summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib/libcrypto')
-rw-r--r--src/lib/libcrypto/Attic/Makefile4
-rw-r--r--src/lib/libcrypto/bn/Makefile4
-rw-r--r--src/lib/libcrypto/ec/ectest.c2
-rw-r--r--src/lib/libcrypto/engine/hw_cryptodev.c511
-rw-r--r--src/lib/libcrypto/evp/Makefile55
-rw-r--r--src/lib/libcrypto/mem.c2
-rw-r--r--src/lib/libcrypto/rand/md_rand.c27
-rw-r--r--src/lib/libcrypto/rand/rand_win.c2
-rw-r--r--src/lib/libcrypto/sha/Makefile4
-rw-r--r--src/lib/libcrypto/sha/sha_dgst.c2
-rw-r--r--src/lib/libcrypto/symhacks.h20
-rw-r--r--src/lib/libcrypto/util/libeay.num4
-rw-r--r--src/lib/libcrypto/util/pl/BC-32.pl8
-rw-r--r--src/lib/libcrypto/util/pl/VC-32.pl9
-rwxr-xr-xsrc/lib/libcrypto/util/shlib_wrap.sh6
15 files changed, 507 insertions, 153 deletions
diff --git a/src/lib/libcrypto/Attic/Makefile b/src/lib/libcrypto/Attic/Makefile
index 947dd5d44e..a90809b2b8 100644
--- a/src/lib/libcrypto/Attic/Makefile
+++ b/src/lib/libcrypto/Attic/Makefile
@@ -77,7 +77,9 @@ ia64cpuid.s: ia64cpuid.S; $(CC) $(CFLAGS) -E ia64cpuid.S > $@
77ppccpuid.s: ppccpuid.pl; $(PERL) ppccpuid.pl $(PERLASM_SCHEME) $@ 77ppccpuid.s: ppccpuid.pl; $(PERL) ppccpuid.pl $(PERLASM_SCHEME) $@
78pariscid.s: pariscid.pl; $(PERL) pariscid.pl $(PERLASM_SCHEME) $@ 78pariscid.s: pariscid.pl; $(PERL) pariscid.pl $(PERLASM_SCHEME) $@
79alphacpuid.s: alphacpuid.pl 79alphacpuid.s: alphacpuid.pl
80 $(PERL) $< | $(CC) -E - | tee $@ > /dev/null 80 (preproc=/tmp/$$$$.$@; trap "rm $$preproc" INT; \
81 $(PERL) alphacpuid.pl > $$preproc && \
82 $(CC) -E $$preproc > $@ && rm $$preproc)
81 83
82testapps: 84testapps:
83 [ -z "$(THIS)" ] || ( if echo $(SDIRS) | fgrep ' des '; \ 85 [ -z "$(THIS)" ] || ( if echo $(SDIRS) | fgrep ' des '; \
diff --git a/src/lib/libcrypto/bn/Makefile b/src/lib/libcrypto/bn/Makefile
index 672773454c..6dd136be5d 100644
--- a/src/lib/libcrypto/bn/Makefile
+++ b/src/lib/libcrypto/bn/Makefile
@@ -125,7 +125,9 @@ ppc-mont.s: asm/ppc-mont.pl;$(PERL) asm/ppc-mont.pl $(PERLASM_SCHEME) $@
125ppc64-mont.s: asm/ppc64-mont.pl;$(PERL) asm/ppc64-mont.pl $(PERLASM_SCHEME) $@ 125ppc64-mont.s: asm/ppc64-mont.pl;$(PERL) asm/ppc64-mont.pl $(PERLASM_SCHEME) $@
126 126
127alpha-mont.s: asm/alpha-mont.pl 127alpha-mont.s: asm/alpha-mont.pl
128 $(PERL) $< | $(CC) -E - | tee $@ > /dev/null 128 (preproc=/tmp/$$$$.$@; trap "rm $$preproc" INT; \
129 $(PERL) asm/alpha-mont.pl > $$preproc && \
130 $(CC) -E $$preproc > $@ && rm $$preproc)
129 131
130# GNU make "catch all" 132# GNU make "catch all"
131%-mont.s: asm/%-mont.pl; $(PERL) $< $(PERLASM_SCHEME) $@ 133%-mont.s: asm/%-mont.pl; $(PERL) $< $(PERLASM_SCHEME) $@
diff --git a/src/lib/libcrypto/ec/ectest.c b/src/lib/libcrypto/ec/ectest.c
index f107782de0..102eaa9b23 100644
--- a/src/lib/libcrypto/ec/ectest.c
+++ b/src/lib/libcrypto/ec/ectest.c
@@ -236,7 +236,7 @@ static void group_order_tests(EC_GROUP *group)
236 } 236 }
237 237
238static void prime_field_tests(void) 238static void prime_field_tests(void)
239 { 239 {
240 BN_CTX *ctx = NULL; 240 BN_CTX *ctx = NULL;
241 BIGNUM *p, *a, *b; 241 BIGNUM *p, *a, *b;
242 EC_GROUP *group; 242 EC_GROUP *group;
diff --git a/src/lib/libcrypto/engine/hw_cryptodev.c b/src/lib/libcrypto/engine/hw_cryptodev.c
index 3e7fff1c1e..5a715aca4f 100644
--- a/src/lib/libcrypto/engine/hw_cryptodev.c
+++ b/src/lib/libcrypto/engine/hw_cryptodev.c
@@ -29,14 +29,16 @@
29#include <openssl/objects.h> 29#include <openssl/objects.h>
30#include <openssl/engine.h> 30#include <openssl/engine.h>
31#include <openssl/evp.h> 31#include <openssl/evp.h>
32#include <openssl/bn.h>
32 33
33#if (defined(__unix__) || defined(unix)) && !defined(USG) 34#if (defined(__unix__) || defined(unix)) && !defined(USG) && \
35 (defined(OpenBSD) || defined(__FreeBSD__))
34#include <sys/param.h> 36#include <sys/param.h>
35# if (OpenBSD >= 200112) || ((__FreeBSD_version >= 470101 && __FreeBSD_version < 500000) || __FreeBSD_version >= 500041) 37# if (OpenBSD >= 200112) || ((__FreeBSD_version >= 470101 && __FreeBSD_version < 500000) || __FreeBSD_version >= 500041)
36# define HAVE_CRYPTODEV 38# define HAVE_CRYPTODEV
37# endif 39# endif
38# if (OpenBSD >= 200110) 40# if (OpenBSD >= 200110)
39# define HAVE_SYSLOG_R 41# define HAVE_SYSLOG_R
40# endif 42# endif
41#endif 43#endif
42 44
@@ -50,9 +52,13 @@ ENGINE_load_cryptodev(void)
50} 52}
51 53
52#else 54#else
53 55
54#include <sys/types.h> 56#include <sys/types.h>
55#include <crypto/cryptodev.h> 57#include <crypto/cryptodev.h>
58#include <crypto/dh/dh.h>
59#include <crypto/dsa/dsa.h>
60#include <crypto/err/err.h>
61#include <crypto/rsa/rsa.h>
56#include <sys/ioctl.h> 62#include <sys/ioctl.h>
57#include <errno.h> 63#include <errno.h>
58#include <stdio.h> 64#include <stdio.h>
@@ -66,6 +72,14 @@ ENGINE_load_cryptodev(void)
66struct dev_crypto_state { 72struct dev_crypto_state {
67 struct session_op d_sess; 73 struct session_op d_sess;
68 int d_fd; 74 int d_fd;
75
76#ifdef USE_CRYPTODEV_DIGESTS
77 char dummy_mac_key[HASH_MAX_LEN];
78
79 unsigned char digest_res[HASH_MAX_LEN];
80 char *mac_data;
81 int mac_len;
82#endif
69}; 83};
70 84
71static u_int32_t cryptodev_asymfeat = 0; 85static u_int32_t cryptodev_asymfeat = 0;
@@ -73,15 +87,14 @@ static u_int32_t cryptodev_asymfeat = 0;
73static int get_asym_dev_crypto(void); 87static int get_asym_dev_crypto(void);
74static int open_dev_crypto(void); 88static int open_dev_crypto(void);
75static int get_dev_crypto(void); 89static int get_dev_crypto(void);
76static int cryptodev_max_iv(int cipher);
77static int cryptodev_key_length_valid(int cipher, int len);
78static int cipher_nid_to_cryptodev(int nid);
79static int get_cryptodev_ciphers(const int **cnids); 90static int get_cryptodev_ciphers(const int **cnids);
80/*static int get_cryptodev_digests(const int **cnids);*/ 91#ifdef USE_CRYPTODEV_DIGESTS
92static int get_cryptodev_digests(const int **cnids);
93#endif
81static int cryptodev_usable_ciphers(const int **nids); 94static int cryptodev_usable_ciphers(const int **nids);
82static int cryptodev_usable_digests(const int **nids); 95static int cryptodev_usable_digests(const int **nids);
83static int cryptodev_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, 96static int cryptodev_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
84 const unsigned char *in, unsigned int inl); 97 const unsigned char *in, size_t inl);
85static int cryptodev_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, 98static int cryptodev_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
86 const unsigned char *iv, int enc); 99 const unsigned char *iv, int enc);
87static int cryptodev_cleanup(EVP_CIPHER_CTX *ctx); 100static int cryptodev_cleanup(EVP_CIPHER_CTX *ctx);
@@ -98,8 +111,8 @@ static int cryptodev_asym(struct crypt_kop *kop, int rlen, BIGNUM *r,
98static int cryptodev_bn_mod_exp(BIGNUM *r, const BIGNUM *a, 111static int cryptodev_bn_mod_exp(BIGNUM *r, const BIGNUM *a,
99 const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx); 112 const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
100static int cryptodev_rsa_nocrt_mod_exp(BIGNUM *r0, const BIGNUM *I, 113static int cryptodev_rsa_nocrt_mod_exp(BIGNUM *r0, const BIGNUM *I,
101 RSA *rsa); 114 RSA *rsa, BN_CTX *ctx);
102static int cryptodev_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa); 115static int cryptodev_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx);
103static int cryptodev_dsa_bn_mod_exp(DSA *dsa, BIGNUM *r, BIGNUM *a, 116static int cryptodev_dsa_bn_mod_exp(DSA *dsa, BIGNUM *r, BIGNUM *a,
104 const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx); 117 const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
105static int cryptodev_dsa_dsa_mod_exp(DSA *dsa, BIGNUM *t1, BIGNUM *g, 118static int cryptodev_dsa_dsa_mod_exp(DSA *dsa, BIGNUM *t1, BIGNUM *g,
@@ -115,7 +128,7 @@ static int cryptodev_mod_exp_dh(const DH *dh, BIGNUM *r, const BIGNUM *a,
115static int cryptodev_dh_compute_key(unsigned char *key, 128static int cryptodev_dh_compute_key(unsigned char *key,
116 const BIGNUM *pub_key, DH *dh); 129 const BIGNUM *pub_key, DH *dh);
117static int cryptodev_ctrl(ENGINE *e, int cmd, long i, void *p, 130static int cryptodev_ctrl(ENGINE *e, int cmd, long i, void *p,
118 void (*f)()); 131 void (*f)(void));
119void ENGINE_load_cryptodev(void); 132void ENGINE_load_cryptodev(void);
120 133
121static const ENGINE_CMD_DEFN cryptodev_defns[] = { 134static const ENGINE_CMD_DEFN cryptodev_defns[] = {
@@ -128,27 +141,32 @@ static struct {
128 int ivmax; 141 int ivmax;
129 int keylen; 142 int keylen;
130} ciphers[] = { 143} ciphers[] = {
144 { CRYPTO_ARC4, NID_rc4, 0, 16, },
131 { CRYPTO_DES_CBC, NID_des_cbc, 8, 8, }, 145 { CRYPTO_DES_CBC, NID_des_cbc, 8, 8, },
132 { CRYPTO_3DES_CBC, NID_des_ede3_cbc, 8, 24, }, 146 { CRYPTO_3DES_CBC, NID_des_ede3_cbc, 8, 24, },
133 { CRYPTO_AES_CBC, NID_aes_128_cbc, 16, 16, }, 147 { CRYPTO_AES_CBC, NID_aes_128_cbc, 16, 16, },
148 { CRYPTO_AES_CBC, NID_aes_192_cbc, 16, 24, },
149 { CRYPTO_AES_CBC, NID_aes_256_cbc, 16, 32, },
134 { CRYPTO_BLF_CBC, NID_bf_cbc, 8, 16, }, 150 { CRYPTO_BLF_CBC, NID_bf_cbc, 8, 16, },
135 { CRYPTO_CAST_CBC, NID_cast5_cbc, 8, 16, }, 151 { CRYPTO_CAST_CBC, NID_cast5_cbc, 8, 16, },
136 { CRYPTO_SKIPJACK_CBC, NID_undef, 0, 0, }, 152 { CRYPTO_SKIPJACK_CBC, NID_undef, 0, 0, },
137 { 0, NID_undef, 0, 0, }, 153 { 0, NID_undef, 0, 0, },
138}; 154};
139 155
140#if 0 /* UNUSED */ 156#ifdef USE_CRYPTODEV_DIGESTS
141static struct { 157static struct {
142 int id; 158 int id;
143 int nid; 159 int nid;
160 int keylen;
144} digests[] = { 161} digests[] = {
145 { CRYPTO_SHA1_HMAC, NID_hmacWithSHA1, }, 162 { CRYPTO_MD5_HMAC, NID_hmacWithMD5, 16},
146 { CRYPTO_RIPEMD160_HMAC, NID_ripemd160, }, 163 { CRYPTO_SHA1_HMAC, NID_hmacWithSHA1, 20},
147 { CRYPTO_MD5_KPDK, NID_undef, }, 164 { CRYPTO_RIPEMD160_HMAC, NID_ripemd160, 16/*?*/},
148 { CRYPTO_SHA1_KPDK, NID_undef, }, 165 { CRYPTO_MD5_KPDK, NID_undef, 0},
149 { CRYPTO_MD5, NID_md5, }, 166 { CRYPTO_SHA1_KPDK, NID_undef, 0},
150 { CRYPTO_SHA1, NID_undef, }, 167 { CRYPTO_MD5, NID_md5, 16},
151 { 0, NID_undef, }, 168 { CRYPTO_SHA1, NID_sha1, 20},
169 { 0, NID_undef, 0},
152}; 170};
153#endif 171#endif
154 172
@@ -180,6 +198,7 @@ get_dev_crypto(void)
180 198
181 if ((fd = open_dev_crypto()) == -1) 199 if ((fd = open_dev_crypto()) == -1)
182 return (-1); 200 return (-1);
201#ifndef CRIOGET_NOT_NEEDED
183 if (ioctl(fd, CRIOGET, &retfd) == -1) 202 if (ioctl(fd, CRIOGET, &retfd) == -1)
184 return (-1); 203 return (-1);
185 204
@@ -188,9 +207,19 @@ get_dev_crypto(void)
188 close(retfd); 207 close(retfd);
189 return (-1); 208 return (-1);
190 } 209 }
210#else
211 retfd = fd;
212#endif
191 return (retfd); 213 return (retfd);
192} 214}
193 215
216static void put_dev_crypto(int fd)
217{
218#ifndef CRIOGET_NOT_NEEDED
219 close(fd);
220#endif
221}
222
194/* Caching version for asym operations */ 223/* Caching version for asym operations */
195static int 224static int
196get_asym_dev_crypto(void) 225get_asym_dev_crypto(void)
@@ -203,50 +232,6 @@ get_asym_dev_crypto(void)
203} 232}
204 233
205/* 234/*
206 * XXXX this needs to be set for each alg - and determined from
207 * a running card.
208 */
209static int
210cryptodev_max_iv(int cipher)
211{
212 int i;
213
214 for (i = 0; ciphers[i].id; i++)
215 if (ciphers[i].id == cipher)
216 return (ciphers[i].ivmax);
217 return (0);
218}
219
220/*
221 * XXXX this needs to be set for each alg - and determined from
222 * a running card. For now, fake it out - but most of these
223 * for real devices should return 1 for the supported key
224 * sizes the device can handle.
225 */
226static int
227cryptodev_key_length_valid(int cipher, int len)
228{
229 int i;
230
231 for (i = 0; ciphers[i].id; i++)
232 if (ciphers[i].id == cipher)
233 return (ciphers[i].keylen == len);
234 return (0);
235}
236
237/* convert libcrypto nids to cryptodev */
238static int
239cipher_nid_to_cryptodev(int nid)
240{
241 int i;
242
243 for (i = 0; ciphers[i].id; i++)
244 if (ciphers[i].nid == nid)
245 return (ciphers[i].id);
246 return (0);
247}
248
249/*
250 * Find out what ciphers /dev/crypto will let us have a session for. 235 * Find out what ciphers /dev/crypto will let us have a session for.
251 * XXX note, that some of these openssl doesn't deal with yet! 236 * XXX note, that some of these openssl doesn't deal with yet!
252 * returning them here is harmless, as long as we return NULL 237 * returning them here is harmless, as long as we return NULL
@@ -264,7 +249,7 @@ get_cryptodev_ciphers(const int **cnids)
264 return (0); 249 return (0);
265 } 250 }
266 memset(&sess, 0, sizeof(sess)); 251 memset(&sess, 0, sizeof(sess));
267 sess.key = (caddr_t)"123456781234567812345678"; 252 sess.key = (caddr_t)"123456789abcdefghijklmno";
268 253
269 for (i = 0; ciphers[i].id && count < CRYPTO_ALGORITHM_MAX; i++) { 254 for (i = 0; ciphers[i].id && count < CRYPTO_ALGORITHM_MAX; i++) {
270 if (ciphers[i].nid == NID_undef) 255 if (ciphers[i].nid == NID_undef)
@@ -276,7 +261,7 @@ get_cryptodev_ciphers(const int **cnids)
276 ioctl(fd, CIOCFSESSION, &sess.ses) != -1) 261 ioctl(fd, CIOCFSESSION, &sess.ses) != -1)
277 nids[count++] = ciphers[i].nid; 262 nids[count++] = ciphers[i].nid;
278 } 263 }
279 close(fd); 264 put_dev_crypto(fd);
280 265
281 if (count > 0) 266 if (count > 0)
282 *cnids = nids; 267 *cnids = nids;
@@ -285,13 +270,13 @@ get_cryptodev_ciphers(const int **cnids)
285 return (count); 270 return (count);
286} 271}
287 272
273#ifdef USE_CRYPTODEV_DIGESTS
288/* 274/*
289 * Find out what digests /dev/crypto will let us have a session for. 275 * Find out what digests /dev/crypto will let us have a session for.
290 * XXX note, that some of these openssl doesn't deal with yet! 276 * XXX note, that some of these openssl doesn't deal with yet!
291 * returning them here is harmless, as long as we return NULL 277 * returning them here is harmless, as long as we return NULL
292 * when asked for a handler in the cryptodev_engine_digests routine 278 * when asked for a handler in the cryptodev_engine_digests routine
293 */ 279 */
294#if 0 /* UNUSED */
295static int 280static int
296get_cryptodev_digests(const int **cnids) 281get_cryptodev_digests(const int **cnids)
297{ 282{
@@ -304,16 +289,18 @@ get_cryptodev_digests(const int **cnids)
304 return (0); 289 return (0);
305 } 290 }
306 memset(&sess, 0, sizeof(sess)); 291 memset(&sess, 0, sizeof(sess));
292 sess.mackey = (caddr_t)"123456789abcdefghijklmno";
307 for (i = 0; digests[i].id && count < CRYPTO_ALGORITHM_MAX; i++) { 293 for (i = 0; digests[i].id && count < CRYPTO_ALGORITHM_MAX; i++) {
308 if (digests[i].nid == NID_undef) 294 if (digests[i].nid == NID_undef)
309 continue; 295 continue;
310 sess.mac = digests[i].id; 296 sess.mac = digests[i].id;
297 sess.mackeylen = digests[i].keylen;
311 sess.cipher = 0; 298 sess.cipher = 0;
312 if (ioctl(fd, CIOCGSESSION, &sess) != -1 && 299 if (ioctl(fd, CIOCGSESSION, &sess) != -1 &&
313 ioctl(fd, CIOCFSESSION, &sess.ses) != -1) 300 ioctl(fd, CIOCFSESSION, &sess.ses) != -1)
314 nids[count++] = digests[i].nid; 301 nids[count++] = digests[i].nid;
315 } 302 }
316 close(fd); 303 put_dev_crypto(fd);
317 304
318 if (count > 0) 305 if (count > 0)
319 *cnids = nids; 306 *cnids = nids;
@@ -321,7 +308,7 @@ get_cryptodev_digests(const int **cnids)
321 *cnids = NULL; 308 *cnids = NULL;
322 return (count); 309 return (count);
323} 310}
324#endif 311#endif /* 0 */
325 312
326/* 313/*
327 * Find the useable ciphers|digests from dev/crypto - this is the first 314 * Find the useable ciphers|digests from dev/crypto - this is the first
@@ -353,6 +340,9 @@ cryptodev_usable_ciphers(const int **nids)
353static int 340static int
354cryptodev_usable_digests(const int **nids) 341cryptodev_usable_digests(const int **nids)
355{ 342{
343#ifdef USE_CRYPTODEV_DIGESTS
344 return (get_cryptodev_digests(nids));
345#else
356 /* 346 /*
357 * XXXX just disable all digests for now, because it sucks. 347 * XXXX just disable all digests for now, because it sucks.
358 * we need a better way to decide this - i.e. I may not 348 * we need a better way to decide this - i.e. I may not
@@ -367,16 +357,17 @@ cryptodev_usable_digests(const int **nids)
367 */ 357 */
368 *nids = NULL; 358 *nids = NULL;
369 return (0); 359 return (0);
360#endif
370} 361}
371 362
372static int 363static int
373cryptodev_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, 364cryptodev_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
374 const unsigned char *in, unsigned int inl) 365 const unsigned char *in, size_t inl)
375{ 366{
376 struct crypt_op cryp; 367 struct crypt_op cryp;
377 struct dev_crypto_state *state = ctx->cipher_data; 368 struct dev_crypto_state *state = ctx->cipher_data;
378 struct session_op *sess = &state->d_sess; 369 struct session_op *sess = &state->d_sess;
379 void *iiv; 370 const void *iiv;
380 unsigned char save_iv[EVP_MAX_IV_LENGTH]; 371 unsigned char save_iv[EVP_MAX_IV_LENGTH];
381 372
382 if (state->d_fd < 0) 373 if (state->d_fd < 0)
@@ -400,7 +391,7 @@ cryptodev_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
400 if (ctx->cipher->iv_len) { 391 if (ctx->cipher->iv_len) {
401 cryp.iv = (caddr_t) ctx->iv; 392 cryp.iv = (caddr_t) ctx->iv;
402 if (!ctx->encrypt) { 393 if (!ctx->encrypt) {
403 iiv = (void *) in + inl - ctx->cipher->iv_len; 394 iiv = in + inl - ctx->cipher->iv_len;
404 memcpy(save_iv, iiv, ctx->cipher->iv_len); 395 memcpy(save_iv, iiv, ctx->cipher->iv_len);
405 } 396 }
406 } else 397 } else
@@ -415,7 +406,7 @@ cryptodev_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
415 406
416 if (ctx->cipher->iv_len) { 407 if (ctx->cipher->iv_len) {
417 if (ctx->encrypt) 408 if (ctx->encrypt)
418 iiv = (void *) out + inl - ctx->cipher->iv_len; 409 iiv = out + inl - ctx->cipher->iv_len;
419 else 410 else
420 iiv = save_iv; 411 iiv = save_iv;
421 memcpy(ctx->iv, iiv, ctx->cipher->iv_len); 412 memcpy(ctx->iv, iiv, ctx->cipher->iv_len);
@@ -429,28 +420,32 @@ cryptodev_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
429{ 420{
430 struct dev_crypto_state *state = ctx->cipher_data; 421 struct dev_crypto_state *state = ctx->cipher_data;
431 struct session_op *sess = &state->d_sess; 422 struct session_op *sess = &state->d_sess;
432 int cipher; 423 int cipher = -1, i;
433 424
434 if ((cipher = cipher_nid_to_cryptodev(ctx->cipher->nid)) == NID_undef) 425 for (i = 0; ciphers[i].id; i++)
435 return (0); 426 if (ctx->cipher->nid == ciphers[i].nid &&
436 427 ctx->cipher->iv_len <= ciphers[i].ivmax &&
437 if (ctx->cipher->iv_len > cryptodev_max_iv(cipher)) 428 ctx->key_len == ciphers[i].keylen) {
438 return (0); 429 cipher = ciphers[i].id;
430 break;
431 }
439 432
440 if (!cryptodev_key_length_valid(cipher, ctx->key_len)) 433 if (!ciphers[i].id) {
434 state->d_fd = -1;
441 return (0); 435 return (0);
436 }
442 437
443 memset(sess, 0, sizeof(struct session_op)); 438 memset(sess, 0, sizeof(struct session_op));
444 439
445 if ((state->d_fd = get_dev_crypto()) < 0) 440 if ((state->d_fd = get_dev_crypto()) < 0)
446 return (0); 441 return (0);
447 442
448 sess->key = (unsigned char *)key; 443 sess->key = (caddr_t)key;
449 sess->keylen = ctx->key_len; 444 sess->keylen = ctx->key_len;
450 sess->cipher = cipher; 445 sess->cipher = cipher;
451 446
452 if (ioctl(state->d_fd, CIOCGSESSION, sess) == -1) { 447 if (ioctl(state->d_fd, CIOCGSESSION, sess) == -1) {
453 close(state->d_fd); 448 put_dev_crypto(state->d_fd);
454 state->d_fd = -1; 449 state->d_fd = -1;
455 return (0); 450 return (0);
456 } 451 }
@@ -487,7 +482,7 @@ cryptodev_cleanup(EVP_CIPHER_CTX *ctx)
487 } else { 482 } else {
488 ret = 1; 483 ret = 1;
489 } 484 }
490 close(state->d_fd); 485 put_dev_crypto(state->d_fd);
491 state->d_fd = -1; 486 state->d_fd = -1;
492 487
493 return (ret); 488 return (ret);
@@ -498,6 +493,20 @@ cryptodev_cleanup(EVP_CIPHER_CTX *ctx)
498 * gets called when libcrypto requests a cipher NID. 493 * gets called when libcrypto requests a cipher NID.
499 */ 494 */
500 495
496/* RC4 */
497const EVP_CIPHER cryptodev_rc4 = {
498 NID_rc4,
499 1, 16, 0,
500 EVP_CIPH_VARIABLE_LENGTH,
501 cryptodev_init_key,
502 cryptodev_cipher,
503 cryptodev_cleanup,
504 sizeof(struct dev_crypto_state),
505 NULL,
506 NULL,
507 NULL
508};
509
501/* DES CBC EVP */ 510/* DES CBC EVP */
502const EVP_CIPHER cryptodev_des_cbc = { 511const EVP_CIPHER cryptodev_des_cbc = {
503 NID_des_cbc, 512 NID_des_cbc,
@@ -565,6 +574,32 @@ const EVP_CIPHER cryptodev_aes_cbc = {
565 NULL 574 NULL
566}; 575};
567 576
577const EVP_CIPHER cryptodev_aes_192_cbc = {
578 NID_aes_192_cbc,
579 16, 24, 16,
580 EVP_CIPH_CBC_MODE,
581 cryptodev_init_key,
582 cryptodev_cipher,
583 cryptodev_cleanup,
584 sizeof(struct dev_crypto_state),
585 EVP_CIPHER_set_asn1_iv,
586 EVP_CIPHER_get_asn1_iv,
587 NULL
588};
589
590const EVP_CIPHER cryptodev_aes_256_cbc = {
591 NID_aes_256_cbc,
592 16, 32, 16,
593 EVP_CIPH_CBC_MODE,
594 cryptodev_init_key,
595 cryptodev_cipher,
596 cryptodev_cleanup,
597 sizeof(struct dev_crypto_state),
598 EVP_CIPHER_set_asn1_iv,
599 EVP_CIPHER_get_asn1_iv,
600 NULL
601};
602
568/* 603/*
569 * Registered by the ENGINE when used to find out how to deal with 604 * Registered by the ENGINE when used to find out how to deal with
570 * a particular NID in the ENGINE. this says what we'll do at the 605 * a particular NID in the ENGINE. this says what we'll do at the
@@ -578,6 +613,9 @@ cryptodev_engine_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
578 return (cryptodev_usable_ciphers(nids)); 613 return (cryptodev_usable_ciphers(nids));
579 614
580 switch (nid) { 615 switch (nid) {
616 case NID_rc4:
617 *cipher = &cryptodev_rc4;
618 break;
581 case NID_des_ede3_cbc: 619 case NID_des_ede3_cbc:
582 *cipher = &cryptodev_3des_cbc; 620 *cipher = &cryptodev_3des_cbc;
583 break; 621 break;
@@ -593,6 +631,12 @@ cryptodev_engine_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
593 case NID_aes_128_cbc: 631 case NID_aes_128_cbc:
594 *cipher = &cryptodev_aes_cbc; 632 *cipher = &cryptodev_aes_cbc;
595 break; 633 break;
634 case NID_aes_192_cbc:
635 *cipher = &cryptodev_aes_192_cbc;
636 break;
637 case NID_aes_256_cbc:
638 *cipher = &cryptodev_aes_256_cbc;
639 break;
596 default: 640 default:
597 *cipher = NULL; 641 *cipher = NULL;
598 break; 642 break;
@@ -600,6 +644,256 @@ cryptodev_engine_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
600 return (*cipher != NULL); 644 return (*cipher != NULL);
601} 645}
602 646
647
648#ifdef USE_CRYPTODEV_DIGESTS
649
650/* convert digest type to cryptodev */
651static int
652digest_nid_to_cryptodev(int nid)
653{
654 int i;
655
656 for (i = 0; digests[i].id; i++)
657 if (digests[i].nid == nid)
658 return (digests[i].id);
659 return (0);
660}
661
662
663static int
664digest_key_length(int nid)
665{
666 int i;
667
668 for (i = 0; digests[i].id; i++)
669 if (digests[i].nid == nid)
670 return digests[i].keylen;
671 return (0);
672}
673
674
675static int cryptodev_digest_init(EVP_MD_CTX *ctx)
676{
677 struct dev_crypto_state *state = ctx->md_data;
678 struct session_op *sess = &state->d_sess;
679 int digest;
680
681 if ((digest = digest_nid_to_cryptodev(ctx->digest->type)) == NID_undef){
682 printf("cryptodev_digest_init: Can't get digest \n");
683 return (0);
684 }
685
686 memset(state, 0, sizeof(struct dev_crypto_state));
687
688 if ((state->d_fd = get_dev_crypto()) < 0) {
689 printf("cryptodev_digest_init: Can't get Dev \n");
690 return (0);
691 }
692
693 sess->mackey = state->dummy_mac_key;
694 sess->mackeylen = digest_key_length(ctx->digest->type);
695 sess->mac = digest;
696
697 if (ioctl(state->d_fd, CIOCGSESSION, sess) < 0) {
698 put_dev_crypto(state->d_fd);
699 state->d_fd = -1;
700 printf("cryptodev_digest_init: Open session failed\n");
701 return (0);
702 }
703
704 return (1);
705}
706
707static int cryptodev_digest_update(EVP_MD_CTX *ctx, const void *data,
708 size_t count)
709{
710 struct crypt_op cryp;
711 struct dev_crypto_state *state = ctx->md_data;
712 struct session_op *sess = &state->d_sess;
713
714 if (!data || state->d_fd < 0) {
715 printf("cryptodev_digest_update: illegal inputs \n");
716 return (0);
717 }
718
719 if (!count) {
720 return (0);
721 }
722
723 if (!(ctx->flags & EVP_MD_CTX_FLAG_ONESHOT)) {
724 /* if application doesn't support one buffer */
725 state->mac_data = OPENSSL_realloc(state->mac_data, state->mac_len + count);
726
727 if (!state->mac_data) {
728 printf("cryptodev_digest_update: realloc failed\n");
729 return (0);
730 }
731
732 memcpy(state->mac_data + state->mac_len, data, count);
733 state->mac_len += count;
734
735 return (1);
736 }
737
738 memset(&cryp, 0, sizeof(cryp));
739
740 cryp.ses = sess->ses;
741 cryp.flags = 0;
742 cryp.len = count;
743 cryp.src = (caddr_t) data;
744 cryp.dst = NULL;
745 cryp.mac = (caddr_t) state->digest_res;
746 if (ioctl(state->d_fd, CIOCCRYPT, &cryp) < 0) {
747 printf("cryptodev_digest_update: digest failed\n");
748 return (0);
749 }
750 return (1);
751}
752
753
754static int cryptodev_digest_final(EVP_MD_CTX *ctx, unsigned char *md)
755{
756 struct crypt_op cryp;
757 struct dev_crypto_state *state = ctx->md_data;
758 struct session_op *sess = &state->d_sess;
759
760 int ret = 1;
761
762 if (!md || state->d_fd < 0) {
763 printf("cryptodev_digest_final: illegal input\n");
764 return(0);
765 }
766
767 if (! (ctx->flags & EVP_MD_CTX_FLAG_ONESHOT) ) {
768 /* if application doesn't support one buffer */
769 memset(&cryp, 0, sizeof(cryp));
770 cryp.ses = sess->ses;
771 cryp.flags = 0;
772 cryp.len = state->mac_len;
773 cryp.src = state->mac_data;
774 cryp.dst = NULL;
775 cryp.mac = (caddr_t)md;
776 if (ioctl(state->d_fd, CIOCCRYPT, &cryp) < 0) {
777 printf("cryptodev_digest_final: digest failed\n");
778 return (0);
779 }
780
781 return 1;
782 }
783
784 memcpy(md, state->digest_res, ctx->digest->md_size);
785
786 return (ret);
787}
788
789
790static int cryptodev_digest_cleanup(EVP_MD_CTX *ctx)
791{
792 int ret = 1;
793 struct dev_crypto_state *state = ctx->md_data;
794 struct session_op *sess = &state->d_sess;
795
796 if (state == NULL)
797 return 0;
798
799 if (state->d_fd < 0) {
800 printf("cryptodev_digest_cleanup: illegal input\n");
801 return (0);
802 }
803
804 if (state->mac_data) {
805 OPENSSL_free(state->mac_data);
806 state->mac_data = NULL;
807 state->mac_len = 0;
808 }
809
810 if (ioctl(state->d_fd, CIOCFSESSION, &sess->ses) < 0) {
811 printf("cryptodev_digest_cleanup: failed to close session\n");
812 ret = 0;
813 } else {
814 ret = 1;
815 }
816 put_dev_crypto(state->d_fd);
817 state->d_fd = -1;
818
819 return (ret);
820}
821
822static int cryptodev_digest_copy(EVP_MD_CTX *to,const EVP_MD_CTX *from)
823{
824 struct dev_crypto_state *fstate = from->md_data;
825 struct dev_crypto_state *dstate = to->md_data;
826 struct session_op *sess;
827 int digest;
828
829 if (dstate == NULL || fstate == NULL)
830 return 1;
831
832 memcpy(dstate, fstate, sizeof(struct dev_crypto_state));
833
834 sess = &dstate->d_sess;
835
836 digest = digest_nid_to_cryptodev(to->digest->type);
837
838 sess->mackey = dstate->dummy_mac_key;
839 sess->mackeylen = digest_key_length(to->digest->type);
840 sess->mac = digest;
841
842 dstate->d_fd = get_dev_crypto();
843
844 if (ioctl(dstate->d_fd, CIOCGSESSION, sess) < 0) {
845 put_dev_crypto(dstate->d_fd);
846 dstate->d_fd = -1;
847 printf("cryptodev_digest_init: Open session failed\n");
848 return (0);
849 }
850
851 if (fstate->mac_len != 0) {
852 if (fstate->mac_data != NULL)
853 {
854 dstate->mac_data = OPENSSL_malloc(fstate->mac_len);
855 memcpy(dstate->mac_data, fstate->mac_data, fstate->mac_len);
856 dstate->mac_len = fstate->mac_len;
857 }
858 }
859
860 return 1;
861}
862
863
864const EVP_MD cryptodev_sha1 = {
865 NID_sha1,
866 NID_undef,
867 SHA_DIGEST_LENGTH,
868 EVP_MD_FLAG_ONESHOT,
869 cryptodev_digest_init,
870 cryptodev_digest_update,
871 cryptodev_digest_final,
872 cryptodev_digest_copy,
873 cryptodev_digest_cleanup,
874 EVP_PKEY_NULL_method,
875 SHA_CBLOCK,
876 sizeof(struct dev_crypto_state),
877};
878
879const EVP_MD cryptodev_md5 = {
880 NID_md5,
881 NID_undef,
882 16 /* MD5_DIGEST_LENGTH */,
883 EVP_MD_FLAG_ONESHOT,
884 cryptodev_digest_init,
885 cryptodev_digest_update,
886 cryptodev_digest_final,
887 cryptodev_digest_copy,
888 cryptodev_digest_cleanup,
889 EVP_PKEY_NULL_method,
890 64 /* MD5_CBLOCK */,
891 sizeof(struct dev_crypto_state),
892};
893
894#endif /* USE_CRYPTODEV_DIGESTS */
895
896
603static int 897static int
604cryptodev_engine_digests(ENGINE *e, const EVP_MD **digest, 898cryptodev_engine_digests(ENGINE *e, const EVP_MD **digest,
605 const int **nids, int nid) 899 const int **nids, int nid)
@@ -608,10 +902,15 @@ cryptodev_engine_digests(ENGINE *e, const EVP_MD **digest,
608 return (cryptodev_usable_digests(nids)); 902 return (cryptodev_usable_digests(nids));
609 903
610 switch (nid) { 904 switch (nid) {
905#ifdef USE_CRYPTODEV_DIGESTS
611 case NID_md5: 906 case NID_md5:
612 *digest = NULL; /* need to make a clean md5 critter */ 907 *digest = &cryptodev_md5;
613 break; 908 break;
909 case NID_sha1:
910 *digest = &cryptodev_sha1;
911 break;
614 default: 912 default:
913#endif /* USE_CRYPTODEV_DIGESTS */
615 *digest = NULL; 914 *digest = NULL;
616 break; 915 break;
617 } 916 }
@@ -639,8 +938,9 @@ bn2crparam(const BIGNUM *a, struct crparam *crp)
639 b = malloc(bytes); 938 b = malloc(bytes);
640 if (b == NULL) 939 if (b == NULL)
641 return (1); 940 return (1);
941 memset(b, 0, bytes);
642 942
643 crp->crp_p = b; 943 crp->crp_p = (caddr_t) b;
644 crp->crp_nbits = bits; 944 crp->crp_nbits = bits;
645 945
646 for (i = 0, j = 0; i < a->top; i++) { 946 for (i = 0, j = 0; i < a->top; i++) {
@@ -683,7 +983,7 @@ zapparams(struct crypt_kop *kop)
683{ 983{
684 int i; 984 int i;
685 985
686 for (i = 0; i <= kop->crk_iparams + kop->crk_oparams; i++) { 986 for (i = 0; i < kop->crk_iparams + kop->crk_oparams; i++) {
687 if (kop->crk_param[i].crp_p) 987 if (kop->crk_param[i].crp_p)
688 free(kop->crk_param[i].crp_p); 988 free(kop->crk_param[i].crp_p);
689 kop->crk_param[i].crp_p = NULL; 989 kop->crk_param[i].crp_p = NULL;
@@ -748,21 +1048,27 @@ cryptodev_bn_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
748 goto err; 1048 goto err;
749 kop.crk_iparams = 3; 1049 kop.crk_iparams = 3;
750 1050
751 if (cryptodev_asym(&kop, BN_num_bytes(m), r, 0, NULL) == -1) { 1051 if (cryptodev_asym(&kop, BN_num_bytes(m), r, 0, NULL)) {
1052 const RSA_METHOD *meth = RSA_PKCS1_SSLeay();
1053 printf("OCF asym process failed, Running in software\n");
1054 ret = meth->bn_mod_exp(r, a, p, m, ctx, in_mont);
1055
1056 } else if (ECANCELED == kop.crk_status) {
752 const RSA_METHOD *meth = RSA_PKCS1_SSLeay(); 1057 const RSA_METHOD *meth = RSA_PKCS1_SSLeay();
1058 printf("OCF hardware operation cancelled. Running in Software\n");
753 ret = meth->bn_mod_exp(r, a, p, m, ctx, in_mont); 1059 ret = meth->bn_mod_exp(r, a, p, m, ctx, in_mont);
754 } 1060 }
1061 /* else cryptodev operation worked ok ==> ret = 1*/
1062
755err: 1063err:
756 zapparams(&kop); 1064 zapparams(&kop);
757 return (ret); 1065 return (ret);
758} 1066}
759 1067
760static int 1068static int
761cryptodev_rsa_nocrt_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa) 1069cryptodev_rsa_nocrt_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx)
762{ 1070{
763 int r; 1071 int r;
764 BN_CTX *ctx;
765
766 ctx = BN_CTX_new(); 1072 ctx = BN_CTX_new();
767 r = cryptodev_bn_mod_exp(r0, I, rsa->d, rsa->n, ctx, NULL); 1073 r = cryptodev_bn_mod_exp(r0, I, rsa->d, rsa->n, ctx, NULL);
768 BN_CTX_free(ctx); 1074 BN_CTX_free(ctx);
@@ -770,7 +1076,7 @@ cryptodev_rsa_nocrt_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa)
770} 1076}
771 1077
772static int 1078static int
773cryptodev_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa) 1079cryptodev_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx)
774{ 1080{
775 struct crypt_kop kop; 1081 struct crypt_kop kop;
776 int ret = 1; 1082 int ret = 1;
@@ -797,10 +1103,18 @@ cryptodev_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa)
797 goto err; 1103 goto err;
798 kop.crk_iparams = 6; 1104 kop.crk_iparams = 6;
799 1105
800 if (cryptodev_asym(&kop, BN_num_bytes(rsa->n), r0, 0, NULL) == -1) { 1106 if (cryptodev_asym(&kop, BN_num_bytes(rsa->n), r0, 0, NULL)) {
1107 const RSA_METHOD *meth = RSA_PKCS1_SSLeay();
1108 printf("OCF asym process failed, running in Software\n");
1109 ret = (*meth->rsa_mod_exp)(r0, I, rsa, ctx);
1110
1111 } else if (ECANCELED == kop.crk_status) {
801 const RSA_METHOD *meth = RSA_PKCS1_SSLeay(); 1112 const RSA_METHOD *meth = RSA_PKCS1_SSLeay();
802 ret = (*meth->rsa_mod_exp)(r0, I, rsa); 1113 printf("OCF hardware operation cancelled. Running in Software\n");
1114 ret = (*meth->rsa_mod_exp)(r0, I, rsa, ctx);
803 } 1115 }
1116 /* else cryptodev operation worked ok ==> ret = 1*/
1117
804err: 1118err:
805 zapparams(&kop); 1119 zapparams(&kop);
806 return (ret); 1120 return (ret);
@@ -936,7 +1250,8 @@ cryptodev_dsa_verify(const unsigned char *dgst, int dlen,
936 kop.crk_iparams = 7; 1250 kop.crk_iparams = 7;
937 1251
938 if (cryptodev_asym(&kop, 0, NULL, 0, NULL) == 0) { 1252 if (cryptodev_asym(&kop, 0, NULL, 0, NULL) == 0) {
939 dsaret = kop.crk_status; 1253/*OCF success value is 0, if not zero, change dsaret to fail*/
1254 if(0 != kop.crk_status) dsaret = 0;
940 } else { 1255 } else {
941 const DSA_METHOD *meth = DSA_OpenSSL(); 1256 const DSA_METHOD *meth = DSA_OpenSSL();
942 1257
@@ -996,7 +1311,7 @@ cryptodev_dh_compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh)
996 goto err; 1311 goto err;
997 kop.crk_iparams = 3; 1312 kop.crk_iparams = 3;
998 1313
999 kop.crk_param[3].crp_p = key; 1314 kop.crk_param[3].crp_p = (caddr_t) key;
1000 kop.crk_param[3].crp_nbits = keylen * 8; 1315 kop.crk_param[3].crp_nbits = keylen * 8;
1001 kop.crk_oparams = 1; 1316 kop.crk_oparams = 1;
1002 1317
@@ -1027,7 +1342,7 @@ static DH_METHOD cryptodev_dh = {
1027 * but I expect we'll want some options soon. 1342 * but I expect we'll want some options soon.
1028 */ 1343 */
1029static int 1344static int
1030cryptodev_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)()) 1345cryptodev_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void))
1031{ 1346{
1032#ifdef HAVE_SYSLOG_R 1347#ifdef HAVE_SYSLOG_R
1033 struct syslog_data sd = SYSLOG_DATA_INIT; 1348 struct syslog_data sd = SYSLOG_DATA_INIT;
@@ -1063,11 +1378,11 @@ ENGINE_load_cryptodev(void)
1063 * find out what asymmetric crypto algorithms we support 1378 * find out what asymmetric crypto algorithms we support
1064 */ 1379 */
1065 if (ioctl(fd, CIOCASYMFEAT, &cryptodev_asymfeat) == -1) { 1380 if (ioctl(fd, CIOCASYMFEAT, &cryptodev_asymfeat) == -1) {
1066 close(fd); 1381 put_dev_crypto(fd);
1067 ENGINE_free(engine); 1382 ENGINE_free(engine);
1068 return; 1383 return;
1069 } 1384 }
1070 close(fd); 1385 put_dev_crypto(fd);
1071 1386
1072 if (!ENGINE_set_id(engine, "cryptodev") || 1387 if (!ENGINE_set_id(engine, "cryptodev") ||
1073 !ENGINE_set_name(engine, "BSD cryptodev engine") || 1388 !ENGINE_set_name(engine, "BSD cryptodev engine") ||
diff --git a/src/lib/libcrypto/evp/Makefile b/src/lib/libcrypto/evp/Makefile
index 0fe1b96bff..5d0c6b7db4 100644
--- a/src/lib/libcrypto/evp/Makefile
+++ b/src/lib/libcrypto/evp/Makefile
@@ -18,7 +18,7 @@ TESTDATA=evptests.txt
18APPS= 18APPS=
19 19
20LIB=$(TOP)/libcrypto.a 20LIB=$(TOP)/libcrypto.a
21LIBSRC= encode.c digest.c evp_enc.c evp_key.c evp_acnf.c \ 21LIBSRC= encode.c digest.c evp_enc.c evp_key.c evp_acnf.c evp_cnf.c \
22 e_des.c e_bf.c e_idea.c e_des3.c e_camellia.c\ 22 e_des.c e_bf.c e_idea.c e_des3.c e_camellia.c\
23 e_rc4.c e_aes.c names.c e_seed.c \ 23 e_rc4.c e_aes.c names.c e_seed.c \
24 e_xcbc_d.c e_rc2.c e_cast.c e_rc5.c \ 24 e_xcbc_d.c e_rc2.c e_cast.c e_rc5.c \
@@ -31,7 +31,7 @@ LIBSRC= encode.c digest.c evp_enc.c evp_key.c evp_acnf.c \
31 e_old.c pmeth_lib.c pmeth_fn.c pmeth_gn.c m_sigver.c evp_fips.c \ 31 e_old.c pmeth_lib.c pmeth_fn.c pmeth_gn.c m_sigver.c evp_fips.c \
32 e_aes_cbc_hmac_sha1.c e_rc4_hmac_md5.c 32 e_aes_cbc_hmac_sha1.c e_rc4_hmac_md5.c
33 33
34LIBOBJ= encode.o digest.o evp_enc.o evp_key.o evp_acnf.o \ 34LIBOBJ= encode.o digest.o evp_enc.o evp_key.o evp_acnf.o evp_cnf.o \
35 e_des.o e_bf.o e_idea.o e_des3.o e_camellia.o\ 35 e_des.o e_bf.o e_idea.o e_des3.o e_camellia.o\
36 e_rc4.o e_aes.o names.o e_seed.o \ 36 e_rc4.o e_aes.o names.o e_seed.o \
37 e_xcbc_d.o e_rc2.o e_cast.o e_rc5.o \ 37 e_xcbc_d.o e_rc2.o e_cast.o e_rc5.o \
@@ -67,7 +67,7 @@ files:
67links: 67links:
68 @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER) 68 @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
69 @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST) 69 @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
70 cp $(TESTDATA) ../../test 70 @[ -f $(TESTDATA) ] && cp $(TESTDATA) ../../test && echo "$(TESTDATA) -> ../../test/$(TESTDATA)"
71 @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS) 71 @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
72 72
73install: 73install:
@@ -356,6 +356,20 @@ evp_acnf.o: ../../include/openssl/opensslconf.h
356evp_acnf.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h 356evp_acnf.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
357evp_acnf.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h 357evp_acnf.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
358evp_acnf.o: ../../include/openssl/symhacks.h ../cryptlib.h evp_acnf.c 358evp_acnf.o: ../../include/openssl/symhacks.h ../cryptlib.h evp_acnf.c
359evp_cnf.o: ../../e_os.h ../../include/openssl/asn1.h
360evp_cnf.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
361evp_cnf.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
362evp_cnf.o: ../../include/openssl/dso.h ../../include/openssl/e_os2.h
363evp_cnf.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
364evp_cnf.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
365evp_cnf.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
366evp_cnf.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
367evp_cnf.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
368evp_cnf.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
369evp_cnf.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
370evp_cnf.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
371evp_cnf.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
372evp_cnf.o: ../../include/openssl/x509v3.h ../cryptlib.h evp_cnf.c
359evp_enc.o: ../../e_os.h ../../include/openssl/asn1.h 373evp_enc.o: ../../e_os.h ../../include/openssl/asn1.h
360evp_enc.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h 374evp_enc.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
361evp_enc.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h 375evp_enc.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
@@ -437,28 +451,22 @@ evp_pkey.o: ../asn1/asn1_locl.h ../cryptlib.h evp_pkey.c
437m_dss.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h 451m_dss.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
438m_dss.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h 452m_dss.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
439m_dss.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h 453m_dss.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
440m_dss.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h 454m_dss.o: ../../include/openssl/err.h ../../include/openssl/evp.h
441m_dss.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h 455m_dss.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
442m_dss.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h 456m_dss.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
443m_dss.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h 457m_dss.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
444m_dss.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
445m_dss.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
446m_dss.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h 458m_dss.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
447m_dss.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h 459m_dss.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
448m_dss.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
449m_dss.o: ../cryptlib.h m_dss.c 460m_dss.o: ../cryptlib.h m_dss.c
450m_dss1.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h 461m_dss1.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
451m_dss1.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h 462m_dss1.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
452m_dss1.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h 463m_dss1.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
453m_dss1.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h 464m_dss1.o: ../../include/openssl/err.h ../../include/openssl/evp.h
454m_dss1.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h 465m_dss1.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
455m_dss1.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h 466m_dss1.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
456m_dss1.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h 467m_dss1.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
457m_dss1.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
458m_dss1.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
459m_dss1.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h 468m_dss1.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
460m_dss1.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h 469m_dss1.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
461m_dss1.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
462m_dss1.o: ../cryptlib.h m_dss1.c 470m_dss1.o: ../cryptlib.h m_dss1.c
463m_ecdsa.o: ../../e_os.h ../../include/openssl/asn1.h 471m_ecdsa.o: ../../e_os.h ../../include/openssl/asn1.h
464m_ecdsa.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h 472m_ecdsa.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
@@ -563,16 +571,13 @@ m_sha.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
563m_sha.o: ../cryptlib.h evp_locl.h m_sha.c 571m_sha.o: ../cryptlib.h evp_locl.h m_sha.c
564m_sha1.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h 572m_sha1.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
565m_sha1.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h 573m_sha1.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
566m_sha1.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h 574m_sha1.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
567m_sha1.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h 575m_sha1.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
568m_sha1.o: ../../include/openssl/err.h ../../include/openssl/evp.h 576m_sha1.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
569m_sha1.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h 577m_sha1.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
570m_sha1.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h 578m_sha1.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rsa.h
571m_sha1.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
572m_sha1.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h
573m_sha1.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h 579m_sha1.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
574m_sha1.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h 580m_sha1.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
575m_sha1.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
576m_sha1.o: ../cryptlib.h m_sha1.c 581m_sha1.o: ../cryptlib.h m_sha1.c
577m_sigver.o: ../../e_os.h ../../include/openssl/asn1.h 582m_sigver.o: ../../e_os.h ../../include/openssl/asn1.h
578m_sigver.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h 583m_sigver.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
diff --git a/src/lib/libcrypto/mem.c b/src/lib/libcrypto/mem.c
index 21c0011380..1cc62eafd1 100644
--- a/src/lib/libcrypto/mem.c
+++ b/src/lib/libcrypto/mem.c
@@ -121,10 +121,10 @@ static void (*set_debug_options_func)(long) = NULL;
121static long (*get_debug_options_func)(void) = NULL; 121static long (*get_debug_options_func)(void) = NULL;
122#endif 122#endif
123 123
124
125int CRYPTO_set_mem_functions(void *(*m)(size_t), void *(*r)(void *, size_t), 124int CRYPTO_set_mem_functions(void *(*m)(size_t), void *(*r)(void *, size_t),
126 void (*f)(void *)) 125 void (*f)(void *))
127 { 126 {
127 /* Dummy call just to ensure OPENSSL_init() gets linked in */
128 OPENSSL_init(); 128 OPENSSL_init();
129 if (!allow_customize) 129 if (!allow_customize)
130 return 0; 130 return 0;
diff --git a/src/lib/libcrypto/rand/md_rand.c b/src/lib/libcrypto/rand/md_rand.c
index fcdd3f2a84..aee1c30b0a 100644
--- a/src/lib/libcrypto/rand/md_rand.c
+++ b/src/lib/libcrypto/rand/md_rand.c
@@ -123,10 +123,10 @@
123 123
124#include "e_os.h" 124#include "e_os.h"
125 125
126#include <openssl/crypto.h>
126#include <openssl/rand.h> 127#include <openssl/rand.h>
127#include "rand_lcl.h" 128#include "rand_lcl.h"
128 129
129#include <openssl/crypto.h>
130#include <openssl/err.h> 130#include <openssl/err.h>
131 131
132#ifdef BN_DEBUG 132#ifdef BN_DEBUG
@@ -198,6 +198,9 @@ static void ssleay_rand_add(const void *buf, int num, double add)
198 EVP_MD_CTX m; 198 EVP_MD_CTX m;
199 int do_not_lock; 199 int do_not_lock;
200 200
201 if (!num)
202 return;
203
201 /* 204 /*
202 * (Based on the rand(3) manpage) 205 * (Based on the rand(3) manpage)
203 * 206 *
@@ -380,8 +383,11 @@ static int ssleay_rand_bytes(unsigned char *buf, int num, int pseudo)
380 * are fed into the hash function and the results are kept in the 383 * are fed into the hash function and the results are kept in the
381 * global 'md'. 384 * global 'md'.
382 */ 385 */
383 386#ifdef OPENSSL_FIPS
384 CRYPTO_w_lock(CRYPTO_LOCK_RAND); 387 /* NB: in FIPS mode we are already under a lock */
388 if (!FIPS_mode())
389#endif
390 CRYPTO_w_lock(CRYPTO_LOCK_RAND);
385 391
386 /* prevent ssleay_rand_bytes() from trying to obtain the lock again */ 392 /* prevent ssleay_rand_bytes() from trying to obtain the lock again */
387 CRYPTO_w_lock(CRYPTO_LOCK_RAND2); 393 CRYPTO_w_lock(CRYPTO_LOCK_RAND2);
@@ -460,7 +466,10 @@ static int ssleay_rand_bytes(unsigned char *buf, int num, int pseudo)
460 466
461 /* before unlocking, we must clear 'crypto_lock_rand' */ 467 /* before unlocking, we must clear 'crypto_lock_rand' */
462 crypto_lock_rand = 0; 468 crypto_lock_rand = 0;
463 CRYPTO_w_unlock(CRYPTO_LOCK_RAND); 469#ifdef OPENSSL_FIPS
470 if (!FIPS_mode())
471#endif
472 CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
464 473
465 while (num > 0) 474 while (num > 0)
466 { 475 {
@@ -512,10 +521,16 @@ static int ssleay_rand_bytes(unsigned char *buf, int num, int pseudo)
512 MD_Init(&m); 521 MD_Init(&m);
513 MD_Update(&m,(unsigned char *)&(md_c[0]),sizeof(md_c)); 522 MD_Update(&m,(unsigned char *)&(md_c[0]),sizeof(md_c));
514 MD_Update(&m,local_md,MD_DIGEST_LENGTH); 523 MD_Update(&m,local_md,MD_DIGEST_LENGTH);
515 CRYPTO_w_lock(CRYPTO_LOCK_RAND); 524#ifdef OPENSSL_FIPS
525 if (!FIPS_mode())
526#endif
527 CRYPTO_w_lock(CRYPTO_LOCK_RAND);
516 MD_Update(&m,md,MD_DIGEST_LENGTH); 528 MD_Update(&m,md,MD_DIGEST_LENGTH);
517 MD_Final(&m,md); 529 MD_Final(&m,md);
518 CRYPTO_w_unlock(CRYPTO_LOCK_RAND); 530#ifdef OPENSSL_FIPS
531 if (!FIPS_mode())
532#endif
533 CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
519 534
520 EVP_MD_CTX_cleanup(&m); 535 EVP_MD_CTX_cleanup(&m);
521 if (ok) 536 if (ok)
diff --git a/src/lib/libcrypto/rand/rand_win.c b/src/lib/libcrypto/rand/rand_win.c
index 5d134e186b..34ffcd23f9 100644
--- a/src/lib/libcrypto/rand/rand_win.c
+++ b/src/lib/libcrypto/rand/rand_win.c
@@ -750,7 +750,7 @@ static void readscreen(void)
750 int y; /* y-coordinate of screen lines to grab */ 750 int y; /* y-coordinate of screen lines to grab */
751 int n = 16; /* number of screen lines to grab at a time */ 751 int n = 16; /* number of screen lines to grab at a time */
752 752
753 if (GetVersion() < 0x80000000 && OPENSSL_isservice()>0) 753 if (check_winnt() && OPENSSL_isservice()>0)
754 return; 754 return;
755 755
756 /* Create a screen DC and a memory DC compatible to screen DC */ 756 /* Create a screen DC and a memory DC compatible to screen DC */
diff --git a/src/lib/libcrypto/sha/Makefile b/src/lib/libcrypto/sha/Makefile
index 6d191d3936..2eb2b7af99 100644
--- a/src/lib/libcrypto/sha/Makefile
+++ b/src/lib/libcrypto/sha/Makefile
@@ -60,7 +60,9 @@ sha256-armv4.S: asm/sha256-armv4.pl
60 $(PERL) $< $(PERLASM_SCHEME) $@ 60 $(PERL) $< $(PERLASM_SCHEME) $@
61 61
62sha1-alpha.s: asm/sha1-alpha.pl 62sha1-alpha.s: asm/sha1-alpha.pl
63 $(PERL) $< | $(CC) -E - | tee $@ > /dev/null 63 (preproc=/tmp/$$$$.$@; trap "rm $$preproc" INT; \
64 $(PERL) asm/sha1-alpha.pl > $$preproc && \
65 $(CC) -E $$preproc > $@ && rm $$preproc)
64 66
65# Solaris make has to be explicitly told 67# Solaris make has to be explicitly told
66sha1-x86_64.s: asm/sha1-x86_64.pl; $(PERL) asm/sha1-x86_64.pl $(PERLASM_SCHEME) > $@ 68sha1-x86_64.s: asm/sha1-x86_64.pl; $(PERL) asm/sha1-x86_64.pl $(PERLASM_SCHEME) > $@
diff --git a/src/lib/libcrypto/sha/sha_dgst.c b/src/lib/libcrypto/sha/sha_dgst.c
index c946ad827d..fb63b17ff2 100644
--- a/src/lib/libcrypto/sha/sha_dgst.c
+++ b/src/lib/libcrypto/sha/sha_dgst.c
@@ -56,8 +56,8 @@
56 * [including the GNU Public Licence.] 56 * [including the GNU Public Licence.]
57 */ 57 */
58 58
59#include <openssl/opensslconf.h>
60#include <openssl/crypto.h> 59#include <openssl/crypto.h>
60#include <openssl/opensslconf.h>
61#if !defined(OPENSSL_NO_SHA0) && !defined(OPENSSL_NO_SHA) 61#if !defined(OPENSSL_NO_SHA0) && !defined(OPENSSL_NO_SHA)
62 62
63#undef SHA_1 63#undef SHA_1
diff --git a/src/lib/libcrypto/symhacks.h b/src/lib/libcrypto/symhacks.h
index 403f592dcd..bd2f000d59 100644
--- a/src/lib/libcrypto/symhacks.h
+++ b/src/lib/libcrypto/symhacks.h
@@ -193,17 +193,23 @@
193#undef SSL_CTX_set_srp_username_callback 193#undef SSL_CTX_set_srp_username_callback
194#define SSL_CTX_set_srp_username_callback SSL_CTX_set_srp_un_cb 194#define SSL_CTX_set_srp_username_callback SSL_CTX_set_srp_un_cb
195#undef ssl_add_clienthello_use_srtp_ext 195#undef ssl_add_clienthello_use_srtp_ext
196#define ssl_add_clienthello_use_srtp_ext ssl_add_clihello_use_srtp_ext 196#define ssl_add_clienthello_use_srtp_ext ssl_add_clihello_use_srtp_ext
197#undef ssl_add_serverhello_use_srtp_ext 197#undef ssl_add_serverhello_use_srtp_ext
198#define ssl_add_serverhello_use_srtp_ext ssl_add_serhello_use_srtp_ext 198#define ssl_add_serverhello_use_srtp_ext ssl_add_serhello_use_srtp_ext
199#undef ssl_parse_clienthello_use_srtp_ext 199#undef ssl_parse_clienthello_use_srtp_ext
200#define ssl_parse_clienthello_use_srtp_ext ssl_parse_clihello_use_srtp_ext 200#define ssl_parse_clienthello_use_srtp_ext ssl_parse_clihello_use_srtp_ext
201#undef ssl_parse_serverhello_use_srtp_ext 201#undef ssl_parse_serverhello_use_srtp_ext
202#define ssl_parse_serverhello_use_srtp_ext ssl_parse_serhello_use_srtp_ext 202#define ssl_parse_serverhello_use_srtp_ext ssl_parse_serhello_use_srtp_ext
203#undef SSL_CTX_set_next_protos_advertised_cb 203#undef SSL_CTX_set_next_protos_advertised_cb
204#define SSL_CTX_set_next_protos_advertised_cb SSL_CTX_set_next_protos_adv_cb 204#define SSL_CTX_set_next_protos_advertised_cb SSL_CTX_set_next_protos_adv_cb
205#undef SSL_CTX_set_next_proto_select_cb 205#undef SSL_CTX_set_next_proto_select_cb
206#define SSL_CTX_set_next_proto_select_cb SSL_CTX_set_next_proto_sel_cb 206#define SSL_CTX_set_next_proto_select_cb SSL_CTX_set_next_proto_sel_cb
207#undef ssl3_cbc_record_digest_supported
208#define ssl3_cbc_record_digest_supported ssl3_cbc_record_digest_support
209#undef ssl_check_clienthello_tlsext_late
210#define ssl_check_clienthello_tlsext_late ssl_check_clihello_tlsext_late
211#undef ssl_check_clienthello_tlsext_early
212#define ssl_check_clienthello_tlsext_early ssl_check_clihello_tlsext_early
207 213
208/* Hack some long ENGINE names */ 214/* Hack some long ENGINE names */
209#undef ENGINE_get_default_BN_mod_exp_crt 215#undef ENGINE_get_default_BN_mod_exp_crt
@@ -316,8 +322,6 @@
316#define ec_GFp_simple_point_set_to_infinity ec_GFp_simple_pt_set_to_inf 322#define ec_GFp_simple_point_set_to_infinity ec_GFp_simple_pt_set_to_inf
317#undef ec_GFp_simple_points_make_affine 323#undef ec_GFp_simple_points_make_affine
318#define ec_GFp_simple_points_make_affine ec_GFp_simple_pts_make_affine 324#define ec_GFp_simple_points_make_affine ec_GFp_simple_pts_make_affine
319#undef ec_GFp_simple_group_get_curve_GFp
320#define ec_GFp_simple_group_get_curve_GFp ec_GFp_simple_grp_get_curve_GFp
321#undef ec_GFp_simple_set_Jprojective_coordinates_GFp 325#undef ec_GFp_simple_set_Jprojective_coordinates_GFp
322#define ec_GFp_simple_set_Jprojective_coordinates_GFp \ 326#define ec_GFp_simple_set_Jprojective_coordinates_GFp \
323 ec_GFp_smp_set_Jproj_coords_GFp 327 ec_GFp_smp_set_Jproj_coords_GFp
diff --git a/src/lib/libcrypto/util/libeay.num b/src/lib/libcrypto/util/libeay.num
index 93f80ba0c6..aa86b2b8b1 100644
--- a/src/lib/libcrypto/util/libeay.num
+++ b/src/lib/libcrypto/util/libeay.num
@@ -3510,6 +3510,8 @@ BIO_get_callback_arg 3902 EXIST::FUNCTION:
3510BIO_set_callback 3903 EXIST::FUNCTION: 3510BIO_set_callback 3903 EXIST::FUNCTION:
3511d2i_ASIdOrRange 3904 EXIST::FUNCTION:RFC3779 3511d2i_ASIdOrRange 3904 EXIST::FUNCTION:RFC3779
3512i2d_ASIdentifiers 3905 EXIST::FUNCTION:RFC3779 3512i2d_ASIdentifiers 3905 EXIST::FUNCTION:RFC3779
3513CRYPTO_memcmp 3906 EXIST::FUNCTION:
3514BN_consttime_swap 3907 EXIST::FUNCTION:
3513SEED_decrypt 3908 EXIST::FUNCTION:SEED 3515SEED_decrypt 3908 EXIST::FUNCTION:SEED
3514SEED_encrypt 3909 EXIST::FUNCTION:SEED 3516SEED_encrypt 3909 EXIST::FUNCTION:SEED
3515SEED_cbc_encrypt 3910 EXIST::FUNCTION:SEED 3517SEED_cbc_encrypt 3910 EXIST::FUNCTION:SEED
@@ -3687,7 +3689,7 @@ FIPS_dh_new 4073 NOEXIST::FUNCTION:
3687FIPS_corrupt_dsa_keygen 4074 NOEXIST::FUNCTION: 3689FIPS_corrupt_dsa_keygen 4074 NOEXIST::FUNCTION:
3688FIPS_dh_free 4075 NOEXIST::FUNCTION: 3690FIPS_dh_free 4075 NOEXIST::FUNCTION:
3689fips_pkey_signature_test 4076 NOEXIST::FUNCTION: 3691fips_pkey_signature_test 4076 NOEXIST::FUNCTION:
3690EVP_add_alg_module 4077 NOEXIST::FUNCTION: 3692EVP_add_alg_module 4077 EXIST::FUNCTION:
3691int_RAND_init_engine_callbacks 4078 NOEXIST::FUNCTION: 3693int_RAND_init_engine_callbacks 4078 NOEXIST::FUNCTION:
3692int_EVP_CIPHER_set_engine_callbacks 4079 NOEXIST::FUNCTION: 3694int_EVP_CIPHER_set_engine_callbacks 4079 NOEXIST::FUNCTION:
3693int_EVP_MD_init_engine_callbacks 4080 NOEXIST::FUNCTION: 3695int_EVP_MD_init_engine_callbacks 4080 NOEXIST::FUNCTION:
diff --git a/src/lib/libcrypto/util/pl/BC-32.pl b/src/lib/libcrypto/util/pl/BC-32.pl
index 1f1e13fb40..b41bb45e82 100644
--- a/src/lib/libcrypto/util/pl/BC-32.pl
+++ b/src/lib/libcrypto/util/pl/BC-32.pl
@@ -18,7 +18,7 @@ $out_def="out32";
18$tmp_def="tmp32"; 18$tmp_def="tmp32";
19$inc_def="inc32"; 19$inc_def="inc32";
20#enable max error messages, disable most common warnings 20#enable max error messages, disable most common warnings
21$cflags="-DWIN32_LEAN_AND_MEAN -q -w-ccc -w-rch -w-pia -w-aus -w-par -w-inl -c -tWC -tWM -DOPENSSL_SYSNAME_WIN32 -DL_ENDIAN -DDSO_WIN32 -D_stricmp=stricmp -D_strnicmp=strnicmp "; 21$cflags="-DWIN32_LEAN_AND_MEAN -q -w-ccc -w-rch -w-pia -w-aus -w-par -w-inl -c -tWC -tWM -DOPENSSL_SYSNAME_WIN32 -DL_ENDIAN -DDSO_WIN32 -D_stricmp=stricmp -D_strnicmp=strnicmp -D_timeb=timeb -D_ftime=ftime ";
22if ($debug) 22if ($debug)
23{ 23{
24 $cflags.="-Od -y -v -vi- -D_DEBUG"; 24 $cflags.="-Od -y -v -vi- -D_DEBUG";
@@ -38,7 +38,7 @@ $efile="";
38$exep='.exe'; 38$exep='.exe';
39if ($no_sock) 39if ($no_sock)
40 { $ex_libs=""; } 40 { $ex_libs=""; }
41else { $ex_libs="cw32mt.lib import32.lib"; } 41else { $ex_libs="cw32mt.lib import32.lib crypt32.lib ws2_32.lib"; }
42 42
43# static library stuff 43# static library stuff
44$mklib='tlib /P64'; 44$mklib='tlib /P64';
@@ -51,8 +51,8 @@ $lfile='';
51$shlib_ex_obj=""; 51$shlib_ex_obj="";
52$app_ex_obj="c0x32.obj"; 52$app_ex_obj="c0x32.obj";
53 53
54$asm='nasmw -f obj -d__omf__'; 54$asm=(`nasm -v 2>NUL` ge `nasmw -v 2>NUL`?"nasm":"nasmw")." -f obj -d__omf__";
55$asm.=" /Zi" if $debug; 55$asm.=" -g" if $debug;
56$afile='-o'; 56$afile='-o';
57 57
58$bn_mulw_obj=''; 58$bn_mulw_obj='';
diff --git a/src/lib/libcrypto/util/pl/VC-32.pl b/src/lib/libcrypto/util/pl/VC-32.pl
index c503bd52b9..3705fc73b7 100644
--- a/src/lib/libcrypto/util/pl/VC-32.pl
+++ b/src/lib/libcrypto/util/pl/VC-32.pl
@@ -27,6 +27,8 @@ $zlib_lib="zlib1.lib";
27$l_flags =~ s/-L("\[^"]+")/\/libpath:$1/g; 27$l_flags =~ s/-L("\[^"]+")/\/libpath:$1/g;
28$l_flags =~ s/-L(\S+)/\/libpath:$1/g; 28$l_flags =~ s/-L(\S+)/\/libpath:$1/g;
29 29
30my $ff = "";
31
30# C compiler stuff 32# C compiler stuff
31$cc='cl'; 33$cc='cl';
32if ($FLAVOR =~ /WIN64/) 34if ($FLAVOR =~ /WIN64/)
@@ -118,7 +120,7 @@ elsif ($FLAVOR =~ /CE/)
118 $base_cflags.=' -I$(WCECOMPAT)/include' if (defined($ENV{'WCECOMPAT'})); 120 $base_cflags.=' -I$(WCECOMPAT)/include' if (defined($ENV{'WCECOMPAT'}));
119 $base_cflags.=' -I$(PORTSDK_LIBPATH)/../../include' if (defined($ENV{'PORTSDK_LIBPATH'})); 121 $base_cflags.=' -I$(PORTSDK_LIBPATH)/../../include' if (defined($ENV{'PORTSDK_LIBPATH'}));
120 $opt_cflags=' /MC /O1i'; # optimize for space, but with intrinsics... 122 $opt_cflags=' /MC /O1i'; # optimize for space, but with intrinsics...
121 $dbg_clfags=' /MC /Od -DDEBUG -D_DEBUG'; 123 $dbg_cflags=' /MC /Od -DDEBUG -D_DEBUG';
122 $lflags="/nologo /opt:ref $wcelflag"; 124 $lflags="/nologo /opt:ref $wcelflag";
123 } 125 }
124else # Win32 126else # Win32
@@ -126,6 +128,7 @@ else # Win32
126 $base_cflags= " $mf_cflag"; 128 $base_cflags= " $mf_cflag";
127 my $f = $shlib || $fips ?' /MD':' /MT'; 129 my $f = $shlib || $fips ?' /MD':' /MT';
128 $lib_cflag='/Zl' if (!$shlib); # remove /DEFAULTLIBs from static lib 130 $lib_cflag='/Zl' if (!$shlib); # remove /DEFAULTLIBs from static lib
131 $ff = "/fixed";
129 $opt_cflags=$f.' /Ox /O2 /Ob2'; 132 $opt_cflags=$f.' /Ox /O2 /Ob2';
130 $dbg_cflags=$f.'d /Od -DDEBUG -D_DEBUG'; 133 $dbg_cflags=$f.'d /Od -DDEBUG -D_DEBUG';
131 $lflags="/nologo /subsystem:console /opt:ref"; 134 $lflags="/nologo /subsystem:console /opt:ref";
@@ -318,7 +321,7 @@ sub do_lib_rule
318 $ret.="\tSET FIPS_SHA1_EXE=\$(FIPS_SHA1_EXE)\n"; 321 $ret.="\tSET FIPS_SHA1_EXE=\$(FIPS_SHA1_EXE)\n";
319 $ret.="\tSET FIPS_TARGET=$target\n"; 322 $ret.="\tSET FIPS_TARGET=$target\n";
320 $ret.="\tSET FIPSLIB_D=\$(FIPSLIB_D)\n"; 323 $ret.="\tSET FIPSLIB_D=\$(FIPSLIB_D)\n";
321 $ret.="\t\$(FIPSLINK) \$(MLFLAGS) /map $base_arg $efile$target "; 324 $ret.="\t\$(FIPSLINK) \$(MLFLAGS) $ff /map $base_arg $efile$target ";
322 $ret.="$name @<<\n \$(SHLIB_EX_OBJ) $objs \$(EX_LIBS) "; 325 $ret.="$name @<<\n \$(SHLIB_EX_OBJ) $objs \$(EX_LIBS) ";
323 $ret.="\$(OBJ_D)${o}fips_premain.obj $ex\n<<\n"; 326 $ret.="\$(OBJ_D)${o}fips_premain.obj $ex\n<<\n";
324 } 327 }
@@ -355,7 +358,7 @@ sub do_link_rule
355 $ret.="\tSET FIPS_TARGET=$target\n"; 358 $ret.="\tSET FIPS_TARGET=$target\n";
356 $ret.="\tSET FIPS_SHA1_EXE=\$(FIPS_SHA1_EXE)\n"; 359 $ret.="\tSET FIPS_SHA1_EXE=\$(FIPS_SHA1_EXE)\n";
357 $ret.="\tSET FIPSLIB_D=\$(FIPSLIB_D)\n"; 360 $ret.="\tSET FIPSLIB_D=\$(FIPSLIB_D)\n";
358 $ret.="\t\$(FIPSLINK) \$(LFLAGS) /map $efile$target @<<\n"; 361 $ret.="\t\$(FIPSLINK) \$(LFLAGS) $ff /map $efile$target @<<\n";
359 $ret.="\t\$(APP_EX_OBJ) $files \$(OBJ_D)${o}fips_premain.obj $libs\n<<\n"; 362 $ret.="\t\$(APP_EX_OBJ) $files \$(OBJ_D)${o}fips_premain.obj $libs\n<<\n";
360 } 363 }
361 else 364 else
diff --git a/src/lib/libcrypto/util/shlib_wrap.sh b/src/lib/libcrypto/util/shlib_wrap.sh
index 9416d593d2..8775cb5411 100755
--- a/src/lib/libcrypto/util/shlib_wrap.sh
+++ b/src/lib/libcrypto/util/shlib_wrap.sh
@@ -90,4 +90,8 @@ fi
90 90
91cmd="$1${EXE_EXT}" 91cmd="$1${EXE_EXT}"
92shift 92shift
93exec "$cmd" "$@" 93if [ $# -eq 0 ]; then
94 exec "$cmd" # old sh, such as Tru64 4.x, fails to expand empty "$@"
95else
96 exec "$cmd" "$@"
97fi
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-08-04 08:55:34 +0000