123
1124cryptopro 30 0 : id-GostR3411-94-TestParamSet
1125cryptopro 30 1 : id-GostR3411-94-CryptoProParamSet
1126
1127cryptopro 31 0 : id-Gost28147-89-TestParamSet
1128cryptopro 31 1 : id-Gost28147-89-CryptoPro-A-ParamSet
1129cryptopro 31 2 : id-Gost28147-89-CryptoPro-B-ParamSet
1130cryptopro 31 3 : id-Gost28147-89-CryptoPro-C-ParamSet
1131cryptopro 31 4 : id-Gost28147-89-CryptoPro-D-ParamSet
1132cryptopro 31 5 : id-Gost28147-89-CryptoPro-Oscar-1-1-ParamSet
1133cryptopro 31 6 : id-Gost28147-89-CryptoPro-Oscar-1-0-ParamSet
1134cryptopro 31 7 : id-Gost28147-89-CryptoPro-RIC-1-ParamSet
1135
1136cryptopro 32 0 : id-GostR3410-94-TestParamSet
1137cryptopro 32 2 : id-GostR3410-94-CryptoPro-A-ParamSet
1138cryptopro 32 3 : id-GostR3410-94-CryptoPro-B-ParamSet
1139cryptopro 32 4 : id-GostR3410-94-CryptoPro-C-ParamSet
1140cryptopro 32 5 : id-GostR3410-94-CryptoPro-D-ParamSet
1141
1142cryptopro 33 1 : id-GostR3410-94-CryptoPro-XchA-ParamSet
1143cryptopro 33 2 : id-GostR3410-94-CryptoPro-XchB-ParamSet
1144cryptopro 33 3 : id-GostR3410-94-CryptoPro-XchC-ParamSet
1145
1146cryptopro 35 0 : id-GostR3410-2001-TestParamSet
1147cryptopro 35 1 : id-GostR3410-2001-CryptoPro-A-ParamSet
1148cryptopro 35 2 : id-GostR3410-2001-CryptoPro-B-ParamSet
1149cryptopro 35 3 : id-GostR3410-2001-CryptoPro-C-ParamSet
1150
1151cryptopro 36 0 : id-GostR3410-2001-CryptoPro-XchA-ParamSet
1152cryptopro 36 1 : id-GostR3410-2001-CryptoPro-XchB-ParamSet
1153
1154id-GostR3410-94 1 : id-GostR3410-94-a
1155id-GostR3410-94 2 : id-GostR3410-94-aBis
1156id-GostR3410-94 3 : id-GostR3410-94-b
1157id-GostR3410-94 4 : id-GostR3410-94-bBis
1158
1159# Cryptocom LTD GOST OIDs
1160
1161cryptocom 1 6 1 : id-Gost28147-89-cc : GOST 28147-89 Cryptocom ParamSet
1162!Cname id-GostR3410-94-cc
1163cryptocom 1 5 3 : gost94cc : GOST 34.10-94 Cryptocom
1164!Cname id-GostR3410-2001-cc
1165cryptocom 1 5 4 : gost2001cc : GOST 34.10-2001 Cryptocom
1166
1167cryptocom 1 3 3 : id-GostR3411-94-with-GostR3410-94-cc : GOST R 34.11-94 with GOST R 34.10-94 Cryptocom
1168cryptocom 1 3 4 : id-GostR3411-94-with-GostR3410-2001-cc : GOST R 34.11-94 with GOST R 34.10-2001 Cryptocom
1169
1170cryptocom 1 8 1 : id-GostR3410-2001-ParamSet-cc : GOST R 3410-2001 Parameter Set Cryptocom
1073 1171
1074# Definitions for Camellia cipher - CBC MODE 1172# Definitions for Camellia cipher - CBC MODE
1173
10751 2 392 200011 61 1 1 1 2 : CAMELLIA-128-CBC : camellia-128-cbc 11741 2 392 200011 61 1 1 1 2 : CAMELLIA-128-CBC : camellia-128-cbc
10761 2 392 200011 61 1 1 1 3 : CAMELLIA-192-CBC : camellia-192-cbc 11751 2 392 200011 61 1 1 1 3 : CAMELLIA-192-CBC : camellia-192-cbc
10771 2 392 200011 61 1 1 1 4 : CAMELLIA-256-CBC : camellia-256-cbc 11761 2 392 200011 61 1 1 1 4 : CAMELLIA-256-CBC : camellia-256-cbc
1078 1177
1079# Definitions for Camellia cipher - ECB, CFB, OFB MODE 1178# Definitions for Camellia cipher - ECB, CFB, OFB MODE
1179
1080!Alias ntt-ds 0 3 4401 5 1180!Alias ntt-ds 0 3 4401 5
1081!Alias camellia ntt-ds 3 1 9 1181!Alias camellia ntt-ds 3 1 9
1082 1182
@@ -1107,7 +1207,6 @@ camellia 44 : CAMELLIA-256-CFB : camellia-256-cfb
1107 : CAMELLIA-192-CFB8 : camellia-192-cfb8 1207 : CAMELLIA-192-CFB8 : camellia-192-cfb8
1108 : CAMELLIA-256-CFB8 : camellia-256-cfb8 1208 : CAMELLIA-256-CFB8 : camellia-256-cfb8
1109 1209
1110
1111# Definitions for SEED cipher - ECB, CBC, OFB mode 1210# Definitions for SEED cipher - ECB, CBC, OFB mode
1112 1211
1113member-body 410 200004 : KISA : kisa 1212member-body 410 200004 : KISA : kisa
@@ -1117,3 +1216,7 @@ kisa 1 4 : SEED-CBC : seed-cbc
1117kisa 1 5 : SEED-CFB : seed-cfb 1216kisa 1 5 : SEED-CFB : seed-cfb
1118!Cname seed-ofb128 1217!Cname seed-ofb128
1119kisa 1 6 : SEED-OFB : seed-ofb 1218kisa 1 6 : SEED-OFB : seed-ofb
1219
1220# There is no OID that just denotes "HMAC" oddly enough...
1221
1222 : HMAC : hmac
diff --git a/src/lib/libssl/src/crypto/opensslv.h b/src/lib/libssl/src/crypto/opensslv.h
index b308894f18..5bdd370ac9 100644
--- a/src/lib/libssl/src/crypto/opensslv.h
+++ b/src/lib/libssl/src/crypto/opensslv.h
@@ -25,11 +25,11 @@
25 * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for 25 * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for
26 * major minor fix final patch/beta) 26 * major minor fix final patch/beta)
27 */ 27 */
28#define OPENSSL_VERSION_NUMBER 0x0090808fL 28#define OPENSSL_VERSION_NUMBER 0x0090809fL
29#ifdef OPENSSL_FIPS 29#ifdef OPENSSL_FIPS
30#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.8h-fips 28 May 2008" 30#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.8i-fips 15 Sep 2008"
31#else 31#else
32#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.8h 28 May 2008" 32#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.8i 15 Sep 2008"
33#endif 33#endif
34#define OPENSSL_VERSION_PTEXT " part of " OPENSSL_VERSION_TEXT 34#define OPENSSL_VERSION_PTEXT " part of " OPENSSL_VERSION_TEXT
35 35
diff --git a/src/lib/libssl/src/crypto/ossl_typ.h b/src/lib/libssl/src/crypto/ossl_typ.h
index 345fb1dc4d..734200428f 100644
--- a/src/lib/libssl/src/crypto/ossl_typ.h
+++ b/src/lib/libssl/src/crypto/ossl_typ.h
@@ -140,6 +140,8 @@ typedef struct X509_crl_st X509_CRL;
140typedef struct X509_name_st X509_NAME; 140typedef struct X509_name_st X509_NAME;
141typedef struct x509_store_st X509_STORE; 141typedef struct x509_store_st X509_STORE;
142typedef struct x509_store_ctx_st X509_STORE_CTX; 142typedef struct x509_store_ctx_st X509_STORE_CTX;
143typedef struct ssl_st SSL;
144typedef struct ssl_ctx_st SSL_CTX;
143 145
144typedef struct v3_ext_ctx X509V3_CTX; 146typedef struct v3_ext_ctx X509V3_CTX;
145typedef struct conf_st CONF; 147typedef struct conf_st CONF;
diff --git a/src/lib/libssl/src/crypto/pkcs12/p12_crt.c b/src/lib/libssl/src/crypto/pkcs12/p12_crt.c
index dbafda17b6..9748256b6f 100644
--- a/src/lib/libssl/src/crypto/pkcs12/p12_crt.c
+++ b/src/lib/libssl/src/crypto/pkcs12/p12_crt.c
@@ -63,6 +63,19 @@
63 63
64static int pkcs12_add_bag(STACK_OF(PKCS12_SAFEBAG) **pbags, PKCS12_SAFEBAG *bag); 64static int pkcs12_add_bag(STACK_OF(PKCS12_SAFEBAG) **pbags, PKCS12_SAFEBAG *bag);
65 65
66static int copy_bag_attr(PKCS12_SAFEBAG *bag, EVP_PKEY *pkey, int nid)
67 {
68 int idx;
69 X509_ATTRIBUTE *attr;
70 idx = EVP_PKEY_get_attr_by_NID(pkey, nid, -1);
71 if (idx < 0)
72 return 1;
73 attr = EVP_PKEY_get_attr(pkey, idx);
74 if (!X509at_add1_attr(&bag->attrib, attr))
75 return 0;
76 return 1;
77 }
78
66PKCS12 *PKCS12_create(char *pass, char *name, EVP_PKEY *pkey, X509 *cert, 79PKCS12 *PKCS12_create(char *pass, char *name, EVP_PKEY *pkey, X509 *cert,
67 STACK_OF(X509) *ca, int nid_key, int nid_cert, int iter, int mac_iter, 80 STACK_OF(X509) *ca, int nid_key, int nid_cert, int iter, int mac_iter,
68 int keytype) 81 int keytype)
@@ -122,20 +135,15 @@ PKCS12 *PKCS12_create(char *pass, char *name, EVP_PKEY *pkey, X509 *cert,
122 135
123 if (pkey) 136 if (pkey)
124 { 137 {
125 int cspidx;
126 bag = PKCS12_add_key(&bags, pkey, keytype, iter, nid_key, pass); 138 bag = PKCS12_add_key(&bags, pkey, keytype, iter, nid_key, pass);
127 139
128 if (!bag) 140 if (!bag)
129 goto err; 141 goto err;
130 142
131 cspidx = EVP_PKEY_get_attr_by_NID(pkey, NID_ms_csp_name, -1); 143 if (!copy_bag_attr(bag, pkey, NID_ms_csp_name))
132 if (cspidx >= 0) 144 goto err;
133 { 145 if (!copy_bag_attr(bag, pkey, NID_LocalKeySet))
134 X509_ATTRIBUTE *cspattr; 146 goto err;
135 cspattr = EVP_PKEY_get_attr(pkey, cspidx);
136 if (!X509at_add1_attr(&bag->attrib, cspattr))
137 goto err;
138 }
139 147
140 if(name && !PKCS12_add_friendlyname(bag, name, -1)) 148 if(name && !PKCS12_add_friendlyname(bag, name, -1))
141 goto err; 149 goto err;
diff --git a/src/lib/libssl/src/crypto/rand/Makefile b/src/lib/libssl/src/crypto/rand/Makefile
index 3c1ab5bbae..27694aa664 100644
--- a/src/lib/libssl/src/crypto/rand/Makefile
+++ b/src/lib/libssl/src/crypto/rand/Makefile
@@ -97,14 +97,19 @@ rand_err.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
97rand_err.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h 97rand_err.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
98rand_err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h 98rand_err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
99rand_err.o: rand_err.c 99rand_err.o: rand_err.c
100rand_lib.o: ../../e_os.h ../../include/openssl/bio.h 100rand_lib.o: ../../e_os.h ../../include/openssl/asn1.h
101rand_lib.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h 101rand_lib.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
102rand_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h 102rand_lib.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
103rand_lib.o: ../../include/openssl/err.h ../../include/openssl/lhash.h 103rand_lib.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
104rand_lib.o: ../../include/openssl/opensslconf.h 104rand_lib.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h
105rand_lib.o: ../../include/openssl/err.h ../../include/openssl/evp.h
106rand_lib.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
107rand_lib.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
105rand_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h 108rand_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
106rand_lib.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h 109rand_lib.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
110rand_lib.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
107rand_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h 111rand_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
112rand_lib.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
108rand_lib.o: ../cryptlib.h rand_lib.c 113rand_lib.o: ../cryptlib.h rand_lib.c
109rand_nw.o: ../../e_os.h ../../include/openssl/asn1.h 114rand_nw.o: ../../e_os.h ../../include/openssl/asn1.h
110rand_nw.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h 115rand_nw.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
diff --git a/src/lib/libssl/src/crypto/rsa/Makefile b/src/lib/libssl/src/crypto/rsa/Makefile
index 13900812ac..8f1c611800 100644
--- a/src/lib/libssl/src/crypto/rsa/Makefile
+++ b/src/lib/libssl/src/crypto/rsa/Makefile
@@ -133,12 +133,17 @@ rsa_gen.o: ../cryptlib.h rsa_gen.c
133rsa_lib.o: ../../e_os.h ../../include/openssl/asn1.h 133rsa_lib.o: ../../e_os.h ../../include/openssl/asn1.h
134rsa_lib.o: ../../include/openssl/bio.h ../../include/openssl/bn.h 134rsa_lib.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
135rsa_lib.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h 135rsa_lib.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
136rsa_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h 136rsa_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
137rsa_lib.o: ../../include/openssl/err.h ../../include/openssl/lhash.h 137rsa_lib.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
138rsa_lib.o: ../../include/openssl/engine.h ../../include/openssl/err.h
139rsa_lib.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
140rsa_lib.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
138rsa_lib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h 141rsa_lib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
139rsa_lib.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h 142rsa_lib.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
140rsa_lib.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h 143rsa_lib.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h
144rsa_lib.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
141rsa_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h 145rsa_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
146rsa_lib.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
142rsa_lib.o: ../cryptlib.h rsa_lib.c 147rsa_lib.o: ../cryptlib.h rsa_lib.c
143rsa_none.o: ../../e_os.h ../../include/openssl/asn1.h 148rsa_none.o: ../../e_os.h ../../include/openssl/asn1.h
144rsa_none.o: ../../include/openssl/bio.h ../../include/openssl/bn.h 149rsa_none.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
diff --git a/src/lib/libssl/src/crypto/rsa/rsa.h b/src/lib/libssl/src/crypto/rsa/rsa.h
index 6b5e4f8a9a..3699afaaaf 100644
--- a/src/lib/libssl/src/crypto/rsa/rsa.h
+++ b/src/lib/libssl/src/crypto/rsa/rsa.h
@@ -281,6 +281,7 @@ int RSA_print_fp(FILE *fp, const RSA *r,int offset);
281int RSA_print(BIO *bp, const RSA *r,int offset); 281int RSA_print(BIO *bp, const RSA *r,int offset);
282#endif 282#endif
283 283
284#ifndef OPENSSL_NO_RC4
284int i2d_RSA_NET(const RSA *a, unsigned char **pp, 285int i2d_RSA_NET(const RSA *a, unsigned char **pp,
285 int (*cb)(char *buf, int len, const char *prompt, int verify), 286 int (*cb)(char *buf, int len, const char *prompt, int verify),
286 int sgckey); 287 int sgckey);
@@ -294,6 +295,7 @@ int i2d_Netscape_RSA(const RSA *a, unsigned char **pp,
294RSA *d2i_Netscape_RSA(RSA **a, const unsigned char **pp, long length, 295RSA *d2i_Netscape_RSA(RSA **a, const unsigned char **pp, long length,
295 int (*cb)(char *buf, int len, const char *prompt, 296 int (*cb)(char *buf, int len, const char *prompt,
296 int verify)); 297 int verify));
298#endif
297 299
298/* The following 2 functions sign and verify a X509_SIG ASN1 object 300/* The following 2 functions sign and verify a X509_SIG ASN1 object
299 * inside PKCS#1 padded RSA encryption */ 301 * inside PKCS#1 padded RSA encryption */
diff --git a/src/lib/libssl/src/crypto/rsa/rsa_eay.c b/src/lib/libssl/src/crypto/rsa/rsa_eay.c
index 272c5eed18..5a6eda7961 100644
--- a/src/lib/libssl/src/crypto/rsa/rsa_eay.c
+++ b/src/lib/libssl/src/crypto/rsa/rsa_eay.c
@@ -150,16 +150,6 @@ const RSA_METHOD *RSA_PKCS1_SSLeay(void)
150 return(&rsa_pkcs1_eay_meth); 150 return(&rsa_pkcs1_eay_meth);
151 } 151 }
152 152
153/* Usage example;
154 * MONT_HELPER(rsa->_method_mod_p, bn_ctx, rsa->p, rsa->flags & RSA_FLAG_CACHE_PRIVATE, goto err);
155 */
156#define MONT_HELPER(method_mod, ctx, m, pre_cond, err_instr) \
157 if ((pre_cond) && ((method_mod) == NULL) && \
158 !BN_MONT_CTX_set_locked(&(method_mod), \
159 CRYPTO_LOCK_RSA, \
160 (m), (ctx))) \
161 err_instr
162
163static int RSA_eay_public_encrypt(int flen, const unsigned char *from, 153static int RSA_eay_public_encrypt(int flen, const unsigned char *from,
164 unsigned char *to, RSA *rsa, int padding) 154 unsigned char *to, RSA *rsa, int padding)
165 { 155 {
@@ -233,7 +223,9 @@ static int RSA_eay_public_encrypt(int flen, const unsigned char *from,
233 goto err; 223 goto err;
234 } 224 }
235 225
236 MONT_HELPER(rsa->_method_mod_n, ctx, rsa->n, rsa->flags & RSA_FLAG_CACHE_PUBLIC, goto err); 226 if (rsa->flags & RSA_FLAG_CACHE_PUBLIC)
227 if (!BN_MONT_CTX_set_locked(&rsa->_method_mod_n, CRYPTO_LOCK_RSA, rsa->n, ctx))
228 goto err;
237 229
238 if (!rsa->meth->bn_mod_exp(ret,f,rsa->e,rsa->n,ctx, 230 if (!rsa->meth->bn_mod_exp(ret,f,rsa->e,rsa->n,ctx,
239 rsa->_method_mod_n)) goto err; 231 rsa->_method_mod_n)) goto err;
@@ -460,7 +452,9 @@ static int RSA_eay_private_encrypt(int flen, const unsigned char *from,
460 else 452 else
461 d= rsa->d; 453 d= rsa->d;
462 454
463 MONT_HELPER(rsa->_method_mod_n, ctx, rsa->n, rsa->flags & RSA_FLAG_CACHE_PUBLIC, goto err); 455 if (rsa->flags & RSA_FLAG_CACHE_PUBLIC)
456 if(!BN_MONT_CTX_set_locked(&rsa->_method_mod_n, CRYPTO_LOCK_RSA, rsa->n, ctx))
457 goto err;
464 458
465 if (!rsa->meth->bn_mod_exp(ret,f,d,rsa->n,ctx, 459 if (!rsa->meth->bn_mod_exp(ret,f,d,rsa->n,ctx,
466 rsa->_method_mod_n)) goto err; 460 rsa->_method_mod_n)) goto err;
@@ -581,7 +575,9 @@ static int RSA_eay_private_decrypt(int flen, const unsigned char *from,
581 else 575 else
582 d = rsa->d; 576 d = rsa->d;
583 577
584 MONT_HELPER(rsa->_method_mod_n, ctx, rsa->n, rsa->flags & RSA_FLAG_CACHE_PUBLIC, goto err); 578 if (rsa->flags & RSA_FLAG_CACHE_PUBLIC)
579 if (!BN_MONT_CTX_set_locked(&rsa->_method_mod_n, CRYPTO_LOCK_RSA, rsa->n, ctx))
580 goto err;
585 if (!rsa->meth->bn_mod_exp(ret,f,d,rsa->n,ctx, 581 if (!rsa->meth->bn_mod_exp(ret,f,d,rsa->n,ctx,
586 rsa->_method_mod_n)) 582 rsa->_method_mod_n))
587 goto err; 583 goto err;
@@ -691,7 +687,9 @@ static int RSA_eay_public_decrypt(int flen, const unsigned char *from,
691 goto err; 687 goto err;
692 } 688 }
693 689
694 MONT_HELPER(rsa->_method_mod_n, ctx, rsa->n, rsa->flags & RSA_FLAG_CACHE_PUBLIC, goto err); 690 if (rsa->flags & RSA_FLAG_CACHE_PUBLIC)
691 if (!BN_MONT_CTX_set_locked(&rsa->_method_mod_n, CRYPTO_LOCK_RSA, rsa->n, ctx))
692 goto err;
695 693
696 if (!rsa->meth->bn_mod_exp(ret,f,rsa->e,rsa->n,ctx, 694 if (!rsa->meth->bn_mod_exp(ret,f,rsa->e,rsa->n,ctx,
697 rsa->_method_mod_n)) goto err; 695 rsa->_method_mod_n)) goto err;
@@ -769,11 +767,18 @@ static int RSA_eay_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx)
769 q = rsa->q; 767 q = rsa->q;
770 } 768 }
771 769
772 MONT_HELPER(rsa->_method_mod_p, ctx, p, rsa->flags & RSA_FLAG_CACHE_PRIVATE, goto err); 770 if (rsa->flags & RSA_FLAG_CACHE_PRIVATE)
773 MONT_HELPER(rsa->_method_mod_q, ctx, q, rsa->flags & RSA_FLAG_CACHE_PRIVATE, goto err); 771 {
772 if (!BN_MONT_CTX_set_locked(&rsa->_method_mod_p, CRYPTO_LOCK_RSA, p, ctx))
773 goto err;
774 if (!BN_MONT_CTX_set_locked(&rsa->_method_mod_q, CRYPTO_LOCK_RSA, q, ctx))
775 goto err;
776 }
774 } 777 }
775 778
776 MONT_HELPER(rsa->_method_mod_n, ctx, rsa->n, rsa->flags & RSA_FLAG_CACHE_PUBLIC, goto err); 779 if (rsa->flags & RSA_FLAG_CACHE_PUBLIC)
780 if (!BN_MONT_CTX_set_locked(&rsa->_method_mod_n, CRYPTO_LOCK_RSA, rsa->n, ctx))
781 goto err;
777 782
778 /* compute I mod q */ 783 /* compute I mod q */
779 if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) 784 if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME))
diff --git a/src/lib/libssl/src/crypto/rsa/rsa_ssl.c b/src/lib/libssl/src/crypto/rsa/rsa_ssl.c
index ea72629494..cfeff15bc9 100644
--- a/src/lib/libssl/src/crypto/rsa/rsa_ssl.c
+++ b/src/lib/libssl/src/crypto/rsa/rsa_ssl.c
@@ -130,7 +130,7 @@ int RSA_padding_check_SSLv23(unsigned char *to, int tlen,
130 RSAerr(RSA_F_RSA_PADDING_CHECK_SSLV23,RSA_R_NULL_BEFORE_BLOCK_MISSING); 130 RSAerr(RSA_F_RSA_PADDING_CHECK_SSLV23,RSA_R_NULL_BEFORE_BLOCK_MISSING);
131 return(-1); 131 return(-1);
132 } 132 }
133 for (k= -8; k<0; k++) 133 for (k = -9; k<-1; k++)
134 { 134 {
135 if (p[k] != 0x03) break; 135 if (p[k] != 0x03) break;
136 } 136 }
diff --git a/src/lib/libssl/src/crypto/sha/asm/sha1-586.pl b/src/lib/libssl/src/crypto/sha/asm/sha1-586.pl
index 0b4dab2bd5..a787dd37da 100644
--- a/src/lib/libssl/src/crypto/sha/asm/sha1-586.pl
+++ b/src/lib/libssl/src/crypto/sha/asm/sha1-586.pl
@@ -149,7 +149,7 @@ sub BODY_40_59
149 &add($f,$e); # f+=ROTATE(a,5) 149 &add($f,$e); # f+=ROTATE(a,5)
150 } 150 }
151 151
152&function_begin("sha1_block_data_order",16); 152&function_begin("sha1_block_data_order");
153 &mov($tmp1,&wparam(0)); # SHA_CTX *c 153 &mov($tmp1,&wparam(0)); # SHA_CTX *c
154 &mov($T,&wparam(1)); # const void *input 154 &mov($T,&wparam(1)); # const void *input
155 &mov($A,&wparam(2)); # size_t num 155 &mov($A,&wparam(2)); # size_t num
diff --git a/src/lib/libssl/src/crypto/stack/safestack.h b/src/lib/libssl/src/crypto/stack/safestack.h
index 78cc485e6d..40b17902e0 100644
--- a/src/lib/libssl/src/crypto/stack/safestack.h
+++ b/src/lib/libssl/src/crypto/stack/safestack.h
@@ -986,6 +986,50 @@ STACK_OF(type) \
986#define sk_MIME_HEADER_sort(st) SKM_sk_sort(MIME_HEADER, (st)) 986#define sk_MIME_HEADER_sort(st) SKM_sk_sort(MIME_HEADER, (st))
987#define sk_MIME_HEADER_is_sorted(st) SKM_sk_is_sorted(MIME_HEADER, (st)) 987#define sk_MIME_HEADER_is_sorted(st) SKM_sk_is_sorted(MIME_HEADER, (st))
988 988
989#define sk_MIME_HEADER_new(st) SKM_sk_new(MIME_HEADER, (st))
990#define sk_MIME_HEADER_new_null() SKM_sk_new_null(MIME_HEADER)
991#define sk_MIME_HEADER_free(st) SKM_sk_free(MIME_HEADER, (st))
992#define sk_MIME_HEADER_num(st) SKM_sk_num(MIME_HEADER, (st))
993#define sk_MIME_HEADER_value(st, i) SKM_sk_value(MIME_HEADER, (st), (i))
994#define sk_MIME_HEADER_set(st, i, val) SKM_sk_set(MIME_HEADER, (st), (i), (val))
995#define sk_MIME_HEADER_zero(st) SKM_sk_zero(MIME_HEADER, (st))
996#define sk_MIME_HEADER_push(st, val) SKM_sk_push(MIME_HEADER, (st), (val))
997#define sk_MIME_HEADER_unshift(st, val) SKM_sk_unshift(MIME_HEADER, (st), (val))
998#define sk_MIME_HEADER_find(st, val) SKM_sk_find(MIME_HEADER, (st), (val))
999#define sk_MIME_HEADER_find_ex(st, val) SKM_sk_find_ex(MIME_HEADER, (st), (val))
1000#define sk_MIME_HEADER_delete(st, i) SKM_sk_delete(MIME_HEADER, (st), (i))
1001#define sk_MIME_HEADER_delete_ptr(st, ptr) SKM_sk_delete_ptr(MIME_HEADER, (st), (ptr))
1002#define sk_MIME_HEADER_insert(st, val, i) SKM_sk_insert(MIME_HEADER, (st), (val), (i))
1003#define sk_MIME_HEADER_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(MIME_HEADER, (st), (cmp))
1004#define sk_MIME_HEADER_dup(st) SKM_sk_dup(MIME_HEADER, st)
1005#define sk_MIME_HEADER_pop_free(st, free_func) SKM_sk_pop_free(MIME_HEADER, (st), (free_func))
1006#define sk_MIME_HEADER_shift(st) SKM_sk_shift(MIME_HEADER, (st))
1007#define sk_MIME_HEADER_pop(st) SKM_sk_pop(MIME_HEADER, (st))
1008#define sk_MIME_HEADER_sort(st) SKM_sk_sort(MIME_HEADER, (st))
1009#define sk_MIME_HEADER_is_sorted(st) SKM_sk_is_sorted(MIME_HEADER, (st))
1010
1011#define sk_MIME_PARAM_new(st) SKM_sk_new(MIME_PARAM, (st))
1012#define sk_MIME_PARAM_new_null() SKM_sk_new_null(MIME_PARAM)
1013#define sk_MIME_PARAM_free(st) SKM_sk_free(MIME_PARAM, (st))
1014#define sk_MIME_PARAM_num(st) SKM_sk_num(MIME_PARAM, (st))
1015#define sk_MIME_PARAM_value(st, i) SKM_sk_value(MIME_PARAM, (st), (i))
1016#define sk_MIME_PARAM_set(st, i, val) SKM_sk_set(MIME_PARAM, (st), (i), (val))
1017#define sk_MIME_PARAM_zero(st) SKM_sk_zero(MIME_PARAM, (st))
1018#define sk_MIME_PARAM_push(st, val) SKM_sk_push(MIME_PARAM, (st), (val))
1019#define sk_MIME_PARAM_unshift(st, val) SKM_sk_unshift(MIME_PARAM, (st), (val))
1020#define sk_MIME_PARAM_find(st, val) SKM_sk_find(MIME_PARAM, (st), (val))
1021#define sk_MIME_PARAM_find_ex(st, val) SKM_sk_find_ex(MIME_PARAM, (st), (val))
1022#define sk_MIME_PARAM_delete(st, i) SKM_sk_delete(MIME_PARAM, (st), (i))
1023#define sk_MIME_PARAM_delete_ptr(st, ptr) SKM_sk_delete_ptr(MIME_PARAM, (st), (ptr))
1024#define sk_MIME_PARAM_insert(st, val, i) SKM_sk_insert(MIME_PARAM, (st), (val), (i))
1025#define sk_MIME_PARAM_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(MIME_PARAM, (st), (cmp))
1026#define sk_MIME_PARAM_dup(st) SKM_sk_dup(MIME_PARAM, st)
1027#define sk_MIME_PARAM_pop_free(st, free_func) SKM_sk_pop_free(MIME_PARAM, (st), (free_func))
1028#define sk_MIME_PARAM_shift(st) SKM_sk_shift(MIME_PARAM, (st))
1029#define sk_MIME_PARAM_pop(st) SKM_sk_pop(MIME_PARAM, (st))
1030#define sk_MIME_PARAM_sort(st) SKM_sk_sort(MIME_PARAM, (st))
1031#define sk_MIME_PARAM_is_sorted(st) SKM_sk_is_sorted(MIME_PARAM, (st))
1032
989#define sk_MIME_PARAM_new(st) SKM_sk_new(MIME_PARAM, (st)) 1033#define sk_MIME_PARAM_new(st) SKM_sk_new(MIME_PARAM, (st))
990#define sk_MIME_PARAM_new_null() SKM_sk_new_null(MIME_PARAM) 1034#define sk_MIME_PARAM_new_null() SKM_sk_new_null(MIME_PARAM)
991#define sk_MIME_PARAM_free(st) SKM_sk_free(MIME_PARAM, (st)) 1035#define sk_MIME_PARAM_free(st) SKM_sk_free(MIME_PARAM, (st))
diff --git a/src/lib/libssl/src/crypto/x509/x509_att.c b/src/lib/libssl/src/crypto/x509/x509_att.c
index 511b49d589..98460e8921 100644
--- a/src/lib/libssl/src/crypto/x509/x509_att.c
+++ b/src/lib/libssl/src/crypto/x509/x509_att.c
@@ -245,7 +245,7 @@ X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_OBJ(X509_ATTRIBUTE **attr,
245 goto err; 245 goto err;
246 if (!X509_ATTRIBUTE_set1_data(ret,atrtype,data,len)) 246 if (!X509_ATTRIBUTE_set1_data(ret,atrtype,data,len))
247 goto err; 247 goto err;
248 248
249 if ((attr != NULL) && (*attr == NULL)) *attr=ret; 249 if ((attr != NULL) && (*attr == NULL)) *attr=ret;
250 return(ret); 250 return(ret);
251err: 251err:
@@ -302,8 +302,15 @@ int X509_ATTRIBUTE_set1_data(X509_ATTRIBUTE *attr, int attrtype, const void *dat
302 atype = attrtype; 302 atype = attrtype;
303 } 303 }
304 if(!(attr->value.set = sk_ASN1_TYPE_new_null())) goto err; 304 if(!(attr->value.set = sk_ASN1_TYPE_new_null())) goto err;
305 attr->single = 0;
306 /* This is a bit naughty because the attribute should really have
307 * at least one value but some types use and zero length SET and
308 * require this.
309 */
310 if (attrtype == 0)
311 return 1;
305 if(!(ttmp = ASN1_TYPE_new())) goto err; 312 if(!(ttmp = ASN1_TYPE_new())) goto err;
306 if (len == -1) 313 if ((len == -1) && !(attrtype & MBSTRING_FLAG))
307 { 314 {
308 if (!ASN1_TYPE_set1(ttmp, attrtype, data)) 315 if (!ASN1_TYPE_set1(ttmp, attrtype, data))
309 goto err; 316 goto err;
@@ -311,7 +318,6 @@ int X509_ATTRIBUTE_set1_data(X509_ATTRIBUTE *attr, int attrtype, const void *dat
311 else 318 else
312 ASN1_TYPE_set(ttmp, atype, stmp); 319 ASN1_TYPE_set(ttmp, atype, stmp);
313 if(!sk_ASN1_TYPE_push(attr->value.set, ttmp)) goto err; 320 if(!sk_ASN1_TYPE_push(attr->value.set, ttmp)) goto err;
314 attr->single = 0;
315 return 1; 321 return 1;
316 err: 322 err:
317 X509err(X509_F_X509_ATTRIBUTE_SET1_DATA, ERR_R_MALLOC_FAILURE); 323 X509err(X509_F_X509_ATTRIBUTE_SET1_DATA, ERR_R_MALLOC_FAILURE);
diff --git a/src/lib/libssl/src/crypto/x509/x509_vfy.c b/src/lib/libssl/src/crypto/x509/x509_vfy.c
index 9a62ebcf67..336c40ddd7 100644
--- a/src/lib/libssl/src/crypto/x509/x509_vfy.c
+++ b/src/lib/libssl/src/crypto/x509/x509_vfy.c
@@ -394,7 +394,7 @@ static int check_chain_extensions(X509_STORE_CTX *ctx)
394#ifdef OPENSSL_NO_CHAIN_VERIFY 394#ifdef OPENSSL_NO_CHAIN_VERIFY
395 return 1; 395 return 1;
396#else 396#else
397 int i, ok=0, must_be_ca; 397 int i, ok=0, must_be_ca, plen = 0;
398 X509 *x; 398 X509 *x;
399 int (*cb)(int xok,X509_STORE_CTX *xctx); 399 int (*cb)(int xok,X509_STORE_CTX *xctx);
400 int proxy_path_length = 0; 400 int proxy_path_length = 0;
@@ -495,9 +495,10 @@ static int check_chain_extensions(X509_STORE_CTX *ctx)
495 if (!ok) goto end; 495 if (!ok) goto end;
496 } 496 }
497 } 497 }
498 /* Check pathlen */ 498 /* Check pathlen if not self issued */
499 if ((i > 1) && (x->ex_pathlen != -1) 499 if ((i > 1) && !(x->ex_flags & EXFLAG_SI)
500 && (i > (x->ex_pathlen + proxy_path_length + 1))) 500 && (x->ex_pathlen != -1)
501 && (plen > (x->ex_pathlen + proxy_path_length + 1)))
501 { 502 {
502 ctx->error = X509_V_ERR_PATH_LENGTH_EXCEEDED; 503 ctx->error = X509_V_ERR_PATH_LENGTH_EXCEEDED;
503 ctx->error_depth = i; 504 ctx->error_depth = i;
@@ -505,6 +506,9 @@ static int check_chain_extensions(X509_STORE_CTX *ctx)
505 ok=cb(0,ctx); 506 ok=cb(0,ctx);
506 if (!ok) goto end; 507 if (!ok) goto end;
507 } 508 }
509 /* Increment path length if not self issued */
510 if (!(x->ex_flags & EXFLAG_SI))
511 plen++;
508 /* If this certificate is a proxy certificate, the next 512 /* If this certificate is a proxy certificate, the next
509 certificate must be another proxy certificate or a EE 513 certificate must be another proxy certificate or a EE
510 certificate. If not, the next certificate must be a 514 certificate. If not, the next certificate must be a
diff --git a/src/lib/libssl/src/crypto/x509v3/pcy_data.c b/src/lib/libssl/src/crypto/x509v3/pcy_data.c
index 614d2b4935..4711b1ee92 100644
--- a/src/lib/libssl/src/crypto/x509v3/pcy_data.c
+++ b/src/lib/libssl/src/crypto/x509v3/pcy_data.c
@@ -87,6 +87,12 @@ X509_POLICY_DATA *policy_data_new(POLICYINFO *policy, ASN1_OBJECT *id, int crit)
87 X509_POLICY_DATA *ret; 87 X509_POLICY_DATA *ret;
88 if (!policy && !id) 88 if (!policy && !id)
89 return NULL; 89 return NULL;
90 if (id)
91 {
92 id = OBJ_dup(id);
93 if (!id)
94 return NULL;
95 }
90 ret = OPENSSL_malloc(sizeof(X509_POLICY_DATA)); 96 ret = OPENSSL_malloc(sizeof(X509_POLICY_DATA));
91 if (!ret) 97 if (!ret)
92 return NULL; 98 return NULL;
@@ -94,6 +100,8 @@ X509_POLICY_DATA *policy_data_new(POLICYINFO *policy, ASN1_OBJECT *id, int crit)
94 if (!ret->expected_policy_set) 100 if (!ret->expected_policy_set)
95 { 101 {
96 OPENSSL_free(ret); 102 OPENSSL_free(ret);
103 if (id)
104 ASN1_OBJECT_free(id);
97 return NULL; 105 return NULL;
98 } 106 }
99 107
diff --git a/src/lib/libssl/src/crypto/x509v3/pcy_tree.c b/src/lib/libssl/src/crypto/x509v3/pcy_tree.c
index 4fda1d419a..b1ce77b9af 100644
--- a/src/lib/libssl/src/crypto/x509v3/pcy_tree.c
+++ b/src/lib/libssl/src/crypto/x509v3/pcy_tree.c
@@ -130,9 +130,9 @@ static int tree_init(X509_POLICY_TREE **ptree, STACK_OF(X509) *certs,
130 ret = 2; 130 ret = 2;
131 if (explicit_policy > 0) 131 if (explicit_policy > 0)
132 { 132 {
133 explicit_policy--; 133 if (!(x->ex_flags & EXFLAG_SI))
134 if (!(x->ex_flags & EXFLAG_SS) 134 explicit_policy--;
135 && (cache->explicit_skip != -1) 135 if ((cache->explicit_skip != -1)
136 && (cache->explicit_skip < explicit_policy)) 136 && (cache->explicit_skip < explicit_policy))
137 explicit_policy = cache->explicit_skip; 137 explicit_policy = cache->explicit_skip;
138 } 138 }
@@ -197,13 +197,14 @@ static int tree_init(X509_POLICY_TREE **ptree, STACK_OF(X509) *certs,
197 /* Any matching allowed if certificate is self 197 /* Any matching allowed if certificate is self
198 * issued and not the last in the chain. 198 * issued and not the last in the chain.
199 */ 199 */
200 if (!(x->ex_flags & EXFLAG_SS) || (i == 0)) 200 if (!(x->ex_flags & EXFLAG_SI) || (i == 0))
201 level->flags |= X509_V_FLAG_INHIBIT_ANY; 201 level->flags |= X509_V_FLAG_INHIBIT_ANY;
202 } 202 }
203 else 203 else
204 { 204 {
205 any_skip--; 205 if (!(x->ex_flags & EXFLAG_SI))
206 if ((cache->any_skip > 0) 206 any_skip--;
207 if ((cache->any_skip >= 0)
207 && (cache->any_skip < any_skip)) 208 && (cache->any_skip < any_skip))
208 any_skip = cache->any_skip; 209 any_skip = cache->any_skip;
209 } 210 }
@@ -213,7 +214,7 @@ static int tree_init(X509_POLICY_TREE **ptree, STACK_OF(X509) *certs,
213 else 214 else
214 { 215 {
215 map_skip--; 216 map_skip--;
216 if ((cache->map_skip > 0) 217 if ((cache->map_skip >= 0)
217 && (cache->map_skip < map_skip)) 218 && (cache->map_skip < map_skip))
218 map_skip = cache->map_skip; 219 map_skip = cache->map_skip;
219 } 220 }
@@ -310,7 +311,8 @@ static int tree_link_any(X509_POLICY_LEVEL *curr,
310 311
311 if (data == NULL) 312 if (data == NULL)
312 return 0; 313 return 0;
313 data->qualifier_set = curr->anyPolicy->data->qualifier_set; 314 /* Curr may not have anyPolicy */
315 data->qualifier_set = cache->anyPolicy->qualifier_set;
314 data->flags |= POLICY_DATA_FLAG_SHARED_QUALIFIERS; 316 data->flags |= POLICY_DATA_FLAG_SHARED_QUALIFIERS;
315 if (!level_add_node(curr, data, node, tree)) 317 if (!level_add_node(curr, data, node, tree))
316 { 318 {
diff --git a/src/lib/libssl/src/crypto/x509v3/v3_addr.c b/src/lib/libssl/src/crypto/x509v3/v3_addr.c
index ed9847b307..c6730ab3fd 100644
--- a/src/lib/libssl/src/crypto/x509v3/v3_addr.c
+++ b/src/lib/libssl/src/crypto/x509v3/v3_addr.c
@@ -594,10 +594,10 @@ static IPAddressOrRanges *make_prefix_or_range(IPAddrBlocks *addr,
594 return NULL; 594 return NULL;
595 switch (afi) { 595 switch (afi) {
596 case IANA_AFI_IPV4: 596 case IANA_AFI_IPV4:
597 sk_IPAddressOrRange_set_cmp_func(aors, v4IPAddressOrRange_cmp); 597 (void)sk_IPAddressOrRange_set_cmp_func(aors, v4IPAddressOrRange_cmp);
598 break; 598 break;
599 case IANA_AFI_IPV6: 599 case IANA_AFI_IPV6:
600 sk_IPAddressOrRange_set_cmp_func(aors, v6IPAddressOrRange_cmp); 600 (void)sk_IPAddressOrRange_set_cmp_func(aors, v6IPAddressOrRange_cmp);
601 break; 601 break;
602 } 602 }
603 f->ipAddressChoice->type = IPAddressChoice_addressesOrRanges; 603 f->ipAddressChoice->type = IPAddressChoice_addressesOrRanges;
@@ -854,7 +854,7 @@ static int IPAddressOrRanges_canonize(IPAddressOrRanges *aors,
854 if (!make_addressRange(&merged, a_min, b_max, length)) 854 if (!make_addressRange(&merged, a_min, b_max, length))
855 return 0; 855 return 0;
856 sk_IPAddressOrRange_set(aors, i, merged); 856 sk_IPAddressOrRange_set(aors, i, merged);
857 sk_IPAddressOrRange_delete(aors, i + 1); 857 (void)sk_IPAddressOrRange_delete(aors, i + 1);
858 IPAddressOrRange_free(a); 858 IPAddressOrRange_free(a);
859 IPAddressOrRange_free(b); 859 IPAddressOrRange_free(b);
860 --i; 860 --i;
@@ -1122,7 +1122,7 @@ int v3_addr_subset(IPAddrBlocks *a, IPAddrBlocks *b)
1122 return 1; 1122 return 1;
1123 if (b == NULL || v3_addr_inherits(a) || v3_addr_inherits(b)) 1123 if (b == NULL || v3_addr_inherits(a) || v3_addr_inherits(b))
1124 return 0; 1124 return 0;
1125 sk_IPAddressFamily_set_cmp_func(b, IPAddressFamily_cmp); 1125 (void)sk_IPAddressFamily_set_cmp_func(b, IPAddressFamily_cmp);
1126 for (i = 0; i < sk_IPAddressFamily_num(a); i++) { 1126 for (i = 0; i < sk_IPAddressFamily_num(a); i++) {
1127 IPAddressFamily *fa = sk_IPAddressFamily_value(a, i); 1127 IPAddressFamily *fa = sk_IPAddressFamily_value(a, i);
1128 int j = sk_IPAddressFamily_find(b, fa); 1128 int j = sk_IPAddressFamily_find(b, fa);
@@ -1183,7 +1183,7 @@ static int v3_addr_validate_path_internal(X509_STORE_CTX *ctx,
1183 } 1183 }
1184 if (!v3_addr_is_canonical(ext)) 1184 if (!v3_addr_is_canonical(ext))
1185 validation_err(X509_V_ERR_INVALID_EXTENSION); 1185 validation_err(X509_V_ERR_INVALID_EXTENSION);
1186 sk_IPAddressFamily_set_cmp_func(ext, IPAddressFamily_cmp); 1186 (void)sk_IPAddressFamily_set_cmp_func(ext, IPAddressFamily_cmp);
1187 if ((child = sk_IPAddressFamily_dup(ext)) == NULL) { 1187 if ((child = sk_IPAddressFamily_dup(ext)) == NULL) {
1188 X509V3err(X509V3_F_V3_ADDR_VALIDATE_PATH_INTERNAL, ERR_R_MALLOC_FAILURE); 1188 X509V3err(X509V3_F_V3_ADDR_VALIDATE_PATH_INTERNAL, ERR_R_MALLOC_FAILURE);
1189 ret = 0; 1189 ret = 0;
@@ -1209,7 +1209,7 @@ static int v3_addr_validate_path_internal(X509_STORE_CTX *ctx,
1209 } 1209 }
1210 continue; 1210 continue;
1211 } 1211 }
1212 sk_IPAddressFamily_set_cmp_func(x->rfc3779_addr, IPAddressFamily_cmp); 1212 (void)sk_IPAddressFamily_set_cmp_func(x->rfc3779_addr, IPAddressFamily_cmp);
1213 for (j = 0; j < sk_IPAddressFamily_num(child); j++) { 1213 for (j = 0; j < sk_IPAddressFamily_num(child); j++) {
1214 IPAddressFamily *fc = sk_IPAddressFamily_value(child, j); 1214 IPAddressFamily *fc = sk_IPAddressFamily_value(child, j);
1215 int k = sk_IPAddressFamily_find(x->rfc3779_addr, fc); 1215 int k = sk_IPAddressFamily_find(x->rfc3779_addr, fc);
diff --git a/src/lib/libssl/src/crypto/x509v3/v3_asid.c b/src/lib/libssl/src/crypto/x509v3/v3_asid.c
index 271930f967..abd497ed1f 100644
--- a/src/lib/libssl/src/crypto/x509v3/v3_asid.c
+++ b/src/lib/libssl/src/crypto/x509v3/v3_asid.c
@@ -466,7 +466,7 @@ static int ASIdentifierChoice_canonize(ASIdentifierChoice *choice)
466 break; 466 break;
467 } 467 }
468 ASIdOrRange_free(b); 468 ASIdOrRange_free(b);
469 sk_ASIdOrRange_delete(choice->u.asIdsOrRanges, i + 1); 469 (void)sk_ASIdOrRange_delete(choice->u.asIdsOrRanges, i + 1);
470 i--; 470 i--;
471 continue; 471 continue;
472 } 472 }
diff --git a/src/lib/libssl/src/crypto/x509v3/v3_purp.c b/src/lib/libssl/src/crypto/x509v3/v3_purp.c
index b2f5cdfa05..c54e7887c7 100644
--- a/src/lib/libssl/src/crypto/x509v3/v3_purp.c
+++ b/src/lib/libssl/src/crypto/x509v3/v3_purp.c
@@ -291,7 +291,9 @@ int X509_supported_extension(X509_EXTENSION *ex)
291 NID_sbgp_ipAddrBlock, /* 290 */ 291 NID_sbgp_ipAddrBlock, /* 290 */
292 NID_sbgp_autonomousSysNum, /* 291 */ 292 NID_sbgp_autonomousSysNum, /* 291 */
293#endif 293#endif
294 NID_proxyCertInfo /* 661 */ 294 NID_policy_constraints, /* 401 */
295 NID_proxyCertInfo, /* 661 */
296 NID_inhibit_any_policy /* 748 */
295 }; 297 };
296 298
297 int ex_nid; 299 int ex_nid;
@@ -325,7 +327,7 @@ static void x509v3_cache_extensions(X509 *x)
325#endif 327#endif
326 /* Does subject name match issuer ? */ 328 /* Does subject name match issuer ? */
327 if(!X509_NAME_cmp(X509_get_subject_name(x), X509_get_issuer_name(x))) 329 if(!X509_NAME_cmp(X509_get_subject_name(x), X509_get_issuer_name(x)))
328 x->ex_flags |= EXFLAG_SS; 330 x->ex_flags |= EXFLAG_SI;
329 /* V1 should mean no extensions ... */ 331 /* V1 should mean no extensions ... */
330 if(!X509_get_version(x)) x->ex_flags |= EXFLAG_V1; 332 if(!X509_get_version(x)) x->ex_flags |= EXFLAG_V1;
331 /* Handle basic constraints */ 333 /* Handle basic constraints */
diff --git a/src/lib/libssl/src/crypto/x509v3/x509v3.h b/src/lib/libssl/src/crypto/x509v3/x509v3.h
index db2b0482c1..5ba59f71c9 100644
--- a/src/lib/libssl/src/crypto/x509v3/x509v3.h
+++ b/src/lib/libssl/src/crypto/x509v3/x509v3.h
@@ -363,6 +363,8 @@ DECLARE_ASN1_FUNCTIONS(PROXY_CERT_INFO_EXTENSION)
363#define EXFLAG_NSCERT 0x8 363#define EXFLAG_NSCERT 0x8
364 364
365#define EXFLAG_CA 0x10 365#define EXFLAG_CA 0x10
366/* Really self issued not necessarily self signed */
367#define EXFLAG_SI 0x20
366#define EXFLAG_SS 0x20 368#define EXFLAG_SS 0x20
367#define EXFLAG_V1 0x40 369#define EXFLAG_V1 0x40
368#define EXFLAG_INVALID 0x80 370#define EXFLAG_INVALID 0x80
@@ -370,7 +372,7 @@ DECLARE_ASN1_FUNCTIONS(PROXY_CERT_INFO_EXTENSION)
370#define EXFLAG_CRITICAL 0x200 372#define EXFLAG_CRITICAL 0x200
371#define EXFLAG_PROXY 0x400 373#define EXFLAG_PROXY 0x400
372 374
373#define EXFLAG_INVALID_POLICY 0x400 375#define EXFLAG_INVALID_POLICY 0x800
374 376
375#define KU_DIGITAL_SIGNATURE 0x0080 377#define KU_DIGITAL_SIGNATURE 0x0080
376#define KU_NON_REPUDIATION 0x0040 378#define KU_NON_REPUDIATION 0x0040
diff --git a/src/lib/libssl/src/doc/ssl/SSL_read.pod b/src/lib/libssl/src/doc/ssl/SSL_read.pod
index f6c37f77e4..7038cd2d75 100644
--- a/src/lib/libssl/src/doc/ssl/SSL_read.pod
+++ b/src/lib/libssl/src/doc/ssl/SSL_read.pod
@@ -64,6 +64,11 @@ non-blocking socket, nothing is to be done, but select() can be used to check
64for the required condition. When using a buffering BIO, like a BIO pair, data 64for the required condition. When using a buffering BIO, like a BIO pair, data
65must be written into or retrieved out of the BIO before being able to continue. 65must be written into or retrieved out of the BIO before being able to continue.
66 66
67L<SSL_pending(3)|SSL_pending(3)> can be used to find out whether there
68are buffered bytes available for immediate retrieval. In this case
69SSL_read() can be called without blocking or actually receiving new
70data from the underlying socket.
71
67=head1 WARNING 72=head1 WARNING
68 73
69When an SSL_read() operation has to be repeated because of 74When an SSL_read() operation has to be repeated because of
@@ -112,6 +117,7 @@ L<SSL_get_error(3)|SSL_get_error(3)>, L<SSL_write(3)|SSL_write(3)>,
112L<SSL_CTX_set_mode(3)|SSL_CTX_set_mode(3)>, L<SSL_CTX_new(3)|SSL_CTX_new(3)>, 117L<SSL_CTX_set_mode(3)|SSL_CTX_set_mode(3)>, L<SSL_CTX_new(3)|SSL_CTX_new(3)>,
113L<SSL_connect(3)|SSL_connect(3)>, L<SSL_accept(3)|SSL_accept(3)> 118L<SSL_connect(3)|SSL_connect(3)>, L<SSL_accept(3)|SSL_accept(3)>
114L<SSL_set_connect_state(3)|SSL_set_connect_state(3)>, 119L<SSL_set_connect_state(3)|SSL_set_connect_state(3)>,
120L<SSL_pending(3)|SSL_pending(3)>,
115L<SSL_shutdown(3)|SSL_shutdown(3)>, L<SSL_set_shutdown(3)|SSL_set_shutdown(3)>, 121L<SSL_shutdown(3)|SSL_shutdown(3)>, L<SSL_set_shutdown(3)|SSL_set_shutdown(3)>,
116L<ssl(3)|ssl(3)>, L<bio(3)|bio(3)> 122L<ssl(3)|ssl(3)>, L<bio(3)|bio(3)>
117 123
diff --git a/src/lib/libssl/src/engines/Makefile b/src/lib/libssl/src/engines/Makefile
index 88f8390d0e..dbf1bd7251 100644
--- a/src/lib/libssl/src/engines/Makefile
+++ b/src/lib/libssl/src/engines/Makefile
@@ -20,7 +20,7 @@ TEST=
20APPS= 20APPS=
21 21
22LIB=$(TOP)/libcrypto.a 22LIB=$(TOP)/libcrypto.a
23LIBNAMES= 4758cca aep atalla cswift gmp chil nuron sureware ubsec 23LIBNAMES= 4758cca aep atalla cswift gmp chil nuron sureware ubsec capi
24 24
25LIBSRC= e_4758cca.c \ 25LIBSRC= e_4758cca.c \
26 e_aep.c \ 26 e_aep.c \
@@ -30,7 +30,8 @@ LIBSRC= e_4758cca.c \
30 e_chil.c \ 30 e_chil.c \
31 e_nuron.c \ 31 e_nuron.c \
32 e_sureware.c \ 32 e_sureware.c \
33 e_ubsec.c 33 e_ubsec.c \
34 e_capi.c
34LIBOBJ= e_4758cca.o \ 35LIBOBJ= e_4758cca.o \
35 e_aep.o \ 36 e_aep.o \
36 e_atalla.o \ 37 e_atalla.o \
@@ -39,7 +40,8 @@ LIBOBJ= e_4758cca.o \
39 e_chil.o \ 40 e_chil.o \
40 e_nuron.o \ 41 e_nuron.o \
41 e_sureware.o \ 42 e_sureware.o \
42 e_ubsec.o 43 e_ubsec.o \
44 e_capi.o
43 45
44SRC= $(LIBSRC) 46SRC= $(LIBSRC)
45 47
@@ -52,7 +54,8 @@ HEADER= e_4758cca_err.c e_4758cca_err.h \
52 e_chil_err.c e_chil_err.h \ 54 e_chil_err.c e_chil_err.h \
53 e_nuron_err.c e_nuron_err.h \ 55 e_nuron_err.c e_nuron_err.h \
54 e_sureware_err.c e_sureware_err.h \ 56 e_sureware_err.c e_sureware_err.h \
55 e_ubsec_err.c e_ubsec_err.h 57 e_ubsec_err.c e_ubsec_err.h \
58 e_capi_err.c e_capi_err.h
56 59
57ALL= $(GENERAL) $(SRC) $(HEADER) 60ALL= $(GENERAL) $(SRC) $(HEADER)
58 61
@@ -157,24 +160,47 @@ e_aep.o: ../include/openssl/asn1.h ../include/openssl/bio.h
157e_aep.o: ../include/openssl/bn.h ../include/openssl/buffer.h 160e_aep.o: ../include/openssl/bn.h ../include/openssl/buffer.h
158e_aep.o: ../include/openssl/crypto.h ../include/openssl/dh.h 161e_aep.o: ../include/openssl/crypto.h ../include/openssl/dh.h
159e_aep.o: ../include/openssl/dsa.h ../include/openssl/dso.h 162e_aep.o: ../include/openssl/dsa.h ../include/openssl/dso.h
160e_aep.o: ../include/openssl/e_os2.h ../include/openssl/engine.h 163e_aep.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
161e_aep.o: ../include/openssl/err.h ../include/openssl/lhash.h 164e_aep.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
165e_aep.o: ../include/openssl/engine.h ../include/openssl/err.h
166e_aep.o: ../include/openssl/evp.h ../include/openssl/lhash.h
167e_aep.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
162e_aep.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h 168e_aep.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
163e_aep.o: ../include/openssl/ossl_typ.h ../include/openssl/rsa.h 169e_aep.o: ../include/openssl/ossl_typ.h ../include/openssl/pkcs7.h
164e_aep.o: ../include/openssl/safestack.h ../include/openssl/stack.h 170e_aep.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
165e_aep.o: ../include/openssl/symhacks.h e_aep.c e_aep_err.c e_aep_err.h 171e_aep.o: ../include/openssl/sha.h ../include/openssl/stack.h
172e_aep.o: ../include/openssl/symhacks.h ../include/openssl/x509.h
173e_aep.o: ../include/openssl/x509_vfy.h e_aep.c e_aep_err.c e_aep_err.h
166e_aep.o: vendor_defns/aep.h 174e_aep.o: vendor_defns/aep.h
167e_atalla.o: ../include/openssl/asn1.h ../include/openssl/bio.h 175e_atalla.o: ../include/openssl/asn1.h ../include/openssl/bio.h
168e_atalla.o: ../include/openssl/bn.h ../include/openssl/buffer.h 176e_atalla.o: ../include/openssl/bn.h ../include/openssl/buffer.h
169e_atalla.o: ../include/openssl/crypto.h ../include/openssl/dh.h 177e_atalla.o: ../include/openssl/crypto.h ../include/openssl/dh.h
170e_atalla.o: ../include/openssl/dsa.h ../include/openssl/dso.h 178e_atalla.o: ../include/openssl/dsa.h ../include/openssl/dso.h
171e_atalla.o: ../include/openssl/e_os2.h ../include/openssl/engine.h 179e_atalla.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
172e_atalla.o: ../include/openssl/err.h ../include/openssl/lhash.h 180e_atalla.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
181e_atalla.o: ../include/openssl/engine.h ../include/openssl/err.h
182e_atalla.o: ../include/openssl/evp.h ../include/openssl/lhash.h
183e_atalla.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
173e_atalla.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h 184e_atalla.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
174e_atalla.o: ../include/openssl/ossl_typ.h ../include/openssl/rsa.h 185e_atalla.o: ../include/openssl/ossl_typ.h ../include/openssl/pkcs7.h
175e_atalla.o: ../include/openssl/safestack.h ../include/openssl/stack.h 186e_atalla.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
176e_atalla.o: ../include/openssl/symhacks.h e_atalla.c e_atalla_err.c 187e_atalla.o: ../include/openssl/sha.h ../include/openssl/stack.h
188e_atalla.o: ../include/openssl/symhacks.h ../include/openssl/x509.h
189e_atalla.o: ../include/openssl/x509_vfy.h e_atalla.c e_atalla_err.c
177e_atalla.o: e_atalla_err.h vendor_defns/atalla.h 190e_atalla.o: e_atalla_err.h vendor_defns/atalla.h
191e_capi.o: ../include/openssl/asn1.h ../include/openssl/bio.h
192e_capi.o: ../include/openssl/bn.h ../include/openssl/buffer.h
193e_capi.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
194e_capi.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
195e_capi.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
196e_capi.o: ../include/openssl/evp.h ../include/openssl/lhash.h
197e_capi.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
198e_capi.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
199e_capi.o: ../include/openssl/ossl_typ.h ../include/openssl/pkcs7.h
200e_capi.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
201e_capi.o: ../include/openssl/sha.h ../include/openssl/stack.h
202e_capi.o: ../include/openssl/symhacks.h ../include/openssl/x509.h
203e_capi.o: ../include/openssl/x509_vfy.h e_capi.c
178e_chil.o: ../include/openssl/asn1.h ../include/openssl/bio.h 204e_chil.o: ../include/openssl/asn1.h ../include/openssl/bio.h
179e_chil.o: ../include/openssl/bn.h ../include/openssl/buffer.h 205e_chil.o: ../include/openssl/bn.h ../include/openssl/buffer.h
180e_chil.o: ../include/openssl/crypto.h ../include/openssl/dh.h 206e_chil.o: ../include/openssl/crypto.h ../include/openssl/dh.h
@@ -196,28 +222,46 @@ e_cswift.o: ../include/openssl/asn1.h ../include/openssl/bio.h
196e_cswift.o: ../include/openssl/bn.h ../include/openssl/buffer.h 222e_cswift.o: ../include/openssl/bn.h ../include/openssl/buffer.h
197e_cswift.o: ../include/openssl/crypto.h ../include/openssl/dh.h 223e_cswift.o: ../include/openssl/crypto.h ../include/openssl/dh.h
198e_cswift.o: ../include/openssl/dsa.h ../include/openssl/dso.h 224e_cswift.o: ../include/openssl/dsa.h ../include/openssl/dso.h
199e_cswift.o: ../include/openssl/e_os2.h ../include/openssl/engine.h 225e_cswift.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
200e_cswift.o: ../include/openssl/err.h ../include/openssl/lhash.h 226e_cswift.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
227e_cswift.o: ../include/openssl/engine.h ../include/openssl/err.h
228e_cswift.o: ../include/openssl/evp.h ../include/openssl/lhash.h
229e_cswift.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
201e_cswift.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h 230e_cswift.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
202e_cswift.o: ../include/openssl/ossl_typ.h ../include/openssl/rand.h 231e_cswift.o: ../include/openssl/ossl_typ.h ../include/openssl/pkcs7.h
203e_cswift.o: ../include/openssl/rsa.h ../include/openssl/safestack.h 232e_cswift.o: ../include/openssl/rand.h ../include/openssl/rsa.h
204e_cswift.o: ../include/openssl/stack.h ../include/openssl/symhacks.h e_cswift.c 233e_cswift.o: ../include/openssl/safestack.h ../include/openssl/sha.h
234e_cswift.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
235e_cswift.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h e_cswift.c
205e_cswift.o: e_cswift_err.c e_cswift_err.h vendor_defns/cswift.h 236e_cswift.o: e_cswift_err.c e_cswift_err.h vendor_defns/cswift.h
206e_gmp.o: ../include/openssl/buffer.h ../include/openssl/crypto.h 237e_gmp.o: ../include/openssl/asn1.h ../include/openssl/bio.h
207e_gmp.o: ../include/openssl/e_os2.h ../include/openssl/engine.h 238e_gmp.o: ../include/openssl/bn.h ../include/openssl/buffer.h
239e_gmp.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
240e_gmp.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
241e_gmp.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
242e_gmp.o: ../include/openssl/evp.h ../include/openssl/lhash.h
243e_gmp.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
208e_gmp.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h 244e_gmp.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
209e_gmp.o: ../include/openssl/ossl_typ.h ../include/openssl/safestack.h 245e_gmp.o: ../include/openssl/ossl_typ.h ../include/openssl/pkcs7.h
210e_gmp.o: ../include/openssl/stack.h ../include/openssl/symhacks.h e_gmp.c 246e_gmp.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
247e_gmp.o: ../include/openssl/sha.h ../include/openssl/stack.h
248e_gmp.o: ../include/openssl/symhacks.h ../include/openssl/x509.h
249e_gmp.o: ../include/openssl/x509_vfy.h e_gmp.c
211e_nuron.o: ../include/openssl/asn1.h ../include/openssl/bio.h 250e_nuron.o: ../include/openssl/asn1.h ../include/openssl/bio.h
212e_nuron.o: ../include/openssl/bn.h ../include/openssl/buffer.h 251e_nuron.o: ../include/openssl/bn.h ../include/openssl/buffer.h
213e_nuron.o: ../include/openssl/crypto.h ../include/openssl/dh.h 252e_nuron.o: ../include/openssl/crypto.h ../include/openssl/dh.h
214e_nuron.o: ../include/openssl/dsa.h ../include/openssl/dso.h 253e_nuron.o: ../include/openssl/dsa.h ../include/openssl/dso.h
215e_nuron.o: ../include/openssl/e_os2.h ../include/openssl/engine.h 254e_nuron.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
216e_nuron.o: ../include/openssl/err.h ../include/openssl/lhash.h 255e_nuron.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
256e_nuron.o: ../include/openssl/engine.h ../include/openssl/err.h
257e_nuron.o: ../include/openssl/evp.h ../include/openssl/lhash.h
258e_nuron.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
217e_nuron.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h 259e_nuron.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
218e_nuron.o: ../include/openssl/ossl_typ.h ../include/openssl/rsa.h 260e_nuron.o: ../include/openssl/ossl_typ.h ../include/openssl/pkcs7.h
219e_nuron.o: ../include/openssl/safestack.h ../include/openssl/stack.h 261e_nuron.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
220e_nuron.o: ../include/openssl/symhacks.h e_nuron.c e_nuron_err.c e_nuron_err.h 262e_nuron.o: ../include/openssl/sha.h ../include/openssl/stack.h
263e_nuron.o: ../include/openssl/symhacks.h ../include/openssl/x509.h
264e_nuron.o: ../include/openssl/x509_vfy.h e_nuron.c e_nuron_err.c e_nuron_err.h
221e_sureware.o: ../include/openssl/asn1.h ../include/openssl/bio.h 265e_sureware.o: ../include/openssl/asn1.h ../include/openssl/bio.h
222e_sureware.o: ../include/openssl/bn.h ../include/openssl/buffer.h 266e_sureware.o: ../include/openssl/bn.h ../include/openssl/buffer.h
223e_sureware.o: ../include/openssl/crypto.h ../include/openssl/dh.h 267e_sureware.o: ../include/openssl/crypto.h ../include/openssl/dh.h
@@ -240,10 +284,15 @@ e_ubsec.o: ../include/openssl/asn1.h ../include/openssl/bio.h
240e_ubsec.o: ../include/openssl/bn.h ../include/openssl/buffer.h 284e_ubsec.o: ../include/openssl/bn.h ../include/openssl/buffer.h
241e_ubsec.o: ../include/openssl/crypto.h ../include/openssl/dh.h 285e_ubsec.o: ../include/openssl/crypto.h ../include/openssl/dh.h
242e_ubsec.o: ../include/openssl/dsa.h ../include/openssl/dso.h 286e_ubsec.o: ../include/openssl/dsa.h ../include/openssl/dso.h
243e_ubsec.o: ../include/openssl/e_os2.h ../include/openssl/engine.h 287e_ubsec.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
244e_ubsec.o: ../include/openssl/err.h ../include/openssl/lhash.h 288e_ubsec.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
289e_ubsec.o: ../include/openssl/engine.h ../include/openssl/err.h
290e_ubsec.o: ../include/openssl/evp.h ../include/openssl/lhash.h
291e_ubsec.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
245e_ubsec.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h 292e_ubsec.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
246e_ubsec.o: ../include/openssl/ossl_typ.h ../include/openssl/rsa.h 293e_ubsec.o: ../include/openssl/ossl_typ.h ../include/openssl/pkcs7.h
247e_ubsec.o: ../include/openssl/safestack.h ../include/openssl/stack.h 294e_ubsec.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
248e_ubsec.o: ../include/openssl/symhacks.h e_ubsec.c e_ubsec_err.c e_ubsec_err.h 295e_ubsec.o: ../include/openssl/sha.h ../include/openssl/stack.h
296e_ubsec.o: ../include/openssl/symhacks.h ../include/openssl/x509.h
297e_ubsec.o: ../include/openssl/x509_vfy.h e_ubsec.c e_ubsec_err.c e_ubsec_err.h
249e_ubsec.o: vendor_defns/hw_ubsec.h 298e_ubsec.o: vendor_defns/hw_ubsec.h
diff --git a/src/lib/libssl/src/engines/e_capi.c b/src/lib/libssl/src/engines/e_capi.c
new file mode 100644
index 0000000000..e98946c85a
--- /dev/null
+++ b/src/lib/libssl/src/engines/e_capi.c
@@ -0,0 +1,1781 @@
1/* engines/e_capi.c */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project.
4 */
5/* ====================================================================
6 * Copyright (c) 2008 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 */
53
54
55#include <stdio.h>
56#include <string.h>
57#include <openssl/crypto.h>
58#include <openssl/buffer.h>
59#include <openssl/rsa.h>
60#include <openssl/bn.h>
61
62#ifdef OPENSSL_SYS_WIN32
63#ifndef OPENSSL_NO_CAPIENG
64
65
66#include <windows.h>
67
68#ifndef _WIN32_WINNT
69#define _WIN32_WINNT 0x0400
70#endif
71
72#include <wincrypt.h>
73
74#undef X509_EXTENSIONS
75#undef X509_CERT_PAIR
76
77/* Definitions which may be missing from earlier version of headers */
78#ifndef CERT_STORE_OPEN_EXISTING_FLAG
79#define CERT_STORE_OPEN_EXISTING_FLAG 0x00004000
80#endif
81
82#ifndef CERT_STORE_CREATE_NEW_FLAG
83#define CERT_STORE_CREATE_NEW_FLAG 0x00002000
84#endif
85
86#include <openssl/engine.h>
87#include <openssl/pem.h>
88#include <openssl/x509v3.h>
89
90#include "e_capi_err.h"
91#include "e_capi_err.c"
92
93
94static const char *engine_capi_id = "capi";
95static const char *engine_capi_name = "CryptoAPI ENGINE";
96
97typedef struct CAPI_CTX_st CAPI_CTX;
98typedef struct CAPI_KEY_st CAPI_KEY;
99
100static void capi_addlasterror(void);
101static void capi_adderror(DWORD err);
102
103static void CAPI_trace(CAPI_CTX *ctx, char *format, ...);
104
105static int capi_list_providers(CAPI_CTX *ctx, BIO *out);
106static int capi_list_containers(CAPI_CTX *ctx, BIO *out);
107int capi_list_certs(CAPI_CTX *ctx, BIO *out, char *storename);
108void capi_free_key(CAPI_KEY *key);
109
110static PCCERT_CONTEXT capi_find_cert(CAPI_CTX *ctx, const char *id, HCERTSTORE hstore);
111
112CAPI_KEY *capi_find_key(CAPI_CTX *ctx, const char *id);
113
114static EVP_PKEY *capi_load_privkey(ENGINE *eng, const char *key_id,
115 UI_METHOD *ui_method, void *callback_data);
116static int capi_rsa_sign(int dtype, const unsigned char *m, unsigned int m_len,
117 unsigned char *sigret, unsigned int *siglen, const RSA *rsa);
118static int capi_rsa_priv_enc(int flen, const unsigned char *from,
119 unsigned char *to, RSA *rsa, int padding);
120static int capi_rsa_priv_dec(int flen, const unsigned char *from,
121 unsigned char *to, RSA *rsa, int padding);
122static int capi_rsa_free(RSA *rsa);
123
124static DSA_SIG *capi_dsa_do_sign(const unsigned char *digest, int dlen,
125 DSA *dsa);
126static int capi_dsa_free(DSA *dsa);
127
128static int capi_load_ssl_client_cert(ENGINE *e, SSL *ssl,
129 STACK_OF(X509_NAME) *ca_dn, X509 **pcert, EVP_PKEY **pkey,
130 STACK_OF(X509) **pother, UI_METHOD *ui_method, void *callback_data);
131
132static int cert_select_simple(ENGINE *e, SSL *ssl, STACK_OF(X509) *certs);
133#ifdef OPENSSL_CAPIENG_DIALOG
134static int cert_select_dialog(ENGINE *e, SSL *ssl, STACK_OF(X509) *certs);
135#endif
136
137typedef PCCERT_CONTEXT (WINAPI *CERTDLG)(HCERTSTORE, HWND, LPCWSTR,
138 LPCWSTR, DWORD, DWORD,
139 void *);
140typedef HWND (WINAPI *GETCONSWIN)(void);
141
142/* This structure contains CAPI ENGINE specific data:
143 * it contains various global options and affects how
144 * other functions behave.
145 */
146
147#define CAPI_DBG_TRACE 2
148#define CAPI_DBG_ERROR 1
149
150struct CAPI_CTX_st {
151 int debug_level;
152 char *debug_file;
153 /* Parameters to use for container lookup */
154 DWORD keytype;
155 LPTSTR cspname;
156 DWORD csptype;
157 /* Certificate store name to use */
158 LPTSTR storename;
159 LPTSTR ssl_client_store;
160 /* System store flags */
161 DWORD store_flags;
162
163/* Lookup string meanings in load_private_key */
164/* Substring of subject: uses "storename" */
165#define CAPI_LU_SUBSTR 0
166/* Friendly name: uses storename */
167#define CAPI_LU_FNAME 1
168/* Container name: uses cspname, keytype */
169#define CAPI_LU_CONTNAME 2
170 int lookup_method;
171/* Info to dump with dumpcerts option */
172/* Issuer and serial name strings */
173#define CAPI_DMP_SUMMARY 0x1
174/* Friendly name */
175#define CAPI_DMP_FNAME 0x2
176/* Full X509_print dump */
177#define CAPI_DMP_FULL 0x4
178/* Dump PEM format certificate */
179#define CAPI_DMP_PEM 0x8
180/* Dump pseudo key (if possible) */
181#define CAPI_DMP_PSKEY 0x10
182/* Dump key info (if possible) */
183#define CAPI_DMP_PKEYINFO 0x20
184
185 DWORD dump_flags;
186 int (*client_cert_select)(ENGINE *e, SSL *ssl, STACK_OF(X509) *certs);
187
188 CERTDLG certselectdlg;
189 GETCONSWIN getconswindow;
190};
191
192
193static CAPI_CTX *capi_ctx_new();
194static void capi_ctx_free(CAPI_CTX *ctx);
195static int capi_ctx_set_provname(CAPI_CTX *ctx, LPSTR pname, DWORD type, int check);
196static int capi_ctx_set_provname_idx(CAPI_CTX *ctx, int idx);
197
198#define CAPI_CMD_LIST_CERTS ENGINE_CMD_BASE
199#define CAPI_CMD_LOOKUP_CERT (ENGINE_CMD_BASE + 1)
200#define CAPI_CMD_DEBUG_LEVEL (ENGINE_CMD_BASE + 2)
201#define CAPI_CMD_DEBUG_FILE (ENGINE_CMD_BASE + 3)
202#define CAPI_CMD_KEYTYPE (ENGINE_CMD_BASE + 4)
203#define CAPI_CMD_LIST_CSPS (ENGINE_CMD_BASE + 5)
204#define CAPI_CMD_SET_CSP_IDX (ENGINE_CMD_BASE + 6)
205#define CAPI_CMD_SET_CSP_NAME (ENGINE_CMD_BASE + 7)
206#define CAPI_CMD_SET_CSP_TYPE (ENGINE_CMD_BASE + 8)
207#define CAPI_CMD_LIST_CONTAINERS (ENGINE_CMD_BASE + 9)
208#define CAPI_CMD_LIST_OPTIONS (ENGINE_CMD_BASE + 10)
209#define CAPI_CMD_LOOKUP_METHOD (ENGINE_CMD_BASE + 11)
210#define CAPI_CMD_STORE_NAME (ENGINE_CMD_BASE + 12)
211#define CAPI_CMD_STORE_FLAGS (ENGINE_CMD_BASE + 13)
212
213static const ENGINE_CMD_DEFN capi_cmd_defns[] = {
214 {CAPI_CMD_LIST_CERTS,
215 "list_certs",
216 "List all certificates in store",
217 ENGINE_CMD_FLAG_NO_INPUT},
218 {CAPI_CMD_LOOKUP_CERT,
219 "lookup_cert",
220 "Lookup and output certificates",
221 ENGINE_CMD_FLAG_STRING},
222 {CAPI_CMD_DEBUG_LEVEL,
223 "debug_level",
224 "debug level (1=errors, 2=trace)",
225 ENGINE_CMD_FLAG_NUMERIC},
226 {CAPI_CMD_DEBUG_FILE,
227 "debug_file",
228 "debugging filename)",
229 ENGINE_CMD_FLAG_STRING},
230 {CAPI_CMD_KEYTYPE,
231 "key_type",
232 "Key type: 1=AT_KEYEXCHANGE (default), 2=AT_SIGNATURE",
233 ENGINE_CMD_FLAG_NUMERIC},
234 {CAPI_CMD_LIST_CSPS,
235 "list_csps",
236 "List all CSPs",
237 ENGINE_CMD_FLAG_NO_INPUT},
238 {CAPI_CMD_SET_CSP_IDX,
239 "csp_idx",
240 "Set CSP by index",
241 ENGINE_CMD_FLAG_NUMERIC},
242 {CAPI_CMD_SET_CSP_NAME,
243 "csp_name",
244 "Set CSP name, (default CSP used if not specified)",
245 ENGINE_CMD_FLAG_STRING},
246 {CAPI_CMD_SET_CSP_TYPE,
247 "csp_type",
248 "Set CSP type, (default RSA_PROV_FULL)",
249 ENGINE_CMD_FLAG_NUMERIC},
250 {CAPI_CMD_LIST_CONTAINERS,
251 "list_containers",
252 "list container names",
253 ENGINE_CMD_FLAG_NO_INPUT},
254 {CAPI_CMD_LIST_OPTIONS,
255 "list_options",
256 "Set list options (1=summary,2=friendly name, 4=full printout, 8=PEM output, 16=XXX, "
257 "32=private key info)",
258 ENGINE_CMD_FLAG_NUMERIC},
259 {CAPI_CMD_LOOKUP_METHOD,
260 "lookup_method",
261 "Set key lookup method (1=substring, 2=friendlyname, 3=container name)",
262 ENGINE_CMD_FLAG_NUMERIC},
263 {CAPI_CMD_STORE_NAME,
264 "store_name",
265 "certificate store name, default \"MY\"",
266 ENGINE_CMD_FLAG_STRING},
267 {CAPI_CMD_STORE_FLAGS,
268 "store_flags",
269 "Certificate store flags: 1 = system store",
270 ENGINE_CMD_FLAG_NUMERIC},
271
272 {0, NULL, NULL, 0}
273 };
274
275static int capi_idx = -1;
276static int rsa_capi_idx = -1;
277static int dsa_capi_idx = -1;
278static int cert_capi_idx = -1;
279
280static int capi_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void))
281 {
282 int ret = 1;
283 CAPI_CTX *ctx;
284 BIO *out;
285 if (capi_idx == -1)
286 {
287 CAPIerr(CAPI_F_CAPI_CTRL, CAPI_R_ENGINE_NOT_INITIALIZED);
288 return 0;
289 }
290 ctx = ENGINE_get_ex_data(e, capi_idx);
291 out = BIO_new_fp(stdout, BIO_NOCLOSE);
292 switch (cmd)
293 {
294 case CAPI_CMD_LIST_CSPS:
295 ret = capi_list_providers(ctx, out);
296 break;
297
298 case CAPI_CMD_LIST_CERTS:
299 ret = capi_list_certs(ctx, out, NULL);
300 break;
301
302 case CAPI_CMD_LOOKUP_CERT:
303 ret = capi_list_certs(ctx, out, p);
304 break;
305
306 case CAPI_CMD_LIST_CONTAINERS:
307 ret = capi_list_containers(ctx, out);
308 break;
309
310 case CAPI_CMD_STORE_NAME:
311 if (ctx->storename)
312 OPENSSL_free(ctx->storename);
313 ctx->storename = BUF_strdup(p);
314 CAPI_trace(ctx, "Setting store name to %s\n", p);
315 break;
316
317 case CAPI_CMD_STORE_FLAGS:
318 if (i & 1)
319 {
320 ctx->store_flags |= CERT_SYSTEM_STORE_LOCAL_MACHINE;
321 ctx->store_flags &= ~CERT_SYSTEM_STORE_CURRENT_USER;
322 }
323 else
324 {
325 ctx->store_flags |= CERT_SYSTEM_STORE_CURRENT_USER;
326 ctx->store_flags &= ~CERT_SYSTEM_STORE_LOCAL_MACHINE;
327 }
328 CAPI_trace(ctx, "Setting flags to %d\n", i);
329 break;
330
331 case CAPI_CMD_DEBUG_LEVEL:
332 ctx->debug_level = (int)i;
333 CAPI_trace(ctx, "Setting debug level to %d\n", ctx->debug_level);
334 break;
335
336 case CAPI_CMD_DEBUG_FILE:
337 ctx->debug_file = BUF_strdup(p);
338 CAPI_trace(ctx, "Setting debug file to %s\n", ctx->debug_file);
339 break;
340
341 case CAPI_CMD_KEYTYPE:
342 ctx->keytype = i;
343 CAPI_trace(ctx, "Setting key type to %d\n", ctx->keytype);
344 break;
345
346 case CAPI_CMD_SET_CSP_IDX:
347 ret = capi_ctx_set_provname_idx(ctx, i);
348 break;
349
350 case CAPI_CMD_LIST_OPTIONS:
351 ctx->dump_flags = i;
352 break;
353
354 case CAPI_CMD_LOOKUP_METHOD:
355 if (i < 1 || i > 3)
356 {
357 CAPIerr(CAPI_F_CAPI_CTRL, CAPI_R_INVALID_LOOKUP_METHOD);
358 return 0;
359 }
360 ctx->lookup_method = i;
361 break;
362
363 case CAPI_CMD_SET_CSP_NAME:
364 ret = capi_ctx_set_provname(ctx, p, ctx->csptype, 1);
365 break;
366
367 case CAPI_CMD_SET_CSP_TYPE:
368 ctx->csptype = i;
369 break;
370
371 default:
372 CAPIerr(CAPI_F_CAPI_CTRL, CAPI_R_UNKNOWN_COMMAND);
373 ret = 0;
374 }
375
376 BIO_free(out);
377 return ret;
378
379 }
380
381static RSA_METHOD capi_rsa_method =
382 {
383 "CryptoAPI RSA method",
384 0, /* pub_enc */
385 0, /* pub_dec */
386 capi_rsa_priv_enc, /* priv_enc */
387 capi_rsa_priv_dec, /* priv_dec */
388 0, /* rsa_mod_exp */
389 0, /* bn_mod_exp */
390 0, /* init */
391 capi_rsa_free, /* finish */
392 RSA_FLAG_SIGN_VER, /* flags */
393 NULL, /* app_data */
394 capi_rsa_sign, /* rsa_sign */
395 0 /* rsa_verify */
396 };
397
398static DSA_METHOD capi_dsa_method =
399 {
400 "CryptoAPI DSA method",
401 capi_dsa_do_sign, /* dsa_do_sign */
402 0, /* dsa_sign_setup */
403 0, /* dsa_do_verify */
404 0, /* dsa_mod_exp */
405 0, /* bn_mod_exp */
406 0, /* init */
407 capi_dsa_free, /* finish */
408 0, /* flags */
409 NULL, /* app_data */
410 0, /* dsa_paramgen */
411 0 /* dsa_keygen */
412 };
413
414static int capi_init(ENGINE *e)
415 {
416 CAPI_CTX *ctx;
417 const RSA_METHOD *ossl_rsa_meth;
418 const DSA_METHOD *ossl_dsa_meth;
419 capi_idx = ENGINE_get_ex_new_index(0, NULL, NULL, NULL, 0);
420 cert_capi_idx = X509_get_ex_new_index(0, NULL, NULL, NULL, 0);
421
422 ctx = capi_ctx_new();
423 if (!ctx || (capi_idx < 0))
424 goto memerr;
425
426 ENGINE_set_ex_data(e, capi_idx, ctx);
427 /* Setup RSA_METHOD */
428 rsa_capi_idx = RSA_get_ex_new_index(0, NULL, NULL, NULL, 0);
429 ossl_rsa_meth = RSA_PKCS1_SSLeay();
430 capi_rsa_method.rsa_pub_enc = ossl_rsa_meth->rsa_pub_enc;
431 capi_rsa_method.rsa_pub_dec = ossl_rsa_meth->rsa_pub_dec;
432 capi_rsa_method.rsa_mod_exp = ossl_rsa_meth->rsa_mod_exp;
433 capi_rsa_method.bn_mod_exp = ossl_rsa_meth->bn_mod_exp;
434
435 /* Setup DSA Method */
436 dsa_capi_idx = DSA_get_ex_new_index(0, NULL, NULL, NULL, 0);
437 ossl_dsa_meth = DSA_OpenSSL();
438 capi_dsa_method.dsa_do_verify = ossl_dsa_meth->dsa_do_verify;
439 capi_dsa_method.dsa_mod_exp = ossl_dsa_meth->dsa_mod_exp;
440 capi_dsa_method.bn_mod_exp = ossl_dsa_meth->bn_mod_exp;
441
442#ifdef OPENSSL_CAPIENG_DIALOG
443 {
444 HMODULE cryptui = LoadLibrary(TEXT("CRYPTUI.DLL"));
445 HMODULE kernel = LoadLibrary(TEXT("KERNEL32.DLL"));
446 if (cryptui)
447 ctx->certselectdlg = (CERTDLG)GetProcAddress(cryptui, "CryptUIDlgSelectCertificateFromStore");
448 if (kernel)
449 ctx->getconswindow = (GETCONSWIN)GetProcAddress(kernel, "GetConsoleWindow");
450 if (cryptui && !OPENSSL_isservice())
451 ctx->client_cert_select = cert_select_dialog;
452 }
453#endif
454
455
456 return 1;
457
458 memerr:
459 CAPIerr(CAPI_F_CAPI_INIT, ERR_R_MALLOC_FAILURE);
460 return 0;
461
462 return 1;
463 }
464
465static int capi_destroy(ENGINE *e)
466 {
467 ERR_unload_CAPI_strings();
468 return 1;
469 }
470
471static int capi_finish(ENGINE *e)
472 {
473 CAPI_CTX *ctx;
474 ctx = ENGINE_get_ex_data(e, capi_idx);
475 capi_ctx_free(ctx);
476 ENGINE_set_ex_data(e, capi_idx, NULL);
477 return 1;
478 }
479
480
481/* CryptoAPI key application data. This contains
482 * a handle to the private key container (for sign operations)
483 * and a handle to the key (for decrypt operations).
484 */
485
486struct CAPI_KEY_st
487 {
488 /* Associated certificate context (if any) */
489 PCCERT_CONTEXT pcert;
490 HCRYPTPROV hprov;
491 HCRYPTKEY key;
492 DWORD keyspec;
493 };
494
495static int bind_capi(ENGINE *e)
496 {
497 if (!ENGINE_set_id(e, engine_capi_id)
498 || !ENGINE_set_name(e, engine_capi_name)
499 || !ENGINE_set_init_function(e, capi_init)
500 || !ENGINE_set_finish_function(e, capi_finish)
501 || !ENGINE_set_destroy_function(e, capi_destroy)
502 || !ENGINE_set_RSA(e, &capi_rsa_method)
503 || !ENGINE_set_DSA(e, &capi_dsa_method)
504 || !ENGINE_set_load_privkey_function(e, capi_load_privkey)
505 || !ENGINE_set_load_ssl_client_cert_function(e,
506 capi_load_ssl_client_cert)
507 || !ENGINE_set_cmd_defns(e, capi_cmd_defns)
508 || !ENGINE_set_ctrl_function(e, capi_ctrl))
509 return 0;
510 ERR_load_CAPI_strings();
511
512 return 1;
513
514 }
515
516#ifndef OPENSSL_NO_DYNAMIC_ENGINE
517static int bind_helper(ENGINE *e, const char *id)
518 {
519 if(id && (strcmp(id, engine_capi_id) != 0))
520 return 0;
521 if(!bind_capi(e))
522 return 0;
523 return 1;
524 }
525IMPLEMENT_DYNAMIC_CHECK_FN()
526IMPLEMENT_DYNAMIC_BIND_FN(bind_helper)
527#else
528static ENGINE *engine_capi(void)
529 {
530 ENGINE *ret = ENGINE_new();
531 if(!ret)
532 return NULL;
533 if(!bind_capi(ret))
534 {
535 ENGINE_free(ret);
536 return NULL;
537 }
538 return ret;
539 }
540
541void ENGINE_load_capi(void)
542 {
543 /* Copied from eng_[openssl|dyn].c */
544 ENGINE *toadd = engine_capi();
545 if(!toadd) return;
546 ENGINE_add(toadd);
547 ENGINE_free(toadd);
548 ERR_clear_error();
549 }
550#endif
551
552
553static int lend_tobn(BIGNUM *bn, unsigned char *bin, int binlen)
554 {
555 int i;
556 /* Reverse buffer in place: since this is a keyblob structure
557 * that will be freed up after conversion anyway it doesn't
558 * matter if we change it.
559 */
560 for(i = 0; i < binlen / 2; i++)
561 {
562 unsigned char c;
563 c = bin[i];
564 bin[i] = bin[binlen - i - 1];
565 bin[binlen - i - 1] = c;
566 }
567
568 if (!BN_bin2bn(bin, binlen, bn))
569 return 0;
570 return 1;
571 }
572
573/* Given a CAPI_KEY get an EVP_PKEY structure */
574
575static EVP_PKEY *capi_get_pkey(ENGINE *eng, CAPI_KEY *key)
576 {
577 unsigned char *pubkey = NULL;
578 DWORD len;
579 BLOBHEADER *bh;
580 RSA *rkey = NULL;
581 DSA *dkey = NULL;
582 EVP_PKEY *ret = NULL;
583 if (!CryptExportKey(key->key, 0, PUBLICKEYBLOB, 0, NULL, &len))
584 {
585 CAPIerr(CAPI_F_CAPI_GET_PKEY, CAPI_R_PUBKEY_EXPORT_LENGTH_ERROR);
586 capi_addlasterror();
587 return NULL;
588 }
589
590 pubkey = OPENSSL_malloc(len);
591
592 if (!pubkey)
593 goto memerr;
594
595 if (!CryptExportKey(key->key, 0, PUBLICKEYBLOB, 0, pubkey, &len))
596 {
597 CAPIerr(CAPI_F_CAPI_GET_PKEY, CAPI_R_PUBKEY_EXPORT_ERROR);
598 capi_addlasterror();
599 goto err;
600 }
601
602 bh = (BLOBHEADER *)pubkey;
603 if (bh->bType != PUBLICKEYBLOB)
604 {
605 CAPIerr(CAPI_F_CAPI_GET_PKEY, CAPI_R_INVALID_PUBLIC_KEY_BLOB);
606 goto err;
607 }
608 if (bh->aiKeyAlg == CALG_RSA_SIGN || bh->aiKeyAlg == CALG_RSA_KEYX)
609 {
610 RSAPUBKEY *rp;
611 DWORD rsa_modlen;
612 unsigned char *rsa_modulus;
613 rp = (RSAPUBKEY *)(bh + 1);
614 if (rp->magic != 0x31415352)
615 {
616 char magstr[10];
617 BIO_snprintf(magstr, 10, "%lx", rp->magic);
618 CAPIerr(CAPI_F_CAPI_GET_PKEY, CAPI_R_INVALID_RSA_PUBLIC_KEY_BLOB_MAGIC_NUMBER);
619 ERR_add_error_data(2, "magic=0x", magstr);
620 goto err;
621 }
622 rsa_modulus = (unsigned char *)(rp + 1);
623 rkey = RSA_new_method(eng);
624 if (!rkey)
625 goto memerr;
626
627 rkey->e = BN_new();
628 rkey->n = BN_new();
629
630 if (!rkey->e || !rkey->n)
631 goto memerr;
632
633 if (!BN_set_word(rkey->e, rp->pubexp))
634 goto memerr;
635
636 rsa_modlen = rp->bitlen / 8;
637 if (!lend_tobn(rkey->n, rsa_modulus, rsa_modlen))
638 goto memerr;
639
640 RSA_set_ex_data(rkey, rsa_capi_idx, key);
641
642 if (!(ret = EVP_PKEY_new()))
643 goto memerr;
644
645 EVP_PKEY_assign_RSA(ret, rkey);
646 rkey = NULL;
647
648 }
649 else if (bh->aiKeyAlg == CALG_DSS_SIGN)
650 {
651 DSSPUBKEY *dp;
652 DWORD dsa_plen;
653 unsigned char *btmp;
654 dp = (DSSPUBKEY *)(bh + 1);
655 if (dp->magic != 0x31535344)
656 {
657 char magstr[10];
658 BIO_snprintf(magstr, 10, "%lx", dp->magic);
659 CAPIerr(CAPI_F_CAPI_GET_PKEY, CAPI_R_INVALID_DSA_PUBLIC_KEY_BLOB_MAGIC_NUMBER);
660 ERR_add_error_data(2, "magic=0x", magstr);
661 goto err;
662 }
663 dsa_plen = dp->bitlen / 8;
664 btmp = (unsigned char *)(dp + 1);
665 dkey = DSA_new_method(eng);
666 if (!dkey)
667 goto memerr;
668 dkey->p = BN_new();
669 dkey->q = BN_new();
670 dkey->g = BN_new();
671 dkey->pub_key = BN_new();
672 if (!dkey->p || !dkey->q || !dkey->g || !dkey->pub_key)
673 goto memerr;
674 if (!lend_tobn(dkey->p, btmp, dsa_plen))
675 goto memerr;
676 btmp += dsa_plen;
677 if (!lend_tobn(dkey->q, btmp, 20))
678 goto memerr;
679 btmp += 20;
680 if (!lend_tobn(dkey->g, btmp, dsa_plen))
681 goto memerr;
682 btmp += dsa_plen;
683 if (!lend_tobn(dkey->pub_key, btmp, dsa_plen))
684 goto memerr;
685 btmp += dsa_plen;
686
687 DSA_set_ex_data(dkey, dsa_capi_idx, key);
688
689 if (!(ret = EVP_PKEY_new()))
690 goto memerr;
691
692 EVP_PKEY_assign_DSA(ret, dkey);
693 dkey = NULL;
694 }
695 else
696 {
697 char algstr[10];
698 BIO_snprintf(algstr, 10, "%lx", bh->aiKeyAlg);
699 CAPIerr(CAPI_F_CAPI_GET_PKEY, CAPI_R_UNSUPPORTED_PUBLIC_KEY_ALGORITHM);
700 ERR_add_error_data(2, "aiKeyAlg=0x", algstr);
701 goto err;
702 }
703
704
705 err:
706 if (pubkey)
707 OPENSSL_free(pubkey);
708 if (!ret)
709 {
710 if (rkey)
711 RSA_free(rkey);
712 if (dkey)
713 DSA_free(dkey);
714 }
715
716 return ret;
717
718memerr:
719 CAPIerr(CAPI_F_CAPI_GET_PKEY, ERR_R_MALLOC_FAILURE);
720 goto err;
721
722 }
723
724static EVP_PKEY *capi_load_privkey(ENGINE *eng, const char *key_id,
725 UI_METHOD *ui_method, void *callback_data)
726 {
727 CAPI_CTX *ctx;
728 CAPI_KEY *key;
729 EVP_PKEY *ret;
730 ctx = ENGINE_get_ex_data(eng, capi_idx);
731
732 if (!ctx)
733 {
734 CAPIerr(CAPI_F_CAPI_LOAD_PRIVKEY, CAPI_R_CANT_FIND_CAPI_CONTEXT);
735 return NULL;
736 }
737
738 key = capi_find_key(ctx, key_id);
739
740 if (!key)
741 return NULL;
742
743 ret = capi_get_pkey(eng, key);
744
745 if (!ret)
746 capi_free_key(key);
747 return ret;
748
749 }
750
751/* CryptoAPI RSA operations */
752
753int capi_rsa_priv_enc(int flen, const unsigned char *from,
754 unsigned char *to, RSA *rsa, int padding)
755 {
756 CAPIerr(CAPI_F_CAPI_RSA_PRIV_ENC, CAPI_R_FUNCTION_NOT_SUPPORTED);
757 return -1;
758 }
759
760int capi_rsa_sign(int dtype, const unsigned char *m, unsigned int m_len,
761 unsigned char *sigret, unsigned int *siglen, const RSA *rsa)
762 {
763 ALG_ID alg;
764 HCRYPTHASH hash;
765 DWORD slen;
766 unsigned int i;
767 int ret = -1;
768 CAPI_KEY *capi_key;
769 CAPI_CTX *ctx;
770
771 ctx = ENGINE_get_ex_data(rsa->engine, capi_idx);
772
773 CAPI_trace(ctx, "Called CAPI_rsa_sign()\n");
774
775 capi_key = RSA_get_ex_data(rsa, rsa_capi_idx);
776 if (!capi_key)
777 {
778 CAPIerr(CAPI_F_CAPI_RSA_SIGN, CAPI_R_CANT_GET_KEY);
779 return -1;
780 }
781/* Convert the signature type to a CryptoAPI algorithm ID */
782 switch(dtype)
783 {
784 case NID_sha1:
785 alg = CALG_SHA1;
786 break;
787
788 case NID_md5:
789 alg = CALG_MD5;
790 break;
791
792 case NID_md5_sha1:
793 alg = CALG_SSL3_SHAMD5;
794 break;
795 default:
796 {
797 char algstr[10];
798 BIO_snprintf(algstr, 10, "%lx", dtype);
799 CAPIerr(CAPI_F_CAPI_RSA_SIGN, CAPI_R_UNSUPPORTED_ALGORITHM_NID);
800 ERR_add_error_data(2, "NID=0x", algstr);
801 return -1;
802 }
803 }
804
805
806
807/* Create the hash object */
808 if(!CryptCreateHash(capi_key->hprov, alg, 0, 0, &hash))
809 {
810 CAPIerr(CAPI_F_CAPI_RSA_SIGN, CAPI_R_CANT_CREATE_HASH_OBJECT);
811 capi_addlasterror();
812 return -1;
813 }
814/* Set the hash value to the value passed */
815
816 if(!CryptSetHashParam(hash, HP_HASHVAL, (unsigned char *)m, 0))
817 {
818 CAPIerr(CAPI_F_CAPI_RSA_SIGN, CAPI_R_CANT_SET_HASH_VALUE);
819 capi_addlasterror();
820 goto err;
821 }
822
823
824/* Finally sign it */
825 slen = RSA_size(rsa);
826 if(!CryptSignHash(hash, capi_key->keyspec, NULL, 0, sigret, &slen))
827 {
828 CAPIerr(CAPI_F_CAPI_RSA_SIGN, CAPI_R_ERROR_SIGNING_HASH);
829 capi_addlasterror();
830 goto err;
831 }
832 else
833 {
834 ret = 1;
835 /* Inplace byte reversal of signature */
836 for(i = 0; i < slen / 2; i++)
837 {
838 unsigned char c;
839 c = sigret[i];
840 sigret[i] = sigret[slen - i - 1];
841 sigret[slen - i - 1] = c;
842 }
843 *siglen = slen;
844 }
845
846 /* Now cleanup */
847
848err:
849 CryptDestroyHash(hash);
850
851 return ret;
852 }
853
854int capi_rsa_priv_dec(int flen, const unsigned char *from,
855 unsigned char *to, RSA *rsa, int padding)
856 {
857 int i;
858 unsigned char *tmpbuf;
859 CAPI_KEY *capi_key;
860 CAPI_CTX *ctx;
861 ctx = ENGINE_get_ex_data(rsa->engine, capi_idx);
862
863 CAPI_trace(ctx, "Called capi_rsa_priv_dec()\n");
864
865
866 capi_key = RSA_get_ex_data(rsa, rsa_capi_idx);
867 if (!capi_key)
868 {
869 CAPIerr(CAPI_F_CAPI_RSA_PRIV_DEC, CAPI_R_CANT_GET_KEY);
870 return -1;
871 }
872
873 if(padding != RSA_PKCS1_PADDING)
874 {
875 char errstr[10];
876 BIO_snprintf(errstr, 10, "%d", padding);
877 CAPIerr(CAPI_F_CAPI_RSA_PRIV_DEC, CAPI_R_UNSUPPORTED_PADDING);
878 ERR_add_error_data(2, "padding=", errstr);
879 return -1;
880 }
881
882 /* Create temp reverse order version of input */
883 if(!(tmpbuf = OPENSSL_malloc(flen)) )
884 {
885 CAPIerr(CAPI_F_CAPI_RSA_PRIV_DEC, ERR_R_MALLOC_FAILURE);
886 return -1;
887 }
888 for(i = 0; i < flen; i++)
889 tmpbuf[flen - i - 1] = from[i];
890
891 /* Finally decrypt it */
892 if(!CryptDecrypt(capi_key->key, 0, TRUE, 0, tmpbuf, &flen))
893 {
894 CAPIerr(CAPI_F_CAPI_RSA_PRIV_DEC, CAPI_R_DECRYPT_ERROR);
895 capi_addlasterror();
896 OPENSSL_free(tmpbuf);
897 return -1;
898 }
899 else memcpy(to, tmpbuf, flen);
900
901 OPENSSL_free(tmpbuf);
902
903 return flen;
904 }
905
906static int capi_rsa_free(RSA *rsa)
907 {
908 CAPI_KEY *capi_key;
909 capi_key = RSA_get_ex_data(rsa, rsa_capi_idx);
910 capi_free_key(capi_key);
911 RSA_set_ex_data(rsa, rsa_capi_idx, 0);
912 return 1;
913 }
914
915/* CryptoAPI DSA operations */
916
917static DSA_SIG *capi_dsa_do_sign(const unsigned char *digest, int dlen,
918 DSA *dsa)
919 {
920 HCRYPTHASH hash;
921 DWORD slen;
922 DSA_SIG *ret = NULL;
923 CAPI_KEY *capi_key;
924 CAPI_CTX *ctx;
925 unsigned char csigbuf[40];
926
927 ctx = ENGINE_get_ex_data(dsa->engine, capi_idx);
928
929 CAPI_trace(ctx, "Called CAPI_dsa_do_sign()\n");
930
931 capi_key = DSA_get_ex_data(dsa, dsa_capi_idx);
932
933 if (!capi_key)
934 {
935 CAPIerr(CAPI_F_CAPI_DSA_DO_SIGN, CAPI_R_CANT_GET_KEY);
936 return NULL;
937 }
938
939 if (dlen != 20)
940 {
941 CAPIerr(CAPI_F_CAPI_DSA_DO_SIGN, CAPI_R_INVALID_DIGEST_LENGTH);
942 return NULL;
943 }
944
945 /* Create the hash object */
946 if(!CryptCreateHash(capi_key->hprov, CALG_SHA1, 0, 0, &hash))
947 {
948 CAPIerr(CAPI_F_CAPI_DSA_DO_SIGN, CAPI_R_CANT_CREATE_HASH_OBJECT);
949 capi_addlasterror();
950 return NULL;
951 }
952
953 /* Set the hash value to the value passed */
954 if(!CryptSetHashParam(hash, HP_HASHVAL, (unsigned char *)digest, 0))
955 {
956 CAPIerr(CAPI_F_CAPI_DSA_DO_SIGN, CAPI_R_CANT_SET_HASH_VALUE);
957 capi_addlasterror();
958 goto err;
959 }
960
961
962 /* Finally sign it */
963 slen = sizeof(csigbuf);
964 if(!CryptSignHash(hash, capi_key->keyspec, NULL, 0, csigbuf, &slen))
965 {
966 CAPIerr(CAPI_F_CAPI_DSA_DO_SIGN, CAPI_R_ERROR_SIGNING_HASH);
967 capi_addlasterror();
968 goto err;
969 }
970 else
971 {
972 ret = DSA_SIG_new();
973 if (!ret)
974 goto err;
975 ret->r = BN_new();
976 ret->s = BN_new();
977 if (!ret->r || !ret->s)
978 goto err;
979 if (!lend_tobn(ret->r, csigbuf, 20)
980 || !lend_tobn(ret->s, csigbuf + 20, 20))
981 {
982 DSA_SIG_free(ret);
983 ret = NULL;
984 goto err;
985 }
986 }
987
988 /* Now cleanup */
989
990err:
991 OPENSSL_cleanse(csigbuf, 40);
992 CryptDestroyHash(hash);
993 return ret;
994 }
995
996static int capi_dsa_free(DSA *dsa)
997 {
998 CAPI_KEY *capi_key;
999 capi_key = DSA_get_ex_data(dsa, dsa_capi_idx);
1000 capi_free_key(capi_key);
1001 DSA_set_ex_data(dsa, dsa_capi_idx, 0);
1002 return 1;
1003 }
1004
1005static void capi_vtrace(CAPI_CTX *ctx, int level, char *format, va_list argptr)
1006 {
1007 BIO *out;
1008
1009 if (!ctx || (ctx->debug_level < level) || (!ctx->debug_file))
1010 return;
1011 out = BIO_new_file(ctx->debug_file, "a+");
1012 BIO_vprintf(out, format, argptr);
1013 BIO_free(out);
1014 }
1015
1016static void CAPI_trace(CAPI_CTX *ctx, char *format, ...)
1017 {
1018 va_list args;
1019 va_start(args, format);
1020 capi_vtrace(ctx, CAPI_DBG_TRACE, format, args);
1021 va_end(args);
1022 }
1023
1024static void capi_addlasterror(void)
1025 {
1026 capi_adderror(GetLastError());
1027 }
1028
1029static void capi_adderror(DWORD err)
1030 {
1031 char errstr[10];
1032 BIO_snprintf(errstr, 10, "%lX", err);
1033 ERR_add_error_data(2, "Error code= 0x", errstr);
1034 }
1035
1036static char *wide_to_asc(LPWSTR wstr)
1037 {
1038 char *str;
1039 if (!wstr)
1040 return NULL;
1041 str = OPENSSL_malloc(wcslen(wstr) + 1);
1042 if (!str)
1043 {
1044 CAPIerr(CAPI_F_WIDE_TO_ASC, ERR_R_MALLOC_FAILURE);
1045 return NULL;
1046 }
1047 sprintf(str, "%S", wstr);
1048 return str;
1049 }
1050
1051static int capi_get_provname(CAPI_CTX *ctx, LPSTR *pname, DWORD *ptype, DWORD idx)
1052 {
1053 LPSTR name;
1054 DWORD len, err;
1055 CAPI_trace(ctx, "capi_get_provname, index=%d\n", idx);
1056 if (!CryptEnumProviders(idx, NULL, 0, ptype, NULL, &len))
1057 {
1058 err = GetLastError();
1059 if (err == ERROR_NO_MORE_ITEMS)
1060 return 2;
1061 CAPIerr(CAPI_F_CAPI_GET_PROVNAME, CAPI_R_CRYPTENUMPROVIDERS_ERROR);
1062 capi_adderror(err);
1063 return 0;
1064 }
1065 name = OPENSSL_malloc(len);
1066 if (!CryptEnumProviders(idx, NULL, 0, ptype, name, &len))
1067 {
1068 err = GetLastError();
1069 if (err == ERROR_NO_MORE_ITEMS)
1070 return 2;
1071 CAPIerr(CAPI_F_CAPI_GET_PROVNAME, CAPI_R_CRYPTENUMPROVIDERS_ERROR);
1072 capi_adderror(err);
1073 return 0;
1074 }
1075 *pname = name;
1076 CAPI_trace(ctx, "capi_get_provname, returned name=%s, type=%d\n", name, *ptype);
1077
1078 return 1;
1079 }
1080
1081static int capi_list_providers(CAPI_CTX *ctx, BIO *out)
1082 {
1083 DWORD idx, ptype;
1084 int ret;
1085 LPTSTR provname = NULL;
1086 CAPI_trace(ctx, "capi_list_providers\n");
1087 BIO_printf(out, "Available CSPs:\n");
1088 for(idx = 0; ; idx++)
1089 {
1090 ret = capi_get_provname(ctx, &provname, &ptype, idx);
1091 if (ret == 2)
1092 break;
1093 if (ret == 0)
1094 break;
1095 BIO_printf(out, "%d. %s, type %d\n", idx, provname, ptype);
1096 OPENSSL_free(provname);
1097 }
1098 return 1;
1099 }
1100
1101static int capi_list_containers(CAPI_CTX *ctx, BIO *out)
1102 {
1103 int ret = 1;
1104 HCRYPTPROV hprov;
1105 DWORD err, idx, flags, buflen = 0, clen;
1106 LPSTR cname;
1107 CAPI_trace(ctx, "Listing containers CSP=%s, type = %d\n", ctx->cspname, ctx->csptype);
1108 if (!CryptAcquireContext(&hprov, NULL, ctx->cspname, ctx->csptype, CRYPT_VERIFYCONTEXT))
1109 {
1110 CAPIerr(CAPI_F_CAPI_LIST_CONTAINERS, CAPI_R_CRYPTACQUIRECONTEXT_ERROR);
1111 capi_addlasterror();
1112 return 0;
1113 }
1114 if (!CryptGetProvParam(hprov, PP_ENUMCONTAINERS, NULL, &buflen, CRYPT_FIRST))
1115 {
1116 CAPIerr(CAPI_F_CAPI_LIST_CONTAINERS, CAPI_R_ENUMCONTAINERS_ERROR);
1117 capi_addlasterror();
1118 return 0;
1119 }
1120 CAPI_trace(ctx, "Got max container len %d\n", buflen);
1121 if (buflen == 0)
1122 buflen = 1024;
1123 cname = OPENSSL_malloc(buflen);
1124 if (!cname)
1125 {
1126 CAPIerr(CAPI_F_CAPI_LIST_CONTAINERS, ERR_R_MALLOC_FAILURE);
1127 goto err;
1128 }
1129
1130 for (idx = 0;;idx++)
1131 {
1132 clen = buflen;
1133 cname[0] = 0;
1134
1135 if (idx == 0)
1136 flags = CRYPT_FIRST;
1137 else
1138 flags = 0;
1139 if(!CryptGetProvParam(hprov, PP_ENUMCONTAINERS, cname, &clen, flags))
1140 {
1141 err = GetLastError();
1142 if (err == ERROR_NO_MORE_ITEMS)
1143 goto done;
1144 CAPIerr(CAPI_F_CAPI_LIST_CONTAINERS, CAPI_R_ENUMCONTAINERS_ERROR);
1145 capi_adderror(err);
1146 goto err;
1147 }
1148 CAPI_trace(ctx, "Container name %s, len=%d, index=%d, flags=%d\n", cname, clen, idx, flags);
1149 if (!cname[0] && (clen == buflen))
1150 {
1151 CAPI_trace(ctx, "Enumerate bug: using workaround\n");
1152 goto done;
1153 }
1154 BIO_printf(out, "%d. %s\n", idx, cname);
1155 }
1156 err:
1157
1158 ret = 0;
1159
1160 done:
1161 if (cname)
1162 OPENSSL_free(cname);
1163 CryptReleaseContext(hprov, 0);
1164
1165 return ret;
1166 }
1167
1168CRYPT_KEY_PROV_INFO *capi_get_prov_info(CAPI_CTX *ctx, PCCERT_CONTEXT cert)
1169 {
1170 DWORD len;
1171 CRYPT_KEY_PROV_INFO *pinfo;
1172
1173 if(!CertGetCertificateContextProperty(cert, CERT_KEY_PROV_INFO_PROP_ID, NULL, &len))
1174 return NULL;
1175 pinfo = OPENSSL_malloc(len);
1176 if (!pinfo)
1177 {
1178 CAPIerr(CAPI_F_CAPI_GET_PROV_INFO, ERR_R_MALLOC_FAILURE);
1179 return NULL;
1180 }
1181 if(!CertGetCertificateContextProperty(cert, CERT_KEY_PROV_INFO_PROP_ID, pinfo, &len))
1182 {
1183 CAPIerr(CAPI_F_CAPI_GET_PROV_INFO, CAPI_R_ERROR_GETTING_KEY_PROVIDER_INFO);
1184 capi_addlasterror();
1185 OPENSSL_free(pinfo);
1186 return NULL;
1187 }
1188 return pinfo;
1189 }
1190
1191static void capi_dump_prov_info(CAPI_CTX *ctx, BIO *out, CRYPT_KEY_PROV_INFO *pinfo)
1192 {
1193 char *provname = NULL, *contname = NULL;
1194 if (!pinfo)
1195 {
1196 BIO_printf(out, " No Private Key\n");
1197 return;
1198 }
1199 provname = wide_to_asc(pinfo->pwszProvName);
1200 contname = wide_to_asc(pinfo->pwszContainerName);
1201 if (!provname || !contname)
1202 goto err;
1203
1204 BIO_printf(out, " Private Key Info:\n");
1205 BIO_printf(out, " Provider Name: %s, Provider Type %d\n", provname, pinfo->dwProvType);
1206 BIO_printf(out, " Container Name: %s, Key Type %d\n", contname, pinfo->dwKeySpec);
1207 err:
1208 if (provname)
1209 OPENSSL_free(provname);
1210 if (contname)
1211 OPENSSL_free(contname);
1212 }
1213
1214char * capi_cert_get_fname(CAPI_CTX *ctx, PCCERT_CONTEXT cert)
1215 {
1216 LPWSTR wfname;
1217 DWORD dlen;
1218
1219 CAPI_trace(ctx, "capi_cert_get_fname\n");
1220 if (!CertGetCertificateContextProperty(cert, CERT_FRIENDLY_NAME_PROP_ID, NULL, &dlen))
1221 return NULL;
1222 wfname = OPENSSL_malloc(dlen);
1223 if (CertGetCertificateContextProperty(cert, CERT_FRIENDLY_NAME_PROP_ID, wfname, &dlen))
1224 {
1225 char *fname = wide_to_asc(wfname);
1226 OPENSSL_free(wfname);
1227 return fname;
1228 }
1229 CAPIerr(CAPI_F_CAPI_CERT_GET_FNAME, CAPI_R_ERROR_GETTING_FRIENDLY_NAME);
1230 capi_addlasterror();
1231
1232 OPENSSL_free(wfname);
1233 return NULL;
1234 }
1235
1236
1237void capi_dump_cert(CAPI_CTX *ctx, BIO *out, PCCERT_CONTEXT cert)
1238 {
1239 X509 *x;
1240 unsigned char *p;
1241 unsigned long flags = ctx->dump_flags;
1242 if (flags & CAPI_DMP_FNAME)
1243 {
1244 char *fname;
1245 fname = capi_cert_get_fname(ctx, cert);
1246 if (fname)
1247 {
1248 BIO_printf(out, " Friendly Name \"%s\"\n", fname);
1249 OPENSSL_free(fname);
1250 }
1251 else
1252 BIO_printf(out, " <No Friendly Name>\n");
1253 }
1254
1255 p = cert->pbCertEncoded;
1256 x = d2i_X509(NULL, &p, cert->cbCertEncoded);
1257 if (!x)
1258 BIO_printf(out, " <Can't parse certificate>\n");
1259 if (flags & CAPI_DMP_SUMMARY)
1260 {
1261 BIO_printf(out, " Subject: ");
1262 X509_NAME_print_ex(out, X509_get_subject_name(x), 0, XN_FLAG_ONELINE);
1263 BIO_printf(out, "\n Issuer: ");
1264 X509_NAME_print_ex(out, X509_get_issuer_name(x), 0, XN_FLAG_ONELINE);
1265 BIO_printf(out, "\n");
1266 }
1267 if (flags & CAPI_DMP_FULL)
1268 X509_print_ex(out, x, XN_FLAG_ONELINE,0);
1269
1270 if (flags & CAPI_DMP_PKEYINFO)
1271 {
1272 CRYPT_KEY_PROV_INFO *pinfo;
1273 pinfo = capi_get_prov_info(ctx, cert);
1274 capi_dump_prov_info(ctx, out, pinfo);
1275 if (pinfo)
1276 OPENSSL_free(pinfo);
1277 }
1278
1279 if (flags & CAPI_DMP_PEM)
1280 PEM_write_bio_X509(out, x);
1281 X509_free(x);
1282 }
1283
1284HCERTSTORE capi_open_store(CAPI_CTX *ctx, char *storename)
1285 {
1286 HCERTSTORE hstore;
1287
1288 if (!storename)
1289 storename = ctx->storename;
1290 if (!storename)
1291 storename = "MY";
1292 CAPI_trace(ctx, "Opening certificate store %s\n", storename);
1293
1294 hstore = CertOpenStore(CERT_STORE_PROV_SYSTEM_A, 0, 0,
1295 ctx->store_flags, storename);
1296 if (!hstore)
1297 {
1298 CAPIerr(CAPI_F_CAPI_OPEN_STORE, CAPI_R_ERROR_OPENING_STORE);
1299 capi_addlasterror();
1300 }
1301 return hstore;
1302 }
1303
1304int capi_list_certs(CAPI_CTX *ctx, BIO *out, char *id)
1305 {
1306 char *storename;
1307 int idx;
1308 int ret = 1;
1309 HCERTSTORE hstore;
1310 PCCERT_CONTEXT cert = NULL;
1311
1312 storename = ctx->storename;
1313 if (!storename)
1314 storename = "MY";
1315 CAPI_trace(ctx, "Listing certs for store %s\n", storename);
1316
1317 hstore = capi_open_store(ctx, storename);
1318 if (!hstore)
1319 return 0;
1320 if (id)
1321 {
1322 cert = capi_find_cert(ctx, id, hstore);
1323 if (!cert)
1324 {
1325 ret = 0;
1326 goto err;
1327 }
1328 capi_dump_cert(ctx, out, cert);
1329 CertFreeCertificateContext(cert);
1330 }
1331 else
1332 {
1333 for(idx = 0;;idx++)
1334 {
1335 LPWSTR fname = NULL;
1336 cert = CertEnumCertificatesInStore(hstore, cert);
1337 if (!cert)
1338 break;
1339 BIO_printf(out, "Certificate %d\n", idx);
1340 capi_dump_cert(ctx, out, cert);
1341 }
1342 }
1343 err:
1344 CertCloseStore(hstore, 0);
1345 return ret;
1346 }
1347
1348static PCCERT_CONTEXT capi_find_cert(CAPI_CTX *ctx, const char *id, HCERTSTORE hstore)
1349 {
1350 PCCERT_CONTEXT cert = NULL;
1351 char *fname = NULL;
1352 int match;
1353 switch(ctx->lookup_method)
1354 {
1355 case CAPI_LU_SUBSTR:
1356 return CertFindCertificateInStore(hstore,
1357 X509_ASN_ENCODING, 0,
1358 CERT_FIND_SUBJECT_STR_A, id, NULL);
1359 case CAPI_LU_FNAME:
1360 for(;;)
1361 {
1362 cert = CertEnumCertificatesInStore(hstore, cert);
1363 if (!cert)
1364 return NULL;
1365 fname = capi_cert_get_fname(ctx, cert);
1366 if (fname)
1367 {
1368 if (strcmp(fname, id))
1369 match = 0;
1370 else
1371 match = 1;
1372 OPENSSL_free(fname);
1373 if (match)
1374 return cert;
1375 }
1376 }
1377 default:
1378 return NULL;
1379 }
1380 }
1381
1382static CAPI_KEY *capi_get_key(CAPI_CTX *ctx, const char *contname, char *provname, DWORD ptype, DWORD keyspec)
1383 {
1384 CAPI_KEY *key;
1385 key = OPENSSL_malloc(sizeof(CAPI_KEY));
1386 CAPI_trace(ctx, "capi_get_key, contname=%s, provname=%s, type=%d\n",
1387 contname, provname, ptype);
1388 if (!CryptAcquireContext(&key->hprov, contname, provname, ptype, 0))
1389 {
1390 CAPIerr(CAPI_F_CAPI_GET_KEY, CAPI_R_CRYPTACQUIRECONTEXT_ERROR);
1391 capi_addlasterror();
1392 goto err;
1393 }
1394 if (!CryptGetUserKey(key->hprov, keyspec, &key->key))
1395 {
1396 CAPIerr(CAPI_F_CAPI_GET_KEY, CAPI_R_GETUSERKEY_ERROR);
1397 capi_addlasterror();
1398 CryptReleaseContext(key->hprov, 0);
1399 goto err;
1400 }
1401 key->keyspec = keyspec;
1402 key->pcert = NULL;
1403 return key;
1404
1405 err:
1406 OPENSSL_free(key);
1407 return NULL;
1408 }
1409
1410static CAPI_KEY *capi_get_cert_key(CAPI_CTX *ctx, PCCERT_CONTEXT cert)
1411 {
1412 CAPI_KEY *key = NULL;
1413 CRYPT_KEY_PROV_INFO *pinfo = NULL;
1414 char *provname = NULL, *contname = NULL;
1415 pinfo = capi_get_prov_info(ctx, cert);
1416 if (!pinfo)
1417 goto err;
1418 provname = wide_to_asc(pinfo->pwszProvName);
1419 contname = wide_to_asc(pinfo->pwszContainerName);
1420 if (!provname || !contname)
1421 goto err;
1422 key = capi_get_key(ctx, contname, provname,
1423 pinfo->dwProvType, pinfo->dwKeySpec);
1424
1425 err:
1426 if (pinfo)
1427 OPENSSL_free(pinfo);
1428 if (provname)
1429 OPENSSL_free(provname);
1430 if (contname)
1431 OPENSSL_free(contname);
1432 return key;
1433 }
1434
1435CAPI_KEY *capi_find_key(CAPI_CTX *ctx, const char *id)
1436 {
1437 PCCERT_CONTEXT cert;
1438 HCERTSTORE hstore;
1439 CAPI_KEY *key = NULL;
1440 switch (ctx->lookup_method)
1441 {
1442 case CAPI_LU_SUBSTR:
1443 case CAPI_LU_FNAME:
1444 hstore = capi_open_store(ctx, NULL);
1445 if (!hstore)
1446 return NULL;
1447 cert = capi_find_cert(ctx, id, hstore);
1448 if (cert)
1449 {
1450 key = capi_get_cert_key(ctx, cert);
1451 CertFreeCertificateContext(cert);
1452 }
1453 CertCloseStore(hstore, 0);
1454 break;
1455
1456 case CAPI_LU_CONTNAME:
1457 key = capi_get_key(ctx, id, ctx->cspname, ctx->csptype,
1458 ctx->keytype);
1459 break;
1460 }
1461
1462 return key;
1463 }
1464
1465void capi_free_key(CAPI_KEY *key)
1466 {
1467 if (!key)
1468 return;
1469 CryptDestroyKey(key->key);
1470 CryptReleaseContext(key->hprov, 0);
1471 if (key->pcert)
1472 CertFreeCertificateContext(key->pcert);
1473 OPENSSL_free(key);
1474 }
1475
1476
1477/* Initialize a CAPI_CTX structure */
1478
1479static CAPI_CTX *capi_ctx_new()
1480 {
1481 CAPI_CTX *ctx;
1482 ctx = OPENSSL_malloc(sizeof(CAPI_CTX));
1483 if (!ctx)
1484 {
1485 CAPIerr(CAPI_F_CAPI_CTX_NEW, ERR_R_MALLOC_FAILURE);
1486 return NULL;
1487 }
1488 ctx->cspname = NULL;
1489 ctx->csptype = PROV_RSA_FULL;
1490 ctx->dump_flags = CAPI_DMP_SUMMARY|CAPI_DMP_FNAME;
1491 ctx->keytype = AT_KEYEXCHANGE;
1492 ctx->storename = NULL;
1493 ctx->ssl_client_store = NULL;
1494 ctx->store_flags = CERT_STORE_OPEN_EXISTING_FLAG |
1495 CERT_STORE_READONLY_FLAG |
1496 CERT_SYSTEM_STORE_CURRENT_USER;
1497 ctx->lookup_method = CAPI_LU_SUBSTR;
1498 ctx->debug_level = 0;
1499 ctx->debug_file = NULL;
1500 ctx->client_cert_select = cert_select_simple;
1501 return ctx;
1502 }
1503
1504static void capi_ctx_free(CAPI_CTX *ctx)
1505 {
1506 CAPI_trace(ctx, "Calling capi_ctx_free with %lx\n", ctx);
1507 if (!ctx)
1508 return;
1509 if (ctx->cspname)
1510 OPENSSL_free(ctx->cspname);
1511 if (ctx->debug_file)
1512 OPENSSL_free(ctx->debug_file);
1513 if (ctx->storename)
1514 OPENSSL_free(ctx->storename);
1515 if (ctx->ssl_client_store)
1516 OPENSSL_free(ctx->ssl_client_store);
1517 OPENSSL_free(ctx);
1518 }
1519
1520static int capi_ctx_set_provname(CAPI_CTX *ctx, LPSTR pname, DWORD type, int check)
1521 {
1522 CAPI_trace(ctx, "capi_ctx_set_provname, name=%s, type=%d\n", pname, type);
1523 if (check)
1524 {
1525 HCRYPTPROV hprov;
1526 if (!CryptAcquireContext(&hprov, NULL, pname, type,
1527 CRYPT_VERIFYCONTEXT))
1528 {
1529 CAPIerr(CAPI_F_CAPI_CTX_SET_PROVNAME, CAPI_R_CRYPTACQUIRECONTEXT_ERROR);
1530 capi_addlasterror();
1531 return 0;
1532 }
1533 CryptReleaseContext(hprov, 0);
1534 }
1535 ctx->cspname = BUF_strdup(pname);
1536 ctx->csptype = type;
1537 return 1;
1538 }
1539
1540static int capi_ctx_set_provname_idx(CAPI_CTX *ctx, int idx)
1541 {
1542 LPSTR pname;
1543 DWORD type;
1544 if (capi_get_provname(ctx, &pname, &type, idx) != 1)
1545 return 0;
1546 return capi_ctx_set_provname(ctx, pname, type, 0);
1547 }
1548
1549static int cert_issuer_match(STACK_OF(X509_NAME) *ca_dn, X509 *x)
1550 {
1551 int i;
1552 X509_NAME *nm;
1553 /* Special case: empty list: match anything */
1554 if (sk_X509_NAME_num(ca_dn) <= 0)
1555 return 1;
1556 for (i = 0; i < sk_X509_NAME_num(ca_dn); i++)
1557 {
1558 nm = sk_X509_NAME_value(ca_dn, i);
1559 if (!X509_NAME_cmp(nm, X509_get_issuer_name(x)))
1560 return 1;
1561 }
1562 return 0;
1563 }
1564
1565
1566
1567static int capi_load_ssl_client_cert(ENGINE *e, SSL *ssl,
1568 STACK_OF(X509_NAME) *ca_dn, X509 **pcert, EVP_PKEY **pkey,
1569 STACK_OF(X509) **pother, UI_METHOD *ui_method, void *callback_data)
1570 {
1571 STACK_OF(X509) *certs = NULL;
1572 X509 *x;
1573 char *storename;
1574 const char *p;
1575 int i, client_cert_idx;
1576 HCERTSTORE hstore;
1577 PCCERT_CONTEXT cert = NULL, excert = NULL;
1578 CAPI_CTX *ctx;
1579 CAPI_KEY *key;
1580 ctx = ENGINE_get_ex_data(e, capi_idx);
1581
1582 *pcert = NULL;
1583 *pkey = NULL;
1584
1585 storename = ctx->ssl_client_store;
1586 if (!storename)
1587 storename = "MY";
1588
1589 hstore = capi_open_store(ctx, storename);
1590 if (!hstore)
1591 return 0;
1592 /* Enumerate all certificates collect any matches */
1593 for(i = 0;;i++)
1594 {
1595 cert = CertEnumCertificatesInStore(hstore, cert);
1596 if (!cert)
1597 break;
1598 p = cert->pbCertEncoded;
1599 x = d2i_X509(NULL, &p, cert->cbCertEncoded);
1600 if (!x)
1601 {
1602 CAPI_trace(ctx, "Can't Parse Certificate %d\n", i);
1603 continue;
1604 }
1605 if (cert_issuer_match(ca_dn, x)
1606 && X509_check_purpose(x, X509_PURPOSE_SSL_CLIENT, 0))
1607 {
1608 key = capi_get_cert_key(ctx, cert);
1609 if (!key)
1610 {
1611 X509_free(x);
1612 continue;
1613 }
1614 /* Match found: attach extra data to it so
1615 * we can retrieve the key later.
1616 */
1617 excert = CertDuplicateCertificateContext(cert);
1618 key->pcert = excert;
1619 X509_set_ex_data(x, cert_capi_idx, key);
1620
1621 if (!certs)
1622 certs = sk_X509_new_null();
1623
1624 sk_X509_push(certs, x);
1625 }
1626 else
1627 X509_free(x);
1628
1629 }
1630
1631 if (cert)
1632 CertFreeCertificateContext(cert);
1633 if (hstore)
1634 CertCloseStore(hstore, 0);
1635
1636 if (!certs)
1637 return 0;
1638
1639
1640 /* Select the appropriate certificate */
1641
1642 client_cert_idx = ctx->client_cert_select(e, ssl, certs);
1643
1644 /* Set the selected certificate and free the rest */
1645
1646 for(i = 0; i < sk_X509_num(certs); i++)
1647 {
1648 x = sk_X509_value(certs, i);
1649 if (i == client_cert_idx)
1650 *pcert = x;
1651 else
1652 {
1653 key = X509_get_ex_data(x, cert_capi_idx);
1654 capi_free_key(key);
1655 X509_free(x);
1656 }
1657 }
1658
1659 sk_X509_free(certs);
1660
1661 if (!*pcert)
1662 return 0;
1663
1664 /* Setup key for selected certificate */
1665
1666 key = X509_get_ex_data(*pcert, cert_capi_idx);
1667 *pkey = capi_get_pkey(e, key);
1668 X509_set_ex_data(*pcert, cert_capi_idx, NULL);
1669
1670 return 1;
1671
1672 }
1673
1674
1675/* Simple client cert selection function: always select first */
1676
1677static int cert_select_simple(ENGINE *e, SSL *ssl, STACK_OF(X509) *certs)
1678 {
1679 return 0;
1680 }
1681
1682#ifdef OPENSSL_CAPIENG_DIALOG
1683
1684/* More complex cert selection function, using standard function
1685 * CryptUIDlgSelectCertificateFromStore() to produce a dialog box.
1686 */
1687
1688/* Definitions which are in cryptuiapi.h but this is not present in older
1689 * versions of headers.
1690 */
1691
1692#ifndef CRYPTUI_SELECT_LOCATION_COLUMN
1693#define CRYPTUI_SELECT_LOCATION_COLUMN 0x000000010
1694#define CRYPTUI_SELECT_INTENDEDUSE_COLUMN 0x000000004
1695#endif
1696
1697#define dlg_title L"OpenSSL Application SSL Client Certificate Selection"
1698#define dlg_prompt L"Select a certificate to use for authentication"
1699#define dlg_columns CRYPTUI_SELECT_LOCATION_COLUMN \
1700 |CRYPTUI_SELECT_INTENDEDUSE_COLUMN
1701
1702static int cert_select_dialog(ENGINE *e, SSL *ssl, STACK_OF(X509) *certs)
1703 {
1704 X509 *x;
1705 HCERTSTORE dstore;
1706 PCCERT_CONTEXT cert;
1707 CAPI_CTX *ctx;
1708 CAPI_KEY *key;
1709 HWND hwnd;
1710 int i, idx = -1;
1711 if (sk_X509_num(certs) == 1)
1712 return 0;
1713 ctx = ENGINE_get_ex_data(e, capi_idx);
1714 /* Create an in memory store of certificates */
1715 dstore = CertOpenStore(CERT_STORE_PROV_MEMORY, 0, 0,
1716 CERT_STORE_CREATE_NEW_FLAG, NULL);
1717 if (!dstore)
1718 {
1719 CAPIerr(CAPI_F_CERT_SELECT_DIALOG, CAPI_R_ERROR_CREATING_STORE);
1720 capi_addlasterror();
1721 goto err;
1722 }
1723 /* Add all certificates to store */
1724 for(i = 0; i < sk_X509_num(certs); i++)
1725 {
1726 x = sk_X509_value(certs, i);
1727 key = X509_get_ex_data(x, cert_capi_idx);
1728
1729 if (!CertAddCertificateContextToStore(dstore, key->pcert,
1730 CERT_STORE_ADD_NEW, NULL))
1731 {
1732 CAPIerr(CAPI_F_CERT_SELECT_DIALOG, CAPI_R_ERROR_ADDING_CERT);
1733 capi_addlasterror();
1734 goto err;
1735 }
1736
1737 }
1738 hwnd = GetForegroundWindow();
1739 if (!hwnd)
1740 hwnd = GetActiveWindow();
1741 if (!hwnd && ctx->getconswindow)
1742 hwnd = ctx->getconswindow();
1743 /* Call dialog to select one */
1744 cert = ctx->certselectdlg(dstore, hwnd, dlg_title, dlg_prompt,
1745 dlg_columns, 0, NULL);
1746
1747 /* Find matching cert from list */
1748 if (cert)
1749 {
1750 for(i = 0; i < sk_X509_num(certs); i++)
1751 {
1752 x = sk_X509_value(certs, i);
1753 key = X509_get_ex_data(x, cert_capi_idx);
1754 if (CertCompareCertificate(
1755 X509_ASN_ENCODING | PKCS_7_ASN_ENCODING,
1756 cert->pCertInfo,
1757 key->pcert->pCertInfo))
1758 {
1759 idx = i;
1760 break;
1761 }
1762 }
1763 }
1764
1765 err:
1766 if (dstore)
1767 CertCloseStore(dstore, 0);
1768 return idx;
1769
1770 }
1771#endif
1772
1773#endif
1774#else /* !WIN32 */
1775#include <openssl/engine.h>
1776#ifndef OPENSSL_NO_DYNAMIC_ENGINE
1777OPENSSL_EXPORT
1778int bind_engine(ENGINE *e, const char *id, const dynamic_fns *fns) { return 0; }
1779IMPLEMENT_DYNAMIC_CHECK_FN()
1780#endif
1781#endif
diff --git a/src/lib/libssl/src/engines/e_capi.ec b/src/lib/libssl/src/engines/e_capi.ec
new file mode 100644
index 0000000000..d2ad668a98
--- /dev/null
+++ b/src/lib/libssl/src/engines/e_capi.ec
@@ -0,0 +1 @@
L CAPI e_capi_err.h e_capi_err.c
diff --git a/src/lib/libssl/src/engines/e_capi_err.c b/src/lib/libssl/src/engines/e_capi_err.c
new file mode 100644
index 0000000000..73bbaaa718
--- /dev/null
+++ b/src/lib/libssl/src/engines/e_capi_err.c
@@ -0,0 +1,183 @@
1/* e_capi_err.c */
2/* ====================================================================
3 * Copyright (c) 1999-2008 The OpenSSL Project. All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 *
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
11 *
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in
14 * the documentation and/or other materials provided with the
15 * distribution.
16 *
17 * 3. All advertising materials mentioning features or use of this
18 * software must display the following acknowledgment:
19 * "This product includes software developed by the OpenSSL Project
20 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
21 *
22 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
23 * endorse or promote products derived from this software without
24 * prior written permission. For written permission, please contact
25 * openssl-core@OpenSSL.org.
26 *
27 * 5. Products derived from this software may not be called "OpenSSL"
28 * nor may "OpenSSL" appear in their names without prior written
29 * permission of the OpenSSL Project.
30 *
31 * 6. Redistributions of any form whatsoever must retain the following
32 * acknowledgment:
33 * "This product includes software developed by the OpenSSL Project
34 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
35 *
36 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
37 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
38 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
39 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
40 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
41 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
42 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
43 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
44 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
45 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
46 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
47 * OF THE POSSIBILITY OF SUCH DAMAGE.
48 * ====================================================================
49 *
50 * This product includes cryptographic software written by Eric Young
51 * (eay@cryptsoft.com). This product includes software written by Tim
52 * Hudson (tjh@cryptsoft.com).
53 *
54 */
55
56/* NOTE: this file was auto generated by the mkerr.pl script: any changes
57 * made to it will be overwritten when the script next updates this file,
58 * only reason strings will be preserved.
59 */
60
61#include <stdio.h>
62#include <openssl/err.h>
63#include "e_capi_err.h"
64
65/* BEGIN ERROR CODES */
66#ifndef OPENSSL_NO_ERR
67
68#define ERR_FUNC(func) ERR_PACK(0,func,0)
69#define ERR_REASON(reason) ERR_PACK(0,0,reason)
70
71static ERR_STRING_DATA CAPI_str_functs[]=
72 {
73{ERR_FUNC(CAPI_F_CAPI_CERT_GET_FNAME), "CAPI_CERT_GET_FNAME"},
74{ERR_FUNC(CAPI_F_CAPI_CTRL), "CAPI_CTRL"},
75{ERR_FUNC(CAPI_F_CAPI_CTX_NEW), "CAPI_CTX_NEW"},
76{ERR_FUNC(CAPI_F_CAPI_CTX_SET_PROVNAME), "CAPI_CTX_SET_PROVNAME"},
77{ERR_FUNC(CAPI_F_CAPI_DSA_DO_SIGN), "CAPI_DSA_DO_SIGN"},
78{ERR_FUNC(CAPI_F_CAPI_GET_KEY), "CAPI_GET_KEY"},
79{ERR_FUNC(CAPI_F_CAPI_GET_PKEY), "CAPI_GET_PKEY"},
80{ERR_FUNC(CAPI_F_CAPI_GET_PROVNAME), "CAPI_GET_PROVNAME"},
81{ERR_FUNC(CAPI_F_CAPI_GET_PROV_INFO), "CAPI_GET_PROV_INFO"},
82{ERR_FUNC(CAPI_F_CAPI_INIT), "CAPI_INIT"},
83{ERR_FUNC(CAPI_F_CAPI_LIST_CONTAINERS), "CAPI_LIST_CONTAINERS"},
84{ERR_FUNC(CAPI_F_CAPI_LOAD_PRIVKEY), "CAPI_LOAD_PRIVKEY"},
85{ERR_FUNC(CAPI_F_CAPI_OPEN_STORE), "CAPI_OPEN_STORE"},
86{ERR_FUNC(CAPI_F_CAPI_RSA_PRIV_DEC), "CAPI_RSA_PRIV_DEC"},
87{ERR_FUNC(CAPI_F_CAPI_RSA_PRIV_ENC), "CAPI_RSA_PRIV_ENC"},
88{ERR_FUNC(CAPI_F_CAPI_RSA_SIGN), "CAPI_RSA_SIGN"},
89{ERR_FUNC(CAPI_F_CERT_SELECT_DIALOG), "CERT_SELECT_DIALOG"},
90{ERR_FUNC(CAPI_F_CLIENT_CERT_SELECT), "CLIENT_CERT_SELECT"},
91{ERR_FUNC(CAPI_F_WIDE_TO_ASC), "WIDE_TO_ASC"},
92{0,NULL}
93 };
94
95static ERR_STRING_DATA CAPI_str_reasons[]=
96 {
97{ERR_REASON(CAPI_R_CANT_CREATE_HASH_OBJECT),"cant create hash object"},
98{ERR_REASON(CAPI_R_CANT_FIND_CAPI_CONTEXT),"cant find capi context"},
99{ERR_REASON(CAPI_R_CANT_GET_KEY) ,"cant get key"},
100{ERR_REASON(CAPI_R_CANT_SET_HASH_VALUE) ,"cant set hash value"},
101{ERR_REASON(CAPI_R_CRYPTACQUIRECONTEXT_ERROR),"cryptacquirecontext error"},
102{ERR_REASON(CAPI_R_CRYPTENUMPROVIDERS_ERROR),"cryptenumproviders error"},
103{ERR_REASON(CAPI_R_DECRYPT_ERROR) ,"decrypt error"},
104{ERR_REASON(CAPI_R_ENGINE_NOT_INITIALIZED),"engine not initialized"},
105{ERR_REASON(CAPI_R_ENUMCONTAINERS_ERROR) ,"enumcontainers error"},
106{ERR_REASON(CAPI_R_ERROR_ADDING_CERT) ,"error adding cert"},
107{ERR_REASON(CAPI_R_ERROR_CREATING_STORE) ,"error creating store"},
108{ERR_REASON(CAPI_R_ERROR_GETTING_FRIENDLY_NAME),"error getting friendly name"},
109{ERR_REASON(CAPI_R_ERROR_GETTING_KEY_PROVIDER_INFO),"error getting key provider info"},
110{ERR_REASON(CAPI_R_ERROR_OPENING_STORE) ,"error opening store"},
111{ERR_REASON(CAPI_R_ERROR_SIGNING_HASH) ,"error signing hash"},
112{ERR_REASON(CAPI_R_FUNCTION_NOT_SUPPORTED),"function not supported"},
113{ERR_REASON(CAPI_R_GETUSERKEY_ERROR) ,"getuserkey error"},
114{ERR_REASON(CAPI_R_INVALID_DIGEST_LENGTH),"invalid digest length"},
115{ERR_REASON(CAPI_R_INVALID_DSA_PUBLIC_KEY_BLOB_MAGIC_NUMBER),"invalid dsa public key blob magic number"},
116{ERR_REASON(CAPI_R_INVALID_LOOKUP_METHOD),"invalid lookup method"},
117{ERR_REASON(CAPI_R_INVALID_PUBLIC_KEY_BLOB),"invalid public key blob"},
118{ERR_REASON(CAPI_R_INVALID_RSA_PUBLIC_KEY_BLOB_MAGIC_NUMBER),"invalid rsa public key blob magic number"},
119{ERR_REASON(CAPI_R_PUBKEY_EXPORT_ERROR) ,"pubkey export error"},
120{ERR_REASON(CAPI_R_PUBKEY_EXPORT_LENGTH_ERROR),"pubkey export length error"},
121{ERR_REASON(CAPI_R_UNKNOWN_COMMAND) ,"unknown command"},
122{ERR_REASON(CAPI_R_UNSUPPORTED_ALGORITHM_NID),"unsupported algorithm nid"},
123{ERR_REASON(CAPI_R_UNSUPPORTED_PADDING) ,"unsupported padding"},
124{ERR_REASON(CAPI_R_UNSUPPORTED_PUBLIC_KEY_ALGORITHM),"unsupported public key algorithm"},
125{0,NULL}
126 };
127
128#endif
129
130#ifdef CAPI_LIB_NAME
131static ERR_STRING_DATA CAPI_lib_name[]=
132 {
133{0 ,CAPI_LIB_NAME},
134{0,NULL}
135 };
136#endif
137
138
139static int CAPI_lib_error_code=0;
140static int CAPI_error_init=1;
141
142static void ERR_load_CAPI_strings(void)
143 {
144 if (CAPI_lib_error_code == 0)
145 CAPI_lib_error_code=ERR_get_next_error_library();
146
147 if (CAPI_error_init)
148 {
149 CAPI_error_init=0;
150#ifndef OPENSSL_NO_ERR
151 ERR_load_strings(CAPI_lib_error_code,CAPI_str_functs);
152 ERR_load_strings(CAPI_lib_error_code,CAPI_str_reasons);
153#endif
154
155#ifdef CAPI_LIB_NAME
156 CAPI_lib_name->error = ERR_PACK(CAPI_lib_error_code,0,0);
157 ERR_load_strings(0,CAPI_lib_name);
158#endif
159 }
160 }
161
162static void ERR_unload_CAPI_strings(void)
163 {
164 if (CAPI_error_init == 0)
165 {
166#ifndef OPENSSL_NO_ERR
167 ERR_unload_strings(CAPI_lib_error_code,CAPI_str_functs);
168 ERR_unload_strings(CAPI_lib_error_code,CAPI_str_reasons);
169#endif
170
171#ifdef CAPI_LIB_NAME
172 ERR_unload_strings(0,CAPI_lib_name);
173#endif
174 CAPI_error_init=1;
175 }
176 }
177
178static void ERR_CAPI_error(int function, int reason, char *file, int line)
179 {
180 if (CAPI_lib_error_code == 0)
181 CAPI_lib_error_code=ERR_get_next_error_library();
182 ERR_PUT_error(CAPI_lib_error_code,function,reason,file,line);
183 }
diff --git a/src/lib/libssl/src/engines/e_capi_err.h b/src/lib/libssl/src/engines/e_capi_err.h
new file mode 100644
index 0000000000..efdb751251
--- /dev/null
+++ b/src/lib/libssl/src/engines/e_capi_err.h
@@ -0,0 +1,123 @@
1/* ====================================================================
2 * Copyright (c) 2001-2008 The OpenSSL Project. All rights reserved.
3 *
4 * Redistribution and use in source and binary forms, with or without
5 * modification, are permitted provided that the following conditions
6 * are met:
7 *
8 * 1. Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
10 *
11 * 2. Redistributions in binary form must reproduce the above copyright
12 * notice, this list of conditions and the following disclaimer in
13 * the documentation and/or other materials provided with the
14 * distribution.
15 *
16 * 3. All advertising materials mentioning features or use of this
17 * software must display the following acknowledgment:
18 * "This product includes software developed by the OpenSSL Project
19 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
20 *
21 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
22 * endorse or promote products derived from this software without
23 * prior written permission. For written permission, please contact
24 * openssl-core@openssl.org.
25 *
26 * 5. Products derived from this software may not be called "OpenSSL"
27 * nor may "OpenSSL" appear in their names without prior written
28 * permission of the OpenSSL Project.
29 *
30 * 6. Redistributions of any form whatsoever must retain the following
31 * acknowledgment:
32 * "This product includes software developed by the OpenSSL Project
33 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
34 *
35 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
36 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
37 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
38 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
39 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
40 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
41 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
42 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
43 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
44 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
45 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
46 * OF THE POSSIBILITY OF SUCH DAMAGE.
47 * ====================================================================
48 *
49 * This product includes cryptographic software written by Eric Young
50 * (eay@cryptsoft.com). This product includes software written by Tim
51 * Hudson (tjh@cryptsoft.com).
52 *
53 */
54
55#ifndef HEADER_CAPI_ERR_H
56#define HEADER_CAPI_ERR_H
57
58/* BEGIN ERROR CODES */
59/* The following lines are auto generated by the script mkerr.pl. Any changes
60 * made after this point may be overwritten when the script is next run.
61 */
62static void ERR_load_CAPI_strings(void);
63static void ERR_unload_CAPI_strings(void);
64static void ERR_CAPI_error(int function, int reason, char *file, int line);
65#define CAPIerr(f,r) ERR_CAPI_error((f),(r),__FILE__,__LINE__)
66
67/* Error codes for the CAPI functions. */
68
69/* Function codes. */
70#define CAPI_F_CAPI_CERT_GET_FNAME 99
71#define CAPI_F_CAPI_CTRL 100
72#define CAPI_F_CAPI_CTX_NEW 101
73#define CAPI_F_CAPI_CTX_SET_PROVNAME 102
74#define CAPI_F_CAPI_DSA_DO_SIGN 114
75#define CAPI_F_CAPI_GET_KEY 103
76#define CAPI_F_CAPI_GET_PKEY 115
77#define CAPI_F_CAPI_GET_PROVNAME 104
78#define CAPI_F_CAPI_GET_PROV_INFO 105
79#define CAPI_F_CAPI_INIT 106
80#define CAPI_F_CAPI_LIST_CONTAINERS 107
81#define CAPI_F_CAPI_LOAD_PRIVKEY 108
82#define CAPI_F_CAPI_OPEN_STORE 109
83#define CAPI_F_CAPI_RSA_PRIV_DEC 110
84#define CAPI_F_CAPI_RSA_PRIV_ENC 111
85#define CAPI_F_CAPI_RSA_SIGN 112
86#define CAPI_F_CERT_SELECT_DIALOG 117
87#define CAPI_F_CLIENT_CERT_SELECT 116
88#define CAPI_F_WIDE_TO_ASC 113
89
90/* Reason codes. */
91#define CAPI_R_CANT_CREATE_HASH_OBJECT 99
92#define CAPI_R_CANT_FIND_CAPI_CONTEXT 100
93#define CAPI_R_CANT_GET_KEY 101
94#define CAPI_R_CANT_SET_HASH_VALUE 102
95#define CAPI_R_CRYPTACQUIRECONTEXT_ERROR 103
96#define CAPI_R_CRYPTENUMPROVIDERS_ERROR 104
97#define CAPI_R_DECRYPT_ERROR 105
98#define CAPI_R_ENGINE_NOT_INITIALIZED 106
99#define CAPI_R_ENUMCONTAINERS_ERROR 107
100#define CAPI_R_ERROR_ADDING_CERT 125
101#define CAPI_R_ERROR_CREATING_STORE 126
102#define CAPI_R_ERROR_GETTING_FRIENDLY_NAME 108
103#define CAPI_R_ERROR_GETTING_KEY_PROVIDER_INFO 109
104#define CAPI_R_ERROR_OPENING_STORE 110
105#define CAPI_R_ERROR_SIGNING_HASH 111
106#define CAPI_R_FUNCTION_NOT_SUPPORTED 112
107#define CAPI_R_GETUSERKEY_ERROR 113
108#define CAPI_R_INVALID_DIGEST_LENGTH 124
109#define CAPI_R_INVALID_DSA_PUBLIC_KEY_BLOB_MAGIC_NUMBER 122
110#define CAPI_R_INVALID_LOOKUP_METHOD 114
111#define CAPI_R_INVALID_PUBLIC_KEY_BLOB 115
112#define CAPI_R_INVALID_RSA_PUBLIC_KEY_BLOB_MAGIC_NUMBER 123
113#define CAPI_R_PUBKEY_EXPORT_ERROR 116
114#define CAPI_R_PUBKEY_EXPORT_LENGTH_ERROR 117
115#define CAPI_R_UNKNOWN_COMMAND 118
116#define CAPI_R_UNSUPPORTED_ALGORITHM_NID 119
117#define CAPI_R_UNSUPPORTED_PADDING 120
118#define CAPI_R_UNSUPPORTED_PUBLIC_KEY_ALGORITHM 121
119
120#ifdef __cplusplus
121}
122#endif
123#endif
diff --git a/src/lib/libssl/src/engines/e_gmp.c b/src/lib/libssl/src/engines/e_gmp.c
index e62e6fcd07..a1a2d2bda6 100644
--- a/src/lib/libssl/src/engines/e_gmp.c
+++ b/src/lib/libssl/src/engines/e_gmp.c
@@ -451,9 +451,13 @@ static int e_gmp_rsa_mod_exp(BIGNUM *r, const BIGNUM *I, RSA *rsa, BN_CTX *ctx)
451 } 451 }
452#endif 452#endif
453 453
454#endif /* !OPENSSL_NO_GMP */
455
454/* This stuff is needed if this ENGINE is being compiled into a self-contained 456/* This stuff is needed if this ENGINE is being compiled into a self-contained
455 * shared-library. */ 457 * shared-library. */
456#ifndef ENGINE_NO_DYNAMIC_SUPPORT 458#ifndef OPENSSL_NO_DYNAMIC_ENGINE
459IMPLEMENT_DYNAMIC_CHECK_FN()
460#ifndef OPENSSL_NO_GMP
457static int bind_fn(ENGINE *e, const char *id) 461static int bind_fn(ENGINE *e, const char *id)
458 { 462 {
459 if(id && (strcmp(id, engine_e_gmp_id) != 0)) 463 if(id && (strcmp(id, engine_e_gmp_id) != 0))
@@ -462,10 +466,11 @@ static int bind_fn(ENGINE *e, const char *id)
462 return 0; 466 return 0;
463 return 1; 467 return 1;
464 } 468 }
465IMPLEMENT_DYNAMIC_CHECK_FN()
466IMPLEMENT_DYNAMIC_BIND_FN(bind_fn) 469IMPLEMENT_DYNAMIC_BIND_FN(bind_fn)
467#endif /* ENGINE_DYNAMIC_SUPPORT */ 470#else
471OPENSSL_EXPORT
472int bind_engine(ENGINE *e, const char *id, const dynamic_fns *fns) { return 0; }
473#endif
474#endif /* OPENSSL_NO_DYNAMIC_ENGINE */
468 475
469#endif /* !OPENSSL_NO_GMP */
470#endif /* !OPENSSL_NO_HW */ 476#endif /* !OPENSSL_NO_HW */
471
diff --git a/src/lib/libssl/src/openssl.spec b/src/lib/libssl/src/openssl.spec
index 4acba76aa2..a1fa198423 100644
--- a/src/lib/libssl/src/openssl.spec
+++ b/src/lib/libssl/src/openssl.spec
@@ -1,7 +1,7 @@
1%define libmaj 0 1%define libmaj 0
2%define libmin 9 2%define libmin 9
3%define librel 8 3%define librel 8
4%define librev h 4%define librev i
5Release: 1 5Release: 1
6 6
7%define openssldir /var/ssl 7%define openssldir /var/ssl
diff --git a/src/lib/libssl/src/ssl/Makefile b/src/lib/libssl/src/ssl/Makefile
index 2754632849..cb4267f5de 100644
--- a/src/lib/libssl/src/ssl/Makefile
+++ b/src/lib/libssl/src/ssl/Makefile
@@ -111,18 +111,19 @@ bio_ssl.o: ../include/openssl/comp.h ../include/openssl/crypto.h
111bio_ssl.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h 111bio_ssl.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h
112bio_ssl.o: ../include/openssl/ec.h ../include/openssl/ecdh.h 112bio_ssl.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
113bio_ssl.o: ../include/openssl/ecdsa.h ../include/openssl/err.h 113bio_ssl.o: ../include/openssl/ecdsa.h ../include/openssl/err.h
114bio_ssl.o: ../include/openssl/evp.h ../include/openssl/kssl.h 114bio_ssl.o: ../include/openssl/evp.h ../include/openssl/hmac.h
115bio_ssl.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h 115bio_ssl.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
116bio_ssl.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h 116bio_ssl.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
117bio_ssl.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h 117bio_ssl.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
118bio_ssl.o: ../include/openssl/pem.h ../include/openssl/pem2.h 118bio_ssl.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
119bio_ssl.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h 119bio_ssl.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
120bio_ssl.o: ../include/openssl/pqueue.h ../include/openssl/safestack.h 120bio_ssl.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h
121bio_ssl.o: ../include/openssl/sha.h ../include/openssl/ssl.h 121bio_ssl.o: ../include/openssl/safestack.h ../include/openssl/sha.h
122bio_ssl.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h 122bio_ssl.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
123bio_ssl.o: ../include/openssl/ssl3.h ../include/openssl/stack.h 123bio_ssl.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
124bio_ssl.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h 124bio_ssl.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
125bio_ssl.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h bio_ssl.c 125bio_ssl.o: ../include/openssl/tls1.h ../include/openssl/x509.h
126bio_ssl.o: ../include/openssl/x509_vfy.h bio_ssl.c
126d1_both.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h 127d1_both.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
127d1_both.o: ../include/openssl/bn.h ../include/openssl/buffer.h 128d1_both.o: ../include/openssl/bn.h ../include/openssl/buffer.h
128d1_both.o: ../include/openssl/comp.h ../include/openssl/crypto.h 129d1_both.o: ../include/openssl/comp.h ../include/openssl/crypto.h
@@ -130,19 +131,20 @@ d1_both.o: ../include/openssl/dsa.h ../include/openssl/dtls1.h
130d1_both.o: ../include/openssl/e_os2.h ../include/openssl/ec.h 131d1_both.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
131d1_both.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h 132d1_both.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
132d1_both.o: ../include/openssl/err.h ../include/openssl/evp.h 133d1_both.o: ../include/openssl/err.h ../include/openssl/evp.h
133d1_both.o: ../include/openssl/kssl.h ../include/openssl/lhash.h 134d1_both.o: ../include/openssl/hmac.h ../include/openssl/kssl.h
134d1_both.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h 135d1_both.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
135d1_both.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h 136d1_both.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
136d1_both.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h 137d1_both.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
137d1_both.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h 138d1_both.o: ../include/openssl/pem.h ../include/openssl/pem2.h
138d1_both.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h 139d1_both.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h
139d1_both.o: ../include/openssl/rand.h ../include/openssl/rsa.h 140d1_both.o: ../include/openssl/pqueue.h ../include/openssl/rand.h
140d1_both.o: ../include/openssl/safestack.h ../include/openssl/sha.h 141d1_both.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
141d1_both.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h 142d1_both.o: ../include/openssl/sha.h ../include/openssl/ssl.h
142d1_both.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h 143d1_both.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
143d1_both.o: ../include/openssl/stack.h ../include/openssl/symhacks.h 144d1_both.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
144d1_both.o: ../include/openssl/tls1.h ../include/openssl/x509.h 145d1_both.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
145d1_both.o: ../include/openssl/x509_vfy.h d1_both.c ssl_locl.h 146d1_both.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h d1_both.c
147d1_both.o: ssl_locl.h
146d1_clnt.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h 148d1_clnt.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
147d1_clnt.o: ../include/openssl/bn.h ../include/openssl/buffer.h 149d1_clnt.o: ../include/openssl/bn.h ../include/openssl/buffer.h
148d1_clnt.o: ../include/openssl/comp.h ../include/openssl/crypto.h 150d1_clnt.o: ../include/openssl/comp.h ../include/openssl/crypto.h
@@ -150,20 +152,21 @@ d1_clnt.o: ../include/openssl/dh.h ../include/openssl/dsa.h
150d1_clnt.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h 152d1_clnt.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h
151d1_clnt.o: ../include/openssl/ec.h ../include/openssl/ecdh.h 153d1_clnt.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
152d1_clnt.o: ../include/openssl/ecdsa.h ../include/openssl/err.h 154d1_clnt.o: ../include/openssl/ecdsa.h ../include/openssl/err.h
153d1_clnt.o: ../include/openssl/evp.h ../include/openssl/kssl.h 155d1_clnt.o: ../include/openssl/evp.h ../include/openssl/hmac.h
154d1_clnt.o: ../include/openssl/lhash.h ../include/openssl/md5.h 156d1_clnt.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
155d1_clnt.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h 157d1_clnt.o: ../include/openssl/md5.h ../include/openssl/obj_mac.h
156d1_clnt.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h 158d1_clnt.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
157d1_clnt.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h 159d1_clnt.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
158d1_clnt.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h 160d1_clnt.o: ../include/openssl/pem.h ../include/openssl/pem2.h
159d1_clnt.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h 161d1_clnt.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h
160d1_clnt.o: ../include/openssl/rand.h ../include/openssl/rsa.h 162d1_clnt.o: ../include/openssl/pqueue.h ../include/openssl/rand.h
161d1_clnt.o: ../include/openssl/safestack.h ../include/openssl/sha.h 163d1_clnt.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
162d1_clnt.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h 164d1_clnt.o: ../include/openssl/sha.h ../include/openssl/ssl.h
163d1_clnt.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h 165d1_clnt.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
164d1_clnt.o: ../include/openssl/stack.h ../include/openssl/symhacks.h 166d1_clnt.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
165d1_clnt.o: ../include/openssl/tls1.h ../include/openssl/x509.h 167d1_clnt.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
166d1_clnt.o: ../include/openssl/x509_vfy.h d1_clnt.c kssl_lcl.h ssl_locl.h 168d1_clnt.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h d1_clnt.c
169d1_clnt.o: kssl_lcl.h ssl_locl.h
167d1_enc.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h 170d1_enc.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
168d1_enc.o: ../include/openssl/bn.h ../include/openssl/buffer.h 171d1_enc.o: ../include/openssl/bn.h ../include/openssl/buffer.h
169d1_enc.o: ../include/openssl/comp.h ../include/openssl/crypto.h 172d1_enc.o: ../include/openssl/comp.h ../include/openssl/crypto.h
@@ -192,19 +195,19 @@ d1_lib.o: ../include/openssl/dsa.h ../include/openssl/dtls1.h
192d1_lib.o: ../include/openssl/e_os2.h ../include/openssl/ec.h 195d1_lib.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
193d1_lib.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h 196d1_lib.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
194d1_lib.o: ../include/openssl/err.h ../include/openssl/evp.h 197d1_lib.o: ../include/openssl/err.h ../include/openssl/evp.h
195d1_lib.o: ../include/openssl/kssl.h ../include/openssl/lhash.h 198d1_lib.o: ../include/openssl/hmac.h ../include/openssl/kssl.h
196d1_lib.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h 199d1_lib.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
197d1_lib.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h 200d1_lib.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
198d1_lib.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h 201d1_lib.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
199d1_lib.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h 202d1_lib.o: ../include/openssl/pem.h ../include/openssl/pem2.h
200d1_lib.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h 203d1_lib.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h
201d1_lib.o: ../include/openssl/rsa.h ../include/openssl/safestack.h 204d1_lib.o: ../include/openssl/pqueue.h ../include/openssl/rsa.h
202d1_lib.o: ../include/openssl/sha.h ../include/openssl/ssl.h 205d1_lib.o: ../include/openssl/safestack.h ../include/openssl/sha.h
203d1_lib.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h 206d1_lib.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
204d1_lib.o: ../include/openssl/ssl3.h ../include/openssl/stack.h 207d1_lib.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
205d1_lib.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h 208d1_lib.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
206d1_lib.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h d1_lib.c 209d1_lib.o: ../include/openssl/tls1.h ../include/openssl/x509.h
207d1_lib.o: ssl_locl.h 210d1_lib.o: ../include/openssl/x509_vfy.h d1_lib.c ssl_locl.h
208d1_meth.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h 211d1_meth.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
209d1_meth.o: ../include/openssl/bn.h ../include/openssl/buffer.h 212d1_meth.o: ../include/openssl/bn.h ../include/openssl/buffer.h
210d1_meth.o: ../include/openssl/comp.h ../include/openssl/crypto.h 213d1_meth.o: ../include/openssl/comp.h ../include/openssl/crypto.h
@@ -212,19 +215,19 @@ d1_meth.o: ../include/openssl/dsa.h ../include/openssl/dtls1.h
212d1_meth.o: ../include/openssl/e_os2.h ../include/openssl/ec.h 215d1_meth.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
213d1_meth.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h 216d1_meth.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
214d1_meth.o: ../include/openssl/err.h ../include/openssl/evp.h 217d1_meth.o: ../include/openssl/err.h ../include/openssl/evp.h
215d1_meth.o: ../include/openssl/kssl.h ../include/openssl/lhash.h 218d1_meth.o: ../include/openssl/hmac.h ../include/openssl/kssl.h
216d1_meth.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h 219d1_meth.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
217d1_meth.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h 220d1_meth.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
218d1_meth.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h 221d1_meth.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
219d1_meth.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h 222d1_meth.o: ../include/openssl/pem.h ../include/openssl/pem2.h
220d1_meth.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h 223d1_meth.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h
221d1_meth.o: ../include/openssl/rsa.h ../include/openssl/safestack.h 224d1_meth.o: ../include/openssl/pqueue.h ../include/openssl/rsa.h
222d1_meth.o: ../include/openssl/sha.h ../include/openssl/ssl.h 225d1_meth.o: ../include/openssl/safestack.h ../include/openssl/sha.h
223d1_meth.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h 226d1_meth.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
224d1_meth.o: ../include/openssl/ssl3.h ../include/openssl/stack.h 227d1_meth.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
225d1_meth.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h 228d1_meth.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
226d1_meth.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h d1_meth.c 229d1_meth.o: ../include/openssl/tls1.h ../include/openssl/x509.h
227d1_meth.o: ssl_locl.h 230d1_meth.o: ../include/openssl/x509_vfy.h d1_meth.c ssl_locl.h
228d1_pkt.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h 231d1_pkt.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
229d1_pkt.o: ../include/openssl/bn.h ../include/openssl/buffer.h 232d1_pkt.o: ../include/openssl/bn.h ../include/openssl/buffer.h
230d1_pkt.o: ../include/openssl/comp.h ../include/openssl/crypto.h 233d1_pkt.o: ../include/openssl/comp.h ../include/openssl/crypto.h
@@ -232,19 +235,20 @@ d1_pkt.o: ../include/openssl/dsa.h ../include/openssl/dtls1.h
232d1_pkt.o: ../include/openssl/e_os2.h ../include/openssl/ec.h 235d1_pkt.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
233d1_pkt.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h 236d1_pkt.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
234d1_pkt.o: ../include/openssl/err.h ../include/openssl/evp.h 237d1_pkt.o: ../include/openssl/err.h ../include/openssl/evp.h
235d1_pkt.o: ../include/openssl/kssl.h ../include/openssl/lhash.h 238d1_pkt.o: ../include/openssl/hmac.h ../include/openssl/kssl.h
236d1_pkt.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h 239d1_pkt.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
237d1_pkt.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h 240d1_pkt.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
238d1_pkt.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h 241d1_pkt.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
239d1_pkt.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h 242d1_pkt.o: ../include/openssl/pem.h ../include/openssl/pem2.h
240d1_pkt.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h 243d1_pkt.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h
241d1_pkt.o: ../include/openssl/rand.h ../include/openssl/rsa.h 244d1_pkt.o: ../include/openssl/pqueue.h ../include/openssl/rand.h
242d1_pkt.o: ../include/openssl/safestack.h ../include/openssl/sha.h 245d1_pkt.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
243d1_pkt.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h 246d1_pkt.o: ../include/openssl/sha.h ../include/openssl/ssl.h
244d1_pkt.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h 247d1_pkt.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
245d1_pkt.o: ../include/openssl/stack.h ../include/openssl/symhacks.h 248d1_pkt.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
246d1_pkt.o: ../include/openssl/tls1.h ../include/openssl/x509.h 249d1_pkt.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
247d1_pkt.o: ../include/openssl/x509_vfy.h d1_pkt.c ssl_locl.h 250d1_pkt.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h d1_pkt.c
251d1_pkt.o: ssl_locl.h
248d1_srvr.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h 252d1_srvr.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
249d1_srvr.o: ../include/openssl/bn.h ../include/openssl/buffer.h 253d1_srvr.o: ../include/openssl/bn.h ../include/openssl/buffer.h
250d1_srvr.o: ../include/openssl/comp.h ../include/openssl/crypto.h 254d1_srvr.o: ../include/openssl/comp.h ../include/openssl/crypto.h
@@ -252,38 +256,40 @@ d1_srvr.o: ../include/openssl/dh.h ../include/openssl/dsa.h
252d1_srvr.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h 256d1_srvr.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h
253d1_srvr.o: ../include/openssl/ec.h ../include/openssl/ecdh.h 257d1_srvr.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
254d1_srvr.o: ../include/openssl/ecdsa.h ../include/openssl/err.h 258d1_srvr.o: ../include/openssl/ecdsa.h ../include/openssl/err.h
255d1_srvr.o: ../include/openssl/evp.h ../include/openssl/kssl.h 259d1_srvr.o: ../include/openssl/evp.h ../include/openssl/hmac.h
256d1_srvr.o: ../include/openssl/lhash.h ../include/openssl/md5.h 260d1_srvr.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
257d1_srvr.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h 261d1_srvr.o: ../include/openssl/md5.h ../include/openssl/obj_mac.h
258d1_srvr.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h 262d1_srvr.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
259d1_srvr.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h 263d1_srvr.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
260d1_srvr.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h 264d1_srvr.o: ../include/openssl/pem.h ../include/openssl/pem2.h
261d1_srvr.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h 265d1_srvr.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h
262d1_srvr.o: ../include/openssl/rand.h ../include/openssl/rsa.h 266d1_srvr.o: ../include/openssl/pqueue.h ../include/openssl/rand.h
263d1_srvr.o: ../include/openssl/safestack.h ../include/openssl/sha.h 267d1_srvr.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
264d1_srvr.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h 268d1_srvr.o: ../include/openssl/sha.h ../include/openssl/ssl.h
265d1_srvr.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h 269d1_srvr.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
266d1_srvr.o: ../include/openssl/stack.h ../include/openssl/symhacks.h 270d1_srvr.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
267d1_srvr.o: ../include/openssl/tls1.h ../include/openssl/x509.h 271d1_srvr.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
268d1_srvr.o: ../include/openssl/x509_vfy.h d1_srvr.c ssl_locl.h 272d1_srvr.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h d1_srvr.c
273d1_srvr.o: ssl_locl.h
269kssl.o: ../include/openssl/asn1.h ../include/openssl/bio.h 274kssl.o: ../include/openssl/asn1.h ../include/openssl/bio.h
270kssl.o: ../include/openssl/bn.h ../include/openssl/buffer.h 275kssl.o: ../include/openssl/bn.h ../include/openssl/buffer.h
271kssl.o: ../include/openssl/comp.h ../include/openssl/crypto.h 276kssl.o: ../include/openssl/comp.h ../include/openssl/crypto.h
272kssl.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h 277kssl.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h
273kssl.o: ../include/openssl/ec.h ../include/openssl/ecdh.h 278kssl.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
274kssl.o: ../include/openssl/ecdsa.h ../include/openssl/evp.h 279kssl.o: ../include/openssl/ecdsa.h ../include/openssl/evp.h
275kssl.o: ../include/openssl/krb5_asn.h ../include/openssl/kssl.h 280kssl.o: ../include/openssl/hmac.h ../include/openssl/krb5_asn.h
276kssl.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h 281kssl.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
277kssl.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h 282kssl.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
278kssl.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h 283kssl.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
279kssl.o: ../include/openssl/pem.h ../include/openssl/pem2.h 284kssl.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
280kssl.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h 285kssl.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
281kssl.o: ../include/openssl/pqueue.h ../include/openssl/safestack.h 286kssl.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h
282kssl.o: ../include/openssl/sha.h ../include/openssl/ssl.h 287kssl.o: ../include/openssl/safestack.h ../include/openssl/sha.h
283kssl.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h 288kssl.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
284kssl.o: ../include/openssl/ssl3.h ../include/openssl/stack.h 289kssl.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
285kssl.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h 290kssl.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
286kssl.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h kssl.c 291kssl.o: ../include/openssl/tls1.h ../include/openssl/x509.h
292kssl.o: ../include/openssl/x509_vfy.h kssl.c
287s23_clnt.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h 293s23_clnt.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
288s23_clnt.o: ../include/openssl/bn.h ../include/openssl/buffer.h 294s23_clnt.o: ../include/openssl/bn.h ../include/openssl/buffer.h
289s23_clnt.o: ../include/openssl/comp.h ../include/openssl/crypto.h 295s23_clnt.o: ../include/openssl/comp.h ../include/openssl/crypto.h
@@ -291,19 +297,20 @@ s23_clnt.o: ../include/openssl/dsa.h ../include/openssl/dtls1.h
291s23_clnt.o: ../include/openssl/e_os2.h ../include/openssl/ec.h 297s23_clnt.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
292s23_clnt.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h 298s23_clnt.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
293s23_clnt.o: ../include/openssl/err.h ../include/openssl/evp.h 299s23_clnt.o: ../include/openssl/err.h ../include/openssl/evp.h
294s23_clnt.o: ../include/openssl/kssl.h ../include/openssl/lhash.h 300s23_clnt.o: ../include/openssl/hmac.h ../include/openssl/kssl.h
295s23_clnt.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h 301s23_clnt.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
296s23_clnt.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h 302s23_clnt.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
297s23_clnt.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h 303s23_clnt.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
298s23_clnt.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h 304s23_clnt.o: ../include/openssl/pem.h ../include/openssl/pem2.h
299s23_clnt.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h 305s23_clnt.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h
300s23_clnt.o: ../include/openssl/rand.h ../include/openssl/rsa.h 306s23_clnt.o: ../include/openssl/pqueue.h ../include/openssl/rand.h
301s23_clnt.o: ../include/openssl/safestack.h ../include/openssl/sha.h 307s23_clnt.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
302s23_clnt.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h 308s23_clnt.o: ../include/openssl/sha.h ../include/openssl/ssl.h
303s23_clnt.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h 309s23_clnt.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
304s23_clnt.o: ../include/openssl/stack.h ../include/openssl/symhacks.h 310s23_clnt.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
305s23_clnt.o: ../include/openssl/tls1.h ../include/openssl/x509.h 311s23_clnt.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
306s23_clnt.o: ../include/openssl/x509_vfy.h s23_clnt.c ssl_locl.h 312s23_clnt.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h s23_clnt.c
313s23_clnt.o: ssl_locl.h
307s23_lib.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h 314s23_lib.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
308s23_lib.o: ../include/openssl/bn.h ../include/openssl/buffer.h 315s23_lib.o: ../include/openssl/bn.h ../include/openssl/buffer.h
309s23_lib.o: ../include/openssl/comp.h ../include/openssl/crypto.h 316s23_lib.o: ../include/openssl/comp.h ../include/openssl/crypto.h
@@ -311,19 +318,19 @@ s23_lib.o: ../include/openssl/dsa.h ../include/openssl/dtls1.h
311s23_lib.o: ../include/openssl/e_os2.h ../include/openssl/ec.h 318s23_lib.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
312s23_lib.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h 319s23_lib.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
313s23_lib.o: ../include/openssl/err.h ../include/openssl/evp.h 320s23_lib.o: ../include/openssl/err.h ../include/openssl/evp.h
314s23_lib.o: ../include/openssl/kssl.h ../include/openssl/lhash.h 321s23_lib.o: ../include/openssl/hmac.h ../include/openssl/kssl.h
315s23_lib.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h 322s23_lib.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
316s23_lib.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h 323s23_lib.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
317s23_lib.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h 324s23_lib.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
318s23_lib.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h 325s23_lib.o: ../include/openssl/pem.h ../include/openssl/pem2.h
319s23_lib.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h 326s23_lib.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h
320s23_lib.o: ../include/openssl/rsa.h ../include/openssl/safestack.h 327s23_lib.o: ../include/openssl/pqueue.h ../include/openssl/rsa.h
321s23_lib.o: ../include/openssl/sha.h ../include/openssl/ssl.h 328s23_lib.o: ../include/openssl/safestack.h ../include/openssl/sha.h
322s23_lib.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h 329s23_lib.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
323s23_lib.o: ../include/openssl/ssl3.h ../include/openssl/stack.h 330s23_lib.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
324s23_lib.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h 331s23_lib.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
325s23_lib.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h s23_lib.c 332s23_lib.o: ../include/openssl/tls1.h ../include/openssl/x509.h
326s23_lib.o: ssl_locl.h 333s23_lib.o: ../include/openssl/x509_vfy.h s23_lib.c ssl_locl.h
327s23_meth.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h 334s23_meth.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
328s23_meth.o: ../include/openssl/bn.h ../include/openssl/buffer.h 335s23_meth.o: ../include/openssl/bn.h ../include/openssl/buffer.h
329s23_meth.o: ../include/openssl/comp.h ../include/openssl/crypto.h 336s23_meth.o: ../include/openssl/comp.h ../include/openssl/crypto.h
@@ -331,19 +338,19 @@ s23_meth.o: ../include/openssl/dsa.h ../include/openssl/dtls1.h
331s23_meth.o: ../include/openssl/e_os2.h ../include/openssl/ec.h 338s23_meth.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
332s23_meth.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h 339s23_meth.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
333s23_meth.o: ../include/openssl/err.h ../include/openssl/evp.h 340s23_meth.o: ../include/openssl/err.h ../include/openssl/evp.h
334s23_meth.o: ../include/openssl/kssl.h ../include/openssl/lhash.h 341s23_meth.o: ../include/openssl/hmac.h ../include/openssl/kssl.h
335s23_meth.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h 342s23_meth.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
336s23_meth.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h 343s23_meth.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
337s23_meth.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h 344s23_meth.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
338s23_meth.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h 345s23_meth.o: ../include/openssl/pem.h ../include/openssl/pem2.h
339s23_meth.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h 346s23_meth.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h
340s23_meth.o: ../include/openssl/rsa.h ../include/openssl/safestack.h 347s23_meth.o: ../include/openssl/pqueue.h ../include/openssl/rsa.h
341s23_meth.o: ../include/openssl/sha.h ../include/openssl/ssl.h 348s23_meth.o: ../include/openssl/safestack.h ../include/openssl/sha.h
342s23_meth.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h 349s23_meth.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
343s23_meth.o: ../include/openssl/ssl3.h ../include/openssl/stack.h 350s23_meth.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
344s23_meth.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h 351s23_meth.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
345s23_meth.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h s23_meth.c 352s23_meth.o: ../include/openssl/tls1.h ../include/openssl/x509.h
346s23_meth.o: ssl_locl.h 353s23_meth.o: ../include/openssl/x509_vfy.h s23_meth.c ssl_locl.h
347s23_pkt.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h 354s23_pkt.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
348s23_pkt.o: ../include/openssl/bn.h ../include/openssl/buffer.h 355s23_pkt.o: ../include/openssl/bn.h ../include/openssl/buffer.h
349s23_pkt.o: ../include/openssl/comp.h ../include/openssl/crypto.h 356s23_pkt.o: ../include/openssl/comp.h ../include/openssl/crypto.h
@@ -351,19 +358,19 @@ s23_pkt.o: ../include/openssl/dsa.h ../include/openssl/dtls1.h
351s23_pkt.o: ../include/openssl/e_os2.h ../include/openssl/ec.h 358s23_pkt.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
352s23_pkt.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h 359s23_pkt.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
353s23_pkt.o: ../include/openssl/err.h ../include/openssl/evp.h 360s23_pkt.o: ../include/openssl/err.h ../include/openssl/evp.h
354s23_pkt.o: ../include/openssl/kssl.h ../include/openssl/lhash.h 361s23_pkt.o: ../include/openssl/hmac.h ../include/openssl/kssl.h
355s23_pkt.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h 362s23_pkt.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
356s23_pkt.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h 363s23_pkt.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
357s23_pkt.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h 364s23_pkt.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
358s23_pkt.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h 365s23_pkt.o: ../include/openssl/pem.h ../include/openssl/pem2.h
359s23_pkt.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h 366s23_pkt.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h
360s23_pkt.o: ../include/openssl/rsa.h ../include/openssl/safestack.h 367s23_pkt.o: ../include/openssl/pqueue.h ../include/openssl/rsa.h
361s23_pkt.o: ../include/openssl/sha.h ../include/openssl/ssl.h 368s23_pkt.o: ../include/openssl/safestack.h ../include/openssl/sha.h
362s23_pkt.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h 369s23_pkt.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
363s23_pkt.o: ../include/openssl/ssl3.h ../include/openssl/stack.h 370s23_pkt.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
364s23_pkt.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h 371s23_pkt.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
365s23_pkt.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h s23_pkt.c 372s23_pkt.o: ../include/openssl/tls1.h ../include/openssl/x509.h
366s23_pkt.o: ssl_locl.h 373s23_pkt.o: ../include/openssl/x509_vfy.h s23_pkt.c ssl_locl.h
367s23_srvr.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h 374s23_srvr.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
368s23_srvr.o: ../include/openssl/bn.h ../include/openssl/buffer.h 375s23_srvr.o: ../include/openssl/bn.h ../include/openssl/buffer.h
369s23_srvr.o: ../include/openssl/comp.h ../include/openssl/crypto.h 376s23_srvr.o: ../include/openssl/comp.h ../include/openssl/crypto.h
@@ -371,19 +378,20 @@ s23_srvr.o: ../include/openssl/dsa.h ../include/openssl/dtls1.h
371s23_srvr.o: ../include/openssl/e_os2.h ../include/openssl/ec.h 378s23_srvr.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
372s23_srvr.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h 379s23_srvr.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
373s23_srvr.o: ../include/openssl/err.h ../include/openssl/evp.h 380s23_srvr.o: ../include/openssl/err.h ../include/openssl/evp.h
374s23_srvr.o: ../include/openssl/kssl.h ../include/openssl/lhash.h 381s23_srvr.o: ../include/openssl/hmac.h ../include/openssl/kssl.h
375s23_srvr.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h 382s23_srvr.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
376s23_srvr.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h 383s23_srvr.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
377s23_srvr.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h 384s23_srvr.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
378s23_srvr.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h 385s23_srvr.o: ../include/openssl/pem.h ../include/openssl/pem2.h
379s23_srvr.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h 386s23_srvr.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h
380s23_srvr.o: ../include/openssl/rand.h ../include/openssl/rsa.h 387s23_srvr.o: ../include/openssl/pqueue.h ../include/openssl/rand.h
381s23_srvr.o: ../include/openssl/safestack.h ../include/openssl/sha.h 388s23_srvr.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
382s23_srvr.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h 389s23_srvr.o: ../include/openssl/sha.h ../include/openssl/ssl.h
383s23_srvr.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h 390s23_srvr.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
384s23_srvr.o: ../include/openssl/stack.h ../include/openssl/symhacks.h 391s23_srvr.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
385s23_srvr.o: ../include/openssl/tls1.h ../include/openssl/x509.h 392s23_srvr.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
386s23_srvr.o: ../include/openssl/x509_vfy.h s23_srvr.c ssl_locl.h 393s23_srvr.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h s23_srvr.c
394s23_srvr.o: ssl_locl.h
387s2_clnt.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h 395s2_clnt.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
388s2_clnt.o: ../include/openssl/bn.h ../include/openssl/buffer.h 396s2_clnt.o: ../include/openssl/bn.h ../include/openssl/buffer.h
389s2_clnt.o: ../include/openssl/comp.h ../include/openssl/crypto.h 397s2_clnt.o: ../include/openssl/comp.h ../include/openssl/crypto.h
@@ -391,19 +399,20 @@ s2_clnt.o: ../include/openssl/dsa.h ../include/openssl/dtls1.h
391s2_clnt.o: ../include/openssl/e_os2.h ../include/openssl/ec.h 399s2_clnt.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
392s2_clnt.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h 400s2_clnt.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
393s2_clnt.o: ../include/openssl/err.h ../include/openssl/evp.h 401s2_clnt.o: ../include/openssl/err.h ../include/openssl/evp.h
394s2_clnt.o: ../include/openssl/kssl.h ../include/openssl/lhash.h 402s2_clnt.o: ../include/openssl/hmac.h ../include/openssl/kssl.h
395s2_clnt.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h 403s2_clnt.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
396s2_clnt.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h 404s2_clnt.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
397s2_clnt.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h 405s2_clnt.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
398s2_clnt.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h 406s2_clnt.o: ../include/openssl/pem.h ../include/openssl/pem2.h
399s2_clnt.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h 407s2_clnt.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h
400s2_clnt.o: ../include/openssl/rand.h ../include/openssl/rsa.h 408s2_clnt.o: ../include/openssl/pqueue.h ../include/openssl/rand.h
401s2_clnt.o: ../include/openssl/safestack.h ../include/openssl/sha.h 409s2_clnt.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
402s2_clnt.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h 410s2_clnt.o: ../include/openssl/sha.h ../include/openssl/ssl.h
403s2_clnt.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h 411s2_clnt.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
404s2_clnt.o: ../include/openssl/stack.h ../include/openssl/symhacks.h 412s2_clnt.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
405s2_clnt.o: ../include/openssl/tls1.h ../include/openssl/x509.h 413s2_clnt.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
406s2_clnt.o: ../include/openssl/x509_vfy.h s2_clnt.c ssl_locl.h 414s2_clnt.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h s2_clnt.c
415s2_clnt.o: ssl_locl.h
407s2_enc.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h 416s2_enc.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
408s2_enc.o: ../include/openssl/bn.h ../include/openssl/buffer.h 417s2_enc.o: ../include/openssl/bn.h ../include/openssl/buffer.h
409s2_enc.o: ../include/openssl/comp.h ../include/openssl/crypto.h 418s2_enc.o: ../include/openssl/comp.h ../include/openssl/crypto.h
@@ -411,19 +420,19 @@ s2_enc.o: ../include/openssl/dsa.h ../include/openssl/dtls1.h
411s2_enc.o: ../include/openssl/e_os2.h ../include/openssl/ec.h 420s2_enc.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
412s2_enc.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h 421s2_enc.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
413s2_enc.o: ../include/openssl/err.h ../include/openssl/evp.h 422s2_enc.o: ../include/openssl/err.h ../include/openssl/evp.h
414s2_enc.o: ../include/openssl/kssl.h ../include/openssl/lhash.h 423s2_enc.o: ../include/openssl/hmac.h ../include/openssl/kssl.h
415s2_enc.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h 424s2_enc.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
416s2_enc.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h 425s2_enc.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
417s2_enc.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h 426s2_enc.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
418s2_enc.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h 427s2_enc.o: ../include/openssl/pem.h ../include/openssl/pem2.h
419s2_enc.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h 428s2_enc.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h
420s2_enc.o: ../include/openssl/rsa.h ../include/openssl/safestack.h 429s2_enc.o: ../include/openssl/pqueue.h ../include/openssl/rsa.h
421s2_enc.o: ../include/openssl/sha.h ../include/openssl/ssl.h 430s2_enc.o: ../include/openssl/safestack.h ../include/openssl/sha.h
422s2_enc.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h 431s2_enc.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
423s2_enc.o: ../include/openssl/ssl3.h ../include/openssl/stack.h 432s2_enc.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
424s2_enc.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h 433s2_enc.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
425s2_enc.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h s2_enc.c 434s2_enc.o: ../include/openssl/tls1.h ../include/openssl/x509.h
426s2_enc.o: ssl_locl.h 435s2_enc.o: ../include/openssl/x509_vfy.h s2_enc.c ssl_locl.h
427s2_lib.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h 436s2_lib.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
428s2_lib.o: ../include/openssl/bn.h ../include/openssl/buffer.h 437s2_lib.o: ../include/openssl/bn.h ../include/openssl/buffer.h
429s2_lib.o: ../include/openssl/comp.h ../include/openssl/crypto.h 438s2_lib.o: ../include/openssl/comp.h ../include/openssl/crypto.h
@@ -431,19 +440,20 @@ s2_lib.o: ../include/openssl/dsa.h ../include/openssl/dtls1.h
431s2_lib.o: ../include/openssl/e_os2.h ../include/openssl/ec.h 440s2_lib.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
432s2_lib.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h 441s2_lib.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
433s2_lib.o: ../include/openssl/err.h ../include/openssl/evp.h 442s2_lib.o: ../include/openssl/err.h ../include/openssl/evp.h
434s2_lib.o: ../include/openssl/kssl.h ../include/openssl/lhash.h 443s2_lib.o: ../include/openssl/hmac.h ../include/openssl/kssl.h
435s2_lib.o: ../include/openssl/md5.h ../include/openssl/obj_mac.h 444s2_lib.o: ../include/openssl/lhash.h ../include/openssl/md5.h
436s2_lib.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h 445s2_lib.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
437s2_lib.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h 446s2_lib.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
438s2_lib.o: ../include/openssl/pem.h ../include/openssl/pem2.h 447s2_lib.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
439s2_lib.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h 448s2_lib.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
440s2_lib.o: ../include/openssl/pqueue.h ../include/openssl/rsa.h 449s2_lib.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h
441s2_lib.o: ../include/openssl/safestack.h ../include/openssl/sha.h 450s2_lib.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
442s2_lib.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h 451s2_lib.o: ../include/openssl/sha.h ../include/openssl/ssl.h
443s2_lib.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h 452s2_lib.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
444s2_lib.o: ../include/openssl/stack.h ../include/openssl/symhacks.h 453s2_lib.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
445s2_lib.o: ../include/openssl/tls1.h ../include/openssl/x509.h 454s2_lib.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
446s2_lib.o: ../include/openssl/x509_vfy.h s2_lib.c ssl_locl.h 455s2_lib.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h s2_lib.c
456s2_lib.o: ssl_locl.h
447s2_meth.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h 457s2_meth.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
448s2_meth.o: ../include/openssl/bn.h ../include/openssl/buffer.h 458s2_meth.o: ../include/openssl/bn.h ../include/openssl/buffer.h
449s2_meth.o: ../include/openssl/comp.h ../include/openssl/crypto.h 459s2_meth.o: ../include/openssl/comp.h ../include/openssl/crypto.h
@@ -451,19 +461,19 @@ s2_meth.o: ../include/openssl/dsa.h ../include/openssl/dtls1.h
451s2_meth.o: ../include/openssl/e_os2.h ../include/openssl/ec.h 461s2_meth.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
452s2_meth.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h 462s2_meth.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
453s2_meth.o: ../include/openssl/err.h ../include/openssl/evp.h 463s2_meth.o: ../include/openssl/err.h ../include/openssl/evp.h
454s2_meth.o: ../include/openssl/kssl.h ../include/openssl/lhash.h 464s2_meth.o: ../include/openssl/hmac.h ../include/openssl/kssl.h
455s2_meth.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h 465s2_meth.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
456s2_meth.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h 466s2_meth.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
457s2_meth.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h 467s2_meth.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
458s2_meth.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h 468s2_meth.o: ../include/openssl/pem.h ../include/openssl/pem2.h
459s2_meth.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h 469s2_meth.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h
460s2_meth.o: ../include/openssl/rsa.h ../include/openssl/safestack.h 470s2_meth.o: ../include/openssl/pqueue.h ../include/openssl/rsa.h
461s2_meth.o: ../include/openssl/sha.h ../include/openssl/ssl.h 471s2_meth.o: ../include/openssl/safestack.h ../include/openssl/sha.h
462s2_meth.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h 472s2_meth.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
463s2_meth.o: ../include/openssl/ssl3.h ../include/openssl/stack.h 473s2_meth.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
464s2_meth.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h 474s2_meth.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
465s2_meth.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h s2_meth.c 475s2_meth.o: ../include/openssl/tls1.h ../include/openssl/x509.h
466s2_meth.o: ssl_locl.h 476s2_meth.o: ../include/openssl/x509_vfy.h s2_meth.c ssl_locl.h
467s2_pkt.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h 477s2_pkt.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
468s2_pkt.o: ../include/openssl/bn.h ../include/openssl/buffer.h 478s2_pkt.o: ../include/openssl/bn.h ../include/openssl/buffer.h
469s2_pkt.o: ../include/openssl/comp.h ../include/openssl/crypto.h 479s2_pkt.o: ../include/openssl/comp.h ../include/openssl/crypto.h
@@ -471,19 +481,19 @@ s2_pkt.o: ../include/openssl/dsa.h ../include/openssl/dtls1.h
471s2_pkt.o: ../include/openssl/e_os2.h ../include/openssl/ec.h 481s2_pkt.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
472s2_pkt.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h 482s2_pkt.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
473s2_pkt.o: ../include/openssl/err.h ../include/openssl/evp.h 483s2_pkt.o: ../include/openssl/err.h ../include/openssl/evp.h
474s2_pkt.o: ../include/openssl/kssl.h ../include/openssl/lhash.h 484s2_pkt.o: ../include/openssl/hmac.h ../include/openssl/kssl.h
475s2_pkt.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h 485s2_pkt.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
476s2_pkt.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h 486s2_pkt.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
477s2_pkt.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h 487s2_pkt.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
478s2_pkt.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h 488s2_pkt.o: ../include/openssl/pem.h ../include/openssl/pem2.h
479s2_pkt.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h 489s2_pkt.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h
480s2_pkt.o: ../include/openssl/rsa.h ../include/openssl/safestack.h 490s2_pkt.o: ../include/openssl/pqueue.h ../include/openssl/rsa.h
481s2_pkt.o: ../include/openssl/sha.h ../include/openssl/ssl.h 491s2_pkt.o: ../include/openssl/safestack.h ../include/openssl/sha.h
482s2_pkt.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h 492s2_pkt.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
483s2_pkt.o: ../include/openssl/ssl3.h ../include/openssl/stack.h 493s2_pkt.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
484s2_pkt.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h 494s2_pkt.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
485s2_pkt.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h s2_pkt.c 495s2_pkt.o: ../include/openssl/tls1.h ../include/openssl/x509.h
486s2_pkt.o: ssl_locl.h 496s2_pkt.o: ../include/openssl/x509_vfy.h s2_pkt.c ssl_locl.h
487s2_srvr.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h 497s2_srvr.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
488s2_srvr.o: ../include/openssl/bn.h ../include/openssl/buffer.h 498s2_srvr.o: ../include/openssl/bn.h ../include/openssl/buffer.h
489s2_srvr.o: ../include/openssl/comp.h ../include/openssl/crypto.h 499s2_srvr.o: ../include/openssl/comp.h ../include/openssl/crypto.h
@@ -491,19 +501,20 @@ s2_srvr.o: ../include/openssl/dsa.h ../include/openssl/dtls1.h
491s2_srvr.o: ../include/openssl/e_os2.h ../include/openssl/ec.h 501s2_srvr.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
492s2_srvr.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h 502s2_srvr.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
493s2_srvr.o: ../include/openssl/err.h ../include/openssl/evp.h 503s2_srvr.o: ../include/openssl/err.h ../include/openssl/evp.h
494s2_srvr.o: ../include/openssl/kssl.h ../include/openssl/lhash.h 504s2_srvr.o: ../include/openssl/hmac.h ../include/openssl/kssl.h
495s2_srvr.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h 505s2_srvr.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
496s2_srvr.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h 506s2_srvr.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
497s2_srvr.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h 507s2_srvr.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
498s2_srvr.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h 508s2_srvr.o: ../include/openssl/pem.h ../include/openssl/pem2.h
499s2_srvr.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h 509s2_srvr.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h
500s2_srvr.o: ../include/openssl/rand.h ../include/openssl/rsa.h 510s2_srvr.o: ../include/openssl/pqueue.h ../include/openssl/rand.h
501s2_srvr.o: ../include/openssl/safestack.h ../include/openssl/sha.h 511s2_srvr.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
502s2_srvr.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h 512s2_srvr.o: ../include/openssl/sha.h ../include/openssl/ssl.h
503s2_srvr.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h 513s2_srvr.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
504s2_srvr.o: ../include/openssl/stack.h ../include/openssl/symhacks.h 514s2_srvr.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
505s2_srvr.o: ../include/openssl/tls1.h ../include/openssl/x509.h 515s2_srvr.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
506s2_srvr.o: ../include/openssl/x509_vfy.h s2_srvr.c ssl_locl.h 516s2_srvr.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h s2_srvr.c
517s2_srvr.o: ssl_locl.h
507s3_both.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h 518s3_both.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
508s3_both.o: ../include/openssl/bn.h ../include/openssl/buffer.h 519s3_both.o: ../include/openssl/bn.h ../include/openssl/buffer.h
509s3_both.o: ../include/openssl/comp.h ../include/openssl/crypto.h 520s3_both.o: ../include/openssl/comp.h ../include/openssl/crypto.h
@@ -511,27 +522,29 @@ s3_both.o: ../include/openssl/dsa.h ../include/openssl/dtls1.h
511s3_both.o: ../include/openssl/e_os2.h ../include/openssl/ec.h 522s3_both.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
512s3_both.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h 523s3_both.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
513s3_both.o: ../include/openssl/err.h ../include/openssl/evp.h 524s3_both.o: ../include/openssl/err.h ../include/openssl/evp.h
514s3_both.o: ../include/openssl/kssl.h ../include/openssl/lhash.h 525s3_both.o: ../include/openssl/hmac.h ../include/openssl/kssl.h
515s3_both.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h 526s3_both.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
516s3_both.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h 527s3_both.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
517s3_both.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h 528s3_both.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
518s3_both.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h 529s3_both.o: ../include/openssl/pem.h ../include/openssl/pem2.h
519s3_both.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h 530s3_both.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h
520s3_both.o: ../include/openssl/rand.h ../include/openssl/rsa.h 531s3_both.o: ../include/openssl/pqueue.h ../include/openssl/rand.h
521s3_both.o: ../include/openssl/safestack.h ../include/openssl/sha.h 532s3_both.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
522s3_both.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h 533s3_both.o: ../include/openssl/sha.h ../include/openssl/ssl.h
523s3_both.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h 534s3_both.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
524s3_both.o: ../include/openssl/stack.h ../include/openssl/symhacks.h 535s3_both.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
525s3_both.o: ../include/openssl/tls1.h ../include/openssl/x509.h 536s3_both.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
526s3_both.o: ../include/openssl/x509_vfy.h s3_both.c ssl_locl.h 537s3_both.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h s3_both.c
538s3_both.o: ssl_locl.h
527s3_clnt.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h 539s3_clnt.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
528s3_clnt.o: ../include/openssl/bn.h ../include/openssl/buffer.h 540s3_clnt.o: ../include/openssl/bn.h ../include/openssl/buffer.h
529s3_clnt.o: ../include/openssl/comp.h ../include/openssl/crypto.h 541s3_clnt.o: ../include/openssl/comp.h ../include/openssl/crypto.h
530s3_clnt.o: ../include/openssl/dh.h ../include/openssl/dsa.h 542s3_clnt.o: ../include/openssl/dh.h ../include/openssl/dsa.h
531s3_clnt.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h 543s3_clnt.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h
532s3_clnt.o: ../include/openssl/ec.h ../include/openssl/ecdh.h 544s3_clnt.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
533s3_clnt.o: ../include/openssl/ecdsa.h ../include/openssl/err.h 545s3_clnt.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
534s3_clnt.o: ../include/openssl/evp.h ../include/openssl/kssl.h 546s3_clnt.o: ../include/openssl/err.h ../include/openssl/evp.h
547s3_clnt.o: ../include/openssl/hmac.h ../include/openssl/kssl.h
535s3_clnt.o: ../include/openssl/lhash.h ../include/openssl/md5.h 548s3_clnt.o: ../include/openssl/lhash.h ../include/openssl/md5.h
536s3_clnt.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h 549s3_clnt.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
537s3_clnt.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h 550s3_clnt.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
@@ -552,19 +565,20 @@ s3_enc.o: ../include/openssl/dsa.h ../include/openssl/dtls1.h
552s3_enc.o: ../include/openssl/e_os2.h ../include/openssl/ec.h 565s3_enc.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
553s3_enc.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h 566s3_enc.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
554s3_enc.o: ../include/openssl/err.h ../include/openssl/evp.h 567s3_enc.o: ../include/openssl/err.h ../include/openssl/evp.h
555s3_enc.o: ../include/openssl/kssl.h ../include/openssl/lhash.h 568s3_enc.o: ../include/openssl/hmac.h ../include/openssl/kssl.h
556s3_enc.o: ../include/openssl/md5.h ../include/openssl/obj_mac.h 569s3_enc.o: ../include/openssl/lhash.h ../include/openssl/md5.h
557s3_enc.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h 570s3_enc.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
558s3_enc.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h 571s3_enc.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
559s3_enc.o: ../include/openssl/pem.h ../include/openssl/pem2.h 572s3_enc.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
560s3_enc.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h 573s3_enc.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
561s3_enc.o: ../include/openssl/pqueue.h ../include/openssl/rsa.h 574s3_enc.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h
562s3_enc.o: ../include/openssl/safestack.h ../include/openssl/sha.h 575s3_enc.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
563s3_enc.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h 576s3_enc.o: ../include/openssl/sha.h ../include/openssl/ssl.h
564s3_enc.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h 577s3_enc.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
565s3_enc.o: ../include/openssl/stack.h ../include/openssl/symhacks.h 578s3_enc.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
566s3_enc.o: ../include/openssl/tls1.h ../include/openssl/x509.h 579s3_enc.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
567s3_enc.o: ../include/openssl/x509_vfy.h s3_enc.c ssl_locl.h 580s3_enc.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h s3_enc.c
581s3_enc.o: ssl_locl.h
568s3_lib.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h 582s3_lib.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
569s3_lib.o: ../include/openssl/bn.h ../include/openssl/buffer.h 583s3_lib.o: ../include/openssl/bn.h ../include/openssl/buffer.h
570s3_lib.o: ../include/openssl/comp.h ../include/openssl/crypto.h 584s3_lib.o: ../include/openssl/comp.h ../include/openssl/crypto.h
@@ -572,20 +586,20 @@ s3_lib.o: ../include/openssl/dh.h ../include/openssl/dsa.h
572s3_lib.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h 586s3_lib.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h
573s3_lib.o: ../include/openssl/ec.h ../include/openssl/ecdh.h 587s3_lib.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
574s3_lib.o: ../include/openssl/ecdsa.h ../include/openssl/err.h 588s3_lib.o: ../include/openssl/ecdsa.h ../include/openssl/err.h
575s3_lib.o: ../include/openssl/evp.h ../include/openssl/kssl.h 589s3_lib.o: ../include/openssl/evp.h ../include/openssl/hmac.h
576s3_lib.o: ../include/openssl/lhash.h ../include/openssl/md5.h 590s3_lib.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
577s3_lib.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h 591s3_lib.o: ../include/openssl/md5.h ../include/openssl/obj_mac.h
578s3_lib.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h 592s3_lib.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
579s3_lib.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h 593s3_lib.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
580s3_lib.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h 594s3_lib.o: ../include/openssl/pem.h ../include/openssl/pem2.h
581s3_lib.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h 595s3_lib.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h
582s3_lib.o: ../include/openssl/rsa.h ../include/openssl/safestack.h 596s3_lib.o: ../include/openssl/pqueue.h ../include/openssl/rsa.h
583s3_lib.o: ../include/openssl/sha.h ../include/openssl/ssl.h 597s3_lib.o: ../include/openssl/safestack.h ../include/openssl/sha.h
584s3_lib.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h 598s3_lib.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
585s3_lib.o: ../include/openssl/ssl3.h ../include/openssl/stack.h 599s3_lib.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
586s3_lib.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h 600s3_lib.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
587s3_lib.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h kssl_lcl.h 601s3_lib.o: ../include/openssl/tls1.h ../include/openssl/x509.h
588s3_lib.o: s3_lib.c ssl_locl.h 602s3_lib.o: ../include/openssl/x509_vfy.h kssl_lcl.h s3_lib.c ssl_locl.h
589s3_meth.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h 603s3_meth.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
590s3_meth.o: ../include/openssl/bn.h ../include/openssl/buffer.h 604s3_meth.o: ../include/openssl/bn.h ../include/openssl/buffer.h
591s3_meth.o: ../include/openssl/comp.h ../include/openssl/crypto.h 605s3_meth.o: ../include/openssl/comp.h ../include/openssl/crypto.h
@@ -593,19 +607,19 @@ s3_meth.o: ../include/openssl/dsa.h ../include/openssl/dtls1.h
593s3_meth.o: ../include/openssl/e_os2.h ../include/openssl/ec.h 607s3_meth.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
594s3_meth.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h 608s3_meth.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
595s3_meth.o: ../include/openssl/err.h ../include/openssl/evp.h 609s3_meth.o: ../include/openssl/err.h ../include/openssl/evp.h
596s3_meth.o: ../include/openssl/kssl.h ../include/openssl/lhash.h 610s3_meth.o: ../include/openssl/hmac.h ../include/openssl/kssl.h
597s3_meth.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h 611s3_meth.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
598s3_meth.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h 612s3_meth.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
599s3_meth.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h 613s3_meth.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
600s3_meth.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h 614s3_meth.o: ../include/openssl/pem.h ../include/openssl/pem2.h
601s3_meth.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h 615s3_meth.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h
602s3_meth.o: ../include/openssl/rsa.h ../include/openssl/safestack.h 616s3_meth.o: ../include/openssl/pqueue.h ../include/openssl/rsa.h
603s3_meth.o: ../include/openssl/sha.h ../include/openssl/ssl.h 617s3_meth.o: ../include/openssl/safestack.h ../include/openssl/sha.h
604s3_meth.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h 618s3_meth.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
605s3_meth.o: ../include/openssl/ssl3.h ../include/openssl/stack.h 619s3_meth.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
606s3_meth.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h 620s3_meth.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
607s3_meth.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h s3_meth.c 621s3_meth.o: ../include/openssl/tls1.h ../include/openssl/x509.h
608s3_meth.o: ssl_locl.h 622s3_meth.o: ../include/openssl/x509_vfy.h s3_meth.c ssl_locl.h
609s3_pkt.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h 623s3_pkt.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
610s3_pkt.o: ../include/openssl/bn.h ../include/openssl/buffer.h 624s3_pkt.o: ../include/openssl/bn.h ../include/openssl/buffer.h
611s3_pkt.o: ../include/openssl/comp.h ../include/openssl/crypto.h 625s3_pkt.o: ../include/openssl/comp.h ../include/openssl/crypto.h
@@ -613,19 +627,19 @@ s3_pkt.o: ../include/openssl/dsa.h ../include/openssl/dtls1.h
613s3_pkt.o: ../include/openssl/e_os2.h ../include/openssl/ec.h 627s3_pkt.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
614s3_pkt.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h 628s3_pkt.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
615s3_pkt.o: ../include/openssl/err.h ../include/openssl/evp.h 629s3_pkt.o: ../include/openssl/err.h ../include/openssl/evp.h
616s3_pkt.o: ../include/openssl/kssl.h ../include/openssl/lhash.h 630s3_pkt.o: ../include/openssl/hmac.h ../include/openssl/kssl.h
617s3_pkt.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h 631s3_pkt.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
618s3_pkt.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h 632s3_pkt.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
619s3_pkt.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h 633s3_pkt.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
620s3_pkt.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h 634s3_pkt.o: ../include/openssl/pem.h ../include/openssl/pem2.h
621s3_pkt.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h 635s3_pkt.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h
622s3_pkt.o: ../include/openssl/rsa.h ../include/openssl/safestack.h 636s3_pkt.o: ../include/openssl/pqueue.h ../include/openssl/rsa.h
623s3_pkt.o: ../include/openssl/sha.h ../include/openssl/ssl.h 637s3_pkt.o: ../include/openssl/safestack.h ../include/openssl/sha.h
624s3_pkt.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h 638s3_pkt.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
625s3_pkt.o: ../include/openssl/ssl3.h ../include/openssl/stack.h 639s3_pkt.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
626s3_pkt.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h 640s3_pkt.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
627s3_pkt.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h s3_pkt.c 641s3_pkt.o: ../include/openssl/tls1.h ../include/openssl/x509.h
628s3_pkt.o: ssl_locl.h 642s3_pkt.o: ../include/openssl/x509_vfy.h s3_pkt.c ssl_locl.h
629s3_srvr.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h 643s3_srvr.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
630s3_srvr.o: ../include/openssl/bn.h ../include/openssl/buffer.h 644s3_srvr.o: ../include/openssl/bn.h ../include/openssl/buffer.h
631s3_srvr.o: ../include/openssl/comp.h ../include/openssl/crypto.h 645s3_srvr.o: ../include/openssl/comp.h ../include/openssl/crypto.h
@@ -655,19 +669,19 @@ ssl_algs.o: ../include/openssl/dsa.h ../include/openssl/dtls1.h
655ssl_algs.o: ../include/openssl/e_os2.h ../include/openssl/ec.h 669ssl_algs.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
656ssl_algs.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h 670ssl_algs.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
657ssl_algs.o: ../include/openssl/err.h ../include/openssl/evp.h 671ssl_algs.o: ../include/openssl/err.h ../include/openssl/evp.h
658ssl_algs.o: ../include/openssl/kssl.h ../include/openssl/lhash.h 672ssl_algs.o: ../include/openssl/hmac.h ../include/openssl/kssl.h
659ssl_algs.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h 673ssl_algs.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
660ssl_algs.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h 674ssl_algs.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
661ssl_algs.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h 675ssl_algs.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
662ssl_algs.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h 676ssl_algs.o: ../include/openssl/pem.h ../include/openssl/pem2.h
663ssl_algs.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h 677ssl_algs.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h
664ssl_algs.o: ../include/openssl/rsa.h ../include/openssl/safestack.h 678ssl_algs.o: ../include/openssl/pqueue.h ../include/openssl/rsa.h
665ssl_algs.o: ../include/openssl/sha.h ../include/openssl/ssl.h 679ssl_algs.o: ../include/openssl/safestack.h ../include/openssl/sha.h
666ssl_algs.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h 680ssl_algs.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
667ssl_algs.o: ../include/openssl/ssl3.h ../include/openssl/stack.h 681ssl_algs.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
668ssl_algs.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h 682ssl_algs.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
669ssl_algs.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssl_algs.c 683ssl_algs.o: ../include/openssl/tls1.h ../include/openssl/x509.h
670ssl_algs.o: ssl_locl.h 684ssl_algs.o: ../include/openssl/x509_vfy.h ssl_algs.c ssl_locl.h
671ssl_asn1.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/asn1_mac.h 685ssl_asn1.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/asn1_mac.h
672ssl_asn1.o: ../include/openssl/bio.h ../include/openssl/bn.h 686ssl_asn1.o: ../include/openssl/bio.h ../include/openssl/bn.h
673ssl_asn1.o: ../include/openssl/buffer.h ../include/openssl/comp.h 687ssl_asn1.o: ../include/openssl/buffer.h ../include/openssl/comp.h
@@ -675,19 +689,20 @@ ssl_asn1.o: ../include/openssl/crypto.h ../include/openssl/dsa.h
675ssl_asn1.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h 689ssl_asn1.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h
676ssl_asn1.o: ../include/openssl/ec.h ../include/openssl/ecdh.h 690ssl_asn1.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
677ssl_asn1.o: ../include/openssl/ecdsa.h ../include/openssl/err.h 691ssl_asn1.o: ../include/openssl/ecdsa.h ../include/openssl/err.h
678ssl_asn1.o: ../include/openssl/evp.h ../include/openssl/kssl.h 692ssl_asn1.o: ../include/openssl/evp.h ../include/openssl/hmac.h
679ssl_asn1.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h 693ssl_asn1.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
680ssl_asn1.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h 694ssl_asn1.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
681ssl_asn1.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h 695ssl_asn1.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
682ssl_asn1.o: ../include/openssl/pem.h ../include/openssl/pem2.h 696ssl_asn1.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
683ssl_asn1.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h 697ssl_asn1.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
684ssl_asn1.o: ../include/openssl/pqueue.h ../include/openssl/rsa.h 698ssl_asn1.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h
685ssl_asn1.o: ../include/openssl/safestack.h ../include/openssl/sha.h 699ssl_asn1.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
686ssl_asn1.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h 700ssl_asn1.o: ../include/openssl/sha.h ../include/openssl/ssl.h
687ssl_asn1.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h 701ssl_asn1.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
688ssl_asn1.o: ../include/openssl/stack.h ../include/openssl/symhacks.h 702ssl_asn1.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
689ssl_asn1.o: ../include/openssl/tls1.h ../include/openssl/x509.h 703ssl_asn1.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
690ssl_asn1.o: ../include/openssl/x509_vfy.h ssl_asn1.c ssl_locl.h 704ssl_asn1.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssl_asn1.c
705ssl_asn1.o: ssl_locl.h
691ssl_cert.o: ../crypto/o_dir.h ../e_os.h ../include/openssl/asn1.h 706ssl_cert.o: ../crypto/o_dir.h ../e_os.h ../include/openssl/asn1.h
692ssl_cert.o: ../include/openssl/bio.h ../include/openssl/bn.h 707ssl_cert.o: ../include/openssl/bio.h ../include/openssl/bn.h
693ssl_cert.o: ../include/openssl/buffer.h ../include/openssl/comp.h 708ssl_cert.o: ../include/openssl/buffer.h ../include/openssl/comp.h
@@ -696,20 +711,20 @@ ssl_cert.o: ../include/openssl/dh.h ../include/openssl/dsa.h
696ssl_cert.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h 711ssl_cert.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h
697ssl_cert.o: ../include/openssl/ec.h ../include/openssl/ecdh.h 712ssl_cert.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
698ssl_cert.o: ../include/openssl/ecdsa.h ../include/openssl/err.h 713ssl_cert.o: ../include/openssl/ecdsa.h ../include/openssl/err.h
699ssl_cert.o: ../include/openssl/evp.h ../include/openssl/kssl.h 714ssl_cert.o: ../include/openssl/evp.h ../include/openssl/hmac.h
700ssl_cert.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h 715ssl_cert.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
701ssl_cert.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h 716ssl_cert.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
702ssl_cert.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h 717ssl_cert.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
703ssl_cert.o: ../include/openssl/pem.h ../include/openssl/pem2.h 718ssl_cert.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
704ssl_cert.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h 719ssl_cert.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
705ssl_cert.o: ../include/openssl/pqueue.h ../include/openssl/rsa.h 720ssl_cert.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h
706ssl_cert.o: ../include/openssl/safestack.h ../include/openssl/sha.h 721ssl_cert.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
707ssl_cert.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h 722ssl_cert.o: ../include/openssl/sha.h ../include/openssl/ssl.h
708ssl_cert.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h 723ssl_cert.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
709ssl_cert.o: ../include/openssl/stack.h ../include/openssl/symhacks.h 724ssl_cert.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
710ssl_cert.o: ../include/openssl/tls1.h ../include/openssl/x509.h 725ssl_cert.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
711ssl_cert.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h 726ssl_cert.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
712ssl_cert.o: ssl_cert.c ssl_locl.h 727ssl_cert.o: ../include/openssl/x509v3.h ssl_cert.c ssl_locl.h
713ssl_ciph.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h 728ssl_ciph.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
714ssl_ciph.o: ../include/openssl/bn.h ../include/openssl/buffer.h 729ssl_ciph.o: ../include/openssl/bn.h ../include/openssl/buffer.h
715ssl_ciph.o: ../include/openssl/comp.h ../include/openssl/crypto.h 730ssl_ciph.o: ../include/openssl/comp.h ../include/openssl/crypto.h
@@ -717,55 +732,57 @@ ssl_ciph.o: ../include/openssl/dsa.h ../include/openssl/dtls1.h
717ssl_ciph.o: ../include/openssl/e_os2.h ../include/openssl/ec.h 732ssl_ciph.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
718ssl_ciph.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h 733ssl_ciph.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
719ssl_ciph.o: ../include/openssl/err.h ../include/openssl/evp.h 734ssl_ciph.o: ../include/openssl/err.h ../include/openssl/evp.h
720ssl_ciph.o: ../include/openssl/kssl.h ../include/openssl/lhash.h 735ssl_ciph.o: ../include/openssl/hmac.h ../include/openssl/kssl.h
721ssl_ciph.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h 736ssl_ciph.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
722ssl_ciph.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h 737ssl_ciph.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
723ssl_ciph.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h 738ssl_ciph.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
724ssl_ciph.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h 739ssl_ciph.o: ../include/openssl/pem.h ../include/openssl/pem2.h
725ssl_ciph.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h 740ssl_ciph.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h
726ssl_ciph.o: ../include/openssl/rsa.h ../include/openssl/safestack.h 741ssl_ciph.o: ../include/openssl/pqueue.h ../include/openssl/rsa.h
727ssl_ciph.o: ../include/openssl/sha.h ../include/openssl/ssl.h 742ssl_ciph.o: ../include/openssl/safestack.h ../include/openssl/sha.h
728ssl_ciph.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h 743ssl_ciph.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
729ssl_ciph.o: ../include/openssl/ssl3.h ../include/openssl/stack.h 744ssl_ciph.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
730ssl_ciph.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h 745ssl_ciph.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
731ssl_ciph.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssl_ciph.c 746ssl_ciph.o: ../include/openssl/tls1.h ../include/openssl/x509.h
732ssl_ciph.o: ssl_locl.h 747ssl_ciph.o: ../include/openssl/x509_vfy.h ssl_ciph.c ssl_locl.h
733ssl_err.o: ../include/openssl/asn1.h ../include/openssl/bio.h 748ssl_err.o: ../include/openssl/asn1.h ../include/openssl/bio.h
734ssl_err.o: ../include/openssl/bn.h ../include/openssl/buffer.h 749ssl_err.o: ../include/openssl/bn.h ../include/openssl/buffer.h
735ssl_err.o: ../include/openssl/comp.h ../include/openssl/crypto.h 750ssl_err.o: ../include/openssl/comp.h ../include/openssl/crypto.h
736ssl_err.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h 751ssl_err.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h
737ssl_err.o: ../include/openssl/ec.h ../include/openssl/ecdh.h 752ssl_err.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
738ssl_err.o: ../include/openssl/ecdsa.h ../include/openssl/err.h 753ssl_err.o: ../include/openssl/ecdsa.h ../include/openssl/err.h
739ssl_err.o: ../include/openssl/evp.h ../include/openssl/kssl.h 754ssl_err.o: ../include/openssl/evp.h ../include/openssl/hmac.h
740ssl_err.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h 755ssl_err.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
741ssl_err.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h 756ssl_err.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
742ssl_err.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h 757ssl_err.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
743ssl_err.o: ../include/openssl/pem.h ../include/openssl/pem2.h 758ssl_err.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
744ssl_err.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h 759ssl_err.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
745ssl_err.o: ../include/openssl/pqueue.h ../include/openssl/safestack.h 760ssl_err.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h
746ssl_err.o: ../include/openssl/sha.h ../include/openssl/ssl.h 761ssl_err.o: ../include/openssl/safestack.h ../include/openssl/sha.h
747ssl_err.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h 762ssl_err.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
748ssl_err.o: ../include/openssl/ssl3.h ../include/openssl/stack.h 763ssl_err.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
749ssl_err.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h 764ssl_err.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
750ssl_err.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssl_err.c 765ssl_err.o: ../include/openssl/tls1.h ../include/openssl/x509.h
766ssl_err.o: ../include/openssl/x509_vfy.h ssl_err.c
751ssl_err2.o: ../include/openssl/asn1.h ../include/openssl/bio.h 767ssl_err2.o: ../include/openssl/asn1.h ../include/openssl/bio.h
752ssl_err2.o: ../include/openssl/bn.h ../include/openssl/buffer.h 768ssl_err2.o: ../include/openssl/bn.h ../include/openssl/buffer.h
753ssl_err2.o: ../include/openssl/comp.h ../include/openssl/crypto.h 769ssl_err2.o: ../include/openssl/comp.h ../include/openssl/crypto.h
754ssl_err2.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h 770ssl_err2.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h
755ssl_err2.o: ../include/openssl/ec.h ../include/openssl/ecdh.h 771ssl_err2.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
756ssl_err2.o: ../include/openssl/ecdsa.h ../include/openssl/err.h 772ssl_err2.o: ../include/openssl/ecdsa.h ../include/openssl/err.h
757ssl_err2.o: ../include/openssl/evp.h ../include/openssl/kssl.h 773ssl_err2.o: ../include/openssl/evp.h ../include/openssl/hmac.h
758ssl_err2.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h 774ssl_err2.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
759ssl_err2.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h 775ssl_err2.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
760ssl_err2.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h 776ssl_err2.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
761ssl_err2.o: ../include/openssl/pem.h ../include/openssl/pem2.h 777ssl_err2.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
762ssl_err2.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h 778ssl_err2.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
763ssl_err2.o: ../include/openssl/pqueue.h ../include/openssl/safestack.h 779ssl_err2.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h
764ssl_err2.o: ../include/openssl/sha.h ../include/openssl/ssl.h 780ssl_err2.o: ../include/openssl/safestack.h ../include/openssl/sha.h
765ssl_err2.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h 781ssl_err2.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
766ssl_err2.o: ../include/openssl/ssl3.h ../include/openssl/stack.h 782ssl_err2.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
767ssl_err2.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h 783ssl_err2.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
768ssl_err2.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssl_err2.c 784ssl_err2.o: ../include/openssl/tls1.h ../include/openssl/x509.h
785ssl_err2.o: ../include/openssl/x509_vfy.h ssl_err2.c
769ssl_lib.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h 786ssl_lib.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
770ssl_lib.o: ../include/openssl/bn.h ../include/openssl/buffer.h 787ssl_lib.o: ../include/openssl/bn.h ../include/openssl/buffer.h
771ssl_lib.o: ../include/openssl/comp.h ../include/openssl/conf.h 788ssl_lib.o: ../include/openssl/comp.h ../include/openssl/conf.h
@@ -773,7 +790,8 @@ ssl_lib.o: ../include/openssl/crypto.h ../include/openssl/dh.h
773ssl_lib.o: ../include/openssl/dsa.h ../include/openssl/dtls1.h 790ssl_lib.o: ../include/openssl/dsa.h ../include/openssl/dtls1.h
774ssl_lib.o: ../include/openssl/e_os2.h ../include/openssl/ec.h 791ssl_lib.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
775ssl_lib.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h 792ssl_lib.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
776ssl_lib.o: ../include/openssl/err.h ../include/openssl/evp.h 793ssl_lib.o: ../include/openssl/engine.h ../include/openssl/err.h
794ssl_lib.o: ../include/openssl/evp.h ../include/openssl/hmac.h
777ssl_lib.o: ../include/openssl/kssl.h ../include/openssl/lhash.h 795ssl_lib.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
778ssl_lib.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h 796ssl_lib.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
779ssl_lib.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h 797ssl_lib.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h
@@ -795,26 +813,27 @@ ssl_rsa.o: ../include/openssl/dsa.h ../include/openssl/dtls1.h
795ssl_rsa.o: ../include/openssl/e_os2.h ../include/openssl/ec.h 813ssl_rsa.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
796ssl_rsa.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h 814ssl_rsa.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
797ssl_rsa.o: ../include/openssl/err.h ../include/openssl/evp.h 815ssl_rsa.o: ../include/openssl/err.h ../include/openssl/evp.h
798ssl_rsa.o: ../include/openssl/kssl.h ../include/openssl/lhash.h 816ssl_rsa.o: ../include/openssl/hmac.h ../include/openssl/kssl.h
799ssl_rsa.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h 817ssl_rsa.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
800ssl_rsa.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h 818ssl_rsa.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
801ssl_rsa.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h 819ssl_rsa.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
802ssl_rsa.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h 820ssl_rsa.o: ../include/openssl/pem.h ../include/openssl/pem2.h
803ssl_rsa.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h 821ssl_rsa.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h
804ssl_rsa.o: ../include/openssl/rsa.h ../include/openssl/safestack.h 822ssl_rsa.o: ../include/openssl/pqueue.h ../include/openssl/rsa.h
805ssl_rsa.o: ../include/openssl/sha.h ../include/openssl/ssl.h 823ssl_rsa.o: ../include/openssl/safestack.h ../include/openssl/sha.h
806ssl_rsa.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h 824ssl_rsa.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
807ssl_rsa.o: ../include/openssl/ssl3.h ../include/openssl/stack.h 825ssl_rsa.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
808ssl_rsa.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h 826ssl_rsa.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
809ssl_rsa.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssl_locl.h 827ssl_rsa.o: ../include/openssl/tls1.h ../include/openssl/x509.h
810ssl_rsa.o: ssl_rsa.c 828ssl_rsa.o: ../include/openssl/x509_vfy.h ssl_locl.h ssl_rsa.c
811ssl_sess.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h 829ssl_sess.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
812ssl_sess.o: ../include/openssl/bn.h ../include/openssl/buffer.h 830ssl_sess.o: ../include/openssl/bn.h ../include/openssl/buffer.h
813ssl_sess.o: ../include/openssl/comp.h ../include/openssl/crypto.h 831ssl_sess.o: ../include/openssl/comp.h ../include/openssl/crypto.h
814ssl_sess.o: ../include/openssl/dsa.h ../include/openssl/dtls1.h 832ssl_sess.o: ../include/openssl/dsa.h ../include/openssl/dtls1.h
815ssl_sess.o: ../include/openssl/e_os2.h ../include/openssl/ec.h 833ssl_sess.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
816ssl_sess.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h 834ssl_sess.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
817ssl_sess.o: ../include/openssl/err.h ../include/openssl/evp.h 835ssl_sess.o: ../include/openssl/engine.h ../include/openssl/err.h
836ssl_sess.o: ../include/openssl/evp.h ../include/openssl/hmac.h
818ssl_sess.o: ../include/openssl/kssl.h ../include/openssl/lhash.h 837ssl_sess.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
819ssl_sess.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h 838ssl_sess.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
820ssl_sess.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h 839ssl_sess.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
@@ -835,19 +854,19 @@ ssl_stat.o: ../include/openssl/dsa.h ../include/openssl/dtls1.h
835ssl_stat.o: ../include/openssl/e_os2.h ../include/openssl/ec.h 854ssl_stat.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
836ssl_stat.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h 855ssl_stat.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
837ssl_stat.o: ../include/openssl/err.h ../include/openssl/evp.h 856ssl_stat.o: ../include/openssl/err.h ../include/openssl/evp.h
838ssl_stat.o: ../include/openssl/kssl.h ../include/openssl/lhash.h 857ssl_stat.o: ../include/openssl/hmac.h ../include/openssl/kssl.h
839ssl_stat.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h 858ssl_stat.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
840ssl_stat.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h 859ssl_stat.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
841ssl_stat.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h 860ssl_stat.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
842ssl_stat.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h 861ssl_stat.o: ../include/openssl/pem.h ../include/openssl/pem2.h
843ssl_stat.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h 862ssl_stat.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h
844ssl_stat.o: ../include/openssl/rsa.h ../include/openssl/safestack.h 863ssl_stat.o: ../include/openssl/pqueue.h ../include/openssl/rsa.h
845ssl_stat.o: ../include/openssl/sha.h ../include/openssl/ssl.h 864ssl_stat.o: ../include/openssl/safestack.h ../include/openssl/sha.h
846ssl_stat.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h 865ssl_stat.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
847ssl_stat.o: ../include/openssl/ssl3.h ../include/openssl/stack.h 866ssl_stat.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
848ssl_stat.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h 867ssl_stat.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
849ssl_stat.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssl_locl.h 868ssl_stat.o: ../include/openssl/tls1.h ../include/openssl/x509.h
850ssl_stat.o: ssl_stat.c 869ssl_stat.o: ../include/openssl/x509_vfy.h ssl_locl.h ssl_stat.c
851ssl_txt.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h 870ssl_txt.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
852ssl_txt.o: ../include/openssl/bn.h ../include/openssl/buffer.h 871ssl_txt.o: ../include/openssl/bn.h ../include/openssl/buffer.h
853ssl_txt.o: ../include/openssl/comp.h ../include/openssl/crypto.h 872ssl_txt.o: ../include/openssl/comp.h ../include/openssl/crypto.h
@@ -855,19 +874,19 @@ ssl_txt.o: ../include/openssl/dsa.h ../include/openssl/dtls1.h
855ssl_txt.o: ../include/openssl/e_os2.h ../include/openssl/ec.h 874ssl_txt.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
856ssl_txt.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h 875ssl_txt.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
857ssl_txt.o: ../include/openssl/err.h ../include/openssl/evp.h 876ssl_txt.o: ../include/openssl/err.h ../include/openssl/evp.h
858ssl_txt.o: ../include/openssl/kssl.h ../include/openssl/lhash.h 877ssl_txt.o: ../include/openssl/hmac.h ../include/openssl/kssl.h
859ssl_txt.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h 878ssl_txt.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
860ssl_txt.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h 879ssl_txt.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
861ssl_txt.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h 880ssl_txt.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
862ssl_txt.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h 881ssl_txt.o: ../include/openssl/pem.h ../include/openssl/pem2.h
863ssl_txt.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h 882ssl_txt.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h
864ssl_txt.o: ../include/openssl/rsa.h ../include/openssl/safestack.h 883ssl_txt.o: ../include/openssl/pqueue.h ../include/openssl/rsa.h
865ssl_txt.o: ../include/openssl/sha.h ../include/openssl/ssl.h 884ssl_txt.o: ../include/openssl/safestack.h ../include/openssl/sha.h
866ssl_txt.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h 885ssl_txt.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
867ssl_txt.o: ../include/openssl/ssl3.h ../include/openssl/stack.h 886ssl_txt.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
868ssl_txt.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h 887ssl_txt.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
869ssl_txt.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssl_locl.h 888ssl_txt.o: ../include/openssl/tls1.h ../include/openssl/x509.h
870ssl_txt.o: ssl_txt.c 889ssl_txt.o: ../include/openssl/x509_vfy.h ssl_locl.h ssl_txt.c
871t1_clnt.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h 890t1_clnt.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
872t1_clnt.o: ../include/openssl/bn.h ../include/openssl/buffer.h 891t1_clnt.o: ../include/openssl/bn.h ../include/openssl/buffer.h
873t1_clnt.o: ../include/openssl/comp.h ../include/openssl/crypto.h 892t1_clnt.o: ../include/openssl/comp.h ../include/openssl/crypto.h
@@ -875,19 +894,20 @@ t1_clnt.o: ../include/openssl/dsa.h ../include/openssl/dtls1.h
875t1_clnt.o: ../include/openssl/e_os2.h ../include/openssl/ec.h 894t1_clnt.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
876t1_clnt.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h 895t1_clnt.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
877t1_clnt.o: ../include/openssl/err.h ../include/openssl/evp.h 896t1_clnt.o: ../include/openssl/err.h ../include/openssl/evp.h
878t1_clnt.o: ../include/openssl/kssl.h ../include/openssl/lhash.h 897t1_clnt.o: ../include/openssl/hmac.h ../include/openssl/kssl.h
879t1_clnt.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h 898t1_clnt.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
880t1_clnt.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h 899t1_clnt.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
881t1_clnt.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h 900t1_clnt.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
882t1_clnt.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h 901t1_clnt.o: ../include/openssl/pem.h ../include/openssl/pem2.h
883t1_clnt.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h 902t1_clnt.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h
884t1_clnt.o: ../include/openssl/rand.h ../include/openssl/rsa.h 903t1_clnt.o: ../include/openssl/pqueue.h ../include/openssl/rand.h
885t1_clnt.o: ../include/openssl/safestack.h ../include/openssl/sha.h 904t1_clnt.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
886t1_clnt.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h 905t1_clnt.o: ../include/openssl/sha.h ../include/openssl/ssl.h
887t1_clnt.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h 906t1_clnt.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
888t1_clnt.o: ../include/openssl/stack.h ../include/openssl/symhacks.h 907t1_clnt.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
889t1_clnt.o: ../include/openssl/tls1.h ../include/openssl/x509.h 908t1_clnt.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
890t1_clnt.o: ../include/openssl/x509_vfy.h ssl_locl.h t1_clnt.c 909t1_clnt.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssl_locl.h
910t1_clnt.o: t1_clnt.c
891t1_enc.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h 911t1_enc.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
892t1_enc.o: ../include/openssl/bn.h ../include/openssl/buffer.h 912t1_enc.o: ../include/openssl/bn.h ../include/openssl/buffer.h
893t1_enc.o: ../include/openssl/comp.h ../include/openssl/crypto.h 913t1_enc.o: ../include/openssl/comp.h ../include/openssl/crypto.h
@@ -938,19 +958,19 @@ t1_meth.o: ../include/openssl/dsa.h ../include/openssl/dtls1.h
938t1_meth.o: ../include/openssl/e_os2.h ../include/openssl/ec.h 958t1_meth.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
939t1_meth.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h 959t1_meth.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
940t1_meth.o: ../include/openssl/err.h ../include/openssl/evp.h 960t1_meth.o: ../include/openssl/err.h ../include/openssl/evp.h
941t1_meth.o: ../include/openssl/kssl.h ../include/openssl/lhash.h 961t1_meth.o: ../include/openssl/hmac.h ../include/openssl/kssl.h
942t1_meth.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h 962t1_meth.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
943t1_meth.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h 963t1_meth.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
944t1_meth.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h 964t1_meth.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
945t1_meth.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h 965t1_meth.o: ../include/openssl/pem.h ../include/openssl/pem2.h
946t1_meth.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h 966t1_meth.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h
947t1_meth.o: ../include/openssl/rsa.h ../include/openssl/safestack.h 967t1_meth.o: ../include/openssl/pqueue.h ../include/openssl/rsa.h
948t1_meth.o: ../include/openssl/sha.h ../include/openssl/ssl.h 968t1_meth.o: ../include/openssl/safestack.h ../include/openssl/sha.h
949t1_meth.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h 969t1_meth.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
950t1_meth.o: ../include/openssl/ssl3.h ../include/openssl/stack.h 970t1_meth.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
951t1_meth.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h 971t1_meth.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
952t1_meth.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssl_locl.h 972t1_meth.o: ../include/openssl/tls1.h ../include/openssl/x509.h
953t1_meth.o: t1_meth.c 973t1_meth.o: ../include/openssl/x509_vfy.h ssl_locl.h t1_meth.c
954t1_srvr.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h 974t1_srvr.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
955t1_srvr.o: ../include/openssl/bn.h ../include/openssl/buffer.h 975t1_srvr.o: ../include/openssl/bn.h ../include/openssl/buffer.h
956t1_srvr.o: ../include/openssl/comp.h ../include/openssl/crypto.h 976t1_srvr.o: ../include/openssl/comp.h ../include/openssl/crypto.h
@@ -958,16 +978,17 @@ t1_srvr.o: ../include/openssl/dsa.h ../include/openssl/dtls1.h
958t1_srvr.o: ../include/openssl/e_os2.h ../include/openssl/ec.h 978t1_srvr.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
959t1_srvr.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h 979t1_srvr.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
960t1_srvr.o: ../include/openssl/err.h ../include/openssl/evp.h 980t1_srvr.o: ../include/openssl/err.h ../include/openssl/evp.h
961t1_srvr.o: ../include/openssl/kssl.h ../include/openssl/lhash.h 981t1_srvr.o: ../include/openssl/hmac.h ../include/openssl/kssl.h
962t1_srvr.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h 982t1_srvr.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
963t1_srvr.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h 983t1_srvr.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
964t1_srvr.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h 984t1_srvr.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
965t1_srvr.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h 985t1_srvr.o: ../include/openssl/pem.h ../include/openssl/pem2.h
966t1_srvr.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h 986t1_srvr.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h
967t1_srvr.o: ../include/openssl/rand.h ../include/openssl/rsa.h 987t1_srvr.o: ../include/openssl/pqueue.h ../include/openssl/rand.h
968t1_srvr.o: ../include/openssl/safestack.h ../include/openssl/sha.h 988t1_srvr.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
969t1_srvr.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h 989t1_srvr.o: ../include/openssl/sha.h ../include/openssl/ssl.h
970t1_srvr.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h 990t1_srvr.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
971t1_srvr.o: ../include/openssl/stack.h ../include/openssl/symhacks.h 991t1_srvr.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
972t1_srvr.o: ../include/openssl/tls1.h ../include/openssl/x509.h 992t1_srvr.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
973t1_srvr.o: ../include/openssl/x509_vfy.h ssl_locl.h t1_srvr.c 993t1_srvr.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssl_locl.h
994t1_srvr.o: t1_srvr.c
diff --git a/src/lib/libssl/src/ssl/d1_clnt.c b/src/lib/libssl/src/ssl/d1_clnt.c
index 5e59dc845a..49c6760d19 100644
--- a/src/lib/libssl/src/ssl/d1_clnt.c
+++ b/src/lib/libssl/src/ssl/d1_clnt.c
@@ -1095,8 +1095,7 @@ int dtls1_send_client_certificate(SSL *s)
1095 * ssl->rwstate=SSL_X509_LOOKUP; return(-1); 1095 * ssl->rwstate=SSL_X509_LOOKUP; return(-1);
1096 * We then get retied later */ 1096 * We then get retied later */
1097 i=0; 1097 i=0;
1098 if (s->ctx->client_cert_cb != NULL) 1098 i = ssl_do_client_cert_cb(s, &x509, &pkey);
1099 i=s->ctx->client_cert_cb(s,&(x509),&(pkey));
1100 if (i < 0) 1099 if (i < 0)
1101 { 1100 {
1102 s->rwstate=SSL_X509_LOOKUP; 1101 s->rwstate=SSL_X509_LOOKUP;
diff --git a/src/lib/libssl/src/ssl/d1_pkt.c b/src/lib/libssl/src/ssl/d1_pkt.c
index 377696deac..b2765ba801 100644
--- a/src/lib/libssl/src/ssl/d1_pkt.c
+++ b/src/lib/libssl/src/ssl/d1_pkt.c
@@ -811,6 +811,14 @@ start:
811 * may be fragmented--don't always expect dest_maxlen bytes */ 811 * may be fragmented--don't always expect dest_maxlen bytes */
812 if ( rr->length < dest_maxlen) 812 if ( rr->length < dest_maxlen)
813 { 813 {
814#ifdef DTLS1_AD_MISSING_HANDSHAKE_MESSAGE
815 /*
816 * for normal alerts rr->length is 2, while
817 * dest_maxlen is 7 if we were to handle this
818 * non-existing alert...
819 */
820 FIX ME
821#endif
814 s->rstate=SSL_ST_READ_HEADER; 822 s->rstate=SSL_ST_READ_HEADER;
815 rr->length = 0; 823 rr->length = 0;
816 goto start; 824 goto start;
@@ -1251,7 +1259,7 @@ int dtls1_write_bytes(SSL *s, int type, const void *buf_, int len)
1251 else 1259 else
1252 s->s3->wnum += i; 1260 s->s3->wnum += i;
1253 1261
1254 return tot + i; 1262 return i;
1255 } 1263 }
1256 1264
1257int do_dtls1_write(SSL *s, int type, const unsigned char *buf, unsigned int len, int create_empty_fragment) 1265int do_dtls1_write(SSL *s, int type, const unsigned char *buf, unsigned int len, int create_empty_fragment)
@@ -1576,7 +1584,7 @@ int dtls1_dispatch_alert(SSL *s)
1576 { 1584 {
1577 int i,j; 1585 int i,j;
1578 void (*cb)(const SSL *ssl,int type,int val)=NULL; 1586 void (*cb)(const SSL *ssl,int type,int val)=NULL;
1579 unsigned char buf[2 + 2 + 3]; /* alert level + alert desc + message seq +frag_off */ 1587 unsigned char buf[DTLS1_AL_HEADER_LENGTH];
1580 unsigned char *ptr = &buf[0]; 1588 unsigned char *ptr = &buf[0];
1581 1589
1582 s->s3->alert_dispatch=0; 1590 s->s3->alert_dispatch=0;
@@ -1585,6 +1593,7 @@ int dtls1_dispatch_alert(SSL *s)
1585 *ptr++ = s->s3->send_alert[0]; 1593 *ptr++ = s->s3->send_alert[0];
1586 *ptr++ = s->s3->send_alert[1]; 1594 *ptr++ = s->s3->send_alert[1];
1587 1595
1596#ifdef DTLS1_AD_MISSING_HANDSHAKE_MESSAGE
1588 if (s->s3->send_alert[1] == DTLS1_AD_MISSING_HANDSHAKE_MESSAGE) 1597 if (s->s3->send_alert[1] == DTLS1_AD_MISSING_HANDSHAKE_MESSAGE)
1589 { 1598 {
1590 s2n(s->d1->handshake_read_seq, ptr); 1599 s2n(s->d1->handshake_read_seq, ptr);
@@ -1600,6 +1609,7 @@ int dtls1_dispatch_alert(SSL *s)
1600#endif 1609#endif
1601 l2n3(s->d1->r_msg_hdr.frag_off, ptr); 1610 l2n3(s->d1->r_msg_hdr.frag_off, ptr);
1602 } 1611 }
1612#endif
1603 1613
1604 i = do_dtls1_write(s, SSL3_RT_ALERT, &buf[0], sizeof(buf), 0); 1614 i = do_dtls1_write(s, SSL3_RT_ALERT, &buf[0], sizeof(buf), 0);
1605 if (i <= 0) 1615 if (i <= 0)
@@ -1609,8 +1619,11 @@ int dtls1_dispatch_alert(SSL *s)
1609 } 1619 }
1610 else 1620 else
1611 { 1621 {
1612 if ( s->s3->send_alert[0] == SSL3_AL_FATAL || 1622 if (s->s3->send_alert[0] == SSL3_AL_FATAL
1613 s->s3->send_alert[1] == DTLS1_AD_MISSING_HANDSHAKE_MESSAGE) 1623#ifdef DTLS1_AD_MISSING_HANDSHAKE_MESSAGE
1624 || s->s3->send_alert[1] == DTLS1_AD_MISSING_HANDSHAKE_MESSAGE
1625#endif
1626 )
1614 (void)BIO_flush(s->wbio); 1627 (void)BIO_flush(s->wbio);
1615 1628
1616 if (s->msg_callback) 1629 if (s->msg_callback)
diff --git a/src/lib/libssl/src/ssl/d1_srvr.c b/src/lib/libssl/src/ssl/d1_srvr.c
index 927b01f3c4..0bbf8ae7f3 100644
--- a/src/lib/libssl/src/ssl/d1_srvr.c
+++ b/src/lib/libssl/src/ssl/d1_srvr.c
@@ -732,7 +732,7 @@ int dtls1_send_server_hello(SSL *s)
732 732
733 d = dtls1_set_message_header(s, d, SSL3_MT_SERVER_HELLO, l, 0, l); 733 d = dtls1_set_message_header(s, d, SSL3_MT_SERVER_HELLO, l, 0, l);
734 734
735 s->state=SSL3_ST_CW_CLNT_HELLO_B; 735 s->state=SSL3_ST_SW_SRVR_HELLO_B;
736 /* number of bytes to write */ 736 /* number of bytes to write */
737 s->init_num=p-buf; 737 s->init_num=p-buf;
738 s->init_off=0; 738 s->init_off=0;
@@ -741,7 +741,7 @@ int dtls1_send_server_hello(SSL *s)
741 dtls1_buffer_message(s, 0); 741 dtls1_buffer_message(s, 0);
742 } 742 }
743 743
744 /* SSL3_ST_CW_CLNT_HELLO_B */ 744 /* SSL3_ST_SW_SRVR_HELLO_B */
745 return(dtls1_do_write(s,SSL3_RT_HANDSHAKE)); 745 return(dtls1_do_write(s,SSL3_RT_HANDSHAKE));
746 } 746 }
747 747
@@ -765,7 +765,7 @@ int dtls1_send_server_done(SSL *s)
765 dtls1_buffer_message(s, 0); 765 dtls1_buffer_message(s, 0);
766 } 766 }
767 767
768 /* SSL3_ST_CW_CLNT_HELLO_B */ 768 /* SSL3_ST_SW_SRVR_DONE_B */
769 return(dtls1_do_write(s,SSL3_RT_HANDSHAKE)); 769 return(dtls1_do_write(s,SSL3_RT_HANDSHAKE));
770 } 770 }
771 771
diff --git a/src/lib/libssl/src/ssl/dtls1.h b/src/lib/libssl/src/ssl/dtls1.h
index a663cf85f2..f159d37110 100644
--- a/src/lib/libssl/src/ssl/dtls1.h
+++ b/src/lib/libssl/src/ssl/dtls1.h
@@ -70,7 +70,10 @@ extern "C" {
70#define DTLS1_VERSION 0xFEFF 70#define DTLS1_VERSION 0xFEFF
71#define DTLS1_BAD_VER 0x0100 71#define DTLS1_BAD_VER 0x0100
72 72
73#if 0
74/* this alert description is not specified anywhere... */
73#define DTLS1_AD_MISSING_HANDSHAKE_MESSAGE 110 75#define DTLS1_AD_MISSING_HANDSHAKE_MESSAGE 110
76#endif
74 77
75/* lengths of messages */ 78/* lengths of messages */
76#define DTLS1_COOKIE_LENGTH 32 79#define DTLS1_COOKIE_LENGTH 32
@@ -84,7 +87,11 @@ extern "C" {
84 87
85#define DTLS1_CCS_HEADER_LENGTH 1 88#define DTLS1_CCS_HEADER_LENGTH 1
86 89
90#ifdef DTLS1_AD_MISSING_HANDSHAKE_MESSAGE
87#define DTLS1_AL_HEADER_LENGTH 7 91#define DTLS1_AL_HEADER_LENGTH 7
92#else
93#define DTLS1_AL_HEADER_LENGTH 2
94#endif
88 95
89 96
90typedef struct dtls1_bitmap_st 97typedef struct dtls1_bitmap_st
diff --git a/src/lib/libssl/src/ssl/s23_clnt.c b/src/lib/libssl/src/ssl/s23_clnt.c
index c45a8e0a04..bc918170e1 100644
--- a/src/lib/libssl/src/ssl/s23_clnt.c
+++ b/src/lib/libssl/src/ssl/s23_clnt.c
@@ -257,6 +257,14 @@ static int ssl23_client_hello(SSL *s)
257 version_major = TLS1_VERSION_MAJOR; 257 version_major = TLS1_VERSION_MAJOR;
258 version_minor = TLS1_VERSION_MINOR; 258 version_minor = TLS1_VERSION_MINOR;
259 } 259 }
260#ifdef OPENSSL_FIPS
261 else if(FIPS_mode())
262 {
263 SSLerr(SSL_F_SSL23_CLIENT_HELLO,
264 SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE);
265 return -1;
266 }
267#endif
260 else if (version == SSL3_VERSION) 268 else if (version == SSL3_VERSION)
261 { 269 {
262 version_major = SSL3_VERSION_MAJOR; 270 version_major = SSL3_VERSION_MAJOR;
@@ -536,6 +544,14 @@ static int ssl23_get_server_hello(SSL *s)
536 if ((p[2] == SSL3_VERSION_MINOR) && 544 if ((p[2] == SSL3_VERSION_MINOR) &&
537 !(s->options & SSL_OP_NO_SSLv3)) 545 !(s->options & SSL_OP_NO_SSLv3))
538 { 546 {
547#ifdef OPENSSL_FIPS
548 if(FIPS_mode())
549 {
550 SSLerr(SSL_F_SSL23_GET_SERVER_HELLO,
551 SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE);
552 goto err;
553 }
554#endif
539 s->version=SSL3_VERSION; 555 s->version=SSL3_VERSION;
540 s->method=SSLv3_client_method(); 556 s->method=SSLv3_client_method();
541 } 557 }
diff --git a/src/lib/libssl/src/ssl/s23_srvr.c b/src/lib/libssl/src/ssl/s23_srvr.c
index 6637bb9549..ba06e7ae2e 100644
--- a/src/lib/libssl/src/ssl/s23_srvr.c
+++ b/src/lib/libssl/src/ssl/s23_srvr.c
@@ -386,6 +386,15 @@ int ssl23_get_client_hello(SSL *s)
386 } 386 }
387 } 387 }
388 388
389#ifdef OPENSSL_FIPS
390 if (FIPS_mode() && (s->version < TLS1_VERSION))
391 {
392 SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,
393 SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE);
394 goto err;
395 }
396#endif
397
389 if (s->state == SSL23_ST_SR_CLNT_HELLO_B) 398 if (s->state == SSL23_ST_SR_CLNT_HELLO_B)
390 { 399 {
391 /* we have SSLv3/TLSv1 in an SSLv2 header 400 /* we have SSLv3/TLSv1 in an SSLv2 header
diff --git a/src/lib/libssl/src/ssl/s3_clnt.c b/src/lib/libssl/src/ssl/s3_clnt.c
index 9a87c1cfb3..9b823fddbd 100644
--- a/src/lib/libssl/src/ssl/s3_clnt.c
+++ b/src/lib/libssl/src/ssl/s3_clnt.c
@@ -130,10 +130,17 @@
130#include <openssl/objects.h> 130#include <openssl/objects.h>
131#include <openssl/evp.h> 131#include <openssl/evp.h>
132#include <openssl/md5.h> 132#include <openssl/md5.h>
133#ifdef OPENSSL_FIPS
134#include <openssl/fips.h>
135#endif
136
133#ifndef OPENSSL_NO_DH 137#ifndef OPENSSL_NO_DH
134#include <openssl/dh.h> 138#include <openssl/dh.h>
135#endif 139#endif
136#include <openssl/bn.h> 140#include <openssl/bn.h>
141#ifndef OPENSSL_NO_ENGINE
142#include <openssl/engine.h>
143#endif
137 144
138static SSL_METHOD *ssl3_get_client_method(int ver); 145static SSL_METHOD *ssl3_get_client_method(int ver);
139static int ca_dn_cmp(const X509_NAME * const *a,const X509_NAME * const *b); 146static int ca_dn_cmp(const X509_NAME * const *a,const X509_NAME * const *b);
@@ -1415,6 +1422,8 @@ int ssl3_get_key_exchange(SSL *s)
1415 q=md_buf; 1422 q=md_buf;
1416 for (num=2; num > 0; num--) 1423 for (num=2; num > 0; num--)
1417 { 1424 {
1425 EVP_MD_CTX_set_flags(&md_ctx,
1426 EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
1418 EVP_DigestInit_ex(&md_ctx,(num == 2) 1427 EVP_DigestInit_ex(&md_ctx,(num == 2)
1419 ?s->ctx->md5:s->ctx->sha1, NULL); 1428 ?s->ctx->md5:s->ctx->sha1, NULL);
1420 EVP_DigestUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE); 1429 EVP_DigestUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE);
@@ -2061,12 +2070,12 @@ int ssl3_send_client_key_exchange(SSL *s)
2061 { 2070 {
2062 DH *dh_srvr,*dh_clnt; 2071 DH *dh_srvr,*dh_clnt;
2063 2072
2064 if (s->session->sess_cert == NULL) 2073 if (s->session->sess_cert == NULL)
2065 { 2074 {
2066 ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_UNEXPECTED_MESSAGE); 2075 ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_UNEXPECTED_MESSAGE);
2067 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,SSL_R_UNEXPECTED_MESSAGE); 2076 SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,SSL_R_UNEXPECTED_MESSAGE);
2068 goto err; 2077 goto err;
2069 } 2078 }
2070 2079
2071 if (s->session->sess_cert->peer_dh_tmp != NULL) 2080 if (s->session->sess_cert->peer_dh_tmp != NULL)
2072 dh_srvr=s->session->sess_cert->peer_dh_tmp; 2081 dh_srvr=s->session->sess_cert->peer_dh_tmp;
@@ -2448,8 +2457,7 @@ int ssl3_send_client_certificate(SSL *s)
2448 * ssl->rwstate=SSL_X509_LOOKUP; return(-1); 2457 * ssl->rwstate=SSL_X509_LOOKUP; return(-1);
2449 * We then get retied later */ 2458 * We then get retied later */
2450 i=0; 2459 i=0;
2451 if (s->ctx->client_cert_cb != NULL) 2460 i = ssl_do_client_cert_cb(s, &x509, &pkey);
2452 i=s->ctx->client_cert_cb(s,&(x509),&(pkey));
2453 if (i < 0) 2461 if (i < 0)
2454 { 2462 {
2455 s->rwstate=SSL_X509_LOOKUP; 2463 s->rwstate=SSL_X509_LOOKUP;
@@ -2716,3 +2724,21 @@ static int ssl3_check_finished(SSL *s)
2716 return 1; 2724 return 1;
2717 } 2725 }
2718#endif 2726#endif
2727
2728int ssl_do_client_cert_cb(SSL *s, X509 **px509, EVP_PKEY **ppkey)
2729 {
2730 int i = 0;
2731#ifndef OPENSSL_NO_ENGINE
2732 if (s->ctx->client_cert_engine)
2733 {
2734 i = ENGINE_load_ssl_client_cert(s->ctx->client_cert_engine, s,
2735 SSL_get_client_CA_list(s),
2736 px509, ppkey, NULL, NULL, NULL);
2737 if (i != 0)
2738 return i;
2739 }
2740#endif
2741 if (s->ctx->client_cert_cb)
2742 i = s->ctx->client_cert_cb(s,px509,ppkey);
2743 return i;
2744 }
diff --git a/src/lib/libssl/src/ssl/s3_enc.c b/src/lib/libssl/src/ssl/s3_enc.c
index 2859351b00..06e54666b2 100644
--- a/src/lib/libssl/src/ssl/s3_enc.c
+++ b/src/lib/libssl/src/ssl/s3_enc.c
@@ -146,6 +146,7 @@ static int ssl3_generate_key_block(SSL *s, unsigned char *km, int num)
146#endif 146#endif
147 k=0; 147 k=0;
148 EVP_MD_CTX_init(&m5); 148 EVP_MD_CTX_init(&m5);
149 EVP_MD_CTX_set_flags(&m5, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
149 EVP_MD_CTX_init(&s1); 150 EVP_MD_CTX_init(&s1);
150 for (i=0; (int)i<num; i+=MD5_DIGEST_LENGTH) 151 for (i=0; (int)i<num; i+=MD5_DIGEST_LENGTH)
151 { 152 {
@@ -518,6 +519,8 @@ int ssl3_enc(SSL *s, int send)
518 519
519void ssl3_init_finished_mac(SSL *s) 520void ssl3_init_finished_mac(SSL *s)
520 { 521 {
522 EVP_MD_CTX_set_flags(&(s->s3->finish_dgst1),
523 EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
521 EVP_DigestInit_ex(&(s->s3->finish_dgst1),s->ctx->md5, NULL); 524 EVP_DigestInit_ex(&(s->s3->finish_dgst1),s->ctx->md5, NULL);
522 EVP_DigestInit_ex(&(s->s3->finish_dgst2),s->ctx->sha1, NULL); 525 EVP_DigestInit_ex(&(s->s3->finish_dgst2),s->ctx->sha1, NULL);
523 } 526 }
@@ -554,6 +557,7 @@ static int ssl3_handshake_mac(SSL *s, EVP_MD_CTX *in_ctx,
554 EVP_MD_CTX ctx; 557 EVP_MD_CTX ctx;
555 558
556 EVP_MD_CTX_init(&ctx); 559 EVP_MD_CTX_init(&ctx);
560 EVP_MD_CTX_set_flags(&ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
557 EVP_MD_CTX_copy_ex(&ctx,in_ctx); 561 EVP_MD_CTX_copy_ex(&ctx,in_ctx);
558 562
559 n=EVP_MD_CTX_size(&ctx); 563 n=EVP_MD_CTX_size(&ctx);
diff --git a/src/lib/libssl/src/ssl/s3_lib.c b/src/lib/libssl/src/ssl/s3_lib.c
index bdbcd44f27..8916a0b1b3 100644
--- a/src/lib/libssl/src/ssl/s3_lib.c
+++ b/src/lib/libssl/src/ssl/s3_lib.c
@@ -158,7 +158,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
158 SSL3_TXT_RSA_NULL_SHA, 158 SSL3_TXT_RSA_NULL_SHA,
159 SSL3_CK_RSA_NULL_SHA, 159 SSL3_CK_RSA_NULL_SHA,
160 SSL_kRSA|SSL_aRSA|SSL_eNULL |SSL_SHA1|SSL_SSLV3, 160 SSL_kRSA|SSL_aRSA|SSL_eNULL |SSL_SHA1|SSL_SSLV3,
161 SSL_NOT_EXP|SSL_STRONG_NONE, 161 SSL_NOT_EXP|SSL_STRONG_NONE|SSL_FIPS,
162 0, 162 0,
163 0, 163 0,
164 0, 164 0,
@@ -264,7 +264,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
264 SSL3_TXT_RSA_DES_192_CBC3_SHA, 264 SSL3_TXT_RSA_DES_192_CBC3_SHA,
265 SSL3_CK_RSA_DES_192_CBC3_SHA, 265 SSL3_CK_RSA_DES_192_CBC3_SHA,
266 SSL_kRSA|SSL_aRSA|SSL_3DES |SSL_SHA1|SSL_SSLV3, 266 SSL_kRSA|SSL_aRSA|SSL_3DES |SSL_SHA1|SSL_SSLV3,
267 SSL_NOT_EXP|SSL_HIGH, 267 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
268 0, 268 0,
269 168, 269 168,
270 168, 270 168,
@@ -304,7 +304,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
304 SSL3_TXT_DH_DSS_DES_192_CBC3_SHA, 304 SSL3_TXT_DH_DSS_DES_192_CBC3_SHA,
305 SSL3_CK_DH_DSS_DES_192_CBC3_SHA, 305 SSL3_CK_DH_DSS_DES_192_CBC3_SHA,
306 SSL_kDHd |SSL_aDH|SSL_3DES |SSL_SHA1|SSL_SSLV3, 306 SSL_kDHd |SSL_aDH|SSL_3DES |SSL_SHA1|SSL_SSLV3,
307 SSL_NOT_EXP|SSL_HIGH, 307 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
308 0, 308 0,
309 168, 309 168,
310 168, 310 168,
@@ -343,7 +343,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
343 SSL3_TXT_DH_RSA_DES_192_CBC3_SHA, 343 SSL3_TXT_DH_RSA_DES_192_CBC3_SHA,
344 SSL3_CK_DH_RSA_DES_192_CBC3_SHA, 344 SSL3_CK_DH_RSA_DES_192_CBC3_SHA,
345 SSL_kDHr |SSL_aDH|SSL_3DES |SSL_SHA1|SSL_SSLV3, 345 SSL_kDHr |SSL_aDH|SSL_3DES |SSL_SHA1|SSL_SSLV3,
346 SSL_NOT_EXP|SSL_HIGH, 346 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
347 0, 347 0,
348 168, 348 168,
349 168, 349 168,
@@ -384,7 +384,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
384 SSL3_TXT_EDH_DSS_DES_192_CBC3_SHA, 384 SSL3_TXT_EDH_DSS_DES_192_CBC3_SHA,
385 SSL3_CK_EDH_DSS_DES_192_CBC3_SHA, 385 SSL3_CK_EDH_DSS_DES_192_CBC3_SHA,
386 SSL_kEDH|SSL_aDSS|SSL_3DES |SSL_SHA1|SSL_SSLV3, 386 SSL_kEDH|SSL_aDSS|SSL_3DES |SSL_SHA1|SSL_SSLV3,
387 SSL_NOT_EXP|SSL_HIGH, 387 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
388 0, 388 0,
389 168, 389 168,
390 168, 390 168,
@@ -423,7 +423,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
423 SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA, 423 SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA,
424 SSL3_CK_EDH_RSA_DES_192_CBC3_SHA, 424 SSL3_CK_EDH_RSA_DES_192_CBC3_SHA,
425 SSL_kEDH|SSL_aRSA|SSL_3DES |SSL_SHA1|SSL_SSLV3, 425 SSL_kEDH|SSL_aRSA|SSL_3DES |SSL_SHA1|SSL_SSLV3,
426 SSL_NOT_EXP|SSL_HIGH, 426 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
427 0, 427 0,
428 168, 428 168,
429 168, 429 168,
@@ -488,7 +488,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
488 SSL3_TXT_ADH_DES_192_CBC_SHA, 488 SSL3_TXT_ADH_DES_192_CBC_SHA,
489 SSL3_CK_ADH_DES_192_CBC_SHA, 489 SSL3_CK_ADH_DES_192_CBC_SHA,
490 SSL_kEDH |SSL_aNULL|SSL_3DES |SSL_SHA1|SSL_SSLV3, 490 SSL_kEDH |SSL_aNULL|SSL_3DES |SSL_SHA1|SSL_SSLV3,
491 SSL_NOT_EXP|SSL_HIGH, 491 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
492 0, 492 0,
493 168, 493 168,
494 168, 494 168,
@@ -563,7 +563,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
563 SSL3_TXT_KRB5_DES_192_CBC3_SHA, 563 SSL3_TXT_KRB5_DES_192_CBC3_SHA,
564 SSL3_CK_KRB5_DES_192_CBC3_SHA, 564 SSL3_CK_KRB5_DES_192_CBC3_SHA,
565 SSL_kKRB5|SSL_aKRB5| SSL_3DES|SSL_SHA1 |SSL_SSLV3, 565 SSL_kKRB5|SSL_aKRB5| SSL_3DES|SSL_SHA1 |SSL_SSLV3,
566 SSL_NOT_EXP|SSL_HIGH, 566 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
567 0, 567 0,
568 168, 568 168,
569 168, 569 168,
@@ -747,7 +747,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
747 TLS1_TXT_RSA_WITH_AES_128_SHA, 747 TLS1_TXT_RSA_WITH_AES_128_SHA,
748 TLS1_CK_RSA_WITH_AES_128_SHA, 748 TLS1_CK_RSA_WITH_AES_128_SHA,
749 SSL_kRSA|SSL_aRSA|SSL_AES|SSL_SHA |SSL_TLSV1, 749 SSL_kRSA|SSL_aRSA|SSL_AES|SSL_SHA |SSL_TLSV1,
750 SSL_NOT_EXP|SSL_HIGH, 750 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
751 0, 751 0,
752 128, 752 128,
753 128, 753 128,
@@ -760,7 +760,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
760 TLS1_TXT_DH_DSS_WITH_AES_128_SHA, 760 TLS1_TXT_DH_DSS_WITH_AES_128_SHA,
761 TLS1_CK_DH_DSS_WITH_AES_128_SHA, 761 TLS1_CK_DH_DSS_WITH_AES_128_SHA,
762 SSL_kDHd|SSL_aDH|SSL_AES|SSL_SHA|SSL_TLSV1, 762 SSL_kDHd|SSL_aDH|SSL_AES|SSL_SHA|SSL_TLSV1,
763 SSL_NOT_EXP|SSL_HIGH, 763 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
764 0, 764 0,
765 128, 765 128,
766 128, 766 128,
@@ -773,7 +773,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
773 TLS1_TXT_DH_RSA_WITH_AES_128_SHA, 773 TLS1_TXT_DH_RSA_WITH_AES_128_SHA,
774 TLS1_CK_DH_RSA_WITH_AES_128_SHA, 774 TLS1_CK_DH_RSA_WITH_AES_128_SHA,
775 SSL_kDHr|SSL_aDH|SSL_AES|SSL_SHA|SSL_TLSV1, 775 SSL_kDHr|SSL_aDH|SSL_AES|SSL_SHA|SSL_TLSV1,
776 SSL_NOT_EXP|SSL_HIGH, 776 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
777 0, 777 0,
778 128, 778 128,
779 128, 779 128,
@@ -786,7 +786,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
786 TLS1_TXT_DHE_DSS_WITH_AES_128_SHA, 786 TLS1_TXT_DHE_DSS_WITH_AES_128_SHA,
787 TLS1_CK_DHE_DSS_WITH_AES_128_SHA, 787 TLS1_CK_DHE_DSS_WITH_AES_128_SHA,
788 SSL_kEDH|SSL_aDSS|SSL_AES|SSL_SHA|SSL_TLSV1, 788 SSL_kEDH|SSL_aDSS|SSL_AES|SSL_SHA|SSL_TLSV1,
789 SSL_NOT_EXP|SSL_HIGH, 789 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
790 0, 790 0,
791 128, 791 128,
792 128, 792 128,
@@ -799,7 +799,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
799 TLS1_TXT_DHE_RSA_WITH_AES_128_SHA, 799 TLS1_TXT_DHE_RSA_WITH_AES_128_SHA,
800 TLS1_CK_DHE_RSA_WITH_AES_128_SHA, 800 TLS1_CK_DHE_RSA_WITH_AES_128_SHA,
801 SSL_kEDH|SSL_aRSA|SSL_AES|SSL_SHA|SSL_TLSV1, 801 SSL_kEDH|SSL_aRSA|SSL_AES|SSL_SHA|SSL_TLSV1,
802 SSL_NOT_EXP|SSL_HIGH, 802 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
803 0, 803 0,
804 128, 804 128,
805 128, 805 128,
@@ -812,7 +812,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
812 TLS1_TXT_ADH_WITH_AES_128_SHA, 812 TLS1_TXT_ADH_WITH_AES_128_SHA,
813 TLS1_CK_ADH_WITH_AES_128_SHA, 813 TLS1_CK_ADH_WITH_AES_128_SHA,
814 SSL_kEDH|SSL_aNULL|SSL_AES|SSL_SHA|SSL_TLSV1, 814 SSL_kEDH|SSL_aNULL|SSL_AES|SSL_SHA|SSL_TLSV1,
815 SSL_NOT_EXP|SSL_HIGH, 815 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
816 0, 816 0,
817 128, 817 128,
818 128, 818 128,
@@ -826,7 +826,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
826 TLS1_TXT_RSA_WITH_AES_256_SHA, 826 TLS1_TXT_RSA_WITH_AES_256_SHA,
827 TLS1_CK_RSA_WITH_AES_256_SHA, 827 TLS1_CK_RSA_WITH_AES_256_SHA,
828 SSL_kRSA|SSL_aRSA|SSL_AES|SSL_SHA |SSL_TLSV1, 828 SSL_kRSA|SSL_aRSA|SSL_AES|SSL_SHA |SSL_TLSV1,
829 SSL_NOT_EXP|SSL_HIGH, 829 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
830 0, 830 0,
831 256, 831 256,
832 256, 832 256,
@@ -839,7 +839,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
839 TLS1_TXT_DH_DSS_WITH_AES_256_SHA, 839 TLS1_TXT_DH_DSS_WITH_AES_256_SHA,
840 TLS1_CK_DH_DSS_WITH_AES_256_SHA, 840 TLS1_CK_DH_DSS_WITH_AES_256_SHA,
841 SSL_kDHd|SSL_aDH|SSL_AES|SSL_SHA|SSL_TLSV1, 841 SSL_kDHd|SSL_aDH|SSL_AES|SSL_SHA|SSL_TLSV1,
842 SSL_NOT_EXP|SSL_HIGH, 842 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
843 0, 843 0,
844 256, 844 256,
845 256, 845 256,
@@ -852,7 +852,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
852 TLS1_TXT_DH_RSA_WITH_AES_256_SHA, 852 TLS1_TXT_DH_RSA_WITH_AES_256_SHA,
853 TLS1_CK_DH_RSA_WITH_AES_256_SHA, 853 TLS1_CK_DH_RSA_WITH_AES_256_SHA,
854 SSL_kDHr|SSL_aDH|SSL_AES|SSL_SHA|SSL_TLSV1, 854 SSL_kDHr|SSL_aDH|SSL_AES|SSL_SHA|SSL_TLSV1,
855 SSL_NOT_EXP|SSL_HIGH, 855 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
856 0, 856 0,
857 256, 857 256,
858 256, 858 256,
@@ -865,7 +865,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
865 TLS1_TXT_DHE_DSS_WITH_AES_256_SHA, 865 TLS1_TXT_DHE_DSS_WITH_AES_256_SHA,
866 TLS1_CK_DHE_DSS_WITH_AES_256_SHA, 866 TLS1_CK_DHE_DSS_WITH_AES_256_SHA,
867 SSL_kEDH|SSL_aDSS|SSL_AES|SSL_SHA|SSL_TLSV1, 867 SSL_kEDH|SSL_aDSS|SSL_AES|SSL_SHA|SSL_TLSV1,
868 SSL_NOT_EXP|SSL_HIGH, 868 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
869 0, 869 0,
870 256, 870 256,
871 256, 871 256,
@@ -878,7 +878,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
878 TLS1_TXT_DHE_RSA_WITH_AES_256_SHA, 878 TLS1_TXT_DHE_RSA_WITH_AES_256_SHA,
879 TLS1_CK_DHE_RSA_WITH_AES_256_SHA, 879 TLS1_CK_DHE_RSA_WITH_AES_256_SHA,
880 SSL_kEDH|SSL_aRSA|SSL_AES|SSL_SHA|SSL_TLSV1, 880 SSL_kEDH|SSL_aRSA|SSL_AES|SSL_SHA|SSL_TLSV1,
881 SSL_NOT_EXP|SSL_HIGH, 881 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
882 0, 882 0,
883 256, 883 256,
884 256, 884 256,
@@ -891,7 +891,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
891 TLS1_TXT_ADH_WITH_AES_256_SHA, 891 TLS1_TXT_ADH_WITH_AES_256_SHA,
892 TLS1_CK_ADH_WITH_AES_256_SHA, 892 TLS1_CK_ADH_WITH_AES_256_SHA,
893 SSL_kEDH|SSL_aNULL|SSL_AES|SSL_SHA|SSL_TLSV1, 893 SSL_kEDH|SSL_aNULL|SSL_AES|SSL_SHA|SSL_TLSV1,
894 SSL_NOT_EXP|SSL_HIGH, 894 SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
895 0, 895 0,
896 256, 896 256,
897 256, 897 256,
diff --git a/src/lib/libssl/src/ssl/s3_pkt.c b/src/lib/libssl/src/ssl/s3_pkt.c
index 44c7c143fe..72853a2e72 100644
--- a/src/lib/libssl/src/ssl/s3_pkt.c
+++ b/src/lib/libssl/src/ssl/s3_pkt.c
@@ -1225,6 +1225,13 @@ int ssl3_do_change_cipher_spec(SSL *s)
1225 1225
1226 if (s->s3->tmp.key_block == NULL) 1226 if (s->s3->tmp.key_block == NULL)
1227 { 1227 {
1228 if (s->session == NULL)
1229 {
1230 /* might happen if dtls1_read_bytes() calls this */
1231 SSLerr(SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC,SSL_R_CCS_RECEIVED_EARLY);
1232 return (0);
1233 }
1234
1228 s->session->cipher=s->s3->tmp.new_cipher; 1235 s->session->cipher=s->s3->tmp.new_cipher;
1229 if (!s->method->ssl3_enc->setup_key_block(s)) return(0); 1236 if (!s->method->ssl3_enc->setup_key_block(s)) return(0);
1230 } 1237 }
diff --git a/src/lib/libssl/src/ssl/s3_srvr.c b/src/lib/libssl/src/ssl/s3_srvr.c
index 903522ab59..398ce469d6 100644
--- a/src/lib/libssl/src/ssl/s3_srvr.c
+++ b/src/lib/libssl/src/ssl/s3_srvr.c
@@ -1172,13 +1172,13 @@ int ssl3_send_server_hello(SSL *s)
1172 *(d++)=SSL3_MT_SERVER_HELLO; 1172 *(d++)=SSL3_MT_SERVER_HELLO;
1173 l2n3(l,d); 1173 l2n3(l,d);
1174 1174
1175 s->state=SSL3_ST_CW_CLNT_HELLO_B; 1175 s->state=SSL3_ST_SW_SRVR_HELLO_B;
1176 /* number of bytes to write */ 1176 /* number of bytes to write */
1177 s->init_num=p-buf; 1177 s->init_num=p-buf;
1178 s->init_off=0; 1178 s->init_off=0;
1179 } 1179 }
1180 1180
1181 /* SSL3_ST_CW_CLNT_HELLO_B */ 1181 /* SSL3_ST_SW_SRVR_HELLO_B */
1182 return(ssl3_do_write(s,SSL3_RT_HANDSHAKE)); 1182 return(ssl3_do_write(s,SSL3_RT_HANDSHAKE));
1183 } 1183 }
1184 1184
@@ -1202,7 +1202,7 @@ int ssl3_send_server_done(SSL *s)
1202 s->init_off=0; 1202 s->init_off=0;
1203 } 1203 }
1204 1204
1205 /* SSL3_ST_CW_CLNT_HELLO_B */ 1205 /* SSL3_ST_SW_SRVR_DONE_B */
1206 return(ssl3_do_write(s,SSL3_RT_HANDSHAKE)); 1206 return(ssl3_do_write(s,SSL3_RT_HANDSHAKE));
1207 } 1207 }
1208 1208
@@ -1540,6 +1540,8 @@ int ssl3_send_server_key_exchange(SSL *s)
1540 j=0; 1540 j=0;
1541 for (num=2; num > 0; num--) 1541 for (num=2; num > 0; num--)
1542 { 1542 {
1543 EVP_MD_CTX_set_flags(&md_ctx,
1544 EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
1543 EVP_DigestInit_ex(&md_ctx,(num == 2) 1545 EVP_DigestInit_ex(&md_ctx,(num == 2)
1544 ?s->ctx->md5:s->ctx->sha1, NULL); 1546 ?s->ctx->md5:s->ctx->sha1, NULL);
1545 EVP_DigestUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE); 1547 EVP_DigestUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE);
diff --git a/src/lib/libssl/src/ssl/ssl.h b/src/lib/libssl/src/ssl/ssl.h
index 6df921f3c1..ff8a128d3c 100644
--- a/src/lib/libssl/src/ssl/ssl.h
+++ b/src/lib/libssl/src/ssl/ssl.h
@@ -252,6 +252,7 @@ extern "C" {
252#define SSL_TXT_LOW "LOW" 252#define SSL_TXT_LOW "LOW"
253#define SSL_TXT_MEDIUM "MEDIUM" 253#define SSL_TXT_MEDIUM "MEDIUM"
254#define SSL_TXT_HIGH "HIGH" 254#define SSL_TXT_HIGH "HIGH"
255#define SSL_TXT_FIPS "FIPS"
255#define SSL_TXT_kFZA "kFZA" 256#define SSL_TXT_kFZA "kFZA"
256#define SSL_TXT_aFZA "aFZA" 257#define SSL_TXT_aFZA "aFZA"
257#define SSL_TXT_eFZA "eFZA" 258#define SSL_TXT_eFZA "eFZA"
@@ -361,9 +362,6 @@ typedef struct ssl_cipher_st
361 362
362DECLARE_STACK_OF(SSL_CIPHER) 363DECLARE_STACK_OF(SSL_CIPHER)
363 364
364typedef struct ssl_st SSL;
365typedef struct ssl_ctx_st SSL_CTX;
366
367/* Used to hold functions for SSLv2 or SSLv3/TLSv1 functions */ 365/* Used to hold functions for SSLv2 or SSLv3/TLSv1 functions */
368typedef struct ssl_method_st 366typedef struct ssl_method_st
369 { 367 {
@@ -760,6 +758,12 @@ struct ssl_ctx_st
760 758
761 int quiet_shutdown; 759 int quiet_shutdown;
762 760
761#ifndef OPENSSL_ENGINE
762 /* Engine to pass requests for client certs to
763 */
764 ENGINE *client_cert_engine;
765#endif
766
763#ifndef OPENSSL_NO_TLSEXT 767#ifndef OPENSSL_NO_TLSEXT
764 /* TLS extensions servername callback */ 768 /* TLS extensions servername callback */
765 int (*tlsext_servername_callback)(SSL*, int *, void *); 769 int (*tlsext_servername_callback)(SSL*, int *, void *);
@@ -829,6 +833,9 @@ void SSL_CTX_set_info_callback(SSL_CTX *ctx, void (*cb)(const SSL *ssl,int type,
829void (*SSL_CTX_get_info_callback(SSL_CTX *ctx))(const SSL *ssl,int type,int val); 833void (*SSL_CTX_get_info_callback(SSL_CTX *ctx))(const SSL *ssl,int type,int val);
830void SSL_CTX_set_client_cert_cb(SSL_CTX *ctx, int (*client_cert_cb)(SSL *ssl, X509 **x509, EVP_PKEY **pkey)); 834void SSL_CTX_set_client_cert_cb(SSL_CTX *ctx, int (*client_cert_cb)(SSL *ssl, X509 **x509, EVP_PKEY **pkey));
831int (*SSL_CTX_get_client_cert_cb(SSL_CTX *ctx))(SSL *ssl, X509 **x509, EVP_PKEY **pkey); 835int (*SSL_CTX_get_client_cert_cb(SSL_CTX *ctx))(SSL *ssl, X509 **x509, EVP_PKEY **pkey);
836#ifndef OPENSSL_NO_ENGINE
837int SSL_CTX_set_client_cert_engine(SSL_CTX *ctx, ENGINE *e);
838#endif
832void SSL_CTX_set_cookie_generate_cb(SSL_CTX *ctx, int (*app_gen_cookie_cb)(SSL *ssl, unsigned char *cookie, unsigned int *cookie_len)); 839void SSL_CTX_set_cookie_generate_cb(SSL_CTX *ctx, int (*app_gen_cookie_cb)(SSL *ssl, unsigned char *cookie, unsigned int *cookie_len));
833void SSL_CTX_set_cookie_verify_cb(SSL_CTX *ctx, int (*app_verify_cookie_cb)(SSL *ssl, unsigned char *cookie, unsigned int cookie_len)); 840void SSL_CTX_set_cookie_verify_cb(SSL_CTX *ctx, int (*app_verify_cookie_cb)(SSL *ssl, unsigned char *cookie, unsigned int cookie_len));
834 841
@@ -1702,6 +1709,7 @@ void ERR_load_SSL_strings(void);
1702#define SSL_F_SSL3_CONNECT 132 1709#define SSL_F_SSL3_CONNECT 132
1703#define SSL_F_SSL3_CTRL 213 1710#define SSL_F_SSL3_CTRL 213
1704#define SSL_F_SSL3_CTX_CTRL 133 1711#define SSL_F_SSL3_CTX_CTRL 133
1712#define SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC 279
1705#define SSL_F_SSL3_ENC 134 1713#define SSL_F_SSL3_ENC 134
1706#define SSL_F_SSL3_GENERATE_KEY_BLOCK 238 1714#define SSL_F_SSL3_GENERATE_KEY_BLOCK 238
1707#define SSL_F_SSL3_GET_CERTIFICATE_REQUEST 135 1715#define SSL_F_SSL3_GET_CERTIFICATE_REQUEST 135
@@ -1755,6 +1763,7 @@ void ERR_load_SSL_strings(void);
1755#define SSL_F_SSL_CTX_CHECK_PRIVATE_KEY 168 1763#define SSL_F_SSL_CTX_CHECK_PRIVATE_KEY 168
1756#define SSL_F_SSL_CTX_NEW 169 1764#define SSL_F_SSL_CTX_NEW 169
1757#define SSL_F_SSL_CTX_SET_CIPHER_LIST 269 1765#define SSL_F_SSL_CTX_SET_CIPHER_LIST 269
1766#define SSL_F_SSL_CTX_SET_CLIENT_CERT_ENGINE 278
1758#define SSL_F_SSL_CTX_SET_PURPOSE 226 1767#define SSL_F_SSL_CTX_SET_PURPOSE 226
1759#define SSL_F_SSL_CTX_SET_SESSION_ID_CONTEXT 219 1768#define SSL_F_SSL_CTX_SET_SESSION_ID_CONTEXT 219
1760#define SSL_F_SSL_CTX_SET_SSL_VERSION 170 1769#define SSL_F_SSL_CTX_SET_SSL_VERSION 170
@@ -1935,6 +1944,7 @@ void ERR_load_SSL_strings(void);
1935#define SSL_R_NO_CIPHERS_SPECIFIED 183 1944#define SSL_R_NO_CIPHERS_SPECIFIED 183
1936#define SSL_R_NO_CIPHER_LIST 184 1945#define SSL_R_NO_CIPHER_LIST 184
1937#define SSL_R_NO_CIPHER_MATCH 185 1946#define SSL_R_NO_CIPHER_MATCH 185
1947#define SSL_R_NO_CLIENT_CERT_METHOD 317
1938#define SSL_R_NO_CLIENT_CERT_RECEIVED 186 1948#define SSL_R_NO_CLIENT_CERT_RECEIVED 186
1939#define SSL_R_NO_COMPRESSION_SPECIFIED 187 1949#define SSL_R_NO_COMPRESSION_SPECIFIED 187
1940#define SSL_R_NO_METHOD_SPECIFIED 188 1950#define SSL_R_NO_METHOD_SPECIFIED 188
diff --git a/src/lib/libssl/src/ssl/ssl_asn1.c b/src/lib/libssl/src/ssl/ssl_asn1.c
index 6e14f4d834..0f9a3489dd 100644
--- a/src/lib/libssl/src/ssl/ssl_asn1.c
+++ b/src/lib/libssl/src/ssl/ssl_asn1.c
@@ -353,7 +353,7 @@ SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp,
353 memcpy(ret->session_id,os.data,os.length); 353 memcpy(ret->session_id,os.data,os.length);
354 354
355 M_ASN1_D2I_get_x(ASN1_OCTET_STRING,osp,d2i_ASN1_OCTET_STRING); 355 M_ASN1_D2I_get_x(ASN1_OCTET_STRING,osp,d2i_ASN1_OCTET_STRING);
356 if (ret->master_key_length > SSL_MAX_MASTER_KEY_LENGTH) 356 if (os.length > SSL_MAX_MASTER_KEY_LENGTH)
357 ret->master_key_length=SSL_MAX_MASTER_KEY_LENGTH; 357 ret->master_key_length=SSL_MAX_MASTER_KEY_LENGTH;
358 else 358 else
359 ret->master_key_length=os.length; 359 ret->master_key_length=os.length;
diff --git a/src/lib/libssl/src/ssl/ssl_ciph.c b/src/lib/libssl/src/ssl/ssl_ciph.c
index 71b645da14..514292a03e 100644
--- a/src/lib/libssl/src/ssl/ssl_ciph.c
+++ b/src/lib/libssl/src/ssl/ssl_ciph.c
@@ -222,6 +222,7 @@ static const SSL_CIPHER cipher_aliases[]={
222 {0,SSL_TXT_LOW, 0, 0, SSL_LOW, 0,0,0,0,SSL_STRONG_MASK}, 222 {0,SSL_TXT_LOW, 0, 0, SSL_LOW, 0,0,0,0,SSL_STRONG_MASK},
223 {0,SSL_TXT_MEDIUM,0, 0,SSL_MEDIUM, 0,0,0,0,SSL_STRONG_MASK}, 223 {0,SSL_TXT_MEDIUM,0, 0,SSL_MEDIUM, 0,0,0,0,SSL_STRONG_MASK},
224 {0,SSL_TXT_HIGH, 0, 0, SSL_HIGH, 0,0,0,0,SSL_STRONG_MASK}, 224 {0,SSL_TXT_HIGH, 0, 0, SSL_HIGH, 0,0,0,0,SSL_STRONG_MASK},
225 {0,SSL_TXT_FIPS, 0, 0, SSL_FIPS, 0,0,0,0,SSL_FIPS|SSL_STRONG_NONE},
225 }; 226 };
226 227
227void ssl_load_ciphers(void) 228void ssl_load_ciphers(void)
@@ -515,7 +516,12 @@ static void ssl_cipher_collect_ciphers(const SSL_METHOD *ssl_method,
515 c = ssl_method->get_cipher(i); 516 c = ssl_method->get_cipher(i);
516#define IS_MASKED(c) ((c)->algorithms & (((c)->alg_bits == 256) ? m256 : mask)) 517#define IS_MASKED(c) ((c)->algorithms & (((c)->alg_bits == 256) ? m256 : mask))
517 /* drop those that use any of that is not available */ 518 /* drop those that use any of that is not available */
519#ifdef OPENSSL_FIPS
520 if ((c != NULL) && c->valid && !IS_MASKED(c)
521 && (!FIPS_mode() || (c->algo_strength & SSL_FIPS)))
522#else
518 if ((c != NULL) && c->valid && !IS_MASKED(c)) 523 if ((c != NULL) && c->valid && !IS_MASKED(c))
524#endif
519 { 525 {
520 co_list[co_list_num].cipher = c; 526 co_list[co_list_num].cipher = c;
521 co_list[co_list_num].next = NULL; 527 co_list[co_list_num].next = NULL;
@@ -1054,7 +1060,11 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
1054 */ 1060 */
1055 for (curr = head; curr != NULL; curr = curr->next) 1061 for (curr = head; curr != NULL; curr = curr->next)
1056 { 1062 {
1063#ifdef OPENSSL_FIPS
1064 if (curr->active && (!FIPS_mode() || curr->cipher->algo_strength & SSL_FIPS))
1065#else
1057 if (curr->active) 1066 if (curr->active)
1067#endif
1058 { 1068 {
1059 sk_SSL_CIPHER_push(cipherstack, curr->cipher); 1069 sk_SSL_CIPHER_push(cipherstack, curr->cipher);
1060#ifdef CIPHER_DEBUG 1070#ifdef CIPHER_DEBUG
diff --git a/src/lib/libssl/src/ssl/ssl_err.c b/src/lib/libssl/src/ssl/ssl_err.c
index 50779c1632..24a994fe01 100644
--- a/src/lib/libssl/src/ssl/ssl_err.c
+++ b/src/lib/libssl/src/ssl/ssl_err.c
@@ -1,6 +1,6 @@
1/* ssl/ssl_err.c */ 1/* ssl/ssl_err.c */
2/* ==================================================================== 2/* ====================================================================
3 * Copyright (c) 1999-2007 The OpenSSL Project. All rights reserved. 3 * Copyright (c) 1999-2008 The OpenSSL Project. All rights reserved.
4 * 4 *
5 * Redistribution and use in source and binary forms, with or without 5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions 6 * modification, are permitted provided that the following conditions
@@ -138,6 +138,7 @@ static ERR_STRING_DATA SSL_str_functs[]=
138{ERR_FUNC(SSL_F_SSL3_CONNECT), "SSL3_CONNECT"}, 138{ERR_FUNC(SSL_F_SSL3_CONNECT), "SSL3_CONNECT"},
139{ERR_FUNC(SSL_F_SSL3_CTRL), "SSL3_CTRL"}, 139{ERR_FUNC(SSL_F_SSL3_CTRL), "SSL3_CTRL"},
140{ERR_FUNC(SSL_F_SSL3_CTX_CTRL), "SSL3_CTX_CTRL"}, 140{ERR_FUNC(SSL_F_SSL3_CTX_CTRL), "SSL3_CTX_CTRL"},
141{ERR_FUNC(SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC), "SSL3_DO_CHANGE_CIPHER_SPEC"},
141{ERR_FUNC(SSL_F_SSL3_ENC), "SSL3_ENC"}, 142{ERR_FUNC(SSL_F_SSL3_ENC), "SSL3_ENC"},
142{ERR_FUNC(SSL_F_SSL3_GENERATE_KEY_BLOCK), "SSL3_GENERATE_KEY_BLOCK"}, 143{ERR_FUNC(SSL_F_SSL3_GENERATE_KEY_BLOCK), "SSL3_GENERATE_KEY_BLOCK"},
143{ERR_FUNC(SSL_F_SSL3_GET_CERTIFICATE_REQUEST), "SSL3_GET_CERTIFICATE_REQUEST"}, 144{ERR_FUNC(SSL_F_SSL3_GET_CERTIFICATE_REQUEST), "SSL3_GET_CERTIFICATE_REQUEST"},
@@ -191,6 +192,7 @@ static ERR_STRING_DATA SSL_str_functs[]=
191{ERR_FUNC(SSL_F_SSL_CTX_CHECK_PRIVATE_KEY), "SSL_CTX_check_private_key"}, 192{ERR_FUNC(SSL_F_SSL_CTX_CHECK_PRIVATE_KEY), "SSL_CTX_check_private_key"},
192{ERR_FUNC(SSL_F_SSL_CTX_NEW), "SSL_CTX_new"}, 193{ERR_FUNC(SSL_F_SSL_CTX_NEW), "SSL_CTX_new"},
193{ERR_FUNC(SSL_F_SSL_CTX_SET_CIPHER_LIST), "SSL_CTX_set_cipher_list"}, 194{ERR_FUNC(SSL_F_SSL_CTX_SET_CIPHER_LIST), "SSL_CTX_set_cipher_list"},
195{ERR_FUNC(SSL_F_SSL_CTX_SET_CLIENT_CERT_ENGINE), "SSL_CTX_set_client_cert_engine"},
194{ERR_FUNC(SSL_F_SSL_CTX_SET_PURPOSE), "SSL_CTX_set_purpose"}, 196{ERR_FUNC(SSL_F_SSL_CTX_SET_PURPOSE), "SSL_CTX_set_purpose"},
195{ERR_FUNC(SSL_F_SSL_CTX_SET_SESSION_ID_CONTEXT), "SSL_CTX_set_session_id_context"}, 197{ERR_FUNC(SSL_F_SSL_CTX_SET_SESSION_ID_CONTEXT), "SSL_CTX_set_session_id_context"},
196{ERR_FUNC(SSL_F_SSL_CTX_SET_SSL_VERSION), "SSL_CTX_set_ssl_version"}, 198{ERR_FUNC(SSL_F_SSL_CTX_SET_SSL_VERSION), "SSL_CTX_set_ssl_version"},
@@ -374,6 +376,7 @@ static ERR_STRING_DATA SSL_str_reasons[]=
374{ERR_REASON(SSL_R_NO_CIPHERS_SPECIFIED) ,"no ciphers specified"}, 376{ERR_REASON(SSL_R_NO_CIPHERS_SPECIFIED) ,"no ciphers specified"},
375{ERR_REASON(SSL_R_NO_CIPHER_LIST) ,"no cipher list"}, 377{ERR_REASON(SSL_R_NO_CIPHER_LIST) ,"no cipher list"},
376{ERR_REASON(SSL_R_NO_CIPHER_MATCH) ,"no cipher match"}, 378{ERR_REASON(SSL_R_NO_CIPHER_MATCH) ,"no cipher match"},
379{ERR_REASON(SSL_R_NO_CLIENT_CERT_METHOD) ,"no client cert method"},
377{ERR_REASON(SSL_R_NO_CLIENT_CERT_RECEIVED),"no client cert received"}, 380{ERR_REASON(SSL_R_NO_CLIENT_CERT_RECEIVED),"no client cert received"},
378{ERR_REASON(SSL_R_NO_COMPRESSION_SPECIFIED),"no compression specified"}, 381{ERR_REASON(SSL_R_NO_COMPRESSION_SPECIFIED),"no compression specified"},
379{ERR_REASON(SSL_R_NO_METHOD_SPECIFIED) ,"no method specified"}, 382{ERR_REASON(SSL_R_NO_METHOD_SPECIFIED) ,"no method specified"},
diff --git a/src/lib/libssl/src/ssl/ssl_lib.c b/src/lib/libssl/src/ssl/ssl_lib.c
index 31f6318357..1ac7d6f951 100644
--- a/src/lib/libssl/src/ssl/ssl_lib.c
+++ b/src/lib/libssl/src/ssl/ssl_lib.c
@@ -130,6 +130,9 @@
130#ifndef OPENSSL_NO_DH 130#ifndef OPENSSL_NO_DH
131#include <openssl/dh.h> 131#include <openssl/dh.h>
132#endif 132#endif
133#ifndef OPENSSL_NO_ENGINE
134#include <openssl/engine.h>
135#endif
133 136
134const char *SSL_version_str=OPENSSL_VERSION_TEXT; 137const char *SSL_version_str=OPENSSL_VERSION_TEXT;
135 138
@@ -1390,6 +1393,14 @@ SSL_CTX *SSL_CTX_new(SSL_METHOD *meth)
1390 return(NULL); 1393 return(NULL);
1391 } 1394 }
1392 1395
1396#ifdef OPENSSL_FIPS
1397 if (FIPS_mode() && (meth->version < TLS1_VERSION))
1398 {
1399 SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE);
1400 return NULL;
1401 }
1402#endif
1403
1393 if (SSL_get_ex_data_X509_STORE_CTX_idx() < 0) 1404 if (SSL_get_ex_data_X509_STORE_CTX_idx() < 0)
1394 { 1405 {
1395 SSLerr(SSL_F_SSL_CTX_NEW,SSL_R_X509_VERIFICATION_SETUP_PROBLEMS); 1406 SSLerr(SSL_F_SSL_CTX_NEW,SSL_R_X509_VERIFICATION_SETUP_PROBLEMS);
@@ -1510,6 +1521,27 @@ SSL_CTX *SSL_CTX_new(SSL_METHOD *meth)
1510 1521
1511#endif 1522#endif
1512 1523
1524#ifndef OPENSSL_NO_ENGINE
1525 ret->client_cert_engine = NULL;
1526#ifdef OPENSSL_SSL_CLIENT_ENGINE_AUTO
1527#define eng_strx(x) #x
1528#define eng_str(x) eng_strx(x)
1529 /* Use specific client engine automatically... ignore errors */
1530 {
1531 ENGINE *eng;
1532 eng = ENGINE_by_id(eng_str(OPENSSL_SSL_CLIENT_ENGINE_AUTO));
1533 if (!eng)
1534 {
1535 ERR_clear_error();
1536 ENGINE_load_builtin_engines();
1537 eng = ENGINE_by_id(eng_str(OPENSSL_SSL_CLIENT_ENGINE_AUTO));
1538 }
1539 if (!eng || !SSL_CTX_set_client_cert_engine(ret, eng))
1540 ERR_clear_error();
1541 }
1542#endif
1543#endif
1544
1513 return(ret); 1545 return(ret);
1514err: 1546err:
1515 SSLerr(SSL_F_SSL_CTX_NEW,ERR_R_MALLOC_FAILURE); 1547 SSLerr(SSL_F_SSL_CTX_NEW,ERR_R_MALLOC_FAILURE);
@@ -1580,6 +1612,10 @@ void SSL_CTX_free(SSL_CTX *a)
1580#else 1612#else
1581 a->comp_methods = NULL; 1613 a->comp_methods = NULL;
1582#endif 1614#endif
1615#ifndef OPENSSL_NO_ENGINE
1616 if (a->client_cert_engine)
1617 ENGINE_finish(a->client_cert_engine);
1618#endif
1583 OPENSSL_free(a); 1619 OPENSSL_free(a);
1584 } 1620 }
1585 1621
diff --git a/src/lib/libssl/src/ssl/ssl_locl.h b/src/lib/libssl/src/ssl/ssl_locl.h
index de94c0d0c7..735db39713 100644
--- a/src/lib/libssl/src/ssl/ssl_locl.h
+++ b/src/lib/libssl/src/ssl/ssl_locl.h
@@ -330,8 +330,9 @@
330#define SSL_LOW 0x00000020L 330#define SSL_LOW 0x00000020L
331#define SSL_MEDIUM 0x00000040L 331#define SSL_MEDIUM 0x00000040L
332#define SSL_HIGH 0x00000080L 332#define SSL_HIGH 0x00000080L
333#define SSL_FIPS 0x00000100L
333 334
334/* we have used 000000ff - 24 bits left to go */ 335/* we have used 000001ff - 23 bits left to go */
335 336
336/* 337/*
337 * Macros to check the export status and cipher strength for export ciphers. 338 * Macros to check the export status and cipher strength for export ciphers.
@@ -874,6 +875,7 @@ int ssl3_get_new_session_ticket(SSL *s);
874int ssl3_get_cert_status(SSL *s); 875int ssl3_get_cert_status(SSL *s);
875int ssl3_get_server_done(SSL *s); 876int ssl3_get_server_done(SSL *s);
876int ssl3_send_client_verify(SSL *s); 877int ssl3_send_client_verify(SSL *s);
878int ssl_do_client_cert_cb(SSL *s, X509 **px509, EVP_PKEY **ppkey);
877int ssl3_send_client_certificate(SSL *s); 879int ssl3_send_client_certificate(SSL *s);
878int ssl3_send_client_key_exchange(SSL *s); 880int ssl3_send_client_key_exchange(SSL *s);
879int ssl3_get_key_exchange(SSL *s); 881int ssl3_get_key_exchange(SSL *s);
diff --git a/src/lib/libssl/src/ssl/ssl_sess.c b/src/lib/libssl/src/ssl/ssl_sess.c
index ee88be2b88..8391d62212 100644
--- a/src/lib/libssl/src/ssl/ssl_sess.c
+++ b/src/lib/libssl/src/ssl/ssl_sess.c
@@ -59,6 +59,9 @@
59#include <stdio.h> 59#include <stdio.h>
60#include <openssl/lhash.h> 60#include <openssl/lhash.h>
61#include <openssl/rand.h> 61#include <openssl/rand.h>
62#ifndef OPENSSL_NO_ENGINE
63#include <openssl/engine.h>
64#endif
62#include "ssl_locl.h" 65#include "ssl_locl.h"
63 66
64static void SSL_SESSION_list_remove(SSL_CTX *ctx, SSL_SESSION *s); 67static void SSL_SESSION_list_remove(SSL_CTX *ctx, SSL_SESSION *s);
@@ -870,6 +873,25 @@ int (*SSL_CTX_get_client_cert_cb(SSL_CTX *ctx))(SSL * ssl, X509 ** x509 , EVP_PK
870 return ctx->client_cert_cb; 873 return ctx->client_cert_cb;
871 } 874 }
872 875
876#ifndef OPENSSL_NO_ENGINE
877int SSL_CTX_set_client_cert_engine(SSL_CTX *ctx, ENGINE *e)
878 {
879 if (!ENGINE_init(e))
880 {
881 SSLerr(SSL_F_SSL_CTX_SET_CLIENT_CERT_ENGINE, ERR_R_ENGINE_LIB);
882 return 0;
883 }
884 if(!ENGINE_get_ssl_client_cert_function(e))
885 {
886 SSLerr(SSL_F_SSL_CTX_SET_CLIENT_CERT_ENGINE, SSL_R_NO_CLIENT_CERT_METHOD);
887 ENGINE_finish(e);
888 return 0;
889 }
890 ctx->client_cert_engine = e;
891 return 1;
892 }
893#endif
894
873void SSL_CTX_set_cookie_generate_cb(SSL_CTX *ctx, 895void SSL_CTX_set_cookie_generate_cb(SSL_CTX *ctx,
874 int (*cb)(SSL *ssl, unsigned char *cookie, unsigned int *cookie_len)) 896 int (*cb)(SSL *ssl, unsigned char *cookie, unsigned int *cookie_len))
875 { 897 {
diff --git a/src/lib/libssl/src/ssl/ssltest.c b/src/lib/libssl/src/ssl/ssltest.c
index e786b428cd..f409f3dc76 100644
--- a/src/lib/libssl/src/ssl/ssltest.c
+++ b/src/lib/libssl/src/ssl/ssltest.c
@@ -231,6 +231,9 @@ static void sv_usage(void)
231 { 231 {
232 fprintf(stderr,"usage: ssltest [args ...]\n"); 232 fprintf(stderr,"usage: ssltest [args ...]\n");
233 fprintf(stderr,"\n"); 233 fprintf(stderr,"\n");
234#ifdef OPENSSL_FIPS
235 fprintf(stderr,"-F - run test in FIPS mode\n");
236#endif
234 fprintf(stderr," -server_auth - check server certificate\n"); 237 fprintf(stderr," -server_auth - check server certificate\n");
235 fprintf(stderr," -client_auth - do client authentication\n"); 238 fprintf(stderr," -client_auth - do client authentication\n");
236 fprintf(stderr," -proxy - allow proxy certificates\n"); 239 fprintf(stderr," -proxy - allow proxy certificates\n");
@@ -412,7 +415,7 @@ int main(int argc, char *argv[])
412 long bytes=256L; 415 long bytes=256L;
413#ifndef OPENSSL_NO_DH 416#ifndef OPENSSL_NO_DH
414 DH *dh; 417 DH *dh;
415 int dhe1024 = 0, dhe1024dsa = 0; 418 int dhe1024 = 1, dhe1024dsa = 0;
416#endif 419#endif
417#ifndef OPENSSL_NO_ECDH 420#ifndef OPENSSL_NO_ECDH
418 EC_KEY *ecdh = NULL; 421 EC_KEY *ecdh = NULL;
@@ -427,6 +430,9 @@ int main(int argc, char *argv[])
427#endif 430#endif
428 STACK_OF(SSL_COMP) *ssl_comp_methods = NULL; 431 STACK_OF(SSL_COMP) *ssl_comp_methods = NULL;
429 int test_cipherlist = 0; 432 int test_cipherlist = 0;
433#ifdef OPENSSL_FIPS
434 int fips_mode=0;
435#endif
430 436
431 verbose = 0; 437 verbose = 0;
432 debug = 0; 438 debug = 0;
@@ -458,7 +464,16 @@ int main(int argc, char *argv[])
458 464
459 while (argc >= 1) 465 while (argc >= 1)
460 { 466 {
461 if (strcmp(*argv,"-server_auth") == 0) 467 if(!strcmp(*argv,"-F"))
468 {
469#ifdef OPENSSL_FIPS
470 fips_mode=1;
471#else
472 fprintf(stderr,"not compiled with FIPS support, so exitting without running.\n");
473 EXIT(0);
474#endif
475 }
476 else if (strcmp(*argv,"-server_auth") == 0)
462 server_auth=1; 477 server_auth=1;
463 else if (strcmp(*argv,"-client_auth") == 0) 478 else if (strcmp(*argv,"-client_auth") == 0)
464 client_auth=1; 479 client_auth=1;
@@ -640,6 +655,20 @@ bad:
640 EXIT(1); 655 EXIT(1);
641 } 656 }
642 657
658#ifdef OPENSSL_FIPS
659 if(fips_mode)
660 {
661 if(!FIPS_mode_set(1))
662 {
663 ERR_load_crypto_strings();
664 ERR_print_errors(BIO_new_fp(stderr,BIO_NOCLOSE));
665 EXIT(1);
666 }
667 else
668 fprintf(stderr,"*** IN FIPS MODE ***\n");
669 }
670#endif
671
643 if (print_time) 672 if (print_time)
644 { 673 {
645 if (!bio_pair) 674 if (!bio_pair)
@@ -2061,15 +2090,7 @@ static int MS_CALLBACK app_verify_callback(X509_STORE_CTX *ctx, void *arg)
2061 } 2090 }
2062 2091
2063#ifndef OPENSSL_NO_X509_VERIFY 2092#ifndef OPENSSL_NO_X509_VERIFY
2064# ifdef OPENSSL_FIPS
2065 if(s->version == TLS1_VERSION)
2066 FIPS_allow_md5(1);
2067# endif
2068 ok = X509_verify_cert(ctx); 2093 ok = X509_verify_cert(ctx);
2069# ifdef OPENSSL_FIPS
2070 if(s->version == TLS1_VERSION)
2071 FIPS_allow_md5(0);
2072# endif
2073#endif 2094#endif
2074 2095
2075 if (cb_arg->proxy_auth) 2096 if (cb_arg->proxy_auth)
diff --git a/src/lib/libssl/src/ssl/t1_enc.c b/src/lib/libssl/src/ssl/t1_enc.c
index ed5a4a7255..3c4dec76d7 100644
--- a/src/lib/libssl/src/ssl/t1_enc.c
+++ b/src/lib/libssl/src/ssl/t1_enc.c
@@ -131,6 +131,8 @@ static void tls1_P_hash(const EVP_MD *md, const unsigned char *sec,
131 131
132 HMAC_CTX_init(&ctx); 132 HMAC_CTX_init(&ctx);
133 HMAC_CTX_init(&ctx_tmp); 133 HMAC_CTX_init(&ctx_tmp);
134 HMAC_CTX_set_flags(&ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
135 HMAC_CTX_set_flags(&ctx_tmp, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
134 HMAC_Init_ex(&ctx,sec,sec_len,md, NULL); 136 HMAC_Init_ex(&ctx,sec,sec_len,md, NULL);
135 HMAC_Init_ex(&ctx_tmp,sec,sec_len,md, NULL); 137 HMAC_Init_ex(&ctx_tmp,sec,sec_len,md, NULL);
136 HMAC_Update(&ctx,seed,seed_len); 138 HMAC_Update(&ctx,seed,seed_len);
@@ -852,8 +854,10 @@ int tls1_alert_code(int code)
852 case SSL_AD_INTERNAL_ERROR: return(TLS1_AD_INTERNAL_ERROR); 854 case SSL_AD_INTERNAL_ERROR: return(TLS1_AD_INTERNAL_ERROR);
853 case SSL_AD_USER_CANCELLED: return(TLS1_AD_USER_CANCELLED); 855 case SSL_AD_USER_CANCELLED: return(TLS1_AD_USER_CANCELLED);
854 case SSL_AD_NO_RENEGOTIATION: return(TLS1_AD_NO_RENEGOTIATION); 856 case SSL_AD_NO_RENEGOTIATION: return(TLS1_AD_NO_RENEGOTIATION);
857#ifdef DTLS1_AD_MISSING_HANDSHAKE_MESSAGE
855 case DTLS1_AD_MISSING_HANDSHAKE_MESSAGE: return 858 case DTLS1_AD_MISSING_HANDSHAKE_MESSAGE: return
856 (DTLS1_AD_MISSING_HANDSHAKE_MESSAGE); 859 (DTLS1_AD_MISSING_HANDSHAKE_MESSAGE);
860#endif
857 default: return(-1); 861 default: return(-1);
858 } 862 }
859 } 863 }
diff --git a/src/lib/libssl/src/ssl/t1_lib.c b/src/lib/libssl/src/ssl/t1_lib.c
index 35f04afa4a..9ce726996d 100644
--- a/src/lib/libssl/src/ssl/t1_lib.c
+++ b/src/lib/libssl/src/ssl/t1_lib.c
@@ -734,6 +734,13 @@ int tls1_process_ticket(SSL *s, unsigned char *session_id, int len,
734 /* Point after session ID in client hello */ 734 /* Point after session ID in client hello */
735 const unsigned char *p = session_id + len; 735 const unsigned char *p = session_id + len;
736 unsigned short i; 736 unsigned short i;
737
738 /* If tickets disabled behave as if no ticket present
739 * to permit stateful resumption.
740 */
741 if (SSL_get_options(s) & SSL_OP_NO_TICKET)
742 return 1;
743
737 if ((s->version <= SSL3_VERSION) || !limit) 744 if ((s->version <= SSL3_VERSION) || !limit)
738 return 1; 745 return 1;
739 if (p >= limit) 746 if (p >= limit)
@@ -761,12 +768,7 @@ int tls1_process_ticket(SSL *s, unsigned char *session_id, int len,
761 return 1; 768 return 1;
762 if (type == TLSEXT_TYPE_session_ticket) 769 if (type == TLSEXT_TYPE_session_ticket)
763 { 770 {
764 /* If tickets disabled indicate cache miss which will 771 /* If zero length note client will accept a ticket
765 * trigger a full handshake
766 */
767 if (SSL_get_options(s) & SSL_OP_NO_TICKET)
768 return 0;
769 /* If zero length not client will accept a ticket
770 * and indicate cache miss to trigger full handshake 772 * and indicate cache miss to trigger full handshake
771 */ 773 */
772 if (size == 0) 774 if (size == 0)
diff --git a/src/lib/libssl/src/test/Makefile b/src/lib/libssl/src/test/Makefile
index 62f9b86052..3e58351cb9 100644
--- a/src/lib/libssl/src/test/Makefile
+++ b/src/lib/libssl/src/test/Makefile
@@ -185,7 +185,7 @@ test_rand:
185 ../util/shlib_wrap.sh ./$(RANDTEST) 185 ../util/shlib_wrap.sh ./$(RANDTEST)
186 186
187test_enc: 187test_enc:
188 @sh ./testenc 188 sh ./testenc
189 189
190test_x509: 190test_x509:
191 echo test normal x509v1 certificate 191 echo test normal x509v1 certificate
@@ -476,41 +476,58 @@ ecdhtest.o: ../include/openssl/rand.h ../include/openssl/safestack.h
476ecdhtest.o: ../include/openssl/sha.h ../include/openssl/stack.h 476ecdhtest.o: ../include/openssl/sha.h ../include/openssl/stack.h
477ecdhtest.o: ../include/openssl/symhacks.h ecdhtest.c 477ecdhtest.o: ../include/openssl/symhacks.h ecdhtest.c
478ecdsatest.o: ../include/openssl/asn1.h ../include/openssl/bio.h 478ecdsatest.o: ../include/openssl/asn1.h ../include/openssl/bio.h
479ecdsatest.o: ../include/openssl/bn.h ../include/openssl/crypto.h 479ecdsatest.o: ../include/openssl/bn.h ../include/openssl/buffer.h
480ecdsatest.o: ../include/openssl/e_os2.h ../include/openssl/ec.h 480ecdsatest.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
481ecdsatest.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
481ecdsatest.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h 482ecdsatest.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
482ecdsatest.o: ../include/openssl/err.h ../include/openssl/evp.h 483ecdsatest.o: ../include/openssl/err.h ../include/openssl/evp.h
483ecdsatest.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h 484ecdsatest.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
484ecdsatest.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h 485ecdsatest.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
485ecdsatest.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h 486ecdsatest.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
486ecdsatest.o: ../include/openssl/rand.h ../include/openssl/safestack.h 487ecdsatest.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
488ecdsatest.o: ../include/openssl/safestack.h ../include/openssl/sha.h
487ecdsatest.o: ../include/openssl/stack.h ../include/openssl/symhacks.h 489ecdsatest.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
490ecdsatest.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
488ecdsatest.o: ecdsatest.c 491ecdsatest.o: ecdsatest.c
489ectest.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h 492ectest.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
490ectest.o: ../include/openssl/bn.h ../include/openssl/crypto.h 493ectest.o: ../include/openssl/bn.h ../include/openssl/buffer.h
491ectest.o: ../include/openssl/e_os2.h ../include/openssl/ec.h 494ectest.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
492ectest.o: ../include/openssl/engine.h ../include/openssl/err.h 495ectest.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
496ectest.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
497ectest.o: ../include/openssl/err.h ../include/openssl/evp.h
493ectest.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h 498ectest.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
494ectest.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h 499ectest.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
495ectest.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h 500ectest.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
496ectest.o: ../include/openssl/rand.h ../include/openssl/safestack.h 501ectest.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
497ectest.o: ../include/openssl/stack.h ../include/openssl/symhacks.h ectest.c 502ectest.o: ../include/openssl/safestack.h ../include/openssl/sha.h
498enginetest.o: ../include/openssl/bio.h ../include/openssl/buffer.h 503ectest.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
499enginetest.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h 504ectest.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ectest.c
505enginetest.o: ../include/openssl/asn1.h ../include/openssl/bio.h
506enginetest.o: ../include/openssl/buffer.h ../include/openssl/crypto.h
507enginetest.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
508enginetest.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
500enginetest.o: ../include/openssl/engine.h ../include/openssl/err.h 509enginetest.o: ../include/openssl/engine.h ../include/openssl/err.h
501enginetest.o: ../include/openssl/lhash.h ../include/openssl/opensslconf.h 510enginetest.o: ../include/openssl/evp.h ../include/openssl/lhash.h
502enginetest.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h 511enginetest.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
503enginetest.o: ../include/openssl/safestack.h ../include/openssl/stack.h 512enginetest.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
504enginetest.o: ../include/openssl/symhacks.h enginetest.c 513enginetest.o: ../include/openssl/ossl_typ.h ../include/openssl/pkcs7.h
514enginetest.o: ../include/openssl/safestack.h ../include/openssl/sha.h
515enginetest.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
516enginetest.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
517enginetest.o: enginetest.c
505evp_test.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h 518evp_test.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
506evp_test.o: ../include/openssl/conf.h ../include/openssl/crypto.h 519evp_test.o: ../include/openssl/buffer.h ../include/openssl/conf.h
507evp_test.o: ../include/openssl/e_os2.h ../include/openssl/engine.h 520evp_test.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
521evp_test.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
522evp_test.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
508evp_test.o: ../include/openssl/err.h ../include/openssl/evp.h 523evp_test.o: ../include/openssl/err.h ../include/openssl/evp.h
509evp_test.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h 524evp_test.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
510evp_test.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h 525evp_test.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
511evp_test.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h 526evp_test.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
512evp_test.o: ../include/openssl/safestack.h ../include/openssl/stack.h 527evp_test.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h
513evp_test.o: ../include/openssl/symhacks.h evp_test.c 528evp_test.o: ../include/openssl/sha.h ../include/openssl/stack.h
529evp_test.o: ../include/openssl/symhacks.h ../include/openssl/x509.h
530evp_test.o: ../include/openssl/x509_vfy.h evp_test.c
514exptest.o: ../e_os.h ../include/openssl/bio.h ../include/openssl/bn.h 531exptest.o: ../e_os.h ../include/openssl/bio.h ../include/openssl/bn.h
515exptest.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h 532exptest.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
516exptest.o: ../include/openssl/err.h ../include/openssl/lhash.h 533exptest.o: ../include/openssl/err.h ../include/openssl/lhash.h
@@ -607,17 +624,17 @@ ssltest.o: ../include/openssl/dsa.h ../include/openssl/dtls1.h
607ssltest.o: ../include/openssl/e_os2.h ../include/openssl/ec.h 624ssltest.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
608ssltest.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h 625ssltest.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
609ssltest.o: ../include/openssl/engine.h ../include/openssl/err.h 626ssltest.o: ../include/openssl/engine.h ../include/openssl/err.h
610ssltest.o: ../include/openssl/evp.h ../include/openssl/kssl.h 627ssltest.o: ../include/openssl/evp.h ../include/openssl/hmac.h
611ssltest.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h 628ssltest.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
612ssltest.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h 629ssltest.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
613ssltest.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h 630ssltest.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
614ssltest.o: ../include/openssl/pem.h ../include/openssl/pem2.h 631ssltest.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
615ssltest.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h 632ssltest.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
616ssltest.o: ../include/openssl/pqueue.h ../include/openssl/rand.h 633ssltest.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h
617ssltest.o: ../include/openssl/rsa.h ../include/openssl/safestack.h 634ssltest.o: ../include/openssl/rand.h ../include/openssl/rsa.h
618ssltest.o: ../include/openssl/sha.h ../include/openssl/ssl.h 635ssltest.o: ../include/openssl/safestack.h ../include/openssl/sha.h
619ssltest.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h 636ssltest.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
620ssltest.o: ../include/openssl/ssl3.h ../include/openssl/stack.h 637ssltest.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
621ssltest.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h 638ssltest.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
622ssltest.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h 639ssltest.o: ../include/openssl/tls1.h ../include/openssl/x509.h
623ssltest.o: ../include/openssl/x509v3.h ssltest.c 640ssltest.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h ssltest.c
diff --git a/src/lib/libssl/src/util/libeay.num b/src/lib/libssl/src/util/libeay.num
index 2989500c4b..62664f3c37 100644
--- a/src/lib/libssl/src/util/libeay.num
+++ b/src/lib/libssl/src/util/libeay.num
@@ -725,7 +725,7 @@ d2i_DSAPublicKey 731 EXIST::FUNCTION:DSA
725d2i_DSAparams 732 EXIST::FUNCTION:DSA 725d2i_DSAparams 732 EXIST::FUNCTION:DSA
726d2i_NETSCAPE_SPKAC 733 EXIST::FUNCTION: 726d2i_NETSCAPE_SPKAC 733 EXIST::FUNCTION:
727d2i_NETSCAPE_SPKI 734 EXIST::FUNCTION: 727d2i_NETSCAPE_SPKI 734 EXIST::FUNCTION:
728d2i_Netscape_RSA 735 EXIST::FUNCTION:RSA 728d2i_Netscape_RSA 735 EXIST::FUNCTION:RC4,RSA
729d2i_PKCS7 736 EXIST::FUNCTION: 729d2i_PKCS7 736 EXIST::FUNCTION:
730d2i_PKCS7_DIGEST 737 EXIST::FUNCTION: 730d2i_PKCS7_DIGEST 737 EXIST::FUNCTION:
731d2i_PKCS7_ENCRYPT 738 EXIST::FUNCTION: 731d2i_PKCS7_ENCRYPT 738 EXIST::FUNCTION:
@@ -827,7 +827,7 @@ i2d_DSAPublicKey 834 EXIST::FUNCTION:DSA
827i2d_DSAparams 835 EXIST::FUNCTION:DSA 827i2d_DSAparams 835 EXIST::FUNCTION:DSA
828i2d_NETSCAPE_SPKAC 836 EXIST::FUNCTION: 828i2d_NETSCAPE_SPKAC 836 EXIST::FUNCTION:
829i2d_NETSCAPE_SPKI 837 EXIST::FUNCTION: 829i2d_NETSCAPE_SPKI 837 EXIST::FUNCTION:
830i2d_Netscape_RSA 838 EXIST::FUNCTION:RSA 830i2d_Netscape_RSA 838 EXIST::FUNCTION:RC4,RSA
831i2d_PKCS7 839 EXIST::FUNCTION: 831i2d_PKCS7 839 EXIST::FUNCTION:
832i2d_PKCS7_DIGEST 840 EXIST::FUNCTION: 832i2d_PKCS7_DIGEST 840 EXIST::FUNCTION:
833i2d_PKCS7_ENCRYPT 841 EXIST::FUNCTION: 833i2d_PKCS7_ENCRYPT 841 EXIST::FUNCTION:
@@ -1814,9 +1814,9 @@ RAND_egd_bytes 2402 EXIST::FUNCTION:
1814X509_REQ_get1_email 2403 EXIST::FUNCTION: 1814X509_REQ_get1_email 2403 EXIST::FUNCTION:
1815X509_get1_email 2404 EXIST::FUNCTION: 1815X509_get1_email 2404 EXIST::FUNCTION:
1816X509_email_free 2405 EXIST::FUNCTION: 1816X509_email_free 2405 EXIST::FUNCTION:
1817i2d_RSA_NET 2406 EXIST::FUNCTION:RSA 1817i2d_RSA_NET 2406 EXIST::FUNCTION:RC4,RSA
1818d2i_RSA_NET_2 2407 NOEXIST::FUNCTION: 1818d2i_RSA_NET_2 2407 NOEXIST::FUNCTION:
1819d2i_RSA_NET 2408 EXIST::FUNCTION:RSA 1819d2i_RSA_NET 2408 EXIST::FUNCTION:RC4,RSA
1820DSO_bind_func 2409 EXIST::FUNCTION: 1820DSO_bind_func 2409 EXIST::FUNCTION:
1821CRYPTO_get_new_dynlockid 2410 EXIST::FUNCTION: 1821CRYPTO_get_new_dynlockid 2410 EXIST::FUNCTION:
1822sk_new_null 2411 EXIST::FUNCTION: 1822sk_new_null 2411 EXIST::FUNCTION:
@@ -2843,7 +2843,7 @@ FIPS_selftest_failed 3284 NOEXIST::FUNCTION:
2843sk_is_sorted 3285 EXIST::FUNCTION: 2843sk_is_sorted 3285 EXIST::FUNCTION:
2844X509_check_ca 3286 EXIST::FUNCTION: 2844X509_check_ca 3286 EXIST::FUNCTION:
2845private_idea_set_encrypt_key 3287 NOEXIST::FUNCTION: 2845private_idea_set_encrypt_key 3287 NOEXIST::FUNCTION:
2846HMAC_CTX_set_flags 3288 NOEXIST::FUNCTION: 2846HMAC_CTX_set_flags 3288 EXIST::FUNCTION:HMAC
2847private_SHA_Init 3289 NOEXIST::FUNCTION: 2847private_SHA_Init 3289 NOEXIST::FUNCTION:
2848private_CAST_set_key 3290 NOEXIST::FUNCTION: 2848private_CAST_set_key 3290 NOEXIST::FUNCTION:
2849private_RIPEMD160_Init 3291 NOEXIST::FUNCTION: 2849private_RIPEMD160_Init 3291 NOEXIST::FUNCTION:
@@ -3652,3 +3652,51 @@ CMS_set1_eContentType 4040 EXIST::FUNCTION:CMS
3652CMS_ReceiptRequest_create0 4041 EXIST::FUNCTION:CMS 3652CMS_ReceiptRequest_create0 4041 EXIST::FUNCTION:CMS
3653CMS_add1_signer 4042 EXIST::FUNCTION:CMS 3653CMS_add1_signer 4042 EXIST::FUNCTION:CMS
3654CMS_RecipientInfo_set0_pkey 4043 EXIST::FUNCTION:CMS 3654CMS_RecipientInfo_set0_pkey 4043 EXIST::FUNCTION:CMS
3655ENGINE_set_load_ssl_client_cert_function 4044 EXIST::FUNCTION:ENGINE
3656ENGINE_get_ssl_client_cert_function 4045 EXIST::FUNCTION:ENGINE
3657ENGINE_load_ssl_client_cert 4046 EXIST::FUNCTION:ENGINE
3658ENGINE_load_capi 4047 EXIST::FUNCTION:CAPIENG,ENGINE
3659OPENSSL_isservice 4048 EXIST::FUNCTION:
3660FIPS_dsa_sig_decode 4049 NOEXIST::FUNCTION:
3661EVP_CIPHER_CTX_clear_flags 4050 NOEXIST::FUNCTION:
3662FIPS_rand_status 4051 NOEXIST::FUNCTION:
3663FIPS_rand_set_key 4052 NOEXIST::FUNCTION:
3664CRYPTO_set_mem_info_functions 4053 NOEXIST::FUNCTION:
3665RSA_X931_generate_key_ex 4054 NOEXIST::FUNCTION:
3666int_ERR_set_state_func 4055 NOEXIST::FUNCTION:
3667int_EVP_MD_set_engine_callbacks 4056 NOEXIST::FUNCTION:
3668int_CRYPTO_set_do_dynlock_callback 4057 NOEXIST::FUNCTION:
3669FIPS_rng_stick 4058 NOEXIST::FUNCTION:
3670EVP_CIPHER_CTX_set_flags 4059 NOEXIST::FUNCTION:
3671BN_X931_generate_prime_ex 4060 NOEXIST::FUNCTION:
3672FIPS_selftest_check 4061 NOEXIST::FUNCTION:
3673FIPS_rand_set_dt 4062 NOEXIST::FUNCTION:
3674CRYPTO_dbg_pop_info 4063 NOEXIST::FUNCTION:
3675FIPS_dsa_free 4064 NOEXIST::FUNCTION:
3676RSA_X931_derive_ex 4065 NOEXIST::FUNCTION:
3677FIPS_rsa_new 4066 NOEXIST::FUNCTION:
3678FIPS_rand_bytes 4067 NOEXIST::FUNCTION:
3679fips_cipher_test 4068 NOEXIST::FUNCTION:
3680EVP_CIPHER_CTX_test_flags 4069 NOEXIST::FUNCTION:
3681CRYPTO_malloc_debug_init 4070 NOEXIST::FUNCTION:
3682CRYPTO_dbg_push_info 4071 NOEXIST::FUNCTION:
3683FIPS_corrupt_rsa_keygen 4072 NOEXIST::FUNCTION:
3684FIPS_dh_new 4073 NOEXIST::FUNCTION:
3685FIPS_corrupt_dsa_keygen 4074 NOEXIST::FUNCTION:
3686FIPS_dh_free 4075 NOEXIST::FUNCTION:
3687fips_pkey_signature_test 4076 NOEXIST::FUNCTION:
3688EVP_add_alg_module 4077 NOEXIST::FUNCTION:
3689int_RAND_init_engine_callbacks 4078 NOEXIST::FUNCTION:
3690int_EVP_CIPHER_set_engine_callbacks 4079 NOEXIST::FUNCTION:
3691int_EVP_MD_init_engine_callbacks 4080 NOEXIST::FUNCTION:
3692FIPS_rand_test_mode 4081 NOEXIST::FUNCTION:
3693FIPS_rand_reset 4082 NOEXIST::FUNCTION:
3694FIPS_dsa_new 4083 NOEXIST::FUNCTION:
3695int_RAND_set_callbacks 4084 NOEXIST::FUNCTION:
3696BN_X931_derive_prime_ex 4085 NOEXIST::FUNCTION:
3697int_ERR_lib_init 4086 NOEXIST::FUNCTION:
3698int_EVP_CIPHER_init_engine_callbacks 4087 NOEXIST::FUNCTION:
3699FIPS_rsa_free 4088 NOEXIST::FUNCTION:
3700FIPS_dsa_sig_encode 4089 NOEXIST::FUNCTION:
3701CRYPTO_dbg_remove_all_info 4090 NOEXIST::FUNCTION:
3702OPENSSL_init 4091 NOEXIST::FUNCTION:
diff --git a/src/lib/libssl/src/util/mk1mf.pl b/src/lib/libssl/src/util/mk1mf.pl
index 1ac5fd3a50..7ba804ce33 100644
--- a/src/lib/libssl/src/util/mk1mf.pl
+++ b/src/lib/libssl/src/util/mk1mf.pl
@@ -221,6 +221,7 @@ $cflags.=" -DOPENSSL_NO_SSL2" if $no_ssl2;
221$cflags.=" -DOPENSSL_NO_SSL3" if $no_ssl3; 221$cflags.=" -DOPENSSL_NO_SSL3" if $no_ssl3;
222$cflags.=" -DOPENSSL_NO_TLSEXT" if $no_tlsext; 222$cflags.=" -DOPENSSL_NO_TLSEXT" if $no_tlsext;
223$cflags.=" -DOPENSSL_NO_CMS" if $no_cms; 223$cflags.=" -DOPENSSL_NO_CMS" if $no_cms;
224$cflags.=" -DOPENSSL_NO_CAPIENG" if $no_capieng;
224$cflags.=" -DOPENSSL_NO_ERR" if $no_err; 225$cflags.=" -DOPENSSL_NO_ERR" if $no_err;
225$cflags.=" -DOPENSSL_NO_KRB5" if $no_krb5; 226$cflags.=" -DOPENSSL_NO_KRB5" if $no_krb5;
226$cflags.=" -DOPENSSL_NO_EC" if $no_ec; 227$cflags.=" -DOPENSSL_NO_EC" if $no_ec;
@@ -1017,6 +1018,7 @@ sub read_options
1017 "no-ssl3" => \$no_ssl3, 1018 "no-ssl3" => \$no_ssl3,
1018 "no-tlsext" => \$no_tlsext, 1019 "no-tlsext" => \$no_tlsext,
1019 "no-cms" => \$no_cms, 1020 "no-cms" => \$no_cms,
1021 "no-capieng" => \$no_capieng,
1020 "no-err" => \$no_err, 1022 "no-err" => \$no_err,
1021 "no-sock" => \$no_sock, 1023 "no-sock" => \$no_sock,
1022 "no-krb5" => \$no_krb5, 1024 "no-krb5" => \$no_krb5,
@@ -1100,7 +1102,7 @@ sub read_options
1100 } 1102 }
1101 } 1103 }
1102 } 1104 }
1103 elsif (/^([^=]*)=(.*)$/){ $VARS{$1}=$2; } 1105 elsif (/^([^=]*)=(.*)$/ && !/^-D/){ $VARS{$1}=$2; }
1104 elsif (/^-[lL].*$/) { $l_flags.="$_ "; } 1106 elsif (/^-[lL].*$/) { $l_flags.="$_ "; }
1105 elsif ((!/^-help/) && (!/^-h/) && (!/^-\?/) && /^-.*$/) 1107 elsif ((!/^-help/) && (!/^-h/) && (!/^-\?/) && /^-.*$/)
1106 { $c_flags.="$_ "; } 1108 { $c_flags.="$_ "; }
diff --git a/src/lib/libssl/src/util/mkdef.pl b/src/lib/libssl/src/util/mkdef.pl
index ef1cc6e513..8ecfde1848 100644
--- a/src/lib/libssl/src/util/mkdef.pl
+++ b/src/lib/libssl/src/util/mkdef.pl
@@ -100,6 +100,8 @@ my @known_algorithms = ( "RC2", "RC4", "RC5", "IDEA", "DES", "BF",
100 "TLSEXT", 100 "TLSEXT",
101 # CMS 101 # CMS
102 "CMS", 102 "CMS",
103 # CryptoAPI Engine
104 "CAPIENG",
103 # Deprecated functions 105 # Deprecated functions
104 "DEPRECATED" ); 106 "DEPRECATED" );
105 107
@@ -120,7 +122,7 @@ my $no_rsa; my $no_dsa; my $no_dh; my $no_hmac=0; my $no_aes; my $no_krb5;
120my $no_ec; my $no_ecdsa; my $no_ecdh; my $no_engine; my $no_hw; my $no_camellia; 122my $no_ec; my $no_ecdsa; my $no_ecdh; my $no_engine; my $no_hw; my $no_camellia;
121my $no_seed; 123my $no_seed;
122my $no_fp_api; my $no_static_engine; my $no_gmp; my $no_deprecated; 124my $no_fp_api; my $no_static_engine; my $no_gmp; my $no_deprecated;
123my $no_rfc3779; my $no_tlsext; my $no_cms; 125my $no_rfc3779; my $no_tlsext; my $no_cms; my $no_capieng;
124 126
125 127
126foreach (@ARGV, split(/ /, $options)) 128foreach (@ARGV, split(/ /, $options))
@@ -206,6 +208,7 @@ foreach (@ARGV, split(/ /, $options))
206 elsif (/^no-rfc3779$/) { $no_rfc3779=1; } 208 elsif (/^no-rfc3779$/) { $no_rfc3779=1; }
207 elsif (/^no-tlsext$/) { $no_tlsext=1; } 209 elsif (/^no-tlsext$/) { $no_tlsext=1; }
208 elsif (/^no-cms$/) { $no_cms=1; } 210 elsif (/^no-cms$/) { $no_cms=1; }
211 elsif (/^no-capieng$/) { $no_capieng=1; }
209 } 212 }
210 213
211 214
@@ -1131,6 +1134,7 @@ sub is_valid
1131 if ($keyword eq "RFC3779" && $no_rfc3779) { return 0; } 1134 if ($keyword eq "RFC3779" && $no_rfc3779) { return 0; }
1132 if ($keyword eq "TLSEXT" && $no_tlsext) { return 0; } 1135 if ($keyword eq "TLSEXT" && $no_tlsext) { return 0; }
1133 if ($keyword eq "CMS" && $no_cms) { return 0; } 1136 if ($keyword eq "CMS" && $no_cms) { return 0; }
1137 if ($keyword eq "CAPIENG" && $no_capieng) { return 0; }
1134 if ($keyword eq "DEPRECATED" && $no_deprecated) { return 0; } 1138 if ($keyword eq "DEPRECATED" && $no_deprecated) { return 0; }
1135 1139
1136 # Nothing recognise as true 1140 # Nothing recognise as true
diff --git a/src/lib/libssl/src/util/pl/VC-32.pl b/src/lib/libssl/src/util/pl/VC-32.pl
index 9cb2ab7e99..1e254119e6 100644
--- a/src/lib/libssl/src/util/pl/VC-32.pl
+++ b/src/lib/libssl/src/util/pl/VC-32.pl
@@ -138,7 +138,7 @@ if ($FLAVOR =~ /CE/)
138 } 138 }
139else 139else
140 { 140 {
141 $ex_libs.=' gdi32.lib advapi32.lib user32.lib'; 141 $ex_libs.=' gdi32.lib crypt32.lib advapi32.lib user32.lib';
142 $ex_libs.=' bufferoverflowu.lib' if ($FLAVOR =~ /WIN64/); 142 $ex_libs.=' bufferoverflowu.lib' if ($FLAVOR =~ /WIN64/);
143 } 143 }
144 144
@@ -259,7 +259,6 @@ sub do_lib_rule
259 $name =~ tr/a-z/A-Z/; 259 $name =~ tr/a-z/A-Z/;
260 $name = "/def:ms/${name}.def"; 260 $name = "/def:ms/${name}.def";
261 } 261 }
262
263# $target="\$(LIB_D)$o$target"; 262# $target="\$(LIB_D)$o$target";
264 $ret.="$target: $objs\n"; 263 $ret.="$target: $objs\n";
265 if (!$shlib) 264 if (!$shlib)
@@ -274,6 +273,10 @@ sub do_lib_rule
274 if ($name eq "") 273 if ($name eq "")
275 { 274 {
276 $ex.=' bufferoverflowu.lib' if ($FLAVOR =~ /WIN64/); 275 $ex.=' bufferoverflowu.lib' if ($FLAVOR =~ /WIN64/);
276 if ($target =~ /capi/)
277 {
278 $ex.=' crypt32.lib advapi32.lib';
279 }
277 } 280 }
278 elsif ($FLAVOR =~ /CE/) 281 elsif ($FLAVOR =~ /CE/)
279 { 282 {
@@ -283,6 +286,7 @@ sub do_lib_rule
283 { 286 {
284 $ex.=' unicows.lib' if ($FLAVOR =~ /NT/); 287 $ex.=' unicows.lib' if ($FLAVOR =~ /NT/);
285 $ex.=' wsock32.lib gdi32.lib advapi32.lib user32.lib'; 288 $ex.=' wsock32.lib gdi32.lib advapi32.lib user32.lib';
289 $ex.=' crypt32.lib';
286 $ex.=' bufferoverflowu.lib' if ($FLAVOR =~ /WIN64/); 290 $ex.=' bufferoverflowu.lib' if ($FLAVOR =~ /WIN64/);
287 } 291 }
288 $ex.=" $zlib_lib" if $zlib_opt == 1 && $target =~ /O_CRYPTO/; 292 $ex.=" $zlib_lib" if $zlib_opt == 1 && $target =~ /O_CRYPTO/;
diff --git a/src/lib/libssl/src/util/ssleay.num b/src/lib/libssl/src/util/ssleay.num
index b3ac136a56..2055cc1597 100644
--- a/src/lib/libssl/src/util/ssleay.num
+++ b/src/lib/libssl/src/util/ssleay.num
@@ -241,3 +241,4 @@ SSL_CTX_sess_get_remove_cb 289 EXIST::FUNCTION:
241SSL_set_SSL_CTX 290 EXIST::FUNCTION: 241SSL_set_SSL_CTX 290 EXIST::FUNCTION:
242SSL_get_servername 291 EXIST::FUNCTION:TLSEXT 242SSL_get_servername 291 EXIST::FUNCTION:TLSEXT
243SSL_get_servername_type 292 EXIST::FUNCTION:TLSEXT 243SSL_get_servername_type 292 EXIST::FUNCTION:TLSEXT
244SSL_CTX_set_client_cert_engine 293 EXIST::FUNCTION:ENGINE
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-10-26 16:32:15 +0000