From e08b42612a6c7d5705254f96233d4d7fa1907a4f Mon Sep 17 00:00:00 2001 From: djm <> Date: Sat, 6 Sep 2008 12:20:16 +0000 Subject: remerge local tweaks, update per-arch configuration headers, update Makefiles, crank shlib_version --- src/lib/libcrypto/des/des_enc.c | 5 +- src/lib/libcrypto/des/fcrypt_b.c | 3 + src/lib/libcrypto/dso/dso_dlfcn.c | 13 ++- src/lib/libcrypto/engine/hw_cryptodev.c | 20 ++-- src/lib/libcrypto/x509v3/v3_alt.c | 4 +- src/lib/libssl/crypto/Makefile | 139 ++++++++++++++++------- src/lib/libssl/crypto/arch/alpha/opensslconf.h | 61 +++++++++- src/lib/libssl/crypto/arch/amd64/opensslconf.h | 65 ++++++++++- src/lib/libssl/crypto/arch/arm/opensslconf.h | 57 +++++++++- src/lib/libssl/crypto/arch/hppa/opensslconf.h | 59 +++++++++- src/lib/libssl/crypto/arch/i386/opensslconf.h | 57 +++++++++- src/lib/libssl/crypto/arch/m68k/opensslconf.h | 57 +++++++++- src/lib/libssl/crypto/arch/m88k/opensslconf.h | 57 +++++++++- src/lib/libssl/crypto/arch/mips64/opensslconf.h | 61 +++++++++- src/lib/libssl/crypto/arch/powerpc/opensslconf.h | 57 +++++++++- src/lib/libssl/crypto/arch/sh/opensslconf.h | 57 +++++++++- src/lib/libssl/crypto/arch/sparc/opensslconf.h | 57 +++++++++- src/lib/libssl/crypto/arch/sparc64/opensslconf.h | 59 +++++++++- src/lib/libssl/crypto/arch/vax/opensslconf.h | 57 +++++++++- src/lib/libssl/crypto/shlib_version | 2 +- src/lib/libssl/shlib_version | 2 +- src/lib/libssl/src/apps/s_apps.h | 2 +- src/lib/libssl/src/apps/s_client.c | 1 - src/lib/libssl/src/apps/s_socket.c | 10 +- src/lib/libssl/src/crypto/des/des_enc.c | 5 +- src/lib/libssl/src/crypto/des/fcrypt_b.c | 3 + src/lib/libssl/src/crypto/dso/dso_dlfcn.c | 13 ++- src/lib/libssl/src/crypto/engine/hw_cryptodev.c | 20 ++-- src/lib/libssl/src/crypto/x509v3/v3_alt.c | 4 +- src/lib/libssl/ssl/Makefile | 9 +- src/lib/libssl/ssl/shlib_version | 2 +- 31 files changed, 900 insertions(+), 118 deletions(-) diff --git a/src/lib/libcrypto/des/des_enc.c b/src/lib/libcrypto/des/des_enc.c index 53705b9f5b..0fe4e0b2ad 100644 --- a/src/lib/libcrypto/des/des_enc.c +++ b/src/lib/libcrypto/des/des_enc.c @@ -58,6 +58,8 @@ #include "des_locl.h" +#ifndef OPENBSD_DES_ASM + void DES_encrypt1(DES_LONG *data, DES_key_schedule *ks, int enc) { register DES_LONG l,r,t,u; @@ -246,7 +248,8 @@ void DES_encrypt2(DES_LONG *data, DES_key_schedule *ks, int enc) data[1]=ROTATE(r,3)&0xffffffffL; l=r=t=u=0; } -#endif + +#endif /* OPENBSD_DES_ASM */ void DES_encrypt3(DES_LONG *data, DES_key_schedule *ks1, DES_key_schedule *ks2, DES_key_schedule *ks3) diff --git a/src/lib/libcrypto/des/fcrypt_b.c b/src/lib/libcrypto/des/fcrypt_b.c index 1390138787..c56b461e91 100644 --- a/src/lib/libcrypto/des/fcrypt_b.c +++ b/src/lib/libcrypto/des/fcrypt_b.c @@ -68,6 +68,8 @@ #include "des_locl.h" #undef DES_FCRYPT +#ifndef OPENBSD_DES_ASM + #undef PERM_OP #define PERM_OP(a,b,t,n,m) ((t)=((((a)>>(n))^(b))&(m)),\ (b)^=(t),\ @@ -143,3 +145,4 @@ void fcrypt_body(DES_LONG *out, DES_key_schedule *ks, DES_LONG Eswap0, out[1]=l; } +#endif /* OPENBSD_DES_ASM */ diff --git a/src/lib/libcrypto/dso/dso_dlfcn.c b/src/lib/libcrypto/dso/dso_dlfcn.c index f734c1c6b7..656cd496f8 100644 --- a/src/lib/libcrypto/dso/dso_dlfcn.c +++ b/src/lib/libcrypto/dso/dso_dlfcn.c @@ -269,6 +269,7 @@ static char *dlfcn_merger(DSO *dso, const char *filespec1, const char *filespec2) { char *merged; + size_t len; if(!filespec1 && !filespec2) { @@ -280,18 +281,20 @@ static char *dlfcn_merger(DSO *dso, const char *filespec1, same goes if the second file specification is missing. */ if (!filespec2 || filespec1[0] == '/') { - merged = OPENSSL_malloc(strlen(filespec1) + 1); + len = strlen(filespec1) + 1; + merged = OPENSSL_malloc(len); if(!merged) { DSOerr(DSO_F_DLFCN_MERGER, ERR_R_MALLOC_FAILURE); return(NULL); } - strcpy(merged, filespec1); + strlcpy(merged, filespec1, len); } /* If the first file specification is missing, the second one rules. */ else if (!filespec1) { + len = strlen(filespec2) + 1; merged = OPENSSL_malloc(strlen(filespec2) + 1); if(!merged) { @@ -299,7 +302,7 @@ static char *dlfcn_merger(DSO *dso, const char *filespec1, ERR_R_MALLOC_FAILURE); return(NULL); } - strcpy(merged, filespec2); + strlcpy(merged, filespec2, len); } else /* This part isn't as trivial as it looks. It assumes that @@ -325,9 +328,9 @@ static char *dlfcn_merger(DSO *dso, const char *filespec1, ERR_R_MALLOC_FAILURE); return(NULL); } - strcpy(merged, filespec2); + strlcpy(merged, filespec2, len + 2); merged[spec2len] = '/'; - strcpy(&merged[spec2len + 1], filespec1); + strlcpy(&merged[spec2len + 1], filespec1, len + 1 - spec2len); } return(merged); } diff --git a/src/lib/libcrypto/engine/hw_cryptodev.c b/src/lib/libcrypto/engine/hw_cryptodev.c index a98f5d7e57..4af40cdfc3 100644 --- a/src/lib/libcrypto/engine/hw_cryptodev.c +++ b/src/lib/libcrypto/engine/hw_cryptodev.c @@ -114,8 +114,9 @@ static int cryptodev_asym(struct crypt_kop *kop, int rlen, BIGNUM *r, static int cryptodev_bn_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx); static int cryptodev_rsa_nocrt_mod_exp(BIGNUM *r0, const BIGNUM *I, - RSA *rsa); -static int cryptodev_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa); + RSA *rsa, BN_CTX *ctx); +static int cryptodev_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, + BN_CTX *ctx); static int cryptodev_dsa_bn_mod_exp(DSA *dsa, BIGNUM *r, BIGNUM *a, const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx); static int cryptodev_dsa_dsa_mod_exp(DSA *dsa, BIGNUM *t1, BIGNUM *g, @@ -978,19 +979,14 @@ err: } static int -cryptodev_rsa_nocrt_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa) +cryptodev_rsa_nocrt_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, + BN_CTX *ctx) { - int r; - BN_CTX *ctx; - - ctx = BN_CTX_new(); - r = cryptodev_bn_mod_exp(r0, I, rsa->d, rsa->n, ctx, NULL); - BN_CTX_free(ctx); - return (r); + return (RSA_PKCS1_SSLeay()->rsa_mod_exp)(r0, I, rsa, ctx); } static int -cryptodev_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa) +cryptodev_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx) { struct crypt_kop kop; int ret = 1; @@ -1019,7 +1015,7 @@ cryptodev_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa) if (cryptodev_asym(&kop, BN_num_bytes(rsa->n), r0, 0, NULL) == -1) { const RSA_METHOD *meth = RSA_PKCS1_SSLeay(); - ret = (*meth->rsa_mod_exp)(r0, I, rsa); + ret = (*meth->rsa_mod_exp)(r0, I, rsa, ctx); } err: zapparams(&kop); diff --git a/src/lib/libcrypto/x509v3/v3_alt.c b/src/lib/libcrypto/x509v3/v3_alt.c index bb2f5bc54e..ac3139d1e6 100644 --- a/src/lib/libcrypto/x509v3/v3_alt.c +++ b/src/lib/libcrypto/x509v3/v3_alt.c @@ -147,9 +147,9 @@ STACK_OF(CONF_VALUE) *i2v_GENERAL_NAME(X509V3_EXT_METHOD *method, BIO_snprintf(htmp, sizeof htmp, "%X", p[0] << 8 | p[1]); p += 2; - strcat(oline, htmp); + strlcat(oline, htmp, sizeof oline); if (i != 7) - strcat(oline, ":"); + strlcat(oline, ":", sizeof oline); } } else diff --git a/src/lib/libssl/crypto/Makefile b/src/lib/libssl/crypto/Makefile index f281086962..6994201d34 100644 --- a/src/lib/libssl/crypto/Makefile +++ b/src/lib/libssl/crypto/Makefile @@ -1,4 +1,4 @@ -# $OpenBSD: Makefile,v 1.46 2006/10/14 19:43:57 drahn Exp $ +# $OpenBSD: Makefile,v 1.47 2008/09/06 12:20:07 djm Exp $ LIB= crypto WANTLINT= @@ -21,26 +21,38 @@ CFLAGS+= -DB_ENDIAN CFLAGS+= -DDSO_DLFCN -DHAVE_DLFCN_H .endif -CFLAGS+= -DOPENSSL_NO_IDEA -DTERMIOS -DANSI_SOURCE -DNO_ERR -DOPENSSL_NO_ASM -CFLAGS+= -DOPENSSL_NO_RC5 -DOPENSSL_NO_KRB5 +CFLAGS+= -DTERMIOS -DANSI_SOURCE -DNO_ERR -DNO_WINDOWS_BRAINDEATH +# Patented algorithms +CFLAGS+= -DOPENSSL_NO_IDEA +CFLAGS+= -DOPENSSL_NO_RC5 +CFLAGS+= -DOPENSSL_NO_KRB5 CFLAGS+= -DOPENSSL_NO_MDC2 -CFLAGS+= -DNO_WINDOWS_BRAINDEATH -CFLAGS+= -DOPENSSL_NO_HW_CSWIFT -DOPENSSL_NO_HW_NCIPHER -DOPENSSL_NO_HW_ATALLA -CFLAGS+= -DOPENSSL_NO_HW_NURON -DOPENSSL_NO_HW_UBSEC -DOPENSSL_NO_HW_AEP -CFLAGS+= -DOPENSSL_NO_HW_SUREWARE -DOPENSSL_NO_HW_4758_CCA + +# Hardware engines +CFLAGS+= -DOPENSSL_NO_HW_4758_CCA +CFLAGS+= -DOPENSSL_NO_HW_AEP +CFLAGS+= -DOPENSSL_NO_HW_ATALLA +CFLAGS+= -DOPENSSL_NO_HW_CSWIFT +CFLAGS+= -DOPENSSL_NO_HW_NCIPHER +CFLAGS+= -DOPENSSL_NO_HW_NURON +CFLAGS+= -DOPENSSL_NO_HW_PADLOCK # XXX enable this? +CFLAGS+= -DOPENSSL_NO_HW_SUREWARE +CFLAGS+= -DOPENSSL_NO_HW_UBSEC + CFLAGS+= -I${.CURDIR}/../${SSLEAYDIST} CFLAGS+= -I${LCRYPTO_SRC} -SRCS+= o_time.c +SRCS+= o_time.c o_dir.c SRCS+= cryptlib.c ex_data.c cpt_err.c mem.c mem_dbg.c mem_clr.c SRCS+= tmdiff.c cversion.c uid.c SRCS+= md2_dgst.c md2_one.c SRCS+= md5_dgst.c md5_one.c -SRCS+= sha_dgst.c sha1dgst.c sha_one.c sha1_one.c +SRCS+= sha_dgst.c sha1dgst.c sha_one.c sha1_one.c sha256.c sha512.c #SRCS+= mdc2dgst.c mdc2_one.c SRCS+= hmac.c SRCS+= rmd_dgst.c rmd_one.c SRCS+= acss_skey.c acss_enc.c -SRCS+= aes_cbc.c aes_cfb.c aes_ctr.c aes_ecb.c aes_ofb.c aes_misc.c +SRCS+= aes_cfb.c aes_ctr.c aes_ecb.c aes_ofb.c aes_misc.c +SRCS+= aes_ige.c aes_wrap.c SRCS+= cbc_cksm.c cbc_enc.c cfb64enc.c cfb_enc.c \ ecb3_enc.c ecb_enc.c enc_read.c enc_writ.c \ ofb64enc.c ofb_enc.c pcbc_enc.c \ @@ -51,32 +63,41 @@ SRCS+= cbc_cksm.c cbc_enc.c cfb64enc.c cfb_enc.c \ des_old.c read2pwd.c SRCS+= rc2_ecb.c rc2_skey.c rc2_cbc.c rc2cfb64.c SRCS+= rc2ofb64.c -SRCS+= rc4_skey.c #SRCS+= rc5_skey.c rc5_ecb.c rc5cfb64.c rc5cfb64.c #SRCS+= rc5ofb64.c rc5_enc.c #SRCS+= i_cbc.c i_cfb64.c i_ofb64.c i_ecb.c #SRCS+= i_skey.c SRCS+= bf_skey.c bf_ecb.c bf_cfb64.c bf_ofb64.c SRCS+= c_skey.c c_ecb.c c_cfb64.c c_ofb64.c c_enc.c -SRCS+= bn_add.c bn_div.c bn_exp.c bn_lib.c -SRCS+= bn_mul.c bn_print.c bn_rand.c bn_shift.c +SRCS+= bn_add.c bn_div.c bn_exp.c bn_lib.c bn_mul.c +SRCS+= bn_print.c bn_rand.c bn_shift.c SRCS+= bn_word.c bn_blind.c bn_gcd.c bn_prime.c bn_err.c SRCS+= bn_sqr.c bn_recp.c bn_mont.c bn_mpi.c bn_mod.c SRCS+= bn_exp2.c bn_ctx.c -SRCS+= bn_sqrt.c bn_kron.c bn_x931p.c +SRCS+= bn_sqrt.c bn_kron.c bn_x931p.c bn_const.c bn_depr.c bn_gf2m.c bn_nist.c +#SRCS+= camellia.c cmll_cbc.c cmll_cfb.c cmll_ctr.c +#SRCS+= cmll_ecb.c cmll_misc.c cmll_ofb.cq +#SRCS+= cms_asn1.c cms_att.c cms_cd.c cms_dd.c cms_enc.c cms_env.c +#SRCS+= cms_err.c cms_ess.c cms_io.c cms_lib.c cms_sd.c cms_smime.c SRCS+= rsa_eay.c rsa_gen.c rsa_lib.c rsa_sign.c SRCS+= rsa_saos.c rsa_err.c rsa_pk1.c rsa_ssl.c SRCS+= rsa_none.c rsa_chk.c rsa_oaep.c rsa_null.c rsa_asn1.c -SRCS+= rsa_pss.c rsa_x931.c +SRCS+= rsa_pss.c rsa_x931.c rsa_depr.c SRCS+= dsa_gen.c dsa_key.c dsa_lib.c dsa_vrf.c -SRCS+= dsa_sign.c dsa_err.c dsa_asn1.c dsa_ossl.c -SRCS+= dh_gen.c dh_key.c dh_lib.c dh_check.c dh_err.c dh_asn1.c +SRCS+= dsa_sign.c dsa_err.c dsa_asn1.c dsa_ossl.c dsa_depr.c +SRCS+= dh_gen.c dh_key.c dh_lib.c dh_check.c dh_err.c dh_asn1.c dh_depr.c +SRCS+= ec_cvt.c ec_lib.c ecp_mont.c ecp_recp.c +SRCS+= ec_err.c ec_mult.c ecp_nist.c ecp_smpl.c +SRCS+= ec2_mult.c ec2_smpl.c ec_asn1.c ec_check.c ec_curve.c +SRCS+= ec_key.c ec_print.c +SRCS+= ech_err.c ech_key.c ech_lib.c ech_ossl.c +SRCS+= ecs_asn1.c ecs_err.c ecs_lib.c ecs_ossl.c ecs_sign.c ecs_vrf.c SRCS+= buffer.c buf_err.c -SRCS+= bio_lib.c bio_cb.c bio_err.c bss_mem.c +SRCS+= bio_lib.c bio_cb.c bio_err.c bss_mem.c SRCS+= bss_null.c bss_fd.c bss_file.c bss_sock.c SRCS+= bss_conn.c bf_null.c bf_buff.c SRCS+= b_print.c b_dump.c b_sock.c bss_acpt.c -SRCS+= bf_nbio.c bss_bio.c bss_log.c +SRCS+= bf_nbio.c bss_bio.c bss_log.c bss_dgram.c SRCS+= stack.c SRCS+= lhash.c lh_stats.c SRCS+= md_rand.c randfile.c rand_lib.c rand_egd.c rand_err.c rand_unix.c @@ -85,7 +106,8 @@ SRCS+= obj_dat.c obj_lib.c obj_err.c o_names.c SRCS+= bio_b64.c e_bf.c m_sha.c p_open.c SRCS+= bio_enc.c e_cast.c e_xcbc_d.c m_dss.c m_sha1.c p_seal.c SRCS+= bio_md.c e_des.c encode.c m_dss1.c names.c p_sign.c -SRCS+= bio_ok.c e_des3.c evp_enc.c m_md2.c p_verify.c +SRCS+= bio_ok.c e_des3.c evp_enc.c m_md2.c p_verify.c m_ecdsa.c +#SRCS+= e_camellia.c e_seed.c SRCS+= c_all.c evp_err.c evp_acnf.c m_md4.c p5_crpt.c e_old.c SRCS+= c_allc.c evp_key.c m_md5.c p5_crpt2.c SRCS+= c_alld.c e_null.c evp_lib.c p_dec.c @@ -105,15 +127,19 @@ SRCS+= a_enum.c a_sign.c asn_pack.c nsseq.c t_x509a.c x_val.c SRCS+= a_gentm.c a_strex.c d2i_pr.c p5_pbe.c tasn_dec.c x_crl.c x_x509.c SRCS+= a_hdr.c a_strnid.c d2i_pu.c p5_pbev2.c tasn_enc.c x_exten.c x_x509a.c SRCS+= a_i2d_fp.c a_time.c evp_asn1.c tasn_fre.c x_info.c -SRCS+=a_int.c a_type.c p8_pkey.c tasn_new.c x_long.c asn_moid.c +SRCS+= a_int.c a_type.c p8_pkey.c tasn_new.c x_long.c asn_moid.c +SRCS+= asn1_gen.c asn_mime.c SRCS+= x509_d2.c x509_lu.c x509_set.c x509_vfy.c x509spki.c by_dir.c SRCS+= x509_def.c x509_obj.c x509_trs.c x509cset.c x509type.c by_file.c SRCS+= x509_att.c x509_err.c x509_r2x.c x509_txt.c x509name.c x_all.c SRCS+= x509_cmp.c x509_ext.c x509_req.c x509_v3.c x509rset.c +SRCS+= x509_vpm.c SRCS+= v3_akey.c v3_alt.c v3_bcons.c v3_bitst.c v3_conf.c v3_cpols.c SRCS+= v3_crld.c v3_enum.c v3_extku.c v3_genn.c v3_ia5.c v3_int.c SRCS+= v3_lib.c v3_pku.c v3_prn.c v3_skey.c v3_sxnet.c v3_utl.c SRCS+= v3err.c v3_info.c v3_purp.c v3_ocsp.c v3_akeya.c v3_pci.c v3_pcia.c +SRCS+= pcy_cache.c pcy_data.c pcy_int.h pcy_lib.c pcy_map.c pcy_node.c +SRCS+= pcy_tree.c v3_addr.c v3_asid.c v3_ncons.c v3_pcons.c v3_pmaps.c SRCS+= conf_err.c conf_lib.c conf_def.c conf_api.c conf_mod.c conf_mall.c SRCS+= conf_sap.c SRCS+= txt_db.c @@ -125,7 +151,8 @@ SRCS+= p12_add.c p12_crpt.c p12_init.c p12_mutl.c p12_p8e.c SRCS+= p12_asn.c p12_crt.c p12_key.c p12_npas.c p12_utl.c SRCS+= p12_attr.c p12_decr.c p12_kiss.c p12_p8d.c pk12err.c SRCS+= eng_all.c eng_openssl.c eng_ctrl.c eng_pkey.c -SRCS+= eng_dyn.c eng_table.c tb_cipher.c eng_err.c tb_rsa.c +SRCS+= eng_dyn.c eng_table.c tb_cipher.c tb_store.c eng_err.c tb_rsa.c +SRCS+= tb_ecdh.c tb_ecdsa.c SRCS+= hw_cryptodev.c eng_cnf.c SRCS+= tb_dh.c eng_fat.c tb_digest.c eng_init.c SRCS+= tb_dsa.c eng_lib.c tb_rand.c eng_list.c @@ -133,9 +160,9 @@ SRCS+= dso_dl.c dso_dlfcn.c dso_err.c dso_lib.c dso_null.c SRCS+= dso_openssl.c dso_win32.c dso_vms.c SRCS+= ocsp_asn.c ocsp_err.c ocsp_ht.c ocsp_prn.c ocsp_vfy.c SRCS+= ocsp_cl.c ocsp_ext.c ocsp_lib.c ocsp_srv.c -SRCS+= ec_cvt.c ec_lib.c ecp_mont.c ecp_recp.c -SRCS+= ec_err.c ec_mult.c ecp_nist.c ecp_smpl.c - +SRCS+= pqueue.c +#SRCS+= seed.c seed_cbc.c seed_cfb.c seed_ecb.c seed_ofb.c +SRCS+= str_err.c str_lib.c str_mem.c str_meth.c # Only used when -DOPENSSL_FIPS is set #SRCS+= fips.c fips_err_wrapper.c #SRCS+= fips_aes_core.c fips_aes_selftest.c @@ -160,6 +187,9 @@ SRCS+= ec_err.c ec_mult.c ecp_nist.c ecp_smpl.c ${LCRYPTO_SRC}/comp ${LCRYPTO_SRC}/txt_db ${LCRYPTO_SRC}/md4 \ ${LCRYPTO_SRC}/engine ${LCRYPTO_SRC}/dso ${LCRYPTO_SRC}/ui \ ${LCRYPTO_SRC}/ocsp ${LCRYPTO_SRC}/ec ${LCRYPTO_SRC}/aes \ + ${LCRYPTO_SRC}/camellia ${LCRYPTO_SRC}/seed ${LCRYPTO_SRC}/cms \ + ${LCRYPTO_SRC}/ec ${LCRYPTO_SRC}/ecdh ${LCRYPTO_SRC}/ecdsa \ + ${LCRYPTO_SRC}/pqueue ${LCRYPTO_SRC}/store \ ${LCRYPTO_SRC} \ ${LCRYPTO_SRC}/acss ${.CURDIR}/arch/${MACHINE_ARCH} \ ${LCRYPTO_SRC}/bn/asm \ @@ -176,7 +206,9 @@ HDRS=\ crypto/bio/bio.h \ crypto/bn/bn.h \ crypto/buffer/buffer.h \ + crypto/camellia/camellia.h \ crypto/cast/cast.h \ + crypto/cms/cms.h \ crypto/comp/comp.h \ crypto/conf/conf.h \ crypto/conf/conf_api.h \ @@ -188,6 +220,8 @@ HDRS=\ crypto/dso/dso.h \ crypto/ebcdic.h \ crypto/ec/ec.h \ + crypto/ecdh/ecdh.h \ + crypto/ecdsa/ecdsa.h \ crypto/engine/engine.h \ crypto/err/err.h \ crypto/evp/evp.h \ @@ -206,15 +240,19 @@ HDRS=\ crypto/pem/pem2.h \ crypto/pkcs12/pkcs12.h \ crypto/pkcs7/pkcs7.h \ + crypto/pqueue/pq_compat.h \ + crypto/pqueue/pqueue.h \ crypto/rand/rand.h \ crypto/rc2/rc2.h \ crypto/rc4/rc4.h \ crypto/rc5/rc5.h \ crypto/ripemd/ripemd.h \ crypto/rsa/rsa.h \ + crypto/seed/seed.h \ crypto/sha/sha.h \ crypto/stack/safestack.h \ crypto/stack/stack.h \ + crypto/store/store.h \ crypto/symhacks.h \ crypto/tmdiff.h \ crypto/txt_db/txt_db.h \ @@ -277,18 +315,24 @@ des_enc.po: .endif .if (${MACHINE_ARCH} == "i386") +SRCS+= rc4_skey.c CFLAGS+= -DAES_ASM CFLAGS+= -DMD5_ASM CFLAGS+= -DSHA1_ASM CFLAGS+= -DRMD160_ASM -CFLAGS+= -DOPENBSD_CAST_ASM CFLAGS+= -DOPENBSD_DES_ASM +CFLAGS+= -DOPENBSD_CAST_ASM +CFLAGS+= -DOPENSSL_BN_ASM_PART_WORDS +CFLAGS+= -DOPENSSL_BN_ASM_MONT +CFLAGS+= -DOPENSSL_CPUID_OBJ SSLASM=\ aes aes-586 \ bf bf-586 \ bn bn-586 \ bn co-586 \ + bn mo-586 \ cast cast-586 \ + des crypt586 \ des des-586 \ md5 md5-586 \ rc4 rc4-586 \ @@ -301,26 +345,41 @@ ${f}.S: ${LCRYPTO_SRC}/${dir}/asm/${f}.pl ${LCRYPTO_SRC}/perlasm/x86unix.pl /usr/bin/perl -I${LCRYPTO_SRC}/perlasm -I${LCRYPTO_SRC}/${dir}/asm \ ${LCRYPTO_SRC}/${dir}/asm/${f}.pl openbsd-elf 386 > ${.TARGET} .endfor +SRCS+= x86cpuid.S +GENERATED+=x86cpuid.S +x86cpuid.S: ${LCRYPTO_SRC}/x86cpuid.pl + /usr/bin/perl -I${LCRYPTO_SRC}/perlasm \ + ${LCRYPTO_SRC}/x86cpuid.pl openbsd-elf 386 > ${.TARGET} SRCS+= bf_cbc.c -.else -.if (${MACHINE_ARCH} == "vax") -SRCS+= aes_core.c -SRCS+= bf_enc.c -SRCS+= bn_asm_vax.S -SRCS+= rc4_enc.c -.else -.if (${MACHINE_ARCH} == "amd64") -SRCS+= aes_core.c +.elif (${MACHINE_ARCH} == "amd64") +SRCS+= aes_core.c aes_cbc.c SRCS+= bf_enc.c SRCS+= x86_64-gcc.c -SRCS+= rc4_enc.c +#CFLAGS+= -DAES_ASM # XXX ASM implementation SEGVs with MALLOC_OPTIONS=AFGJPRX +CFLAGS+= -DMD5_ASM +CFLAGS+= -DSHA1_ASM +CFLAGS+= -DOPENSSL_CPUID_OBJ +SSLASM=\ + bn x86_64-mont \ + md5 md5-x86_64 \ + rc4 rc4-x86_64 \ + sha sha1-x86_64 +.for dir f in ${SSLASM} +SRCS+= ${f}.S +GENERATED+=${f}.S +${f}.S: ${LCRYPTO_SRC}/${dir}/asm/${f}.pl + (cd ${LCRYPTO_SRC}/${dir} ; /usr/bin/perl ./asm/${f}.pl) > ${.TARGET} +.endfor +SRCS+= x86_64cpuid.S +GENERATED+=x86_64cpuid.S +x86_64cpuid.S: ${LCRYPTO_SRC}/x86_64cpuid.pl + (cd ${LCRYPTO_SRC}/${dir} ; /usr/bin/perl ./x86_64cpuid.pl) > ${.TARGET} .else -SRCS+= aes_core.c +CFLAGS+=-DOPENSSL_NO_ASM +SRCS+= aes_core.c aes_cbc.c SRCS+= bf_enc.c SRCS+= bn_asm.c -SRCS+= rc4_enc.c -.endif -.endif +SRCS+= rc4_enc.c rc4_skey.c .endif all beforedepend: ${GENERATED} diff --git a/src/lib/libssl/crypto/arch/alpha/opensslconf.h b/src/lib/libssl/crypto/arch/alpha/opensslconf.h index c33ccc8a0f..0d759a5784 100644 --- a/src/lib/libssl/crypto/arch/alpha/opensslconf.h +++ b/src/lib/libssl/crypto/arch/alpha/opensslconf.h @@ -4,20 +4,74 @@ /* OpenSSL was configured with the following options: */ #ifndef OPENSSL_DOING_MAKEDEPEND +#ifndef OPENSSL_NO_CAMELLIA +# define OPENSSL_NO_CAMELLIA +#endif +#ifndef OPENSSL_NO_CMS +# define OPENSSL_NO_CMS +#endif +#ifndef OPENSSL_NO_GMP +# define OPENSSL_NO_GMP +#endif #ifndef OPENSSL_NO_KRB5 # define OPENSSL_NO_KRB5 #endif +#ifndef OPENSSL_NO_MDC2 +# define OPENSSL_NO_MDC2 +#endif +#ifndef OPENSSL_NO_RC5 +# define OPENSSL_NO_RC5 +#endif +#ifndef OPENSSL_NO_RFC3779 +# define OPENSSL_NO_RFC3779 +#endif +#ifndef OPENSSL_NO_SEED +# define OPENSSL_NO_SEED +#endif +#ifndef OPENSSL_NO_TLSEXT +# define OPENSSL_NO_TLSEXT +#endif #endif /* OPENSSL_DOING_MAKEDEPEND */ +#ifndef OPENSSL_THREADS +# define OPENSSL_THREADS +#endif +#ifndef OPENSSL_NO_DYNAMIC_ENGINE +# define OPENSSL_NO_DYNAMIC_ENGINE +#endif /* The OPENSSL_NO_* macros are also defined as NO_* if the application asks for it. This is a transient feature that is provided for those who haven't had the time to do the appropriate changes in their applications. */ #ifdef OPENSSL_ALGORITHM_DEFINES +# if defined(OPENSSL_NO_CAMELLIA) && !defined(NO_CAMELLIA) +# define NO_CAMELLIA +# endif +# if defined(OPENSSL_NO_CMS) && !defined(NO_CMS) +# define NO_CMS +# endif +# if defined(OPENSSL_NO_GMP) && !defined(NO_GMP) +# define NO_GMP +# endif # if defined(OPENSSL_NO_KRB5) && !defined(NO_KRB5) # define NO_KRB5 # endif +# if defined(OPENSSL_NO_MDC2) && !defined(NO_MDC2) +# define NO_MDC2 +# endif +# if defined(OPENSSL_NO_RC5) && !defined(NO_RC5) +# define NO_RC5 +# endif +# if defined(OPENSSL_NO_RFC3779) && !defined(NO_RFC3779) +# define NO_RFC3779 +# endif +# if defined(OPENSSL_NO_SEED) && !defined(NO_SEED) +# define NO_SEED +# endif +# if defined(OPENSSL_NO_TLSEXT) && !defined(NO_TLSEXT) +# define NO_TLSEXT +# endif #endif /* crypto/opensslconf.h.in */ @@ -27,6 +81,7 @@ #if !(defined(VMS) || defined(__VMS)) /* VMS uses logical names instead */ #if defined(HEADER_CRYPTLIB_H) && !defined(OPENSSLDIR) +#define ENGINESDIR "/usr/lib/engines" #define OPENSSLDIR "/etc/ssl" #endif #endif @@ -65,11 +120,11 @@ * This enables code handling data aligned at natural CPU word * boundary. See crypto/rc4/rc4_enc.c for further details. */ -#undef RC4_CHUNK +#define RC4_CHUNK unsigned long #endif #endif -#if (defined(HEADER_DES_H) || defined(HEADER_DES_OLD_H)) && !defined(DES_LONG) +#if (defined(HEADER_NEW_DES_H) || defined(HEADER_DES_H)) && !defined(DES_LONG) /* If this is set to 'unsigned int' on a DEC Alpha, this gives about a * %20 speed up (longs are 8 bytes, int's are 4). */ #ifndef DES_LONG @@ -103,7 +158,7 @@ #if defined(HEADER_BF_LOCL_H) && !defined(CONFIG_HEADER_BF_LOCL_H) #define CONFIG_HEADER_BF_LOCL_H -#undef BF_PTR +#define BF_PTR #endif /* HEADER_BF_LOCL_H */ #if defined(HEADER_DES_LOCL_H) && !defined(CONFIG_HEADER_DES_LOCL_H) diff --git a/src/lib/libssl/crypto/arch/amd64/opensslconf.h b/src/lib/libssl/crypto/arch/amd64/opensslconf.h index c33ccc8a0f..fd992553a7 100644 --- a/src/lib/libssl/crypto/arch/amd64/opensslconf.h +++ b/src/lib/libssl/crypto/arch/amd64/opensslconf.h @@ -4,20 +4,74 @@ /* OpenSSL was configured with the following options: */ #ifndef OPENSSL_DOING_MAKEDEPEND +#ifndef OPENSSL_NO_CAMELLIA +# define OPENSSL_NO_CAMELLIA +#endif +#ifndef OPENSSL_NO_CMS +# define OPENSSL_NO_CMS +#endif +#ifndef OPENSSL_NO_GMP +# define OPENSSL_NO_GMP +#endif #ifndef OPENSSL_NO_KRB5 # define OPENSSL_NO_KRB5 #endif +#ifndef OPENSSL_NO_MDC2 +# define OPENSSL_NO_MDC2 +#endif +#ifndef OPENSSL_NO_RC5 +# define OPENSSL_NO_RC5 +#endif +#ifndef OPENSSL_NO_RFC3779 +# define OPENSSL_NO_RFC3779 +#endif +#ifndef OPENSSL_NO_SEED +# define OPENSSL_NO_SEED +#endif +#ifndef OPENSSL_NO_TLSEXT +# define OPENSSL_NO_TLSEXT +#endif #endif /* OPENSSL_DOING_MAKEDEPEND */ +#ifndef OPENSSL_THREADS +# define OPENSSL_THREADS +#endif +#ifndef OPENSSL_NO_DYNAMIC_ENGINE +# define OPENSSL_NO_DYNAMIC_ENGINE +#endif /* The OPENSSL_NO_* macros are also defined as NO_* if the application asks for it. This is a transient feature that is provided for those who haven't had the time to do the appropriate changes in their applications. */ #ifdef OPENSSL_ALGORITHM_DEFINES +# if defined(OPENSSL_NO_CAMELLIA) && !defined(NO_CAMELLIA) +# define NO_CAMELLIA +# endif +# if defined(OPENSSL_NO_CMS) && !defined(NO_CMS) +# define NO_CMS +# endif +# if defined(OPENSSL_NO_GMP) && !defined(NO_GMP) +# define NO_GMP +# endif # if defined(OPENSSL_NO_KRB5) && !defined(NO_KRB5) # define NO_KRB5 # endif +# if defined(OPENSSL_NO_MDC2) && !defined(NO_MDC2) +# define NO_MDC2 +# endif +# if defined(OPENSSL_NO_RC5) && !defined(NO_RC5) +# define NO_RC5 +# endif +# if defined(OPENSSL_NO_RFC3779) && !defined(NO_RFC3779) +# define NO_RFC3779 +# endif +# if defined(OPENSSL_NO_SEED) && !defined(NO_SEED) +# define NO_SEED +# endif +# if defined(OPENSSL_NO_TLSEXT) && !defined(NO_TLSEXT) +# define NO_TLSEXT +# endif #endif /* crypto/opensslconf.h.in */ @@ -27,6 +81,7 @@ #if !(defined(VMS) || defined(__VMS)) /* VMS uses logical names instead */ #if defined(HEADER_CRYPTLIB_H) && !defined(OPENSSLDIR) +#define ENGINESDIR "/usr/lib/engines" #define OPENSSLDIR "/etc/ssl" #endif #endif @@ -65,11 +120,11 @@ * This enables code handling data aligned at natural CPU word * boundary. See crypto/rc4/rc4_enc.c for further details. */ -#undef RC4_CHUNK +#define RC4_CHUNK unsigned long #endif #endif -#if (defined(HEADER_DES_H) || defined(HEADER_DES_OLD_H)) && !defined(DES_LONG) +#if (defined(HEADER_NEW_DES_H) || defined(HEADER_DES_H)) && !defined(DES_LONG) /* If this is set to 'unsigned int' on a DEC Alpha, this gives about a * %20 speed up (longs are 8 bytes, int's are 4). */ #ifndef DES_LONG @@ -112,7 +167,7 @@ /* the following is tweaked from a config script, that is why it is a * protected undef/define */ #ifndef DES_PTR -#define DES_PTR +#undef DES_PTR #endif /* This helps C compiler generate the correct code for multiple functional @@ -123,7 +178,7 @@ #endif #ifndef DES_RISC2 -#define DES_RISC2 +#undef DES_RISC2 #endif #if defined(DES_RISC1) && defined(DES_RISC2) @@ -133,7 +188,7 @@ YOU SHOULD NOT HAVE BOTH DES_RISC1 AND DES_RISC2 DEFINED!!!!! /* Unroll the inner loop, this sometimes helps, sometimes hinders. * Very mucy CPU dependant */ #ifndef DES_UNROLL -#undef DES_UNROLL +#define DES_UNROLL #endif /* These default values were supplied by diff --git a/src/lib/libssl/crypto/arch/arm/opensslconf.h b/src/lib/libssl/crypto/arch/arm/opensslconf.h index 47a6dd8596..94d322270b 100644 --- a/src/lib/libssl/crypto/arch/arm/opensslconf.h +++ b/src/lib/libssl/crypto/arch/arm/opensslconf.h @@ -4,20 +4,74 @@ /* OpenSSL was configured with the following options: */ #ifndef OPENSSL_DOING_MAKEDEPEND +#ifndef OPENSSL_NO_CAMELLIA +# define OPENSSL_NO_CAMELLIA +#endif +#ifndef OPENSSL_NO_CMS +# define OPENSSL_NO_CMS +#endif +#ifndef OPENSSL_NO_GMP +# define OPENSSL_NO_GMP +#endif #ifndef OPENSSL_NO_KRB5 # define OPENSSL_NO_KRB5 #endif +#ifndef OPENSSL_NO_MDC2 +# define OPENSSL_NO_MDC2 +#endif +#ifndef OPENSSL_NO_RC5 +# define OPENSSL_NO_RC5 +#endif +#ifndef OPENSSL_NO_RFC3779 +# define OPENSSL_NO_RFC3779 +#endif +#ifndef OPENSSL_NO_SEED +# define OPENSSL_NO_SEED +#endif +#ifndef OPENSSL_NO_TLSEXT +# define OPENSSL_NO_TLSEXT +#endif #endif /* OPENSSL_DOING_MAKEDEPEND */ +#ifndef OPENSSL_THREADS +# define OPENSSL_THREADS +#endif +#ifndef OPENSSL_NO_DYNAMIC_ENGINE +# define OPENSSL_NO_DYNAMIC_ENGINE +#endif /* The OPENSSL_NO_* macros are also defined as NO_* if the application asks for it. This is a transient feature that is provided for those who haven't had the time to do the appropriate changes in their applications. */ #ifdef OPENSSL_ALGORITHM_DEFINES +# if defined(OPENSSL_NO_CAMELLIA) && !defined(NO_CAMELLIA) +# define NO_CAMELLIA +# endif +# if defined(OPENSSL_NO_CMS) && !defined(NO_CMS) +# define NO_CMS +# endif +# if defined(OPENSSL_NO_GMP) && !defined(NO_GMP) +# define NO_GMP +# endif # if defined(OPENSSL_NO_KRB5) && !defined(NO_KRB5) # define NO_KRB5 # endif +# if defined(OPENSSL_NO_MDC2) && !defined(NO_MDC2) +# define NO_MDC2 +# endif +# if defined(OPENSSL_NO_RC5) && !defined(NO_RC5) +# define NO_RC5 +# endif +# if defined(OPENSSL_NO_RFC3779) && !defined(NO_RFC3779) +# define NO_RFC3779 +# endif +# if defined(OPENSSL_NO_SEED) && !defined(NO_SEED) +# define NO_SEED +# endif +# if defined(OPENSSL_NO_TLSEXT) && !defined(NO_TLSEXT) +# define NO_TLSEXT +# endif #endif /* crypto/opensslconf.h.in */ @@ -27,6 +81,7 @@ #if !(defined(VMS) || defined(__VMS)) /* VMS uses logical names instead */ #if defined(HEADER_CRYPTLIB_H) && !defined(OPENSSLDIR) +#define ENGINESDIR "/usr/lib/engines" #define OPENSSLDIR "/etc/ssl" #endif #endif @@ -69,7 +124,7 @@ #endif #endif -#if (defined(HEADER_DES_H) || defined(HEADER_DES_OLD_H)) && !defined(DES_LONG) +#if (defined(HEADER_NEW_DES_H) || defined(HEADER_DES_H)) && !defined(DES_LONG) /* If this is set to 'unsigned int' on a DEC Alpha, this gives about a * %20 speed up (longs are 8 bytes, int's are 4). */ #ifndef DES_LONG diff --git a/src/lib/libssl/crypto/arch/hppa/opensslconf.h b/src/lib/libssl/crypto/arch/hppa/opensslconf.h index 0334dbdfc6..94d322270b 100644 --- a/src/lib/libssl/crypto/arch/hppa/opensslconf.h +++ b/src/lib/libssl/crypto/arch/hppa/opensslconf.h @@ -4,20 +4,74 @@ /* OpenSSL was configured with the following options: */ #ifndef OPENSSL_DOING_MAKEDEPEND +#ifndef OPENSSL_NO_CAMELLIA +# define OPENSSL_NO_CAMELLIA +#endif +#ifndef OPENSSL_NO_CMS +# define OPENSSL_NO_CMS +#endif +#ifndef OPENSSL_NO_GMP +# define OPENSSL_NO_GMP +#endif #ifndef OPENSSL_NO_KRB5 # define OPENSSL_NO_KRB5 #endif +#ifndef OPENSSL_NO_MDC2 +# define OPENSSL_NO_MDC2 +#endif +#ifndef OPENSSL_NO_RC5 +# define OPENSSL_NO_RC5 +#endif +#ifndef OPENSSL_NO_RFC3779 +# define OPENSSL_NO_RFC3779 +#endif +#ifndef OPENSSL_NO_SEED +# define OPENSSL_NO_SEED +#endif +#ifndef OPENSSL_NO_TLSEXT +# define OPENSSL_NO_TLSEXT +#endif #endif /* OPENSSL_DOING_MAKEDEPEND */ +#ifndef OPENSSL_THREADS +# define OPENSSL_THREADS +#endif +#ifndef OPENSSL_NO_DYNAMIC_ENGINE +# define OPENSSL_NO_DYNAMIC_ENGINE +#endif /* The OPENSSL_NO_* macros are also defined as NO_* if the application asks for it. This is a transient feature that is provided for those who haven't had the time to do the appropriate changes in their applications. */ #ifdef OPENSSL_ALGORITHM_DEFINES +# if defined(OPENSSL_NO_CAMELLIA) && !defined(NO_CAMELLIA) +# define NO_CAMELLIA +# endif +# if defined(OPENSSL_NO_CMS) && !defined(NO_CMS) +# define NO_CMS +# endif +# if defined(OPENSSL_NO_GMP) && !defined(NO_GMP) +# define NO_GMP +# endif # if defined(OPENSSL_NO_KRB5) && !defined(NO_KRB5) # define NO_KRB5 # endif +# if defined(OPENSSL_NO_MDC2) && !defined(NO_MDC2) +# define NO_MDC2 +# endif +# if defined(OPENSSL_NO_RC5) && !defined(NO_RC5) +# define NO_RC5 +# endif +# if defined(OPENSSL_NO_RFC3779) && !defined(NO_RFC3779) +# define NO_RFC3779 +# endif +# if defined(OPENSSL_NO_SEED) && !defined(NO_SEED) +# define NO_SEED +# endif +# if defined(OPENSSL_NO_TLSEXT) && !defined(NO_TLSEXT) +# define NO_TLSEXT +# endif #endif /* crypto/opensslconf.h.in */ @@ -27,6 +81,7 @@ #if !(defined(VMS) || defined(__VMS)) /* VMS uses logical names instead */ #if defined(HEADER_CRYPTLIB_H) && !defined(OPENSSLDIR) +#define ENGINESDIR "/usr/lib/engines" #define OPENSSLDIR "/etc/ssl" #endif #endif @@ -69,11 +124,11 @@ #endif #endif -#if (defined(HEADER_DES_H) || defined(HEADER_DES_OLD_H)) && !defined(DES_LONG) +#if (defined(HEADER_NEW_DES_H) || defined(HEADER_DES_H)) && !defined(DES_LONG) /* If this is set to 'unsigned int' on a DEC Alpha, this gives about a * %20 speed up (longs are 8 bytes, int's are 4). */ #ifndef DES_LONG -#define DES_LONG unsigned long +#define DES_LONG unsigned int #endif #endif diff --git a/src/lib/libssl/crypto/arch/i386/opensslconf.h b/src/lib/libssl/crypto/arch/i386/opensslconf.h index 7361ac56a1..98b7b58408 100644 --- a/src/lib/libssl/crypto/arch/i386/opensslconf.h +++ b/src/lib/libssl/crypto/arch/i386/opensslconf.h @@ -4,20 +4,74 @@ /* OpenSSL was configured with the following options: */ #ifndef OPENSSL_DOING_MAKEDEPEND +#ifndef OPENSSL_NO_CAMELLIA +# define OPENSSL_NO_CAMELLIA +#endif +#ifndef OPENSSL_NO_CMS +# define OPENSSL_NO_CMS +#endif +#ifndef OPENSSL_NO_GMP +# define OPENSSL_NO_GMP +#endif #ifndef OPENSSL_NO_KRB5 # define OPENSSL_NO_KRB5 #endif +#ifndef OPENSSL_NO_MDC2 +# define OPENSSL_NO_MDC2 +#endif +#ifndef OPENSSL_NO_RC5 +# define OPENSSL_NO_RC5 +#endif +#ifndef OPENSSL_NO_RFC3779 +# define OPENSSL_NO_RFC3779 +#endif +#ifndef OPENSSL_NO_SEED +# define OPENSSL_NO_SEED +#endif +#ifndef OPENSSL_NO_TLSEXT +# define OPENSSL_NO_TLSEXT +#endif #endif /* OPENSSL_DOING_MAKEDEPEND */ +#ifndef OPENSSL_THREADS +# define OPENSSL_THREADS +#endif +#ifndef OPENSSL_NO_DYNAMIC_ENGINE +# define OPENSSL_NO_DYNAMIC_ENGINE +#endif /* The OPENSSL_NO_* macros are also defined as NO_* if the application asks for it. This is a transient feature that is provided for those who haven't had the time to do the appropriate changes in their applications. */ #ifdef OPENSSL_ALGORITHM_DEFINES +# if defined(OPENSSL_NO_CAMELLIA) && !defined(NO_CAMELLIA) +# define NO_CAMELLIA +# endif +# if defined(OPENSSL_NO_CMS) && !defined(NO_CMS) +# define NO_CMS +# endif +# if defined(OPENSSL_NO_GMP) && !defined(NO_GMP) +# define NO_GMP +# endif # if defined(OPENSSL_NO_KRB5) && !defined(NO_KRB5) # define NO_KRB5 # endif +# if defined(OPENSSL_NO_MDC2) && !defined(NO_MDC2) +# define NO_MDC2 +# endif +# if defined(OPENSSL_NO_RC5) && !defined(NO_RC5) +# define NO_RC5 +# endif +# if defined(OPENSSL_NO_RFC3779) && !defined(NO_RFC3779) +# define NO_RFC3779 +# endif +# if defined(OPENSSL_NO_SEED) && !defined(NO_SEED) +# define NO_SEED +# endif +# if defined(OPENSSL_NO_TLSEXT) && !defined(NO_TLSEXT) +# define NO_TLSEXT +# endif #endif /* crypto/opensslconf.h.in */ @@ -27,6 +81,7 @@ #if !(defined(VMS) || defined(__VMS)) /* VMS uses logical names instead */ #if defined(HEADER_CRYPTLIB_H) && !defined(OPENSSLDIR) +#define ENGINESDIR "/usr/lib/engines" #define OPENSSLDIR "/etc/ssl" #endif #endif @@ -69,7 +124,7 @@ #endif #endif -#if (defined(HEADER_DES_H) || defined(HEADER_DES_OLD_H)) && !defined(DES_LONG) +#if (defined(HEADER_NEW_DES_H) || defined(HEADER_DES_H)) && !defined(DES_LONG) /* If this is set to 'unsigned int' on a DEC Alpha, this gives about a * %20 speed up (longs are 8 bytes, int's are 4). */ #ifndef DES_LONG diff --git a/src/lib/libssl/crypto/arch/m68k/opensslconf.h b/src/lib/libssl/crypto/arch/m68k/opensslconf.h index 47a6dd8596..94d322270b 100644 --- a/src/lib/libssl/crypto/arch/m68k/opensslconf.h +++ b/src/lib/libssl/crypto/arch/m68k/opensslconf.h @@ -4,20 +4,74 @@ /* OpenSSL was configured with the following options: */ #ifndef OPENSSL_DOING_MAKEDEPEND +#ifndef OPENSSL_NO_CAMELLIA +# define OPENSSL_NO_CAMELLIA +#endif +#ifndef OPENSSL_NO_CMS +# define OPENSSL_NO_CMS +#endif +#ifndef OPENSSL_NO_GMP +# define OPENSSL_NO_GMP +#endif #ifndef OPENSSL_NO_KRB5 # define OPENSSL_NO_KRB5 #endif +#ifndef OPENSSL_NO_MDC2 +# define OPENSSL_NO_MDC2 +#endif +#ifndef OPENSSL_NO_RC5 +# define OPENSSL_NO_RC5 +#endif +#ifndef OPENSSL_NO_RFC3779 +# define OPENSSL_NO_RFC3779 +#endif +#ifndef OPENSSL_NO_SEED +# define OPENSSL_NO_SEED +#endif +#ifndef OPENSSL_NO_TLSEXT +# define OPENSSL_NO_TLSEXT +#endif #endif /* OPENSSL_DOING_MAKEDEPEND */ +#ifndef OPENSSL_THREADS +# define OPENSSL_THREADS +#endif +#ifndef OPENSSL_NO_DYNAMIC_ENGINE +# define OPENSSL_NO_DYNAMIC_ENGINE +#endif /* The OPENSSL_NO_* macros are also defined as NO_* if the application asks for it. This is a transient feature that is provided for those who haven't had the time to do the appropriate changes in their applications. */ #ifdef OPENSSL_ALGORITHM_DEFINES +# if defined(OPENSSL_NO_CAMELLIA) && !defined(NO_CAMELLIA) +# define NO_CAMELLIA +# endif +# if defined(OPENSSL_NO_CMS) && !defined(NO_CMS) +# define NO_CMS +# endif +# if defined(OPENSSL_NO_GMP) && !defined(NO_GMP) +# define NO_GMP +# endif # if defined(OPENSSL_NO_KRB5) && !defined(NO_KRB5) # define NO_KRB5 # endif +# if defined(OPENSSL_NO_MDC2) && !defined(NO_MDC2) +# define NO_MDC2 +# endif +# if defined(OPENSSL_NO_RC5) && !defined(NO_RC5) +# define NO_RC5 +# endif +# if defined(OPENSSL_NO_RFC3779) && !defined(NO_RFC3779) +# define NO_RFC3779 +# endif +# if defined(OPENSSL_NO_SEED) && !defined(NO_SEED) +# define NO_SEED +# endif +# if defined(OPENSSL_NO_TLSEXT) && !defined(NO_TLSEXT) +# define NO_TLSEXT +# endif #endif /* crypto/opensslconf.h.in */ @@ -27,6 +81,7 @@ #if !(defined(VMS) || defined(__VMS)) /* VMS uses logical names instead */ #if defined(HEADER_CRYPTLIB_H) && !defined(OPENSSLDIR) +#define ENGINESDIR "/usr/lib/engines" #define OPENSSLDIR "/etc/ssl" #endif #endif @@ -69,7 +124,7 @@ #endif #endif -#if (defined(HEADER_DES_H) || defined(HEADER_DES_OLD_H)) && !defined(DES_LONG) +#if (defined(HEADER_NEW_DES_H) || defined(HEADER_DES_H)) && !defined(DES_LONG) /* If this is set to 'unsigned int' on a DEC Alpha, this gives about a * %20 speed up (longs are 8 bytes, int's are 4). */ #ifndef DES_LONG diff --git a/src/lib/libssl/crypto/arch/m88k/opensslconf.h b/src/lib/libssl/crypto/arch/m88k/opensslconf.h index 47a6dd8596..94d322270b 100644 --- a/src/lib/libssl/crypto/arch/m88k/opensslconf.h +++ b/src/lib/libssl/crypto/arch/m88k/opensslconf.h @@ -4,20 +4,74 @@ /* OpenSSL was configured with the following options: */ #ifndef OPENSSL_DOING_MAKEDEPEND +#ifndef OPENSSL_NO_CAMELLIA +# define OPENSSL_NO_CAMELLIA +#endif +#ifndef OPENSSL_NO_CMS +# define OPENSSL_NO_CMS +#endif +#ifndef OPENSSL_NO_GMP +# define OPENSSL_NO_GMP +#endif #ifndef OPENSSL_NO_KRB5 # define OPENSSL_NO_KRB5 #endif +#ifndef OPENSSL_NO_MDC2 +# define OPENSSL_NO_MDC2 +#endif +#ifndef OPENSSL_NO_RC5 +# define OPENSSL_NO_RC5 +#endif +#ifndef OPENSSL_NO_RFC3779 +# define OPENSSL_NO_RFC3779 +#endif +#ifndef OPENSSL_NO_SEED +# define OPENSSL_NO_SEED +#endif +#ifndef OPENSSL_NO_TLSEXT +# define OPENSSL_NO_TLSEXT +#endif #endif /* OPENSSL_DOING_MAKEDEPEND */ +#ifndef OPENSSL_THREADS +# define OPENSSL_THREADS +#endif +#ifndef OPENSSL_NO_DYNAMIC_ENGINE +# define OPENSSL_NO_DYNAMIC_ENGINE +#endif /* The OPENSSL_NO_* macros are also defined as NO_* if the application asks for it. This is a transient feature that is provided for those who haven't had the time to do the appropriate changes in their applications. */ #ifdef OPENSSL_ALGORITHM_DEFINES +# if defined(OPENSSL_NO_CAMELLIA) && !defined(NO_CAMELLIA) +# define NO_CAMELLIA +# endif +# if defined(OPENSSL_NO_CMS) && !defined(NO_CMS) +# define NO_CMS +# endif +# if defined(OPENSSL_NO_GMP) && !defined(NO_GMP) +# define NO_GMP +# endif # if defined(OPENSSL_NO_KRB5) && !defined(NO_KRB5) # define NO_KRB5 # endif +# if defined(OPENSSL_NO_MDC2) && !defined(NO_MDC2) +# define NO_MDC2 +# endif +# if defined(OPENSSL_NO_RC5) && !defined(NO_RC5) +# define NO_RC5 +# endif +# if defined(OPENSSL_NO_RFC3779) && !defined(NO_RFC3779) +# define NO_RFC3779 +# endif +# if defined(OPENSSL_NO_SEED) && !defined(NO_SEED) +# define NO_SEED +# endif +# if defined(OPENSSL_NO_TLSEXT) && !defined(NO_TLSEXT) +# define NO_TLSEXT +# endif #endif /* crypto/opensslconf.h.in */ @@ -27,6 +81,7 @@ #if !(defined(VMS) || defined(__VMS)) /* VMS uses logical names instead */ #if defined(HEADER_CRYPTLIB_H) && !defined(OPENSSLDIR) +#define ENGINESDIR "/usr/lib/engines" #define OPENSSLDIR "/etc/ssl" #endif #endif @@ -69,7 +124,7 @@ #endif #endif -#if (defined(HEADER_DES_H) || defined(HEADER_DES_OLD_H)) && !defined(DES_LONG) +#if (defined(HEADER_NEW_DES_H) || defined(HEADER_DES_H)) && !defined(DES_LONG) /* If this is set to 'unsigned int' on a DEC Alpha, this gives about a * %20 speed up (longs are 8 bytes, int's are 4). */ #ifndef DES_LONG diff --git a/src/lib/libssl/crypto/arch/mips64/opensslconf.h b/src/lib/libssl/crypto/arch/mips64/opensslconf.h index c33ccc8a0f..0d759a5784 100644 --- a/src/lib/libssl/crypto/arch/mips64/opensslconf.h +++ b/src/lib/libssl/crypto/arch/mips64/opensslconf.h @@ -4,20 +4,74 @@ /* OpenSSL was configured with the following options: */ #ifndef OPENSSL_DOING_MAKEDEPEND +#ifndef OPENSSL_NO_CAMELLIA +# define OPENSSL_NO_CAMELLIA +#endif +#ifndef OPENSSL_NO_CMS +# define OPENSSL_NO_CMS +#endif +#ifndef OPENSSL_NO_GMP +# define OPENSSL_NO_GMP +#endif #ifndef OPENSSL_NO_KRB5 # define OPENSSL_NO_KRB5 #endif +#ifndef OPENSSL_NO_MDC2 +# define OPENSSL_NO_MDC2 +#endif +#ifndef OPENSSL_NO_RC5 +# define OPENSSL_NO_RC5 +#endif +#ifndef OPENSSL_NO_RFC3779 +# define OPENSSL_NO_RFC3779 +#endif +#ifndef OPENSSL_NO_SEED +# define OPENSSL_NO_SEED +#endif +#ifndef OPENSSL_NO_TLSEXT +# define OPENSSL_NO_TLSEXT +#endif #endif /* OPENSSL_DOING_MAKEDEPEND */ +#ifndef OPENSSL_THREADS +# define OPENSSL_THREADS +#endif +#ifndef OPENSSL_NO_DYNAMIC_ENGINE +# define OPENSSL_NO_DYNAMIC_ENGINE +#endif /* The OPENSSL_NO_* macros are also defined as NO_* if the application asks for it. This is a transient feature that is provided for those who haven't had the time to do the appropriate changes in their applications. */ #ifdef OPENSSL_ALGORITHM_DEFINES +# if defined(OPENSSL_NO_CAMELLIA) && !defined(NO_CAMELLIA) +# define NO_CAMELLIA +# endif +# if defined(OPENSSL_NO_CMS) && !defined(NO_CMS) +# define NO_CMS +# endif +# if defined(OPENSSL_NO_GMP) && !defined(NO_GMP) +# define NO_GMP +# endif # if defined(OPENSSL_NO_KRB5) && !defined(NO_KRB5) # define NO_KRB5 # endif +# if defined(OPENSSL_NO_MDC2) && !defined(NO_MDC2) +# define NO_MDC2 +# endif +# if defined(OPENSSL_NO_RC5) && !defined(NO_RC5) +# define NO_RC5 +# endif +# if defined(OPENSSL_NO_RFC3779) && !defined(NO_RFC3779) +# define NO_RFC3779 +# endif +# if defined(OPENSSL_NO_SEED) && !defined(NO_SEED) +# define NO_SEED +# endif +# if defined(OPENSSL_NO_TLSEXT) && !defined(NO_TLSEXT) +# define NO_TLSEXT +# endif #endif /* crypto/opensslconf.h.in */ @@ -27,6 +81,7 @@ #if !(defined(VMS) || defined(__VMS)) /* VMS uses logical names instead */ #if defined(HEADER_CRYPTLIB_H) && !defined(OPENSSLDIR) +#define ENGINESDIR "/usr/lib/engines" #define OPENSSLDIR "/etc/ssl" #endif #endif @@ -65,11 +120,11 @@ * This enables code handling data aligned at natural CPU word * boundary. See crypto/rc4/rc4_enc.c for further details. */ -#undef RC4_CHUNK +#define RC4_CHUNK unsigned long #endif #endif -#if (defined(HEADER_DES_H) || defined(HEADER_DES_OLD_H)) && !defined(DES_LONG) +#if (defined(HEADER_NEW_DES_H) || defined(HEADER_DES_H)) && !defined(DES_LONG) /* If this is set to 'unsigned int' on a DEC Alpha, this gives about a * %20 speed up (longs are 8 bytes, int's are 4). */ #ifndef DES_LONG @@ -103,7 +158,7 @@ #if defined(HEADER_BF_LOCL_H) && !defined(CONFIG_HEADER_BF_LOCL_H) #define CONFIG_HEADER_BF_LOCL_H -#undef BF_PTR +#define BF_PTR #endif /* HEADER_BF_LOCL_H */ #if defined(HEADER_DES_LOCL_H) && !defined(CONFIG_HEADER_DES_LOCL_H) diff --git a/src/lib/libssl/crypto/arch/powerpc/opensslconf.h b/src/lib/libssl/crypto/arch/powerpc/opensslconf.h index 47a6dd8596..94d322270b 100644 --- a/src/lib/libssl/crypto/arch/powerpc/opensslconf.h +++ b/src/lib/libssl/crypto/arch/powerpc/opensslconf.h @@ -4,20 +4,74 @@ /* OpenSSL was configured with the following options: */ #ifndef OPENSSL_DOING_MAKEDEPEND +#ifndef OPENSSL_NO_CAMELLIA +# define OPENSSL_NO_CAMELLIA +#endif +#ifndef OPENSSL_NO_CMS +# define OPENSSL_NO_CMS +#endif +#ifndef OPENSSL_NO_GMP +# define OPENSSL_NO_GMP +#endif #ifndef OPENSSL_NO_KRB5 # define OPENSSL_NO_KRB5 #endif +#ifndef OPENSSL_NO_MDC2 +# define OPENSSL_NO_MDC2 +#endif +#ifndef OPENSSL_NO_RC5 +# define OPENSSL_NO_RC5 +#endif +#ifndef OPENSSL_NO_RFC3779 +# define OPENSSL_NO_RFC3779 +#endif +#ifndef OPENSSL_NO_SEED +# define OPENSSL_NO_SEED +#endif +#ifndef OPENSSL_NO_TLSEXT +# define OPENSSL_NO_TLSEXT +#endif #endif /* OPENSSL_DOING_MAKEDEPEND */ +#ifndef OPENSSL_THREADS +# define OPENSSL_THREADS +#endif +#ifndef OPENSSL_NO_DYNAMIC_ENGINE +# define OPENSSL_NO_DYNAMIC_ENGINE +#endif /* The OPENSSL_NO_* macros are also defined as NO_* if the application asks for it. This is a transient feature that is provided for those who haven't had the time to do the appropriate changes in their applications. */ #ifdef OPENSSL_ALGORITHM_DEFINES +# if defined(OPENSSL_NO_CAMELLIA) && !defined(NO_CAMELLIA) +# define NO_CAMELLIA +# endif +# if defined(OPENSSL_NO_CMS) && !defined(NO_CMS) +# define NO_CMS +# endif +# if defined(OPENSSL_NO_GMP) && !defined(NO_GMP) +# define NO_GMP +# endif # if defined(OPENSSL_NO_KRB5) && !defined(NO_KRB5) # define NO_KRB5 # endif +# if defined(OPENSSL_NO_MDC2) && !defined(NO_MDC2) +# define NO_MDC2 +# endif +# if defined(OPENSSL_NO_RC5) && !defined(NO_RC5) +# define NO_RC5 +# endif +# if defined(OPENSSL_NO_RFC3779) && !defined(NO_RFC3779) +# define NO_RFC3779 +# endif +# if defined(OPENSSL_NO_SEED) && !defined(NO_SEED) +# define NO_SEED +# endif +# if defined(OPENSSL_NO_TLSEXT) && !defined(NO_TLSEXT) +# define NO_TLSEXT +# endif #endif /* crypto/opensslconf.h.in */ @@ -27,6 +81,7 @@ #if !(defined(VMS) || defined(__VMS)) /* VMS uses logical names instead */ #if defined(HEADER_CRYPTLIB_H) && !defined(OPENSSLDIR) +#define ENGINESDIR "/usr/lib/engines" #define OPENSSLDIR "/etc/ssl" #endif #endif @@ -69,7 +124,7 @@ #endif #endif -#if (defined(HEADER_DES_H) || defined(HEADER_DES_OLD_H)) && !defined(DES_LONG) +#if (defined(HEADER_NEW_DES_H) || defined(HEADER_DES_H)) && !defined(DES_LONG) /* If this is set to 'unsigned int' on a DEC Alpha, this gives about a * %20 speed up (longs are 8 bytes, int's are 4). */ #ifndef DES_LONG diff --git a/src/lib/libssl/crypto/arch/sh/opensslconf.h b/src/lib/libssl/crypto/arch/sh/opensslconf.h index 47a6dd8596..94d322270b 100644 --- a/src/lib/libssl/crypto/arch/sh/opensslconf.h +++ b/src/lib/libssl/crypto/arch/sh/opensslconf.h @@ -4,20 +4,74 @@ /* OpenSSL was configured with the following options: */ #ifndef OPENSSL_DOING_MAKEDEPEND +#ifndef OPENSSL_NO_CAMELLIA +# define OPENSSL_NO_CAMELLIA +#endif +#ifndef OPENSSL_NO_CMS +# define OPENSSL_NO_CMS +#endif +#ifndef OPENSSL_NO_GMP +# define OPENSSL_NO_GMP +#endif #ifndef OPENSSL_NO_KRB5 # define OPENSSL_NO_KRB5 #endif +#ifndef OPENSSL_NO_MDC2 +# define OPENSSL_NO_MDC2 +#endif +#ifndef OPENSSL_NO_RC5 +# define OPENSSL_NO_RC5 +#endif +#ifndef OPENSSL_NO_RFC3779 +# define OPENSSL_NO_RFC3779 +#endif +#ifndef OPENSSL_NO_SEED +# define OPENSSL_NO_SEED +#endif +#ifndef OPENSSL_NO_TLSEXT +# define OPENSSL_NO_TLSEXT +#endif #endif /* OPENSSL_DOING_MAKEDEPEND */ +#ifndef OPENSSL_THREADS +# define OPENSSL_THREADS +#endif +#ifndef OPENSSL_NO_DYNAMIC_ENGINE +# define OPENSSL_NO_DYNAMIC_ENGINE +#endif /* The OPENSSL_NO_* macros are also defined as NO_* if the application asks for it. This is a transient feature that is provided for those who haven't had the time to do the appropriate changes in their applications. */ #ifdef OPENSSL_ALGORITHM_DEFINES +# if defined(OPENSSL_NO_CAMELLIA) && !defined(NO_CAMELLIA) +# define NO_CAMELLIA +# endif +# if defined(OPENSSL_NO_CMS) && !defined(NO_CMS) +# define NO_CMS +# endif +# if defined(OPENSSL_NO_GMP) && !defined(NO_GMP) +# define NO_GMP +# endif # if defined(OPENSSL_NO_KRB5) && !defined(NO_KRB5) # define NO_KRB5 # endif +# if defined(OPENSSL_NO_MDC2) && !defined(NO_MDC2) +# define NO_MDC2 +# endif +# if defined(OPENSSL_NO_RC5) && !defined(NO_RC5) +# define NO_RC5 +# endif +# if defined(OPENSSL_NO_RFC3779) && !defined(NO_RFC3779) +# define NO_RFC3779 +# endif +# if defined(OPENSSL_NO_SEED) && !defined(NO_SEED) +# define NO_SEED +# endif +# if defined(OPENSSL_NO_TLSEXT) && !defined(NO_TLSEXT) +# define NO_TLSEXT +# endif #endif /* crypto/opensslconf.h.in */ @@ -27,6 +81,7 @@ #if !(defined(VMS) || defined(__VMS)) /* VMS uses logical names instead */ #if defined(HEADER_CRYPTLIB_H) && !defined(OPENSSLDIR) +#define ENGINESDIR "/usr/lib/engines" #define OPENSSLDIR "/etc/ssl" #endif #endif @@ -69,7 +124,7 @@ #endif #endif -#if (defined(HEADER_DES_H) || defined(HEADER_DES_OLD_H)) && !defined(DES_LONG) +#if (defined(HEADER_NEW_DES_H) || defined(HEADER_DES_H)) && !defined(DES_LONG) /* If this is set to 'unsigned int' on a DEC Alpha, this gives about a * %20 speed up (longs are 8 bytes, int's are 4). */ #ifndef DES_LONG diff --git a/src/lib/libssl/crypto/arch/sparc/opensslconf.h b/src/lib/libssl/crypto/arch/sparc/opensslconf.h index 47a6dd8596..94d322270b 100644 --- a/src/lib/libssl/crypto/arch/sparc/opensslconf.h +++ b/src/lib/libssl/crypto/arch/sparc/opensslconf.h @@ -4,20 +4,74 @@ /* OpenSSL was configured with the following options: */ #ifndef OPENSSL_DOING_MAKEDEPEND +#ifndef OPENSSL_NO_CAMELLIA +# define OPENSSL_NO_CAMELLIA +#endif +#ifndef OPENSSL_NO_CMS +# define OPENSSL_NO_CMS +#endif +#ifndef OPENSSL_NO_GMP +# define OPENSSL_NO_GMP +#endif #ifndef OPENSSL_NO_KRB5 # define OPENSSL_NO_KRB5 #endif +#ifndef OPENSSL_NO_MDC2 +# define OPENSSL_NO_MDC2 +#endif +#ifndef OPENSSL_NO_RC5 +# define OPENSSL_NO_RC5 +#endif +#ifndef OPENSSL_NO_RFC3779 +# define OPENSSL_NO_RFC3779 +#endif +#ifndef OPENSSL_NO_SEED +# define OPENSSL_NO_SEED +#endif +#ifndef OPENSSL_NO_TLSEXT +# define OPENSSL_NO_TLSEXT +#endif #endif /* OPENSSL_DOING_MAKEDEPEND */ +#ifndef OPENSSL_THREADS +# define OPENSSL_THREADS +#endif +#ifndef OPENSSL_NO_DYNAMIC_ENGINE +# define OPENSSL_NO_DYNAMIC_ENGINE +#endif /* The OPENSSL_NO_* macros are also defined as NO_* if the application asks for it. This is a transient feature that is provided for those who haven't had the time to do the appropriate changes in their applications. */ #ifdef OPENSSL_ALGORITHM_DEFINES +# if defined(OPENSSL_NO_CAMELLIA) && !defined(NO_CAMELLIA) +# define NO_CAMELLIA +# endif +# if defined(OPENSSL_NO_CMS) && !defined(NO_CMS) +# define NO_CMS +# endif +# if defined(OPENSSL_NO_GMP) && !defined(NO_GMP) +# define NO_GMP +# endif # if defined(OPENSSL_NO_KRB5) && !defined(NO_KRB5) # define NO_KRB5 # endif +# if defined(OPENSSL_NO_MDC2) && !defined(NO_MDC2) +# define NO_MDC2 +# endif +# if defined(OPENSSL_NO_RC5) && !defined(NO_RC5) +# define NO_RC5 +# endif +# if defined(OPENSSL_NO_RFC3779) && !defined(NO_RFC3779) +# define NO_RFC3779 +# endif +# if defined(OPENSSL_NO_SEED) && !defined(NO_SEED) +# define NO_SEED +# endif +# if defined(OPENSSL_NO_TLSEXT) && !defined(NO_TLSEXT) +# define NO_TLSEXT +# endif #endif /* crypto/opensslconf.h.in */ @@ -27,6 +81,7 @@ #if !(defined(VMS) || defined(__VMS)) /* VMS uses logical names instead */ #if defined(HEADER_CRYPTLIB_H) && !defined(OPENSSLDIR) +#define ENGINESDIR "/usr/lib/engines" #define OPENSSLDIR "/etc/ssl" #endif #endif @@ -69,7 +124,7 @@ #endif #endif -#if (defined(HEADER_DES_H) || defined(HEADER_DES_OLD_H)) && !defined(DES_LONG) +#if (defined(HEADER_NEW_DES_H) || defined(HEADER_DES_H)) && !defined(DES_LONG) /* If this is set to 'unsigned int' on a DEC Alpha, this gives about a * %20 speed up (longs are 8 bytes, int's are 4). */ #ifndef DES_LONG diff --git a/src/lib/libssl/crypto/arch/sparc64/opensslconf.h b/src/lib/libssl/crypto/arch/sparc64/opensslconf.h index 053308653b..0d759a5784 100644 --- a/src/lib/libssl/crypto/arch/sparc64/opensslconf.h +++ b/src/lib/libssl/crypto/arch/sparc64/opensslconf.h @@ -4,20 +4,74 @@ /* OpenSSL was configured with the following options: */ #ifndef OPENSSL_DOING_MAKEDEPEND +#ifndef OPENSSL_NO_CAMELLIA +# define OPENSSL_NO_CAMELLIA +#endif +#ifndef OPENSSL_NO_CMS +# define OPENSSL_NO_CMS +#endif +#ifndef OPENSSL_NO_GMP +# define OPENSSL_NO_GMP +#endif #ifndef OPENSSL_NO_KRB5 # define OPENSSL_NO_KRB5 #endif +#ifndef OPENSSL_NO_MDC2 +# define OPENSSL_NO_MDC2 +#endif +#ifndef OPENSSL_NO_RC5 +# define OPENSSL_NO_RC5 +#endif +#ifndef OPENSSL_NO_RFC3779 +# define OPENSSL_NO_RFC3779 +#endif +#ifndef OPENSSL_NO_SEED +# define OPENSSL_NO_SEED +#endif +#ifndef OPENSSL_NO_TLSEXT +# define OPENSSL_NO_TLSEXT +#endif #endif /* OPENSSL_DOING_MAKEDEPEND */ +#ifndef OPENSSL_THREADS +# define OPENSSL_THREADS +#endif +#ifndef OPENSSL_NO_DYNAMIC_ENGINE +# define OPENSSL_NO_DYNAMIC_ENGINE +#endif /* The OPENSSL_NO_* macros are also defined as NO_* if the application asks for it. This is a transient feature that is provided for those who haven't had the time to do the appropriate changes in their applications. */ #ifdef OPENSSL_ALGORITHM_DEFINES +# if defined(OPENSSL_NO_CAMELLIA) && !defined(NO_CAMELLIA) +# define NO_CAMELLIA +# endif +# if defined(OPENSSL_NO_CMS) && !defined(NO_CMS) +# define NO_CMS +# endif +# if defined(OPENSSL_NO_GMP) && !defined(NO_GMP) +# define NO_GMP +# endif # if defined(OPENSSL_NO_KRB5) && !defined(NO_KRB5) # define NO_KRB5 # endif +# if defined(OPENSSL_NO_MDC2) && !defined(NO_MDC2) +# define NO_MDC2 +# endif +# if defined(OPENSSL_NO_RC5) && !defined(NO_RC5) +# define NO_RC5 +# endif +# if defined(OPENSSL_NO_RFC3779) && !defined(NO_RFC3779) +# define NO_RFC3779 +# endif +# if defined(OPENSSL_NO_SEED) && !defined(NO_SEED) +# define NO_SEED +# endif +# if defined(OPENSSL_NO_TLSEXT) && !defined(NO_TLSEXT) +# define NO_TLSEXT +# endif #endif /* crypto/opensslconf.h.in */ @@ -27,6 +81,7 @@ #if !(defined(VMS) || defined(__VMS)) /* VMS uses logical names instead */ #if defined(HEADER_CRYPTLIB_H) && !defined(OPENSSLDIR) +#define ENGINESDIR "/usr/lib/engines" #define OPENSSLDIR "/etc/ssl" #endif #endif @@ -65,11 +120,11 @@ * This enables code handling data aligned at natural CPU word * boundary. See crypto/rc4/rc4_enc.c for further details. */ -#undef RC4_CHUNK +#define RC4_CHUNK unsigned long #endif #endif -#if (defined(HEADER_DES_H) || defined(HEADER_DES_OLD_H)) && !defined(DES_LONG) +#if (defined(HEADER_NEW_DES_H) || defined(HEADER_DES_H)) && !defined(DES_LONG) /* If this is set to 'unsigned int' on a DEC Alpha, this gives about a * %20 speed up (longs are 8 bytes, int's are 4). */ #ifndef DES_LONG diff --git a/src/lib/libssl/crypto/arch/vax/opensslconf.h b/src/lib/libssl/crypto/arch/vax/opensslconf.h index 47a6dd8596..94d322270b 100644 --- a/src/lib/libssl/crypto/arch/vax/opensslconf.h +++ b/src/lib/libssl/crypto/arch/vax/opensslconf.h @@ -4,20 +4,74 @@ /* OpenSSL was configured with the following options: */ #ifndef OPENSSL_DOING_MAKEDEPEND +#ifndef OPENSSL_NO_CAMELLIA +# define OPENSSL_NO_CAMELLIA +#endif +#ifndef OPENSSL_NO_CMS +# define OPENSSL_NO_CMS +#endif +#ifndef OPENSSL_NO_GMP +# define OPENSSL_NO_GMP +#endif #ifndef OPENSSL_NO_KRB5 # define OPENSSL_NO_KRB5 #endif +#ifndef OPENSSL_NO_MDC2 +# define OPENSSL_NO_MDC2 +#endif +#ifndef OPENSSL_NO_RC5 +# define OPENSSL_NO_RC5 +#endif +#ifndef OPENSSL_NO_RFC3779 +# define OPENSSL_NO_RFC3779 +#endif +#ifndef OPENSSL_NO_SEED +# define OPENSSL_NO_SEED +#endif +#ifndef OPENSSL_NO_TLSEXT +# define OPENSSL_NO_TLSEXT +#endif #endif /* OPENSSL_DOING_MAKEDEPEND */ +#ifndef OPENSSL_THREADS +# define OPENSSL_THREADS +#endif +#ifndef OPENSSL_NO_DYNAMIC_ENGINE +# define OPENSSL_NO_DYNAMIC_ENGINE +#endif /* The OPENSSL_NO_* macros are also defined as NO_* if the application asks for it. This is a transient feature that is provided for those who haven't had the time to do the appropriate changes in their applications. */ #ifdef OPENSSL_ALGORITHM_DEFINES +# if defined(OPENSSL_NO_CAMELLIA) && !defined(NO_CAMELLIA) +# define NO_CAMELLIA +# endif +# if defined(OPENSSL_NO_CMS) && !defined(NO_CMS) +# define NO_CMS +# endif +# if defined(OPENSSL_NO_GMP) && !defined(NO_GMP) +# define NO_GMP +# endif # if defined(OPENSSL_NO_KRB5) && !defined(NO_KRB5) # define NO_KRB5 # endif +# if defined(OPENSSL_NO_MDC2) && !defined(NO_MDC2) +# define NO_MDC2 +# endif +# if defined(OPENSSL_NO_RC5) && !defined(NO_RC5) +# define NO_RC5 +# endif +# if defined(OPENSSL_NO_RFC3779) && !defined(NO_RFC3779) +# define NO_RFC3779 +# endif +# if defined(OPENSSL_NO_SEED) && !defined(NO_SEED) +# define NO_SEED +# endif +# if defined(OPENSSL_NO_TLSEXT) && !defined(NO_TLSEXT) +# define NO_TLSEXT +# endif #endif /* crypto/opensslconf.h.in */ @@ -27,6 +81,7 @@ #if !(defined(VMS) || defined(__VMS)) /* VMS uses logical names instead */ #if defined(HEADER_CRYPTLIB_H) && !defined(OPENSSLDIR) +#define ENGINESDIR "/usr/lib/engines" #define OPENSSLDIR "/etc/ssl" #endif #endif @@ -69,7 +124,7 @@ #endif #endif -#if (defined(HEADER_DES_H) || defined(HEADER_DES_OLD_H)) && !defined(DES_LONG) +#if (defined(HEADER_NEW_DES_H) || defined(HEADER_DES_H)) && !defined(DES_LONG) /* If this is set to 'unsigned int' on a DEC Alpha, this gives about a * %20 speed up (longs are 8 bytes, int's are 4). */ #ifndef DES_LONG diff --git a/src/lib/libssl/crypto/shlib_version b/src/lib/libssl/crypto/shlib_version index d85251eba7..7791322042 100644 --- a/src/lib/libssl/crypto/shlib_version +++ b/src/lib/libssl/crypto/shlib_version @@ -1,2 +1,2 @@ -major=14 +major=15 minor=0 diff --git a/src/lib/libssl/shlib_version b/src/lib/libssl/shlib_version index f461c53390..56246d02b2 100644 --- a/src/lib/libssl/shlib_version +++ b/src/lib/libssl/shlib_version @@ -1,2 +1,2 @@ -major=11 +major=12 minor=0 diff --git a/src/lib/libssl/src/apps/s_apps.h b/src/lib/libssl/src/apps/s_apps.h index 023faa8467..0b461083eb 100644 --- a/src/lib/libssl/src/apps/s_apps.h +++ b/src/lib/libssl/src/apps/s_apps.h @@ -156,7 +156,7 @@ int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx); int set_cert_stuff(SSL_CTX *ctx, char *cert_file, char *key_file); int set_cert_key_stuff(SSL_CTX *ctx, X509 *cert, EVP_PKEY *key); #endif -int init_client(int *sock, char *server, int port, int type, int af); +int init_client(int *sock, char *server, char *port, int type, int af); int should_retry(int i); int extract_port(char *str, short *port_ptr); int extract_host_port(char *str,char **host_ptr,unsigned char *ip,char **p); diff --git a/src/lib/libssl/src/apps/s_client.c b/src/lib/libssl/src/apps/s_client.c index f01017ba48..3a52853c82 100644 --- a/src/lib/libssl/src/apps/s_client.c +++ b/src/lib/libssl/src/apps/s_client.c @@ -319,7 +319,6 @@ int MAIN(int argc, char **argv) int sock_type=SOCK_STREAM; BIO *sbio; char *inrand=NULL; - int mbuf_len=0; #ifndef OPENSSL_NO_ENGINE char *engine_id=NULL; ENGINE *e=NULL; diff --git a/src/lib/libssl/src/apps/s_socket.c b/src/lib/libssl/src/apps/s_socket.c index 981650bddd..7e47d5118d 100644 --- a/src/lib/libssl/src/apps/s_socket.c +++ b/src/lib/libssl/src/apps/s_socket.c @@ -226,18 +226,16 @@ static int ssl_sock_init(void) return(1); } -int init_client(int *sock, char *host, int port, int type, int af) +int init_client(int *sock, char *host, char *port, int type, int af) { struct addrinfo hints, *ai_top, *ai; int i, s; - char port_s[NI_MAXSERV]; memset(&hints, '\0', sizeof(hints)); hints.ai_family = af; hints.ai_socktype = type; - snprintf(port_s, sizeof(port_s), "%d", port); - if ((i = getaddrinfo(host, port_s, &hints, &ai_top)) != 0 || + if ((i = getaddrinfo(host, port, &hints, &ai_top)) != 0 || ai_top == NULL || ai_top->ai_addr == NULL) { BIO_printf(bio_err,"getaddrinfo: %s\n", gai_strerror(i)); @@ -246,7 +244,7 @@ int init_client(int *sock, char *host, int port, int type, int af) for (ai = ai_top; ai != NULL; ai = ai->ai_next) { - s=socket(ai->ai_addr->sa_family, SOCK_STREAM, SOCKET_PROTOCOL); + s=socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol); if (s == INVALID_SOCKET) { continue; } #ifndef OPENSSL_SYS_MPE if (type == SOCK_STREAM) @@ -256,7 +254,7 @@ int init_client(int *sock, char *host, int port, int type, int af) if (i < 0) { perror("keepalive"); return(0); } } #endif - if ((i = connect(s, ai->ai_addr, ai->ai_addr->sa_len)) == 0) + if ((i = connect(s, ai->ai_addr, ai->ai_addrlen)) == 0) { *sock=s; freeaddrinfo(ai_top); return (1);} close(s); diff --git a/src/lib/libssl/src/crypto/des/des_enc.c b/src/lib/libssl/src/crypto/des/des_enc.c index 53705b9f5b..0fe4e0b2ad 100644 --- a/src/lib/libssl/src/crypto/des/des_enc.c +++ b/src/lib/libssl/src/crypto/des/des_enc.c @@ -58,6 +58,8 @@ #include "des_locl.h" +#ifndef OPENBSD_DES_ASM + void DES_encrypt1(DES_LONG *data, DES_key_schedule *ks, int enc) { register DES_LONG l,r,t,u; @@ -246,7 +248,8 @@ void DES_encrypt2(DES_LONG *data, DES_key_schedule *ks, int enc) data[1]=ROTATE(r,3)&0xffffffffL; l=r=t=u=0; } -#endif + +#endif /* OPENBSD_DES_ASM */ void DES_encrypt3(DES_LONG *data, DES_key_schedule *ks1, DES_key_schedule *ks2, DES_key_schedule *ks3) diff --git a/src/lib/libssl/src/crypto/des/fcrypt_b.c b/src/lib/libssl/src/crypto/des/fcrypt_b.c index 1390138787..c56b461e91 100644 --- a/src/lib/libssl/src/crypto/des/fcrypt_b.c +++ b/src/lib/libssl/src/crypto/des/fcrypt_b.c @@ -68,6 +68,8 @@ #include "des_locl.h" #undef DES_FCRYPT +#ifndef OPENBSD_DES_ASM + #undef PERM_OP #define PERM_OP(a,b,t,n,m) ((t)=((((a)>>(n))^(b))&(m)),\ (b)^=(t),\ @@ -143,3 +145,4 @@ void fcrypt_body(DES_LONG *out, DES_key_schedule *ks, DES_LONG Eswap0, out[1]=l; } +#endif /* OPENBSD_DES_ASM */ diff --git a/src/lib/libssl/src/crypto/dso/dso_dlfcn.c b/src/lib/libssl/src/crypto/dso/dso_dlfcn.c index f734c1c6b7..656cd496f8 100644 --- a/src/lib/libssl/src/crypto/dso/dso_dlfcn.c +++ b/src/lib/libssl/src/crypto/dso/dso_dlfcn.c @@ -269,6 +269,7 @@ static char *dlfcn_merger(DSO *dso, const char *filespec1, const char *filespec2) { char *merged; + size_t len; if(!filespec1 && !filespec2) { @@ -280,18 +281,20 @@ static char *dlfcn_merger(DSO *dso, const char *filespec1, same goes if the second file specification is missing. */ if (!filespec2 || filespec1[0] == '/') { - merged = OPENSSL_malloc(strlen(filespec1) + 1); + len = strlen(filespec1) + 1; + merged = OPENSSL_malloc(len); if(!merged) { DSOerr(DSO_F_DLFCN_MERGER, ERR_R_MALLOC_FAILURE); return(NULL); } - strcpy(merged, filespec1); + strlcpy(merged, filespec1, len); } /* If the first file specification is missing, the second one rules. */ else if (!filespec1) { + len = strlen(filespec2) + 1; merged = OPENSSL_malloc(strlen(filespec2) + 1); if(!merged) { @@ -299,7 +302,7 @@ static char *dlfcn_merger(DSO *dso, const char *filespec1, ERR_R_MALLOC_FAILURE); return(NULL); } - strcpy(merged, filespec2); + strlcpy(merged, filespec2, len); } else /* This part isn't as trivial as it looks. It assumes that @@ -325,9 +328,9 @@ static char *dlfcn_merger(DSO *dso, const char *filespec1, ERR_R_MALLOC_FAILURE); return(NULL); } - strcpy(merged, filespec2); + strlcpy(merged, filespec2, len + 2); merged[spec2len] = '/'; - strcpy(&merged[spec2len + 1], filespec1); + strlcpy(&merged[spec2len + 1], filespec1, len + 1 - spec2len); } return(merged); } diff --git a/src/lib/libssl/src/crypto/engine/hw_cryptodev.c b/src/lib/libssl/src/crypto/engine/hw_cryptodev.c index a98f5d7e57..4af40cdfc3 100644 --- a/src/lib/libssl/src/crypto/engine/hw_cryptodev.c +++ b/src/lib/libssl/src/crypto/engine/hw_cryptodev.c @@ -114,8 +114,9 @@ static int cryptodev_asym(struct crypt_kop *kop, int rlen, BIGNUM *r, static int cryptodev_bn_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx); static int cryptodev_rsa_nocrt_mod_exp(BIGNUM *r0, const BIGNUM *I, - RSA *rsa); -static int cryptodev_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa); + RSA *rsa, BN_CTX *ctx); +static int cryptodev_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, + BN_CTX *ctx); static int cryptodev_dsa_bn_mod_exp(DSA *dsa, BIGNUM *r, BIGNUM *a, const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx); static int cryptodev_dsa_dsa_mod_exp(DSA *dsa, BIGNUM *t1, BIGNUM *g, @@ -978,19 +979,14 @@ err: } static int -cryptodev_rsa_nocrt_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa) +cryptodev_rsa_nocrt_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, + BN_CTX *ctx) { - int r; - BN_CTX *ctx; - - ctx = BN_CTX_new(); - r = cryptodev_bn_mod_exp(r0, I, rsa->d, rsa->n, ctx, NULL); - BN_CTX_free(ctx); - return (r); + return (RSA_PKCS1_SSLeay()->rsa_mod_exp)(r0, I, rsa, ctx); } static int -cryptodev_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa) +cryptodev_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx) { struct crypt_kop kop; int ret = 1; @@ -1019,7 +1015,7 @@ cryptodev_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa) if (cryptodev_asym(&kop, BN_num_bytes(rsa->n), r0, 0, NULL) == -1) { const RSA_METHOD *meth = RSA_PKCS1_SSLeay(); - ret = (*meth->rsa_mod_exp)(r0, I, rsa); + ret = (*meth->rsa_mod_exp)(r0, I, rsa, ctx); } err: zapparams(&kop); diff --git a/src/lib/libssl/src/crypto/x509v3/v3_alt.c b/src/lib/libssl/src/crypto/x509v3/v3_alt.c index bb2f5bc54e..ac3139d1e6 100644 --- a/src/lib/libssl/src/crypto/x509v3/v3_alt.c +++ b/src/lib/libssl/src/crypto/x509v3/v3_alt.c @@ -147,9 +147,9 @@ STACK_OF(CONF_VALUE) *i2v_GENERAL_NAME(X509V3_EXT_METHOD *method, BIO_snprintf(htmp, sizeof htmp, "%X", p[0] << 8 | p[1]); p += 2; - strcat(oline, htmp); + strlcat(oline, htmp, sizeof oline); if (i != 7) - strcat(oline, ":"); + strlcat(oline, ":", sizeof oline); } } else diff --git a/src/lib/libssl/ssl/Makefile b/src/lib/libssl/ssl/Makefile index dd5ff5720c..b948803bb9 100644 --- a/src/lib/libssl/ssl/Makefile +++ b/src/lib/libssl/ssl/Makefile @@ -1,4 +1,4 @@ -# $OpenBSD: Makefile,v 1.21 2005/11/24 20:49:23 deraadt Exp $ +# $OpenBSD: Makefile,v 1.22 2008/09/06 12:20:16 djm Exp $ LIB= ssl WANTLINT= @@ -24,7 +24,7 @@ CFLAGS+= -DB_ENDIAN CFLAGS+= -DOPENSSL_NO_IDEA -DTERMIOS -DANSI_SOURCE -DNO_ERR CFLAGS+= -DOPENSSL_NO_MDC2 CFLAGS+= -DOPENSSL_NO_RC5 -DOPENSSL_NO_KRB5 -DHAVE_DLFCN_H -CFLAGS+= -I${.CURDIR}/../${SSLEAYDIST} +CFLAGS+= -I${.CURDIR}/../${SSLEAYDIST} -I${.CURDIR}/../${SSLEAYDIST}/crypto SRCS= bio_ssl.c s2_clnt.c s3_both.c s3_srvr.c ssl_err2.c ssl_txt.c \ t1_srvr.c s23_clnt.c s2_enc.c s3_clnt.c ssl_algs.c ssl_lib.c \ @@ -32,9 +32,10 @@ SRCS= bio_ssl.c s2_clnt.c s3_both.c s3_srvr.c ssl_err2.c ssl_txt.c \ t1_clnt.c s23_meth.c s2_meth.c s3_lib.c ssl_cert.c ssl_sess.c \ t1_enc.c s23_pkt.c s2_pkt.c s3_meth.c ssl_ciph.c ssl_stat.c \ t1_lib.c s23_srvr.c s2_srvr.c s3_pkt.c ssl_err.c \ - t1_meth.c + t1_meth.c \ + d1_both.c d1_clnt.c d1_enc.c d1_lib.c d1_meth.c d1_pkt.c d1_srvr.c -HDRS= ssl.h ssl2.h ssl3.h ssl23.h tls1.h kssl.h +HDRS= ssl.h ssl2.h ssl3.h ssl23.h tls1.h kssl.h dtls1.h .PATH: ${LSSL_SRC} diff --git a/src/lib/libssl/ssl/shlib_version b/src/lib/libssl/ssl/shlib_version index f461c53390..56246d02b2 100644 --- a/src/lib/libssl/ssl/shlib_version +++ b/src/lib/libssl/ssl/shlib_version @@ -1,2 +1,2 @@ -major=11 +major=12 minor=0 -- cgit v1.2.3-55-g6feb