diff options
author | Damien Miller <djm@cvs.openbsd.org> | 2009-01-09 12:15:53 +0000 |
---|---|---|
committer | Damien Miller <djm@cvs.openbsd.org> | 2009-01-09 12:15:53 +0000 |
commit | dce87c3df485b76381c894f941c7702ab965c736 (patch) | |
tree | 390c8fe50e6d4d4b30a4137570147af11c25a1d3 /lib/libssl | |
parent | 72839826fa7e1370f576458da225801fb528e817 (diff) |
resolve conflicts
Diffstat (limited to 'lib/libssl')
292 files changed, 6514 insertions, 4673 deletions
diff --git a/lib/libssl/src/CHANGES b/lib/libssl/src/CHANGES index 72cc168f6a5..c888c56c263 100644 --- a/lib/libssl/src/CHANGES +++ b/lib/libssl/src/CHANGES @@ -2,6 +2,48 @@ OpenSSL CHANGES _______________ + Changes between 0.9.8i and 0.9.8j [07 Jan 2009] + + *) Properly check EVP_VerifyFinal() and similar return values + (CVE-2008-5077). + [Ben Laurie, Bodo Moeller, Google Security Team] + + *) Properly check EVP_VerifyFinal() and similar return values + (CVE-2008-5077). + [Ben Laurie, Bodo Moeller, Google Security Team] + + *) Enable TLS extensions by default. + [Ben Laurie] + + *) Allow the CHIL engine to be loaded, whether the application is + multithreaded or not. (This does not release the developer from the + obligation to set up the dynamic locking callbacks.) + [Sander Temme <sander@temme.net>] + + *) Use correct exit code if there is an error in dgst command. + [Steve Henson; problem pointed out by Roland Dirlewanger] + + *) Tweak Configure so that you need to say "experimental-jpake" to enable + JPAKE, and need to use -DOPENSSL_EXPERIMENTAL_JPAKE in applications. + [Bodo Moeller] + + *) Add experimental JPAKE support, including demo authentication in + s_client and s_server. + [Ben Laurie] + + *) Set the comparison function in v3_addr_canonize(). + [Rob Austein <sra@hactrn.net>] + + *) Add support for XMPP STARTTLS in s_client. + [Philip Paeps <philip@freebsd.org>] + + *) Change the server-side SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG behavior + to ensure that even with this option, only ciphersuites in the + server's preference list will be accepted. (Note that the option + applies only when resuming a session, so the earlier behavior was + just about the algorithm choice for symmetric cryptography.) + [Bodo Moeller] + Changes between 0.9.8h and 0.9.8i [15 Sep 2008] *) Fix a state transitition in s3_srvr.c and d1_srvr.c @@ -34,6 +76,10 @@ [Neel Mehta, Bodo Moeller] + *) Allow engines to be "soft loaded" - i.e. optionally don't die if + the load fails. Useful for distros. + [Ben Laurie and the FreeBSD team] + *) Add support for Local Machine Keyset attribute in PKCS#12 files. [Steve Henson] @@ -52,9 +98,11 @@ This work was sponsored by Logica. [Steve Henson] - *) Allow engines to be "soft loaded" - i.e. optionally don't die if - the load fails. Useful for distros. - [Ben Laurie and the FreeBSD team] + *) Fix bug in X509_ATTRIBUTE creation: dont set attribute using + ASN1_TYPE_set1 if MBSTRING flag set. This bug would crash certain + attribute creation routines such as certifcate requests and PKCS#12 + files. + [Steve Henson] Changes between 0.9.8g and 0.9.8h [28 May 2008] diff --git a/lib/libssl/src/Configure b/lib/libssl/src/Configure index f24d738febc..09b58f21137 100644 --- a/lib/libssl/src/Configure +++ b/lib/libssl/src/Configure @@ -6,11 +6,13 @@ eval 'exec perl -S $0 ${1+"$@"}' ## require 5.000; -use strict; +eval 'use strict;'; + +print STDERR "Warning: perl module strict not found.\n" if ($@); # see INSTALL for instructions. -my $usage="Usage: Configure [no-<cipher> ...] [enable-<cipher> ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [no-hw-xxx|no-hw] [[no-]threads] [[no-]shared] [[no-]zlib|zlib-dynamic] [enable-montasm] [no-asm] [no-dso] [no-krb5] [386] [--prefix=DIR] [--openssldir=OPENSSLDIR] [--with-xxx[=vvv]] [--test-sanity] os/compiler[:flags]\n"; +my $usage="Usage: Configure [no-<cipher> ...] [enable-<cipher> ...] [experimental-<cipher> ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [no-hw-xxx|no-hw] [[no-]threads] [[no-]shared] [[no-]zlib|zlib-dynamic] [enable-montasm] [no-asm] [no-dso] [no-krb5] [386] [--prefix=DIR] [--openssldir=OPENSSLDIR] [--with-xxx[=vvv]] [--test-sanity] os/compiler[:flags]\n"; # Options: # @@ -155,9 +157,9 @@ my %table=( "debug-ben-debug", "gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -g3 -O2 -pedantic -Wall -Wshadow -Werror -pipe::(unknown)::::::", "debug-ben-strict", "gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DCONST_STRICT -O2 -Wall -Wshadow -Werror -Wpointer-arith -Wcast-qual -Wwrite-strings -pipe::(unknown)::::::", "debug-rse","cc:-DTERMIOS -DL_ENDIAN -pipe -O -g -ggdb3 -Wall::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}", -"debug-bodo", "gcc:-DL_ENDIAN -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBIO_PAIR_DEBUG -DPEDANTIC -g -march=i486 -pedantic -Wshadow -Wall::-D_REENTRANT:::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}", +"debug-bodo", "gcc:-DL_ENDIAN -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBIO_PAIR_DEBUG -DPEDANTIC -g -march=i486 -pedantic -Wshadow -Wall -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -Wundef -Wconversion -pipe::-D_REENTRANT:::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}", "debug-ulf", "gcc:-DTERMIOS -DL_ENDIAN -march=i486 -Wall -DBN_DEBUG -DBN_DEBUG_RAND -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -g -Wformat -Wshadow -Wmissing-prototypes -Wmissing-declarations:::CYGWIN32:::${no_asm}:win32:cygwin-shared:::.dll", -"debug-steve64", "gcc:-m64 -DL_ENDIAN -DTERMIO -DREF_CHECK -DCONF_DEBUG -DDEBUG_SAFESTACK -DCRYPTO_MDEBUG_ALL -DPEDANTIC -DOPENSSL_NO_DEPRECATED -g -pedantic -Wall -Werror -Wno-long-long -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK BF_PTR2 DES_INT DES_UNROLL:${x86_64_asm}:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"debug-steve64", "gcc:-m64 -DL_ENDIAN -DTERMIO -DREF_CHECK -DCONF_DEBUG -DDEBUG_SAFESTACK -DCRYPTO_MDEBUG_ALL -DPEDANTIC -DOPENSSL_NO_DEPRECATED -g -pedantic -Wall -Werror -Wno-long-long -Wsign-compare -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK BF_PTR2 DES_INT DES_UNROLL:${x86_64_asm}:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", "debug-steve32", "gcc:-m32 -DL_ENDIAN -DREF_CHECK -DCONF_DEBUG -DDEBUG_SAFESTACK -DCRYPTO_MDEBUG_ALL -DPEDANTIC -DOPENSSL_NO_DEPRECATED -g -pedantic -Wno-long-long -Wall -Werror -Wshadow -pipe::-D_REENTRANT::-rdynamic -ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC:-m32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", "debug-steve", "gcc:-DL_ENDIAN -DREF_CHECK -DCONF_DEBUG -DDEBUG_SAFESTACK -DCRYPTO_MDEBUG_ALL -DPEDANTIC -m32 -g -pedantic -Wno-long-long -Wall -Werror -Wshadow -pipe::-D_REENTRANT::-rdynamic -ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared", "debug-steve-opt", "gcc:-DL_ENDIAN -DREF_CHECK -DCONF_DEBUG -DDEBUG_SAFESTACK -DCRYPTO_MDEBUG_ALL -DPEDANTIC -m32 -O3 -g -pedantic -Wno-long-long -Wall -Werror -Wshadow -pipe::-D_REENTRANT::-rdynamic -ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared", @@ -577,6 +579,11 @@ my $prefix=""; my $openssldir=""; my $exe_ext=""; my $install_prefix=""; +my $fipslibdir="/usr/local/ssl/fips-1.0/lib/"; +my $nofipscanistercheck=0; +my $fipsdso=0; +my $fipscanisterinternal="n"; +my $baseaddr="0xFB00000"; my $no_threads=0; my $threads=0; my $no_shared=0; # but "no-shared" is default @@ -600,6 +607,7 @@ my $rc2 ="crypto/rc2/rc2.h"; my $bf ="crypto/bf/bf_locl.h"; my $bn_asm ="bn_asm.o"; my $des_enc="des_enc.o fcrypt_b.o"; +my $fips_des_enc="fips_des_enc.o"; my $aes_enc="aes_core.o aes_cbc.o"; my $bf_enc ="bf_enc.o"; my $cast_enc="c_enc.o"; @@ -611,32 +619,40 @@ my $rmd160_obj=""; my $processor=""; my $default_ranlib; my $perl; +my $fips=0; # All of the following is disabled by default (RC5 was enabled before 0.9.8): -my %disabled = ( # "what" => "comment" +my %disabled = ( # "what" => "comment" [or special keyword "experimental"] "camellia" => "default", "capieng" => "default", "cms" => "default", "gmp" => "default", + "jpake" => "experimental", "mdc2" => "default", "montasm" => "default", # explicit option in 0.9.8 only (implicitly enabled in 0.9.9) "rc5" => "default", "rfc3779" => "default", "seed" => "default", "shared" => "default", - "tlsext" => "default", "zlib" => "default", "zlib-dynamic" => "default" ); +my @experimental = (); + +# This is what $depflags will look like with the above defaults +# (we need this to see if we should advise the user to run "make depend"): +my $default_depflags = " -DOPENSSL_NO_CAMELLIA -DOPENSSL_NO_CAPIENG -DOPENSSL_NO_CMS -DOPENSSL_NO_GMP -DOPENSSL_NO_JPAKE -DOPENSSL_NO_MDC2 -DOPENSSL_NO_RC5 -DOPENSSL_NO_RFC3779 -DOPENSSL_NO_SEED"; -# Additional "no-..." options will be collected in %disabled. -# To remove something from %disabled, use e.g. "enable-rc5". -# For symmetry, "disable-..." is a synonym for "no-...". -# This is what $depflags will look like with the above default: -my $default_depflags = "-DOPENSSL_NO_CAMELLIA -DOPENSSL_NO_CAPIENG -DOPENSSL_NO_CMS -DOPENSSL_NO_GMP -DOPENSSL_NO_MDC2 -DOPENSSL_NO_RC5 -DOPENSSL_NO_RFC3779 -DOPENSSL_NO_SEED -DOPENSSL_NO_TLSEXT "; +# Explicit "no-..." options will be collected in %disabled along with the defaults. +# To remove something from %disabled, use "enable-foo" (unless it's experimental). +# For symmetry, "disable-foo" is a synonym for "no-foo". + +# For features called "experimental" here, a more explicit "experimental-foo" is needed to enable. +# We will collect such requests in @experimental. +# To avoid accidental use of experimental features, applications will have to use -DOPENSSL_EXPERIMENTAL_FOO. my $no_sse2=0; @@ -645,6 +661,7 @@ my $no_sse2=0; my $flags; my $depflags; +my $openssl_experimental_defines; my $openssl_algorithm_defines; my $openssl_thread_defines; my $openssl_sys_defines=""; @@ -665,6 +682,7 @@ while($argv_unprocessed) { $flags=""; $depflags=""; + $openssl_experimental_defines=""; $openssl_algorithm_defines=""; $openssl_thread_defines=""; $openssl_sys_defines=""; @@ -690,25 +708,35 @@ PROCESS_ARGS: if (/^no-(.+)$/ || /^disable-(.+)$/) { - if ($1 eq "ssl") - { - $disabled{"ssl2"} = "option(ssl)"; - $disabled{"ssl3"} = "option(ssl)"; - } - elsif ($1 eq "tls") - { - $disabled{"tls1"} = "option(tls)" - } - else + if (!($disabled{$1} eq "experimental")) { - $disabled{$1} = "option"; + if ($1 eq "ssl") + { + $disabled{"ssl2"} = "option(ssl)"; + $disabled{"ssl3"} = "option(ssl)"; + } + elsif ($1 eq "tls") + { + $disabled{"tls1"} = "option(tls)" + } + else + { + $disabled{$1} = "option"; + } } } - elsif (/^enable-(.+)$/) + elsif (/^enable-(.+)$/ || /^experimental-(.+)$/) { - delete $disabled{$1}; + my $algo = $1; + if ($disabled{$algo} eq "experimental") + { + die "You are requesting an experimental feature; please say 'experimental-$algo' if you are sure\n" + unless (/^experimental-/); + push @experimental, $algo; + } + delete $disabled{$algo}; - $threads = 1 if ($1 eq "threads"); + $threads = 1 if ($algo eq "threads"); } elsif (/^--test-sanity$/) { @@ -739,12 +767,36 @@ PROCESS_ARGS: } elsif (/^386$/) { $processor=386; } + elsif (/^fips$/) + { + $fips=1; + } elsif (/^rsaref$/) { # No RSAref support any more since it's not needed. # The check for the option is there so scripts aren't # broken } + elsif (/^nofipscanistercheck$/) + { + $fips = 1; + $nofipscanistercheck = 1; + } + elsif (/^fipscanisterbuild$/) + { + $fips = 1; + $nofipscanistercheck = 1; + $fipslibdir=""; + $fipscanisterinternal="y"; + } + elsif (/^fipsdso$/) + { + $fips = 1; + $nofipscanistercheck = 1; + $fipslibdir=""; + $fipscanisterinternal="y"; + $fipsdso = 1; + } elsif (/^[-+]/) { if (/^-[lL](.*)$/) @@ -779,6 +831,14 @@ PROCESS_ARGS: { $withargs{"zlib-include"}="-I$1"; } + elsif (/^--with-fipslibdir=(.*)$/) + { + $fipslibdir="$1/"; + } + elsif (/^--with-baseaddr=(.*)$/) + { + $baseaddr="$1"; + } else { print STDERR $usage; @@ -886,6 +946,50 @@ print "Configuring for $target\n"; &usage if (!defined($table{$target})); +my @fields = split(/\s*:\s*/,$table{$target} . ":" x 30 , -1); +my $cc = $fields[$idx_cc]; +my $cflags = $fields[$idx_cflags]; +my $unistd = $fields[$idx_unistd]; +my $thread_cflag = $fields[$idx_thread_cflag]; +my $sys_id = $fields[$idx_sys_id]; +my $lflags = $fields[$idx_lflags]; +my $bn_ops = $fields[$idx_bn_ops]; +my $cpuid_obj = $fields[$idx_cpuid_obj]; +my $bn_obj = $fields[$idx_bn_obj]; +my $des_obj = $fields[$idx_des_obj]; +my $aes_obj = $fields[$idx_aes_obj]; +my $bf_obj = $fields[$idx_bf_obj]; +my $md5_obj = $fields[$idx_md5_obj]; +my $sha1_obj = $fields[$idx_sha1_obj]; +my $cast_obj = $fields[$idx_cast_obj]; +my $rc4_obj = $fields[$idx_rc4_obj]; +my $rmd160_obj = $fields[$idx_rmd160_obj]; +my $rc5_obj = $fields[$idx_rc5_obj]; +my $dso_scheme = $fields[$idx_dso_scheme]; +my $shared_target = $fields[$idx_shared_target]; +my $shared_cflag = $fields[$idx_shared_cflag]; +my $shared_ldflag = $fields[$idx_shared_ldflag]; +my $shared_extension = $fields[$idx_shared_extension]; +my $ranlib = $fields[$idx_ranlib]; +my $arflags = $fields[$idx_arflags]; + +if ($fips) + { + delete $disabled{"shared"} if ($disabled{"shared"} eq "default"); + $disabled{"asm"}="forced" + if ($target !~ "VC\-.*" && + "$cpuid_obj:$bn_obj:$aes_obj:$des_obj:$sha1_obj" eq "::::"); + } + +foreach (sort @experimental) + { + my $ALGO; + ($ALGO = $_) =~ tr/[a-z]/[A-Z]/; + + # opensslconf.h will set OPENSSL_NO_... unless OPENSSL_EXPERIMENTAL_... is defined + $openssl_experimental_defines .= "#define OPENSSL_NO_$ALGO\n"; + $cflags .= " -DOPENSSL_EXPERIMENTAL_$ALGO"; + } foreach (sort (keys %disabled)) { @@ -936,7 +1040,7 @@ foreach (sort (keys %disabled)) push @skip, $algo; print " (skip dir)"; - $depflags .="-DOPENSSL_NO_$ALGO "; + $depflags .= " -DOPENSSL_NO_$ALGO"; } } } @@ -949,10 +1053,22 @@ my $IsMK1MF=scalar grep /^$target$/,@MK1MF_Builds; $IsMK1MF=1 if ($target eq "mingw" && $^O ne "cygwin" && !is_msys()); +$no_shared = 0 if ($fipsdso && !$IsMK1MF); + $exe_ext=".exe" if ($target eq "Cygwin" || $target eq "DJGPP" || $target eq "mingw"); $exe_ext=".nlm" if ($target =~ /netware/); $exe_ext=".pm" if ($target =~ /vos/); -$openssldir="/usr/local/ssl" if ($openssldir eq "" and $prefix eq ""); +if ($openssldir eq "" and $prefix eq "") + { + if ($fips) + { + $openssldir="/usr/local/ssl/fips"; + } + else + { + $openssldir="/usr/local/ssl"; + } + } $prefix=$openssldir if $prefix eq ""; $default_ranlib= &which("ranlib") or $default_ranlib="true"; @@ -960,7 +1076,7 @@ $perl=$ENV{'PERL'} or $perl=&which("perl5") or $perl=&which("perl") or $perl="perl"; chop $openssldir if $openssldir =~ /\/$/; -chop $prefix if $prefix =~ /\/$/; +chop $prefix if $prefix =~ /.\/$/; $openssldir=$prefix . "/ssl" if $openssldir eq ""; $openssldir=$prefix . "/" . $openssldir if $openssldir !~ /(^\/|^[a-zA-Z]:[\\\/])/; @@ -968,33 +1084,6 @@ $openssldir=$prefix . "/" . $openssldir if $openssldir !~ /(^\/|^[a-zA-Z]:[\\\/] print "IsMK1MF=$IsMK1MF\n"; -my @fields = split(/\s*:\s*/,$table{$target} . ":" x 30 , -1); -my $cc = $fields[$idx_cc]; -my $cflags = $fields[$idx_cflags]; -my $unistd = $fields[$idx_unistd]; -my $thread_cflag = $fields[$idx_thread_cflag]; -my $sys_id = $fields[$idx_sys_id]; -my $lflags = $fields[$idx_lflags]; -my $bn_ops = $fields[$idx_bn_ops]; -my $cpuid_obj = $fields[$idx_cpuid_obj]; -my $bn_obj = $fields[$idx_bn_obj]; -my $des_obj = $fields[$idx_des_obj]; -my $aes_obj = $fields[$idx_aes_obj]; -my $bf_obj = $fields[$idx_bf_obj]; -my $md5_obj = $fields[$idx_md5_obj]; -my $sha1_obj = $fields[$idx_sha1_obj]; -my $cast_obj = $fields[$idx_cast_obj]; -my $rc4_obj = $fields[$idx_rc4_obj]; -my $rmd160_obj = $fields[$idx_rmd160_obj]; -my $rc5_obj = $fields[$idx_rc5_obj]; -my $dso_scheme = $fields[$idx_dso_scheme]; -my $shared_target = $fields[$idx_shared_target]; -my $shared_cflag = $fields[$idx_shared_cflag]; -my $shared_ldflag = $fields[$idx_shared_ldflag]; -my $shared_extension = $fields[$idx_shared_extension]; -my $ranlib = $fields[$idx_ranlib]; -my $arflags = $fields[$idx_arflags]; - # '%' in $lflags is used to split flags to "pre-" and post-flags my ($prelflags,$postlflags)=split('%',$lflags); if (defined($postlflags)) { $lflags=$postlflags; } @@ -1128,6 +1217,8 @@ if ($no_asm) { $cpuid_obj=$bn_obj=$des_obj=$aes_obj=$bf_obj=$cast_obj=$rc4_obj=$rc5_obj=""; $sha1_obj=$md5_obj=$rmd160_obj=""; + $cflags=~s/\-D[BL]_ENDIAN// if ($fips); + $thread_cflags=~s/\-D[BL]_ENDIAN// if ($fips); } if ($montasm) { @@ -1166,7 +1257,7 @@ if ($zlib) my $shared_mark = ""; if ($shared_target eq "") { - $no_shared_warn = 1 if !$no_shared; + $no_shared_warn = 1 if !$no_shared && !$fips; $no_shared = 1; } if (!$no_shared) @@ -1255,8 +1346,14 @@ $bn_obj = $bn_asm unless $bn_obj ne ""; # bn86* is the only one implementing bn_*_part_words $cflags.=" -DOPENSSL_BN_ASM_PART_WORDS" if ($bn_obj =~ /bn86/); $cflags.=" -DOPENSSL_IA32_SSE2" if (!$no_sse2 && $bn_obj =~ /bn86/); + $cflags.=" -DOPENSSL_BN_ASM_MONT" if ($bn_obj =~ /\-mont|mo86\-/); +if ($fips) + { + $openssl_other_defines.="#define OPENSSL_FIPS\n"; + } + $des_obj=$des_enc unless ($des_obj =~ /\.o$/); $bf_obj=$bf_enc unless ($bf_obj =~ /\.o$/); $cast_obj=$cast_enc unless ($cast_obj =~ /\.o$/); @@ -1341,7 +1438,8 @@ while (<IN>) if ($sdirs) { my $dir; foreach $dir (@skip) { - s/([ ])$dir /\1/; + s/(\s)$dir\s/$1/; + s/\s$dir$//; } } $sdirs = 0 unless /\\$/; @@ -1362,7 +1460,7 @@ while (<IN>) s/^CC=.*$/CC= $cc/; s/^MAKEDEPPROG=.*$/MAKEDEPPROG= $cc/ if $cc eq "gcc"; s/^CFLAG=.*$/CFLAG= $cflags/; - s/^DEPFLAG=.*$/DEPFLAG= $depflags/; + s/^DEPFLAG=.*$/DEPFLAG=$depflags/; s/^PEX_LIBS=.*$/PEX_LIBS= $prelflags/; s/^EX_LIBS=.*$/EX_LIBS= $lflags/; s/^EXE_EXT=.*$/EXE_EXT= $exe_ext/; @@ -1385,9 +1483,24 @@ while (<IN>) s/^LIBKRB5=.*/LIBKRB5=$withargs{"krb5-lib"}/; s/^LIBZLIB=.*/LIBZLIB=$withargs{"zlib-lib"}/; s/^ZLIB_INCLUDE=.*/ZLIB_INCLUDE=$withargs{"zlib-include"}/; + s/^FIPSLIBDIR=.*/FIPSLIBDIR=$fipslibdir/; + if ($fipsdso) + { + s/^FIPSCANLIB=.*/FIPSCANLIB=libfips/; + s/^SHARED_FIPS=.*/SHARED_FIPS=libfips\$(SHLIB_EXT)/; + s/^SHLIBDIRS=.*/SHLIBDIRS= crypto ssl fips/; + } + else + { + s/^FIPSCANLIB=.*/FIPSCANLIB=libcrypto/ if $fips; + s/^SHARED_FIPS=.*/SHARED_FIPS=/; + s/^SHLIBDIRS=.*/SHLIBDIRS= crypto ssl/; + } + s/^FIPSCANISTERINTERNAL=.*/FIPSCANISTERINTERNAL=$fipscanisterinternal/; + s/^BASEADDR=.*/BASEADDR=$baseaddr/; s/^SHLIB_TARGET=.*/SHLIB_TARGET=$shared_target/; s/^SHLIB_MARK=.*/SHLIB_MARK=$shared_mark/; - s/^SHARED_LIBS=.*/SHARED_LIBS=\$(SHARED_CRYPTO) \$(SHARED_SSL)/ if (!$no_shared); + s/^SHARED_LIBS=.*/SHARED_LIBS=\$(SHARED_FIPS) \$(SHARED_CRYPTO) \$(SHARED_SSL)/ if (!$no_shared); if ($shared_extension ne "" && $shared_extension =~ /^\.s([ol])\.[^\.]*$/) { my $sotmp = $1; @@ -1491,6 +1604,7 @@ print OUT "/* WARNING: Generated automatically from opensslconf.h.in by Configur print OUT "/* OpenSSL was configured with the following options: */\n"; my $openssl_algorithm_defines_trans = $openssl_algorithm_defines; +$openssl_experimental_defines =~ s/^\s*#\s*define\s+OPENSSL_NO_(.*)/#ifndef OPENSSL_EXPERIMENTAL_$1\n# ifndef OPENSSL_NO_$1\n# define OPENSSL_NO_$1\n# endif\n#endif/mg; $openssl_algorithm_defines_trans =~ s/^\s*#\s*define\s+OPENSSL_(.*)/# if defined(OPENSSL_$1) \&\& !defined($1)\n# define $1\n# endif/mg; $openssl_algorithm_defines =~ s/^\s*#\s*define\s+(.*)/#ifndef $1\n# define $1\n#endif/mg; $openssl_algorithm_defines = " /* no ciphers excluded */\n" if $openssl_algorithm_defines eq ""; @@ -1499,8 +1613,10 @@ $openssl_sys_defines =~ s/^\s*#\s*define\s+(.*)/#ifndef $1\n# define $1\n#endif/ $openssl_other_defines =~ s/^\s*#\s*define\s+(.*)/#ifndef $1\n# define $1\n#endif/mg; print OUT $openssl_sys_defines; print OUT "#ifndef OPENSSL_DOING_MAKEDEPEND\n\n"; +print OUT $openssl_experimental_defines; +print OUT "\n"; print OUT $openssl_algorithm_defines; -print OUT "\n#endif /* OPENSSL_DOING_MAKEDEPEND */\n"; +print OUT "\n#endif /* OPENSSL_DOING_MAKEDEPEND */\n\n"; print OUT $openssl_thread_defines; print OUT $openssl_other_defines,"\n"; @@ -1682,9 +1798,16 @@ BEGIN BEGIN BLOCK "040904b0" BEGIN +#if defined(FIPS) + VALUE "Comments", "WARNING: TEST VERSION ONLY ***NOT*** FIPS 140-2 VALIDATED.\\0" +#endif // Required: VALUE "CompanyName", "The OpenSSL Project, http://www.openssl.org/\\0" +#if defined(FIPS) + VALUE "FileDescription", "TEST UNVALIDATED FIPS140-2 DLL\\0" +#else VALUE "FileDescription", "OpenSSL Shared Library\\0" +#endif VALUE "FileVersion", "$version\\0" #if defined(CRYPTO) VALUE "InternalName", "libeay32\\0" @@ -1692,12 +1815,15 @@ BEGIN #elif defined(SSL) VALUE "InternalName", "ssleay32\\0" VALUE "OriginalFilename", "ssleay32.dll\\0" +#elif defined(FIPS) + VALUE "InternalName", "libosslfips\\0" + VALUE "OriginalFilename", "libosslfips.dll\\0" #endif VALUE "ProductName", "The OpenSSL Toolkit\\0" VALUE "ProductVersion", "$version\\0" // Optional: //VALUE "Comments", "\\0" - VALUE "LegalCopyright", "Copyright © 1998-2005 The OpenSSL Project. Copyright © 1995-1998 Eric A. Young, Tim J. Hudson. All rights reserved.\\0" + VALUE "LegalCopyright", "Copyright © 1998-2007 The OpenSSL Project. Copyright © 1995-1998 Eric A. Young, Tim J. Hudson. All rights reserved.\\0" //VALUE "LegalTrademarks", "\\0" //VALUE "PrivateBuild", "\\0" //VALUE "SpecialBuild", "\\0" @@ -1734,6 +1860,21 @@ libraries on this platform, they will at least look at it and try their best (but please first make sure you have tried with a current version of OpenSSL). EOF +print <<\EOF if ($fipscanisterinternal eq "y"); + +WARNING: OpenSSL has been configured using unsupported option(s) to internally +generate a fipscanister.o object module for TESTING PURPOSES ONLY; that +compiled module is NOT FIPS 140-2 validated and CANNOT be used to replace the +OpenSSL FIPS Object Module as identified by the CMVP +(http://csrc.nist.gov/cryptval/) in any application requiring the use of FIPS +140-2 validated software. + +This is an OpenSSL 0.9.8 test version. + +See the file README.FIPS for details of how to build a test library. + +EOF + exit(0); sub usage diff --git a/lib/libssl/src/FAQ b/lib/libssl/src/FAQ index 1b14ffe9a46..ce71246fb82 100644 --- a/lib/libssl/src/FAQ +++ b/lib/libssl/src/FAQ @@ -78,7 +78,7 @@ OpenSSL - Frequently Asked Questions * Which is the current version of OpenSSL? The current version is available from <URL: http://www.openssl.org>. -OpenSSL 0.9.8i was released on Sep 15th, 2008. +OpenSSL 0.9.8j was released on Jan 7th, 2009. In addition to the current stable release, you can also access daily snapshots of the OpenSSL development version at <URL: diff --git a/lib/libssl/src/Makefile b/lib/libssl/src/Makefile index 43b1d9796aa..fe0fe168430 100644 --- a/lib/libssl/src/Makefile +++ b/lib/libssl/src/Makefile @@ -4,7 +4,7 @@ ## Makefile for OpenSSL ## -VERSION=0.9.8i +VERSION=0.9.8j MAJOR=0 MINOR=9.8 SHLIB_VERSION_NUMBER=0.9.8 @@ -13,7 +13,7 @@ SHLIB_MAJOR=0 SHLIB_MINOR=9.8 SHLIB_EXT= PLATFORM=dist -OPTIONS= no-camellia no-capieng no-cms no-gmp no-krb5 no-mdc2 no-montasm no-rc5 no-rfc3779 no-seed no-shared no-tlsext no-zlib no-zlib-dynamic +OPTIONS= no-camellia no-capieng no-cms no-gmp no-jpake no-krb5 no-mdc2 no-montasm no-rc5 no-rfc3779 no-seed no-shared no-zlib no-zlib-dynamic CONFIGURE_ARGS=dist SHLIB_TARGET= @@ -61,12 +61,13 @@ OPENSSLDIR=/usr/local/ssl CC= cc CFLAG= -O -DEPFLAG= -DOPENSSL_NO_CAMELLIA -DOPENSSL_NO_CAPIENG -DOPENSSL_NO_CMS -DOPENSSL_NO_GMP -DOPENSSL_NO_MDC2 -DOPENSSL_NO_RC5 -DOPENSSL_NO_RFC3779 -DOPENSSL_NO_SEED -DOPENSSL_NO_TLSEXT +DEPFLAG= -DOPENSSL_NO_CAMELLIA -DOPENSSL_NO_CAPIENG -DOPENSSL_NO_CMS -DOPENSSL_NO_GMP -DOPENSSL_NO_JPAKE -DOPENSSL_NO_MDC2 -DOPENSSL_NO_RC5 -DOPENSSL_NO_RFC3779 -DOPENSSL_NO_SEED PEX_LIBS= EX_LIBS= EXE_EXT= ARFLAGS= AR=ar $(ARFLAGS) r +ARD=ar $(ARFLAGS) d RANLIB= /usr/bin/ranlib PERL= /usr/bin/perl TAR= tar @@ -106,7 +107,33 @@ LIBKRB5= ZLIB_INCLUDE= LIBZLIB= -DIRS= crypto ssl engines apps test tools +# This is the location of fipscanister.o and friends. +# The FIPS module build will place it $(INSTALLTOP)/lib +# but since $(INSTALLTOP) can only take the default value +# when the module is built it will be in /usr/local/ssl/lib +# $(INSTALLTOP) for this build make be different so hard +# code the path. + +FIPSLIBDIR=/usr/local/ssl/fips-1.0/lib/ + +# This is set to "y" if fipscanister.o is compiled internally as +# opposed to coming from an external validated location. + +FIPSCANISTERINTERNAL=n + +# The location of the library which contains fipscanister.o +# normally it will be libcrypto unless fipsdso is set in which +# case it will be libfips. If not compiling in FIPS mode at all +# this is empty making it a useful test for a FIPS compile. + +FIPSCANLIB= + +# Shared library base address. Currently only used on Windows. +# + +BASEADDR=0xFB00000 + +DIRS= crypto fips ssl engines apps test tools SHLIBDIRS= crypto ssl # dirs in crypto to build @@ -140,6 +167,7 @@ WDIRS= windows LIBS= libcrypto.a libssl.a SHARED_CRYPTO=libcrypto$(SHLIB_EXT) SHARED_SSL=libssl$(SHLIB_EXT) +SHARED_FIPS= SHARED_LIBS= SHARED_LIBS_LINK_EXTS= SHARED_LDFLAGS= @@ -193,6 +221,10 @@ BUILDENV= PLATFORM='${PLATFORM}' PROCESSOR='${PROCESSOR}' \ SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' \ MD5_ASM_OBJ='${MD5_ASM_OBJ}' \ RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' \ + FIPSLIBDIR='${FIPSLIBDIR}' \ + FIPSCANLIB="$${FIPSCANLIB:-$(FIPSCANLIB)}" \ + FIPSCANISTERINTERNAL='${FIPSCANISTERINTERNAL}' \ + FIPS_EX_OBJ='${FIPS_EX_OBJ}' \ THIS=$${THIS:-$@} MAKEFILE=Makefile MAKEOVERRIDES= # MAKEOVERRIDES= effectively "equalizes" GNU-ish and SysV-ish make flavors, # which in turn eliminates ambiguities in variable treatment with -e. @@ -211,7 +243,8 @@ BUILDENV= PLATFORM='${PLATFORM}' PROCESSOR='${PROCESSOR}' \ # subdirectories defined in $(DIRS). It requires that the target # is given through the shell variable `target'. BUILD_CMD= if [ -d "$$dir" ]; then \ - ( cd $$dir && echo "making $$target in $$dir..." && \ + ( [ $$target != all -a -z "$(FIPSCANLIB)" ] && FIPSCANLIB=/dev/null; \ + cd $$dir && echo "making $$target in $$dir..." && \ $(CLEARENV) && $(MAKE) -e $(BUILDENV) TOP=.. DIR=$$dir $$target \ ) || exit 1; \ fi @@ -224,13 +257,84 @@ BUILD_ONE_CMD=\ reflect: @[ -n "$(THIS)" ] && $(CLEARENV) && $(MAKE) $(THIS) -e $(BUILDENV) +FIPS_EX_OBJ= ../crypto/aes/aes_cfb.o \ + ../crypto/aes/aes_ecb.o \ + ../crypto/aes/aes_ofb.o \ + ../crypto/bn/bn_add.o \ + ../crypto/bn/bn_blind.o \ + ../crypto/bn/bn_ctx.o \ + ../crypto/bn/bn_div.o \ + ../crypto/bn/bn_exp2.o \ + ../crypto/bn/bn_exp.o \ + ../crypto/bn/bn_gcd.o \ + ../crypto/bn/bn_lib.o \ + ../crypto/bn/bn_mod.o \ + ../crypto/bn/bn_mont.o \ + ../crypto/bn/bn_mul.o \ + ../crypto/bn/bn_prime.o \ + ../crypto/bn/bn_rand.o \ + ../crypto/bn/bn_recp.o \ + ../crypto/bn/bn_shift.o \ + ../crypto/bn/bn_sqr.o \ + ../crypto/bn/bn_word.o \ + ../crypto/bn/bn_x931p.o \ + ../crypto/buffer/buf_str.o \ + ../crypto/cryptlib.o \ + ../crypto/des/cfb64ede.o \ + ../crypto/des/cfb64enc.o \ + ../crypto/des/cfb_enc.o \ + ../crypto/des/ecb3_enc.o \ + ../crypto/des/ecb_enc.o \ + ../crypto/des/ofb64ede.o \ + ../crypto/des/ofb64enc.o \ + ../crypto/des/fcrypt.o \ + ../crypto/des/set_key.o \ + ../crypto/dsa/dsa_utl.o \ + ../crypto/dsa/dsa_sign.o \ + ../crypto/dsa/dsa_vrf.o \ + ../crypto/err/err.o \ + ../crypto/evp/digest.o \ + ../crypto/evp/enc_min.o \ + ../crypto/evp/e_aes.o \ + ../crypto/evp/e_des3.o \ + ../crypto/evp/p_sign.o \ + ../crypto/evp/p_verify.o \ + ../crypto/mem_clr.o \ + ../crypto/mem.o \ + ../crypto/rand/md_rand.o \ + ../crypto/rand/rand_egd.o \ + ../crypto/rand/randfile.o \ + ../crypto/rand/rand_lib.o \ + ../crypto/rand/rand_os2.o \ + ../crypto/rand/rand_unix.o \ + ../crypto/rand/rand_win.o \ + ../crypto/rsa/rsa_lib.o \ + ../crypto/rsa/rsa_none.o \ + ../crypto/rsa/rsa_oaep.o \ + ../crypto/rsa/rsa_pk1.o \ + ../crypto/rsa/rsa_pss.o \ + ../crypto/rsa/rsa_ssl.o \ + ../crypto/rsa/rsa_x931.o \ + ../crypto/sha/sha1dgst.o \ + ../crypto/sha/sha256.o \ + ../crypto/sha/sha512.o \ + ../crypto/uid.o + sub_all: build_all build_all: build_libs build_apps build_tests build_tools -build_libs: build_crypto build_ssl build_engines +build_libs: build_crypto build_fips build_ssl build_shared build_engines build_crypto: - @dir=crypto; target=all; $(BUILD_ONE_CMD) + if [ -n "$(FIPSCANLIB)" ]; then \ + EXCL_OBJ='$(AES_ASM_OBJ) $(BN_ASM) $(DES_ENC) $(CPUID_OBJ) $(SHA1_ASM_OBJ) $(FIPS_EX_OBJ)' ; export EXCL_OBJ ; \ + ARX='$(PERL) $${TOP}/util/arx.pl $(AR)' ; \ + else \ + ARX='${AR}' ; \ + fi ; export ARX ; \ + dir=crypto; target=all; $(BUILD_ONE_CMD) +build_fips: + @dir=fips; target=all; [ -z "$(FIPSCANLIB)" ] || $(BUILD_ONE_CMD) build_ssl: @dir=ssl; target=all; $(BUILD_ONE_CMD) build_engines: @@ -246,9 +350,20 @@ all_testapps: build_libs build_testapps build_testapps: @dir=crypto; target=testapps; $(BUILD_ONE_CMD) -libcrypto$(SHLIB_EXT): libcrypto.a +build_shared: $(SHARED_LIBS) +libcrypto$(SHLIB_EXT): libcrypto.a $(SHARED_FIPS) @if [ "$(SHLIB_TARGET)" != "" ]; then \ - $(MAKE) SHLIBDIRS=crypto build-shared; \ + if [ "$(FIPSCANLIB)" = "libfips" ]; then \ + $(ARD) libcrypto.a fipscanister.o ; \ + $(MAKE) SHLIBDIRS='crypto' SHLIBDEPS='-lfips' build-shared; \ + $(AR) libcrypto.a fips/fipscanister.o ; \ + else \ + if [ "$(FIPSCANLIB)" = "libcrypto" ]; then \ + FIPSLD_CC=$(CC); CC=fips/fipsld; \ + export CC FIPSLD_CC; \ + fi; \ + $(MAKE) -e SHLIBDIRS='crypto' build-shared; \ + fi \ else \ echo "There's no support for shared libraries on this platform" >&2; \ exit 1; \ @@ -256,12 +371,32 @@ libcrypto$(SHLIB_EXT): libcrypto.a libssl$(SHLIB_EXT): libcrypto$(SHLIB_EXT) libssl.a @if [ "$(SHLIB_TARGET)" != "" ]; then \ - $(MAKE) SHLIBDIRS=ssl SHLIBDEPS='-lcrypto' build-shared; \ + shlibdeps=-lcrypto; \ + [ "$(FIPSCANLIB)" = "libfips" ] && shlibdeps="$$shlibdeps -lfips"; \ + $(MAKE) SHLIBDIRS=ssl SHLIBDEPS="$$shlibdeps" build-shared; \ + else \ + echo "There's no support for shared libraries on this platform" >&2 ; \ + exit 1; \ + fi + +fips/fipscanister.o: build_fips +libfips$(SHLIB_EXT): fips/fipscanister.o + @if [ "$(SHLIB_TARGET)" != "" ]; then \ + FIPSLD_CC=$(CC); CC=fips/fipsld; export CC FIPSLD_CC; \ + $(MAKE) -f Makefile.shared -e $(BUILDENV) \ + CC=$${CC} LIBNAME=fips THIS=$@ \ + LIBEXTRAS=fips/fipscanister.o \ + LIBDEPS="$(EX_LIBS)" \ + LIBVERSION=${SHLIB_MAJOR}.${SHLIB_MINOR} \ + link_o.$(SHLIB_TARGET) || { rm -f $@; exit 1; } \ else \ echo "There's no support for shared libraries on this platform" >&2; \ exit 1; \ fi +libfips.a: + dir=fips; target=all; $(BUILD_ONE_CMD) + clean-shared: @set -e; for i in $(SHLIBDIRS); do \ if [ -n "$(SHARED_LIBS_LINK_EXTS)" ]; then \ diff --git a/lib/libssl/src/Makefile.org b/lib/libssl/src/Makefile.org index 22b16992574..4be7dad7d67 100644 --- a/lib/libssl/src/Makefile.org +++ b/lib/libssl/src/Makefile.org @@ -65,6 +65,7 @@ EX_LIBS= EXE_EXT= ARFLAGS= AR=ar $(ARFLAGS) r +ARD=ar $(ARFLAGS) d RANLIB= ranlib PERL= perl TAR= tar @@ -104,8 +105,34 @@ LIBKRB5= ZLIB_INCLUDE= LIBZLIB= -DIRS= crypto ssl engines apps test tools -SHLIBDIRS= crypto ssl +# This is the location of fipscanister.o and friends. +# The FIPS module build will place it $(INSTALLTOP)/lib +# but since $(INSTALLTOP) can only take the default value +# when the module is built it will be in /usr/local/ssl/lib +# $(INSTALLTOP) for this build make be different so hard +# code the path. + +FIPSLIBDIR=/usr/local/ssl/lib/ + +# This is set to "y" if fipscanister.o is compiled internally as +# opposed to coming from an external validated location. + +FIPSCANISTERINTERNAL=n + +# The location of the library which contains fipscanister.o +# normally it will be libcrypto unless fipsdso is set in which +# case it will be libfips. If not compiling in FIPS mode at all +# this is empty making it a useful test for a FIPS compile. + +FIPSCANLIB= + +# Shared library base address. Currently only used on Windows. +# + +BASEADDR= + +DIRS= crypto fips ssl engines apps test tools +SHLIBDIRS= crypto ssl fips # dirs in crypto to build SDIRS= \ @@ -115,7 +142,7 @@ SDIRS= \ bn ec rsa dsa ecdsa dh ecdh dso engine \ buffer bio stack lhash rand err \ evp asn1 pem x509 x509v3 conf txt_db pkcs7 pkcs12 comp ocsp ui krb5 \ - store cms pqueue + store cms pqueue jpake # keep in mind that the above list is adjusted by ./Configure # according to no-xxx arguments... @@ -138,6 +165,7 @@ WDIRS= windows LIBS= libcrypto.a libssl.a SHARED_CRYPTO=libcrypto$(SHLIB_EXT) SHARED_SSL=libssl$(SHLIB_EXT) +SHARED_FIPS= SHARED_LIBS= SHARED_LIBS_LINK_EXTS= SHARED_LDFLAGS= @@ -191,6 +219,10 @@ BUILDENV= PLATFORM='${PLATFORM}' PROCESSOR='${PROCESSOR}' \ SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' \ MD5_ASM_OBJ='${MD5_ASM_OBJ}' \ RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' \ + FIPSLIBDIR='${FIPSLIBDIR}' \ + FIPSCANLIB="$${FIPSCANLIB:-$(FIPSCANLIB)}" \ + FIPSCANISTERINTERNAL='${FIPSCANISTERINTERNAL}' \ + FIPS_EX_OBJ='${FIPS_EX_OBJ}' \ THIS=$${THIS:-$@} MAKEFILE=Makefile MAKEOVERRIDES= # MAKEOVERRIDES= effectively "equalizes" GNU-ish and SysV-ish make flavors, # which in turn eliminates ambiguities in variable treatment with -e. @@ -209,7 +241,8 @@ BUILDENV= PLATFORM='${PLATFORM}' PROCESSOR='${PROCESSOR}' \ # subdirectories defined in $(DIRS). It requires that the target # is given through the shell variable `target'. BUILD_CMD= if [ -d "$$dir" ]; then \ - ( cd $$dir && echo "making $$target in $$dir..." && \ + ( [ $$target != all -a -z "$(FIPSCANLIB)" ] && FIPSCANLIB=/dev/null; \ + cd $$dir && echo "making $$target in $$dir..." && \ $(CLEARENV) && $(MAKE) -e $(BUILDENV) TOP=.. DIR=$$dir $$target \ ) || exit 1; \ fi @@ -222,13 +255,84 @@ BUILD_ONE_CMD=\ reflect: @[ -n "$(THIS)" ] && $(CLEARENV) && $(MAKE) $(THIS) -e $(BUILDENV) +FIPS_EX_OBJ= ../crypto/aes/aes_cfb.o \ + ../crypto/aes/aes_ecb.o \ + ../crypto/aes/aes_ofb.o \ + ../crypto/bn/bn_add.o \ + ../crypto/bn/bn_blind.o \ + ../crypto/bn/bn_ctx.o \ + ../crypto/bn/bn_div.o \ + ../crypto/bn/bn_exp2.o \ + ../crypto/bn/bn_exp.o \ + ../crypto/bn/bn_gcd.o \ + ../crypto/bn/bn_lib.o \ + ../crypto/bn/bn_mod.o \ + ../crypto/bn/bn_mont.o \ + ../crypto/bn/bn_mul.o \ + ../crypto/bn/bn_prime.o \ + ../crypto/bn/bn_rand.o \ + ../crypto/bn/bn_recp.o \ + ../crypto/bn/bn_shift.o \ + ../crypto/bn/bn_sqr.o \ + ../crypto/bn/bn_word.o \ + ../crypto/bn/bn_x931p.o \ + ../crypto/buffer/buf_str.o \ + ../crypto/cryptlib.o \ + ../crypto/des/cfb64ede.o \ + ../crypto/des/cfb64enc.o \ + ../crypto/des/cfb_enc.o \ + ../crypto/des/ecb3_enc.o \ + ../crypto/des/ecb_enc.o \ + ../crypto/des/ofb64ede.o \ + ../crypto/des/ofb64enc.o \ + ../crypto/des/fcrypt.o \ + ../crypto/des/set_key.o \ + ../crypto/dsa/dsa_utl.o \ + ../crypto/dsa/dsa_sign.o \ + ../crypto/dsa/dsa_vrf.o \ + ../crypto/err/err.o \ + ../crypto/evp/digest.o \ + ../crypto/evp/enc_min.o \ + ../crypto/evp/e_aes.o \ + ../crypto/evp/e_des3.o \ + ../crypto/evp/p_sign.o \ + ../crypto/evp/p_verify.o \ + ../crypto/mem_clr.o \ + ../crypto/mem.o \ + ../crypto/rand/md_rand.o \ + ../crypto/rand/rand_egd.o \ + ../crypto/rand/randfile.o \ + ../crypto/rand/rand_lib.o \ + ../crypto/rand/rand_os2.o \ + ../crypto/rand/rand_unix.o \ + ../crypto/rand/rand_win.o \ + ../crypto/rsa/rsa_lib.o \ + ../crypto/rsa/rsa_none.o \ + ../crypto/rsa/rsa_oaep.o \ + ../crypto/rsa/rsa_pk1.o \ + ../crypto/rsa/rsa_pss.o \ + ../crypto/rsa/rsa_ssl.o \ + ../crypto/rsa/rsa_x931.o \ + ../crypto/sha/sha1dgst.o \ + ../crypto/sha/sha256.o \ + ../crypto/sha/sha512.o \ + ../crypto/uid.o + sub_all: build_all build_all: build_libs build_apps build_tests build_tools -build_libs: build_crypto build_ssl build_engines +build_libs: build_crypto build_fips build_ssl build_shared build_engines build_crypto: - @dir=crypto; target=all; $(BUILD_ONE_CMD) + if [ -n "$(FIPSCANLIB)" ]; then \ + EXCL_OBJ='$(AES_ASM_OBJ) $(BN_ASM) $(DES_ENC) $(CPUID_OBJ) $(SHA1_ASM_OBJ) $(FIPS_EX_OBJ)' ; export EXCL_OBJ ; \ + ARX='$(PERL) $${TOP}/util/arx.pl $(AR)' ; \ + else \ + ARX='${AR}' ; \ + fi ; export ARX ; \ + dir=crypto; target=all; $(BUILD_ONE_CMD) +build_fips: + @dir=fips; target=all; [ -z "$(FIPSCANLIB)" ] || $(BUILD_ONE_CMD) build_ssl: @dir=ssl; target=all; $(BUILD_ONE_CMD) build_engines: @@ -244,9 +348,20 @@ all_testapps: build_libs build_testapps build_testapps: @dir=crypto; target=testapps; $(BUILD_ONE_CMD) -libcrypto$(SHLIB_EXT): libcrypto.a +build_shared: $(SHARED_LIBS) +libcrypto$(SHLIB_EXT): libcrypto.a $(SHARED_FIPS) @if [ "$(SHLIB_TARGET)" != "" ]; then \ - $(MAKE) SHLIBDIRS=crypto build-shared; \ + if [ "$(FIPSCANLIB)" = "libfips" ]; then \ + $(ARD) libcrypto.a fipscanister.o ; \ + $(MAKE) SHLIBDIRS='crypto' SHLIBDEPS='-lfips' build-shared; \ + $(AR) libcrypto.a fips/fipscanister.o ; \ + else \ + if [ "$(FIPSCANLIB)" = "libcrypto" ]; then \ + FIPSLD_CC=$(CC); CC=fips/fipsld; \ + export CC FIPSLD_CC; \ + fi; \ + $(MAKE) -e SHLIBDIRS='crypto' build-shared; \ + fi \ else \ echo "There's no support for shared libraries on this platform" >&2; \ exit 1; \ @@ -254,12 +369,32 @@ libcrypto$(SHLIB_EXT): libcrypto.a libssl$(SHLIB_EXT): libcrypto$(SHLIB_EXT) libssl.a @if [ "$(SHLIB_TARGET)" != "" ]; then \ - $(MAKE) SHLIBDIRS=ssl SHLIBDEPS='-lcrypto' build-shared; \ + shlibdeps=-lcrypto; \ + [ "$(FIPSCANLIB)" = "libfips" ] && shlibdeps="$$shlibdeps -lfips"; \ + $(MAKE) SHLIBDIRS=ssl SHLIBDEPS="$$shlibdeps" build-shared; \ + else \ + echo "There's no support for shared libraries on this platform" >&2 ; \ + exit 1; \ + fi + +fips/fipscanister.o: build_fips +libfips$(SHLIB_EXT): fips/fipscanister.o + @if [ "$(SHLIB_TARGET)" != "" ]; then \ + FIPSLD_CC=$(CC); CC=fips/fipsld; export CC FIPSLD_CC; \ + $(MAKE) -f Makefile.shared -e $(BUILDENV) \ + CC=$${CC} LIBNAME=fips THIS=$@ \ + LIBEXTRAS=fips/fipscanister.o \ + LIBDEPS="$(EX_LIBS)" \ + LIBVERSION=${SHLIB_MAJOR}.${SHLIB_MINOR} \ + link_o.$(SHLIB_TARGET) || { rm -f $@; exit 1; } \ else \ echo "There's no support for shared libraries on this platform" >&2; \ exit 1; \ fi +libfips.a: + dir=fips; target=all; $(BUILD_ONE_CMD) + clean-shared: @set -e; for i in $(SHLIBDIRS); do \ if [ -n "$(SHARED_LIBS_LINK_EXTS)" ]; then \ diff --git a/lib/libssl/src/Makefile.shared b/lib/libssl/src/Makefile.shared index c6006f70bf5..3183436ac63 100644 --- a/lib/libssl/src/Makefile.shared +++ b/lib/libssl/src/Makefile.shared @@ -101,15 +101,13 @@ LINK_SO= \ LIBDEPS="$${LIBDEPS:-$(LIBDEPS)}"; \ SHAREDCMD="$${SHAREDCMD:-$(CC)}"; \ SHAREDFLAGS="$${SHAREDFLAGS:-$(CFLAGS) $(SHARED_LDFLAGS)}"; \ - nm -Pg $$SHOBJECTS | grep ' [BDT] ' | cut -f1 -d' ' > lib$(LIBNAME).exp; \ LIBPATH=`for x in $$LIBDEPS; do if echo $$x | grep '^ *-L' > /dev/null 2>&1; then echo $$x | sed -e 's/^ *-L//'; fi; done | uniq`; \ LIBPATH=`echo $$LIBPATH | sed -e 's/ /:/g'`; \ LD_LIBRARY_PATH=$$LIBPATH:$$LD_LIBRARY_PATH \ $${SHAREDCMD} $${SHAREDFLAGS} \ -o $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX \ $$ALLSYMSFLAGS $$SHOBJECTS $$NOALLSYMSFLAGS $$LIBDEPS \ - ) && $(SYMLINK_SO); \ - ( $(SET_X); rm -f lib$(LIBNAME).exp ) + ) && $(SYMLINK_SO) SYMLINK_SO= \ if [ -n "$$INHIBIT_SYMLINKS" ]; then :; else \ @@ -202,8 +200,10 @@ link_app.bsd: # to use native NSModule(3) API and refers to dlfcn as termporary hack. link_o.darwin: @ $(CALC_VERSIONS); \ - SHLIB=lib$(LIBNAME); \ - SHLIB_SUFFIX=.so; \ + SHLIB=`expr "$$THIS" : '.*/\([^/\.]*\)\.'`; \ + SHLIB=$${SHLIB:-lib$(LIBNAME)}; \ + SHLIB_SUFFIX=`expr "$$THIS" : '.*\(\.[^\.]*\)$$'`; \ + SHLIB_SUFFIX=$${SHLIB_SUFFIX:-.so}; \ ALLSYMSFLAGS='-all_load'; \ NOALLSYMSFLAGS=''; \ SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS)"; \ diff --git a/lib/libssl/src/NEWS b/lib/libssl/src/NEWS index 6488ffa122f..322c3848f21 100644 --- a/lib/libssl/src/NEWS +++ b/lib/libssl/src/NEWS @@ -5,6 +5,11 @@ This file gives a brief overview of the major changes between each OpenSSL release. For more details please read the CHANGES file. + Major changes between OpenSSL 0.9.8i and OpenSSL 0.9.8j: + + o Fix security issue (CVE-2008-5077) + o Merge FIPS 140-2 branch code. + Major changes between OpenSSL 0.9.8g and OpenSSL 0.9.8h: o CryptoAPI ENGINE support. diff --git a/lib/libssl/src/README b/lib/libssl/src/README index a2d87d4a497..b3baac4a369 100644 --- a/lib/libssl/src/README +++ b/lib/libssl/src/README @@ -1,5 +1,5 @@ - OpenSSL 0.9.8i + OpenSSL 0.9.8j Copyright (c) 1998-2008 The OpenSSL Project Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson diff --git a/lib/libssl/src/apps/Makefile b/lib/libssl/src/apps/Makefile index 7eade4e2741..402981aedea 100644 --- a/lib/libssl/src/apps/Makefile +++ b/lib/libssl/src/apps/Makefile @@ -152,10 +152,13 @@ $(EXE): progs.h $(E_OBJ) $(PROGRAM).o $(DLIBCRYPTO) $(DLIBSSL) $(RM) $(EXE) shlib_target=; if [ -n "$(SHARED_LIBS)" ]; then \ shlib_target="$(SHLIB_TARGET)"; \ + elif [ -n "$(FIPSCANLIB)" ]; then \ + FIPSLD_CC=$(CC); CC=$(TOP)/fips/fipsld; export CC FIPSLD_CC; \ fi; \ LIBRARIES="$(LIBSSL) $(LIBKRB5) $(LIBCRYPTO)" ; \ + [ "x$(FIPSCANLIB)" = "xlibfips" ] && LIBRARIES="$$LIBRARIES -lfips"; \ $(MAKE) -f $(TOP)/Makefile.shared -e \ - APPNAME=$(EXE) OBJECTS="$(PROGRAM).o $(E_OBJ)" \ + CC=$${CC} APPNAME=$(EXE) OBJECTS="$(PROGRAM).o $(E_OBJ)" \ LIBDEPS="$(PEX_LIBS) $$LIBRARIES $(EX_LIBS)" \ link_app.$${shlib_target} -(cd ..; \ @@ -173,65 +176,66 @@ app_rand.o: ../include/openssl/buffer.h ../include/openssl/conf.h app_rand.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h app_rand.o: ../include/openssl/ec.h ../include/openssl/ecdh.h app_rand.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h -app_rand.o: ../include/openssl/evp.h ../include/openssl/lhash.h -app_rand.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h -app_rand.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h -app_rand.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h -app_rand.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h -app_rand.o: ../include/openssl/safestack.h ../include/openssl/sha.h -app_rand.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -app_rand.o: ../include/openssl/txt_db.h ../include/openssl/x509.h -app_rand.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h -app_rand.o: app_rand.c apps.h +app_rand.o: ../include/openssl/evp.h ../include/openssl/fips.h +app_rand.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h +app_rand.o: ../include/openssl/objects.h ../include/openssl/ocsp.h +app_rand.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +app_rand.o: ../include/openssl/ossl_typ.h ../include/openssl/pkcs7.h +app_rand.o: ../include/openssl/rand.h ../include/openssl/safestack.h +app_rand.o: ../include/openssl/sha.h ../include/openssl/stack.h +app_rand.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h +app_rand.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h +app_rand.o: ../include/openssl/x509v3.h app_rand.c apps.h apps.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h apps.o: ../include/openssl/bn.h ../include/openssl/buffer.h apps.o: ../include/openssl/conf.h ../include/openssl/crypto.h apps.o: ../include/openssl/e_os2.h ../include/openssl/ec.h apps.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h apps.o: ../include/openssl/engine.h ../include/openssl/err.h -apps.o: ../include/openssl/evp.h ../include/openssl/lhash.h -apps.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h -apps.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h -apps.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h -apps.o: ../include/openssl/pem.h ../include/openssl/pem2.h -apps.o: ../include/openssl/pkcs12.h ../include/openssl/pkcs7.h -apps.o: ../include/openssl/rsa.h ../include/openssl/safestack.h -apps.o: ../include/openssl/sha.h ../include/openssl/stack.h -apps.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h -apps.o: ../include/openssl/ui.h ../include/openssl/x509.h -apps.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.c apps.h +apps.o: ../include/openssl/evp.h ../include/openssl/fips.h +apps.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h +apps.o: ../include/openssl/objects.h ../include/openssl/ocsp.h +apps.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +apps.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h +apps.o: ../include/openssl/pem2.h ../include/openssl/pkcs12.h +apps.o: ../include/openssl/pkcs7.h ../include/openssl/rsa.h +apps.o: ../include/openssl/safestack.h ../include/openssl/sha.h +apps.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +apps.o: ../include/openssl/txt_db.h ../include/openssl/ui.h +apps.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h +apps.o: ../include/openssl/x509v3.h apps.c apps.h asn1pars.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h asn1pars.o: ../include/openssl/buffer.h ../include/openssl/conf.h asn1pars.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h asn1pars.o: ../include/openssl/ec.h ../include/openssl/ecdh.h asn1pars.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h asn1pars.o: ../include/openssl/err.h ../include/openssl/evp.h -asn1pars.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h -asn1pars.o: ../include/openssl/objects.h ../include/openssl/ocsp.h -asn1pars.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -asn1pars.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h -asn1pars.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h -asn1pars.o: ../include/openssl/safestack.h ../include/openssl/sha.h -asn1pars.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -asn1pars.o: ../include/openssl/txt_db.h ../include/openssl/x509.h -asn1pars.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h -asn1pars.o: asn1pars.c +asn1pars.o: ../include/openssl/fips.h ../include/openssl/lhash.h +asn1pars.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h +asn1pars.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h +asn1pars.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +asn1pars.o: ../include/openssl/pem.h ../include/openssl/pem2.h +asn1pars.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h +asn1pars.o: ../include/openssl/sha.h ../include/openssl/stack.h +asn1pars.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h +asn1pars.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h +asn1pars.o: ../include/openssl/x509v3.h apps.h asn1pars.c ca.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h ca.o: ../include/openssl/bn.h ../include/openssl/buffer.h ca.o: ../include/openssl/conf.h ../include/openssl/crypto.h ca.o: ../include/openssl/e_os2.h ../include/openssl/ec.h ca.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h ca.o: ../include/openssl/engine.h ../include/openssl/err.h -ca.o: ../include/openssl/evp.h ../include/openssl/lhash.h -ca.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h -ca.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h -ca.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h -ca.o: ../include/openssl/pem.h ../include/openssl/pem2.h -ca.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h -ca.o: ../include/openssl/sha.h ../include/openssl/stack.h -ca.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h -ca.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h -ca.o: ../include/openssl/x509v3.h apps.h ca.c +ca.o: ../include/openssl/evp.h ../include/openssl/fips.h +ca.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h +ca.o: ../include/openssl/objects.h ../include/openssl/ocsp.h +ca.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +ca.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h +ca.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h +ca.o: ../include/openssl/safestack.h ../include/openssl/sha.h +ca.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +ca.o: ../include/openssl/txt_db.h ../include/openssl/x509.h +ca.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h ca.c ciphers.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h ciphers.o: ../include/openssl/bn.h ../include/openssl/buffer.h ciphers.o: ../include/openssl/comp.h ../include/openssl/conf.h @@ -239,82 +243,83 @@ ciphers.o: ../include/openssl/crypto.h ../include/openssl/dtls1.h ciphers.o: ../include/openssl/e_os2.h ../include/openssl/ec.h ciphers.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h ciphers.o: ../include/openssl/engine.h ../include/openssl/err.h -ciphers.o: ../include/openssl/evp.h ../include/openssl/hmac.h -ciphers.o: ../include/openssl/kssl.h ../include/openssl/lhash.h -ciphers.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h -ciphers.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h -ciphers.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h -ciphers.o: ../include/openssl/pem.h ../include/openssl/pem2.h -ciphers.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h -ciphers.o: ../include/openssl/pqueue.h ../include/openssl/safestack.h -ciphers.o: ../include/openssl/sha.h ../include/openssl/ssl.h -ciphers.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h -ciphers.o: ../include/openssl/ssl3.h ../include/openssl/stack.h -ciphers.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h -ciphers.o: ../include/openssl/txt_db.h ../include/openssl/x509.h -ciphers.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h -ciphers.o: ciphers.c +ciphers.o: ../include/openssl/evp.h ../include/openssl/fips.h +ciphers.o: ../include/openssl/hmac.h ../include/openssl/kssl.h +ciphers.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h +ciphers.o: ../include/openssl/objects.h ../include/openssl/ocsp.h +ciphers.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +ciphers.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h +ciphers.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h +ciphers.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h +ciphers.o: ../include/openssl/safestack.h ../include/openssl/sha.h +ciphers.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h +ciphers.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h +ciphers.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +ciphers.o: ../include/openssl/tls1.h ../include/openssl/txt_db.h +ciphers.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h +ciphers.o: ../include/openssl/x509v3.h apps.h ciphers.c cms.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h cms.o: ../include/openssl/buffer.h ../include/openssl/conf.h cms.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h cms.o: ../include/openssl/ec.h ../include/openssl/ecdh.h cms.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h -cms.o: ../include/openssl/evp.h ../include/openssl/lhash.h -cms.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h -cms.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h -cms.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h -cms.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h -cms.o: ../include/openssl/sha.h ../include/openssl/stack.h -cms.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h -cms.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h -cms.o: ../include/openssl/x509v3.h apps.h cms.c +cms.o: ../include/openssl/evp.h ../include/openssl/fips.h +cms.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h +cms.o: ../include/openssl/objects.h ../include/openssl/ocsp.h +cms.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +cms.o: ../include/openssl/ossl_typ.h ../include/openssl/pkcs7.h +cms.o: ../include/openssl/safestack.h ../include/openssl/sha.h +cms.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +cms.o: ../include/openssl/txt_db.h ../include/openssl/x509.h +cms.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h cms.c crl.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h crl.o: ../include/openssl/buffer.h ../include/openssl/conf.h crl.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h crl.o: ../include/openssl/ec.h ../include/openssl/ecdh.h crl.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h crl.o: ../include/openssl/err.h ../include/openssl/evp.h -crl.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h -crl.o: ../include/openssl/objects.h ../include/openssl/ocsp.h -crl.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -crl.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h -crl.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h -crl.o: ../include/openssl/safestack.h ../include/openssl/sha.h -crl.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -crl.o: ../include/openssl/txt_db.h ../include/openssl/x509.h -crl.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h crl.c +crl.o: ../include/openssl/fips.h ../include/openssl/lhash.h +crl.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h +crl.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h +crl.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +crl.o: ../include/openssl/pem.h ../include/openssl/pem2.h +crl.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h +crl.o: ../include/openssl/sha.h ../include/openssl/stack.h +crl.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h +crl.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h +crl.o: ../include/openssl/x509v3.h apps.h crl.c crl2p7.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h crl2p7.o: ../include/openssl/buffer.h ../include/openssl/conf.h crl2p7.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h crl2p7.o: ../include/openssl/ec.h ../include/openssl/ecdh.h crl2p7.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h crl2p7.o: ../include/openssl/err.h ../include/openssl/evp.h -crl2p7.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h -crl2p7.o: ../include/openssl/objects.h ../include/openssl/ocsp.h -crl2p7.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -crl2p7.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h -crl2p7.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h -crl2p7.o: ../include/openssl/safestack.h ../include/openssl/sha.h -crl2p7.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -crl2p7.o: ../include/openssl/txt_db.h ../include/openssl/x509.h -crl2p7.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h -crl2p7.o: crl2p7.c +crl2p7.o: ../include/openssl/fips.h ../include/openssl/lhash.h +crl2p7.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h +crl2p7.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h +crl2p7.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +crl2p7.o: ../include/openssl/pem.h ../include/openssl/pem2.h +crl2p7.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h +crl2p7.o: ../include/openssl/sha.h ../include/openssl/stack.h +crl2p7.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h +crl2p7.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h +crl2p7.o: ../include/openssl/x509v3.h apps.h crl2p7.c dgst.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h dgst.o: ../include/openssl/buffer.h ../include/openssl/conf.h dgst.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h dgst.o: ../include/openssl/ec.h ../include/openssl/ecdh.h dgst.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h dgst.o: ../include/openssl/err.h ../include/openssl/evp.h -dgst.o: ../include/openssl/hmac.h ../include/openssl/lhash.h -dgst.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h -dgst.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h -dgst.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h -dgst.o: ../include/openssl/pem.h ../include/openssl/pem2.h -dgst.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h -dgst.o: ../include/openssl/sha.h ../include/openssl/stack.h -dgst.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h -dgst.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h -dgst.o: ../include/openssl/x509v3.h apps.h dgst.c +dgst.o: ../include/openssl/fips.h ../include/openssl/hmac.h +dgst.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h +dgst.o: ../include/openssl/objects.h ../include/openssl/ocsp.h +dgst.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +dgst.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h +dgst.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h +dgst.o: ../include/openssl/safestack.h ../include/openssl/sha.h +dgst.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +dgst.o: ../include/openssl/txt_db.h ../include/openssl/x509.h +dgst.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h dgst.c dh.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h dh.o: ../include/openssl/bn.h ../include/openssl/buffer.h dh.o: ../include/openssl/conf.h ../include/openssl/crypto.h @@ -322,15 +327,16 @@ dh.o: ../include/openssl/dh.h ../include/openssl/e_os2.h dh.o: ../include/openssl/ec.h ../include/openssl/ecdh.h dh.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h dh.o: ../include/openssl/err.h ../include/openssl/evp.h -dh.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h -dh.o: ../include/openssl/objects.h ../include/openssl/ocsp.h -dh.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -dh.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h -dh.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h -dh.o: ../include/openssl/safestack.h ../include/openssl/sha.h -dh.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -dh.o: ../include/openssl/txt_db.h ../include/openssl/x509.h -dh.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h dh.c +dh.o: ../include/openssl/fips.h ../include/openssl/lhash.h +dh.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h +dh.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h +dh.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +dh.o: ../include/openssl/pem.h ../include/openssl/pem2.h +dh.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h +dh.o: ../include/openssl/sha.h ../include/openssl/stack.h +dh.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h +dh.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h +dh.o: ../include/openssl/x509v3.h apps.h dh.c dsa.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h dsa.o: ../include/openssl/bn.h ../include/openssl/buffer.h dsa.o: ../include/openssl/conf.h ../include/openssl/crypto.h @@ -338,15 +344,16 @@ dsa.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h dsa.o: ../include/openssl/ec.h ../include/openssl/ecdh.h dsa.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h dsa.o: ../include/openssl/err.h ../include/openssl/evp.h -dsa.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h -dsa.o: ../include/openssl/objects.h ../include/openssl/ocsp.h -dsa.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -dsa.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h -dsa.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h -dsa.o: ../include/openssl/safestack.h ../include/openssl/sha.h -dsa.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -dsa.o: ../include/openssl/txt_db.h ../include/openssl/x509.h -dsa.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h dsa.c +dsa.o: ../include/openssl/fips.h ../include/openssl/lhash.h +dsa.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h +dsa.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h +dsa.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +dsa.o: ../include/openssl/pem.h ../include/openssl/pem2.h +dsa.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h +dsa.o: ../include/openssl/sha.h ../include/openssl/stack.h +dsa.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h +dsa.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h +dsa.o: ../include/openssl/x509v3.h apps.h dsa.c dsaparam.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h dsaparam.o: ../include/openssl/bn.h ../include/openssl/buffer.h dsaparam.o: ../include/openssl/conf.h ../include/openssl/crypto.h @@ -354,65 +361,68 @@ dsaparam.o: ../include/openssl/dh.h ../include/openssl/dsa.h dsaparam.o: ../include/openssl/e_os2.h ../include/openssl/ec.h dsaparam.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h dsaparam.o: ../include/openssl/engine.h ../include/openssl/err.h -dsaparam.o: ../include/openssl/evp.h ../include/openssl/lhash.h -dsaparam.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h -dsaparam.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h -dsaparam.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h -dsaparam.o: ../include/openssl/pem.h ../include/openssl/pem2.h -dsaparam.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h -dsaparam.o: ../include/openssl/rsa.h ../include/openssl/safestack.h -dsaparam.o: ../include/openssl/sha.h ../include/openssl/stack.h -dsaparam.o: ../include/openssl/store.h ../include/openssl/symhacks.h -dsaparam.o: ../include/openssl/txt_db.h ../include/openssl/ui.h -dsaparam.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h -dsaparam.o: ../include/openssl/x509v3.h apps.h dsaparam.c +dsaparam.o: ../include/openssl/evp.h ../include/openssl/fips.h +dsaparam.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h +dsaparam.o: ../include/openssl/objects.h ../include/openssl/ocsp.h +dsaparam.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +dsaparam.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h +dsaparam.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h +dsaparam.o: ../include/openssl/rand.h ../include/openssl/rsa.h +dsaparam.o: ../include/openssl/safestack.h ../include/openssl/sha.h +dsaparam.o: ../include/openssl/stack.h ../include/openssl/store.h +dsaparam.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h +dsaparam.o: ../include/openssl/ui.h ../include/openssl/x509.h +dsaparam.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h +dsaparam.o: dsaparam.c ec.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h ec.o: ../include/openssl/buffer.h ../include/openssl/conf.h ec.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h ec.o: ../include/openssl/ec.h ../include/openssl/ecdh.h ec.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h ec.o: ../include/openssl/err.h ../include/openssl/evp.h -ec.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h -ec.o: ../include/openssl/objects.h ../include/openssl/ocsp.h -ec.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -ec.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h -ec.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h -ec.o: ../include/openssl/safestack.h ../include/openssl/sha.h -ec.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -ec.o: ../include/openssl/txt_db.h ../include/openssl/x509.h -ec.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h ec.c +ec.o: ../include/openssl/fips.h ../include/openssl/lhash.h +ec.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h +ec.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h +ec.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +ec.o: ../include/openssl/pem.h ../include/openssl/pem2.h +ec.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h +ec.o: ../include/openssl/sha.h ../include/openssl/stack.h +ec.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h +ec.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h +ec.o: ../include/openssl/x509v3.h apps.h ec.c ecparam.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h ecparam.o: ../include/openssl/bn.h ../include/openssl/buffer.h ecparam.o: ../include/openssl/conf.h ../include/openssl/crypto.h ecparam.o: ../include/openssl/e_os2.h ../include/openssl/ec.h ecparam.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h ecparam.o: ../include/openssl/engine.h ../include/openssl/err.h -ecparam.o: ../include/openssl/evp.h ../include/openssl/lhash.h -ecparam.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h -ecparam.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h -ecparam.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h -ecparam.o: ../include/openssl/pem.h ../include/openssl/pem2.h -ecparam.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h -ecparam.o: ../include/openssl/sha.h ../include/openssl/stack.h -ecparam.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h -ecparam.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h -ecparam.o: ../include/openssl/x509v3.h apps.h ecparam.c +ecparam.o: ../include/openssl/evp.h ../include/openssl/fips.h +ecparam.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h +ecparam.o: ../include/openssl/objects.h ../include/openssl/ocsp.h +ecparam.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +ecparam.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h +ecparam.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h +ecparam.o: ../include/openssl/safestack.h ../include/openssl/sha.h +ecparam.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +ecparam.o: ../include/openssl/txt_db.h ../include/openssl/x509.h +ecparam.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h +ecparam.o: ecparam.c enc.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h enc.o: ../include/openssl/buffer.h ../include/openssl/conf.h enc.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h enc.o: ../include/openssl/ec.h ../include/openssl/ecdh.h enc.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h enc.o: ../include/openssl/err.h ../include/openssl/evp.h -enc.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h -enc.o: ../include/openssl/objects.h ../include/openssl/ocsp.h -enc.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -enc.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h -enc.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h -enc.o: ../include/openssl/rand.h ../include/openssl/safestack.h -enc.o: ../include/openssl/sha.h ../include/openssl/stack.h -enc.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h -enc.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h -enc.o: ../include/openssl/x509v3.h apps.h enc.c +enc.o: ../include/openssl/fips.h ../include/openssl/lhash.h +enc.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h +enc.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h +enc.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +enc.o: ../include/openssl/pem.h ../include/openssl/pem2.h +enc.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h +enc.o: ../include/openssl/safestack.h ../include/openssl/sha.h +enc.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +enc.o: ../include/openssl/txt_db.h ../include/openssl/x509.h +enc.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h enc.c engine.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h engine.o: ../include/openssl/bn.h ../include/openssl/buffer.h engine.o: ../include/openssl/comp.h ../include/openssl/conf.h @@ -420,21 +430,21 @@ engine.o: ../include/openssl/crypto.h ../include/openssl/dtls1.h engine.o: ../include/openssl/e_os2.h ../include/openssl/ec.h engine.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h engine.o: ../include/openssl/engine.h ../include/openssl/err.h -engine.o: ../include/openssl/evp.h ../include/openssl/hmac.h -engine.o: ../include/openssl/kssl.h ../include/openssl/lhash.h -engine.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h -engine.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h -engine.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h -engine.o: ../include/openssl/pem.h ../include/openssl/pem2.h -engine.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h -engine.o: ../include/openssl/pqueue.h ../include/openssl/safestack.h -engine.o: ../include/openssl/sha.h ../include/openssl/ssl.h -engine.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h -engine.o: ../include/openssl/ssl3.h ../include/openssl/stack.h -engine.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h -engine.o: ../include/openssl/txt_db.h ../include/openssl/x509.h -engine.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h -engine.o: engine.c +engine.o: ../include/openssl/evp.h ../include/openssl/fips.h +engine.o: ../include/openssl/hmac.h ../include/openssl/kssl.h +engine.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h +engine.o: ../include/openssl/objects.h ../include/openssl/ocsp.h +engine.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +engine.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h +engine.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h +engine.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h +engine.o: ../include/openssl/safestack.h ../include/openssl/sha.h +engine.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h +engine.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h +engine.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +engine.o: ../include/openssl/tls1.h ../include/openssl/txt_db.h +engine.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h +engine.o: ../include/openssl/x509v3.h apps.h engine.c errstr.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h errstr.o: ../include/openssl/bn.h ../include/openssl/buffer.h errstr.o: ../include/openssl/comp.h ../include/openssl/conf.h @@ -442,21 +452,21 @@ errstr.o: ../include/openssl/crypto.h ../include/openssl/dtls1.h errstr.o: ../include/openssl/e_os2.h ../include/openssl/ec.h errstr.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h errstr.o: ../include/openssl/engine.h ../include/openssl/err.h -errstr.o: ../include/openssl/evp.h ../include/openssl/hmac.h -errstr.o: ../include/openssl/kssl.h ../include/openssl/lhash.h -errstr.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h -errstr.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h -errstr.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h -errstr.o: ../include/openssl/pem.h ../include/openssl/pem2.h -errstr.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h -errstr.o: ../include/openssl/pqueue.h ../include/openssl/safestack.h -errstr.o: ../include/openssl/sha.h ../include/openssl/ssl.h -errstr.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h -errstr.o: ../include/openssl/ssl3.h ../include/openssl/stack.h -errstr.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h -errstr.o: ../include/openssl/txt_db.h ../include/openssl/x509.h -errstr.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h -errstr.o: errstr.c +errstr.o: ../include/openssl/evp.h ../include/openssl/fips.h +errstr.o: ../include/openssl/hmac.h ../include/openssl/kssl.h +errstr.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h +errstr.o: ../include/openssl/objects.h ../include/openssl/ocsp.h +errstr.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +errstr.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h +errstr.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h +errstr.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h +errstr.o: ../include/openssl/safestack.h ../include/openssl/sha.h +errstr.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h +errstr.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h +errstr.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +errstr.o: ../include/openssl/tls1.h ../include/openssl/txt_db.h +errstr.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h +errstr.o: ../include/openssl/x509v3.h apps.h errstr.c gendh.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h gendh.o: ../include/openssl/bn.h ../include/openssl/buffer.h gendh.o: ../include/openssl/conf.h ../include/openssl/crypto.h @@ -464,18 +474,19 @@ gendh.o: ../include/openssl/dh.h ../include/openssl/dsa.h gendh.o: ../include/openssl/e_os2.h ../include/openssl/ec.h gendh.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h gendh.o: ../include/openssl/engine.h ../include/openssl/err.h -gendh.o: ../include/openssl/evp.h ../include/openssl/lhash.h -gendh.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h -gendh.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h -gendh.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h -gendh.o: ../include/openssl/pem.h ../include/openssl/pem2.h -gendh.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h -gendh.o: ../include/openssl/rsa.h ../include/openssl/safestack.h -gendh.o: ../include/openssl/sha.h ../include/openssl/stack.h -gendh.o: ../include/openssl/store.h ../include/openssl/symhacks.h -gendh.o: ../include/openssl/txt_db.h ../include/openssl/ui.h -gendh.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h -gendh.o: ../include/openssl/x509v3.h apps.h gendh.c +gendh.o: ../include/openssl/evp.h ../include/openssl/fips.h +gendh.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h +gendh.o: ../include/openssl/objects.h ../include/openssl/ocsp.h +gendh.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +gendh.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h +gendh.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h +gendh.o: ../include/openssl/rand.h ../include/openssl/rsa.h +gendh.o: ../include/openssl/safestack.h ../include/openssl/sha.h +gendh.o: ../include/openssl/stack.h ../include/openssl/store.h +gendh.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h +gendh.o: ../include/openssl/ui.h ../include/openssl/x509.h +gendh.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h +gendh.o: gendh.c gendsa.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h gendsa.o: ../include/openssl/bn.h ../include/openssl/buffer.h gendsa.o: ../include/openssl/conf.h ../include/openssl/crypto.h @@ -483,16 +494,16 @@ gendsa.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h gendsa.o: ../include/openssl/ec.h ../include/openssl/ecdh.h gendsa.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h gendsa.o: ../include/openssl/err.h ../include/openssl/evp.h -gendsa.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h -gendsa.o: ../include/openssl/objects.h ../include/openssl/ocsp.h -gendsa.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -gendsa.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h -gendsa.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h -gendsa.o: ../include/openssl/safestack.h ../include/openssl/sha.h -gendsa.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -gendsa.o: ../include/openssl/txt_db.h ../include/openssl/x509.h -gendsa.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h -gendsa.o: gendsa.c +gendsa.o: ../include/openssl/fips.h ../include/openssl/lhash.h +gendsa.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h +gendsa.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h +gendsa.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +gendsa.o: ../include/openssl/pem.h ../include/openssl/pem2.h +gendsa.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h +gendsa.o: ../include/openssl/sha.h ../include/openssl/stack.h +gendsa.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h +gendsa.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h +gendsa.o: ../include/openssl/x509v3.h apps.h gendsa.c genrsa.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h genrsa.o: ../include/openssl/bn.h ../include/openssl/buffer.h genrsa.o: ../include/openssl/conf.h ../include/openssl/crypto.h @@ -500,33 +511,35 @@ genrsa.o: ../include/openssl/dh.h ../include/openssl/dsa.h genrsa.o: ../include/openssl/e_os2.h ../include/openssl/ec.h genrsa.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h genrsa.o: ../include/openssl/engine.h ../include/openssl/err.h -genrsa.o: ../include/openssl/evp.h ../include/openssl/lhash.h -genrsa.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h -genrsa.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h -genrsa.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h -genrsa.o: ../include/openssl/pem.h ../include/openssl/pem2.h -genrsa.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h -genrsa.o: ../include/openssl/rsa.h ../include/openssl/safestack.h -genrsa.o: ../include/openssl/sha.h ../include/openssl/stack.h -genrsa.o: ../include/openssl/store.h ../include/openssl/symhacks.h -genrsa.o: ../include/openssl/txt_db.h ../include/openssl/ui.h -genrsa.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h -genrsa.o: ../include/openssl/x509v3.h apps.h genrsa.c +genrsa.o: ../include/openssl/evp.h ../include/openssl/fips.h +genrsa.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h +genrsa.o: ../include/openssl/objects.h ../include/openssl/ocsp.h +genrsa.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +genrsa.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h +genrsa.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h +genrsa.o: ../include/openssl/rand.h ../include/openssl/rsa.h +genrsa.o: ../include/openssl/safestack.h ../include/openssl/sha.h +genrsa.o: ../include/openssl/stack.h ../include/openssl/store.h +genrsa.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h +genrsa.o: ../include/openssl/ui.h ../include/openssl/x509.h +genrsa.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h +genrsa.o: genrsa.c nseq.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h nseq.o: ../include/openssl/buffer.h ../include/openssl/conf.h nseq.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h nseq.o: ../include/openssl/ec.h ../include/openssl/ecdh.h nseq.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h nseq.o: ../include/openssl/err.h ../include/openssl/evp.h -nseq.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h -nseq.o: ../include/openssl/objects.h ../include/openssl/ocsp.h -nseq.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -nseq.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h -nseq.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h -nseq.o: ../include/openssl/safestack.h ../include/openssl/sha.h -nseq.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -nseq.o: ../include/openssl/txt_db.h ../include/openssl/x509.h -nseq.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h nseq.c +nseq.o: ../include/openssl/fips.h ../include/openssl/lhash.h +nseq.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h +nseq.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h +nseq.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +nseq.o: ../include/openssl/pem.h ../include/openssl/pem2.h +nseq.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h +nseq.o: ../include/openssl/sha.h ../include/openssl/stack.h +nseq.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h +nseq.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h +nseq.o: ../include/openssl/x509v3.h apps.h nseq.c ocsp.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h ocsp.o: ../include/openssl/bn.h ../include/openssl/buffer.h ocsp.o: ../include/openssl/comp.h ../include/openssl/conf.h @@ -534,20 +547,21 @@ ocsp.o: ../include/openssl/crypto.h ../include/openssl/dtls1.h ocsp.o: ../include/openssl/e_os2.h ../include/openssl/ec.h ocsp.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h ocsp.o: ../include/openssl/engine.h ../include/openssl/err.h -ocsp.o: ../include/openssl/evp.h ../include/openssl/hmac.h -ocsp.o: ../include/openssl/kssl.h ../include/openssl/lhash.h -ocsp.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h -ocsp.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h -ocsp.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h -ocsp.o: ../include/openssl/pem.h ../include/openssl/pem2.h -ocsp.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h -ocsp.o: ../include/openssl/pqueue.h ../include/openssl/safestack.h -ocsp.o: ../include/openssl/sha.h ../include/openssl/ssl.h -ocsp.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h -ocsp.o: ../include/openssl/ssl3.h ../include/openssl/stack.h -ocsp.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h -ocsp.o: ../include/openssl/txt_db.h ../include/openssl/x509.h -ocsp.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h ocsp.c +ocsp.o: ../include/openssl/evp.h ../include/openssl/fips.h +ocsp.o: ../include/openssl/hmac.h ../include/openssl/kssl.h +ocsp.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h +ocsp.o: ../include/openssl/objects.h ../include/openssl/ocsp.h +ocsp.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +ocsp.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h +ocsp.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h +ocsp.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h +ocsp.o: ../include/openssl/safestack.h ../include/openssl/sha.h +ocsp.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h +ocsp.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h +ocsp.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +ocsp.o: ../include/openssl/tls1.h ../include/openssl/txt_db.h +ocsp.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h +ocsp.o: ../include/openssl/x509v3.h apps.h ocsp.c openssl.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h openssl.o: ../include/openssl/bn.h ../include/openssl/buffer.h openssl.o: ../include/openssl/comp.h ../include/openssl/conf.h @@ -555,21 +569,21 @@ openssl.o: ../include/openssl/crypto.h ../include/openssl/dtls1.h openssl.o: ../include/openssl/e_os2.h ../include/openssl/ec.h openssl.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h openssl.o: ../include/openssl/engine.h ../include/openssl/err.h -openssl.o: ../include/openssl/evp.h ../include/openssl/hmac.h -openssl.o: ../include/openssl/kssl.h ../include/openssl/lhash.h -openssl.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h -openssl.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h -openssl.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h -openssl.o: ../include/openssl/pem.h ../include/openssl/pem2.h -openssl.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h -openssl.o: ../include/openssl/pqueue.h ../include/openssl/safestack.h -openssl.o: ../include/openssl/sha.h ../include/openssl/ssl.h -openssl.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h -openssl.o: ../include/openssl/ssl3.h ../include/openssl/stack.h -openssl.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h -openssl.o: ../include/openssl/txt_db.h ../include/openssl/x509.h -openssl.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h -openssl.o: openssl.c progs.h s_apps.h +openssl.o: ../include/openssl/evp.h ../include/openssl/fips.h +openssl.o: ../include/openssl/hmac.h ../include/openssl/kssl.h +openssl.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h +openssl.o: ../include/openssl/objects.h ../include/openssl/ocsp.h +openssl.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +openssl.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h +openssl.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h +openssl.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h +openssl.o: ../include/openssl/safestack.h ../include/openssl/sha.h +openssl.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h +openssl.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h +openssl.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +openssl.o: ../include/openssl/tls1.h ../include/openssl/txt_db.h +openssl.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h +openssl.o: ../include/openssl/x509v3.h apps.h openssl.c progs.h s_apps.h passwd.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h passwd.o: ../include/openssl/buffer.h ../include/openssl/conf.h passwd.o: ../include/openssl/crypto.h ../include/openssl/des.h @@ -577,95 +591,97 @@ passwd.o: ../include/openssl/des_old.h ../include/openssl/e_os2.h passwd.o: ../include/openssl/ec.h ../include/openssl/ecdh.h passwd.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h passwd.o: ../include/openssl/err.h ../include/openssl/evp.h -passwd.o: ../include/openssl/lhash.h ../include/openssl/md5.h -passwd.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h -passwd.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h -passwd.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h -passwd.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h -passwd.o: ../include/openssl/safestack.h ../include/openssl/sha.h -passwd.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -passwd.o: ../include/openssl/txt_db.h ../include/openssl/ui.h -passwd.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h -passwd.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h -passwd.o: passwd.c +passwd.o: ../include/openssl/fips.h ../include/openssl/lhash.h +passwd.o: ../include/openssl/md5.h ../include/openssl/obj_mac.h +passwd.o: ../include/openssl/objects.h ../include/openssl/ocsp.h +passwd.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +passwd.o: ../include/openssl/ossl_typ.h ../include/openssl/pkcs7.h +passwd.o: ../include/openssl/rand.h ../include/openssl/safestack.h +passwd.o: ../include/openssl/sha.h ../include/openssl/stack.h +passwd.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h +passwd.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h +passwd.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h +passwd.o: ../include/openssl/x509v3.h apps.h passwd.c pkcs12.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h pkcs12.o: ../include/openssl/buffer.h ../include/openssl/conf.h pkcs12.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h pkcs12.o: ../include/openssl/ec.h ../include/openssl/ecdh.h pkcs12.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h pkcs12.o: ../include/openssl/err.h ../include/openssl/evp.h -pkcs12.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h -pkcs12.o: ../include/openssl/objects.h ../include/openssl/ocsp.h -pkcs12.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -pkcs12.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h -pkcs12.o: ../include/openssl/pem2.h ../include/openssl/pkcs12.h -pkcs12.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h -pkcs12.o: ../include/openssl/sha.h ../include/openssl/stack.h -pkcs12.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h -pkcs12.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h -pkcs12.o: ../include/openssl/x509v3.h apps.h pkcs12.c +pkcs12.o: ../include/openssl/fips.h ../include/openssl/lhash.h +pkcs12.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h +pkcs12.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h +pkcs12.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +pkcs12.o: ../include/openssl/pem.h ../include/openssl/pem2.h +pkcs12.o: ../include/openssl/pkcs12.h ../include/openssl/pkcs7.h +pkcs12.o: ../include/openssl/safestack.h ../include/openssl/sha.h +pkcs12.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +pkcs12.o: ../include/openssl/txt_db.h ../include/openssl/x509.h +pkcs12.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h +pkcs12.o: pkcs12.c pkcs7.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h pkcs7.o: ../include/openssl/buffer.h ../include/openssl/conf.h pkcs7.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h pkcs7.o: ../include/openssl/ec.h ../include/openssl/ecdh.h pkcs7.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h pkcs7.o: ../include/openssl/err.h ../include/openssl/evp.h -pkcs7.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h -pkcs7.o: ../include/openssl/objects.h ../include/openssl/ocsp.h -pkcs7.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -pkcs7.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h -pkcs7.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h -pkcs7.o: ../include/openssl/safestack.h ../include/openssl/sha.h -pkcs7.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -pkcs7.o: ../include/openssl/txt_db.h ../include/openssl/x509.h -pkcs7.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h -pkcs7.o: pkcs7.c +pkcs7.o: ../include/openssl/fips.h ../include/openssl/lhash.h +pkcs7.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h +pkcs7.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h +pkcs7.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +pkcs7.o: ../include/openssl/pem.h ../include/openssl/pem2.h +pkcs7.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h +pkcs7.o: ../include/openssl/sha.h ../include/openssl/stack.h +pkcs7.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h +pkcs7.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h +pkcs7.o: ../include/openssl/x509v3.h apps.h pkcs7.c pkcs8.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h pkcs8.o: ../include/openssl/buffer.h ../include/openssl/conf.h pkcs8.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h pkcs8.o: ../include/openssl/ec.h ../include/openssl/ecdh.h pkcs8.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h pkcs8.o: ../include/openssl/err.h ../include/openssl/evp.h -pkcs8.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h -pkcs8.o: ../include/openssl/objects.h ../include/openssl/ocsp.h -pkcs8.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -pkcs8.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h -pkcs8.o: ../include/openssl/pem2.h ../include/openssl/pkcs12.h -pkcs8.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h -pkcs8.o: ../include/openssl/sha.h ../include/openssl/stack.h -pkcs8.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h -pkcs8.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h -pkcs8.o: ../include/openssl/x509v3.h apps.h pkcs8.c +pkcs8.o: ../include/openssl/fips.h ../include/openssl/lhash.h +pkcs8.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h +pkcs8.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h +pkcs8.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +pkcs8.o: ../include/openssl/pem.h ../include/openssl/pem2.h +pkcs8.o: ../include/openssl/pkcs12.h ../include/openssl/pkcs7.h +pkcs8.o: ../include/openssl/safestack.h ../include/openssl/sha.h +pkcs8.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +pkcs8.o: ../include/openssl/txt_db.h ../include/openssl/x509.h +pkcs8.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h +pkcs8.o: pkcs8.c prime.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h prime.o: ../include/openssl/bn.h ../include/openssl/buffer.h prime.o: ../include/openssl/conf.h ../include/openssl/crypto.h prime.o: ../include/openssl/e_os2.h ../include/openssl/ec.h prime.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h prime.o: ../include/openssl/engine.h ../include/openssl/evp.h -prime.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h -prime.o: ../include/openssl/objects.h ../include/openssl/ocsp.h -prime.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -prime.o: ../include/openssl/ossl_typ.h ../include/openssl/pkcs7.h -prime.o: ../include/openssl/safestack.h ../include/openssl/sha.h -prime.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -prime.o: ../include/openssl/txt_db.h ../include/openssl/x509.h -prime.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h -prime.o: prime.c +prime.o: ../include/openssl/fips.h ../include/openssl/lhash.h +prime.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h +prime.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h +prime.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +prime.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h +prime.o: ../include/openssl/sha.h ../include/openssl/stack.h +prime.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h +prime.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h +prime.o: ../include/openssl/x509v3.h apps.h prime.c rand.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h rand.o: ../include/openssl/buffer.h ../include/openssl/conf.h rand.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h rand.o: ../include/openssl/ec.h ../include/openssl/ecdh.h rand.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h rand.o: ../include/openssl/err.h ../include/openssl/evp.h -rand.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h -rand.o: ../include/openssl/objects.h ../include/openssl/ocsp.h -rand.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -rand.o: ../include/openssl/ossl_typ.h ../include/openssl/pkcs7.h -rand.o: ../include/openssl/rand.h ../include/openssl/safestack.h -rand.o: ../include/openssl/sha.h ../include/openssl/stack.h -rand.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h -rand.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h -rand.o: ../include/openssl/x509v3.h apps.h rand.c +rand.o: ../include/openssl/fips.h ../include/openssl/lhash.h +rand.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h +rand.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h +rand.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +rand.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h +rand.o: ../include/openssl/safestack.h ../include/openssl/sha.h +rand.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +rand.o: ../include/openssl/txt_db.h ../include/openssl/x509.h +rand.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h rand.c req.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h req.o: ../include/openssl/bn.h ../include/openssl/buffer.h req.o: ../include/openssl/conf.h ../include/openssl/crypto.h @@ -673,50 +689,52 @@ req.o: ../include/openssl/dh.h ../include/openssl/dsa.h req.o: ../include/openssl/e_os2.h ../include/openssl/ec.h req.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h req.o: ../include/openssl/engine.h ../include/openssl/err.h -req.o: ../include/openssl/evp.h ../include/openssl/lhash.h -req.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h -req.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h -req.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h -req.o: ../include/openssl/pem.h ../include/openssl/pem2.h -req.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h -req.o: ../include/openssl/rsa.h ../include/openssl/safestack.h -req.o: ../include/openssl/sha.h ../include/openssl/stack.h -req.o: ../include/openssl/store.h ../include/openssl/symhacks.h -req.o: ../include/openssl/txt_db.h ../include/openssl/ui.h -req.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h -req.o: ../include/openssl/x509v3.h apps.h req.c +req.o: ../include/openssl/evp.h ../include/openssl/fips.h +req.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h +req.o: ../include/openssl/objects.h ../include/openssl/ocsp.h +req.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +req.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h +req.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h +req.o: ../include/openssl/rand.h ../include/openssl/rsa.h +req.o: ../include/openssl/safestack.h ../include/openssl/sha.h +req.o: ../include/openssl/stack.h ../include/openssl/store.h +req.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h +req.o: ../include/openssl/ui.h ../include/openssl/x509.h +req.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h req.c rsa.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h rsa.o: ../include/openssl/bn.h ../include/openssl/buffer.h rsa.o: ../include/openssl/conf.h ../include/openssl/crypto.h rsa.o: ../include/openssl/e_os2.h ../include/openssl/ec.h rsa.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h rsa.o: ../include/openssl/engine.h ../include/openssl/err.h -rsa.o: ../include/openssl/evp.h ../include/openssl/lhash.h -rsa.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h -rsa.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h -rsa.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h -rsa.o: ../include/openssl/pem.h ../include/openssl/pem2.h -rsa.o: ../include/openssl/pkcs7.h ../include/openssl/rsa.h -rsa.o: ../include/openssl/safestack.h ../include/openssl/sha.h -rsa.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -rsa.o: ../include/openssl/txt_db.h ../include/openssl/x509.h -rsa.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h rsa.c +rsa.o: ../include/openssl/evp.h ../include/openssl/fips.h +rsa.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h +rsa.o: ../include/openssl/objects.h ../include/openssl/ocsp.h +rsa.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +rsa.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h +rsa.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h +rsa.o: ../include/openssl/rsa.h ../include/openssl/safestack.h +rsa.o: ../include/openssl/sha.h ../include/openssl/stack.h +rsa.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h +rsa.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h +rsa.o: ../include/openssl/x509v3.h apps.h rsa.c rsautl.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h rsautl.o: ../include/openssl/buffer.h ../include/openssl/conf.h rsautl.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h rsautl.o: ../include/openssl/ec.h ../include/openssl/ecdh.h rsautl.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h rsautl.o: ../include/openssl/err.h ../include/openssl/evp.h -rsautl.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h -rsautl.o: ../include/openssl/objects.h ../include/openssl/ocsp.h -rsautl.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -rsautl.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h -rsautl.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h -rsautl.o: ../include/openssl/rsa.h ../include/openssl/safestack.h -rsautl.o: ../include/openssl/sha.h ../include/openssl/stack.h -rsautl.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h -rsautl.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h -rsautl.o: ../include/openssl/x509v3.h apps.h rsautl.c +rsautl.o: ../include/openssl/fips.h ../include/openssl/lhash.h +rsautl.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h +rsautl.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h +rsautl.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +rsautl.o: ../include/openssl/pem.h ../include/openssl/pem2.h +rsautl.o: ../include/openssl/pkcs7.h ../include/openssl/rsa.h +rsautl.o: ../include/openssl/safestack.h ../include/openssl/sha.h +rsautl.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +rsautl.o: ../include/openssl/txt_db.h ../include/openssl/x509.h +rsautl.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h +rsautl.o: rsautl.c s_cb.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h s_cb.o: ../include/openssl/bn.h ../include/openssl/buffer.h s_cb.o: ../include/openssl/comp.h ../include/openssl/conf.h @@ -724,21 +742,21 @@ s_cb.o: ../include/openssl/crypto.h ../include/openssl/dtls1.h s_cb.o: ../include/openssl/e_os2.h ../include/openssl/ec.h s_cb.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h s_cb.o: ../include/openssl/engine.h ../include/openssl/err.h -s_cb.o: ../include/openssl/evp.h ../include/openssl/hmac.h -s_cb.o: ../include/openssl/kssl.h ../include/openssl/lhash.h -s_cb.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h -s_cb.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h -s_cb.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h -s_cb.o: ../include/openssl/pem.h ../include/openssl/pem2.h -s_cb.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h -s_cb.o: ../include/openssl/pqueue.h ../include/openssl/safestack.h -s_cb.o: ../include/openssl/sha.h ../include/openssl/ssl.h -s_cb.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h -s_cb.o: ../include/openssl/ssl3.h ../include/openssl/stack.h -s_cb.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h -s_cb.o: ../include/openssl/txt_db.h ../include/openssl/x509.h -s_cb.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h -s_cb.o: s_apps.h s_cb.c +s_cb.o: ../include/openssl/evp.h ../include/openssl/fips.h +s_cb.o: ../include/openssl/hmac.h ../include/openssl/kssl.h +s_cb.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h +s_cb.o: ../include/openssl/objects.h ../include/openssl/ocsp.h +s_cb.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +s_cb.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h +s_cb.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h +s_cb.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h +s_cb.o: ../include/openssl/safestack.h ../include/openssl/sha.h +s_cb.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h +s_cb.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h +s_cb.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +s_cb.o: ../include/openssl/tls1.h ../include/openssl/txt_db.h +s_cb.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h +s_cb.o: ../include/openssl/x509v3.h apps.h s_apps.h s_cb.c s_client.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h s_client.o: ../include/openssl/bn.h ../include/openssl/buffer.h s_client.o: ../include/openssl/comp.h ../include/openssl/conf.h @@ -746,21 +764,22 @@ s_client.o: ../include/openssl/crypto.h ../include/openssl/dtls1.h s_client.o: ../include/openssl/e_os2.h ../include/openssl/ec.h s_client.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h s_client.o: ../include/openssl/engine.h ../include/openssl/err.h -s_client.o: ../include/openssl/evp.h ../include/openssl/hmac.h -s_client.o: ../include/openssl/kssl.h ../include/openssl/lhash.h -s_client.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h -s_client.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h -s_client.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h -s_client.o: ../include/openssl/pem.h ../include/openssl/pem2.h -s_client.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h -s_client.o: ../include/openssl/pqueue.h ../include/openssl/rand.h -s_client.o: ../include/openssl/safestack.h ../include/openssl/sha.h -s_client.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h -s_client.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h -s_client.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -s_client.o: ../include/openssl/tls1.h ../include/openssl/txt_db.h -s_client.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h -s_client.o: ../include/openssl/x509v3.h apps.h s_apps.h s_client.c timeouts.h +s_client.o: ../include/openssl/evp.h ../include/openssl/fips.h +s_client.o: ../include/openssl/hmac.h ../include/openssl/kssl.h +s_client.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h +s_client.o: ../include/openssl/objects.h ../include/openssl/ocsp.h +s_client.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +s_client.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h +s_client.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h +s_client.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h +s_client.o: ../include/openssl/rand.h ../include/openssl/safestack.h +s_client.o: ../include/openssl/sha.h ../include/openssl/ssl.h +s_client.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h +s_client.o: ../include/openssl/ssl3.h ../include/openssl/stack.h +s_client.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h +s_client.o: ../include/openssl/txt_db.h ../include/openssl/x509.h +s_client.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h +s_client.o: s_apps.h s_client.c timeouts.h s_server.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h s_server.o: ../include/openssl/bn.h ../include/openssl/buffer.h s_server.o: ../include/openssl/comp.h ../include/openssl/conf.h @@ -769,23 +788,23 @@ s_server.o: ../include/openssl/dsa.h ../include/openssl/dtls1.h s_server.o: ../include/openssl/e_os2.h ../include/openssl/ec.h s_server.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h s_server.o: ../include/openssl/engine.h ../include/openssl/err.h -s_server.o: ../include/openssl/evp.h ../include/openssl/hmac.h -s_server.o: ../include/openssl/kssl.h ../include/openssl/lhash.h -s_server.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h -s_server.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h -s_server.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h -s_server.o: ../include/openssl/pem.h ../include/openssl/pem2.h -s_server.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h -s_server.o: ../include/openssl/pqueue.h ../include/openssl/rand.h -s_server.o: ../include/openssl/rsa.h ../include/openssl/safestack.h -s_server.o: ../include/openssl/sha.h ../include/openssl/ssl.h -s_server.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h -s_server.o: ../include/openssl/ssl3.h ../include/openssl/stack.h -s_server.o: ../include/openssl/store.h ../include/openssl/symhacks.h -s_server.o: ../include/openssl/tls1.h ../include/openssl/txt_db.h -s_server.o: ../include/openssl/ui.h ../include/openssl/x509.h -s_server.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h -s_server.o: s_apps.h s_server.c timeouts.h +s_server.o: ../include/openssl/evp.h ../include/openssl/fips.h +s_server.o: ../include/openssl/hmac.h ../include/openssl/kssl.h +s_server.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h +s_server.o: ../include/openssl/objects.h ../include/openssl/ocsp.h +s_server.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +s_server.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h +s_server.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h +s_server.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h +s_server.o: ../include/openssl/rand.h ../include/openssl/rsa.h +s_server.o: ../include/openssl/safestack.h ../include/openssl/sha.h +s_server.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h +s_server.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h +s_server.o: ../include/openssl/stack.h ../include/openssl/store.h +s_server.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h +s_server.o: ../include/openssl/txt_db.h ../include/openssl/ui.h +s_server.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h +s_server.o: ../include/openssl/x509v3.h apps.h s_apps.h s_server.c timeouts.h s_socket.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h s_socket.o: ../include/openssl/bn.h ../include/openssl/buffer.h s_socket.o: ../include/openssl/comp.h ../include/openssl/conf.h @@ -793,20 +812,21 @@ s_socket.o: ../include/openssl/crypto.h ../include/openssl/dtls1.h s_socket.o: ../include/openssl/e_os2.h ../include/openssl/ec.h s_socket.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h s_socket.o: ../include/openssl/engine.h ../include/openssl/evp.h -s_socket.o: ../include/openssl/hmac.h ../include/openssl/kssl.h -s_socket.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h -s_socket.o: ../include/openssl/objects.h ../include/openssl/ocsp.h -s_socket.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -s_socket.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h -s_socket.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h -s_socket.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h -s_socket.o: ../include/openssl/safestack.h ../include/openssl/sha.h -s_socket.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h -s_socket.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h -s_socket.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -s_socket.o: ../include/openssl/tls1.h ../include/openssl/txt_db.h -s_socket.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h -s_socket.o: ../include/openssl/x509v3.h apps.h s_apps.h s_socket.c +s_socket.o: ../include/openssl/fips.h ../include/openssl/hmac.h +s_socket.o: ../include/openssl/kssl.h ../include/openssl/lhash.h +s_socket.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h +s_socket.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h +s_socket.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +s_socket.o: ../include/openssl/pem.h ../include/openssl/pem2.h +s_socket.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h +s_socket.o: ../include/openssl/pqueue.h ../include/openssl/safestack.h +s_socket.o: ../include/openssl/sha.h ../include/openssl/ssl.h +s_socket.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h +s_socket.o: ../include/openssl/ssl3.h ../include/openssl/stack.h +s_socket.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h +s_socket.o: ../include/openssl/txt_db.h ../include/openssl/x509.h +s_socket.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h +s_socket.o: s_apps.h s_socket.c s_time.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h s_time.o: ../include/openssl/bn.h ../include/openssl/buffer.h s_time.o: ../include/openssl/comp.h ../include/openssl/conf.h @@ -814,21 +834,21 @@ s_time.o: ../include/openssl/crypto.h ../include/openssl/dtls1.h s_time.o: ../include/openssl/e_os2.h ../include/openssl/ec.h s_time.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h s_time.o: ../include/openssl/engine.h ../include/openssl/err.h -s_time.o: ../include/openssl/evp.h ../include/openssl/hmac.h -s_time.o: ../include/openssl/kssl.h ../include/openssl/lhash.h -s_time.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h -s_time.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h -s_time.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h -s_time.o: ../include/openssl/pem.h ../include/openssl/pem2.h -s_time.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h -s_time.o: ../include/openssl/pqueue.h ../include/openssl/safestack.h -s_time.o: ../include/openssl/sha.h ../include/openssl/ssl.h -s_time.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h -s_time.o: ../include/openssl/ssl3.h ../include/openssl/stack.h -s_time.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h -s_time.o: ../include/openssl/txt_db.h ../include/openssl/x509.h -s_time.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h -s_time.o: s_apps.h s_time.c +s_time.o: ../include/openssl/evp.h ../include/openssl/fips.h +s_time.o: ../include/openssl/hmac.h ../include/openssl/kssl.h +s_time.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h +s_time.o: ../include/openssl/objects.h ../include/openssl/ocsp.h +s_time.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +s_time.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h +s_time.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h +s_time.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h +s_time.o: ../include/openssl/safestack.h ../include/openssl/sha.h +s_time.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h +s_time.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h +s_time.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +s_time.o: ../include/openssl/tls1.h ../include/openssl/txt_db.h +s_time.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h +s_time.o: ../include/openssl/x509v3.h apps.h s_apps.h s_time.c sess_id.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h sess_id.o: ../include/openssl/bn.h ../include/openssl/buffer.h sess_id.o: ../include/openssl/comp.h ../include/openssl/conf.h @@ -836,37 +856,37 @@ sess_id.o: ../include/openssl/crypto.h ../include/openssl/dtls1.h sess_id.o: ../include/openssl/e_os2.h ../include/openssl/ec.h sess_id.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h sess_id.o: ../include/openssl/engine.h ../include/openssl/err.h -sess_id.o: ../include/openssl/evp.h ../include/openssl/hmac.h -sess_id.o: ../include/openssl/kssl.h ../include/openssl/lhash.h -sess_id.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h -sess_id.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h -sess_id.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h -sess_id.o: ../include/openssl/pem.h ../include/openssl/pem2.h -sess_id.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h -sess_id.o: ../include/openssl/pqueue.h ../include/openssl/safestack.h -sess_id.o: ../include/openssl/sha.h ../include/openssl/ssl.h -sess_id.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h -sess_id.o: ../include/openssl/ssl3.h ../include/openssl/stack.h -sess_id.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h -sess_id.o: ../include/openssl/txt_db.h ../include/openssl/x509.h -sess_id.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h -sess_id.o: sess_id.c +sess_id.o: ../include/openssl/evp.h ../include/openssl/fips.h +sess_id.o: ../include/openssl/hmac.h ../include/openssl/kssl.h +sess_id.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h +sess_id.o: ../include/openssl/objects.h ../include/openssl/ocsp.h +sess_id.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +sess_id.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h +sess_id.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h +sess_id.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h +sess_id.o: ../include/openssl/safestack.h ../include/openssl/sha.h +sess_id.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h +sess_id.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h +sess_id.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +sess_id.o: ../include/openssl/tls1.h ../include/openssl/txt_db.h +sess_id.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h +sess_id.o: ../include/openssl/x509v3.h apps.h sess_id.c smime.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h smime.o: ../include/openssl/buffer.h ../include/openssl/conf.h smime.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h smime.o: ../include/openssl/ec.h ../include/openssl/ecdh.h smime.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h smime.o: ../include/openssl/err.h ../include/openssl/evp.h -smime.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h -smime.o: ../include/openssl/objects.h ../include/openssl/ocsp.h -smime.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -smime.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h -smime.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h -smime.o: ../include/openssl/safestack.h ../include/openssl/sha.h -smime.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -smime.o: ../include/openssl/txt_db.h ../include/openssl/x509.h -smime.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h -smime.o: smime.c +smime.o: ../include/openssl/fips.h ../include/openssl/lhash.h +smime.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h +smime.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h +smime.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +smime.o: ../include/openssl/pem.h ../include/openssl/pem2.h +smime.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h +smime.o: ../include/openssl/sha.h ../include/openssl/stack.h +smime.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h +smime.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h +smime.o: ../include/openssl/x509v3.h apps.h smime.c speed.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h speed.o: ../include/openssl/bio.h ../include/openssl/blowfish.h speed.o: ../include/openssl/bn.h ../include/openssl/buffer.h @@ -876,53 +896,54 @@ speed.o: ../include/openssl/des_old.h ../include/openssl/dsa.h speed.o: ../include/openssl/e_os2.h ../include/openssl/ec.h speed.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h speed.o: ../include/openssl/engine.h ../include/openssl/err.h -speed.o: ../include/openssl/evp.h ../include/openssl/hmac.h -speed.o: ../include/openssl/idea.h ../include/openssl/lhash.h -speed.o: ../include/openssl/md2.h ../include/openssl/md4.h -speed.o: ../include/openssl/md5.h ../include/openssl/obj_mac.h -speed.o: ../include/openssl/objects.h ../include/openssl/ocsp.h -speed.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -speed.o: ../include/openssl/ossl_typ.h ../include/openssl/pkcs7.h -speed.o: ../include/openssl/rand.h ../include/openssl/rc2.h -speed.o: ../include/openssl/rc4.h ../include/openssl/ripemd.h -speed.o: ../include/openssl/rsa.h ../include/openssl/safestack.h -speed.o: ../include/openssl/sha.h ../include/openssl/stack.h -speed.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h -speed.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h -speed.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h -speed.o: ../include/openssl/x509v3.h apps.h speed.c testdsa.h testrsa.h +speed.o: ../include/openssl/evp.h ../include/openssl/fips.h +speed.o: ../include/openssl/hmac.h ../include/openssl/idea.h +speed.o: ../include/openssl/lhash.h ../include/openssl/md2.h +speed.o: ../include/openssl/md4.h ../include/openssl/md5.h +speed.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h +speed.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h +speed.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +speed.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h +speed.o: ../include/openssl/rc2.h ../include/openssl/rc4.h +speed.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h +speed.o: ../include/openssl/safestack.h ../include/openssl/sha.h +speed.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +speed.o: ../include/openssl/txt_db.h ../include/openssl/ui.h +speed.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h +speed.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h +speed.o: speed.c testdsa.h testrsa.h spkac.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h spkac.o: ../include/openssl/buffer.h ../include/openssl/conf.h spkac.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h spkac.o: ../include/openssl/ec.h ../include/openssl/ecdh.h spkac.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h spkac.o: ../include/openssl/err.h ../include/openssl/evp.h -spkac.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h -spkac.o: ../include/openssl/objects.h ../include/openssl/ocsp.h -spkac.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -spkac.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h -spkac.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h -spkac.o: ../include/openssl/safestack.h ../include/openssl/sha.h -spkac.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -spkac.o: ../include/openssl/txt_db.h ../include/openssl/x509.h -spkac.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h -spkac.o: spkac.c +spkac.o: ../include/openssl/fips.h ../include/openssl/lhash.h +spkac.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h +spkac.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h +spkac.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +spkac.o: ../include/openssl/pem.h ../include/openssl/pem2.h +spkac.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h +spkac.o: ../include/openssl/sha.h ../include/openssl/stack.h +spkac.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h +spkac.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h +spkac.o: ../include/openssl/x509v3.h apps.h spkac.c verify.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h verify.o: ../include/openssl/buffer.h ../include/openssl/conf.h verify.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h verify.o: ../include/openssl/ec.h ../include/openssl/ecdh.h verify.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h verify.o: ../include/openssl/err.h ../include/openssl/evp.h -verify.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h -verify.o: ../include/openssl/objects.h ../include/openssl/ocsp.h -verify.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -verify.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h -verify.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h -verify.o: ../include/openssl/safestack.h ../include/openssl/sha.h -verify.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -verify.o: ../include/openssl/txt_db.h ../include/openssl/x509.h -verify.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h -verify.o: verify.c +verify.o: ../include/openssl/fips.h ../include/openssl/lhash.h +verify.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h +verify.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h +verify.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +verify.o: ../include/openssl/pem.h ../include/openssl/pem2.h +verify.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h +verify.o: ../include/openssl/sha.h ../include/openssl/stack.h +verify.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h +verify.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h +verify.o: ../include/openssl/x509v3.h apps.h verify.c version.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h version.o: ../include/openssl/blowfish.h ../include/openssl/bn.h version.o: ../include/openssl/buffer.h ../include/openssl/conf.h @@ -930,18 +951,18 @@ version.o: ../include/openssl/crypto.h ../include/openssl/des.h version.o: ../include/openssl/des_old.h ../include/openssl/e_os2.h version.o: ../include/openssl/ec.h ../include/openssl/ecdh.h version.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h -version.o: ../include/openssl/evp.h ../include/openssl/idea.h -version.o: ../include/openssl/lhash.h ../include/openssl/md2.h -version.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h -version.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h -version.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h -version.o: ../include/openssl/pkcs7.h ../include/openssl/rc4.h -version.o: ../include/openssl/safestack.h ../include/openssl/sha.h -version.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -version.o: ../include/openssl/txt_db.h ../include/openssl/ui.h -version.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h -version.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h -version.o: version.c +version.o: ../include/openssl/evp.h ../include/openssl/fips.h +version.o: ../include/openssl/idea.h ../include/openssl/lhash.h +version.o: ../include/openssl/md2.h ../include/openssl/obj_mac.h +version.o: ../include/openssl/objects.h ../include/openssl/ocsp.h +version.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +version.o: ../include/openssl/ossl_typ.h ../include/openssl/pkcs7.h +version.o: ../include/openssl/rc4.h ../include/openssl/safestack.h +version.o: ../include/openssl/sha.h ../include/openssl/stack.h +version.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h +version.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h +version.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h +version.o: ../include/openssl/x509v3.h apps.h version.c x509.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h x509.o: ../include/openssl/bn.h ../include/openssl/buffer.h x509.o: ../include/openssl/conf.h ../include/openssl/crypto.h @@ -949,13 +970,13 @@ x509.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h x509.o: ../include/openssl/ec.h ../include/openssl/ecdh.h x509.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h x509.o: ../include/openssl/err.h ../include/openssl/evp.h -x509.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h -x509.o: ../include/openssl/objects.h ../include/openssl/ocsp.h -x509.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -x509.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h -x509.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h -x509.o: ../include/openssl/rsa.h ../include/openssl/safestack.h -x509.o: ../include/openssl/sha.h ../include/openssl/stack.h -x509.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h -x509.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h -x509.o: ../include/openssl/x509v3.h apps.h x509.c +x509.o: ../include/openssl/fips.h ../include/openssl/lhash.h +x509.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h +x509.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h +x509.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +x509.o: ../include/openssl/pem.h ../include/openssl/pem2.h +x509.o: ../include/openssl/pkcs7.h ../include/openssl/rsa.h +x509.o: ../include/openssl/safestack.h ../include/openssl/sha.h +x509.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +x509.o: ../include/openssl/txt_db.h ../include/openssl/x509.h +x509.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h x509.c diff --git a/lib/libssl/src/apps/apps.c b/lib/libssl/src/apps/apps.c index 5209caba2e2..367eb177e17 100644 --- a/lib/libssl/src/apps/apps.c +++ b/lib/libssl/src/apps/apps.c @@ -115,6 +115,7 @@ #include <sys/types.h> #include <sys/stat.h> #include <ctype.h> +#include <assert.h> #include <openssl/err.h> #include <openssl/x509.h> #include <openssl/x509v3.h> @@ -129,6 +130,9 @@ #include <openssl/rsa.h> #endif #include <openssl/bn.h> +#ifndef OPENSSL_NO_JPAKE +#include <openssl/jpake.h> +#endif #define NON_MAIN #include "apps.h" @@ -2333,3 +2337,233 @@ void policies_print(BIO *out, X509_STORE_CTX *ctx) if (free_out) BIO_free(out); } + +#ifndef OPENSSL_NO_JPAKE + +static JPAKE_CTX *jpake_init(const char *us, const char *them, + const char *secret) + { + BIGNUM *p = NULL; + BIGNUM *g = NULL; + BIGNUM *q = NULL; + BIGNUM *bnsecret = BN_new(); + JPAKE_CTX *ctx; + + /* Use a safe prime for p (that we found earlier) */ + BN_hex2bn(&p, "F9E5B365665EA7A05A9C534502780FEE6F1AB5BD4F49947FD036DBD7E905269AF46EF28B0FC07487EE4F5D20FB3C0AF8E700F3A2FA3414970CBED44FEDFF80CE78D800F184BB82435D137AADA2C6C16523247930A63B85661D1FC817A51ACD96168E95898A1F83A79FFB529368AA7833ABD1B0C3AEDDB14D2E1A2F71D99F763F"); + g = BN_new(); + BN_set_word(g, 2); + q = BN_new(); + BN_rshift1(q, p); + + BN_bin2bn((const unsigned char *)secret, strlen(secret), bnsecret); + + ctx = JPAKE_CTX_new(us, them, p, g, q, bnsecret); + BN_free(bnsecret); + BN_free(q); + BN_free(g); + BN_free(p); + + return ctx; + } + +static void jpake_send_part(BIO *conn, const JPAKE_STEP_PART *p) + { + BN_print(conn, p->gx); + BIO_puts(conn, "\n"); + BN_print(conn, p->zkpx.gr); + BIO_puts(conn, "\n"); + BN_print(conn, p->zkpx.b); + BIO_puts(conn, "\n"); + } + +static void jpake_send_step1(BIO *bconn, JPAKE_CTX *ctx) + { + JPAKE_STEP1 s1; + + JPAKE_STEP1_init(&s1); + JPAKE_STEP1_generate(&s1, ctx); + jpake_send_part(bconn, &s1.p1); + jpake_send_part(bconn, &s1.p2); + (void)BIO_flush(bconn); + JPAKE_STEP1_release(&s1); + } + +static void jpake_send_step2(BIO *bconn, JPAKE_CTX *ctx) + { + JPAKE_STEP2 s2; + + JPAKE_STEP2_init(&s2); + JPAKE_STEP2_generate(&s2, ctx); + jpake_send_part(bconn, &s2); + (void)BIO_flush(bconn); + JPAKE_STEP2_release(&s2); + } + +static void jpake_send_step3a(BIO *bconn, JPAKE_CTX *ctx) + { + JPAKE_STEP3A s3a; + + JPAKE_STEP3A_init(&s3a); + JPAKE_STEP3A_generate(&s3a, ctx); + BIO_write(bconn, s3a.hhk, sizeof s3a.hhk); + (void)BIO_flush(bconn); + JPAKE_STEP3A_release(&s3a); + } + +static void jpake_send_step3b(BIO *bconn, JPAKE_CTX *ctx) + { + JPAKE_STEP3B s3b; + + JPAKE_STEP3B_init(&s3b); + JPAKE_STEP3B_generate(&s3b, ctx); + BIO_write(bconn, s3b.hk, sizeof s3b.hk); + (void)BIO_flush(bconn); + JPAKE_STEP3B_release(&s3b); + } + +static void readbn(BIGNUM **bn, BIO *bconn) + { + char buf[10240]; + int l; + + l = BIO_gets(bconn, buf, sizeof buf); + assert(l >= 0); + assert(buf[l-1] == '\n'); + buf[l-1] = '\0'; + BN_hex2bn(bn, buf); + } + +static void jpake_receive_part(JPAKE_STEP_PART *p, BIO *bconn) + { + readbn(&p->gx, bconn); + readbn(&p->zkpx.gr, bconn); + readbn(&p->zkpx.b, bconn); + } + +static void jpake_receive_step1(JPAKE_CTX *ctx, BIO *bconn) + { + JPAKE_STEP1 s1; + + JPAKE_STEP1_init(&s1); + jpake_receive_part(&s1.p1, bconn); + jpake_receive_part(&s1.p2, bconn); + if(!JPAKE_STEP1_process(ctx, &s1)) + { + ERR_print_errors(bio_err); + exit(1); + } + JPAKE_STEP1_release(&s1); + } + +static void jpake_receive_step2(JPAKE_CTX *ctx, BIO *bconn) + { + JPAKE_STEP2 s2; + + JPAKE_STEP2_init(&s2); + jpake_receive_part(&s2, bconn); + if(!JPAKE_STEP2_process(ctx, &s2)) + { + ERR_print_errors(bio_err); + exit(1); + } + JPAKE_STEP2_release(&s2); + } + +static void jpake_receive_step3a(JPAKE_CTX *ctx, BIO *bconn) + { + JPAKE_STEP3A s3a; + int l; + + JPAKE_STEP3A_init(&s3a); + l = BIO_read(bconn, s3a.hhk, sizeof s3a.hhk); + assert(l == sizeof s3a.hhk); + if(!JPAKE_STEP3A_process(ctx, &s3a)) + { + ERR_print_errors(bio_err); + exit(1); + } + JPAKE_STEP3A_release(&s3a); + } + +static void jpake_receive_step3b(JPAKE_CTX *ctx, BIO *bconn) + { + JPAKE_STEP3B s3b; + int l; + + JPAKE_STEP3B_init(&s3b); + l = BIO_read(bconn, s3b.hk, sizeof s3b.hk); + assert(l == sizeof s3b.hk); + if(!JPAKE_STEP3B_process(ctx, &s3b)) + { + ERR_print_errors(bio_err); + exit(1); + } + JPAKE_STEP3B_release(&s3b); + } + +void jpake_client_auth(BIO *out, BIO *conn, const char *secret) + { + JPAKE_CTX *ctx; + BIO *bconn; + + BIO_puts(out, "Authenticating with JPAKE\n"); + + ctx = jpake_init("client", "server", secret); + + bconn = BIO_new(BIO_f_buffer()); + BIO_push(bconn, conn); + + jpake_send_step1(bconn, ctx); + jpake_receive_step1(ctx, bconn); + jpake_send_step2(bconn, ctx); + jpake_receive_step2(ctx, bconn); + jpake_send_step3a(bconn, ctx); + jpake_receive_step3b(ctx, bconn); + + /* + * The problem is that you must use the derived key in the + * session key or you are subject to man-in-the-middle + * attacks. + */ + BIO_puts(out, "JPAKE authentication succeeded (N.B. This version can" + " be MitMed. See the version in HEAD for how to do it" + " properly)\n"); + + BIO_pop(bconn); + BIO_free(bconn); + } + +void jpake_server_auth(BIO *out, BIO *conn, const char *secret) + { + JPAKE_CTX *ctx; + BIO *bconn; + + BIO_puts(out, "Authenticating with JPAKE\n"); + + ctx = jpake_init("server", "client", secret); + + bconn = BIO_new(BIO_f_buffer()); + BIO_push(bconn, conn); + + jpake_receive_step1(ctx, bconn); + jpake_send_step1(bconn, ctx); + jpake_receive_step2(ctx, bconn); + jpake_send_step2(bconn, ctx); + jpake_receive_step3a(ctx, bconn); + jpake_send_step3b(bconn, ctx); + + /* + * The problem is that you must use the derived key in the + * session key or you are subject to man-in-the-middle + * attacks. + */ + BIO_puts(out, "JPAKE authentication succeeded (N.B. This version can" + " be MitMed. See the version in HEAD for how to do it" + " properly)\n"); + + BIO_pop(bconn); + BIO_free(bconn); + } + +#endif diff --git a/lib/libssl/src/apps/apps.h b/lib/libssl/src/apps/apps.h index 0df170813ae..88579094b1c 100644 --- a/lib/libssl/src/apps/apps.h +++ b/lib/libssl/src/apps/apps.h @@ -149,9 +149,11 @@ int WIN32_rename(const char *oldname,const char *newname); #ifndef NON_MAIN CONF *config=NULL; BIO *bio_err=NULL; +int in_FIPS_mode=0; #else extern CONF *config; extern BIO *bio_err; +extern int in_FIPS_mode; #endif #else @@ -160,6 +162,7 @@ extern BIO *bio_err; extern CONF *config; extern char *default_config_file; extern BIO *bio_err; +extern int in_FIPS_mode; #endif @@ -335,6 +338,10 @@ X509_NAME *parse_name(char *str, long chtype, int multirdn); int args_verify(char ***pargs, int *pargc, int *badarg, BIO *err, X509_VERIFY_PARAM **pm); void policies_print(BIO *out, X509_STORE_CTX *ctx); +#ifndef OPENSSL_NO_JPAKE +void jpake_client_auth(BIO *out, BIO *conn, const char *secret); +void jpake_server_auth(BIO *out, BIO *conn, const char *secret); +#endif #define FORMAT_UNDEF 0 #define FORMAT_ASN1 1 diff --git a/lib/libssl/src/apps/asn1pars.c b/lib/libssl/src/apps/asn1pars.c index b1a7c8e5dbf..bde61d02d12 100644 --- a/lib/libssl/src/apps/asn1pars.c +++ b/lib/libssl/src/apps/asn1pars.c @@ -56,7 +56,7 @@ * [including the GNU Public Licence.] */ -/* A nice addition from Dr Stephen Henson <shenson@bigfoot.com> to +/* A nice addition from Dr Stephen Henson <steve@openssl.org> to * add the -strparse option which parses nested binary structures */ diff --git a/lib/libssl/src/apps/crl.c b/lib/libssl/src/apps/crl.c index a0040fba119..c395b2afd5d 100644 --- a/lib/libssl/src/apps/crl.c +++ b/lib/libssl/src/apps/crl.c @@ -85,6 +85,7 @@ static const char *crl_usage[]={ " -issuer - print issuer DN\n", " -lastupdate - lastUpdate field\n", " -nextupdate - nextUpdate field\n", +" -crlnumber - print CRL number\n", " -noout - no CRL output\n", " -CAfile name - verify CRL using certificates in file \"name\"\n", " -CApath dir - verify CRL using certificates in \"dir\"\n", @@ -107,7 +108,7 @@ int MAIN(int argc, char **argv) int informat,outformat; char *infile=NULL,*outfile=NULL; int hash=0,issuer=0,lastupdate=0,nextupdate=0,noout=0,text=0; - int fingerprint = 0; + int fingerprint = 0, crlnumber = 0; const char **pp; X509_STORE *store = NULL; X509_STORE_CTX ctx; @@ -206,6 +207,8 @@ int MAIN(int argc, char **argv) noout= ++num; else if (strcmp(*argv,"-fingerprint") == 0) fingerprint= ++num; + else if (strcmp(*argv,"-crlnumber") == 0) + crlnumber= ++num; else if ((md_alg=EVP_get_digestbyname(*argv + 1))) { /* ok */ @@ -281,7 +284,21 @@ bad: { print_name(bio_out, "issuer=", X509_CRL_get_issuer(x), nmflag); } - + if (crlnumber == i) + { + ASN1_INTEGER *crlnum; + crlnum = X509_CRL_get_ext_d2i(x, NID_crl_number, + NULL, NULL); + BIO_printf(bio_out,"crlNumber="); + if (crlnum) + { + i2a_ASN1_INTEGER(bio_out, crlnum); + ASN1_INTEGER_free(crlnum); + } + else + BIO_puts(bio_out, "<NONE>"); + BIO_printf(bio_out,"\n"); + } if (hash == i) { BIO_printf(bio_out,"%08lx\n", diff --git a/lib/libssl/src/apps/dgst.c b/lib/libssl/src/apps/dgst.c index c5ecf93d1b0..9ebfc22e796 100644 --- a/lib/libssl/src/apps/dgst.c +++ b/lib/libssl/src/apps/dgst.c @@ -76,7 +76,7 @@ int do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout, EVP_PKEY *key, unsigned char *sigin, int siglen, const char *title, - const char *file,BIO *bmd,const char *hmac_key); + const char *file,BIO *bmd,const char *hmac_key, int non_fips_allow); int MAIN(int, char **); @@ -84,7 +84,7 @@ int MAIN(int argc, char **argv) { ENGINE *e = NULL; unsigned char *buf=NULL; - int i,err=0; + int i,err=1; const EVP_MD *md=NULL,*m; BIO *in=NULL,*inp; BIO *bmd=NULL; @@ -101,14 +101,16 @@ int MAIN(int argc, char **argv) EVP_PKEY *sigkey = NULL; unsigned char *sigbuf = NULL; int siglen = 0; + unsigned int sig_flags = 0; char *passargin = NULL, *passin = NULL; #ifndef OPENSSL_NO_ENGINE char *engine=NULL; #endif char *hmac_key=NULL; + int non_fips_allow = 0; apps_startup(); - +ERR_load_crypto_strings(); if ((buf=(unsigned char *)OPENSSL_malloc(BUFSIZE)) == NULL) { BIO_printf(bio_err,"out of memory\n"); @@ -167,6 +169,27 @@ int MAIN(int argc, char **argv) keyfile=*(++argv); do_verify = 1; } + else if (strcmp(*argv,"-x931") == 0) + sig_flags = EVP_MD_CTX_FLAG_PAD_X931; + else if (strcmp(*argv,"-pss_saltlen") == 0) + { + int saltlen; + if (--argc < 1) break; + saltlen=atoi(*(++argv)); + if (saltlen == -1) + sig_flags = EVP_MD_CTX_FLAG_PSS_MREC; + else if (saltlen == -2) + sig_flags = EVP_MD_CTX_FLAG_PSS_MDLEN; + else if (saltlen < -2 || saltlen >= 0xFFFE) + { + BIO_printf(bio_err, "Invalid PSS salt length %d\n", saltlen); + goto end; + } + else + sig_flags = saltlen; + sig_flags <<= 16; + sig_flags |= EVP_MD_CTX_FLAG_PAD_PSS; + } else if (strcmp(*argv,"-signature") == 0) { if (--argc < 1) break; @@ -190,6 +213,8 @@ int MAIN(int argc, char **argv) out_bin = 1; else if (strcmp(*argv,"-d") == 0) debug=1; + else if (strcmp(*argv,"-non-fips-allow") == 0) + non_fips_allow=1; else if (!strcmp(*argv,"-fips-fingerprint")) hmac_key = "etaonrishdlcupfm"; else if (!strcmp(*argv,"-hmac")) @@ -356,8 +381,20 @@ int MAIN(int argc, char **argv) goto end; } } - + if (non_fips_allow) + { + EVP_MD_CTX *md_ctx; + BIO_get_md_ctx(bmd,&md_ctx); + EVP_MD_CTX_set_flags(md_ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW); + } + + if (sig_flags) + { + EVP_MD_CTX *md_ctx; + BIO_get_md_ctx(bmd,&md_ctx); + EVP_MD_CTX_set_flags(md_ctx, sig_flags); + } /* we use md as a filter, reading from 'in' */ if (!BIO_set_md(bmd,md)) @@ -373,11 +410,12 @@ int MAIN(int argc, char **argv) { BIO_set_fp(in,stdin,BIO_NOCLOSE); err=do_fp(out, buf,inp,separator, out_bin, sigkey, sigbuf, - siglen,"","(stdin)",bmd,hmac_key); + siglen,"","(stdin)",bmd,hmac_key,non_fips_allow); } else { name=OBJ_nid2sn(md->type); + err = 0; for (i=0; i<argc; i++) { char *tmp,*tofree=NULL; @@ -399,7 +437,7 @@ int MAIN(int argc, char **argv) else tmp=""; r=do_fp(out,buf,inp,separator,out_bin,sigkey,sigbuf, - siglen,tmp,argv[i],bmd,hmac_key); + siglen,tmp,argv[i],bmd,hmac_key,non_fips_allow); if(r) err=r; if(tofree) @@ -426,7 +464,7 @@ end: int do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout, EVP_PKEY *key, unsigned char *sigin, int siglen, const char *title, - const char *file,BIO *bmd,const char *hmac_key) + const char *file,BIO *bmd,const char *hmac_key,int non_fips_allow) { unsigned int len; int i; diff --git a/lib/libssl/src/apps/dsa.c b/lib/libssl/src/apps/dsa.c index 7518a2fe964..cbc1fe3f819 100644 --- a/lib/libssl/src/apps/dsa.c +++ b/lib/libssl/src/apps/dsa.c @@ -96,9 +96,7 @@ int MAIN(int, char **); int MAIN(int argc, char **argv) { -#ifndef OPENSSL_NO_ENGINE ENGINE *e = NULL; -#endif int ret=1; DSA *dsa=NULL; int i,badops=0; diff --git a/lib/libssl/src/apps/enc.c b/lib/libssl/src/apps/enc.c index a41ea800ac1..47c6eb604df 100644 --- a/lib/libssl/src/apps/enc.c +++ b/lib/libssl/src/apps/enc.c @@ -127,6 +127,7 @@ int MAIN(int argc, char **argv) char *engine = NULL; #endif const EVP_MD *dgst=NULL; + int non_fips_allow = 0; apps_startup(); @@ -261,6 +262,8 @@ int MAIN(int argc, char **argv) if (--argc < 1) goto bad; md= *(++argv); } + else if (strcmp(*argv,"-non-fips-allow") == 0) + non_fips_allow = 1; else if ((argv[0][0] == '-') && ((c=EVP_get_cipherbyname(&(argv[0][1]))) != NULL)) { @@ -314,7 +317,10 @@ bad: if (dgst == NULL) { - dgst = EVP_md5(); + if (in_FIPS_mode) + dgst = EVP_sha1(); + else + dgst = EVP_md5(); } if (bufsize != NULL) @@ -549,6 +555,11 @@ bad: */ BIO_get_cipher_ctx(benc, &ctx); + + if (non_fips_allow) + EVP_CIPHER_CTX_set_flags(ctx, + EVP_CIPH_FLAG_NON_FIPS_ALLOW); + if (!EVP_CipherInit_ex(ctx, cipher, NULL, NULL, NULL, enc)) { BIO_printf(bio_err, "Error setting cipher %s\n", diff --git a/lib/libssl/src/apps/engine.c b/lib/libssl/src/apps/engine.c index 25c86171079..1d0dd9bfbc4 100644 --- a/lib/libssl/src/apps/engine.c +++ b/lib/libssl/src/apps/engine.c @@ -56,7 +56,6 @@ * */ -#ifndef OPENSSL_NO_ENGINE #include <stdio.h> #include <stdlib.h> @@ -66,6 +65,7 @@ #endif #include "apps.h" #include <openssl/err.h> +#ifndef OPENSSL_NO_ENGINE #include <openssl/engine.h> #include <openssl/ssl.h> diff --git a/lib/libssl/src/apps/genrsa.c b/lib/libssl/src/apps/genrsa.c index 1599bb7a69d..fdc0d4a07df 100644 --- a/lib/libssl/src/apps/genrsa.c +++ b/lib/libssl/src/apps/genrsa.c @@ -95,6 +95,7 @@ int MAIN(int argc, char **argv) int ret=1; int i,num=DEFBITS; long l; + int use_x931 = 0; const EVP_CIPHER *enc=NULL; unsigned long f4=RSA_F4; char *outfile=NULL; @@ -138,6 +139,8 @@ int MAIN(int argc, char **argv) f4=3; else if (strcmp(*argv,"-F4") == 0 || strcmp(*argv,"-f4") == 0) f4=RSA_F4; + else if (strcmp(*argv,"-x931") == 0) + use_x931 = 1; #ifndef OPENSSL_NO_ENGINE else if (strcmp(*argv,"-engine") == 0) { @@ -266,7 +269,17 @@ bad: BIO_printf(bio_err,"Generating RSA private key, %d bit long modulus\n", num); - if(!BN_set_word(bn, f4) || !RSA_generate_key_ex(rsa, num, bn, &cb)) + if (use_x931) + { + BIGNUM *pubexp; + pubexp = BN_new(); + if (!BN_set_word(pubexp, f4)) + goto err; + if (!RSA_X931_generate_key_ex(rsa, num, pubexp, &cb)) + goto err; + BN_free(pubexp); + } + else if(!BN_set_word(bn, f4) || !RSA_generate_key_ex(rsa, num, bn, &cb)) goto err; app_RAND_write_file(NULL, bio_err); diff --git a/lib/libssl/src/apps/makeapps.com b/lib/libssl/src/apps/makeapps.com index 826ab5bec63..0580a1f401c 100644 --- a/lib/libssl/src/apps/makeapps.com +++ b/lib/libssl/src/apps/makeapps.com @@ -142,7 +142,7 @@ $ LIB_FILES = "VERIFY;ASN1PARS;REQ;DGST;DH;DHPARAM;ENC;PASSWD;GENDH;ERRSTR;"+- "RSA;RSAUTL;DSA;DSAPARAM;EC;ECPARAM;"+- "X509;GENRSA;GENDSA;S_SERVER;S_CLIENT;SPEED;"+- "S_TIME;APPS;S_CB;S_SOCKET;APP_RAND;VERSION;SESS_ID;"+- - "CIPHERS;NSEQ;PKCS12;PKCS8;SPKAC;SMIME;CMS;RAND;ENGINE;OCSP;PRIME" + "CIPHERS;NSEQ;PKCS12;PKCS8;SPKAC;SMIME;RAND;ENGINE;OCSP;PRIME" $ TCPIP_PROGRAMS = ",," $ IF COMPILER .EQS. "VAXC" THEN - TCPIP_PROGRAMS = ",OPENSSL," diff --git a/lib/libssl/src/apps/nseq.c b/lib/libssl/src/apps/nseq.c index dc71d45012f..e3c4dba5473 100644 --- a/lib/libssl/src/apps/nseq.c +++ b/lib/libssl/src/apps/nseq.c @@ -1,5 +1,5 @@ /* nseq.c */ -/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 1999. */ /* ==================================================================== diff --git a/lib/libssl/src/apps/ocsp.c b/lib/libssl/src/apps/ocsp.c index 1001f3b25de..251044d77fc 100644 --- a/lib/libssl/src/apps/ocsp.c +++ b/lib/libssl/src/apps/ocsp.c @@ -1,5 +1,5 @@ /* ocsp.c */ -/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2000. */ /* ==================================================================== diff --git a/lib/libssl/src/apps/openssl.c b/lib/libssl/src/apps/openssl.c index ec25f990feb..7d2b476cf04 100644 --- a/lib/libssl/src/apps/openssl.c +++ b/lib/libssl/src/apps/openssl.c @@ -147,6 +147,7 @@ char *default_config_file=NULL; #ifdef MONOLITH CONF *config=NULL; BIO *bio_err=NULL; +int in_FIPS_mode=0; #endif @@ -232,6 +233,19 @@ int main(int Argc, char *Argv[]) arg.data=NULL; arg.count=0; + in_FIPS_mode = 0; + +#ifdef OPENSSL_FIPS + if(getenv("OPENSSL_FIPS")) { + if (!FIPS_mode_set(1)) { + ERR_load_crypto_strings(); + ERR_print_errors(BIO_new_fp(stderr,BIO_NOCLOSE)); + EXIT(1); + } + in_FIPS_mode = 1; + } +#endif + if (bio_err == NULL) if ((bio_err=BIO_new(BIO_s_file())) != NULL) BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT); @@ -273,21 +287,9 @@ int main(int Argc, char *Argv[]) i=NCONF_load(config,p,&errline); if (i == 0) { - if (ERR_GET_REASON(ERR_peek_last_error()) - == CONF_R_NO_SUCH_FILE) - { - BIO_printf(bio_err, - "WARNING: can't open config file: %s\n",p); - ERR_clear_error(); - NCONF_free(config); - config = NULL; - } - else - { - ERR_print_errors(bio_err); - NCONF_free(config); - exit(1); - } + NCONF_free(config); + config = NULL; + ERR_clear_error(); } prog=prog_init(); diff --git a/lib/libssl/src/apps/pkcs12.c b/lib/libssl/src/apps/pkcs12.c index 268390ebe8d..248bc1154d3 100644 --- a/lib/libssl/src/apps/pkcs12.c +++ b/lib/libssl/src/apps/pkcs12.c @@ -1,5 +1,5 @@ /* pkcs12.c */ -/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project. */ /* ==================================================================== @@ -111,7 +111,7 @@ int MAIN(int argc, char **argv) int maciter = PKCS12_DEFAULT_ITER; int twopass = 0; int keytype = 0; - int cert_pbe = NID_pbe_WithSHA1And40BitRC2_CBC; + int cert_pbe; int key_pbe = NID_pbe_WithSHA1And3_Key_TripleDES_CBC; int ret = 1; int macver = 1; @@ -128,6 +128,13 @@ int MAIN(int argc, char **argv) apps_startup(); +#ifdef OPENSSL_FIPS + if (FIPS_mode()) + cert_pbe = NID_pbe_WithSHA1And3_Key_TripleDES_CBC; + else +#endif + cert_pbe = NID_pbe_WithSHA1And40BitRC2_CBC; + enc = EVP_des_ede3_cbc(); if (bio_err == NULL ) bio_err = BIO_new_fp (stderr, BIO_NOCLOSE); diff --git a/lib/libssl/src/apps/pkcs8.c b/lib/libssl/src/apps/pkcs8.c index d5085444e27..9633a149bcf 100644 --- a/lib/libssl/src/apps/pkcs8.c +++ b/lib/libssl/src/apps/pkcs8.c @@ -1,5 +1,5 @@ /* pkcs8.c */ -/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 1999-2004. */ /* ==================================================================== diff --git a/lib/libssl/src/apps/rsautl.c b/lib/libssl/src/apps/rsautl.c index f3c458ed275..923e2b682f9 100644 --- a/lib/libssl/src/apps/rsautl.c +++ b/lib/libssl/src/apps/rsautl.c @@ -1,5 +1,5 @@ /* rsautl.c */ -/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2000. */ /* ==================================================================== diff --git a/lib/libssl/src/apps/s_client.c b/lib/libssl/src/apps/s_client.c index 78ac95c5126..66d54989a27 100644 --- a/lib/libssl/src/apps/s_client.c +++ b/lib/libssl/src/apps/s_client.c @@ -225,6 +225,7 @@ static void sc_usage(void) BIO_printf(bio_err," -crlf - convert LF from terminal into CRLF\n"); BIO_printf(bio_err," -quiet - no s_client output\n"); BIO_printf(bio_err," -ign_eof - ignore input eof (default when -quiet)\n"); + BIO_printf(bio_err," -no_ign_eof - don't ignore input eof\n"); BIO_printf(bio_err," -ssl2 - just use SSLv2\n"); BIO_printf(bio_err," -ssl3 - just use SSLv3\n"); BIO_printf(bio_err," -tls1 - just use TLSv1\n"); @@ -238,7 +239,8 @@ static void sc_usage(void) BIO_printf(bio_err," -starttls prot - use the STARTTLS command before starting TLS\n"); BIO_printf(bio_err," for those protocols that support it, where\n"); BIO_printf(bio_err," 'prot' defines which one to assume. Currently,\n"); - BIO_printf(bio_err," only \"smtp\", \"pop3\", \"imap\", and \"ftp\" are supported.\n"); + BIO_printf(bio_err," only \"smtp\", \"pop3\", \"imap\", \"ftp\" and \"xmpp\"\n"); + BIO_printf(bio_err," are supported.\n"); #ifndef OPENSSL_NO_ENGINE BIO_printf(bio_err," -engine id - Initialise and use the specified engine\n"); #endif @@ -280,7 +282,8 @@ enum PROTO_SMTP, PROTO_POP3, PROTO_IMAP, - PROTO_FTP + PROTO_FTP, + PROTO_XMPP }; int MAIN(int, char **); @@ -322,8 +325,9 @@ int MAIN(int argc, char **argv) #ifndef OPENSSL_NO_ENGINE char *engine_id=NULL; char *ssl_client_engine_id=NULL; - ENGINE *e=NULL, *ssl_client_engine=NULL; + ENGINE *ssl_client_engine=NULL; #endif + ENGINE *e=NULL; #if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_NETWARE) struct timeval tv; #endif @@ -339,6 +343,9 @@ int MAIN(int argc, char **argv) int peerlen = sizeof(peer); int enable_timeouts = 0 ; long mtu = 0; +#ifndef OPENSSL_NO_JPAKE + char *jpake_secret = NULL; +#endif #if !defined(OPENSSL_NO_SSL2) && !defined(OPENSSL_NO_SSL3) meth=SSLv23_client_method(); @@ -439,6 +446,8 @@ int MAIN(int argc, char **argv) } else if (strcmp(*argv,"-ign_eof") == 0) c_ign_eof=1; + else if (strcmp(*argv,"-no_ign_eof") == 0) + c_ign_eof=0; else if (strcmp(*argv,"-pause") == 0) c_Pause=1; else if (strcmp(*argv,"-debug") == 0) @@ -551,6 +560,8 @@ int MAIN(int argc, char **argv) starttls_proto = PROTO_IMAP; else if (strcmp(*argv,"ftp") == 0) starttls_proto = PROTO_FTP; + else if (strcmp(*argv, "xmpp") == 0) + starttls_proto = PROTO_XMPP; else goto bad; } @@ -581,6 +592,13 @@ int MAIN(int argc, char **argv) /* meth=TLSv1_client_method(); */ } #endif +#ifndef OPENSSL_NO_JPAKE + else if (strcmp(*argv,"-jpake") == 0) + { + if (--argc < 1) goto bad; + jpake_secret = *++argv; + } +#endif else { BIO_printf(bio_err,"unknown option %s\n",*argv); @@ -843,8 +861,6 @@ re_start: else sbio=BIO_new_socket(s,BIO_NOCLOSE); - - if (nbio_test) { BIO *test; @@ -888,6 +904,10 @@ SSL_set_tlsext_status_ids(con, ids); #endif } #endif +#ifndef OPENSSL_NO_JPAKE + if (jpake_secret) + jpake_client_auth(bio_c_out, sbio, jpake_secret); +#endif SSL_set_bio(con,sbio,sbio); SSL_set_connect_state(con); @@ -1000,6 +1020,28 @@ SSL_set_tlsext_status_ids(con, ids); BIO_printf(sbio,"AUTH TLS\r\n"); BIO_read(sbio,sbuf,BUFSIZZ); } + if (starttls_proto == PROTO_XMPP) + { + int seen = 0; + BIO_printf(sbio,"<stream:stream " + "xmlns:stream='http://etherx.jabber.org/streams' " + "xmlns='jabber:client' to='%s' version='1.0'>", host); + seen = BIO_read(sbio,mbuf,BUFSIZZ); + mbuf[seen] = 0; + while (!strstr(mbuf, "<starttls xmlns='urn:ietf:params:xml:ns:xmpp-tls'")) + { + if (strstr(mbuf, "/stream:features>")) + goto shut; + seen = BIO_read(sbio,mbuf,BUFSIZZ); + mbuf[seen] = 0; + } + BIO_printf(sbio, "<starttls xmlns='urn:ietf:params:xml:ns:xmpp-tls'/>"); + seen = BIO_read(sbio,sbuf,BUFSIZZ); + sbuf[seen] = 0; + if (!strstr(sbuf, "<proceed")) + goto shut; + mbuf[0] = 0; + } for (;;) { diff --git a/lib/libssl/src/apps/s_server.c b/lib/libssl/src/apps/s_server.c index 7919c437c64..84b1b284613 100644 --- a/lib/libssl/src/apps/s_server.c +++ b/lib/libssl/src/apps/s_server.c @@ -742,6 +742,10 @@ BIO_printf(err, "cert_status: received %d ids\n", sk_OCSP_RESPID_num(ids)); #endif int MAIN(int, char **); +#ifndef OPENSSL_NO_JPAKE +static char *jpake_secret = NULL; +#endif + int MAIN(int argc, char *argv[]) { X509_STORE *store = NULL; @@ -760,9 +764,7 @@ int MAIN(int argc, char *argv[]) int state=0; SSL_METHOD *meth=NULL; int socket_type=SOCK_STREAM; -#ifndef OPENSSL_NO_ENGINE ENGINE *e=NULL; -#endif char *inrand=NULL; int s_cert_format = FORMAT_PEM, s_key_format = FORMAT_PEM; char *passarg = NULL, *pass = NULL; @@ -774,7 +776,6 @@ int MAIN(int argc, char *argv[]) EVP_PKEY *s_key2 = NULL; X509 *s_cert2 = NULL; #endif - #ifndef OPENSSL_NO_TLSEXT tlsextctx tlsextcbp = {NULL, NULL, SSL_TLSEXT_ERR_ALERT_WARNING}; #endif @@ -1071,6 +1072,14 @@ int MAIN(int argc, char *argv[]) if (--argc < 1) goto bad; s_key_file2= *(++argv); } + +#endif +#ifndef OPENSSL_NO_JPAKE + else if (strcmp(*argv,"-jpake") == 0) + { + if (--argc < 1) goto bad; + jpake_secret = *(++argv); + } #endif else { @@ -1673,6 +1682,11 @@ static int sv_body(char *hostname, int s, unsigned char *context) test=BIO_new(BIO_f_nbio_test()); sbio=BIO_push(test,sbio); } +#ifndef OPENSSL_NO_JPAKE + if(jpake_secret) + jpake_server_auth(bio_s_out, sbio, jpake_secret); +#endif + SSL_set_bio(con,sbio,sbio); SSL_set_accept_state(con); /* SSL_set_fd(con,s); */ diff --git a/lib/libssl/src/apps/smime.c b/lib/libssl/src/apps/smime.c index ce8a1cbecb7..75804b8d7b7 100644 --- a/lib/libssl/src/apps/smime.c +++ b/lib/libssl/src/apps/smime.c @@ -1,5 +1,5 @@ /* smime.c */ -/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project. */ /* ==================================================================== diff --git a/lib/libssl/src/apps/speed.c b/lib/libssl/src/apps/speed.c index 8a1974f5fe9..af077b54a86 100644 --- a/lib/libssl/src/apps/speed.c +++ b/lib/libssl/src/apps/speed.c @@ -2132,7 +2132,7 @@ int MAIN(int argc, char **argv) { ret=RSA_verify(NID_md5_sha1, buf,36, buf2, rsa_num, rsa_key[j]); - if (ret == 0) + if (ret <= 0) { BIO_printf(bio_err, "RSA verify failure\n"); @@ -2760,6 +2760,8 @@ static int do_multi(int multi) for(n=0 ; n < multi ; ++n) { pipe(fd); + fflush(stdout); + fflush(stderr); if(fork()) { close(fd[1]); diff --git a/lib/libssl/src/apps/spkac.c b/lib/libssl/src/apps/spkac.c index 0191d0a783f..0e01ea9947d 100644 --- a/lib/libssl/src/apps/spkac.c +++ b/lib/libssl/src/apps/spkac.c @@ -1,6 +1,6 @@ /* apps/spkac.c */ -/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 1999. Based on an original idea by Massimiliano Pala * (madwolf@openca.org). */ @@ -285,7 +285,7 @@ bad: pkey = NETSCAPE_SPKI_get_pubkey(spki); if(verify) { i = NETSCAPE_SPKI_verify(spki, pkey); - if(i) BIO_printf(bio_err, "Signature OK\n"); + if (i > 0) BIO_printf(bio_err, "Signature OK\n"); else { BIO_printf(bio_err, "Signature Failure\n"); ERR_print_errors(bio_err); diff --git a/lib/libssl/src/apps/verify.c b/lib/libssl/src/apps/verify.c index 9ff32cb0683..20cc9e354cd 100644 --- a/lib/libssl/src/apps/verify.c +++ b/lib/libssl/src/apps/verify.c @@ -266,7 +266,7 @@ static int check(X509_STORE *ctx, char *file, STACK_OF(X509) *uchain, STACK_OF(X ret=0; end: - if (i) + if (i > 0) { fprintf(stdout,"OK\n"); ret=1; @@ -367,4 +367,3 @@ static int MS_CALLBACK cb(int ok, X509_STORE_CTX *ctx) ERR_clear_error(); return(ok); } - diff --git a/lib/libssl/src/apps/version.c b/lib/libssl/src/apps/version.c index 69ef3e1bad0..e9555cbde29 100644 --- a/lib/libssl/src/apps/version.c +++ b/lib/libssl/src/apps/version.c @@ -167,7 +167,7 @@ int MAIN(int argc, char **argv) date=version=cflags=options=platform=dir=1; else { - BIO_printf(bio_err,"usage:version -[avbofp]\n"); + BIO_printf(bio_err,"usage:version -[avbofpd]\n"); ret=1; goto end; } diff --git a/lib/libssl/src/apps/x509.c b/lib/libssl/src/apps/x509.c index f6938356f8a..d904d340218 100644 --- a/lib/libssl/src/apps/x509.c +++ b/lib/libssl/src/apps/x509.c @@ -1151,7 +1151,7 @@ static int x509_certify(X509_STORE *ctx, char *CAfile, const EVP_MD *digest, /* NOTE: this certificate can/should be self signed, unless it was * a certificate request in which case it is not. */ X509_STORE_CTX_set_cert(&xsc,x); - if (!reqfile && !X509_verify_cert(&xsc)) + if (!reqfile && X509_verify_cert(&xsc) <= 0) goto end; if (!X509_check_private_key(xca,pkey)) diff --git a/lib/libssl/src/crypto/aes/aes.h b/lib/libssl/src/crypto/aes/aes.h index baf0222d49d..450f2b4051b 100644 --- a/lib/libssl/src/crypto/aes/aes.h +++ b/lib/libssl/src/crypto/aes/aes.h @@ -66,6 +66,10 @@ #define AES_MAXNR 14 #define AES_BLOCK_SIZE 16 +#ifdef OPENSSL_FIPS +#define FIPS_AES_SIZE_T int +#endif + #ifdef __cplusplus extern "C" { #endif diff --git a/lib/libssl/src/crypto/aes/aes_cbc.c b/lib/libssl/src/crypto/aes/aes_cbc.c index d2ba6bcdb46..373864cd4bd 100644 --- a/lib/libssl/src/crypto/aes/aes_cbc.c +++ b/lib/libssl/src/crypto/aes/aes_cbc.c @@ -59,6 +59,7 @@ #include <openssl/aes.h> #include "aes_locl.h" +#if !defined(OPENSSL_FIPS_AES_ASM) void AES_cbc_encrypt(const unsigned char *in, unsigned char *out, const unsigned long length, const AES_KEY *key, unsigned char *ivec, const int enc) { @@ -129,3 +130,4 @@ void AES_cbc_encrypt(const unsigned char *in, unsigned char *out, } } } +#endif diff --git a/lib/libssl/src/crypto/aes/aes_core.c b/lib/libssl/src/crypto/aes/aes_core.c index 3a80e18b0a4..cffdd4daec4 100644 --- a/lib/libssl/src/crypto/aes/aes_core.c +++ b/lib/libssl/src/crypto/aes/aes_core.c @@ -37,6 +37,10 @@ #include <stdlib.h> #include <openssl/aes.h> +#ifdef OPENSSL_FIPS +#include <openssl/fips.h> +#endif + #include "aes_locl.h" /* @@ -631,6 +635,10 @@ int AES_set_encrypt_key(const unsigned char *userKey, const int bits, int i = 0; u32 temp; +#ifdef OPENSSL_FIPS + FIPS_selftest_check(); +#endif + if (!userKey || !key) return -1; if (bits != 128 && bits != 192 && bits != 256) diff --git a/lib/libssl/src/crypto/aes/asm/aes-586.pl b/lib/libssl/src/crypto/aes/asm/aes-586.pl index 3da307bef94..e771e839535 100644 --- a/lib/libssl/src/crypto/aes/asm/aes-586.pl +++ b/lib/libssl/src/crypto/aes/asm/aes-586.pl @@ -955,8 +955,9 @@ my $mark=&DWP(60+240,"esp"); #copy of aes_key->rounds &align (4); &set_label("enc_tail"); - &push ($key eq "edi" ? $key : ""); # push ivp + &mov ($s0,$key eq "edi" ? $key : ""); &mov ($key,$_out); # load out + &push ($s0); # push ivp &mov ($s1,16); &sub ($s1,$s2); &cmp ($key,$acc); # compare with inp diff --git a/lib/libssl/src/crypto/asn1/a_mbstr.c b/lib/libssl/src/crypto/asn1/a_mbstr.c index 2d4800a22a4..1bcd0468938 100644 --- a/lib/libssl/src/crypto/asn1/a_mbstr.c +++ b/lib/libssl/src/crypto/asn1/a_mbstr.c @@ -1,5 +1,5 @@ /* a_mbstr.c */ -/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 1999. */ /* ==================================================================== diff --git a/lib/libssl/src/crypto/asn1/a_sign.c b/lib/libssl/src/crypto/asn1/a_sign.c index 1081950518c..4dee45fbb83 100644 --- a/lib/libssl/src/crypto/asn1/a_sign.c +++ b/lib/libssl/src/crypto/asn1/a_sign.c @@ -267,7 +267,12 @@ int ASN1_item_sign(const ASN1_ITEM *it, X509_ALGOR *algor1, X509_ALGOR *algor2, goto err; } - EVP_SignInit_ex(&ctx,type, NULL); + if (!EVP_SignInit_ex(&ctx,type, NULL)) + { + outl=0; + ASN1err(ASN1_F_ASN1_ITEM_SIGN,ERR_R_EVP_LIB); + goto err; + } EVP_SignUpdate(&ctx,(unsigned char *)buf_in,inl); if (!EVP_SignFinal(&ctx,(unsigned char *)buf_out, (unsigned int *)&outl,pkey)) diff --git a/lib/libssl/src/crypto/asn1/a_strex.c b/lib/libssl/src/crypto/asn1/a_strex.c index c2dbb6f9a58..7fc14d3296c 100644 --- a/lib/libssl/src/crypto/asn1/a_strex.c +++ b/lib/libssl/src/crypto/asn1/a_strex.c @@ -1,5 +1,5 @@ /* a_strex.c */ -/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2000. */ /* ==================================================================== diff --git a/lib/libssl/src/crypto/asn1/a_strnid.c b/lib/libssl/src/crypto/asn1/a_strnid.c index 613bbc4a7da..fe515b52bae 100644 --- a/lib/libssl/src/crypto/asn1/a_strnid.c +++ b/lib/libssl/src/crypto/asn1/a_strnid.c @@ -1,5 +1,5 @@ /* a_strnid.c */ -/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 1999. */ /* ==================================================================== diff --git a/lib/libssl/src/crypto/asn1/a_verify.c b/lib/libssl/src/crypto/asn1/a_verify.c index fdce6e4380b..da3efaaf8de 100644 --- a/lib/libssl/src/crypto/asn1/a_verify.c +++ b/lib/libssl/src/crypto/asn1/a_verify.c @@ -100,7 +100,12 @@ int ASN1_verify(i2d_of_void *i2d, X509_ALGOR *a, ASN1_BIT_STRING *signature, p=buf_in; i2d(data,&p); - EVP_VerifyInit_ex(&ctx,type, NULL); + if (!EVP_VerifyInit_ex(&ctx,type, NULL)) + { + ASN1err(ASN1_F_ASN1_VERIFY,ERR_R_EVP_LIB); + ret=0; + goto err; + } EVP_VerifyUpdate(&ctx,(unsigned char *)buf_in,inl); OPENSSL_cleanse(buf_in,(unsigned int)inl); diff --git a/lib/libssl/src/crypto/asn1/asn1t.h b/lib/libssl/src/crypto/asn1/asn1t.h index bf315e65ed3..ac14f9415b8 100644 --- a/lib/libssl/src/crypto/asn1/asn1t.h +++ b/lib/libssl/src/crypto/asn1/asn1t.h @@ -1,5 +1,5 @@ /* asn1t.h */ -/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2000. */ /* ==================================================================== diff --git a/lib/libssl/src/crypto/asn1/asn_moid.c b/lib/libssl/src/crypto/asn1/asn_moid.c index 9132350f107..1ea6a592483 100644 --- a/lib/libssl/src/crypto/asn1/asn_moid.c +++ b/lib/libssl/src/crypto/asn1/asn_moid.c @@ -1,5 +1,5 @@ /* asn_moid.c */ -/* Written by Stephen Henson (shenson@bigfoot.com) for the OpenSSL +/* Written by Stephen Henson (steve@openssl.org) for the OpenSSL * project 2001. */ /* ==================================================================== diff --git a/lib/libssl/src/crypto/asn1/asn_pack.c b/lib/libssl/src/crypto/asn1/asn_pack.c index e8b671b7b51..f1a5a056322 100644 --- a/lib/libssl/src/crypto/asn1/asn_pack.c +++ b/lib/libssl/src/crypto/asn1/asn_pack.c @@ -1,5 +1,5 @@ /* asn_pack.c */ -/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 1999. */ /* ==================================================================== diff --git a/lib/libssl/src/crypto/asn1/nsseq.c b/lib/libssl/src/crypto/asn1/nsseq.c index 50e2d4d07a1..e551c57d59d 100644 --- a/lib/libssl/src/crypto/asn1/nsseq.c +++ b/lib/libssl/src/crypto/asn1/nsseq.c @@ -1,5 +1,5 @@ /* nsseq.c */ -/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 1999. */ /* ==================================================================== diff --git a/lib/libssl/src/crypto/asn1/p5_pbe.c b/lib/libssl/src/crypto/asn1/p5_pbe.c index da91170094b..c4582f8041e 100644 --- a/lib/libssl/src/crypto/asn1/p5_pbe.c +++ b/lib/libssl/src/crypto/asn1/p5_pbe.c @@ -1,5 +1,5 @@ /* p5_pbe.c */ -/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 1999. */ /* ==================================================================== diff --git a/lib/libssl/src/crypto/asn1/p5_pbev2.c b/lib/libssl/src/crypto/asn1/p5_pbev2.c index c834a38ddf3..2b0516afeed 100644 --- a/lib/libssl/src/crypto/asn1/p5_pbev2.c +++ b/lib/libssl/src/crypto/asn1/p5_pbev2.c @@ -1,5 +1,5 @@ /* p5_pbev2.c */ -/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 1999-2004. */ /* ==================================================================== diff --git a/lib/libssl/src/crypto/asn1/p8_pkey.c b/lib/libssl/src/crypto/asn1/p8_pkey.c index 24b409132f5..0a1957556e5 100644 --- a/lib/libssl/src/crypto/asn1/p8_pkey.c +++ b/lib/libssl/src/crypto/asn1/p8_pkey.c @@ -1,5 +1,5 @@ /* p8_pkey.c */ -/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 1999. */ /* ==================================================================== diff --git a/lib/libssl/src/crypto/asn1/t_bitst.c b/lib/libssl/src/crypto/asn1/t_bitst.c index 397332d9b8e..2e59a25fa1e 100644 --- a/lib/libssl/src/crypto/asn1/t_bitst.c +++ b/lib/libssl/src/crypto/asn1/t_bitst.c @@ -1,5 +1,5 @@ /* t_bitst.c */ -/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 1999. */ /* ==================================================================== diff --git a/lib/libssl/src/crypto/asn1/t_crl.c b/lib/libssl/src/crypto/asn1/t_crl.c index 929b3e59043..bdb244c015b 100644 --- a/lib/libssl/src/crypto/asn1/t_crl.c +++ b/lib/libssl/src/crypto/asn1/t_crl.c @@ -1,5 +1,5 @@ /* t_crl.c */ -/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 1999. */ /* ==================================================================== diff --git a/lib/libssl/src/crypto/asn1/t_spki.c b/lib/libssl/src/crypto/asn1/t_spki.c index c2a5797dd8b..a73369b9492 100644 --- a/lib/libssl/src/crypto/asn1/t_spki.c +++ b/lib/libssl/src/crypto/asn1/t_spki.c @@ -1,5 +1,5 @@ /* t_spki.c */ -/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 1999. */ /* ==================================================================== diff --git a/lib/libssl/src/crypto/asn1/t_x509.c b/lib/libssl/src/crypto/asn1/t_x509.c index cb76c32c8d0..8f746f9c051 100644 --- a/lib/libssl/src/crypto/asn1/t_x509.c +++ b/lib/libssl/src/crypto/asn1/t_x509.c @@ -393,7 +393,7 @@ int ASN1_GENERALIZEDTIME_print(BIO *bp, ASN1_GENERALIZEDTIME *tm) d= (v[6]-'0')*10+(v[7]-'0'); h= (v[8]-'0')*10+(v[9]-'0'); m= (v[10]-'0')*10+(v[11]-'0'); - if (i >= 14 && + if (tm->length >= 14 && (v[12] >= '0') && (v[12] <= '9') && (v[13] >= '0') && (v[13] <= '9')) s= (v[12]-'0')*10+(v[13]-'0'); @@ -429,7 +429,7 @@ int ASN1_UTCTIME_print(BIO *bp, ASN1_UTCTIME *tm) d= (v[4]-'0')*10+(v[5]-'0'); h= (v[6]-'0')*10+(v[7]-'0'); m= (v[8]-'0')*10+(v[9]-'0'); - if (i >=12 && + if (tm->length >=12 && (v[10] >= '0') && (v[10] <= '9') && (v[11] >= '0') && (v[11] <= '9')) s= (v[10]-'0')*10+(v[11]-'0'); diff --git a/lib/libssl/src/crypto/asn1/t_x509a.c b/lib/libssl/src/crypto/asn1/t_x509a.c index ffbbfb51f43..8b18801a173 100644 --- a/lib/libssl/src/crypto/asn1/t_x509a.c +++ b/lib/libssl/src/crypto/asn1/t_x509a.c @@ -1,5 +1,5 @@ /* t_x509a.c */ -/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 1999. */ /* ==================================================================== diff --git a/lib/libssl/src/crypto/asn1/tasn_dec.c b/lib/libssl/src/crypto/asn1/tasn_dec.c index 0ee406231e7..ced641698eb 100644 --- a/lib/libssl/src/crypto/asn1/tasn_dec.c +++ b/lib/libssl/src/crypto/asn1/tasn_dec.c @@ -1,5 +1,5 @@ /* tasn_dec.c */ -/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2000. */ /* ==================================================================== diff --git a/lib/libssl/src/crypto/asn1/tasn_enc.c b/lib/libssl/src/crypto/asn1/tasn_enc.c index be19b36acd5..2721f904a63 100644 --- a/lib/libssl/src/crypto/asn1/tasn_enc.c +++ b/lib/libssl/src/crypto/asn1/tasn_enc.c @@ -1,5 +1,5 @@ /* tasn_enc.c */ -/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2000. */ /* ==================================================================== diff --git a/lib/libssl/src/crypto/asn1/tasn_fre.c b/lib/libssl/src/crypto/asn1/tasn_fre.c index bb7c1e2af48..d7c017fa1d4 100644 --- a/lib/libssl/src/crypto/asn1/tasn_fre.c +++ b/lib/libssl/src/crypto/asn1/tasn_fre.c @@ -1,5 +1,5 @@ /* tasn_fre.c */ -/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2000. */ /* ==================================================================== diff --git a/lib/libssl/src/crypto/asn1/tasn_new.c b/lib/libssl/src/crypto/asn1/tasn_new.c index 531dad365c0..5c6a2ebd4d0 100644 --- a/lib/libssl/src/crypto/asn1/tasn_new.c +++ b/lib/libssl/src/crypto/asn1/tasn_new.c @@ -1,5 +1,5 @@ /* tasn_new.c */ -/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2000. */ /* ==================================================================== diff --git a/lib/libssl/src/crypto/asn1/tasn_prn.c b/lib/libssl/src/crypto/asn1/tasn_prn.c index 719639b511f..b9c96a6dbe1 100644 --- a/lib/libssl/src/crypto/asn1/tasn_prn.c +++ b/lib/libssl/src/crypto/asn1/tasn_prn.c @@ -1,5 +1,5 @@ /* tasn_prn.c */ -/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2000. */ /* ==================================================================== diff --git a/lib/libssl/src/crypto/asn1/tasn_typ.c b/lib/libssl/src/crypto/asn1/tasn_typ.c index 6f17f1bec71..6252213d15f 100644 --- a/lib/libssl/src/crypto/asn1/tasn_typ.c +++ b/lib/libssl/src/crypto/asn1/tasn_typ.c @@ -1,5 +1,5 @@ /* tasn_typ.c */ -/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2000. */ /* ==================================================================== diff --git a/lib/libssl/src/crypto/asn1/tasn_utl.c b/lib/libssl/src/crypto/asn1/tasn_utl.c index 34d520b180a..ca9ec7a32f5 100644 --- a/lib/libssl/src/crypto/asn1/tasn_utl.c +++ b/lib/libssl/src/crypto/asn1/tasn_utl.c @@ -1,5 +1,5 @@ /* tasn_utl.c */ -/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2000. */ /* ==================================================================== diff --git a/lib/libssl/src/crypto/asn1/x_algor.c b/lib/libssl/src/crypto/asn1/x_algor.c index 33533aba862..99e53429b79 100644 --- a/lib/libssl/src/crypto/asn1/x_algor.c +++ b/lib/libssl/src/crypto/asn1/x_algor.c @@ -1,5 +1,5 @@ /* x_algor.c */ -/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2000. */ /* ==================================================================== diff --git a/lib/libssl/src/crypto/asn1/x_bignum.c b/lib/libssl/src/crypto/asn1/x_bignum.c index 869c05d931d..9cf3204a1b5 100644 --- a/lib/libssl/src/crypto/asn1/x_bignum.c +++ b/lib/libssl/src/crypto/asn1/x_bignum.c @@ -1,5 +1,5 @@ /* x_bignum.c */ -/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2000. */ /* ==================================================================== diff --git a/lib/libssl/src/crypto/asn1/x_exten.c b/lib/libssl/src/crypto/asn1/x_exten.c index 1732e667125..3a21239926a 100644 --- a/lib/libssl/src/crypto/asn1/x_exten.c +++ b/lib/libssl/src/crypto/asn1/x_exten.c @@ -1,5 +1,5 @@ /* x_exten.c */ -/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2000. */ /* ==================================================================== diff --git a/lib/libssl/src/crypto/asn1/x_long.c b/lib/libssl/src/crypto/asn1/x_long.c index 0db233cb95f..bf35457c1f7 100644 --- a/lib/libssl/src/crypto/asn1/x_long.c +++ b/lib/libssl/src/crypto/asn1/x_long.c @@ -1,5 +1,5 @@ /* x_long.c */ -/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2000. */ /* ==================================================================== diff --git a/lib/libssl/src/crypto/asn1/x_x509a.c b/lib/libssl/src/crypto/asn1/x_x509a.c index 13db5fd03fd..b603f82de71 100644 --- a/lib/libssl/src/crypto/asn1/x_x509a.c +++ b/lib/libssl/src/crypto/asn1/x_x509a.c @@ -1,5 +1,5 @@ /* a_x509a.c */ -/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 1999. */ /* ==================================================================== diff --git a/lib/libssl/src/crypto/bf/bf_skey.c b/lib/libssl/src/crypto/bf/bf_skey.c index 3673cdee6e2..6ac2aeb2795 100644 --- a/lib/libssl/src/crypto/bf/bf_skey.c +++ b/lib/libssl/src/crypto/bf/bf_skey.c @@ -59,10 +59,15 @@ #include <stdio.h> #include <string.h> #include <openssl/blowfish.h> +#include <openssl/crypto.h> +#ifdef OPENSSL_FIPS +#include <openssl/fips.h> +#endif + #include "bf_locl.h" #include "bf_pi.h" -void BF_set_key(BF_KEY *key, int len, const unsigned char *data) +FIPS_NON_FIPS_VCIPHER_Init(BF) { int i; BF_LONG *p,ri,in[2]; diff --git a/lib/libssl/src/crypto/bf/blowfish.h b/lib/libssl/src/crypto/bf/blowfish.h index cd49e85ab29..d24ffccb65f 100644 --- a/lib/libssl/src/crypto/bf/blowfish.h +++ b/lib/libssl/src/crypto/bf/blowfish.h @@ -104,7 +104,9 @@ typedef struct bf_key_st BF_LONG S[4*256]; } BF_KEY; - +#ifdef OPENSSL_FIPS +void private_BF_set_key(BF_KEY *key, int len, const unsigned char *data); +#endif void BF_set_key(BF_KEY *key, int len, const unsigned char *data); void BF_encrypt(BF_LONG *data,const BF_KEY *key); diff --git a/lib/libssl/src/crypto/bio/bss_bio.c b/lib/libssl/src/crypto/bio/bss_bio.c index 0f9f0955b41..76bd48e7679 100644 --- a/lib/libssl/src/crypto/bio/bss_bio.c +++ b/lib/libssl/src/crypto/bio/bss_bio.c @@ -919,6 +919,6 @@ int BIO_nwrite(BIO *bio, char **buf, int num) ret = BIO_ctrl(bio, BIO_C_NWRITE, num, buf); if (ret > 0) - bio->num_read += ret; + bio->num_write += ret; return ret; } diff --git a/lib/libssl/src/crypto/bio/bss_file.c b/lib/libssl/src/crypto/bio/bss_file.c index 0c8c8115faa..e692a08e586 100644 --- a/lib/libssl/src/crypto/bio/bss_file.c +++ b/lib/libssl/src/crypto/bio/bss_file.c @@ -279,7 +279,7 @@ static long MS_CALLBACK file_ctrl(BIO *b, int cmd, long num, void *ptr) #endif { #if defined(OPENSSL_SYS_WINDOWS) - int fd = fileno((FILE*)ptr); + int fd = _fileno((FILE*)ptr); if (num & BIO_FP_TEXT) _setmode(fd,_O_TEXT); else diff --git a/lib/libssl/src/crypto/bn/Makefile b/lib/libssl/src/crypto/bn/Makefile index 0491e3db4c4..f5e8f65a469 100644 --- a/lib/libssl/src/crypto/bn/Makefile +++ b/lib/libssl/src/crypto/bn/Makefile @@ -28,13 +28,13 @@ LIBSRC= bn_add.c bn_div.c bn_exp.c bn_lib.c bn_ctx.c bn_mul.c bn_mod.c \ bn_print.c bn_rand.c bn_shift.c bn_word.c bn_blind.c \ bn_kron.c bn_sqrt.c bn_gcd.c bn_prime.c bn_err.c bn_sqr.c bn_asm.c \ bn_recp.c bn_mont.c bn_mpi.c bn_exp2.c bn_gf2m.c bn_nist.c \ - bn_depr.c bn_const.c + bn_depr.c bn_x931p.c bn_const.c bn_opt.c LIBOBJ= bn_add.o bn_div.o bn_exp.o bn_lib.o bn_ctx.o bn_mul.o bn_mod.o \ bn_print.o bn_rand.o bn_shift.o bn_word.o bn_blind.o \ bn_kron.o bn_sqrt.o bn_gcd.o bn_prime.o bn_err.o bn_sqr.o $(BN_ASM) \ bn_recp.o bn_mont.o bn_mpi.o bn_exp2.o bn_gf2m.o bn_nist.o \ - bn_depr.o bn_const.o + bn_depr.o bn_x931p.o bn_const.o bn_opt.o SRC= $(LIBSRC) @@ -58,7 +58,7 @@ bnbug: bnbug.c ../../libcrypto.a top cc -g -I../../include bnbug.c -o bnbug ../../libcrypto.a lib: $(LIBOBJ) - $(AR) $(LIB) $(LIBOBJ) + $(ARX) $(LIB) $(LIBOBJ) $(RANLIB) $(LIB) || echo Never mind. @touch lib @@ -292,6 +292,13 @@ bn_nist.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h bn_nist.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h bn_nist.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h bn_nist.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_lcl.h bn_nist.c +bn_opt.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h +bn_opt.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h +bn_opt.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h +bn_opt.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h +bn_opt.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +bn_opt.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h +bn_opt.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_lcl.h bn_opt.c bn_prime.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h bn_prime.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h bn_prime.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h @@ -350,3 +357,6 @@ bn_word.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h bn_word.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h bn_word.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h bn_word.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_lcl.h bn_word.c +bn_x931p.o: ../../include/openssl/bn.h ../../include/openssl/e_os2.h +bn_x931p.o: ../../include/openssl/opensslconf.h +bn_x931p.o: ../../include/openssl/ossl_typ.h bn_x931p.c diff --git a/lib/libssl/src/crypto/bn/bn.h b/lib/libssl/src/crypto/bn/bn.h index 6d754d55477..f1719a5877f 100644 --- a/lib/libssl/src/crypto/bn/bn.h +++ b/lib/libssl/src/crypto/bn/bn.h @@ -408,8 +408,8 @@ BIGNUM *BN_CTX_get(BN_CTX *ctx); void BN_CTX_end(BN_CTX *ctx); int BN_rand(BIGNUM *rnd, int bits, int top,int bottom); int BN_pseudo_rand(BIGNUM *rnd, int bits, int top,int bottom); -int BN_rand_range(BIGNUM *rnd, BIGNUM *range); -int BN_pseudo_rand_range(BIGNUM *rnd, BIGNUM *range); +int BN_rand_range(BIGNUM *rnd, const BIGNUM *range); +int BN_pseudo_rand_range(BIGNUM *rnd, const BIGNUM *range); int BN_num_bits(const BIGNUM *a); int BN_num_bits_word(BN_ULONG); BIGNUM *BN_new(void); @@ -531,6 +531,17 @@ int BN_is_prime_ex(const BIGNUM *p,int nchecks, BN_CTX *ctx, BN_GENCB *cb); int BN_is_prime_fasttest_ex(const BIGNUM *p,int nchecks, BN_CTX *ctx, int do_trial_division, BN_GENCB *cb); +int BN_X931_generate_Xpq(BIGNUM *Xp, BIGNUM *Xq, int nbits, BN_CTX *ctx); + +int BN_X931_derive_prime_ex(BIGNUM *p, BIGNUM *p1, BIGNUM *p2, + const BIGNUM *Xp, const BIGNUM *Xp1, const BIGNUM *Xp2, + const BIGNUM *e, BN_CTX *ctx, BN_GENCB *cb); +int BN_X931_generate_prime_ex(BIGNUM *p, BIGNUM *p1, BIGNUM *p2, + BIGNUM *Xp1, BIGNUM *Xp2, + const BIGNUM *Xp, + const BIGNUM *e, BN_CTX *ctx, + BN_GENCB *cb); + BN_MONT_CTX *BN_MONT_CTX_new(void ); void BN_MONT_CTX_init(BN_MONT_CTX *ctx); int BN_mod_mul_montgomery(BIGNUM *r,const BIGNUM *a,const BIGNUM *b, diff --git a/lib/libssl/src/crypto/bn/bn_lib.c b/lib/libssl/src/crypto/bn/bn_lib.c index 2649b8c5385..32a8fbaf51e 100644 --- a/lib/libssl/src/crypto/bn/bn_lib.c +++ b/lib/libssl/src/crypto/bn/bn_lib.c @@ -139,25 +139,6 @@ const BIGNUM *BN_value_one(void) return(&const_one); } -char *BN_options(void) - { - static int init=0; - static char data[16]; - - if (!init) - { - init++; -#ifdef BN_LLONG - BIO_snprintf(data,sizeof data,"bn(%d,%d)", - (int)sizeof(BN_ULLONG)*8,(int)sizeof(BN_ULONG)*8); -#else - BIO_snprintf(data,sizeof data,"bn(%d,%d)", - (int)sizeof(BN_ULONG)*8,(int)sizeof(BN_ULONG)*8); -#endif - } - return(data); - } - int BN_num_bits_word(BN_ULONG l) { static const char bits[256]={ diff --git a/lib/libssl/src/crypto/bn/bn_nist.c b/lib/libssl/src/crypto/bn/bn_nist.c index 1fc94f55c32..2ca5b013911 100644 --- a/lib/libssl/src/crypto/bn/bn_nist.c +++ b/lib/libssl/src/crypto/bn/bn_nist.c @@ -66,46 +66,157 @@ #define BN_NIST_384_TOP (384+BN_BITS2-1)/BN_BITS2 #define BN_NIST_521_TOP (521+BN_BITS2-1)/BN_BITS2 +/* pre-computed tables are "carry-less" values of modulus*(i+1) */ #if BN_BITS2 == 64 -static const BN_ULONG _nist_p_192[] = - {0xFFFFFFFFFFFFFFFFULL,0xFFFFFFFFFFFFFFFEULL, - 0xFFFFFFFFFFFFFFFFULL}; -static const BN_ULONG _nist_p_224[] = +static const BN_ULONG _nist_p_192[][BN_NIST_192_TOP] = { + {0xFFFFFFFFFFFFFFFFULL,0xFFFFFFFFFFFFFFFEULL,0xFFFFFFFFFFFFFFFFULL}, + {0xFFFFFFFFFFFFFFFEULL,0xFFFFFFFFFFFFFFFDULL,0xFFFFFFFFFFFFFFFFULL}, + {0xFFFFFFFFFFFFFFFDULL,0xFFFFFFFFFFFFFFFCULL,0xFFFFFFFFFFFFFFFFULL} + }; +static const BN_ULONG _nist_p_192_sqr[] = { + 0x0000000000000001ULL,0x0000000000000002ULL,0x0000000000000001ULL, + 0xFFFFFFFFFFFFFFFEULL,0xFFFFFFFFFFFFFFFDULL,0xFFFFFFFFFFFFFFFFULL + }; +static const BN_ULONG _nist_p_224[][BN_NIST_224_TOP] = { {0x0000000000000001ULL,0xFFFFFFFF00000000ULL, - 0xFFFFFFFFFFFFFFFFULL,0x00000000FFFFFFFFULL}; -static const BN_ULONG _nist_p_256[] = + 0xFFFFFFFFFFFFFFFFULL,0x00000000FFFFFFFFULL}, + {0x0000000000000002ULL,0xFFFFFFFE00000000ULL, + 0xFFFFFFFFFFFFFFFFULL,0x00000001FFFFFFFFULL} /* this one is "carry-full" */ + }; +static const BN_ULONG _nist_p_224_sqr[] = { + 0x0000000000000001ULL,0xFFFFFFFE00000000ULL, + 0xFFFFFFFFFFFFFFFFULL,0x0000000200000000ULL, + 0x0000000000000000ULL,0xFFFFFFFFFFFFFFFEULL, + 0xFFFFFFFFFFFFFFFFULL + }; +static const BN_ULONG _nist_p_256[][BN_NIST_256_TOP] = { {0xFFFFFFFFFFFFFFFFULL,0x00000000FFFFFFFFULL, - 0x0000000000000000ULL,0xFFFFFFFF00000001ULL}; -static const BN_ULONG _nist_p_384[] = - {0x00000000FFFFFFFFULL,0xFFFFFFFF00000000ULL, - 0xFFFFFFFFFFFFFFFEULL,0xFFFFFFFFFFFFFFFFULL, - 0xFFFFFFFFFFFFFFFFULL,0xFFFFFFFFFFFFFFFFULL}; + 0x0000000000000000ULL,0xFFFFFFFF00000001ULL}, + {0xFFFFFFFFFFFFFFFEULL,0x00000001FFFFFFFFULL, + 0x0000000000000000ULL,0xFFFFFFFE00000002ULL}, + {0xFFFFFFFFFFFFFFFDULL,0x00000002FFFFFFFFULL, + 0x0000000000000000ULL,0xFFFFFFFD00000003ULL}, + {0xFFFFFFFFFFFFFFFCULL,0x00000003FFFFFFFFULL, + 0x0000000000000000ULL,0xFFFFFFFC00000004ULL}, + {0xFFFFFFFFFFFFFFFBULL,0x00000004FFFFFFFFULL, + 0x0000000000000000ULL,0xFFFFFFFB00000005ULL}, + }; +static const BN_ULONG _nist_p_256_sqr[] = { + 0x0000000000000001ULL,0xFFFFFFFE00000000ULL, + 0xFFFFFFFFFFFFFFFFULL,0x00000001FFFFFFFEULL, + 0x00000001FFFFFFFEULL,0x00000001FFFFFFFEULL, + 0xFFFFFFFE00000001ULL,0xFFFFFFFE00000002ULL + }; +static const BN_ULONG _nist_p_384[][BN_NIST_384_TOP] = { + {0x00000000FFFFFFFFULL,0xFFFFFFFF00000000ULL,0xFFFFFFFFFFFFFFFEULL, + 0xFFFFFFFFFFFFFFFFULL,0xFFFFFFFFFFFFFFFFULL,0xFFFFFFFFFFFFFFFFULL}, + {0x00000001FFFFFFFEULL,0xFFFFFFFE00000000ULL,0xFFFFFFFFFFFFFFFDULL, + 0xFFFFFFFFFFFFFFFFULL,0xFFFFFFFFFFFFFFFFULL,0xFFFFFFFFFFFFFFFFULL}, + {0x00000002FFFFFFFDULL,0xFFFFFFFD00000000ULL,0xFFFFFFFFFFFFFFFCULL, + 0xFFFFFFFFFFFFFFFFULL,0xFFFFFFFFFFFFFFFFULL,0xFFFFFFFFFFFFFFFFULL}, + {0x00000003FFFFFFFCULL,0xFFFFFFFC00000000ULL,0xFFFFFFFFFFFFFFFBULL, + 0xFFFFFFFFFFFFFFFFULL,0xFFFFFFFFFFFFFFFFULL,0xFFFFFFFFFFFFFFFFULL}, + {0x00000004FFFFFFFBULL,0xFFFFFFFB00000000ULL,0xFFFFFFFFFFFFFFFAULL, + 0xFFFFFFFFFFFFFFFFULL,0xFFFFFFFFFFFFFFFFULL,0xFFFFFFFFFFFFFFFFULL}, + }; +static const BN_ULONG _nist_p_384_sqr[] = { + 0xFFFFFFFE00000001ULL,0x0000000200000000ULL,0xFFFFFFFE00000000ULL, + 0x0000000200000000ULL,0x0000000000000001ULL,0x0000000000000000ULL, + 0x00000001FFFFFFFEULL,0xFFFFFFFE00000000ULL,0xFFFFFFFFFFFFFFFDULL, + 0xFFFFFFFFFFFFFFFFULL,0xFFFFFFFFFFFFFFFFULL,0xFFFFFFFFFFFFFFFFULL + }; static const BN_ULONG _nist_p_521[] = {0xFFFFFFFFFFFFFFFFULL,0xFFFFFFFFFFFFFFFFULL, 0xFFFFFFFFFFFFFFFFULL,0xFFFFFFFFFFFFFFFFULL, 0xFFFFFFFFFFFFFFFFULL,0xFFFFFFFFFFFFFFFFULL, 0xFFFFFFFFFFFFFFFFULL,0xFFFFFFFFFFFFFFFFULL, 0x00000000000001FFULL}; +static const BN_ULONG _nist_p_521_sqr[] = { + 0x0000000000000001ULL,0x0000000000000000ULL,0x0000000000000000ULL, + 0x0000000000000000ULL,0x0000000000000000ULL,0x0000000000000000ULL, + 0x0000000000000000ULL,0x0000000000000000ULL,0xFFFFFFFFFFFFFC00ULL, + 0xFFFFFFFFFFFFFFFFULL,0xFFFFFFFFFFFFFFFFULL,0xFFFFFFFFFFFFFFFFULL, + 0xFFFFFFFFFFFFFFFFULL,0xFFFFFFFFFFFFFFFFULL,0xFFFFFFFFFFFFFFFFULL, + 0xFFFFFFFFFFFFFFFFULL,0x000000000003FFFFULL + }; #elif BN_BITS2 == 32 -static const BN_ULONG _nist_p_192[] = {0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFE, - 0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF}; -static const BN_ULONG _nist_p_224[] = {0x00000001,0x00000000,0x00000000, - 0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF}; -static const BN_ULONG _nist_p_256[] = {0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF, - 0x00000000,0x00000000,0x00000000,0x00000001,0xFFFFFFFF}; -static const BN_ULONG _nist_p_384[] = {0xFFFFFFFF,0x00000000,0x00000000, - 0xFFFFFFFF,0xFFFFFFFE,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF, - 0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF}; +static const BN_ULONG _nist_p_192[][BN_NIST_192_TOP] = { + {0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFE,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF}, + {0xFFFFFFFE,0xFFFFFFFF,0xFFFFFFFD,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF}, + {0xFFFFFFFD,0xFFFFFFFF,0xFFFFFFFC,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF} + }; +static const BN_ULONG _nist_p_192_sqr[] = { + 0x00000001,0x00000000,0x00000002,0x00000000,0x00000001,0x00000000, + 0xFFFFFFFE,0xFFFFFFFF,0xFFFFFFFD,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF + }; +static const BN_ULONG _nist_p_224[][BN_NIST_224_TOP] = { + {0x00000001,0x00000000,0x00000000,0xFFFFFFFF, + 0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF}, + {0x00000002,0x00000000,0x00000000,0xFFFFFFFE, + 0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF} + }; +static const BN_ULONG _nist_p_224_sqr[] = { + 0x00000001,0x00000000,0x00000000,0xFFFFFFFE, + 0xFFFFFFFF,0xFFFFFFFF,0x00000000,0x00000002, + 0x00000000,0x00000000,0xFFFFFFFE,0xFFFFFFFF, + 0xFFFFFFFF,0xFFFFFFFF + }; +static const BN_ULONG _nist_p_256[][BN_NIST_256_TOP] = { + {0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0x00000000, + 0x00000000,0x00000000,0x00000001,0xFFFFFFFF}, + {0xFFFFFFFE,0xFFFFFFFF,0xFFFFFFFF,0x00000001, + 0x00000000,0x00000000,0x00000002,0xFFFFFFFE}, + {0xFFFFFFFD,0xFFFFFFFF,0xFFFFFFFF,0x00000002, + 0x00000000,0x00000000,0x00000003,0xFFFFFFFD}, + {0xFFFFFFFC,0xFFFFFFFF,0xFFFFFFFF,0x00000003, + 0x00000000,0x00000000,0x00000004,0xFFFFFFFC}, + {0xFFFFFFFB,0xFFFFFFFF,0xFFFFFFFF,0x00000004, + 0x00000000,0x00000000,0x00000005,0xFFFFFFFB}, + }; +static const BN_ULONG _nist_p_256_sqr[] = { + 0x00000001,0x00000000,0x00000000,0xFFFFFFFE, + 0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFE,0x00000001, + 0xFFFFFFFE,0x00000001,0xFFFFFFFE,0x00000001, + 0x00000001,0xFFFFFFFE,0x00000002,0xFFFFFFFE + }; +static const BN_ULONG _nist_p_384[][BN_NIST_384_TOP] = { + {0xFFFFFFFF,0x00000000,0x00000000,0xFFFFFFFF,0xFFFFFFFE,0xFFFFFFFF, + 0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF}, + {0xFFFFFFFE,0x00000001,0x00000000,0xFFFFFFFE,0xFFFFFFFD,0xFFFFFFFF, + 0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF}, + {0xFFFFFFFD,0x00000002,0x00000000,0xFFFFFFFD,0xFFFFFFFC,0xFFFFFFFF, + 0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF}, + {0xFFFFFFFC,0x00000003,0x00000000,0xFFFFFFFC,0xFFFFFFFB,0xFFFFFFFF, + 0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF}, + {0xFFFFFFFB,0x00000004,0x00000000,0xFFFFFFFB,0xFFFFFFFA,0xFFFFFFFF, + 0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF}, + }; +static const BN_ULONG _nist_p_384_sqr[] = { + 0x00000001,0xFFFFFFFE,0x00000000,0x00000002,0x00000000,0xFFFFFFFE, + 0x00000000,0x00000002,0x00000001,0x00000000,0x00000000,0x00000000, + 0xFFFFFFFE,0x00000001,0x00000000,0xFFFFFFFE,0xFFFFFFFD,0xFFFFFFFF, + 0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF + }; static const BN_ULONG _nist_p_521[] = {0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF, 0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF, 0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF, 0xFFFFFFFF,0x000001FF}; +static const BN_ULONG _nist_p_521_sqr[] = { + 0x00000001,0x00000000,0x00000000,0x00000000,0x00000000,0x00000000, + 0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,0x00000000, + 0x00000000,0x00000000,0x00000000,0x00000000,0xFFFFFC00,0xFFFFFFFF, + 0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF, + 0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF, + 0xFFFFFFFF,0xFFFFFFFF,0x0003FFFF + }; +#else +#error "unsupported BN_BITS2" #endif static const BIGNUM _bignum_nist_p_192 = { - (BN_ULONG *)_nist_p_192, + (BN_ULONG *)_nist_p_192[0], BN_NIST_192_TOP, BN_NIST_192_TOP, 0, @@ -114,7 +225,7 @@ static const BIGNUM _bignum_nist_p_192 = static const BIGNUM _bignum_nist_p_224 = { - (BN_ULONG *)_nist_p_224, + (BN_ULONG *)_nist_p_224[0], BN_NIST_224_TOP, BN_NIST_224_TOP, 0, @@ -123,7 +234,7 @@ static const BIGNUM _bignum_nist_p_224 = static const BIGNUM _bignum_nist_p_256 = { - (BN_ULONG *)_nist_p_256, + (BN_ULONG *)_nist_p_256[0], BN_NIST_256_TOP, BN_NIST_256_TOP, 0, @@ -132,7 +243,7 @@ static const BIGNUM _bignum_nist_p_256 = static const BIGNUM _bignum_nist_p_384 = { - (BN_ULONG *)_nist_p_384, + (BN_ULONG *)_nist_p_384[0], BN_NIST_384_TOP, BN_NIST_384_TOP, 0, @@ -180,7 +291,9 @@ static void nist_cp_bn_0(BN_ULONG *buf, BN_ULONG *a, int top, int max) int i; BN_ULONG *_tmp1 = (buf), *_tmp2 = (a); +#ifdef BN_DEBUG OPENSSL_assert(top <= max); +#endif for (i = (top); i != 0; i--) *_tmp1++ = *_tmp2++; for (i = (max) - (top); i != 0; i--) @@ -198,9 +311,14 @@ static void nist_cp_bn(BN_ULONG *buf, BN_ULONG *a, int top) #if BN_BITS2 == 64 #define bn_cp_64(to, n, from, m) (to)[n] = (m>=0)?((from)[m]):0; #define bn_64_set_0(to, n) (to)[n] = (BN_ULONG)0; -/* TBD */ -#define bn_cp_32(to, n, from, m) (to)[n] = (m>=0)?((from)[m]):0; -#define bn_32_set_0(to, n) (to)[n] = (BN_ULONG)0; +/* + * two following macros are implemented under assumption that they + * are called in a sequence with *ascending* n, i.e. as they are... + */ +#define bn_cp_32_naked(to, n, from, m) (((n)&1)?(to[(n)/2]|=((m)&1)?(from[(m)/2]&BN_MASK2h):(from[(m)/2]<<32))\ + :(to[(n)/2] =((m)&1)?(from[(m)/2]>>32):(from[(m)/2]&BN_MASK2l))) +#define bn_32_set_0(to, n) (((n)&1)?(to[(n)/2]&=BN_MASK2l):(to[(n)/2]=0)); +#define bn_cp_32(to,n,from,m) ((m)>=0)?bn_cp_32_naked(to,n,from,m):bn_32_set_0(to,n) #else #define bn_cp_64(to, n, from, m) \ { \ @@ -221,9 +339,9 @@ static void nist_cp_bn(BN_ULONG *buf, BN_ULONG *a, int top) #define nist_set_192(to, from, a1, a2, a3) \ { \ - if (a3 != 0) bn_cp_64(to, 0, from, (a3) - 3) else bn_64_set_0(to, 0)\ + bn_cp_64(to, 0, from, (a3) - 3) \ bn_cp_64(to, 1, from, (a2) - 3) \ - if (a1 != 0) bn_cp_64(to, 2, from, (a1) - 3) else bn_64_set_0(to, 2)\ + bn_cp_64(to, 2, from, (a1) - 3) \ } int BN_nist_mod_192(BIGNUM *r, const BIGNUM *a, const BIGNUM *field, @@ -237,11 +355,16 @@ int BN_nist_mod_192(BIGNUM *r, const BIGNUM *a, const BIGNUM *field, c_d[BN_NIST_192_TOP], *res; size_t mask; + static const BIGNUM _bignum_nist_p_192_sqr = { + (BN_ULONG *)_nist_p_192_sqr, + sizeof(_nist_p_192_sqr)/sizeof(_nist_p_192_sqr[0]), + sizeof(_nist_p_192_sqr)/sizeof(_nist_p_192_sqr[0]), + 0,BN_FLG_STATIC_DATA }; field = &_bignum_nist_p_192; /* just to make sure */ - if (BN_is_negative(a) || a->top > 2*BN_NIST_192_TOP) - return BN_nnmod(r, field, a, ctx); + if (BN_is_negative(a) || BN_ucmp(a,&_bignum_nist_p_192_sqr)>=0) + return BN_nnmod(r, a, field, ctx); i = BN_ucmp(field, a); if (i == 0) @@ -265,50 +388,49 @@ int BN_nist_mod_192(BIGNUM *r, const BIGNUM *a, const BIGNUM *field, nist_cp_bn_0(buf, a_d + BN_NIST_192_TOP, top - BN_NIST_192_TOP, BN_NIST_192_TOP); nist_set_192(t_d, buf, 0, 3, 3); - carry = bn_add_words(r_d, r_d, t_d, BN_NIST_192_TOP); - mask = 0-(size_t)bn_sub_words(c_d,r_d,_nist_p_192,BN_NIST_192_TOP); - mask = ~mask | (0-(size_t)carry); - res = (BN_ULONG *)(((size_t)c_d&mask) | ((size_t)r_d&~mask)); - + carry = (int)bn_add_words(r_d, r_d, t_d, BN_NIST_192_TOP); nist_set_192(t_d, buf, 4, 4, 0); - carry = bn_add_words(r_d, res, t_d, BN_NIST_192_TOP); - mask = 0-(size_t)bn_sub_words(c_d,r_d,_nist_p_192,BN_NIST_192_TOP); - mask = ~mask | (0-(size_t)carry); - res = (BN_ULONG *)(((size_t)c_d&mask) | ((size_t)r_d&~mask)); - + carry += (int)bn_add_words(r_d, r_d, t_d, BN_NIST_192_TOP); nist_set_192(t_d, buf, 5, 5, 5) - carry = bn_add_words(r_d, res, t_d, BN_NIST_192_TOP); - mask = 0-(size_t)bn_sub_words(c_d,r_d,_nist_p_192,BN_NIST_192_TOP); - mask = ~mask | (0-(size_t)carry); - res = (BN_ULONG *)(((size_t)c_d&mask) | ((size_t)r_d&~mask)); + carry += (int)bn_add_words(r_d, r_d, t_d, BN_NIST_192_TOP); + if (carry > 0) + carry = (int)bn_sub_words(r_d,r_d,_nist_p_192[carry-1],BN_NIST_192_TOP); + else + carry = 1; + + /* + * we need 'if (carry==0 || result>=modulus) result-=modulus;' + * as comparison implies subtraction, we can write + * 'tmp=result-modulus; if (!carry || !borrow) result=tmp;' + * this is what happens below, but without explicit if:-) a. + */ + mask = 0-(size_t)bn_sub_words(c_d,r_d,_nist_p_192[0],BN_NIST_192_TOP); + mask &= 0-(size_t)carry; + res = (BN_ULONG *)(((size_t)c_d&~mask) | ((size_t)r_d&mask)); nist_cp_bn(r_d, res, BN_NIST_192_TOP); r->top = BN_NIST_192_TOP; bn_correct_top(r); - if (BN_ucmp(field, r) <= 0) - { - if (!BN_usub(r, r, field)) return 0; - } - return 1; } +typedef BN_ULONG (*bn_addsub_f)(BN_ULONG *,const BN_ULONG *,const BN_ULONG *,int); + #define nist_set_224(to, from, a1, a2, a3, a4, a5, a6, a7) \ { \ - if (a7 != 0) bn_cp_32(to, 0, from, (a7) - 7) else bn_32_set_0(to, 0)\ - if (a6 != 0) bn_cp_32(to, 1, from, (a6) - 7) else bn_32_set_0(to, 1)\ - if (a5 != 0) bn_cp_32(to, 2, from, (a5) - 7) else bn_32_set_0(to, 2)\ - if (a4 != 0) bn_cp_32(to, 3, from, (a4) - 7) else bn_32_set_0(to, 3)\ - if (a3 != 0) bn_cp_32(to, 4, from, (a3) - 7) else bn_32_set_0(to, 4)\ - if (a2 != 0) bn_cp_32(to, 5, from, (a2) - 7) else bn_32_set_0(to, 5)\ - if (a1 != 0) bn_cp_32(to, 6, from, (a1) - 7) else bn_32_set_0(to, 6)\ + bn_cp_32(to, 0, from, (a7) - 7) \ + bn_cp_32(to, 1, from, (a6) - 7) \ + bn_cp_32(to, 2, from, (a5) - 7) \ + bn_cp_32(to, 3, from, (a4) - 7) \ + bn_cp_32(to, 4, from, (a3) - 7) \ + bn_cp_32(to, 5, from, (a2) - 7) \ + bn_cp_32(to, 6, from, (a1) - 7) \ } int BN_nist_mod_224(BIGNUM *r, const BIGNUM *a, const BIGNUM *field, BN_CTX *ctx) { -#if BN_BITS2 == 32 int top = a->top, i; int carry; BN_ULONG *r_d, *a_d = a->d; @@ -317,11 +439,18 @@ int BN_nist_mod_224(BIGNUM *r, const BIGNUM *a, const BIGNUM *field, c_d[BN_NIST_224_TOP], *res; size_t mask; + union { bn_addsub_f f; size_t p; } u; + static const BIGNUM _bignum_nist_p_224_sqr = { + (BN_ULONG *)_nist_p_224_sqr, + sizeof(_nist_p_224_sqr)/sizeof(_nist_p_224_sqr[0]), + sizeof(_nist_p_224_sqr)/sizeof(_nist_p_224_sqr[0]), + 0,BN_FLG_STATIC_DATA }; + field = &_bignum_nist_p_224; /* just to make sure */ - if (BN_is_negative(a) || a->top > 2*BN_NIST_224_TOP) - return BN_nnmod(r, field, a, ctx); + if (BN_is_negative(a) || BN_ucmp(a,&_bignum_nist_p_224_sqr)>=0) + return BN_nnmod(r, a, field, ctx); i = BN_ucmp(field, a); if (i == 0) @@ -342,72 +471,77 @@ int BN_nist_mod_224(BIGNUM *r, const BIGNUM *a, const BIGNUM *field, else r_d = a_d; +#if BN_BITS2==64 + /* copy upper 256 bits of 448 bit number ... */ + nist_cp_bn_0(t_d, a_d + (BN_NIST_224_TOP-1), top - (BN_NIST_224_TOP-1), BN_NIST_224_TOP); + /* ... and right shift by 32 to obtain upper 224 bits */ + nist_set_224(buf, t_d, 14, 13, 12, 11, 10, 9, 8); + /* truncate lower part to 224 bits too */ + r_d[BN_NIST_224_TOP-1] &= BN_MASK2l; +#else nist_cp_bn_0(buf, a_d + BN_NIST_224_TOP, top - BN_NIST_224_TOP, BN_NIST_224_TOP); - +#endif nist_set_224(t_d, buf, 10, 9, 8, 7, 0, 0, 0); - carry = bn_add_words(r_d, r_d, t_d, BN_NIST_224_TOP); - mask = 0-(size_t)bn_sub_words(c_d,r_d,_nist_p_224,BN_NIST_224_TOP); - mask = ~mask | (0-(size_t)carry); - res = (BN_ULONG *)(((size_t)c_d&mask) | ((size_t)r_d&~mask)); - + carry = (int)bn_add_words(r_d, r_d, t_d, BN_NIST_224_TOP); nist_set_224(t_d, buf, 0, 13, 12, 11, 0, 0, 0); - carry = bn_add_words(r_d, res, t_d, BN_NIST_224_TOP); - mask = 0-(size_t)bn_sub_words(c_d,r_d,_nist_p_224,BN_NIST_224_TOP); - mask = ~mask | (0-(size_t)carry); - res = (BN_ULONG *)(((size_t)c_d&mask) | ((size_t)r_d&~mask)); - + carry += (int)bn_add_words(r_d, r_d, t_d, BN_NIST_224_TOP); nist_set_224(t_d, buf, 13, 12, 11, 10, 9, 8, 7); -#if BRANCH_FREE - carry = bn_sub_words(r_d, res, t_d, BN_NIST_224_TOP); - bn_add_words(c_d,r_d,_nist_p_224,BN_NIST_224_TOP); - mask = 0-(size_t)carry; - res = (BN_ULONG *)(((size_t)c_d&mask) | ((size_t)r_d&~mask)); -#else - if (bn_sub_words(r_d, res, t_d, BN_NIST_224_TOP)) - bn_add_words(r_d,r_d,_nist_p_224,BN_NIST_224_TOP); -#endif + carry -= (int)bn_sub_words(r_d, r_d, t_d, BN_NIST_224_TOP); nist_set_224(t_d, buf, 0, 0, 0, 0, 13, 12, 11); -#if BRANCH_FREE - carry = bn_sub_words(r_d, res, t_d, BN_NIST_224_TOP); - bn_add_words(c_d,r_d,_nist_p_224,BN_NIST_224_TOP); - mask = 0-(size_t)carry; - res = (BN_ULONG *)(((size_t)c_d&mask) | ((size_t)r_d&~mask)); + carry -= (int)bn_sub_words(r_d, r_d, t_d, BN_NIST_224_TOP); - nist_cp_bn(r_d, res, BN_NIST_224_TOP); -#else - if (bn_sub_words(r_d, r_d, t_d, BN_NIST_224_TOP)) - bn_add_words(r_d,r_d,_nist_p_224,BN_NIST_224_TOP); +#if BN_BITS2==64 + carry = (int)(r_d[BN_NIST_224_TOP-1]>>32); #endif - r->top = BN_NIST_224_TOP; - bn_correct_top(r); - - if (BN_ucmp(field, r) <= 0) + u.f = bn_sub_words; + if (carry > 0) { - if (!BN_usub(r, r, field)) return 0; + carry = (int)bn_sub_words(r_d,r_d,_nist_p_224[carry-1],BN_NIST_224_TOP); +#if BN_BITS2==64 + carry=(int)(~(r_d[BN_NIST_224_TOP-1]>>32))&1; +#endif } + else if (carry < 0) + { + /* it's a bit more comlicated logic in this case. + * if bn_add_words yields no carry, then result + * has to be adjusted by unconditionally *adding* + * the modulus. but if it does, then result has + * to be compared to the modulus and conditionally + * adjusted by *subtracting* the latter. */ + carry = (int)bn_add_words(r_d,r_d,_nist_p_224[-carry-1],BN_NIST_224_TOP); + mask = 0-(size_t)carry; + u.p = ((size_t)bn_sub_words&mask) | ((size_t)bn_add_words&~mask); + } + else + carry = 1; + + /* otherwise it's effectively same as in BN_nist_mod_192... */ + mask = 0-(size_t)(*u.f)(c_d,r_d,_nist_p_224[0],BN_NIST_224_TOP); + mask &= 0-(size_t)carry; + res = (BN_ULONG *)(((size_t)c_d&~mask) | ((size_t)r_d&mask)); + nist_cp_bn(r_d, res, BN_NIST_224_TOP); + r->top = BN_NIST_224_TOP; + bn_correct_top(r); return 1; -#else /* BN_BITS!=32 */ - return 0; -#endif } #define nist_set_256(to, from, a1, a2, a3, a4, a5, a6, a7, a8) \ { \ - if (a8 != 0) bn_cp_32(to, 0, from, (a8) - 8) else bn_32_set_0(to, 0)\ - if (a7 != 0) bn_cp_32(to, 1, from, (a7) - 8) else bn_32_set_0(to, 1)\ - if (a6 != 0) bn_cp_32(to, 2, from, (a6) - 8) else bn_32_set_0(to, 2)\ - if (a5 != 0) bn_cp_32(to, 3, from, (a5) - 8) else bn_32_set_0(to, 3)\ - if (a4 != 0) bn_cp_32(to, 4, from, (a4) - 8) else bn_32_set_0(to, 4)\ - if (a3 != 0) bn_cp_32(to, 5, from, (a3) - 8) else bn_32_set_0(to, 5)\ - if (a2 != 0) bn_cp_32(to, 6, from, (a2) - 8) else bn_32_set_0(to, 6)\ - if (a1 != 0) bn_cp_32(to, 7, from, (a1) - 8) else bn_32_set_0(to, 7)\ + bn_cp_32(to, 0, from, (a8) - 8) \ + bn_cp_32(to, 1, from, (a7) - 8) \ + bn_cp_32(to, 2, from, (a6) - 8) \ + bn_cp_32(to, 3, from, (a5) - 8) \ + bn_cp_32(to, 4, from, (a4) - 8) \ + bn_cp_32(to, 5, from, (a3) - 8) \ + bn_cp_32(to, 6, from, (a2) - 8) \ + bn_cp_32(to, 7, from, (a1) - 8) \ } int BN_nist_mod_256(BIGNUM *r, const BIGNUM *a, const BIGNUM *field, BN_CTX *ctx) { -#if BN_BITS2 == 32 int i, top = a->top; int carry = 0; register BN_ULONG *a_d = a->d, *r_d; @@ -416,11 +550,17 @@ int BN_nist_mod_256(BIGNUM *r, const BIGNUM *a, const BIGNUM *field, c_d[BN_NIST_256_TOP], *res; size_t mask; + union { bn_addsub_f f; size_t p; } u; + static const BIGNUM _bignum_nist_p_256_sqr = { + (BN_ULONG *)_nist_p_256_sqr, + sizeof(_nist_p_256_sqr)/sizeof(_nist_p_256_sqr[0]), + sizeof(_nist_p_256_sqr)/sizeof(_nist_p_256_sqr[0]), + 0,BN_FLG_STATIC_DATA }; field = &_bignum_nist_p_256; /* just to make sure */ - if (BN_is_negative(a) || a->top > 2*BN_NIST_256_TOP) - return BN_nnmod(r, field, a, ctx); + if (BN_is_negative(a) || BN_ucmp(a,&_bignum_nist_p_256_sqr)>=0) + return BN_nnmod(r, a, field, ctx); i = BN_ucmp(field, a); if (i == 0) @@ -446,116 +586,84 @@ int BN_nist_mod_256(BIGNUM *r, const BIGNUM *a, const BIGNUM *field, /*S1*/ nist_set_256(t_d, buf, 15, 14, 13, 12, 11, 0, 0, 0); /*S2*/ - nist_set_256(c_d,buf, 0, 15, 14, 13, 12, 0, 0, 0); - carry = bn_add_words(t_d, t_d, c_d, BN_NIST_256_TOP); - mask = 0-(size_t)bn_sub_words(c_d,t_d,_nist_p_256,BN_NIST_256_TOP); - mask = ~mask | (0-(size_t)carry); - res = (BN_ULONG *)(((size_t)c_d&mask) | ((size_t)t_d&~mask)); - - carry = bn_add_words(t_d, res, res, BN_NIST_256_TOP); - mask = 0-(size_t)bn_sub_words(c_d,t_d,_nist_p_256,BN_NIST_256_TOP); - mask = ~mask | (0-(size_t)carry); - res = (BN_ULONG *)(((size_t)c_d&mask) | ((size_t)t_d&~mask)); - - carry = bn_add_words(r_d, r_d, res, BN_NIST_256_TOP); - mask = 0-(size_t)bn_sub_words(c_d,r_d,_nist_p_256,BN_NIST_256_TOP); - mask = ~mask | (0-(size_t)carry); - res = (BN_ULONG *)(((size_t)c_d&mask) | ((size_t)r_d&~mask)); - + nist_set_256(c_d, buf, 0, 15, 14, 13, 12, 0, 0, 0); + carry = (int)bn_add_words(t_d, t_d, c_d, BN_NIST_256_TOP); + /* left shift */ + { + register BN_ULONG *ap,t,c; + ap = t_d; + c=0; + for (i = BN_NIST_256_TOP; i != 0; --i) + { + t= *ap; + *(ap++)=((t<<1)|c)&BN_MASK2; + c=(t & BN_TBIT)?1:0; + } + carry <<= 1; + carry |= c; + } + carry += (int)bn_add_words(r_d, r_d, t_d, BN_NIST_256_TOP); /*S3*/ nist_set_256(t_d, buf, 15, 14, 0, 0, 0, 10, 9, 8); - carry = bn_add_words(r_d, res, t_d, BN_NIST_256_TOP); - mask = 0-(size_t)bn_sub_words(c_d,r_d,_nist_p_256,BN_NIST_256_TOP); - mask = ~mask | (0-(size_t)carry); - res = (BN_ULONG *)(((size_t)c_d&mask) | ((size_t)r_d&~mask)); - + carry += (int)bn_add_words(r_d, r_d, t_d, BN_NIST_256_TOP); /*S4*/ nist_set_256(t_d, buf, 8, 13, 15, 14, 13, 11, 10, 9); - carry = bn_add_words(r_d, res, t_d, BN_NIST_256_TOP); - mask = 0-(size_t)bn_sub_words(c_d,r_d,_nist_p_256,BN_NIST_256_TOP); - mask = ~mask | (0-(size_t)carry); - res = (BN_ULONG *)(((size_t)c_d&mask) | ((size_t)r_d&~mask)); - + carry += (int)bn_add_words(r_d, r_d, t_d, BN_NIST_256_TOP); /*D1*/ nist_set_256(t_d, buf, 10, 8, 0, 0, 0, 13, 12, 11); -#if BRANCH_FREE - carry = bn_sub_words(r_d, res, t_d, BN_NIST_256_TOP); - bn_add_words(c_d,r_d,_nist_p_256,BN_NIST_256_TOP); - mask = 0-(size_t)carry; - res = (BN_ULONG *)(((size_t)c_d&mask) | ((size_t)r_d&~mask)); -#else - if (bn_sub_words(r_d, res, t_d, BN_NIST_256_TOP)) - bn_add_words(r_d,r_d,_nist_p_256,BN_NIST_256_TOP); -#endif + carry -= (int)bn_sub_words(r_d, r_d, t_d, BN_NIST_256_TOP); /*D2*/ nist_set_256(t_d, buf, 11, 9, 0, 0, 15, 14, 13, 12); -#if BRANCH_FREE - carry = bn_sub_words(r_d, res, t_d, BN_NIST_256_TOP); - bn_add_words(c_d,r_d,_nist_p_256,BN_NIST_256_TOP); - mask = 0-(size_t)carry; - res = (BN_ULONG *)(((size_t)c_d&mask) | ((size_t)r_d&~mask)); -#else - if (bn_sub_words(r_d, r_d, t_d, BN_NIST_256_TOP)) - bn_add_words(r_d,r_d,_nist_p_256,BN_NIST_256_TOP); -#endif + carry -= (int)bn_sub_words(r_d, r_d, t_d, BN_NIST_256_TOP); /*D3*/ nist_set_256(t_d, buf, 12, 0, 10, 9, 8, 15, 14, 13); -#if BRANCH_FREE - carry = bn_sub_words(r_d, res, t_d, BN_NIST_256_TOP); - bn_add_words(c_d,r_d,_nist_p_256,BN_NIST_256_TOP); - mask = 0-(size_t)carry; - res = (BN_ULONG *)(((size_t)c_d&mask) | ((size_t)r_d&~mask)); -#else - if (bn_sub_words(r_d, r_d, t_d, BN_NIST_256_TOP)) - bn_add_words(r_d,r_d,_nist_p_256,BN_NIST_256_TOP); -#endif + carry -= (int)bn_sub_words(r_d, r_d, t_d, BN_NIST_256_TOP); /*D4*/ nist_set_256(t_d, buf, 13, 0, 11, 10, 9, 0, 15, 14); -#if BRANCH_FREE - carry = bn_sub_words(r_d, res, t_d, BN_NIST_256_TOP); - bn_add_words(c_d,r_d,_nist_p_256,BN_NIST_256_TOP); - mask = 0-(size_t)carry; - res = (BN_ULONG *)(((size_t)c_d&mask) | ((size_t)r_d&~mask)); - - nist_cp_bn(r_d, res, BN_NIST_384_TOP); -#else - if (bn_sub_words(r_d, r_d, t_d, BN_NIST_256_TOP)) - bn_add_words(r_d,r_d,_nist_p_256,BN_NIST_256_TOP); -#endif - r->top = BN_NIST_256_TOP; - bn_correct_top(r); + carry -= (int)bn_sub_words(r_d, r_d, t_d, BN_NIST_256_TOP); - if (BN_ucmp(field, r) <= 0) + /* see BN_nist_mod_224 for explanation */ + u.f = bn_sub_words; + if (carry > 0) + carry = (int)bn_sub_words(r_d,r_d,_nist_p_256[carry-1],BN_NIST_256_TOP); + else if (carry < 0) { - if (!BN_usub(r, r, field)) return 0; + carry = (int)bn_add_words(r_d,r_d,_nist_p_256[-carry-1],BN_NIST_256_TOP); + mask = 0-(size_t)carry; + u.p = ((size_t)bn_sub_words&mask) | ((size_t)bn_add_words&~mask); } + else + carry = 1; + + mask = 0-(size_t)(*u.f)(c_d,r_d,_nist_p_256[0],BN_NIST_256_TOP); + mask &= 0-(size_t)carry; + res = (BN_ULONG *)(((size_t)c_d&~mask) | ((size_t)r_d&mask)); + nist_cp_bn(r_d, res, BN_NIST_256_TOP); + r->top = BN_NIST_256_TOP; + bn_correct_top(r); return 1; -#else /* BN_BITS!=32 */ - return 0; -#endif } #define nist_set_384(to,from,a1,a2,a3,a4,a5,a6,a7,a8,a9,a10,a11,a12) \ { \ - if (a12 != 0) bn_cp_32(to, 0, from, (a12) - 12) else bn_32_set_0(to, 0)\ - if (a11 != 0) bn_cp_32(to, 1, from, (a11) - 12) else bn_32_set_0(to, 1)\ - if (a10 != 0) bn_cp_32(to, 2, from, (a10) - 12) else bn_32_set_0(to, 2)\ - if (a9 != 0) bn_cp_32(to, 3, from, (a9) - 12) else bn_32_set_0(to, 3)\ - if (a8 != 0) bn_cp_32(to, 4, from, (a8) - 12) else bn_32_set_0(to, 4)\ - if (a7 != 0) bn_cp_32(to, 5, from, (a7) - 12) else bn_32_set_0(to, 5)\ - if (a6 != 0) bn_cp_32(to, 6, from, (a6) - 12) else bn_32_set_0(to, 6)\ - if (a5 != 0) bn_cp_32(to, 7, from, (a5) - 12) else bn_32_set_0(to, 7)\ - if (a4 != 0) bn_cp_32(to, 8, from, (a4) - 12) else bn_32_set_0(to, 8)\ - if (a3 != 0) bn_cp_32(to, 9, from, (a3) - 12) else bn_32_set_0(to, 9)\ - if (a2 != 0) bn_cp_32(to, 10, from, (a2) - 12) else bn_32_set_0(to, 10)\ - if (a1 != 0) bn_cp_32(to, 11, from, (a1) - 12) else bn_32_set_0(to, 11)\ + bn_cp_32(to, 0, from, (a12) - 12) \ + bn_cp_32(to, 1, from, (a11) - 12) \ + bn_cp_32(to, 2, from, (a10) - 12) \ + bn_cp_32(to, 3, from, (a9) - 12) \ + bn_cp_32(to, 4, from, (a8) - 12) \ + bn_cp_32(to, 5, from, (a7) - 12) \ + bn_cp_32(to, 6, from, (a6) - 12) \ + bn_cp_32(to, 7, from, (a5) - 12) \ + bn_cp_32(to, 8, from, (a4) - 12) \ + bn_cp_32(to, 9, from, (a3) - 12) \ + bn_cp_32(to, 10, from, (a2) - 12) \ + bn_cp_32(to, 11, from, (a1) - 12) \ } int BN_nist_mod_384(BIGNUM *r, const BIGNUM *a, const BIGNUM *field, BN_CTX *ctx) { -#if BN_BITS2 == 32 int i, top = a->top; int carry = 0; register BN_ULONG *r_d, *a_d = a->d; @@ -564,11 +672,18 @@ int BN_nist_mod_384(BIGNUM *r, const BIGNUM *a, const BIGNUM *field, c_d[BN_NIST_384_TOP], *res; size_t mask; + union { bn_addsub_f f; size_t p; } u; + static const BIGNUM _bignum_nist_p_384_sqr = { + (BN_ULONG *)_nist_p_384_sqr, + sizeof(_nist_p_384_sqr)/sizeof(_nist_p_384_sqr[0]), + sizeof(_nist_p_384_sqr)/sizeof(_nist_p_384_sqr[0]), + 0,BN_FLG_STATIC_DATA }; + field = &_bignum_nist_p_384; /* just to make sure */ - if (BN_is_negative(a) || a->top > 2*BN_NIST_384_TOP) - return BN_nnmod(r, field, a, ctx); + if (BN_is_negative(a) || BN_ucmp(a,&_bignum_nist_p_384_sqr)>=0) + return BN_nnmod(r, a, field, ctx); i = BN_ucmp(field, a); if (i == 0) @@ -606,171 +721,116 @@ int BN_nist_mod_384(BIGNUM *r, const BIGNUM *a, const BIGNUM *field, } *ap=c; } - carry = bn_add_words(r_d+(128/BN_BITS2), r_d+(128/BN_BITS2), + carry = (int)bn_add_words(r_d+(128/BN_BITS2), r_d+(128/BN_BITS2), t_d, BN_NIST_256_TOP); - /* - * we need if (result>=modulus) subtract(result,modulus); - * in n-bit space this can be expressed as - * if (carry || result>=modulus) subtract(result,modulus); - * the catch is that comparison implies subtraction and - * therefore one can write tmp=subtract(result,modulus); - * and then if(carry || !borrow) result=tmp; this's what - * happens below, but without explicit if:-) a. - */ - mask = 0-(size_t)bn_sub_words(c_d,r_d,_nist_p_384,BN_NIST_384_TOP); - mask = ~mask | (0-(size_t)carry); - res = (BN_ULONG *)(((size_t)c_d&mask) | ((size_t)r_d&~mask)); - /*S2 */ - carry = bn_add_words(r_d, res, buf, BN_NIST_384_TOP); - mask = 0-(size_t)bn_sub_words(c_d,r_d,_nist_p_384,BN_NIST_384_TOP); - mask = ~mask | (0-(size_t)carry); - res = (BN_ULONG *)(((size_t)c_d&mask) | ((size_t)r_d&~mask)); - + carry += (int)bn_add_words(r_d, r_d, buf, BN_NIST_384_TOP); /*S3*/ nist_set_384(t_d,buf,20,19,18,17,16,15,14,13,12,23,22,21); - carry = bn_add_words(r_d, res, t_d, BN_NIST_384_TOP); - mask = 0-(size_t)bn_sub_words(c_d,r_d,_nist_p_384,BN_NIST_384_TOP); - mask = ~mask | (0-(size_t)carry); - res = (BN_ULONG *)(((size_t)c_d&mask) | ((size_t)r_d&~mask)); - + carry += (int)bn_add_words(r_d, r_d, t_d, BN_NIST_384_TOP); /*S4*/ nist_set_384(t_d,buf,19,18,17,16,15,14,13,12,20,0,23,0); - carry = bn_add_words(r_d, res, t_d, BN_NIST_384_TOP); - mask = 0-(size_t)bn_sub_words(c_d,r_d,_nist_p_384,BN_NIST_384_TOP); - mask = ~mask | (0-(size_t)carry); - res = (BN_ULONG *)(((size_t)c_d&mask) | ((size_t)r_d&~mask)); - + carry += (int)bn_add_words(r_d, r_d, t_d, BN_NIST_384_TOP); /*S5*/ nist_set_384(t_d, buf,0,0,0,0,23,22,21,20,0,0,0,0); - carry = bn_add_words(r_d, res, t_d, BN_NIST_384_TOP); - mask = 0-(size_t)bn_sub_words(c_d,r_d,_nist_p_384,BN_NIST_384_TOP); - mask = ~mask | (0-(size_t)carry); - res = (BN_ULONG *)(((size_t)c_d&mask) | ((size_t)r_d&~mask)); - + carry += (int)bn_add_words(r_d, r_d, t_d, BN_NIST_384_TOP); /*S6*/ nist_set_384(t_d,buf,0,0,0,0,0,0,23,22,21,0,0,20); - carry = bn_add_words(r_d, res, t_d, BN_NIST_384_TOP); - mask = 0-(size_t)bn_sub_words(c_d,r_d,_nist_p_384,BN_NIST_384_TOP); - mask = ~mask | (0-(size_t)carry); - res = (BN_ULONG *)(((size_t)c_d&mask) | ((size_t)r_d&~mask)); - + carry += (int)bn_add_words(r_d, r_d, t_d, BN_NIST_384_TOP); /*D1*/ nist_set_384(t_d,buf,22,21,20,19,18,17,16,15,14,13,12,23); -#if BRANCH_FREE - carry = bn_sub_words(r_d, res, t_d, BN_NIST_384_TOP); - bn_add_words(c_d,r_d,_nist_p_384,BN_NIST_384_TOP); - mask = 0-(size_t)carry; - res = (BN_ULONG *)(((size_t)c_d&mask) | ((size_t)r_d&~mask)); -#else - if (bn_sub_words(r_d, res, t_d, BN_NIST_384_TOP)) - bn_add_words(r_d,r_d,_nist_p_384,BN_NIST_384_TOP); -#endif + carry -= (int)bn_sub_words(r_d, r_d, t_d, BN_NIST_384_TOP); /*D2*/ nist_set_384(t_d,buf,0,0,0,0,0,0,0,23,22,21,20,0); -#if BRANCH_FREE - carry = bn_sub_words(r_d, res, t_d, BN_NIST_384_TOP); - bn_add_words(c_d,r_d,_nist_p_384,BN_NIST_384_TOP); - mask = 0-(size_t)carry; - res = (BN_ULONG *)(((size_t)c_d&mask) | ((size_t)r_d&~mask)); -#else - if (bn_sub_words(r_d, r_d, t_d, BN_NIST_384_TOP)) - bn_add_words(r_d,r_d,_nist_p_384,BN_NIST_384_TOP); -#endif + carry -= (int)bn_sub_words(r_d, r_d, t_d, BN_NIST_384_TOP); /*D3*/ nist_set_384(t_d,buf,0,0,0,0,0,0,0,23,23,0,0,0); -#if BRANCH_FREE - carry = bn_sub_words(r_d, res, t_d, BN_NIST_384_TOP); - bn_add_words(c_d,r_d,_nist_p_384,BN_NIST_384_TOP); - mask = 0-(size_t)carry; - res = (BN_ULONG *)(((size_t)c_d&mask) | ((size_t)r_d&~mask)); + carry -= (int)bn_sub_words(r_d, r_d, t_d, BN_NIST_384_TOP); + /* see BN_nist_mod_224 for explanation */ + u.f = bn_sub_words; + if (carry > 0) + carry = (int)bn_sub_words(r_d,r_d,_nist_p_384[carry-1],BN_NIST_384_TOP); + else if (carry < 0) + { + carry = (int)bn_add_words(r_d,r_d,_nist_p_384[-carry-1],BN_NIST_384_TOP); + mask = 0-(size_t)carry; + u.p = ((size_t)bn_sub_words&mask) | ((size_t)bn_add_words&~mask); + } + else + carry = 1; + + mask = 0-(size_t)(*u.f)(c_d,r_d,_nist_p_384[0],BN_NIST_384_TOP); + mask &= 0-(size_t)carry; + res = (BN_ULONG *)(((size_t)c_d&~mask) | ((size_t)r_d&mask)); nist_cp_bn(r_d, res, BN_NIST_384_TOP); -#else - if (bn_sub_words(r_d, r_d, t_d, BN_NIST_384_TOP)) - bn_add_words(r_d,r_d,_nist_p_384,BN_NIST_384_TOP); -#endif r->top = BN_NIST_384_TOP; bn_correct_top(r); - if (BN_ucmp(field, r) <= 0) - { - if (!BN_usub(r, r, field)) return 0; - } - return 1; -#else /* BN_BITS!=32 */ - return 0; -#endif } +#define BN_NIST_521_RSHIFT (521%BN_BITS2) +#define BN_NIST_521_LSHIFT (BN_BITS2-BN_NIST_521_RSHIFT) +#define BN_NIST_521_TOP_MASK ((BN_ULONG)BN_MASK2>>BN_NIST_521_LSHIFT) + int BN_nist_mod_521(BIGNUM *r, const BIGNUM *a, const BIGNUM *field, BN_CTX *ctx) { -#if BN_BITS2 == 64 -#define BN_NIST_521_TOP_MASK (BN_ULONG)0x1FF -#elif BN_BITS2 == 32 -#define BN_NIST_521_TOP_MASK (BN_ULONG)0x1FF -#endif - int top, ret = 0; - BIGNUM *tmp; + int top = a->top, i; + BN_ULONG *r_d, *a_d = a->d, + t_d[BN_NIST_521_TOP], + val,tmp,*res; + size_t mask; + static const BIGNUM _bignum_nist_p_521_sqr = { + (BN_ULONG *)_nist_p_521_sqr, + sizeof(_nist_p_521_sqr)/sizeof(_nist_p_521_sqr[0]), + sizeof(_nist_p_521_sqr)/sizeof(_nist_p_521_sqr[0]), + 0,BN_FLG_STATIC_DATA }; field = &_bignum_nist_p_521; /* just to make sure */ - if (BN_is_negative(a)) - return BN_nnmod(r, field, a, ctx); + if (BN_is_negative(a) || BN_ucmp(a,&_bignum_nist_p_521_sqr)>=0) + return BN_nnmod(r, a, field, ctx); - /* check whether a reduction is necessary */ - top = a->top; - if (top < BN_NIST_521_TOP || ( top == BN_NIST_521_TOP && - (!(a->d[BN_NIST_521_TOP-1] & ~(BN_NIST_521_TOP_MASK))))) + i = BN_ucmp(field, a); + if (i == 0) { - int i = BN_ucmp(field, a); - if (i == 0) - { - BN_zero(r); - return 1; - } - else - { -#ifdef BN_DEBUG - OPENSSL_assert(i > 0); /* because 'field' is 1111...1111 */ -#endif - return (r == a)? 1 : (BN_copy(r ,a) != NULL); - } + BN_zero(r); + return 1; } + else if (i > 0) + return (r == a)? 1 : (BN_copy(r ,a) != NULL); - if (BN_num_bits(a) > 2*521) - return BN_nnmod(r, field, a, ctx); - - BN_CTX_start(ctx); - tmp = BN_CTX_get(ctx); - if (!tmp) - goto err; - - if (!bn_wexpand(tmp, BN_NIST_521_TOP)) - goto err; - nist_cp_bn(tmp->d, a->d, BN_NIST_521_TOP); - - tmp->top = BN_NIST_521_TOP; - tmp->d[BN_NIST_521_TOP-1] &= BN_NIST_521_TOP_MASK; - bn_correct_top(tmp); - - if (!BN_rshift(r, a, 521)) - goto err; - - if (!BN_uadd(r, tmp, r)) - goto err; - - if (BN_ucmp(field, r) <= 0) + if (r != a) { - if (!BN_usub(r, r, field)) goto err; + if (!bn_wexpand(r,BN_NIST_521_TOP)) + return 0; + r_d = r->d; + nist_cp_bn(r_d,a_d, BN_NIST_521_TOP); } + else + r_d = a_d; - ret = 1; -err: - BN_CTX_end(ctx); + /* upper 521 bits, copy ... */ + nist_cp_bn_0(t_d,a_d + (BN_NIST_521_TOP-1), top - (BN_NIST_521_TOP-1),BN_NIST_521_TOP); + /* ... and right shift */ + for (val=t_d[0],i=0; i<BN_NIST_521_TOP-1; i++) + { + tmp = val>>BN_NIST_521_RSHIFT; + val = t_d[i+1]; + t_d[i] = (tmp | val<<BN_NIST_521_LSHIFT) & BN_MASK2; + } + t_d[i] = val>>BN_NIST_521_RSHIFT; + /* lower 521 bits */ + r_d[i] &= BN_NIST_521_TOP_MASK; + + bn_add_words(r_d,r_d,t_d,BN_NIST_521_TOP); + mask = 0-(size_t)bn_sub_words(t_d,r_d,_nist_p_521,BN_NIST_521_TOP); + res = (BN_ULONG *)(((size_t)t_d&~mask) | ((size_t)r_d&mask)); + nist_cp_bn(r_d,res,BN_NIST_521_TOP); + r->top = BN_NIST_521_TOP; + bn_correct_top(r); - bn_check_top(r); - return ret; + return 1; } diff --git a/lib/libssl/src/crypto/bn/bn_rand.c b/lib/libssl/src/crypto/bn/bn_rand.c index f51830b12ba..b376c28ff3f 100644 --- a/lib/libssl/src/crypto/bn/bn_rand.c +++ b/lib/libssl/src/crypto/bn/bn_rand.c @@ -227,7 +227,7 @@ int BN_bntest_rand(BIGNUM *rnd, int bits, int top, int bottom) /* random number r: 0 <= r < range */ -static int bn_rand_range(int pseudo, BIGNUM *r, BIGNUM *range) +static int bn_rand_range(int pseudo, BIGNUM *r, const BIGNUM *range) { int (*bn_rand)(BIGNUM *, int, int, int) = pseudo ? BN_pseudo_rand : BN_rand; int n; @@ -294,12 +294,12 @@ static int bn_rand_range(int pseudo, BIGNUM *r, BIGNUM *range) } -int BN_rand_range(BIGNUM *r, BIGNUM *range) +int BN_rand_range(BIGNUM *r, const BIGNUM *range) { return bn_rand_range(0, r, range); } -int BN_pseudo_rand_range(BIGNUM *r, BIGNUM *range) +int BN_pseudo_rand_range(BIGNUM *r, const BIGNUM *range) { return bn_rand_range(1, r, range); } diff --git a/lib/libssl/src/crypto/bn/bn_shift.c b/lib/libssl/src/crypto/bn/bn_shift.c index de9312dce23..c4d301afc46 100644 --- a/lib/libssl/src/crypto/bn/bn_shift.c +++ b/lib/libssl/src/crypto/bn/bn_shift.c @@ -177,7 +177,7 @@ int BN_rshift(BIGNUM *r, const BIGNUM *a, int n) nw=n/BN_BITS2; rb=n%BN_BITS2; lb=BN_BITS2-rb; - if (nw > a->top || a->top == 0) + if (nw >= a->top || a->top == 0) { BN_zero(r); return(1); diff --git a/lib/libssl/src/crypto/buffer/buffer.c b/lib/libssl/src/crypto/buffer/buffer.c index 3bf03c7eff0..b3e947771d5 100644 --- a/lib/libssl/src/crypto/buffer/buffer.c +++ b/lib/libssl/src/crypto/buffer/buffer.c @@ -161,61 +161,3 @@ int BUF_MEM_grow_clean(BUF_MEM *str, int len) } return(len); } - -char *BUF_strdup(const char *str) - { - if (str == NULL) return(NULL); - return BUF_strndup(str, strlen(str)); - } - -char *BUF_strndup(const char *str, size_t siz) - { - char *ret; - - if (str == NULL) return(NULL); - - ret=OPENSSL_malloc(siz+1); - if (ret == NULL) - { - BUFerr(BUF_F_BUF_STRNDUP,ERR_R_MALLOC_FAILURE); - return(NULL); - } - BUF_strlcpy(ret,str,siz+1); - return(ret); - } - -void *BUF_memdup(const void *data, size_t siz) - { - void *ret; - - if (data == NULL) return(NULL); - - ret=OPENSSL_malloc(siz); - if (ret == NULL) - { - BUFerr(BUF_F_BUF_MEMDUP,ERR_R_MALLOC_FAILURE); - return(NULL); - } - return memcpy(ret, data, siz); - } - -size_t BUF_strlcpy(char *dst, const char *src, size_t size) - { - size_t l = 0; - for(; size > 1 && *src; size--) - { - *dst++ = *src++; - l++; - } - if (size) - *dst = '\0'; - return l + strlen(src); - } - -size_t BUF_strlcat(char *dst, const char *src, size_t size) - { - size_t l = 0; - for(; size > 0 && *dst; size--, dst++) - l++; - return l + BUF_strlcpy(dst, src, size); - } diff --git a/lib/libssl/src/crypto/cast/c_skey.c b/lib/libssl/src/crypto/cast/c_skey.c index 76e40005c99..68e690a60c2 100644 --- a/lib/libssl/src/crypto/cast/c_skey.c +++ b/lib/libssl/src/crypto/cast/c_skey.c @@ -57,6 +57,11 @@ */ #include <openssl/cast.h> +#include <openssl/crypto.h> +#ifdef OPENSSL_FIPS +#include <openssl/fips.h> +#endif + #include "cast_lcl.h" #include "cast_s.h" @@ -72,7 +77,7 @@ #define S6 CAST_S_table6 #define S7 CAST_S_table7 -void CAST_set_key(CAST_KEY *key, int len, const unsigned char *data) +FIPS_NON_FIPS_VCIPHER_Init(CAST) { CAST_LONG x[16]; CAST_LONG z[16]; diff --git a/lib/libssl/src/crypto/cast/cast.h b/lib/libssl/src/crypto/cast/cast.h index 90b45b950aa..1faf5806aac 100644 --- a/lib/libssl/src/crypto/cast/cast.h +++ b/lib/libssl/src/crypto/cast/cast.h @@ -83,7 +83,9 @@ typedef struct cast_key_st int short_key; /* Use reduced rounds for short key */ } CAST_KEY; - +#ifdef OPENSSL_FIPS +void private_CAST_set_key(CAST_KEY *key, int len, const unsigned char *data); +#endif void CAST_set_key(CAST_KEY *key, int len, const unsigned char *data); void CAST_ecb_encrypt(const unsigned char *in,unsigned char *out,CAST_KEY *key, int enc); diff --git a/lib/libssl/src/crypto/cms/cms_smime.c b/lib/libssl/src/crypto/cms/cms_smime.c index b35d28d411a..b9463f9abbc 100644 --- a/lib/libssl/src/crypto/cms/cms_smime.c +++ b/lib/libssl/src/crypto/cms/cms_smime.c @@ -68,7 +68,10 @@ static int cms_copy_content(BIO *out, BIO *in, unsigned int flags) if (out == NULL) tmpout = BIO_new(BIO_s_null()); else if (flags & CMS_TEXT) + { tmpout = BIO_new(BIO_s_mem()); + BIO_set_mem_eof_return(tmpout, 0); + } else tmpout = out; diff --git a/lib/libssl/src/crypto/comp/c_zlib.c b/lib/libssl/src/crypto/comp/c_zlib.c index 0f34597e704..eccfd091378 100644 --- a/lib/libssl/src/crypto/comp/c_zlib.c +++ b/lib/libssl/src/crypto/comp/c_zlib.c @@ -727,6 +727,7 @@ static long bio_zlib_ctrl(BIO *b, int cmd, long num, void *ptr) case BIO_CTRL_RESET: ctx->ocount = 0; ctx->odone = 0; + ret = 1; break; case BIO_CTRL_FLUSH: @@ -771,7 +772,7 @@ static long bio_zlib_ctrl(BIO *b, int cmd, long num, void *ptr) } ctx->obufsize = obs; } - + ret = 1; break; case BIO_C_DO_STATE_MACHINE: @@ -783,7 +784,6 @@ static long bio_zlib_ctrl(BIO *b, int cmd, long num, void *ptr) default: ret = BIO_ctrl(b->next_bio, cmd, num, ptr); break; - } return ret; diff --git a/lib/libssl/src/crypto/conf/conf_mall.c b/lib/libssl/src/crypto/conf/conf_mall.c index 4ba40cf44cc..1cc1fd55345 100644 --- a/lib/libssl/src/crypto/conf/conf_mall.c +++ b/lib/libssl/src/crypto/conf/conf_mall.c @@ -1,5 +1,5 @@ /* conf_mall.c */ -/* Written by Stephen Henson (shenson@bigfoot.com) for the OpenSSL +/* Written by Stephen Henson (steve@openssl.org) for the OpenSSL * project 2001. */ /* ==================================================================== @@ -63,6 +63,7 @@ #include <openssl/dso.h> #include <openssl/x509.h> #include <openssl/asn1.h> +#include <openssl/evp.h> #ifndef OPENSSL_NO_ENGINE #include <openssl/engine.h> #endif @@ -76,5 +77,6 @@ void OPENSSL_load_builtin_modules(void) #ifndef OPENSSL_NO_ENGINE ENGINE_add_conf_module(); #endif + EVP_add_alg_module(); } diff --git a/lib/libssl/src/crypto/conf/conf_mod.c b/lib/libssl/src/crypto/conf/conf_mod.c index 58b23ba9928..e286378cb19 100644 --- a/lib/libssl/src/crypto/conf/conf_mod.c +++ b/lib/libssl/src/crypto/conf/conf_mod.c @@ -1,5 +1,5 @@ /* conf_mod.c */ -/* Written by Stephen Henson (shenson@bigfoot.com) for the OpenSSL +/* Written by Stephen Henson (steve@openssl.org) for the OpenSSL * project 2001. */ /* ==================================================================== diff --git a/lib/libssl/src/crypto/conf/conf_sap.c b/lib/libssl/src/crypto/conf/conf_sap.c index 9c53bac1a8c..760dc2632d3 100644 --- a/lib/libssl/src/crypto/conf/conf_sap.c +++ b/lib/libssl/src/crypto/conf/conf_sap.c @@ -1,5 +1,5 @@ /* conf_sap.c */ -/* Written by Stephen Henson (shenson@bigfoot.com) for the OpenSSL +/* Written by Stephen Henson (steve@openssl.org) for the OpenSSL * project 2001. */ /* ==================================================================== diff --git a/lib/libssl/src/crypto/cryptlib.c b/lib/libssl/src/crypto/cryptlib.c index 8c686238286..8f9e88e403d 100644 --- a/lib/libssl/src/crypto/cryptlib.c +++ b/lib/libssl/src/crypto/cryptlib.c @@ -121,275 +121,17 @@ static double SSLeay_MSVC5_hack=0.0; /* and for VC1.5 */ #endif -DECLARE_STACK_OF(CRYPTO_dynlock) -IMPLEMENT_STACK_OF(CRYPTO_dynlock) - -/* real #defines in crypto.h, keep these upto date */ -static const char* const lock_names[CRYPTO_NUM_LOCKS] = - { - "<<ERROR>>", - "err", - "ex_data", - "x509", - "x509_info", - "x509_pkey", - "x509_crl", - "x509_req", - "dsa", - "rsa", - "evp_pkey", - "x509_store", - "ssl_ctx", - "ssl_cert", - "ssl_session", - "ssl_sess_cert", - "ssl", - "ssl_method", - "rand", - "rand2", - "debug_malloc", - "BIO", - "gethostbyname", - "getservbyname", - "readdir", - "RSA_blinding", - "dh", - "debug_malloc2", - "dso", - "dynlock", - "engine", - "ui", - "ecdsa", - "ec", - "ecdh", - "bn", - "ec_pre_comp", - "store", - "comp", -#if CRYPTO_NUM_LOCKS != 39 -# error "Inconsistency between crypto.h and cryptlib.c" -#endif - }; - -/* This is for applications to allocate new type names in the non-dynamic - array of lock names. These are numbered with positive numbers. */ -static STACK *app_locks=NULL; - -/* For applications that want a more dynamic way of handling threads, the - following stack is used. These are externally numbered with negative - numbers. */ -static STACK_OF(CRYPTO_dynlock) *dyn_locks=NULL; - - static void (MS_FAR *locking_callback)(int mode,int type, const char *file,int line)=NULL; static int (MS_FAR *add_lock_callback)(int *pointer,int amount, int type,const char *file,int line)=NULL; static unsigned long (MS_FAR *id_callback)(void)=NULL; -static struct CRYPTO_dynlock_value *(MS_FAR *dynlock_create_callback) - (const char *file,int line)=NULL; -static void (MS_FAR *dynlock_lock_callback)(int mode, - struct CRYPTO_dynlock_value *l, const char *file,int line)=NULL; -static void (MS_FAR *dynlock_destroy_callback)(struct CRYPTO_dynlock_value *l, - const char *file,int line)=NULL; - -int CRYPTO_get_new_lockid(char *name) - { - char *str; - int i; - -#if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_WIN16) - /* A hack to make Visual C++ 5.0 work correctly when linking as - * a DLL using /MT. Without this, the application cannot use - * and floating point printf's. - * It also seems to be needed for Visual C 1.5 (win16) */ - SSLeay_MSVC5_hack=(double)name[0]*(double)name[1]; -#endif - - if ((app_locks == NULL) && ((app_locks=sk_new_null()) == NULL)) - { - CRYPTOerr(CRYPTO_F_CRYPTO_GET_NEW_LOCKID,ERR_R_MALLOC_FAILURE); - return(0); - } - if ((str=BUF_strdup(name)) == NULL) - { - CRYPTOerr(CRYPTO_F_CRYPTO_GET_NEW_LOCKID,ERR_R_MALLOC_FAILURE); - return(0); - } - i=sk_push(app_locks,str); - if (!i) - OPENSSL_free(str); - else - i+=CRYPTO_NUM_LOCKS; /* gap of one :-) */ - return(i); - } int CRYPTO_num_locks(void) { return CRYPTO_NUM_LOCKS; } -int CRYPTO_get_new_dynlockid(void) - { - int i = 0; - CRYPTO_dynlock *pointer = NULL; - - if (dynlock_create_callback == NULL) - { - CRYPTOerr(CRYPTO_F_CRYPTO_GET_NEW_DYNLOCKID,CRYPTO_R_NO_DYNLOCK_CREATE_CALLBACK); - return(0); - } - CRYPTO_w_lock(CRYPTO_LOCK_DYNLOCK); - if ((dyn_locks == NULL) - && ((dyn_locks=sk_CRYPTO_dynlock_new_null()) == NULL)) - { - CRYPTO_w_unlock(CRYPTO_LOCK_DYNLOCK); - CRYPTOerr(CRYPTO_F_CRYPTO_GET_NEW_DYNLOCKID,ERR_R_MALLOC_FAILURE); - return(0); - } - CRYPTO_w_unlock(CRYPTO_LOCK_DYNLOCK); - - pointer = (CRYPTO_dynlock *)OPENSSL_malloc(sizeof(CRYPTO_dynlock)); - if (pointer == NULL) - { - CRYPTOerr(CRYPTO_F_CRYPTO_GET_NEW_DYNLOCKID,ERR_R_MALLOC_FAILURE); - return(0); - } - pointer->references = 1; - pointer->data = dynlock_create_callback(__FILE__,__LINE__); - if (pointer->data == NULL) - { - OPENSSL_free(pointer); - CRYPTOerr(CRYPTO_F_CRYPTO_GET_NEW_DYNLOCKID,ERR_R_MALLOC_FAILURE); - return(0); - } - - CRYPTO_w_lock(CRYPTO_LOCK_DYNLOCK); - /* First, try to find an existing empty slot */ - i=sk_CRYPTO_dynlock_find(dyn_locks,NULL); - /* If there was none, push, thereby creating a new one */ - if (i == -1) - /* Since sk_push() returns the number of items on the - stack, not the location of the pushed item, we need - to transform the returned number into a position, - by decreasing it. */ - i=sk_CRYPTO_dynlock_push(dyn_locks,pointer) - 1; - else - /* If we found a place with a NULL pointer, put our pointer - in it. */ - (void)sk_CRYPTO_dynlock_set(dyn_locks,i,pointer); - CRYPTO_w_unlock(CRYPTO_LOCK_DYNLOCK); - - if (i == -1) - { - dynlock_destroy_callback(pointer->data,__FILE__,__LINE__); - OPENSSL_free(pointer); - } - else - i += 1; /* to avoid 0 */ - return -i; - } - -void CRYPTO_destroy_dynlockid(int i) - { - CRYPTO_dynlock *pointer = NULL; - if (i) - i = -i-1; - if (dynlock_destroy_callback == NULL) - return; - - CRYPTO_w_lock(CRYPTO_LOCK_DYNLOCK); - - if (dyn_locks == NULL || i >= sk_CRYPTO_dynlock_num(dyn_locks)) - { - CRYPTO_w_unlock(CRYPTO_LOCK_DYNLOCK); - return; - } - pointer = sk_CRYPTO_dynlock_value(dyn_locks, i); - if (pointer != NULL) - { - --pointer->references; -#ifdef REF_CHECK - if (pointer->references < 0) - { - fprintf(stderr,"CRYPTO_destroy_dynlockid, bad reference count\n"); - abort(); - } - else -#endif - if (pointer->references <= 0) - { - (void)sk_CRYPTO_dynlock_set(dyn_locks, i, NULL); - } - else - pointer = NULL; - } - CRYPTO_w_unlock(CRYPTO_LOCK_DYNLOCK); - - if (pointer) - { - dynlock_destroy_callback(pointer->data,__FILE__,__LINE__); - OPENSSL_free(pointer); - } - } - -struct CRYPTO_dynlock_value *CRYPTO_get_dynlock_value(int i) - { - CRYPTO_dynlock *pointer = NULL; - if (i) - i = -i-1; - - CRYPTO_w_lock(CRYPTO_LOCK_DYNLOCK); - - if (dyn_locks != NULL && i < sk_CRYPTO_dynlock_num(dyn_locks)) - pointer = sk_CRYPTO_dynlock_value(dyn_locks, i); - if (pointer) - pointer->references++; - - CRYPTO_w_unlock(CRYPTO_LOCK_DYNLOCK); - - if (pointer) - return pointer->data; - return NULL; - } - -struct CRYPTO_dynlock_value *(*CRYPTO_get_dynlock_create_callback(void)) - (const char *file,int line) - { - return(dynlock_create_callback); - } - -void (*CRYPTO_get_dynlock_lock_callback(void))(int mode, - struct CRYPTO_dynlock_value *l, const char *file,int line) - { - return(dynlock_lock_callback); - } - -void (*CRYPTO_get_dynlock_destroy_callback(void)) - (struct CRYPTO_dynlock_value *l, const char *file,int line) - { - return(dynlock_destroy_callback); - } - -void CRYPTO_set_dynlock_create_callback(struct CRYPTO_dynlock_value *(*func) - (const char *file, int line)) - { - dynlock_create_callback=func; - } - -void CRYPTO_set_dynlock_lock_callback(void (*func)(int mode, - struct CRYPTO_dynlock_value *l, const char *file, int line)) - { - dynlock_lock_callback=func; - } - -void CRYPTO_set_dynlock_destroy_callback(void (*func) - (struct CRYPTO_dynlock_value *l, const char *file, int line)) - { - dynlock_destroy_callback=func; - } - - void (*CRYPTO_get_locking_callback(void))(int mode,int type,const char *file, int line) { @@ -445,6 +187,14 @@ unsigned long CRYPTO_thread_id(void) return(ret); } +static void (*do_dynlock_cb)(int mode, int type, const char *file, int line); + +void int_CRYPTO_set_do_dynlock_callback( + void (*dyn_cb)(int mode, int type, const char *file, int line)) + { + do_dynlock_cb = dyn_cb; + } + void CRYPTO_lock(int mode, int type, const char *file, int line) { #ifdef LOCK_DEBUG @@ -472,17 +222,8 @@ void CRYPTO_lock(int mode, int type, const char *file, int line) #endif if (type < 0) { - if (dynlock_lock_callback != NULL) - { - struct CRYPTO_dynlock_value *pointer - = CRYPTO_get_dynlock_value(type); - - OPENSSL_assert(pointer != NULL); - - dynlock_lock_callback(mode, pointer, file, line); - - CRYPTO_destroy_dynlockid(type); - } + if (do_dynlock_cb) + do_dynlock_cb(mode, type, file, line); } else if (locking_callback != NULL) @@ -527,21 +268,9 @@ int CRYPTO_add_lock(int *pointer, int amount, int type, const char *file, return(ret); } -const char *CRYPTO_get_lock_name(int type) - { - if (type < 0) - return("dynamic"); - else if (type < CRYPTO_NUM_LOCKS) - return(lock_names[type]); - else if (type-CRYPTO_NUM_LOCKS > sk_num(app_locks)) - return("ERROR"); - else - return(sk_value(app_locks,type-CRYPTO_NUM_LOCKS)); - } - #if defined(__i386) || defined(__i386__) || defined(_M_IX86) || \ defined(__INTEL__) || \ - defined(__x86_64) || defined(__x86_64__) || defined(_M_AMD64) + defined(__x86_64) || defined(__x86_64__) || defined(_M_AMD64) || defined(_M_X64) unsigned long OPENSSL_ia32cap_P=0; unsigned long *OPENSSL_ia32cap_loc(void) { return &OPENSSL_ia32cap_P; } @@ -577,6 +306,62 @@ void OPENSSL_cpuid_setup(void) {} #endif #if (defined(_WIN32) || defined(__CYGWIN__)) && defined(_WINDLL) + +#ifdef OPENSSL_FIPS + +#include <tlhelp32.h> +#if defined(__GNUC__) && __GNUC__>=2 +static int DllInit(void) __attribute__((constructor)); +#elif defined(_MSC_VER) +static int DllInit(void); +# ifdef _WIN64 +# pragma section(".CRT$XCU",read) + __declspec(allocate(".CRT$XCU")) +# else +# pragma data_seg(".CRT$XCU") +# endif + static int (*p)(void) = DllInit; +# pragma data_seg() +#endif + +static int DllInit(void) +{ +#if defined(_WIN32_WINNT) + union { int(*f)(void); BYTE *p; } t = { DllInit }; + HANDLE hModuleSnap = INVALID_HANDLE_VALUE; + IMAGE_DOS_HEADER *dos_header; + IMAGE_NT_HEADERS *nt_headers; + MODULEENTRY32 me32 = {sizeof(me32)}; + + hModuleSnap = CreateToolhelp32Snapshot(TH32CS_SNAPMODULE,0); + if (hModuleSnap != INVALID_HANDLE_VALUE && + Module32First(hModuleSnap,&me32)) do + { + if (t.p >= me32.modBaseAddr && + t.p < me32.modBaseAddr+me32.modBaseSize) + { + dos_header=(IMAGE_DOS_HEADER *)me32.modBaseAddr; + if (dos_header->e_magic==IMAGE_DOS_SIGNATURE) + { + nt_headers=(IMAGE_NT_HEADERS *) + ((BYTE *)dos_header+dos_header->e_lfanew); + if (nt_headers->Signature==IMAGE_NT_SIGNATURE && + me32.modBaseAddr!=(BYTE*)nt_headers->OptionalHeader.ImageBase) + OPENSSL_NONPIC_relocated=1; + } + break; + } + } while (Module32Next(hModuleSnap,&me32)); + + if (hModuleSnap != INVALID_HANDLE_VALUE) + CloseHandle(hModuleSnap); +#endif + OPENSSL_cpuid_setup(); + return 0; +} + +#else + #ifdef __CYGWIN__ /* pick DLL_[PROCESS|THREAD]_[ATTACH|DETACH] definitions */ #include <windows.h> @@ -620,6 +405,8 @@ BOOL WINAPI DllMain(HINSTANCE hinstDLL, DWORD fdwReason, } #endif +#endif + #if defined(_WIN32) && !defined(__CYGWIN__) #include <tchar.h> diff --git a/lib/libssl/src/crypto/crypto-lib.com b/lib/libssl/src/crypto/crypto-lib.com index 8898f30c1f7..db9c882fb08 100644 --- a/lib/libssl/src/crypto/crypto-lib.com +++ b/lib/libssl/src/crypto/crypto-lib.com @@ -83,7 +83,7 @@ $ ENCRYPT_TYPES = "Basic,"+ - "BUFFER,BIO,STACK,LHASH,RAND,ERR,"+ - "EVP,EVP_2,ASN1,ASN1_2,PEM,X509,X509V3,"+ - "CONF,TXT_DB,PKCS7,PKCS12,COMP,OCSP,UI,KRB5,"+ - - "STORE,CMS,PQUEUE" + "STORE,CMS,PQUEUE,JPAKE" $! $! Check To Make Sure We Have Valid Command Line Parameters. $! @@ -161,7 +161,7 @@ $! $ APPS_DES = "DES/DES,CBC3_ENC" $ APPS_PKCS7 = "ENC/ENC;DEC/DEC;SIGN/SIGN;VERIFY/VERIFY,EXAMPLE" $ -$ LIB_ = "cryptlib,mem,mem_clr,mem_dbg,cversion,ex_data,tmdiff,cpt_err,ebcdic,uid,o_time,o_str,o_dir" +$ LIB_ = "cryptlib,dyn_lck,mem,mem_clr,mem_dbg,cversion,ex_data,tmdiff,cpt_err,ebcdic,uid,o_time,o_str,o_dir,o_init,fips_err" $ LIB_MD2 = "md2_dgst,md2_one" $ LIB_MD4 = "md4_dgst,md4_one" $ LIB_MD5 = "md5_dgst,md5_one" @@ -197,9 +197,9 @@ $ LIB_EC = "ec_lib,ecp_smpl,ecp_mont,ecp_nist,ec_cvt,ec_mult,"+ - "ec2_smpl,ec2_mult" $ LIB_RSA = "rsa_eay,rsa_gen,rsa_lib,rsa_sign,rsa_saos,rsa_err,"+ - "rsa_pk1,rsa_ssl,rsa_none,rsa_oaep,rsa_chk,rsa_null,"+ - - "rsa_pss,rsa_x931,rsa_asn1,rsa_depr" + "rsa_pss,rsa_x931,rsa_x931g,rsa_asn1,rsa_depr,rsa_eng" $ LIB_DSA = "dsa_gen,dsa_key,dsa_lib,dsa_asn1,dsa_vrf,dsa_sign,"+ - - "dsa_err,dsa_ossl,dsa_depr" + "dsa_err,dsa_ossl,dsa_depr,dsa_utl" $ LIB_ECDSA = "ecs_lib,ecs_asn1,ecs_ossl,ecs_sign,ecs_vrf,ecs_err" $ LIB_DH = "dh_asn1,dh_gen,dh_key,dh_lib,dh_check,dh_err,dh_depr" $ LIB_ECDH = "ech_lib,ech_ossl,ech_key,ech_err" @@ -211,8 +211,8 @@ $ LIB_ENGINE = "eng_err,eng_lib,eng_list,eng_init,eng_ctrl,"+ - "tb_cipher,tb_digest,"+ - "eng_openssl,eng_dyn,eng_cnf,eng_cryptodev,eng_padlock" $ LIB_AES = "aes_core,aes_misc,aes_ecb,aes_cbc,aes_cfb,aes_ofb,"+ - - "aes_ctr,aes_ige,aes_wrap" -$ LIB_BUFFER = "buffer,buf_err" + "aes_ctr,aes_ige" +$ LIB_BUFFER = "buffer,buf_str,buf_err" $ LIB_BIO = "bio_lib,bio_cb,bio_err,"+ - "bss_mem,bss_null,bss_fd,"+ - "bss_file,bss_sock,bss_conn,"+ - @@ -224,18 +224,19 @@ $ LIB_STACK = "stack" $ LIB_LHASH = "lhash,lh_stats" $ LIB_RAND = "md_rand,randfile,rand_lib,rand_err,rand_egd,"+ - "rand_vms" -$ LIB_ERR = "err,err_all,err_prn" +$ LIB_ERR = "err,err_def,err_all,err_prn,err_str,err_bio" $ LIB_OBJECTS = "o_names,obj_dat,obj_lib,obj_err" -$ LIB_EVP = "encode,digest,evp_enc,evp_key,evp_acnf,"+ - - "e_des,e_bf,e_idea,e_des3,e_camellia,e_seed,"+ - - "e_rc4,e_aes,names,"+ - - "e_xcbc_d,e_rc2,e_cast,e_rc5" +$ LIB_EVP = "encode,digest,dig_eng,evp_enc,evp_key,evp_acnf,evp_cnf,"+ - + "e_des,e_bf,e_idea,e_des3,e_camellia,"+ - + "e_rc4,e_aes,names,e_seed,"+ - + "e_xcbc_d,e_rc2,e_cast,e_rc5,enc_min" $ LIB_EVP_2 = "m_null,m_md2,m_md4,m_md5,m_sha,m_sha1," + - "m_dss,m_dss1,m_mdc2,m_ripemd,m_ecdsa,"+ - "p_open,p_seal,p_sign,p_verify,p_lib,p_enc,p_dec,"+ - "bio_md,bio_b64,bio_enc,evp_err,e_null,"+ - "c_all,c_allc,c_alld,evp_lib,bio_ok,"+- "evp_pkey,evp_pbe,p5_crpt,p5_crpt2" +$ LIB_EVP_3 = "e_old" $ LIB_ASN1 = "a_object,a_bitstr,a_utctm,a_gentm,a_time,a_int,a_octet,"+ - "a_print,a_type,a_set,a_dup,a_d2i_fp,a_i2d_fp,"+ - "a_enum,a_utf8,a_sign,a_digest,a_verify,a_mbstr,a_strex,"+ - @@ -245,7 +246,7 @@ $ LIB_ASN1 = "a_object,a_bitstr,a_utctm,a_gentm,a_time,a_int,a_octet,"+ - $ LIB_ASN1_2 = "t_req,t_x509,t_x509a,t_crl,t_pkey,t_spki,t_bitst,"+ - "tasn_new,tasn_fre,tasn_enc,tasn_dec,tasn_utl,tasn_typ,"+ - "f_int,f_string,n_pkey,"+ - - "f_enum,a_hdr,x_pkey,a_bool,x_exten,asn_mime,"+ - + "f_enum,a_hdr,x_pkey,a_bool,x_exten,"+ - "asn1_gen,asn1_par,asn1_lib,asn1_err,a_meth,a_bytes,a_strnid,"+ - "evp_asn1,asn_pack,p5_pbe,p5_pbev2,p8_pkey,asn_moid" $ LIB_PEM = "pem_sign,pem_seal,pem_info,pem_lib,pem_all,pem_err,"+ - @@ -280,6 +281,7 @@ $ LIB_STORE = "str_err,str_lib,str_meth,str_mem" $ LIB_CMS = "cms_lib,cms_asn1,cms_att,cms_io,cms_smime,cms_err,"+ - "cms_sd,cms_dd,cms_cd,cms_env,cms_enc,cms_ess" $ LIB_PQUEUE = "pqueue" +$ LIB_JPAKE = "jpake,jpake_err" $! $! Setup exceptional compilations $! diff --git a/lib/libssl/src/crypto/crypto.h b/lib/libssl/src/crypto/crypto.h index fe2c1d64034..0e4fb0723ce 100644 --- a/lib/libssl/src/crypto/crypto.h +++ b/lib/libssl/src/crypto/crypto.h @@ -219,7 +219,13 @@ typedef struct openssl_item_st #define CRYPTO_LOCK_EC_PRE_COMP 36 #define CRYPTO_LOCK_STORE 37 #define CRYPTO_LOCK_COMP 38 +#ifndef OPENSSL_FIPS #define CRYPTO_NUM_LOCKS 39 +#else +#define CRYPTO_LOCK_FIPS 39 +#define CRYPTO_LOCK_FIPS2 40 +#define CRYPTO_NUM_LOCKS 41 +#endif #define CRYPTO_LOCK 1 #define CRYPTO_UNLOCK 2 @@ -341,14 +347,7 @@ DECLARE_STACK_OF(CRYPTO_EX_DATA_FUNCS) /* Set standard debugging functions (not done by default * unless CRYPTO_MDEBUG is defined) */ -#define CRYPTO_malloc_debug_init() do {\ - CRYPTO_set_mem_debug_functions(\ - CRYPTO_dbg_malloc,\ - CRYPTO_dbg_realloc,\ - CRYPTO_dbg_free,\ - CRYPTO_dbg_set_options,\ - CRYPTO_dbg_get_options);\ - } while(0) +void CRYPTO_malloc_debug_init(void); int CRYPTO_mem_ctrl(int mode); int CRYPTO_is_mem_check_on(void); @@ -363,6 +362,7 @@ int CRYPTO_is_mem_check_on(void); #define is_MemCheck_on() CRYPTO_is_mem_check_on() #define OPENSSL_malloc(num) CRYPTO_malloc((int)num,__FILE__,__LINE__) +#define OPENSSL_strdup(str) CRYPTO_strdup((str),__FILE__,__LINE__) #define OPENSSL_realloc(addr,num) \ CRYPTO_realloc((char *)addr,(int)num,__FILE__,__LINE__) #define OPENSSL_realloc_clean(addr,old_num,num) \ @@ -427,6 +427,9 @@ const char *CRYPTO_get_lock_name(int type); int CRYPTO_add_lock(int *pointer,int amount,int type, const char *file, int line); +void int_CRYPTO_set_do_dynlock_callback( + void (*do_dynlock_cb)(int mode, int type, const char *file, int line)); + int CRYPTO_get_new_dynlockid(void); void CRYPTO_destroy_dynlockid(int i); struct CRYPTO_dynlock_value *CRYPTO_get_dynlock_value(int i); @@ -451,6 +454,10 @@ int CRYPTO_set_mem_debug_functions(void (*m)(void *,int,const char *,int,int), void (*f)(void *,int), void (*so)(long), long (*go)(void)); +void CRYPTO_set_mem_info_functions( + int (*push_info_fn)(const char *info, const char *file, int line), + int (*pop_info_fn)(void), + int (*remove_all_info_fn)(void)); void CRYPTO_get_mem_functions(void *(**m)(size_t),void *(**r)(void *, size_t), void (**f)(void *)); void CRYPTO_get_locked_mem_functions(void *(**m)(size_t), void (**f)(void *)); void CRYPTO_get_mem_ex_functions(void *(**m)(size_t,const char *,int), @@ -467,6 +474,7 @@ void CRYPTO_get_mem_debug_functions(void (**m)(void *,int,const char *,int,int), void *CRYPTO_malloc_locked(int num, const char *file, int line); void CRYPTO_free_locked(void *); void *CRYPTO_malloc(int num, const char *file, int line); +char *CRYPTO_strdup(const char *str, const char *file, int line); void CRYPTO_free(void *); void *CRYPTO_realloc(void *addr,int num, const char *file, int line); void *CRYPTO_realloc_clean(void *addr,int old_num,int num,const char *file, @@ -506,6 +514,9 @@ void CRYPTO_dbg_free(void *addr,int before_p); void CRYPTO_dbg_set_options(long bits); long CRYPTO_dbg_get_options(void); +int CRYPTO_dbg_push_info(const char *info, const char *file, int line); +int CRYPTO_dbg_pop_info(void); +int CRYPTO_dbg_remove_all_info(void); #ifndef OPENSSL_NO_FP_API void CRYPTO_mem_leaks_fp(FILE *); @@ -523,12 +534,69 @@ unsigned long *OPENSSL_ia32cap_loc(void); #define OPENSSL_ia32cap (*(OPENSSL_ia32cap_loc())) int OPENSSL_isservice(void); +#ifdef OPENSSL_FIPS +#define FIPS_ERROR_IGNORED(alg) OpenSSLDie(__FILE__, __LINE__, \ + alg " previous FIPS forbidden algorithm error ignored"); + +#define FIPS_BAD_ABORT(alg) OpenSSLDie(__FILE__, __LINE__, \ + #alg " Algorithm forbidden in FIPS mode"); + +#ifdef OPENSSL_FIPS_STRICT +#define FIPS_BAD_ALGORITHM(alg) FIPS_BAD_ABORT(alg) +#else +#define FIPS_BAD_ALGORITHM(alg) \ + { \ + FIPSerr(FIPS_F_HASH_FINAL,FIPS_R_NON_FIPS_METHOD); \ + ERR_add_error_data(2, "Algorithm=", #alg); \ + return 0; \ + } +#endif + +/* Low level digest API blocking macro */ + +#define FIPS_NON_FIPS_MD_Init(alg) \ + int alg##_Init(alg##_CTX *c) \ + { \ + if (FIPS_mode()) \ + FIPS_BAD_ALGORITHM(alg) \ + return private_##alg##_Init(c); \ + } \ + int private_##alg##_Init(alg##_CTX *c) + +/* For ciphers the API often varies from cipher to cipher and each needs to + * be treated as a special case. Variable key length ciphers (Blowfish, RC4, + * CAST) however are very similar and can use a blocking macro. + */ + +#define FIPS_NON_FIPS_VCIPHER_Init(alg) \ + void alg##_set_key(alg##_KEY *key, int len, const unsigned char *data) \ + { \ + if (FIPS_mode()) \ + FIPS_BAD_ABORT(alg) \ + private_##alg##_set_key(key, len, data); \ + } \ + void private_##alg##_set_key(alg##_KEY *key, int len, \ + const unsigned char *data) + +#else + +#define FIPS_NON_FIPS_VCIPHER_Init(alg) \ + void alg##_set_key(alg##_KEY *key, int len, const unsigned char *data) + +#define FIPS_NON_FIPS_MD_Init(alg) \ + int alg##_Init(alg##_CTX *c) + +#endif /* def OPENSSL_FIPS */ + /* BEGIN ERROR CODES */ /* The following lines are auto generated by the script mkerr.pl. Any changes * made after this point may be overwritten when the script is next run. */ void ERR_load_CRYPTO_strings(void); +#define OPENSSL_HAVE_INIT 1 +void OPENSSL_init(void); + /* Error codes for the CRYPTO functions. */ /* Function codes. */ diff --git a/lib/libssl/src/crypto/des/des_enc.c b/lib/libssl/src/crypto/des/des_enc.c index 0fe4e0b2adc..22701e06693 100644 --- a/lib/libssl/src/crypto/des/des_enc.c +++ b/lib/libssl/src/crypto/des/des_enc.c @@ -293,6 +293,8 @@ void DES_decrypt3(DES_LONG *data, DES_key_schedule *ks1, #ifndef DES_DEFAULT_OPTIONS +#if !defined(OPENSSL_FIPS_DES_ASM) + #undef CBC_ENC_C__DONT_UPDATE_IV #include "ncbc_enc.c" /* DES_ncbc_encrypt */ @@ -408,4 +410,6 @@ void DES_ede3_cbc_encrypt(const unsigned char *input, unsigned char *output, tin[0]=tin[1]=0; } +#endif + #endif /* DES_DEFAULT_OPTIONS */ diff --git a/lib/libssl/src/crypto/des/ecb_enc.c b/lib/libssl/src/crypto/des/ecb_enc.c index 00d5b91e8ca..75ae6cf8bb6 100644 --- a/lib/libssl/src/crypto/des/ecb_enc.c +++ b/lib/libssl/src/crypto/des/ecb_enc.c @@ -57,54 +57,7 @@ */ #include "des_locl.h" -#include "des_ver.h" #include "spr.h" -#include <openssl/opensslv.h> -#include <openssl/bio.h> - -OPENSSL_GLOBAL const char libdes_version[]="libdes" OPENSSL_VERSION_PTEXT; -OPENSSL_GLOBAL const char DES_version[]="DES" OPENSSL_VERSION_PTEXT; - -const char *DES_options(void) - { - static int init=1; - static char buf[32]; - - if (init) - { - const char *ptr,*unroll,*risc,*size; - -#ifdef DES_PTR - ptr="ptr"; -#else - ptr="idx"; -#endif -#if defined(DES_RISC1) || defined(DES_RISC2) -#ifdef DES_RISC1 - risc="risc1"; -#endif -#ifdef DES_RISC2 - risc="risc2"; -#endif -#else - risc="cisc"; -#endif -#ifdef DES_UNROLL - unroll="16"; -#else - unroll="4"; -#endif - if (sizeof(DES_LONG) != sizeof(long)) - size="int"; - else - size="long"; - BIO_snprintf(buf,sizeof buf,"des(%s,%s,%s,%s)",ptr,risc,unroll, - size); - init=0; - } - return(buf); - } - void DES_ecb_encrypt(const_DES_cblock *input, DES_cblock *output, DES_key_schedule *ks, int enc) diff --git a/lib/libssl/src/crypto/des/enc_read.c b/lib/libssl/src/crypto/des/enc_read.c index c70fb686b8b..e7da2ec66b0 100644 --- a/lib/libssl/src/crypto/des/enc_read.c +++ b/lib/libssl/src/crypto/des/enc_read.c @@ -147,7 +147,11 @@ int DES_enc_read(int fd, void *buf, int len, DES_key_schedule *sched, /* first - get the length */ while (net_num < HDRSIZE) { +#ifndef _WIN32 i=read(fd,(void *)&(net[net_num]),HDRSIZE-net_num); +#else + i=_read(fd,(void *)&(net[net_num]),HDRSIZE-net_num); +#endif #ifdef EINTR if ((i == -1) && (errno == EINTR)) continue; #endif diff --git a/lib/libssl/src/crypto/des/enc_writ.c b/lib/libssl/src/crypto/des/enc_writ.c index af5b8c2349b..c2f032c9a6a 100644 --- a/lib/libssl/src/crypto/des/enc_writ.c +++ b/lib/libssl/src/crypto/des/enc_writ.c @@ -153,7 +153,11 @@ int DES_enc_write(int fd, const void *_buf, int len, { /* eay 26/08/92 I was not doing writing from where we * got up to. */ +#ifndef _WIN32 i=write(fd,(void *)&(outbuf[j]),outnum-j); +#else + i=_write(fd,(void *)&(outbuf[j]),outnum-j); +#endif if (i == -1) { #ifdef EINTR diff --git a/lib/libssl/src/crypto/des/set_key.c b/lib/libssl/src/crypto/des/set_key.c index a43ef3c8818..c0806d593c1 100644 --- a/lib/libssl/src/crypto/des/set_key.c +++ b/lib/libssl/src/crypto/des/set_key.c @@ -64,6 +64,10 @@ * 1.0 First working version */ #include "des_locl.h" +#ifdef OPENSSL_FIPS +#include <openssl/fips.h> +#endif + OPENSSL_IMPLEMENT_GLOBAL(int,DES_check_key); /* defaults to false */ @@ -349,6 +353,10 @@ void DES_set_key_unchecked(const_DES_cblock *key, DES_key_schedule *schedule) k = &schedule->ks->deslong[0]; in = &(*key)[0]; +#ifdef OPENSSL_FIPS + FIPS_selftest_check(); +#endif + c2l(in,c); c2l(in,d); @@ -405,3 +413,4 @@ void des_fixup_key_parity(des_cblock *key) des_set_odd_parity(key); } */ + diff --git a/lib/libssl/src/crypto/dh/Makefile b/lib/libssl/src/crypto/dh/Makefile index 950cad9c5ba..d01fa960ebc 100644 --- a/lib/libssl/src/crypto/dh/Makefile +++ b/lib/libssl/src/crypto/dh/Makefile @@ -33,7 +33,7 @@ top: all: lib lib: $(LIBOBJ) - $(AR) $(LIB) $(LIBOBJ) + $(ARX) $(LIB) $(LIBOBJ) $(RANLIB) $(LIB) || echo Never mind. @touch lib @@ -129,11 +129,11 @@ dh_lib.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h dh_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h dh_lib.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h dh_lib.o: ../../include/openssl/engine.h ../../include/openssl/err.h -dh_lib.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h -dh_lib.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -dh_lib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -dh_lib.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h -dh_lib.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -dh_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -dh_lib.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -dh_lib.o: ../cryptlib.h dh_lib.c +dh_lib.o: ../../include/openssl/evp.h ../../include/openssl/fips.h +dh_lib.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +dh_lib.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +dh_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +dh_lib.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +dh_lib.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +dh_lib.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +dh_lib.o: ../../include/openssl/x509_vfy.h ../cryptlib.h dh_lib.c diff --git a/lib/libssl/src/crypto/dh/dh.h b/lib/libssl/src/crypto/dh/dh.h index 0afabc7dd32..0a39742773c 100644 --- a/lib/libssl/src/crypto/dh/dh.h +++ b/lib/libssl/src/crypto/dh/dh.h @@ -77,6 +77,8 @@ # define OPENSSL_DH_MAX_MODULUS_BITS 10000 #endif +#define OPENSSL_DH_FIPS_MIN_MODULUS_BITS 1024 + #define DH_FLAG_CACHE_MONT_P 0x01 #define DH_FLAG_NO_EXP_CONSTTIME 0x02 /* new with 0.9.7h; the built-in DH * implementation now uses constant time @@ -167,6 +169,11 @@ struct dh_st const DH_METHOD *DH_OpenSSL(void); +#ifdef OPENSSL_FIPS +DH * FIPS_dh_new(void); +void FIPS_dh_free(DH *dh); +#endif + void DH_set_default_method(const DH_METHOD *meth); const DH_METHOD *DH_get_default_method(void); int DH_set_method(DH *dh, const DH_METHOD *meth); @@ -218,6 +225,9 @@ void ERR_load_DH_strings(void); #define DH_F_DHPARAMS_PRINT 100 #define DH_F_DHPARAMS_PRINT_FP 101 #define DH_F_DH_BUILTIN_GENPARAMS 106 +#define DH_F_DH_COMPUTE_KEY 107 +#define DH_F_DH_GENERATE_KEY 108 +#define DH_F_DH_GENERATE_PARAMETERS 109 #define DH_F_DH_NEW_METHOD 105 #define DH_F_GENERATE_KEY 103 #define DH_F_GENERATE_PARAMETERS 104 @@ -225,6 +235,7 @@ void ERR_load_DH_strings(void); /* Reason codes. */ #define DH_R_BAD_GENERATOR 101 #define DH_R_INVALID_PUBKEY 102 +#define DH_R_KEY_SIZE_TOO_SMALL 104 #define DH_R_MODULUS_TOO_LARGE 103 #define DH_R_NO_PRIVATE_VALUE 100 #define DH_R_INVALID_PUBKEY 102 diff --git a/lib/libssl/src/crypto/dh/dh_asn1.c b/lib/libssl/src/crypto/dh/dh_asn1.c index 769b5b68c53..76740af2bd1 100644 --- a/lib/libssl/src/crypto/dh/dh_asn1.c +++ b/lib/libssl/src/crypto/dh/dh_asn1.c @@ -1,5 +1,5 @@ /* dh_asn1.c */ -/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2000. */ /* ==================================================================== diff --git a/lib/libssl/src/crypto/dh/dh_check.c b/lib/libssl/src/crypto/dh/dh_check.c index b8469130045..316cb9221df 100644 --- a/lib/libssl/src/crypto/dh/dh_check.c +++ b/lib/libssl/src/crypto/dh/dh_check.c @@ -70,6 +70,8 @@ * should hold. */ +#ifndef OPENSSL_FIPS + int DH_check(const DH *dh, int *ret) { int ok=0; @@ -140,3 +142,5 @@ err: if (q != NULL) BN_free(q); return(ok); } + +#endif diff --git a/lib/libssl/src/crypto/dh/dh_err.c b/lib/libssl/src/crypto/dh/dh_err.c index b2361c73898..b364362fcae 100644 --- a/lib/libssl/src/crypto/dh/dh_err.c +++ b/lib/libssl/src/crypto/dh/dh_err.c @@ -1,6 +1,6 @@ /* crypto/dh/dh_err.c */ /* ==================================================================== - * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved. + * Copyright (c) 1999-2007 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -74,6 +74,9 @@ static ERR_STRING_DATA DH_str_functs[]= {ERR_FUNC(DH_F_DHPARAMS_PRINT), "DHparams_print"}, {ERR_FUNC(DH_F_DHPARAMS_PRINT_FP), "DHparams_print_fp"}, {ERR_FUNC(DH_F_DH_BUILTIN_GENPARAMS), "DH_BUILTIN_GENPARAMS"}, +{ERR_FUNC(DH_F_DH_COMPUTE_KEY), "DH_compute_key"}, +{ERR_FUNC(DH_F_DH_GENERATE_KEY), "DH_generate_key"}, +{ERR_FUNC(DH_F_DH_GENERATE_PARAMETERS), "DH_generate_parameters"}, {ERR_FUNC(DH_F_DH_NEW_METHOD), "DH_new_method"}, {ERR_FUNC(DH_F_GENERATE_KEY), "GENERATE_KEY"}, {ERR_FUNC(DH_F_GENERATE_PARAMETERS), "GENERATE_PARAMETERS"}, @@ -84,6 +87,7 @@ static ERR_STRING_DATA DH_str_reasons[]= { {ERR_REASON(DH_R_BAD_GENERATOR) ,"bad generator"}, {ERR_REASON(DH_R_INVALID_PUBKEY) ,"invalid public key"}, +{ERR_REASON(DH_R_KEY_SIZE_TOO_SMALL) ,"key size too small"}, {ERR_REASON(DH_R_MODULUS_TOO_LARGE) ,"modulus too large"}, {ERR_REASON(DH_R_NO_PRIVATE_VALUE) ,"no private value"}, {ERR_REASON(DH_R_INVALID_PUBKEY) ,"invalid public key"}, diff --git a/lib/libssl/src/crypto/dh/dh_gen.c b/lib/libssl/src/crypto/dh/dh_gen.c index cfd5b118681..999e1deb409 100644 --- a/lib/libssl/src/crypto/dh/dh_gen.c +++ b/lib/libssl/src/crypto/dh/dh_gen.c @@ -66,6 +66,8 @@ #include <openssl/bn.h> #include <openssl/dh.h> +#ifndef OPENSSL_FIPS + static int dh_builtin_genparams(DH *ret, int prime_len, int generator, BN_GENCB *cb); int DH_generate_parameters_ex(DH *ret, int prime_len, int generator, BN_GENCB *cb) @@ -173,3 +175,5 @@ err: } return ok; } + +#endif diff --git a/lib/libssl/src/crypto/dh/dh_key.c b/lib/libssl/src/crypto/dh/dh_key.c index e7db440342f..79dd3318634 100644 --- a/lib/libssl/src/crypto/dh/dh_key.c +++ b/lib/libssl/src/crypto/dh/dh_key.c @@ -62,6 +62,8 @@ #include <openssl/rand.h> #include <openssl/dh.h> +#ifndef OPENSSL_FIPS + static int generate_key(DH *dh); static int compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh); static int dh_bn_mod_exp(const DH *dh, BIGNUM *r, @@ -261,3 +263,5 @@ static int dh_finish(DH *dh) BN_MONT_CTX_free(dh->method_mont_p); return(1); } + +#endif diff --git a/lib/libssl/src/crypto/dsa/Makefile b/lib/libssl/src/crypto/dsa/Makefile index 5493f19e85c..2cc45cdc625 100644 --- a/lib/libssl/src/crypto/dsa/Makefile +++ b/lib/libssl/src/crypto/dsa/Makefile @@ -18,9 +18,9 @@ APPS= LIB=$(TOP)/libcrypto.a LIBSRC= dsa_gen.c dsa_key.c dsa_lib.c dsa_asn1.c dsa_vrf.c dsa_sign.c \ - dsa_err.c dsa_ossl.c dsa_depr.c + dsa_err.c dsa_ossl.c dsa_depr.c dsa_utl.c LIBOBJ= dsa_gen.o dsa_key.o dsa_lib.o dsa_asn1.o dsa_vrf.o dsa_sign.o \ - dsa_err.o dsa_ossl.o dsa_depr.o + dsa_err.o dsa_ossl.o dsa_depr.o dsa_utl.o SRC= $(LIBSRC) @@ -35,7 +35,7 @@ top: all: lib lib: $(LIBOBJ) - $(AR) $(LIB) $(LIBOBJ) + $(ARX) $(LIB) $(LIBOBJ) $(RANLIB) $(LIB) || echo Never mind. @touch lib @@ -78,9 +78,10 @@ clean: dsa_asn1.o: ../../e_os.h ../../include/openssl/asn1.h dsa_asn1.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h -dsa_asn1.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -dsa_asn1.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h -dsa_asn1.o: ../../include/openssl/err.h ../../include/openssl/lhash.h +dsa_asn1.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h +dsa_asn1.o: ../../include/openssl/crypto.h ../../include/openssl/dsa.h +dsa_asn1.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h +dsa_asn1.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h dsa_asn1.o: ../../include/openssl/opensslconf.h dsa_asn1.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h dsa_asn1.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h @@ -90,8 +91,9 @@ dsa_depr.o: ../../include/openssl/bio.h ../../include/openssl/bn.h dsa_depr.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h dsa_depr.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h dsa_depr.o: ../../include/openssl/err.h ../../include/openssl/evp.h -dsa_depr.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -dsa_depr.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +dsa_depr.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h +dsa_depr.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +dsa_depr.o: ../../include/openssl/opensslconf.h dsa_depr.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h dsa_depr.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h dsa_depr.o: ../../include/openssl/sha.h ../../include/openssl/stack.h @@ -108,12 +110,13 @@ dsa_gen.o: ../../include/openssl/bio.h ../../include/openssl/bn.h dsa_gen.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h dsa_gen.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h dsa_gen.o: ../../include/openssl/err.h ../../include/openssl/evp.h -dsa_gen.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -dsa_gen.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -dsa_gen.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -dsa_gen.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h -dsa_gen.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -dsa_gen.o: ../../include/openssl/symhacks.h ../cryptlib.h dsa_gen.c +dsa_gen.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h +dsa_gen.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +dsa_gen.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +dsa_gen.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h +dsa_gen.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +dsa_gen.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +dsa_gen.o: ../cryptlib.h dsa_gen.c dsa_key.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h dsa_key.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h dsa_key.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h @@ -129,14 +132,14 @@ dsa_lib.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h dsa_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h dsa_lib.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h dsa_lib.o: ../../include/openssl/engine.h ../../include/openssl/err.h -dsa_lib.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h -dsa_lib.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -dsa_lib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -dsa_lib.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h -dsa_lib.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -dsa_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -dsa_lib.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -dsa_lib.o: ../cryptlib.h dsa_lib.c +dsa_lib.o: ../../include/openssl/evp.h ../../include/openssl/fips.h +dsa_lib.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +dsa_lib.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +dsa_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +dsa_lib.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +dsa_lib.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +dsa_lib.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +dsa_lib.o: ../../include/openssl/x509_vfy.h ../cryptlib.h dsa_lib.c dsa_ossl.o: ../../e_os.h ../../include/openssl/asn1.h dsa_ossl.o: ../../include/openssl/bio.h ../../include/openssl/bn.h dsa_ossl.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h @@ -151,19 +154,34 @@ dsa_sign.o: ../../e_os.h ../../include/openssl/asn1.h dsa_sign.o: ../../include/openssl/bio.h ../../include/openssl/bn.h dsa_sign.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h dsa_sign.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h -dsa_sign.o: ../../include/openssl/err.h ../../include/openssl/lhash.h -dsa_sign.o: ../../include/openssl/opensslconf.h +dsa_sign.o: ../../include/openssl/err.h ../../include/openssl/fips.h +dsa_sign.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h dsa_sign.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h dsa_sign.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h dsa_sign.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h dsa_sign.o: ../cryptlib.h dsa_sign.c +dsa_utl.o: ../../e_os.h ../../include/openssl/asn1.h +dsa_utl.o: ../../include/openssl/bio.h ../../include/openssl/bn.h +dsa_utl.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h +dsa_utl.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h +dsa_utl.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h +dsa_utl.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h +dsa_utl.o: ../../include/openssl/engine.h ../../include/openssl/err.h +dsa_utl.o: ../../include/openssl/evp.h ../../include/openssl/fips.h +dsa_utl.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +dsa_utl.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +dsa_utl.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +dsa_utl.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +dsa_utl.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +dsa_utl.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +dsa_utl.o: ../../include/openssl/x509_vfy.h ../cryptlib.h dsa_utl.c dsa_vrf.o: ../../e_os.h ../../include/openssl/asn1.h dsa_vrf.o: ../../include/openssl/asn1_mac.h ../../include/openssl/bio.h dsa_vrf.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h dsa_vrf.o: ../../include/openssl/crypto.h ../../include/openssl/dsa.h dsa_vrf.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -dsa_vrf.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h -dsa_vrf.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -dsa_vrf.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h -dsa_vrf.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -dsa_vrf.o: ../cryptlib.h dsa_vrf.c +dsa_vrf.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h +dsa_vrf.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +dsa_vrf.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h +dsa_vrf.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h +dsa_vrf.o: ../../include/openssl/symhacks.h ../cryptlib.h dsa_vrf.c diff --git a/lib/libssl/src/crypto/dsa/dsa.h b/lib/libssl/src/crypto/dsa/dsa.h index 3a8fe5b56bb..702c50d6dc8 100644 --- a/lib/libssl/src/crypto/dsa/dsa.h +++ b/lib/libssl/src/crypto/dsa/dsa.h @@ -88,6 +88,8 @@ # define OPENSSL_DSA_MAX_MODULUS_BITS 10000 #endif +#define OPENSSL_DSA_FIPS_MIN_MODULUS_BITS 1024 + #define DSA_FLAG_CACHE_MONT_P 0x01 #define DSA_FLAG_NO_EXP_CONSTTIME 0x02 /* new with 0.9.7h; the built-in DSA * implementation now uses constant time @@ -97,6 +99,25 @@ * be used for all exponents. */ +/* If this flag is set the DSA method is FIPS compliant and can be used + * in FIPS mode. This is set in the validated module method. If an + * application sets this flag in its own methods it is its reposibility + * to ensure the result is compliant. + */ + +#define DSA_FLAG_FIPS_METHOD 0x0400 + +/* If this flag is set the operations normally disabled in FIPS mode are + * permitted it is then the applications responsibility to ensure that the + * usage is compliant. + */ + +#define DSA_FLAG_NON_FIPS_ALLOW 0x0400 + +#ifdef OPENSSL_FIPS +#define FIPS_DSA_SIZE_T int +#endif + #ifdef __cplusplus extern "C" { #endif @@ -189,6 +210,11 @@ void DSA_set_default_method(const DSA_METHOD *); const DSA_METHOD *DSA_get_default_method(void); int DSA_set_method(DSA *dsa, const DSA_METHOD *); +#ifdef OPENSSL_FIPS +DSA * FIPS_dsa_new(void); +void FIPS_dsa_free (DSA *r); +#endif + DSA * DSA_new(void); DSA * DSA_new_method(ENGINE *engine); void DSA_free (DSA *r); @@ -249,6 +275,11 @@ int DSA_print_fp(FILE *bp, const DSA *x, int off); DH *DSA_dup_DH(const DSA *r); #endif +#ifdef OPENSSL_FIPS +int FIPS_dsa_sig_encode(unsigned char *out, DSA_SIG *sig); +int FIPS_dsa_sig_decode(DSA_SIG *sig, const unsigned char *in, int inlen); +#endif + /* BEGIN ERROR CODES */ /* The following lines are auto generated by the script mkerr.pl. Any changes * made after this point may be overwritten when the script is next run. @@ -261,11 +292,16 @@ void ERR_load_DSA_strings(void); #define DSA_F_D2I_DSA_SIG 110 #define DSA_F_DSAPARAMS_PRINT 100 #define DSA_F_DSAPARAMS_PRINT_FP 101 +#define DSA_F_DSA_BUILTIN_KEYGEN 119 +#define DSA_F_DSA_BUILTIN_PARAMGEN 118 #define DSA_F_DSA_DO_SIGN 112 #define DSA_F_DSA_DO_VERIFY 113 +#define DSA_F_DSA_GENERATE_PARAMETERS 117 #define DSA_F_DSA_NEW_METHOD 103 #define DSA_F_DSA_PRINT 104 #define DSA_F_DSA_PRINT_FP 105 +#define DSA_F_DSA_SET_DEFAULT_METHOD 115 +#define DSA_F_DSA_SET_METHOD 116 #define DSA_F_DSA_SIGN 106 #define DSA_F_DSA_SIGN_SETUP 107 #define DSA_F_DSA_SIG_NEW 109 @@ -276,8 +312,11 @@ void ERR_load_DSA_strings(void); /* Reason codes. */ #define DSA_R_BAD_Q_VALUE 102 #define DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE 100 +#define DSA_R_KEY_SIZE_TOO_SMALL 106 #define DSA_R_MISSING_PARAMETERS 101 #define DSA_R_MODULUS_TOO_LARGE 103 +#define DSA_R_NON_FIPS_METHOD 104 +#define DSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE 105 #ifdef __cplusplus } diff --git a/lib/libssl/src/crypto/dsa/dsa_asn1.c b/lib/libssl/src/crypto/dsa/dsa_asn1.c index 23fce555aa4..0645facb4bf 100644 --- a/lib/libssl/src/crypto/dsa/dsa_asn1.c +++ b/lib/libssl/src/crypto/dsa/dsa_asn1.c @@ -1,5 +1,5 @@ /* dsa_asn1.c */ -/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2000. */ /* ==================================================================== @@ -61,6 +61,11 @@ #include <openssl/dsa.h> #include <openssl/asn1.h> #include <openssl/asn1t.h> +#include <openssl/bn.h> +#ifdef OPENSSL_FIPS +#include <openssl/fips.h> +#endif + /* Override the default new methods */ static int sig_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it) @@ -83,7 +88,7 @@ ASN1_SEQUENCE_cb(DSA_SIG, sig_cb) = { ASN1_SIMPLE(DSA_SIG, s, CBIGNUM) } ASN1_SEQUENCE_END_cb(DSA_SIG, DSA_SIG) -IMPLEMENT_ASN1_FUNCTIONS_const(DSA_SIG) +IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(DSA_SIG,DSA_SIG,DSA_SIG) /* Override the default free and new methods */ static int dsa_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it) @@ -138,3 +143,76 @@ ASN1_CHOICE_cb(DSAPublicKey, dsa_cb) = { } ASN1_CHOICE_END_cb(DSA, DSAPublicKey, write_params) IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(DSA, DSAPublicKey, DSAPublicKey) + +int DSA_sign(int type, const unsigned char *dgst, int dlen, unsigned char *sig, + unsigned int *siglen, DSA *dsa) + { + DSA_SIG *s; +#ifdef OPENSSL_FIPS + if(FIPS_mode() && !(dsa->flags & DSA_FLAG_NON_FIPS_ALLOW)) + { + DSAerr(DSA_F_DSA_SIGN, DSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE); + return 0; + } +#endif + s=DSA_do_sign(dgst,dlen,dsa); + if (s == NULL) + { + *siglen=0; + return(0); + } + *siglen=i2d_DSA_SIG(s,&sig); + DSA_SIG_free(s); + return(1); + } + +int DSA_size(const DSA *r) + { + int ret,i; + ASN1_INTEGER bs; + unsigned char buf[4]; /* 4 bytes looks really small. + However, i2d_ASN1_INTEGER() will not look + beyond the first byte, as long as the second + parameter is NULL. */ + + i=BN_num_bits(r->q); + bs.length=(i+7)/8; + bs.data=buf; + bs.type=V_ASN1_INTEGER; + /* If the top bit is set the asn1 encoding is 1 larger. */ + buf[0]=0xff; + + i=i2d_ASN1_INTEGER(&bs,NULL); + i+=i; /* r and s */ + ret=ASN1_object_size(1,i,V_ASN1_SEQUENCE); + return(ret); + } + +/* data has already been hashed (probably with SHA or SHA-1). */ +/* returns + * 1: correct signature + * 0: incorrect signature + * -1: error + */ +int DSA_verify(int type, const unsigned char *dgst, int dgst_len, + const unsigned char *sigbuf, int siglen, DSA *dsa) + { + DSA_SIG *s; + int ret=-1; +#ifdef OPENSSL_FIPS + if(FIPS_mode() && !(dsa->flags & DSA_FLAG_NON_FIPS_ALLOW)) + { + DSAerr(DSA_F_DSA_VERIFY, DSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE); + return 0; + } +#endif + + s = DSA_SIG_new(); + if (s == NULL) return(ret); + if (d2i_DSA_SIG(&s,&sigbuf,siglen) == NULL) goto err; + ret=DSA_do_verify(dgst,dgst_len,s,dsa); +err: + DSA_SIG_free(s); + return(ret); + } + diff --git a/lib/libssl/src/crypto/dsa/dsa_err.c b/lib/libssl/src/crypto/dsa/dsa_err.c index 768711994b9..872839af944 100644 --- a/lib/libssl/src/crypto/dsa/dsa_err.c +++ b/lib/libssl/src/crypto/dsa/dsa_err.c @@ -1,6 +1,6 @@ /* crypto/dsa/dsa_err.c */ /* ==================================================================== - * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved. + * Copyright (c) 1999-2007 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -73,11 +73,16 @@ static ERR_STRING_DATA DSA_str_functs[]= {ERR_FUNC(DSA_F_D2I_DSA_SIG), "d2i_DSA_SIG"}, {ERR_FUNC(DSA_F_DSAPARAMS_PRINT), "DSAparams_print"}, {ERR_FUNC(DSA_F_DSAPARAMS_PRINT_FP), "DSAparams_print_fp"}, +{ERR_FUNC(DSA_F_DSA_BUILTIN_KEYGEN), "DSA_BUILTIN_KEYGEN"}, +{ERR_FUNC(DSA_F_DSA_BUILTIN_PARAMGEN), "DSA_BUILTIN_PARAMGEN"}, {ERR_FUNC(DSA_F_DSA_DO_SIGN), "DSA_do_sign"}, {ERR_FUNC(DSA_F_DSA_DO_VERIFY), "DSA_do_verify"}, +{ERR_FUNC(DSA_F_DSA_GENERATE_PARAMETERS), "DSA_generate_parameters"}, {ERR_FUNC(DSA_F_DSA_NEW_METHOD), "DSA_new_method"}, {ERR_FUNC(DSA_F_DSA_PRINT), "DSA_print"}, {ERR_FUNC(DSA_F_DSA_PRINT_FP), "DSA_print_fp"}, +{ERR_FUNC(DSA_F_DSA_SET_DEFAULT_METHOD), "DSA_set_default_method"}, +{ERR_FUNC(DSA_F_DSA_SET_METHOD), "DSA_set_method"}, {ERR_FUNC(DSA_F_DSA_SIGN), "DSA_sign"}, {ERR_FUNC(DSA_F_DSA_SIGN_SETUP), "DSA_sign_setup"}, {ERR_FUNC(DSA_F_DSA_SIG_NEW), "DSA_SIG_new"}, @@ -91,8 +96,11 @@ static ERR_STRING_DATA DSA_str_reasons[]= { {ERR_REASON(DSA_R_BAD_Q_VALUE) ,"bad q value"}, {ERR_REASON(DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE),"data too large for key size"}, +{ERR_REASON(DSA_R_KEY_SIZE_TOO_SMALL) ,"key size too small"}, {ERR_REASON(DSA_R_MISSING_PARAMETERS) ,"missing parameters"}, {ERR_REASON(DSA_R_MODULUS_TOO_LARGE) ,"modulus too large"}, +{ERR_REASON(DSA_R_NON_FIPS_METHOD) ,"non fips method"}, +{ERR_REASON(DSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE),"operation not allowed in fips mode"}, {0,NULL} }; diff --git a/lib/libssl/src/crypto/dsa/dsa_gen.c b/lib/libssl/src/crypto/dsa/dsa_gen.c index ca0b86a6cfc..6f1728e3cf0 100644 --- a/lib/libssl/src/crypto/dsa/dsa_gen.c +++ b/lib/libssl/src/crypto/dsa/dsa_gen.c @@ -82,6 +82,8 @@ #include <openssl/rand.h> #include <openssl/sha.h> +#ifndef OPENSSL_FIPS + static int dsa_builtin_paramgen(DSA *ret, int bits, unsigned char *seed_in, int seed_len, int *counter_ret, unsigned long *h_ret, BN_GENCB *cb); @@ -320,3 +322,4 @@ err: return ok; } #endif +#endif diff --git a/lib/libssl/src/crypto/dsa/dsa_key.c b/lib/libssl/src/crypto/dsa/dsa_key.c index c4aa86bc6dc..5e391242301 100644 --- a/lib/libssl/src/crypto/dsa/dsa_key.c +++ b/lib/libssl/src/crypto/dsa/dsa_key.c @@ -64,6 +64,8 @@ #include <openssl/dsa.h> #include <openssl/rand.h> +#ifndef OPENSSL_FIPS + static int dsa_builtin_keygen(DSA *dsa); int DSA_generate_key(DSA *dsa) @@ -126,3 +128,5 @@ err: return(ok); } #endif + +#endif diff --git a/lib/libssl/src/crypto/dsa/dsa_lib.c b/lib/libssl/src/crypto/dsa/dsa_lib.c index e9b75902dbc..7ac9dc8c892 100644 --- a/lib/libssl/src/crypto/dsa/dsa_lib.c +++ b/lib/libssl/src/crypto/dsa/dsa_lib.c @@ -76,6 +76,14 @@ static const DSA_METHOD *default_DSA_method = NULL; void DSA_set_default_method(const DSA_METHOD *meth) { +#ifdef OPENSSL_FIPS + if (FIPS_mode() && !(meth->flags & DSA_FLAG_FIPS_METHOD)) + { + DSAerr(DSA_F_DSA_SET_DEFAULT_METHOD, DSA_R_NON_FIPS_METHOD); + return; + } +#endif + default_DSA_method = meth; } @@ -96,6 +104,13 @@ int DSA_set_method(DSA *dsa, const DSA_METHOD *meth) /* NB: The caller is specifically setting a method, so it's not up to us * to deal with which ENGINE it comes from. */ const DSA_METHOD *mtmp; +#ifdef OPENSSL_FIPS + if (FIPS_mode() && !(meth->flags & DSA_FLAG_FIPS_METHOD)) + { + DSAerr(DSA_F_DSA_SET_METHOD, DSA_R_NON_FIPS_METHOD); + return 0; + } +#endif mtmp = dsa->meth; if (mtmp->finish) mtmp->finish(dsa); #ifndef OPENSSL_NO_ENGINE @@ -147,6 +162,18 @@ DSA *DSA_new_method(ENGINE *engine) } } #endif +#ifdef OPENSSL_FIPS + if (FIPS_mode() && !(ret->meth->flags & DSA_FLAG_FIPS_METHOD)) + { + DSAerr(DSA_F_DSA_NEW_METHOD, DSA_R_NON_FIPS_METHOD); +#ifndef OPENSSL_NO_ENGINE + if (ret->engine) + ENGINE_finish(ret->engine); +#endif + OPENSSL_free(ret); + return NULL; + } +#endif ret->pad=0; ret->version=0; @@ -233,28 +260,6 @@ int DSA_up_ref(DSA *r) return ((i > 1) ? 1 : 0); } -int DSA_size(const DSA *r) - { - int ret,i; - ASN1_INTEGER bs; - unsigned char buf[4]; /* 4 bytes looks really small. - However, i2d_ASN1_INTEGER() will not look - beyond the first byte, as long as the second - parameter is NULL. */ - - i=BN_num_bits(r->q); - bs.length=(i+7)/8; - bs.data=buf; - bs.type=V_ASN1_INTEGER; - /* If the top bit is set the asn1 encoding is 1 larger. */ - buf[0]=0xff; - - i=i2d_ASN1_INTEGER(&bs,NULL); - i+=i; /* r and s */ - ret=ASN1_object_size(1,i,V_ASN1_SEQUENCE); - return(ret); - } - int DSA_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func) { diff --git a/lib/libssl/src/crypto/dsa/dsa_ossl.c b/lib/libssl/src/crypto/dsa/dsa_ossl.c index 75ff7cc4afa..412cf1d88b6 100644 --- a/lib/libssl/src/crypto/dsa/dsa_ossl.c +++ b/lib/libssl/src/crypto/dsa/dsa_ossl.c @@ -65,6 +65,8 @@ #include <openssl/rand.h> #include <openssl/asn1.h> +#ifndef OPENSSL_FIPS + static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa); static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp); static int dsa_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig, @@ -391,3 +393,4 @@ static int dsa_finish(DSA *dsa) return(1); } +#endif diff --git a/lib/libssl/src/crypto/dsa/dsa_sign.c b/lib/libssl/src/crypto/dsa/dsa_sign.c index 89205026f01..4cfbbe57a80 100644 --- a/lib/libssl/src/crypto/dsa/dsa_sign.c +++ b/lib/libssl/src/crypto/dsa/dsa_sign.c @@ -64,29 +64,32 @@ #include <openssl/dsa.h> #include <openssl/rand.h> #include <openssl/asn1.h> +#ifdef OPENSSL_FIPS +#include <openssl/fips.h> +#endif -DSA_SIG * DSA_do_sign(const unsigned char *dgst, int dlen, DSA *dsa) - { - return dsa->meth->dsa_do_sign(dgst, dlen, dsa); - } -int DSA_sign(int type, const unsigned char *dgst, int dlen, unsigned char *sig, - unsigned int *siglen, DSA *dsa) +DSA_SIG * DSA_do_sign(const unsigned char *dgst, int dlen, DSA *dsa) { - DSA_SIG *s; - s=DSA_do_sign(dgst,dlen,dsa); - if (s == NULL) +#ifdef OPENSSL_FIPS + if(FIPS_mode() && !(dsa->flags & DSA_FLAG_NON_FIPS_ALLOW)) { - *siglen=0; - return(0); + DSAerr(DSA_F_DSA_DO_SIGN, DSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE); + return NULL; } - *siglen=i2d_DSA_SIG(s,&sig); - DSA_SIG_free(s); - return(1); +#endif + return dsa->meth->dsa_do_sign(dgst, dlen, dsa); } int DSA_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp) { +#ifdef OPENSSL_FIPS + if(FIPS_mode() && !(dsa->flags & DSA_FLAG_NON_FIPS_ALLOW)) + { + DSAerr(DSA_F_DSA_SIGN_SETUP, DSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE); + return 0; + } +#endif return dsa->meth->dsa_sign_setup(dsa, ctx_in, kinvp, rp); } diff --git a/lib/libssl/src/crypto/dsa/dsa_vrf.c b/lib/libssl/src/crypto/dsa/dsa_vrf.c index c4aeddd0560..c75e423048a 100644 --- a/lib/libssl/src/crypto/dsa/dsa_vrf.c +++ b/lib/libssl/src/crypto/dsa/dsa_vrf.c @@ -64,31 +64,21 @@ #include <openssl/dsa.h> #include <openssl/rand.h> #include <openssl/asn1.h> +#ifdef OPENSSL_FIPS +#include <openssl/fips.h> +#endif + #include <openssl/asn1_mac.h> int DSA_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig, DSA *dsa) { +#ifdef OPENSSL_FIPS + if(FIPS_mode() && !(dsa->flags & DSA_FLAG_NON_FIPS_ALLOW)) + { + DSAerr(DSA_F_DSA_DO_VERIFY, DSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE); + return 0; + } +#endif return dsa->meth->dsa_do_verify(dgst, dgst_len, sig, dsa); } - -/* data has already been hashed (probably with SHA or SHA-1). */ -/* returns - * 1: correct signature - * 0: incorrect signature - * -1: error - */ -int DSA_verify(int type, const unsigned char *dgst, int dgst_len, - const unsigned char *sigbuf, int siglen, DSA *dsa) - { - DSA_SIG *s; - int ret=-1; - - s = DSA_SIG_new(); - if (s == NULL) return(ret); - if (d2i_DSA_SIG(&s,&sigbuf,siglen) == NULL) goto err; - ret=DSA_do_verify(dgst,dgst_len,s,dsa); -err: - DSA_SIG_free(s); - return(ret); - } diff --git a/lib/libssl/src/crypto/ecdh/Makefile b/lib/libssl/src/crypto/ecdh/Makefile index 65d8904ee8a..7a7b618eeb8 100644 --- a/lib/libssl/src/crypto/ecdh/Makefile +++ b/lib/libssl/src/crypto/ecdh/Makefile @@ -34,7 +34,7 @@ top: all: lib lib: $(LIBOBJ) - $(AR) $(LIB) $(LIBOBJ) + $(ARX) $(LIB) $(LIBOBJ) $(RANLIB) $(LIB) || echo Never mind. @touch lib @@ -88,26 +88,27 @@ ech_key.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h ech_key.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h ech_key.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h ech_key.o: ../../include/openssl/engine.h ../../include/openssl/evp.h -ech_key.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -ech_key.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -ech_key.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -ech_key.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h -ech_key.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -ech_key.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -ech_key.o: ../../include/openssl/x509_vfy.h ech_key.c ech_locl.h +ech_key.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h +ech_key.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +ech_key.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +ech_key.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h +ech_key.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +ech_key.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +ech_key.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +ech_key.o: ech_key.c ech_locl.h ech_lib.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h ech_lib.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h ech_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h ech_lib.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h ech_lib.o: ../../include/openssl/engine.h ../../include/openssl/err.h -ech_lib.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h -ech_lib.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -ech_lib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -ech_lib.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h -ech_lib.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -ech_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -ech_lib.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -ech_lib.o: ech_lib.c ech_locl.h +ech_lib.o: ../../include/openssl/evp.h ../../include/openssl/fips.h +ech_lib.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +ech_lib.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +ech_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +ech_lib.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +ech_lib.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +ech_lib.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +ech_lib.o: ../../include/openssl/x509_vfy.h ech_lib.c ech_locl.h ech_ossl.o: ../../e_os.h ../../include/openssl/asn1.h ech_ossl.o: ../../include/openssl/bio.h ../../include/openssl/bn.h ech_ossl.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h diff --git a/lib/libssl/src/crypto/ecdsa/Makefile b/lib/libssl/src/crypto/ecdsa/Makefile index 9b48d5641f0..4865f3c8d60 100644 --- a/lib/libssl/src/crypto/ecdsa/Makefile +++ b/lib/libssl/src/crypto/ecdsa/Makefile @@ -34,7 +34,7 @@ top: all: lib lib: $(LIBOBJ) - $(AR) $(LIB) $(LIBOBJ) + $(ARX) $(LIB) $(LIBOBJ) $(RANLIB) $(LIB) || echo Never mind. @touch lib @@ -97,13 +97,14 @@ ecs_lib.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h ecs_lib.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h ecs_lib.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h ecs_lib.o: ../../include/openssl/err.h ../../include/openssl/evp.h -ecs_lib.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -ecs_lib.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -ecs_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -ecs_lib.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h -ecs_lib.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -ecs_lib.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -ecs_lib.o: ../../include/openssl/x509_vfy.h ecs_lib.c ecs_locl.h +ecs_lib.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h +ecs_lib.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +ecs_lib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +ecs_lib.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h +ecs_lib.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +ecs_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +ecs_lib.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +ecs_lib.o: ecs_lib.c ecs_locl.h ecs_ossl.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h ecs_ossl.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h ecs_ossl.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h @@ -118,8 +119,9 @@ ecs_sign.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h ecs_sign.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h ecs_sign.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h ecs_sign.o: ../../include/openssl/engine.h ../../include/openssl/evp.h -ecs_sign.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -ecs_sign.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +ecs_sign.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h +ecs_sign.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +ecs_sign.o: ../../include/openssl/opensslconf.h ecs_sign.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h ecs_sign.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h ecs_sign.o: ../../include/openssl/sha.h ../../include/openssl/stack.h @@ -130,10 +132,11 @@ ecs_vrf.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h ecs_vrf.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h ecs_vrf.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h ecs_vrf.o: ../../include/openssl/engine.h ../../include/openssl/evp.h -ecs_vrf.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -ecs_vrf.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -ecs_vrf.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -ecs_vrf.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h -ecs_vrf.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -ecs_vrf.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -ecs_vrf.o: ../../include/openssl/x509_vfy.h ecs_locl.h ecs_vrf.c +ecs_vrf.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h +ecs_vrf.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +ecs_vrf.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +ecs_vrf.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h +ecs_vrf.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +ecs_vrf.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +ecs_vrf.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +ecs_vrf.o: ecs_locl.h ecs_vrf.c diff --git a/lib/libssl/src/crypto/engine/Makefile b/lib/libssl/src/crypto/engine/Makefile index 47cc619b8ab..0cc37220896 100644 --- a/lib/libssl/src/crypto/engine/Makefile +++ b/lib/libssl/src/crypto/engine/Makefile @@ -41,7 +41,7 @@ top: all: lib lib: $(LIBOBJ) - $(AR) $(LIB) $(LIBOBJ) + $(ARX) $(LIB) $(LIBOBJ) $(RANLIB) $(LIB) || echo Never mind. @touch lib @@ -88,34 +88,35 @@ eng_all.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h eng_all.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h eng_all.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h eng_all.o: ../../include/openssl/err.h ../../include/openssl/evp.h -eng_all.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -eng_all.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -eng_all.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -eng_all.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h -eng_all.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -eng_all.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -eng_all.o: ../../include/openssl/x509_vfy.h ../cryptlib.h eng_all.c eng_int.h +eng_all.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h +eng_all.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +eng_all.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +eng_all.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h +eng_all.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +eng_all.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +eng_all.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +eng_all.o: ../cryptlib.h eng_all.c eng_int.h eng_cnf.o: ../../e_os.h ../../include/openssl/asn1.h eng_cnf.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h eng_cnf.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h eng_cnf.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h eng_cnf.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h eng_cnf.o: ../../include/openssl/engine.h ../../include/openssl/err.h -eng_cnf.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h -eng_cnf.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -eng_cnf.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -eng_cnf.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h -eng_cnf.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -eng_cnf.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -eng_cnf.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -eng_cnf.o: ../cryptlib.h eng_cnf.c eng_int.h +eng_cnf.o: ../../include/openssl/evp.h ../../include/openssl/fips.h +eng_cnf.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +eng_cnf.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +eng_cnf.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +eng_cnf.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +eng_cnf.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +eng_cnf.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +eng_cnf.o: ../../include/openssl/x509_vfy.h ../cryptlib.h eng_cnf.c eng_int.h eng_cryptodev.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h eng_cryptodev.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h eng_cryptodev.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h eng_cryptodev.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h eng_cryptodev.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h -eng_cryptodev.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h -eng_cryptodev.o: ../../include/openssl/obj_mac.h +eng_cryptodev.o: ../../include/openssl/evp.h ../../include/openssl/fips.h +eng_cryptodev.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h eng_cryptodev.o: ../../include/openssl/objects.h eng_cryptodev.o: ../../include/openssl/opensslconf.h eng_cryptodev.o: ../../include/openssl/opensslv.h @@ -130,8 +131,9 @@ eng_ctrl.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h eng_ctrl.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h eng_ctrl.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h eng_ctrl.o: ../../include/openssl/err.h ../../include/openssl/evp.h -eng_ctrl.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -eng_ctrl.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +eng_ctrl.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h +eng_ctrl.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +eng_ctrl.o: ../../include/openssl/opensslconf.h eng_ctrl.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h eng_ctrl.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h eng_ctrl.o: ../../include/openssl/sha.h ../../include/openssl/stack.h @@ -143,49 +145,50 @@ eng_dyn.o: ../../include/openssl/crypto.h ../../include/openssl/dso.h eng_dyn.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h eng_dyn.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h eng_dyn.o: ../../include/openssl/engine.h ../../include/openssl/err.h -eng_dyn.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h -eng_dyn.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -eng_dyn.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -eng_dyn.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h -eng_dyn.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -eng_dyn.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -eng_dyn.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -eng_dyn.o: ../cryptlib.h eng_dyn.c eng_int.h +eng_dyn.o: ../../include/openssl/evp.h ../../include/openssl/fips.h +eng_dyn.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +eng_dyn.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +eng_dyn.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +eng_dyn.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +eng_dyn.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +eng_dyn.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +eng_dyn.o: ../../include/openssl/x509_vfy.h ../cryptlib.h eng_dyn.c eng_int.h eng_err.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h eng_err.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h eng_err.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h eng_err.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h eng_err.o: ../../include/openssl/engine.h ../../include/openssl/err.h -eng_err.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h -eng_err.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -eng_err.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -eng_err.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h -eng_err.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -eng_err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -eng_err.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -eng_err.o: eng_err.c +eng_err.o: ../../include/openssl/evp.h ../../include/openssl/fips.h +eng_err.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +eng_err.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +eng_err.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +eng_err.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +eng_err.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +eng_err.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +eng_err.o: ../../include/openssl/x509_vfy.h eng_err.c eng_fat.o: ../../e_os.h ../../include/openssl/asn1.h eng_fat.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h eng_fat.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h eng_fat.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h eng_fat.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h eng_fat.o: ../../include/openssl/engine.h ../../include/openssl/err.h -eng_fat.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h -eng_fat.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -eng_fat.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -eng_fat.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h -eng_fat.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -eng_fat.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -eng_fat.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -eng_fat.o: ../cryptlib.h eng_fat.c eng_int.h +eng_fat.o: ../../include/openssl/evp.h ../../include/openssl/fips.h +eng_fat.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +eng_fat.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +eng_fat.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +eng_fat.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +eng_fat.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +eng_fat.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +eng_fat.o: ../../include/openssl/x509_vfy.h ../cryptlib.h eng_fat.c eng_int.h eng_init.o: ../../e_os.h ../../include/openssl/asn1.h eng_init.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h eng_init.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h eng_init.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h eng_init.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h eng_init.o: ../../include/openssl/err.h ../../include/openssl/evp.h -eng_init.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -eng_init.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +eng_init.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h +eng_init.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +eng_init.o: ../../include/openssl/opensslconf.h eng_init.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h eng_init.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h eng_init.o: ../../include/openssl/sha.h ../../include/openssl/stack.h @@ -197,22 +200,23 @@ eng_lib.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h eng_lib.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h eng_lib.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h eng_lib.o: ../../include/openssl/err.h ../../include/openssl/evp.h -eng_lib.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -eng_lib.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -eng_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -eng_lib.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h -eng_lib.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -eng_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -eng_lib.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -eng_lib.o: ../cryptlib.h eng_int.h eng_lib.c +eng_lib.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h +eng_lib.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +eng_lib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +eng_lib.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h +eng_lib.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h +eng_lib.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +eng_lib.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +eng_lib.o: ../../include/openssl/x509_vfy.h ../cryptlib.h eng_int.h eng_lib.c eng_list.o: ../../e_os.h ../../include/openssl/asn1.h eng_list.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h eng_list.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h eng_list.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h eng_list.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h eng_list.o: ../../include/openssl/err.h ../../include/openssl/evp.h -eng_list.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -eng_list.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +eng_list.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h +eng_list.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +eng_list.o: ../../include/openssl/opensslconf.h eng_list.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h eng_list.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h eng_list.o: ../../include/openssl/sha.h ../../include/openssl/stack.h @@ -225,8 +229,9 @@ eng_openssl.o: ../../include/openssl/dsa.h ../../include/openssl/dso.h eng_openssl.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h eng_openssl.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h eng_openssl.o: ../../include/openssl/engine.h ../../include/openssl/err.h -eng_openssl.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h -eng_openssl.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +eng_openssl.o: ../../include/openssl/evp.h ../../include/openssl/fips.h +eng_openssl.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +eng_openssl.o: ../../include/openssl/objects.h eng_openssl.o: ../../include/openssl/opensslconf.h eng_openssl.o: ../../include/openssl/opensslv.h eng_openssl.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pem.h @@ -242,8 +247,9 @@ eng_padlock.o: ../../include/openssl/crypto.h ../../include/openssl/dso.h eng_padlock.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h eng_padlock.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h eng_padlock.o: ../../include/openssl/engine.h ../../include/openssl/err.h -eng_padlock.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h -eng_padlock.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +eng_padlock.o: ../../include/openssl/evp.h ../../include/openssl/fips.h +eng_padlock.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +eng_padlock.o: ../../include/openssl/objects.h eng_padlock.o: ../../include/openssl/opensslconf.h eng_padlock.o: ../../include/openssl/opensslv.h eng_padlock.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h @@ -257,8 +263,9 @@ eng_pkey.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h eng_pkey.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h eng_pkey.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h eng_pkey.o: ../../include/openssl/err.h ../../include/openssl/evp.h -eng_pkey.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -eng_pkey.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +eng_pkey.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h +eng_pkey.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +eng_pkey.o: ../../include/openssl/opensslconf.h eng_pkey.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h eng_pkey.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h eng_pkey.o: ../../include/openssl/sha.h ../../include/openssl/stack.h @@ -270,8 +277,8 @@ eng_table.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h eng_table.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h eng_table.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h eng_table.o: ../../include/openssl/err.h ../../include/openssl/evp.h -eng_table.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -eng_table.o: ../../include/openssl/objects.h +eng_table.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h +eng_table.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h eng_table.o: ../../include/openssl/opensslconf.h eng_table.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h eng_table.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h @@ -285,8 +292,8 @@ tb_cipher.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h tb_cipher.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h tb_cipher.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h tb_cipher.o: ../../include/openssl/err.h ../../include/openssl/evp.h -tb_cipher.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -tb_cipher.o: ../../include/openssl/objects.h +tb_cipher.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h +tb_cipher.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h tb_cipher.o: ../../include/openssl/opensslconf.h tb_cipher.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h tb_cipher.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h @@ -299,22 +306,22 @@ tb_dh.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h tb_dh.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h tb_dh.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h tb_dh.o: ../../include/openssl/engine.h ../../include/openssl/err.h -tb_dh.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h -tb_dh.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -tb_dh.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -tb_dh.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h -tb_dh.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -tb_dh.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -tb_dh.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -tb_dh.o: ../cryptlib.h eng_int.h tb_dh.c +tb_dh.o: ../../include/openssl/evp.h ../../include/openssl/fips.h +tb_dh.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +tb_dh.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +tb_dh.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +tb_dh.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +tb_dh.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +tb_dh.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +tb_dh.o: ../../include/openssl/x509_vfy.h ../cryptlib.h eng_int.h tb_dh.c tb_digest.o: ../../e_os.h ../../include/openssl/asn1.h tb_digest.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h tb_digest.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h tb_digest.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h tb_digest.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h tb_digest.o: ../../include/openssl/err.h ../../include/openssl/evp.h -tb_digest.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -tb_digest.o: ../../include/openssl/objects.h +tb_digest.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h +tb_digest.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h tb_digest.o: ../../include/openssl/opensslconf.h tb_digest.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h tb_digest.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h @@ -327,35 +334,37 @@ tb_dsa.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h tb_dsa.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h tb_dsa.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h tb_dsa.o: ../../include/openssl/engine.h ../../include/openssl/err.h -tb_dsa.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h -tb_dsa.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -tb_dsa.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -tb_dsa.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h -tb_dsa.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -tb_dsa.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -tb_dsa.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -tb_dsa.o: ../cryptlib.h eng_int.h tb_dsa.c +tb_dsa.o: ../../include/openssl/evp.h ../../include/openssl/fips.h +tb_dsa.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +tb_dsa.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +tb_dsa.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +tb_dsa.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +tb_dsa.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +tb_dsa.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +tb_dsa.o: ../../include/openssl/x509_vfy.h ../cryptlib.h eng_int.h tb_dsa.c tb_ecdh.o: ../../e_os.h ../../include/openssl/asn1.h tb_ecdh.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h tb_ecdh.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h tb_ecdh.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h tb_ecdh.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h tb_ecdh.o: ../../include/openssl/err.h ../../include/openssl/evp.h -tb_ecdh.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -tb_ecdh.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -tb_ecdh.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -tb_ecdh.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h -tb_ecdh.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -tb_ecdh.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -tb_ecdh.o: ../../include/openssl/x509_vfy.h ../cryptlib.h eng_int.h tb_ecdh.c +tb_ecdh.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h +tb_ecdh.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +tb_ecdh.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +tb_ecdh.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h +tb_ecdh.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +tb_ecdh.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +tb_ecdh.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +tb_ecdh.o: ../cryptlib.h eng_int.h tb_ecdh.c tb_ecdsa.o: ../../e_os.h ../../include/openssl/asn1.h tb_ecdsa.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h tb_ecdsa.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h tb_ecdsa.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h tb_ecdsa.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h tb_ecdsa.o: ../../include/openssl/err.h ../../include/openssl/evp.h -tb_ecdsa.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -tb_ecdsa.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +tb_ecdsa.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h +tb_ecdsa.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +tb_ecdsa.o: ../../include/openssl/opensslconf.h tb_ecdsa.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h tb_ecdsa.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h tb_ecdsa.o: ../../include/openssl/sha.h ../../include/openssl/stack.h @@ -367,34 +376,36 @@ tb_rand.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h tb_rand.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h tb_rand.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h tb_rand.o: ../../include/openssl/err.h ../../include/openssl/evp.h -tb_rand.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -tb_rand.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -tb_rand.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -tb_rand.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h -tb_rand.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -tb_rand.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -tb_rand.o: ../../include/openssl/x509_vfy.h ../cryptlib.h eng_int.h tb_rand.c +tb_rand.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h +tb_rand.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +tb_rand.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +tb_rand.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h +tb_rand.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +tb_rand.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +tb_rand.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +tb_rand.o: ../cryptlib.h eng_int.h tb_rand.c tb_rsa.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h tb_rsa.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h tb_rsa.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h tb_rsa.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h tb_rsa.o: ../../include/openssl/engine.h ../../include/openssl/err.h -tb_rsa.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h -tb_rsa.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -tb_rsa.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -tb_rsa.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h -tb_rsa.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -tb_rsa.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -tb_rsa.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -tb_rsa.o: ../cryptlib.h eng_int.h tb_rsa.c +tb_rsa.o: ../../include/openssl/evp.h ../../include/openssl/fips.h +tb_rsa.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +tb_rsa.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +tb_rsa.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +tb_rsa.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +tb_rsa.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +tb_rsa.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +tb_rsa.o: ../../include/openssl/x509_vfy.h ../cryptlib.h eng_int.h tb_rsa.c tb_store.o: ../../e_os.h ../../include/openssl/asn1.h tb_store.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h tb_store.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h tb_store.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h tb_store.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h tb_store.o: ../../include/openssl/err.h ../../include/openssl/evp.h -tb_store.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -tb_store.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +tb_store.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h +tb_store.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +tb_store.o: ../../include/openssl/opensslconf.h tb_store.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h tb_store.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h tb_store.o: ../../include/openssl/sha.h ../../include/openssl/stack.h diff --git a/lib/libssl/src/crypto/engine/eng_cnf.c b/lib/libssl/src/crypto/engine/eng_cnf.c index 8417ddaaef8..08066cea592 100644 --- a/lib/libssl/src/crypto/engine/eng_cnf.c +++ b/lib/libssl/src/crypto/engine/eng_cnf.c @@ -1,5 +1,5 @@ /* eng_cnf.c */ -/* Written by Stephen Henson (shenson@bigfoot.com) for the OpenSSL +/* Written by Stephen Henson (steve@openssl.org) for the OpenSSL * project 2001. */ /* ==================================================================== @@ -98,7 +98,7 @@ static int int_engine_configure(char *name, char *value, const CONF *cnf) CONF_VALUE *ecmd; char *ctrlname, *ctrlvalue; ENGINE *e = NULL; - int soft = 0; + int soft = 0; name = skip_dot(name); #ifdef ENGINE_CONF_DEBUG @@ -127,8 +127,8 @@ static int int_engine_configure(char *name, char *value, const CONF *cnf) /* Override engine name to use */ if (!strcmp(ctrlname, "engine_id")) name = ctrlvalue; - else if (!strcmp(ctrlname, "soft_load")) - soft = 1; + else if (!strcmp(ctrlname, "soft_load")) + soft = 1; /* Load a dynamic ENGINE */ else if (!strcmp(ctrlname, "dynamic_path")) { @@ -151,11 +151,11 @@ static int int_engine_configure(char *name, char *value, const CONF *cnf) if (!e) { e = ENGINE_by_id(name); - if (!e && soft) - { - ERR_clear_error(); - return 1; - } + if (!e && soft) + { + ERR_clear_error(); + return 1; + } if (!e) return 0; } diff --git a/lib/libssl/src/crypto/engine/enginetest.c b/lib/libssl/src/crypto/engine/enginetest.c index cf82f490dbb..e3834611dbd 100644 --- a/lib/libssl/src/crypto/engine/enginetest.c +++ b/lib/libssl/src/crypto/engine/enginetest.c @@ -58,6 +58,7 @@ #include <stdio.h> #include <string.h> +#include <openssl/e_os2.h> #ifdef OPENSSL_NO_ENGINE int main(int argc, char *argv[]) @@ -66,7 +67,6 @@ int main(int argc, char *argv[]) return(0); } #else -#include <openssl/e_os2.h> #include <openssl/buffer.h> #include <openssl/crypto.h> #include <openssl/engine.h> diff --git a/lib/libssl/src/crypto/err/err.c b/lib/libssl/src/crypto/err/err.c index 7952e70ab0e..292404a2fb9 100644 --- a/lib/libssl/src/crypto/err/err.c +++ b/lib/libssl/src/crypto/err/err.c @@ -119,480 +119,9 @@ #include <openssl/bio.h> #include <openssl/err.h> -static void err_load_strings(int lib, ERR_STRING_DATA *str); - -static void ERR_STATE_free(ERR_STATE *s); -#ifndef OPENSSL_NO_ERR -static ERR_STRING_DATA ERR_str_libraries[]= - { -{ERR_PACK(ERR_LIB_NONE,0,0) ,"unknown library"}, -{ERR_PACK(ERR_LIB_SYS,0,0) ,"system library"}, -{ERR_PACK(ERR_LIB_BN,0,0) ,"bignum routines"}, -{ERR_PACK(ERR_LIB_RSA,0,0) ,"rsa routines"}, -{ERR_PACK(ERR_LIB_DH,0,0) ,"Diffie-Hellman routines"}, -{ERR_PACK(ERR_LIB_EVP,0,0) ,"digital envelope routines"}, -{ERR_PACK(ERR_LIB_BUF,0,0) ,"memory buffer routines"}, -{ERR_PACK(ERR_LIB_OBJ,0,0) ,"object identifier routines"}, -{ERR_PACK(ERR_LIB_PEM,0,0) ,"PEM routines"}, -{ERR_PACK(ERR_LIB_DSA,0,0) ,"dsa routines"}, -{ERR_PACK(ERR_LIB_X509,0,0) ,"x509 certificate routines"}, -{ERR_PACK(ERR_LIB_ASN1,0,0) ,"asn1 encoding routines"}, -{ERR_PACK(ERR_LIB_CONF,0,0) ,"configuration file routines"}, -{ERR_PACK(ERR_LIB_CRYPTO,0,0) ,"common libcrypto routines"}, -{ERR_PACK(ERR_LIB_EC,0,0) ,"elliptic curve routines"}, -{ERR_PACK(ERR_LIB_SSL,0,0) ,"SSL routines"}, -{ERR_PACK(ERR_LIB_BIO,0,0) ,"BIO routines"}, -{ERR_PACK(ERR_LIB_PKCS7,0,0) ,"PKCS7 routines"}, -{ERR_PACK(ERR_LIB_X509V3,0,0) ,"X509 V3 routines"}, -{ERR_PACK(ERR_LIB_PKCS12,0,0) ,"PKCS12 routines"}, -{ERR_PACK(ERR_LIB_RAND,0,0) ,"random number generator"}, -{ERR_PACK(ERR_LIB_DSO,0,0) ,"DSO support routines"}, -{ERR_PACK(ERR_LIB_ENGINE,0,0) ,"engine routines"}, -{ERR_PACK(ERR_LIB_OCSP,0,0) ,"OCSP routines"}, -{ERR_PACK(ERR_LIB_FIPS,0,0) ,"FIPS routines"}, -{ERR_PACK(ERR_LIB_CMS,0,0) ,"CMS routines"}, -{0,NULL}, - }; - -static ERR_STRING_DATA ERR_str_functs[]= - { - {ERR_PACK(0,SYS_F_FOPEN,0), "fopen"}, - {ERR_PACK(0,SYS_F_CONNECT,0), "connect"}, - {ERR_PACK(0,SYS_F_GETSERVBYNAME,0), "getservbyname"}, - {ERR_PACK(0,SYS_F_SOCKET,0), "socket"}, - {ERR_PACK(0,SYS_F_IOCTLSOCKET,0), "ioctlsocket"}, - {ERR_PACK(0,SYS_F_BIND,0), "bind"}, - {ERR_PACK(0,SYS_F_LISTEN,0), "listen"}, - {ERR_PACK(0,SYS_F_ACCEPT,0), "accept"}, -#ifdef OPENSSL_SYS_WINDOWS - {ERR_PACK(0,SYS_F_WSASTARTUP,0), "WSAstartup"}, -#endif - {ERR_PACK(0,SYS_F_OPENDIR,0), "opendir"}, - {ERR_PACK(0,SYS_F_FREAD,0), "fread"}, - {0,NULL}, - }; - -static ERR_STRING_DATA ERR_str_reasons[]= - { -{ERR_R_SYS_LIB ,"system lib"}, -{ERR_R_BN_LIB ,"BN lib"}, -{ERR_R_RSA_LIB ,"RSA lib"}, -{ERR_R_DH_LIB ,"DH lib"}, -{ERR_R_EVP_LIB ,"EVP lib"}, -{ERR_R_BUF_LIB ,"BUF lib"}, -{ERR_R_OBJ_LIB ,"OBJ lib"}, -{ERR_R_PEM_LIB ,"PEM lib"}, -{ERR_R_DSA_LIB ,"DSA lib"}, -{ERR_R_X509_LIB ,"X509 lib"}, -{ERR_R_ASN1_LIB ,"ASN1 lib"}, -{ERR_R_CONF_LIB ,"CONF lib"}, -{ERR_R_CRYPTO_LIB ,"CRYPTO lib"}, -{ERR_R_EC_LIB ,"EC lib"}, -{ERR_R_SSL_LIB ,"SSL lib"}, -{ERR_R_BIO_LIB ,"BIO lib"}, -{ERR_R_PKCS7_LIB ,"PKCS7 lib"}, -{ERR_R_X509V3_LIB ,"X509V3 lib"}, -{ERR_R_PKCS12_LIB ,"PKCS12 lib"}, -{ERR_R_RAND_LIB ,"RAND lib"}, -{ERR_R_DSO_LIB ,"DSO lib"}, -{ERR_R_ENGINE_LIB ,"ENGINE lib"}, -{ERR_R_OCSP_LIB ,"OCSP lib"}, - -{ERR_R_NESTED_ASN1_ERROR ,"nested asn1 error"}, -{ERR_R_BAD_ASN1_OBJECT_HEADER ,"bad asn1 object header"}, -{ERR_R_BAD_GET_ASN1_OBJECT_CALL ,"bad get asn1 object call"}, -{ERR_R_EXPECTING_AN_ASN1_SEQUENCE ,"expecting an asn1 sequence"}, -{ERR_R_ASN1_LENGTH_MISMATCH ,"asn1 length mismatch"}, -{ERR_R_MISSING_ASN1_EOS ,"missing asn1 eos"}, - -{ERR_R_FATAL ,"fatal"}, -{ERR_R_MALLOC_FAILURE ,"malloc failure"}, -{ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED ,"called a function you should not call"}, -{ERR_R_PASSED_NULL_PARAMETER ,"passed a null parameter"}, -{ERR_R_INTERNAL_ERROR ,"internal error"}, -{ERR_R_DISABLED ,"called a function that was disabled at compile-time"}, - -{0,NULL}, - }; -#endif - - -/* Define the predeclared (but externally opaque) "ERR_FNS" type */ -struct st_ERR_FNS - { - /* Works on the "error_hash" string table */ - LHASH *(*cb_err_get)(int create); - void (*cb_err_del)(void); - ERR_STRING_DATA *(*cb_err_get_item)(const ERR_STRING_DATA *); - ERR_STRING_DATA *(*cb_err_set_item)(ERR_STRING_DATA *); - ERR_STRING_DATA *(*cb_err_del_item)(ERR_STRING_DATA *); - /* Works on the "thread_hash" error-state table */ - LHASH *(*cb_thread_get)(int create); - void (*cb_thread_release)(LHASH **hash); - ERR_STATE *(*cb_thread_get_item)(const ERR_STATE *); - ERR_STATE *(*cb_thread_set_item)(ERR_STATE *); - void (*cb_thread_del_item)(const ERR_STATE *); - /* Returns the next available error "library" numbers */ - int (*cb_get_next_lib)(void); - }; - -/* Predeclarations of the "err_defaults" functions */ -static LHASH *int_err_get(int create); -static void int_err_del(void); -static ERR_STRING_DATA *int_err_get_item(const ERR_STRING_DATA *); -static ERR_STRING_DATA *int_err_set_item(ERR_STRING_DATA *); -static ERR_STRING_DATA *int_err_del_item(ERR_STRING_DATA *); -static LHASH *int_thread_get(int create); -static void int_thread_release(LHASH **hash); -static ERR_STATE *int_thread_get_item(const ERR_STATE *); -static ERR_STATE *int_thread_set_item(ERR_STATE *); -static void int_thread_del_item(const ERR_STATE *); -static int int_err_get_next_lib(void); -/* The static ERR_FNS table using these defaults functions */ -static const ERR_FNS err_defaults = - { - int_err_get, - int_err_del, - int_err_get_item, - int_err_set_item, - int_err_del_item, - int_thread_get, - int_thread_release, - int_thread_get_item, - int_thread_set_item, - int_thread_del_item, - int_err_get_next_lib - }; - -/* The replacable table of ERR_FNS functions we use at run-time */ -static const ERR_FNS *err_fns = NULL; - -/* Eg. rather than using "err_get()", use "ERRFN(err_get)()". */ -#define ERRFN(a) err_fns->cb_##a - -/* The internal state used by "err_defaults" - as such, the setting, reading, - * creating, and deleting of this data should only be permitted via the - * "err_defaults" functions. This way, a linked module can completely defer all - * ERR state operation (together with requisite locking) to the implementations - * and state in the loading application. */ -static LHASH *int_error_hash = NULL; -static LHASH *int_thread_hash = NULL; -static int int_thread_hash_references = 0; -static int int_err_library_number= ERR_LIB_USER; - -/* Internal function that checks whether "err_fns" is set and if not, sets it to - * the defaults. */ -static void err_fns_check(void) - { - if (err_fns) return; - - CRYPTO_w_lock(CRYPTO_LOCK_ERR); - if (!err_fns) - err_fns = &err_defaults; - CRYPTO_w_unlock(CRYPTO_LOCK_ERR); - } - -/* API functions to get or set the underlying ERR functions. */ - -const ERR_FNS *ERR_get_implementation(void) - { - err_fns_check(); - return err_fns; - } - -int ERR_set_implementation(const ERR_FNS *fns) - { - int ret = 0; - - CRYPTO_w_lock(CRYPTO_LOCK_ERR); - /* It's too late if 'err_fns' is non-NULL. BTW: not much point setting - * an error is there?! */ - if (!err_fns) - { - err_fns = fns; - ret = 1; - } - CRYPTO_w_unlock(CRYPTO_LOCK_ERR); - return ret; - } - -/* These are the callbacks provided to "lh_new()" when creating the LHASH tables - * internal to the "err_defaults" implementation. */ - -/* static unsigned long err_hash(ERR_STRING_DATA *a); */ -static unsigned long err_hash(const void *a_void); -/* static int err_cmp(ERR_STRING_DATA *a, ERR_STRING_DATA *b); */ -static int err_cmp(const void *a_void, const void *b_void); -/* static unsigned long pid_hash(ERR_STATE *pid); */ -static unsigned long pid_hash(const void *pid_void); -/* static int pid_cmp(ERR_STATE *a,ERR_STATE *pid); */ -static int pid_cmp(const void *a_void,const void *pid_void); -static unsigned long get_error_values(int inc,int top,const char **file,int *line, - const char **data,int *flags); - -/* The internal functions used in the "err_defaults" implementation */ - -static LHASH *int_err_get(int create) - { - LHASH *ret = NULL; - - CRYPTO_w_lock(CRYPTO_LOCK_ERR); - if (!int_error_hash && create) - { - CRYPTO_push_info("int_err_get (err.c)"); - int_error_hash = lh_new(err_hash, err_cmp); - CRYPTO_pop_info(); - } - if (int_error_hash) - ret = int_error_hash; - CRYPTO_w_unlock(CRYPTO_LOCK_ERR); - - return ret; - } - -static void int_err_del(void) - { - CRYPTO_w_lock(CRYPTO_LOCK_ERR); - if (int_error_hash) - { - lh_free(int_error_hash); - int_error_hash = NULL; - } - CRYPTO_w_unlock(CRYPTO_LOCK_ERR); - } - -static ERR_STRING_DATA *int_err_get_item(const ERR_STRING_DATA *d) - { - ERR_STRING_DATA *p; - LHASH *hash; - - err_fns_check(); - hash = ERRFN(err_get)(0); - if (!hash) - return NULL; - - CRYPTO_r_lock(CRYPTO_LOCK_ERR); - p = (ERR_STRING_DATA *)lh_retrieve(hash, d); - CRYPTO_r_unlock(CRYPTO_LOCK_ERR); - - return p; - } - -static ERR_STRING_DATA *int_err_set_item(ERR_STRING_DATA *d) - { - ERR_STRING_DATA *p; - LHASH *hash; - - err_fns_check(); - hash = ERRFN(err_get)(1); - if (!hash) - return NULL; - - CRYPTO_w_lock(CRYPTO_LOCK_ERR); - p = (ERR_STRING_DATA *)lh_insert(hash, d); - CRYPTO_w_unlock(CRYPTO_LOCK_ERR); - - return p; - } - -static ERR_STRING_DATA *int_err_del_item(ERR_STRING_DATA *d) - { - ERR_STRING_DATA *p; - LHASH *hash; - - err_fns_check(); - hash = ERRFN(err_get)(0); - if (!hash) - return NULL; - - CRYPTO_w_lock(CRYPTO_LOCK_ERR); - p = (ERR_STRING_DATA *)lh_delete(hash, d); - CRYPTO_w_unlock(CRYPTO_LOCK_ERR); - - return p; - } - -static LHASH *int_thread_get(int create) - { - LHASH *ret = NULL; - - CRYPTO_w_lock(CRYPTO_LOCK_ERR); - if (!int_thread_hash && create) - { - CRYPTO_push_info("int_thread_get (err.c)"); - int_thread_hash = lh_new(pid_hash, pid_cmp); - CRYPTO_pop_info(); - } - if (int_thread_hash) - { - int_thread_hash_references++; - ret = int_thread_hash; - } - CRYPTO_w_unlock(CRYPTO_LOCK_ERR); - return ret; - } - -static void int_thread_release(LHASH **hash) - { - int i; - - if (hash == NULL || *hash == NULL) - return; - - i = CRYPTO_add(&int_thread_hash_references, -1, CRYPTO_LOCK_ERR); - -#ifdef REF_PRINT - fprintf(stderr,"%4d:%s\n",int_thread_hash_references,"ERR"); -#endif - if (i > 0) return; -#ifdef REF_CHECK - if (i < 0) - { - fprintf(stderr,"int_thread_release, bad reference count\n"); - abort(); /* ok */ - } -#endif - *hash = NULL; - } - -static ERR_STATE *int_thread_get_item(const ERR_STATE *d) - { - ERR_STATE *p; - LHASH *hash; - - err_fns_check(); - hash = ERRFN(thread_get)(0); - if (!hash) - return NULL; - - CRYPTO_r_lock(CRYPTO_LOCK_ERR); - p = (ERR_STATE *)lh_retrieve(hash, d); - CRYPTO_r_unlock(CRYPTO_LOCK_ERR); - - ERRFN(thread_release)(&hash); - return p; - } - -static ERR_STATE *int_thread_set_item(ERR_STATE *d) - { - ERR_STATE *p; - LHASH *hash; - - err_fns_check(); - hash = ERRFN(thread_get)(1); - if (!hash) - return NULL; - - CRYPTO_w_lock(CRYPTO_LOCK_ERR); - p = (ERR_STATE *)lh_insert(hash, d); - CRYPTO_w_unlock(CRYPTO_LOCK_ERR); - - ERRFN(thread_release)(&hash); - return p; - } - -static void int_thread_del_item(const ERR_STATE *d) - { - ERR_STATE *p; - LHASH *hash; - - err_fns_check(); - hash = ERRFN(thread_get)(0); - if (!hash) - return; - - CRYPTO_w_lock(CRYPTO_LOCK_ERR); - p = (ERR_STATE *)lh_delete(hash, d); - /* make sure we don't leak memory */ - if (int_thread_hash_references == 1 - && int_thread_hash && (lh_num_items(int_thread_hash) == 0)) - { - lh_free(int_thread_hash); - int_thread_hash = NULL; - } - CRYPTO_w_unlock(CRYPTO_LOCK_ERR); - - ERRFN(thread_release)(&hash); - if (p) - ERR_STATE_free(p); - } - -static int int_err_get_next_lib(void) - { - int ret; - - CRYPTO_w_lock(CRYPTO_LOCK_ERR); - ret = int_err_library_number++; - CRYPTO_w_unlock(CRYPTO_LOCK_ERR); - - return ret; - } - - -#ifndef OPENSSL_NO_ERR -#define NUM_SYS_STR_REASONS 127 -#define LEN_SYS_STR_REASON 32 - -static ERR_STRING_DATA SYS_str_reasons[NUM_SYS_STR_REASONS + 1]; -/* SYS_str_reasons is filled with copies of strerror() results at - * initialization. - * 'errno' values up to 127 should cover all usual errors, - * others will be displayed numerically by ERR_error_string. - * It is crucial that we have something for each reason code - * that occurs in ERR_str_reasons, or bogus reason strings - * will be returned for SYSerr(), which always gets an errno - * value and never one of those 'standard' reason codes. */ - -static void build_SYS_str_reasons(void) - { - /* OPENSSL_malloc cannot be used here, use static storage instead */ - static char strerror_tab[NUM_SYS_STR_REASONS][LEN_SYS_STR_REASON]; - int i; - static int init = 1; - - CRYPTO_r_lock(CRYPTO_LOCK_ERR); - if (!init) - { - CRYPTO_r_unlock(CRYPTO_LOCK_ERR); - return; - } - - CRYPTO_r_unlock(CRYPTO_LOCK_ERR); - CRYPTO_w_lock(CRYPTO_LOCK_ERR); - if (!init) - { - CRYPTO_w_unlock(CRYPTO_LOCK_ERR); - return; - } - - for (i = 1; i <= NUM_SYS_STR_REASONS; i++) - { - ERR_STRING_DATA *str = &SYS_str_reasons[i - 1]; - - str->error = (unsigned long)i; - if (str->string == NULL) - { - char (*dest)[LEN_SYS_STR_REASON] = &(strerror_tab[i - 1]); - char *src = strerror(i); - if (src != NULL) - { - strncpy(*dest, src, sizeof *dest); - (*dest)[sizeof *dest - 1] = '\0'; - str->string = *dest; - } - } - if (str->string == NULL) - str->string = "unknown"; - } - - /* Now we still have SYS_str_reasons[NUM_SYS_STR_REASONS] = {0, NULL}, - * as required by ERR_load_strings. */ - - init = 0; - - CRYPTO_w_unlock(CRYPTO_LOCK_ERR); - } -#endif +static unsigned long get_error_values(int inc,int top, + const char **file,int *line, + const char **data,int *flags); #define err_clear_data(p,i) \ do { \ @@ -614,68 +143,6 @@ static void build_SYS_str_reasons(void) (p)->err_line[i]= -1; \ } while(0) -static void ERR_STATE_free(ERR_STATE *s) - { - int i; - - if (s == NULL) - return; - - for (i=0; i<ERR_NUM_ERRORS; i++) - { - err_clear_data(s,i); - } - OPENSSL_free(s); - } - -void ERR_load_ERR_strings(void) - { - err_fns_check(); -#ifndef OPENSSL_NO_ERR - err_load_strings(0,ERR_str_libraries); - err_load_strings(0,ERR_str_reasons); - err_load_strings(ERR_LIB_SYS,ERR_str_functs); - build_SYS_str_reasons(); - err_load_strings(ERR_LIB_SYS,SYS_str_reasons); -#endif - } - -static void err_load_strings(int lib, ERR_STRING_DATA *str) - { - while (str->error) - { - if (lib) - str->error|=ERR_PACK(lib,0,0); - ERRFN(err_set_item)(str); - str++; - } - } - -void ERR_load_strings(int lib, ERR_STRING_DATA *str) - { - ERR_load_ERR_strings(); - err_load_strings(lib, str); - } - -void ERR_unload_strings(int lib, ERR_STRING_DATA *str) - { - while (str->error) - { - if (lib) - str->error|=ERR_PACK(lib,0,0); - ERRFN(err_del_item)(str); - str++; - } - } - -void ERR_free_strings(void) - { - err_fns_check(); - ERRFN(err_del)(); - } - -/********************************************************/ - void ERR_put_error(int lib, int func, int reason, const char *file, int line) { @@ -830,218 +297,6 @@ static unsigned long get_error_values(int inc, int top, const char **file, int * return ret; } -void ERR_error_string_n(unsigned long e, char *buf, size_t len) - { - char lsbuf[64], fsbuf[64], rsbuf[64]; - const char *ls,*fs,*rs; - unsigned long l,f,r; - - l=ERR_GET_LIB(e); - f=ERR_GET_FUNC(e); - r=ERR_GET_REASON(e); - - ls=ERR_lib_error_string(e); - fs=ERR_func_error_string(e); - rs=ERR_reason_error_string(e); - - if (ls == NULL) - BIO_snprintf(lsbuf, sizeof(lsbuf), "lib(%lu)", l); - if (fs == NULL) - BIO_snprintf(fsbuf, sizeof(fsbuf), "func(%lu)", f); - if (rs == NULL) - BIO_snprintf(rsbuf, sizeof(rsbuf), "reason(%lu)", r); - - BIO_snprintf(buf, len,"error:%08lX:%s:%s:%s", e, ls?ls:lsbuf, - fs?fs:fsbuf, rs?rs:rsbuf); - if (strlen(buf) == len-1) - { - /* output may be truncated; make sure we always have 5 - * colon-separated fields, i.e. 4 colons ... */ -#define NUM_COLONS 4 - if (len > NUM_COLONS) /* ... if possible */ - { - int i; - char *s = buf; - - for (i = 0; i < NUM_COLONS; i++) - { - char *colon = strchr(s, ':'); - if (colon == NULL || colon > &buf[len-1] - NUM_COLONS + i) - { - /* set colon no. i at last possible position - * (buf[len-1] is the terminating 0)*/ - colon = &buf[len-1] - NUM_COLONS + i; - *colon = ':'; - } - s = colon + 1; - } - } - } - } - -/* BAD for multi-threading: uses a local buffer if ret == NULL */ -/* ERR_error_string_n should be used instead for ret != NULL - * as ERR_error_string cannot know how large the buffer is */ -char *ERR_error_string(unsigned long e, char *ret) - { - static char buf[256]; - - if (ret == NULL) ret=buf; - ERR_error_string_n(e, ret, 256); - - return ret; - } - -LHASH *ERR_get_string_table(void) - { - err_fns_check(); - return ERRFN(err_get)(0); - } - -LHASH *ERR_get_err_state_table(void) - { - err_fns_check(); - return ERRFN(thread_get)(0); - } - -void ERR_release_err_state_table(LHASH **hash) - { - err_fns_check(); - ERRFN(thread_release)(hash); - } - -const char *ERR_lib_error_string(unsigned long e) - { - ERR_STRING_DATA d,*p; - unsigned long l; - - err_fns_check(); - l=ERR_GET_LIB(e); - d.error=ERR_PACK(l,0,0); - p=ERRFN(err_get_item)(&d); - return((p == NULL)?NULL:p->string); - } - -const char *ERR_func_error_string(unsigned long e) - { - ERR_STRING_DATA d,*p; - unsigned long l,f; - - err_fns_check(); - l=ERR_GET_LIB(e); - f=ERR_GET_FUNC(e); - d.error=ERR_PACK(l,f,0); - p=ERRFN(err_get_item)(&d); - return((p == NULL)?NULL:p->string); - } - -const char *ERR_reason_error_string(unsigned long e) - { - ERR_STRING_DATA d,*p=NULL; - unsigned long l,r; - - err_fns_check(); - l=ERR_GET_LIB(e); - r=ERR_GET_REASON(e); - d.error=ERR_PACK(l,0,r); - p=ERRFN(err_get_item)(&d); - if (!p) - { - d.error=ERR_PACK(0,0,r); - p=ERRFN(err_get_item)(&d); - } - return((p == NULL)?NULL:p->string); - } - -/* static unsigned long err_hash(ERR_STRING_DATA *a) */ -static unsigned long err_hash(const void *a_void) - { - unsigned long ret,l; - - l=((const ERR_STRING_DATA *)a_void)->error; - ret=l^ERR_GET_LIB(l)^ERR_GET_FUNC(l); - return(ret^ret%19*13); - } - -/* static int err_cmp(ERR_STRING_DATA *a, ERR_STRING_DATA *b) */ -static int err_cmp(const void *a_void, const void *b_void) - { - return((int)(((const ERR_STRING_DATA *)a_void)->error - - ((const ERR_STRING_DATA *)b_void)->error)); - } - -/* static unsigned long pid_hash(ERR_STATE *a) */ -static unsigned long pid_hash(const void *a_void) - { - return(((const ERR_STATE *)a_void)->pid*13); - } - -/* static int pid_cmp(ERR_STATE *a, ERR_STATE *b) */ -static int pid_cmp(const void *a_void, const void *b_void) - { - return((int)((long)((const ERR_STATE *)a_void)->pid - - (long)((const ERR_STATE *)b_void)->pid)); - } - -void ERR_remove_state(unsigned long pid) - { - ERR_STATE tmp; - - err_fns_check(); - if (pid == 0) - pid=(unsigned long)CRYPTO_thread_id(); - tmp.pid=pid; - /* thread_del_item automatically destroys the LHASH if the number of - * items reaches zero. */ - ERRFN(thread_del_item)(&tmp); - } - -ERR_STATE *ERR_get_state(void) - { - static ERR_STATE fallback; - ERR_STATE *ret,tmp,*tmpp=NULL; - int i; - unsigned long pid; - - err_fns_check(); - pid=(unsigned long)CRYPTO_thread_id(); - tmp.pid=pid; - ret=ERRFN(thread_get_item)(&tmp); - - /* ret == the error state, if NULL, make a new one */ - if (ret == NULL) - { - ret=(ERR_STATE *)OPENSSL_malloc(sizeof(ERR_STATE)); - if (ret == NULL) return(&fallback); - ret->pid=pid; - ret->top=0; - ret->bottom=0; - for (i=0; i<ERR_NUM_ERRORS; i++) - { - ret->err_data[i]=NULL; - ret->err_data_flags[i]=0; - } - tmpp = ERRFN(thread_set_item)(ret); - /* To check if insertion failed, do a get. */ - if (ERRFN(thread_get_item)(ret) != ret) - { - ERR_STATE_free(ret); /* could not insert it */ - return(&fallback); - } - /* If a race occured in this function and we came second, tmpp - * is the first one that we just replaced. */ - if (tmpp) - ERR_STATE_free(tmpp); - } - return ret; - } - -int ERR_get_next_error_library(void) - { - err_fns_check(); - return ERRFN(get_next_lib)(); - } - void ERR_set_error_data(char *data, int flags) { ERR_STATE *es; @@ -1128,3 +383,34 @@ int ERR_pop_to_mark(void) es->err_flags[es->top]&=~ERR_FLAG_MARK; return 1; } + +#ifdef OPENSSL_FIPS + +static ERR_STATE *fget_state(void) + { + static ERR_STATE fstate; + return &fstate; + } + +ERR_STATE *(*get_state_func)(void) = fget_state; +void (*remove_state_func)(unsigned long pid); + +ERR_STATE *ERR_get_state(void) + { + return get_state_func(); + } + +void int_ERR_set_state_func(ERR_STATE *(*get_func)(void), + void (*remove_func)(unsigned long pid)) + { + get_state_func = get_func; + remove_state_func = remove_func; + } + +void ERR_remove_state(unsigned long pid) + { + if (remove_state_func) + remove_state_func(pid); + } + +#endif diff --git a/lib/libssl/src/crypto/err/err.h b/lib/libssl/src/crypto/err/err.h index 8d9f0da172e..dcac4152310 100644 --- a/lib/libssl/src/crypto/err/err.h +++ b/lib/libssl/src/crypto/err/err.h @@ -142,6 +142,7 @@ typedef struct err_state_st #define ERR_LIB_STORE 44 #define ERR_LIB_FIPS 45 #define ERR_LIB_CMS 46 +#define ERR_LIB_JPAKE 47 #define ERR_LIB_USER 128 @@ -175,6 +176,7 @@ typedef struct err_state_st #define STOREerr(f,r) ERR_PUT_error(ERR_LIB_STORE,(f),(r),__FILE__,__LINE__) #define FIPSerr(f,r) ERR_PUT_error(ERR_LIB_FIPS,(f),(r),__FILE__,__LINE__) #define CMSerr(f,r) ERR_PUT_error(ERR_LIB_CMS,(f),(r),__FILE__,__LINE__) +#define JPAKEerr(f,r) ERR_PUT_error(ERR_LIB_JPAKE,(f),(r),__FILE__,__LINE__) /* Borland C seems too stupid to be able to shift and do longs in * the pre-processor :-( */ @@ -306,6 +308,12 @@ int ERR_get_next_error_library(void); int ERR_set_mark(void); int ERR_pop_to_mark(void); +#ifdef OPENSSL_FIPS +void int_ERR_set_state_func(ERR_STATE *(*get_func)(void), + void (*remove_func)(unsigned long pid)); +void int_ERR_lib_init(void); +#endif + /* Already defined in ossl_typ.h */ /* typedef struct st_ERR_FNS ERR_FNS; */ /* An application can use this function and provide the return value to loaded diff --git a/lib/libssl/src/crypto/err/err_all.c b/lib/libssl/src/crypto/err/err_all.c index 5813060ce24..f21a5276ed7 100644 --- a/lib/libssl/src/crypto/err/err_all.c +++ b/lib/libssl/src/crypto/err/err_all.c @@ -94,9 +94,16 @@ #include <openssl/ui.h> #include <openssl/ocsp.h> #include <openssl/err.h> +#ifdef OPENSSL_FIPS +#include <openssl/fips.h> +#endif + #ifndef OPENSSL_NO_CMS #include <openssl/cms.h> #endif +#ifndef OPENSSL_NO_JPAKE +#include <openssl/jpake.h> +#endif void ERR_load_crypto_strings(void) { @@ -141,8 +148,14 @@ void ERR_load_crypto_strings(void) #endif ERR_load_OCSP_strings(); ERR_load_UI_strings(); +#ifdef OPENSSL_FIPS + ERR_load_FIPS_strings(); +#endif #ifndef OPENSSL_NO_CMS ERR_load_CMS_strings(); #endif +#ifndef OPENSSL_NO_JPAKE + ERR_load_JPAKE_strings(); +#endif #endif } diff --git a/lib/libssl/src/crypto/err/err_prn.c b/lib/libssl/src/crypto/err/err_prn.c index 2224a901e5e..4cdf342fa63 100644 --- a/lib/libssl/src/crypto/err/err_prn.c +++ b/lib/libssl/src/crypto/err/err_prn.c @@ -86,12 +86,7 @@ void ERR_print_errors_cb(int (*cb)(const char *str, size_t len, void *u), #ifndef OPENSSL_NO_FP_API static int print_fp(const char *str, size_t len, void *fp) { - BIO bio; - - BIO_set(&bio,BIO_s_file()); - BIO_set_fp(&bio,fp,BIO_NOCLOSE); - - return BIO_printf(&bio, "%s", str); + return fwrite(str, 1, len, fp); } void ERR_print_errors_fp(FILE *fp) { @@ -99,13 +94,64 @@ void ERR_print_errors_fp(FILE *fp) } #endif -static int print_bio(const char *str, size_t len, void *bp) +void ERR_error_string_n(unsigned long e, char *buf, size_t len) { - return BIO_write((BIO *)bp, str, len); + char lsbuf[64], fsbuf[64], rsbuf[64]; + const char *ls,*fs,*rs; + unsigned long l,f,r; + + l=ERR_GET_LIB(e); + f=ERR_GET_FUNC(e); + r=ERR_GET_REASON(e); + + ls=ERR_lib_error_string(e); + fs=ERR_func_error_string(e); + rs=ERR_reason_error_string(e); + + if (ls == NULL) + BIO_snprintf(lsbuf, sizeof(lsbuf), "lib(%lu)", l); + if (fs == NULL) + BIO_snprintf(fsbuf, sizeof(fsbuf), "func(%lu)", f); + if (rs == NULL) + BIO_snprintf(rsbuf, sizeof(rsbuf), "reason(%lu)", r); + + BIO_snprintf(buf, len,"error:%08lX:%s:%s:%s", e, ls?ls:lsbuf, + fs?fs:fsbuf, rs?rs:rsbuf); + if (strlen(buf) == len-1) + { + /* output may be truncated; make sure we always have 5 + * colon-separated fields, i.e. 4 colons ... */ +#define NUM_COLONS 4 + if (len > NUM_COLONS) /* ... if possible */ + { + int i; + char *s = buf; + + for (i = 0; i < NUM_COLONS; i++) + { + char *colon = strchr(s, ':'); + if (colon == NULL || colon > &buf[len-1] - NUM_COLONS + i) + { + /* set colon no. i at last possible position + * (buf[len-1] is the terminating 0)*/ + colon = &buf[len-1] - NUM_COLONS + i; + *colon = ':'; + } + s = colon + 1; + } + } + } } -void ERR_print_errors(BIO *bp) + +/* BAD for multi-threading: uses a local buffer if ret == NULL */ +/* ERR_error_string_n should be used instead for ret != NULL + * as ERR_error_string cannot know how large the buffer is */ +char *ERR_error_string(unsigned long e, char *ret) { - ERR_print_errors_cb(print_bio, bp); - } + static char buf[256]; + + if (ret == NULL) ret=buf; + ERR_error_string_n(e, ret, 256); - + return ret; + } diff --git a/lib/libssl/src/crypto/err/openssl.ec b/lib/libssl/src/crypto/err/openssl.ec index 1938f081ac5..868826624db 100644 --- a/lib/libssl/src/crypto/err/openssl.ec +++ b/lib/libssl/src/crypto/err/openssl.ec @@ -31,7 +31,9 @@ L COMP crypto/comp/comp.h crypto/comp/comp_err.c L ECDSA crypto/ecdsa/ecdsa.h crypto/ecdsa/ecs_err.c L ECDH crypto/ecdh/ecdh.h crypto/ecdh/ech_err.c L STORE crypto/store/store.h crypto/store/str_err.c +L FIPS fips/fips.h crypto/fips_err.h L CMS crypto/cms/cms.h crypto/cms/cms_err.c +L JPAKE crypto/jpake/jpake.h crypto/jpake/jpake_err.c # additional header files to be scanned for function names L NONE crypto/x509/x509_vfy.h NONE diff --git a/lib/libssl/src/crypto/evp/Makefile b/lib/libssl/src/crypto/evp/Makefile index 9de56dc03d7..c204f84c1d6 100644 --- a/lib/libssl/src/crypto/evp/Makefile +++ b/lib/libssl/src/crypto/evp/Makefile @@ -18,10 +18,10 @@ TESTDATA=evptests.txt APPS= LIB=$(TOP)/libcrypto.a -LIBSRC= encode.c digest.c evp_enc.c evp_key.c evp_acnf.c \ +LIBSRC= encode.c digest.c dig_eng.c evp_enc.c evp_key.c evp_acnf.c evp_cnf.c \ e_des.c e_bf.c e_idea.c e_des3.c e_camellia.c\ e_rc4.c e_aes.c names.c e_seed.c \ - e_xcbc_d.c e_rc2.c e_cast.c e_rc5.c \ + e_xcbc_d.c e_rc2.c e_cast.c e_rc5.c enc_min.c \ m_null.c m_md2.c m_md4.c m_md5.c m_sha.c m_sha1.c \ m_dss.c m_dss1.c m_mdc2.c m_ripemd.c m_ecdsa.c\ p_open.c p_seal.c p_sign.c p_verify.c p_lib.c p_enc.c p_dec.c \ @@ -30,10 +30,10 @@ LIBSRC= encode.c digest.c evp_enc.c evp_key.c evp_acnf.c \ evp_pkey.c evp_pbe.c p5_crpt.c p5_crpt2.c \ e_old.c -LIBOBJ= encode.o digest.o evp_enc.o evp_key.o evp_acnf.o \ +LIBOBJ= encode.o digest.o dig_eng.o evp_enc.o evp_key.o evp_acnf.o evp_cnf.o \ e_des.o e_bf.o e_idea.o e_des3.o e_camellia.o\ e_rc4.o e_aes.o names.o e_seed.o \ - e_xcbc_d.o e_rc2.o e_cast.o e_rc5.o \ + e_xcbc_d.o e_rc2.o e_cast.o e_rc5.o enc_min.o \ m_null.o m_md2.o m_md4.o m_md5.o m_sha.o m_sha1.o \ m_dss.o m_dss1.o m_mdc2.o m_ripemd.o m_ecdsa.o\ p_open.o p_seal.o p_sign.o p_verify.o p_lib.o p_enc.o p_dec.o \ @@ -55,7 +55,7 @@ top: all: lib lib: $(LIBOBJ) - $(AR) $(LIB) $(LIBOBJ) + $(ARX) $(LIB) $(LIBOBJ) $(RANLIB) $(LIB) || echo Never mind. @touch lib @@ -101,177 +101,201 @@ bio_b64.o: ../../e_os.h ../../include/openssl/asn1.h bio_b64.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h bio_b64.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h bio_b64.o: ../../include/openssl/err.h ../../include/openssl/evp.h -bio_b64.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -bio_b64.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -bio_b64.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -bio_b64.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -bio_b64.o: ../../include/openssl/symhacks.h ../cryptlib.h bio_b64.c +bio_b64.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h +bio_b64.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +bio_b64.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +bio_b64.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h +bio_b64.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +bio_b64.o: ../cryptlib.h bio_b64.c bio_enc.o: ../../e_os.h ../../include/openssl/asn1.h bio_enc.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h bio_enc.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h bio_enc.o: ../../include/openssl/err.h ../../include/openssl/evp.h -bio_enc.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -bio_enc.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -bio_enc.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -bio_enc.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -bio_enc.o: ../../include/openssl/symhacks.h ../cryptlib.h bio_enc.c +bio_enc.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h +bio_enc.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +bio_enc.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +bio_enc.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h +bio_enc.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +bio_enc.o: ../cryptlib.h bio_enc.c bio_md.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h bio_md.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h bio_md.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -bio_md.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h -bio_md.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -bio_md.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -bio_md.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h -bio_md.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -bio_md.o: ../cryptlib.h bio_md.c +bio_md.o: ../../include/openssl/evp.h ../../include/openssl/fips.h +bio_md.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +bio_md.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +bio_md.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +bio_md.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h +bio_md.o: ../../include/openssl/symhacks.h ../cryptlib.h bio_md.c bio_ok.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h bio_ok.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h bio_ok.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -bio_ok.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h -bio_ok.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -bio_ok.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -bio_ok.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h -bio_ok.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -bio_ok.o: ../../include/openssl/symhacks.h ../cryptlib.h bio_ok.c +bio_ok.o: ../../include/openssl/evp.h ../../include/openssl/fips.h +bio_ok.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +bio_ok.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +bio_ok.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +bio_ok.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h +bio_ok.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +bio_ok.o: ../cryptlib.h bio_ok.c c_all.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h c_all.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h c_all.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h c_all.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h c_all.o: ../../include/openssl/engine.h ../../include/openssl/err.h -c_all.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h -c_all.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -c_all.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -c_all.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h -c_all.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -c_all.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -c_all.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -c_all.o: ../cryptlib.h c_all.c +c_all.o: ../../include/openssl/evp.h ../../include/openssl/fips.h +c_all.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +c_all.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +c_all.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +c_all.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +c_all.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +c_all.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +c_all.o: ../../include/openssl/x509_vfy.h ../cryptlib.h c_all.c c_allc.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h c_allc.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h c_allc.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h c_allc.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h c_allc.o: ../../include/openssl/err.h ../../include/openssl/evp.h -c_allc.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -c_allc.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -c_allc.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -c_allc.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h -c_allc.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -c_allc.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -c_allc.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -c_allc.o: ../cryptlib.h c_allc.c +c_allc.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h +c_allc.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +c_allc.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +c_allc.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs12.h +c_allc.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +c_allc.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +c_allc.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +c_allc.o: ../../include/openssl/x509_vfy.h ../cryptlib.h c_allc.c c_alld.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h c_alld.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h c_alld.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h c_alld.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h c_alld.o: ../../include/openssl/err.h ../../include/openssl/evp.h -c_alld.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -c_alld.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -c_alld.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -c_alld.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h -c_alld.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -c_alld.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -c_alld.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -c_alld.o: ../cryptlib.h c_alld.c +c_alld.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h +c_alld.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +c_alld.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +c_alld.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs12.h +c_alld.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +c_alld.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +c_alld.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +c_alld.o: ../../include/openssl/x509_vfy.h ../cryptlib.h c_alld.c +dig_eng.o: ../../e_os.h ../../include/openssl/asn1.h +dig_eng.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h +dig_eng.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h +dig_eng.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h +dig_eng.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h +dig_eng.o: ../../include/openssl/err.h ../../include/openssl/evp.h +dig_eng.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h +dig_eng.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +dig_eng.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +dig_eng.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h +dig_eng.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +dig_eng.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +dig_eng.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +dig_eng.o: ../cryptlib.h dig_eng.c evp_locl.h digest.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h digest.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h digest.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h digest.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h digest.o: ../../include/openssl/engine.h ../../include/openssl/err.h -digest.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h -digest.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -digest.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -digest.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h -digest.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -digest.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -digest.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -digest.o: ../cryptlib.h digest.c +digest.o: ../../include/openssl/evp.h ../../include/openssl/fips.h +digest.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +digest.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +digest.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +digest.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +digest.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +digest.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +digest.o: ../../include/openssl/x509_vfy.h ../cryptlib.h digest.c evp_locl.h e_aes.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h e_aes.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h e_aes.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -e_aes.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h -e_aes.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -e_aes.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -e_aes.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h -e_aes.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h e_aes.c -e_aes.o: evp_locl.h +e_aes.o: ../../include/openssl/evp.h ../../include/openssl/fips.h +e_aes.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +e_aes.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +e_aes.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +e_aes.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h +e_aes.o: ../../include/openssl/symhacks.h e_aes.c evp_locl.h e_bf.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h e_bf.o: ../../include/openssl/blowfish.h ../../include/openssl/buffer.h e_bf.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h e_bf.o: ../../include/openssl/err.h ../../include/openssl/evp.h -e_bf.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -e_bf.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -e_bf.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -e_bf.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -e_bf.o: ../../include/openssl/symhacks.h ../cryptlib.h e_bf.c evp_locl.h +e_bf.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h +e_bf.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +e_bf.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +e_bf.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h +e_bf.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +e_bf.o: ../cryptlib.h e_bf.c evp_locl.h e_camellia.o: ../../include/openssl/opensslconf.h e_camellia.c e_cast.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h e_cast.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h e_cast.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h e_cast.o: ../../include/openssl/err.h ../../include/openssl/evp.h -e_cast.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -e_cast.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -e_cast.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -e_cast.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -e_cast.o: ../../include/openssl/symhacks.h ../cryptlib.h e_cast.c evp_locl.h +e_cast.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h +e_cast.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +e_cast.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +e_cast.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h +e_cast.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +e_cast.o: ../cryptlib.h e_cast.c evp_locl.h e_des.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h e_des.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h e_des.o: ../../include/openssl/des.h ../../include/openssl/des_old.h e_des.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -e_des.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h -e_des.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -e_des.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -e_des.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h -e_des.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -e_des.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h -e_des.o: ../../include/openssl/ui_compat.h ../cryptlib.h e_des.c evp_locl.h +e_des.o: ../../include/openssl/evp.h ../../include/openssl/fips.h +e_des.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +e_des.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +e_des.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +e_des.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h +e_des.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +e_des.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h +e_des.o: ../cryptlib.h e_des.c evp_locl.h e_des3.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h e_des3.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h e_des3.o: ../../include/openssl/des.h ../../include/openssl/des_old.h e_des3.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -e_des3.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h -e_des3.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -e_des3.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -e_des3.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h -e_des3.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -e_des3.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h -e_des3.o: ../../include/openssl/ui_compat.h ../cryptlib.h e_des3.c evp_locl.h +e_des3.o: ../../include/openssl/evp.h ../../include/openssl/fips.h +e_des3.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +e_des3.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +e_des3.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +e_des3.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h +e_des3.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +e_des3.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h +e_des3.o: ../cryptlib.h e_des3.c evp_locl.h e_idea.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h e_idea.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h e_idea.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -e_idea.o: ../../include/openssl/evp.h ../../include/openssl/idea.h -e_idea.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -e_idea.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -e_idea.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -e_idea.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -e_idea.o: ../../include/openssl/symhacks.h ../cryptlib.h e_idea.c evp_locl.h +e_idea.o: ../../include/openssl/evp.h ../../include/openssl/fips.h +e_idea.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h +e_idea.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +e_idea.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +e_idea.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h +e_idea.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +e_idea.o: ../cryptlib.h e_idea.c evp_locl.h e_null.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h e_null.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h e_null.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -e_null.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h -e_null.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -e_null.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -e_null.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h -e_null.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -e_null.o: ../cryptlib.h e_null.c +e_null.o: ../../include/openssl/evp.h ../../include/openssl/fips.h +e_null.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +e_null.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +e_null.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +e_null.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h +e_null.o: ../../include/openssl/symhacks.h ../cryptlib.h e_null.c e_old.o: e_old.c e_rc2.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h e_rc2.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h e_rc2.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -e_rc2.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h -e_rc2.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -e_rc2.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -e_rc2.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rc2.h -e_rc2.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -e_rc2.o: ../../include/openssl/symhacks.h ../cryptlib.h e_rc2.c evp_locl.h +e_rc2.o: ../../include/openssl/evp.h ../../include/openssl/fips.h +e_rc2.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +e_rc2.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +e_rc2.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +e_rc2.o: ../../include/openssl/rc2.h ../../include/openssl/safestack.h +e_rc2.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +e_rc2.o: ../cryptlib.h e_rc2.c evp_locl.h e_rc4.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h e_rc4.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h e_rc4.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -e_rc4.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h -e_rc4.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -e_rc4.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -e_rc4.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rc4.h -e_rc4.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -e_rc4.o: ../../include/openssl/symhacks.h ../cryptlib.h e_rc4.c +e_rc4.o: ../../include/openssl/evp.h ../../include/openssl/fips.h +e_rc4.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +e_rc4.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +e_rc4.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +e_rc4.o: ../../include/openssl/rc4.h ../../include/openssl/safestack.h +e_rc4.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +e_rc4.o: ../cryptlib.h e_rc4.c evp_locl.h e_rc5.o: ../../e_os.h ../../include/openssl/bio.h e_rc5.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h e_rc5.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h @@ -282,107 +306,141 @@ e_rc5.o: ../../include/openssl/symhacks.h ../cryptlib.h e_rc5.c e_seed.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h e_seed.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h e_seed.o: ../../include/openssl/err.h ../../include/openssl/evp.h -e_seed.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -e_seed.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -e_seed.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -e_seed.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -e_seed.o: ../../include/openssl/symhacks.h e_seed.c +e_seed.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h +e_seed.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +e_seed.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +e_seed.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h +e_seed.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +e_seed.o: e_seed.c e_xcbc_d.o: ../../e_os.h ../../include/openssl/asn1.h e_xcbc_d.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h e_xcbc_d.o: ../../include/openssl/crypto.h ../../include/openssl/des.h e_xcbc_d.o: ../../include/openssl/des_old.h ../../include/openssl/e_os2.h e_xcbc_d.o: ../../include/openssl/err.h ../../include/openssl/evp.h -e_xcbc_d.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -e_xcbc_d.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +e_xcbc_d.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h +e_xcbc_d.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +e_xcbc_d.o: ../../include/openssl/opensslconf.h e_xcbc_d.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h e_xcbc_d.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h e_xcbc_d.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h e_xcbc_d.o: ../../include/openssl/ui_compat.h ../cryptlib.h e_xcbc_d.c +enc_min.o: ../../e_os.h ../../include/openssl/asn1.h +enc_min.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h +enc_min.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h +enc_min.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h +enc_min.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h +enc_min.o: ../../include/openssl/err.h ../../include/openssl/evp.h +enc_min.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h +enc_min.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +enc_min.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +enc_min.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h +enc_min.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h +enc_min.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +enc_min.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +enc_min.o: ../../include/openssl/x509_vfy.h ../cryptlib.h enc_min.c evp_locl.h encode.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h encode.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h encode.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -encode.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h -encode.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -encode.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -encode.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h -encode.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -encode.o: ../cryptlib.h encode.c +encode.o: ../../include/openssl/evp.h ../../include/openssl/fips.h +encode.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +encode.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +encode.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +encode.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h +encode.o: ../../include/openssl/symhacks.h ../cryptlib.h encode.c evp_acnf.o: ../../e_os.h ../../include/openssl/asn1.h evp_acnf.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h evp_acnf.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h evp_acnf.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -evp_acnf.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h -evp_acnf.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -evp_acnf.o: ../../include/openssl/opensslconf.h +evp_acnf.o: ../../include/openssl/evp.h ../../include/openssl/fips.h +evp_acnf.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +evp_acnf.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h evp_acnf.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h evp_acnf.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h evp_acnf.o: ../../include/openssl/symhacks.h ../cryptlib.h evp_acnf.c +evp_cnf.o: ../../e_os.h ../../include/openssl/asn1.h +evp_cnf.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h +evp_cnf.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h +evp_cnf.o: ../../include/openssl/dso.h ../../include/openssl/e_os2.h +evp_cnf.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h +evp_cnf.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h +evp_cnf.o: ../../include/openssl/evp.h ../../include/openssl/fips.h +evp_cnf.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +evp_cnf.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +evp_cnf.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +evp_cnf.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +evp_cnf.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +evp_cnf.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +evp_cnf.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h +evp_cnf.o: ../cryptlib.h evp_cnf.c evp_enc.o: ../../e_os.h ../../include/openssl/asn1.h evp_enc.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h evp_enc.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h evp_enc.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h evp_enc.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h evp_enc.o: ../../include/openssl/err.h ../../include/openssl/evp.h -evp_enc.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -evp_enc.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -evp_enc.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -evp_enc.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h -evp_enc.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -evp_enc.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -evp_enc.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -evp_enc.o: ../cryptlib.h evp_enc.c evp_locl.h +evp_enc.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h +evp_enc.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +evp_enc.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +evp_enc.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h +evp_enc.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h +evp_enc.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +evp_enc.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +evp_enc.o: ../../include/openssl/x509_vfy.h ../cryptlib.h evp_enc.c evp_locl.h evp_err.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h evp_err.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h evp_err.o: ../../include/openssl/err.h ../../include/openssl/evp.h -evp_err.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -evp_err.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -evp_err.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -evp_err.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -evp_err.o: ../../include/openssl/symhacks.h evp_err.c +evp_err.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h +evp_err.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +evp_err.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +evp_err.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h +evp_err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +evp_err.o: evp_err.c evp_key.o: ../../e_os.h ../../include/openssl/asn1.h evp_key.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h evp_key.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h evp_key.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h evp_key.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h -evp_key.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h -evp_key.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -evp_key.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -evp_key.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h -evp_key.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -evp_key.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -evp_key.o: ../../include/openssl/ui.h ../../include/openssl/x509.h -evp_key.o: ../../include/openssl/x509_vfy.h ../cryptlib.h evp_key.c +evp_key.o: ../../include/openssl/evp.h ../../include/openssl/fips.h +evp_key.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +evp_key.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +evp_key.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +evp_key.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +evp_key.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +evp_key.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h +evp_key.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +evp_key.o: ../cryptlib.h evp_key.c evp_lib.o: ../../e_os.h ../../include/openssl/asn1.h evp_lib.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h evp_lib.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h evp_lib.o: ../../include/openssl/err.h ../../include/openssl/evp.h -evp_lib.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -evp_lib.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -evp_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -evp_lib.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -evp_lib.o: ../../include/openssl/symhacks.h ../cryptlib.h evp_lib.c +evp_lib.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h +evp_lib.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +evp_lib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +evp_lib.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h +evp_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +evp_lib.o: ../cryptlib.h evp_lib.c evp_pbe.o: ../../e_os.h ../../include/openssl/asn1.h evp_pbe.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h evp_pbe.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h evp_pbe.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h evp_pbe.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h -evp_pbe.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h -evp_pbe.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -evp_pbe.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -evp_pbe.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h -evp_pbe.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -evp_pbe.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -evp_pbe.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -evp_pbe.o: ../cryptlib.h evp_pbe.c +evp_pbe.o: ../../include/openssl/evp.h ../../include/openssl/fips.h +evp_pbe.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +evp_pbe.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +evp_pbe.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +evp_pbe.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +evp_pbe.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +evp_pbe.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +evp_pbe.o: ../../include/openssl/x509_vfy.h ../cryptlib.h evp_pbe.c evp_pkey.o: ../../e_os.h ../../include/openssl/asn1.h evp_pkey.o: ../../include/openssl/bio.h ../../include/openssl/bn.h evp_pkey.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h evp_pkey.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h evp_pkey.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h evp_pkey.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h -evp_pkey.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h -evp_pkey.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -evp_pkey.o: ../../include/openssl/opensslconf.h +evp_pkey.o: ../../include/openssl/evp.h ../../include/openssl/fips.h +evp_pkey.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +evp_pkey.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h evp_pkey.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h evp_pkey.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h evp_pkey.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h @@ -394,106 +452,110 @@ m_dss.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h m_dss.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h m_dss.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h m_dss.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h -m_dss.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h -m_dss.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -m_dss.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -m_dss.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h -m_dss.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -m_dss.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -m_dss.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -m_dss.o: ../cryptlib.h m_dss.c +m_dss.o: ../../include/openssl/evp.h ../../include/openssl/fips.h +m_dss.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +m_dss.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +m_dss.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +m_dss.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +m_dss.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +m_dss.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +m_dss.o: ../../include/openssl/x509_vfy.h ../cryptlib.h m_dss.c m_dss1.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h m_dss1.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h m_dss1.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h m_dss1.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h m_dss1.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h -m_dss1.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h -m_dss1.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -m_dss1.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -m_dss1.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h -m_dss1.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -m_dss1.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -m_dss1.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -m_dss1.o: ../cryptlib.h m_dss1.c +m_dss1.o: ../../include/openssl/evp.h ../../include/openssl/fips.h +m_dss1.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +m_dss1.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +m_dss1.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +m_dss1.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +m_dss1.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +m_dss1.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +m_dss1.o: ../../include/openssl/x509_vfy.h ../cryptlib.h m_dss1.c m_ecdsa.o: ../../e_os.h ../../include/openssl/asn1.h m_ecdsa.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h m_ecdsa.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h m_ecdsa.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h m_ecdsa.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h -m_ecdsa.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h -m_ecdsa.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -m_ecdsa.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -m_ecdsa.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h -m_ecdsa.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -m_ecdsa.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -m_ecdsa.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -m_ecdsa.o: ../cryptlib.h m_ecdsa.c +m_ecdsa.o: ../../include/openssl/evp.h ../../include/openssl/fips.h +m_ecdsa.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +m_ecdsa.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +m_ecdsa.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +m_ecdsa.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +m_ecdsa.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +m_ecdsa.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +m_ecdsa.o: ../../include/openssl/x509_vfy.h ../cryptlib.h m_ecdsa.c m_md2.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h m_md2.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h m_md2.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h m_md2.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h m_md2.o: ../../include/openssl/err.h ../../include/openssl/evp.h -m_md2.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h -m_md2.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -m_md2.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -m_md2.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h -m_md2.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h -m_md2.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -m_md2.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -m_md2.o: ../../include/openssl/x509_vfy.h ../cryptlib.h m_md2.c +m_md2.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h +m_md2.o: ../../include/openssl/md2.h ../../include/openssl/obj_mac.h +m_md2.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +m_md2.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +m_md2.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h +m_md2.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +m_md2.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +m_md2.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +m_md2.o: ../cryptlib.h evp_locl.h m_md2.c m_md4.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h m_md4.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h m_md4.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h m_md4.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h m_md4.o: ../../include/openssl/err.h ../../include/openssl/evp.h -m_md4.o: ../../include/openssl/lhash.h ../../include/openssl/md4.h -m_md4.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -m_md4.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -m_md4.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h -m_md4.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h -m_md4.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -m_md4.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -m_md4.o: ../../include/openssl/x509_vfy.h ../cryptlib.h m_md4.c +m_md4.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h +m_md4.o: ../../include/openssl/md4.h ../../include/openssl/obj_mac.h +m_md4.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +m_md4.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +m_md4.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h +m_md4.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +m_md4.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +m_md4.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +m_md4.o: ../cryptlib.h evp_locl.h m_md4.c m_md5.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h m_md5.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h m_md5.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h m_md5.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h m_md5.o: ../../include/openssl/err.h ../../include/openssl/evp.h -m_md5.o: ../../include/openssl/lhash.h ../../include/openssl/md5.h -m_md5.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -m_md5.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -m_md5.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h -m_md5.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h -m_md5.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -m_md5.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -m_md5.o: ../../include/openssl/x509_vfy.h ../cryptlib.h m_md5.c +m_md5.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h +m_md5.o: ../../include/openssl/md5.h ../../include/openssl/obj_mac.h +m_md5.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +m_md5.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +m_md5.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h +m_md5.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +m_md5.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +m_md5.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +m_md5.o: ../cryptlib.h evp_locl.h m_md5.c m_mdc2.o: ../../e_os.h ../../include/openssl/bio.h m_mdc2.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h m_mdc2.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h m_mdc2.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h m_mdc2.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h m_mdc2.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -m_mdc2.o: ../../include/openssl/symhacks.h ../cryptlib.h m_mdc2.c +m_mdc2.o: ../../include/openssl/symhacks.h ../cryptlib.h evp_locl.h m_mdc2.c m_null.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h m_null.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h m_null.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h m_null.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h m_null.o: ../../include/openssl/err.h ../../include/openssl/evp.h -m_null.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -m_null.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -m_null.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -m_null.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h -m_null.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -m_null.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -m_null.o: ../../include/openssl/x509_vfy.h ../cryptlib.h m_null.c +m_null.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h +m_null.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +m_null.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +m_null.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h +m_null.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +m_null.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +m_null.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +m_null.o: ../cryptlib.h m_null.c m_ripemd.o: ../../e_os.h ../../include/openssl/asn1.h m_ripemd.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h m_ripemd.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h m_ripemd.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h m_ripemd.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h -m_ripemd.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h -m_ripemd.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -m_ripemd.o: ../../include/openssl/opensslconf.h +m_ripemd.o: ../../include/openssl/evp.h ../../include/openssl/fips.h +m_ripemd.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +m_ripemd.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h m_ripemd.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h m_ripemd.o: ../../include/openssl/pkcs7.h ../../include/openssl/ripemd.h m_ripemd.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h @@ -505,60 +567,62 @@ m_sha.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h m_sha.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h m_sha.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h m_sha.o: ../../include/openssl/err.h ../../include/openssl/evp.h -m_sha.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -m_sha.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -m_sha.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -m_sha.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h -m_sha.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -m_sha.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -m_sha.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -m_sha.o: ../cryptlib.h m_sha.c +m_sha.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h +m_sha.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +m_sha.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +m_sha.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h +m_sha.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h +m_sha.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +m_sha.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +m_sha.o: ../../include/openssl/x509_vfy.h ../cryptlib.h evp_locl.h m_sha.c m_sha1.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h m_sha1.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h m_sha1.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h m_sha1.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h m_sha1.o: ../../include/openssl/err.h ../../include/openssl/evp.h -m_sha1.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -m_sha1.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -m_sha1.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -m_sha1.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h -m_sha1.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -m_sha1.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -m_sha1.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -m_sha1.o: ../cryptlib.h m_sha1.c +m_sha1.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h +m_sha1.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +m_sha1.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +m_sha1.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h +m_sha1.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h +m_sha1.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +m_sha1.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +m_sha1.o: ../../include/openssl/x509_vfy.h ../cryptlib.h m_sha1.c names.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h names.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h names.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h names.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h names.o: ../../include/openssl/err.h ../../include/openssl/evp.h -names.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -names.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -names.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -names.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h -names.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -names.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -names.o: ../../include/openssl/x509_vfy.h ../cryptlib.h names.c +names.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h +names.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +names.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +names.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h +names.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +names.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +names.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +names.o: ../cryptlib.h names.c p5_crpt.o: ../../e_os.h ../../include/openssl/asn1.h p5_crpt.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h p5_crpt.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h p5_crpt.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h p5_crpt.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h -p5_crpt.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h -p5_crpt.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -p5_crpt.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -p5_crpt.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h -p5_crpt.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -p5_crpt.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -p5_crpt.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -p5_crpt.o: ../cryptlib.h p5_crpt.c +p5_crpt.o: ../../include/openssl/evp.h ../../include/openssl/fips.h +p5_crpt.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +p5_crpt.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +p5_crpt.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +p5_crpt.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +p5_crpt.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +p5_crpt.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +p5_crpt.o: ../../include/openssl/x509_vfy.h ../cryptlib.h p5_crpt.c p5_crpt2.o: ../../e_os.h ../../include/openssl/asn1.h p5_crpt2.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h p5_crpt2.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h p5_crpt2.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h p5_crpt2.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h -p5_crpt2.o: ../../include/openssl/evp.h ../../include/openssl/hmac.h -p5_crpt2.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -p5_crpt2.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +p5_crpt2.o: ../../include/openssl/evp.h ../../include/openssl/fips.h +p5_crpt2.o: ../../include/openssl/hmac.h ../../include/openssl/lhash.h +p5_crpt2.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +p5_crpt2.o: ../../include/openssl/opensslconf.h p5_crpt2.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h p5_crpt2.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h p5_crpt2.o: ../../include/openssl/sha.h ../../include/openssl/stack.h @@ -569,27 +633,29 @@ p_dec.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h p_dec.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h p_dec.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h p_dec.o: ../../include/openssl/err.h ../../include/openssl/evp.h -p_dec.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -p_dec.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -p_dec.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -p_dec.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h -p_dec.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h -p_dec.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -p_dec.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -p_dec.o: ../../include/openssl/x509_vfy.h ../cryptlib.h p_dec.c +p_dec.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h +p_dec.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +p_dec.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +p_dec.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h +p_dec.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h +p_dec.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +p_dec.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +p_dec.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +p_dec.o: ../cryptlib.h p_dec.c p_enc.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h p_enc.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h p_enc.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h p_enc.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h p_enc.o: ../../include/openssl/err.h ../../include/openssl/evp.h -p_enc.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -p_enc.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -p_enc.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -p_enc.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h -p_enc.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h -p_enc.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -p_enc.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -p_enc.o: ../../include/openssl/x509_vfy.h ../cryptlib.h p_enc.c +p_enc.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h +p_enc.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +p_enc.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +p_enc.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h +p_enc.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h +p_enc.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +p_enc.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +p_enc.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +p_enc.o: ../cryptlib.h p_enc.c p_lib.o: ../../e_os.h ../../include/openssl/asn1.h p_lib.o: ../../include/openssl/asn1_mac.h ../../include/openssl/bio.h p_lib.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h @@ -597,60 +663,63 @@ p_lib.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h p_lib.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h p_lib.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h p_lib.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h -p_lib.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h -p_lib.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -p_lib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -p_lib.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h -p_lib.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h -p_lib.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -p_lib.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -p_lib.o: ../../include/openssl/x509_vfy.h ../cryptlib.h p_lib.c +p_lib.o: ../../include/openssl/evp.h ../../include/openssl/fips.h +p_lib.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +p_lib.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +p_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +p_lib.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h +p_lib.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +p_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +p_lib.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +p_lib.o: ../cryptlib.h p_lib.c p_open.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h p_open.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h p_open.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h p_open.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h p_open.o: ../../include/openssl/err.h ../../include/openssl/evp.h -p_open.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -p_open.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -p_open.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -p_open.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h -p_open.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -p_open.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -p_open.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -p_open.o: ../cryptlib.h p_open.c +p_open.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h +p_open.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +p_open.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +p_open.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h +p_open.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h +p_open.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +p_open.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +p_open.o: ../../include/openssl/x509_vfy.h ../cryptlib.h p_open.c p_seal.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h p_seal.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h p_seal.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h p_seal.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h p_seal.o: ../../include/openssl/err.h ../../include/openssl/evp.h -p_seal.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -p_seal.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -p_seal.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -p_seal.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h -p_seal.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h -p_seal.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -p_seal.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -p_seal.o: ../../include/openssl/x509_vfy.h ../cryptlib.h p_seal.c +p_seal.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h +p_seal.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +p_seal.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +p_seal.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h +p_seal.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h +p_seal.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +p_seal.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +p_seal.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +p_seal.o: ../cryptlib.h p_seal.c p_sign.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h p_sign.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h p_sign.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h p_sign.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h p_sign.o: ../../include/openssl/err.h ../../include/openssl/evp.h -p_sign.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -p_sign.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -p_sign.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -p_sign.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h -p_sign.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -p_sign.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -p_sign.o: ../../include/openssl/x509_vfy.h ../cryptlib.h p_sign.c +p_sign.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h +p_sign.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +p_sign.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +p_sign.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h +p_sign.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +p_sign.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +p_sign.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +p_sign.o: ../cryptlib.h p_sign.c p_verify.o: ../../e_os.h ../../include/openssl/asn1.h p_verify.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h p_verify.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h p_verify.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h p_verify.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h -p_verify.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h -p_verify.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -p_verify.o: ../../include/openssl/opensslconf.h +p_verify.o: ../../include/openssl/evp.h ../../include/openssl/fips.h +p_verify.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +p_verify.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h p_verify.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h p_verify.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h p_verify.o: ../../include/openssl/sha.h ../../include/openssl/stack.h diff --git a/lib/libssl/src/crypto/evp/bio_md.c b/lib/libssl/src/crypto/evp/bio_md.c index d648ac6da6b..ed5c1135fd4 100644 --- a/lib/libssl/src/crypto/evp/bio_md.c +++ b/lib/libssl/src/crypto/evp/bio_md.c @@ -192,13 +192,8 @@ static long md_ctrl(BIO *b, int cmd, long num, void *ptr) ret=0; break; case BIO_C_GET_MD_CTX: - if (b->init) - { - pctx=ptr; - *pctx=ctx; - } - else - ret=0; + pctx=ptr; + *pctx=ctx; break; case BIO_C_SET_MD_CTX: if (b->init) diff --git a/lib/libssl/src/crypto/evp/digest.c b/lib/libssl/src/crypto/evp/digest.c index 762e6d3450d..3bc2d1295c6 100644 --- a/lib/libssl/src/crypto/evp/digest.c +++ b/lib/libssl/src/crypto/evp/digest.c @@ -116,6 +116,7 @@ #ifndef OPENSSL_NO_ENGINE #include <openssl/engine.h> #endif +#include "evp_locl.h" void EVP_MD_CTX_init(EVP_MD_CTX *ctx) { @@ -137,18 +138,77 @@ int EVP_DigestInit(EVP_MD_CTX *ctx, const EVP_MD *type) return EVP_DigestInit_ex(ctx, type, NULL); } -int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl) +#ifdef OPENSSL_FIPS + +/* The purpose of these is to trap programs that attempt to use non FIPS + * algorithms in FIPS mode and ignore the errors. + */ + +static int bad_init(EVP_MD_CTX *ctx) + { FIPS_ERROR_IGNORED("Digest init"); return 0;} + +static int bad_update(EVP_MD_CTX *ctx,const void *data,size_t count) + { FIPS_ERROR_IGNORED("Digest update"); return 0;} + +static int bad_final(EVP_MD_CTX *ctx,unsigned char *md) + { FIPS_ERROR_IGNORED("Digest Final"); return 0;} + +static const EVP_MD bad_md = { - EVP_MD_CTX_clear_flags(ctx,EVP_MD_CTX_FLAG_CLEANED); + 0, + 0, + 0, + 0, + bad_init, + bad_update, + bad_final, + NULL, + NULL, + NULL, + 0, + {0,0,0,0}, + }; + +#endif + #ifndef OPENSSL_NO_ENGINE - /* Whether it's nice or not, "Inits" can be used on "Final"'d contexts - * so this context may already have an ENGINE! Try to avoid releasing - * the previous handle, re-querying for an ENGINE, and having a - * reinitialisation, when it may all be unecessary. */ - if (ctx->engine && ctx->digest && (!type || - (type && (type->type == ctx->digest->type)))) - goto skip_to_init; - if (type) + +#ifdef OPENSSL_FIPS + +static int do_engine_null(ENGINE *impl) { return 0;} +static int do_evp_md_engine_null(EVP_MD_CTX *ctx, + const EVP_MD **ptype, ENGINE *impl) + { return 1; } + +static int (*do_engine_init)(ENGINE *impl) + = do_engine_null; + +static int (*do_engine_finish)(ENGINE *impl) + = do_engine_null; + +static int (*do_evp_md_engine) + (EVP_MD_CTX *ctx, const EVP_MD **ptype, ENGINE *impl) + = do_evp_md_engine_null; + +void int_EVP_MD_set_engine_callbacks( + int (*eng_md_init)(ENGINE *impl), + int (*eng_md_fin)(ENGINE *impl), + int (*eng_md_evp) + (EVP_MD_CTX *ctx, const EVP_MD **ptype, ENGINE *impl)) + { + do_engine_init = eng_md_init; + do_engine_finish = eng_md_fin; + do_evp_md_engine = eng_md_evp; + } + +#else + +#define do_engine_init ENGINE_init +#define do_engine_finish ENGINE_finish + +static int do_evp_md_engine(EVP_MD_CTX *ctx, const EVP_MD **ptype, ENGINE *impl) + { + if (*ptype) { /* Ensure an ENGINE left lying around from last time is cleared * (the previous check attempted to avoid this if the same @@ -159,25 +219,25 @@ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl) { if (!ENGINE_init(impl)) { - EVPerr(EVP_F_EVP_DIGESTINIT_EX,EVP_R_INITIALIZATION_ERROR); + EVPerr(EVP_F_DO_EVP_MD_ENGINE,EVP_R_INITIALIZATION_ERROR); return 0; } } else /* Ask if an ENGINE is reserved for this job */ - impl = ENGINE_get_digest_engine(type->type); + impl = ENGINE_get_digest_engine((*ptype)->type); if(impl) { /* There's an ENGINE for this job ... (apparently) */ - const EVP_MD *d = ENGINE_get_digest(impl, type->type); + const EVP_MD *d = ENGINE_get_digest(impl, (*ptype)->type); if(!d) { /* Same comment from evp_enc.c */ - EVPerr(EVP_F_EVP_DIGESTINIT_EX,EVP_R_INITIALIZATION_ERROR); + EVPerr(EVP_F_DO_EVP_MD_ENGINE,EVP_R_INITIALIZATION_ERROR); return 0; } /* We'll use the ENGINE's private digest definition */ - type = d; + *ptype = d; /* Store the ENGINE functional reference so we know * 'type' came from an ENGINE and we need to release * it when done. */ @@ -189,12 +249,52 @@ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl) else if(!ctx->digest) { - EVPerr(EVP_F_EVP_DIGESTINIT_EX,EVP_R_NO_DIGEST_SET); + EVPerr(EVP_F_DO_EVP_MD_ENGINE,EVP_R_NO_DIGEST_SET); return 0; } + return 1; + } + +#endif + +#endif + +int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl) + { + M_EVP_MD_CTX_clear_flags(ctx,EVP_MD_CTX_FLAG_CLEANED); +#ifdef OPENSSL_FIPS + if(FIPS_selftest_failed()) + { + FIPSerr(FIPS_F_EVP_DIGESTINIT_EX,FIPS_R_FIPS_SELFTEST_FAILED); + ctx->digest = &bad_md; + return 0; + } +#endif +#ifndef OPENSSL_NO_ENGINE + /* Whether it's nice or not, "Inits" can be used on "Final"'d contexts + * so this context may already have an ENGINE! Try to avoid releasing + * the previous handle, re-querying for an ENGINE, and having a + * reinitialisation, when it may all be unecessary. */ + if (ctx->engine && ctx->digest && (!type || + (type && (type->type == ctx->digest->type)))) + goto skip_to_init; + if (!do_evp_md_engine(ctx, &type, impl)) + return 0; #endif if (ctx->digest != type) { +#ifdef OPENSSL_FIPS + if (FIPS_mode()) + { + if (!(type->flags & EVP_MD_FLAG_FIPS) + && !(ctx->flags & EVP_MD_CTX_FLAG_NON_FIPS_ALLOW)) + { + EVPerr(EVP_F_EVP_DIGESTINIT_EX, EVP_R_DISABLED_FOR_FIPS); + ctx->digest = &bad_md; + return 0; + } + } +#endif if (ctx->digest && ctx->digest->ctx_size) OPENSSL_free(ctx->md_data); ctx->digest=type; @@ -202,7 +302,7 @@ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl) ctx->md_data=OPENSSL_malloc(type->ctx_size); } #ifndef OPENSSL_NO_ENGINE -skip_to_init: + skip_to_init: #endif return ctx->digest->init(ctx); } @@ -210,6 +310,9 @@ skip_to_init: int EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *data, size_t count) { +#ifdef OPENSSL_FIPS + FIPS_selftest_check(); +#endif return ctx->digest->update(ctx,data,count); } @@ -226,6 +329,9 @@ int EVP_DigestFinal(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *size) int EVP_DigestFinal_ex(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *size) { int ret; +#ifdef OPENSSL_FIPS + FIPS_selftest_check(); +#endif OPENSSL_assert(ctx->digest->md_size <= EVP_MAX_MD_SIZE); ret=ctx->digest->final(ctx,md); @@ -234,7 +340,7 @@ int EVP_DigestFinal_ex(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *size) if (ctx->digest->cleanup) { ctx->digest->cleanup(ctx); - EVP_MD_CTX_set_flags(ctx,EVP_MD_CTX_FLAG_CLEANED); + M_EVP_MD_CTX_set_flags(ctx,EVP_MD_CTX_FLAG_CLEANED); } memset(ctx->md_data,0,ctx->digest->ctx_size); return ret; @@ -256,7 +362,7 @@ int EVP_MD_CTX_copy_ex(EVP_MD_CTX *out, const EVP_MD_CTX *in) } #ifndef OPENSSL_NO_ENGINE /* Make sure it's safe to copy a digest context using an ENGINE */ - if (in->engine && !ENGINE_init(in->engine)) + if (in->engine && !do_engine_init(in->engine)) { EVPerr(EVP_F_EVP_MD_CTX_COPY_EX,ERR_R_ENGINE_LIB); return 0; @@ -266,7 +372,7 @@ int EVP_MD_CTX_copy_ex(EVP_MD_CTX *out, const EVP_MD_CTX *in) if (out->digest == in->digest) { tmp_buf = out->md_data; - EVP_MD_CTX_set_flags(out,EVP_MD_CTX_FLAG_REUSE); + M_EVP_MD_CTX_set_flags(out,EVP_MD_CTX_FLAG_REUSE); } else tmp_buf = NULL; EVP_MD_CTX_cleanup(out); @@ -292,7 +398,7 @@ int EVP_Digest(const void *data, size_t count, int ret; EVP_MD_CTX_init(&ctx); - EVP_MD_CTX_set_flags(&ctx,EVP_MD_CTX_FLAG_ONESHOT); + M_EVP_MD_CTX_set_flags(&ctx,EVP_MD_CTX_FLAG_ONESHOT); ret=EVP_DigestInit_ex(&ctx, type, impl) && EVP_DigestUpdate(&ctx, data, count) && EVP_DigestFinal_ex(&ctx, md, size); @@ -314,10 +420,10 @@ int EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx) * because sometimes only copies of the context are ever finalised. */ if (ctx->digest && ctx->digest->cleanup - && !EVP_MD_CTX_test_flags(ctx,EVP_MD_CTX_FLAG_CLEANED)) + && !M_EVP_MD_CTX_test_flags(ctx,EVP_MD_CTX_FLAG_CLEANED)) ctx->digest->cleanup(ctx); if (ctx->digest && ctx->digest->ctx_size && ctx->md_data - && !EVP_MD_CTX_test_flags(ctx, EVP_MD_CTX_FLAG_REUSE)) + && !M_EVP_MD_CTX_test_flags(ctx, EVP_MD_CTX_FLAG_REUSE)) { OPENSSL_cleanse(ctx->md_data,ctx->digest->ctx_size); OPENSSL_free(ctx->md_data); @@ -326,7 +432,7 @@ int EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx) if(ctx->engine) /* The EVP_MD we used belongs to an ENGINE, release the * functional reference we held for this reason. */ - ENGINE_finish(ctx->engine); + do_engine_finish(ctx->engine); #endif memset(ctx,'\0',sizeof *ctx); diff --git a/lib/libssl/src/crypto/evp/e_aes.c b/lib/libssl/src/crypto/evp/e_aes.c index bd6c0a3a62a..c9a5ee8d75a 100644 --- a/lib/libssl/src/crypto/evp/e_aes.c +++ b/lib/libssl/src/crypto/evp/e_aes.c @@ -69,32 +69,29 @@ typedef struct IMPLEMENT_BLOCK_CIPHER(aes_128, ks, AES, EVP_AES_KEY, NID_aes_128, 16, 16, 16, 128, - 0, aes_init_key, NULL, - EVP_CIPHER_set_asn1_iv, - EVP_CIPHER_get_asn1_iv, - NULL) + EVP_CIPH_FLAG_FIPS|EVP_CIPH_FLAG_DEFAULT_ASN1, + aes_init_key, + NULL, NULL, NULL, NULL) IMPLEMENT_BLOCK_CIPHER(aes_192, ks, AES, EVP_AES_KEY, NID_aes_192, 16, 24, 16, 128, - 0, aes_init_key, NULL, - EVP_CIPHER_set_asn1_iv, - EVP_CIPHER_get_asn1_iv, - NULL) + EVP_CIPH_FLAG_FIPS|EVP_CIPH_FLAG_DEFAULT_ASN1, + aes_init_key, + NULL, NULL, NULL, NULL) IMPLEMENT_BLOCK_CIPHER(aes_256, ks, AES, EVP_AES_KEY, NID_aes_256, 16, 32, 16, 128, - 0, aes_init_key, NULL, - EVP_CIPHER_set_asn1_iv, - EVP_CIPHER_get_asn1_iv, - NULL) + EVP_CIPH_FLAG_FIPS|EVP_CIPH_FLAG_DEFAULT_ASN1, + aes_init_key, + NULL, NULL, NULL, NULL) -#define IMPLEMENT_AES_CFBR(ksize,cbits) IMPLEMENT_CFBR(aes,AES,EVP_AES_KEY,ks,ksize,cbits,16) +#define IMPLEMENT_AES_CFBR(ksize,cbits,flags) IMPLEMENT_CFBR(aes,AES,EVP_AES_KEY,ks,ksize,cbits,16,flags) -IMPLEMENT_AES_CFBR(128,1) -IMPLEMENT_AES_CFBR(192,1) -IMPLEMENT_AES_CFBR(256,1) +IMPLEMENT_AES_CFBR(128,1,EVP_CIPH_FLAG_FIPS) +IMPLEMENT_AES_CFBR(192,1,EVP_CIPH_FLAG_FIPS) +IMPLEMENT_AES_CFBR(256,1,EVP_CIPH_FLAG_FIPS) -IMPLEMENT_AES_CFBR(128,8) -IMPLEMENT_AES_CFBR(192,8) -IMPLEMENT_AES_CFBR(256,8) +IMPLEMENT_AES_CFBR(128,8,EVP_CIPH_FLAG_FIPS) +IMPLEMENT_AES_CFBR(192,8,EVP_CIPH_FLAG_FIPS) +IMPLEMENT_AES_CFBR(256,8,EVP_CIPH_FLAG_FIPS) static int aes_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, const unsigned char *iv, int enc) diff --git a/lib/libssl/src/crypto/evp/e_des.c b/lib/libssl/src/crypto/evp/e_des.c index 856323648cd..04376df2324 100644 --- a/lib/libssl/src/crypto/evp/e_des.c +++ b/lib/libssl/src/crypto/evp/e_des.c @@ -129,18 +129,21 @@ static int des_cfb8_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, } BLOCK_CIPHER_defs(des, DES_key_schedule, NID_des, 8, 8, 8, 64, - EVP_CIPH_RAND_KEY, des_init_key, NULL, + EVP_CIPH_RAND_KEY, + des_init_key, NULL, EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv, des_ctrl) BLOCK_CIPHER_def_cfb(des,DES_key_schedule,NID_des,8,8,1, - EVP_CIPH_RAND_KEY, des_init_key,NULL, + EVP_CIPH_RAND_KEY, + des_init_key, NULL, EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv,des_ctrl) BLOCK_CIPHER_def_cfb(des,DES_key_schedule,NID_des,8,8,8, - EVP_CIPH_RAND_KEY,des_init_key,NULL, + EVP_CIPH_RAND_KEY, + des_init_key,NULL, EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv,des_ctrl) diff --git a/lib/libssl/src/crypto/evp/e_des3.c b/lib/libssl/src/crypto/evp/e_des3.c index ac148efab23..f910af19b11 100644 --- a/lib/libssl/src/crypto/evp/e_des3.c +++ b/lib/libssl/src/crypto/evp/e_des3.c @@ -111,8 +111,7 @@ static int des_ede_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, #ifdef KSSL_DEBUG { int i; - char *cp; - printf("des_ede_cbc_cipher(ctx=%lx, buflen=%d)\n", ctx, ctx->buf_len); + printf("des_ede_cbc_cipher(ctx=%lx, buflen=%d)\n", (unsigned long)ctx, ctx->buf_len); printf("\t iv= "); for(i=0;i<8;i++) printf("%02X",ctx->iv[i]); @@ -164,9 +163,9 @@ static int des_ede3_cfb8_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, } BLOCK_CIPHER_defs(des_ede, DES_EDE_KEY, NID_des_ede, 8, 16, 8, 64, - EVP_CIPH_RAND_KEY, des_ede_init_key, NULL, - EVP_CIPHER_set_asn1_iv, - EVP_CIPHER_get_asn1_iv, + EVP_CIPH_RAND_KEY|EVP_CIPH_FLAG_FIPS|EVP_CIPH_FLAG_DEFAULT_ASN1, + des_ede_init_key, + NULL, NULL, NULL, des3_ctrl) #define des_ede3_cfb64_cipher des_ede_cfb64_cipher @@ -175,21 +174,21 @@ BLOCK_CIPHER_defs(des_ede, DES_EDE_KEY, NID_des_ede, 8, 16, 8, 64, #define des_ede3_ecb_cipher des_ede_ecb_cipher BLOCK_CIPHER_defs(des_ede3, DES_EDE_KEY, NID_des_ede3, 8, 24, 8, 64, - EVP_CIPH_RAND_KEY, des_ede3_init_key, NULL, - EVP_CIPHER_set_asn1_iv, - EVP_CIPHER_get_asn1_iv, + EVP_CIPH_RAND_KEY|EVP_CIPH_FLAG_FIPS|EVP_CIPH_FLAG_DEFAULT_ASN1, + des_ede3_init_key, + NULL, NULL, NULL, des3_ctrl) BLOCK_CIPHER_def_cfb(des_ede3,DES_EDE_KEY,NID_des_ede3,24,8,1, - EVP_CIPH_RAND_KEY, des_ede3_init_key,NULL, - EVP_CIPHER_set_asn1_iv, - EVP_CIPHER_get_asn1_iv, + EVP_CIPH_RAND_KEY|EVP_CIPH_FLAG_FIPS|EVP_CIPH_FLAG_DEFAULT_ASN1, + des_ede3_init_key, + NULL, NULL, NULL, des3_ctrl) BLOCK_CIPHER_def_cfb(des_ede3,DES_EDE_KEY,NID_des_ede3,24,8,8, - EVP_CIPH_RAND_KEY, des_ede3_init_key,NULL, - EVP_CIPHER_set_asn1_iv, - EVP_CIPHER_get_asn1_iv, + EVP_CIPH_RAND_KEY|EVP_CIPH_FLAG_FIPS|EVP_CIPH_FLAG_DEFAULT_ASN1, + des_ede3_init_key, + NULL, NULL, NULL, des3_ctrl) static int des_ede_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, @@ -216,7 +215,7 @@ static int des_ede3_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, #ifdef KSSL_DEBUG { int i; - printf("des_ede3_init_key(ctx=%lx)\n", ctx); + printf("des_ede3_init_key(ctx=%lx)\n", (unsigned long)ctx); printf("\tKEY= "); for(i=0;i<24;i++) printf("%02X",key[i]); printf("\n"); printf("\t IV= "); diff --git a/lib/libssl/src/crypto/evp/e_null.c b/lib/libssl/src/crypto/evp/e_null.c index 5205259f18c..0872d733e47 100644 --- a/lib/libssl/src/crypto/evp/e_null.c +++ b/lib/libssl/src/crypto/evp/e_null.c @@ -69,7 +69,7 @@ static const EVP_CIPHER n_cipher= { NID_undef, 1,0,0, - 0, + EVP_CIPH_FLAG_FIPS, null_init_key, null_cipher, NULL, diff --git a/lib/libssl/src/crypto/evp/e_rc4.c b/lib/libssl/src/crypto/evp/e_rc4.c index 67af850bea1..55baad7446d 100644 --- a/lib/libssl/src/crypto/evp/e_rc4.c +++ b/lib/libssl/src/crypto/evp/e_rc4.c @@ -64,6 +64,7 @@ #include <openssl/evp.h> #include <openssl/objects.h> #include <openssl/rc4.h> +#include "evp_locl.h" /* FIXME: surely this is available elsewhere? */ #define EVP_RC4_KEY_SIZE 16 diff --git a/lib/libssl/src/crypto/evp/evp.h b/lib/libssl/src/crypto/evp/evp.h index 1aa2d6fb35b..51011f2b148 100644 --- a/lib/libssl/src/crypto/evp/evp.h +++ b/lib/libssl/src/crypto/evp/evp.h @@ -75,6 +75,10 @@ #include <openssl/bio.h> #endif +#ifdef OPENSSL_FIPS +#include <openssl/fips.h> +#endif + /* #define EVP_RC2_KEY_SIZE 16 #define EVP_RC4_KEY_SIZE 16 @@ -250,9 +254,19 @@ typedef int evp_verify_method(int type,const unsigned char *m, unsigned int m_length,const unsigned char *sigbuf, unsigned int siglen, void *key); +typedef struct + { + EVP_MD_CTX *mctx; + void *key; + } EVP_MD_SVCTX; + #define EVP_MD_FLAG_ONESHOT 0x0001 /* digest can only handle a single * block */ +#define EVP_MD_FLAG_FIPS 0x0400 /* Note if suitable for use in FIPS mode */ + +#define EVP_MD_FLAG_SVCTX 0x0800 /* pass EVP_MD_SVCTX to sign/verify */ + #define EVP_PKEY_NULL_method NULL,NULL,{0,0,0,0} #ifndef OPENSSL_NO_DSA @@ -306,6 +320,15 @@ struct env_md_ctx_st #define EVP_MD_CTX_FLAG_NON_FIPS_ALLOW 0x0008 /* Allow use of non FIPS digest * in FIPS mode */ +#define EVP_MD_CTX_FLAG_PAD_MASK 0xF0 /* RSA mode to use */ +#define EVP_MD_CTX_FLAG_PAD_PKCS1 0x00 /* PKCS#1 v1.5 mode */ +#define EVP_MD_CTX_FLAG_PAD_X931 0x10 /* X9.31 mode */ +#define EVP_MD_CTX_FLAG_PAD_PSS 0x20 /* PSS mode */ +#define M_EVP_MD_CTX_FLAG_PSS_SALT(ctx) \ + ((ctx->flags>>16) &0xFFFF) /* seed length */ +#define EVP_MD_CTX_FLAG_PSS_MDLEN 0xFFFF /* salt len same as digest */ +#define EVP_MD_CTX_FLAG_PSS_MREC 0xFFFE /* salt max or auto recovered */ + struct evp_cipher_st { int nid; @@ -349,6 +372,14 @@ struct evp_cipher_st #define EVP_CIPH_NO_PADDING 0x100 /* cipher handles random key generation */ #define EVP_CIPH_RAND_KEY 0x200 +/* Note if suitable for use in FIPS mode */ +#define EVP_CIPH_FLAG_FIPS 0x400 +/* Allow non FIPS cipher in FIPS mode */ +#define EVP_CIPH_FLAG_NON_FIPS_ALLOW 0x800 +/* Allow use default ASN1 get/set iv */ +#define EVP_CIPH_FLAG_DEFAULT_ASN1 0x1000 +/* Buffer length in bits not bytes: CFB1 mode only */ +#define EVP_CIPH_FLAG_LENGTH_BITS 0x2000 /* ctrl() values */ @@ -432,6 +463,18 @@ typedef int (EVP_PBE_KEYGEN)(EVP_CIPHER_CTX *ctx, const char *pass, int passlen, #define EVP_get_cipherbynid(a) EVP_get_cipherbyname(OBJ_nid2sn(a)) #define EVP_get_cipherbyobj(a) EVP_get_cipherbynid(OBJ_obj2nid(a)) +/* Macros to reduce FIPS dependencies: do NOT use in applications */ +#define M_EVP_MD_size(e) ((e)->md_size) +#define M_EVP_MD_block_size(e) ((e)->block_size) +#define M_EVP_MD_CTX_set_flags(ctx,flgs) ((ctx)->flags|=(flgs)) +#define M_EVP_MD_CTX_clear_flags(ctx,flgs) ((ctx)->flags&=~(flgs)) +#define M_EVP_MD_CTX_test_flags(ctx,flgs) ((ctx)->flags&(flgs)) +#define M_EVP_MD_type(e) ((e)->type) +#define M_EVP_MD_CTX_type(e) M_EVP_MD_type(M_EVP_MD_CTX_md(e)) +#define M_EVP_MD_CTX_md(e) ((e)->digest) + +#define M_EVP_CIPHER_CTX_set_flags(ctx,flgs) ((ctx)->flags|=(flgs)) + int EVP_MD_type(const EVP_MD *md); #define EVP_MD_nid(e) EVP_MD_type(e) #define EVP_MD_name(e) OBJ_nid2sn(EVP_MD_nid(e)) @@ -527,6 +570,10 @@ int EVP_BytesToKey(const EVP_CIPHER *type,const EVP_MD *md, const unsigned char *salt, const unsigned char *data, int datal, int count, unsigned char *key,unsigned char *iv); +void EVP_CIPHER_CTX_set_flags(EVP_CIPHER_CTX *ctx, int flags); +void EVP_CIPHER_CTX_clear_flags(EVP_CIPHER_CTX *ctx, int flags); +int EVP_CIPHER_CTX_test_flags(const EVP_CIPHER_CTX *ctx,int flags); + int EVP_EncryptInit(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *cipher, const unsigned char *key, const unsigned char *iv); int EVP_EncryptInit_ex(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *cipher, ENGINE *impl, @@ -885,6 +932,24 @@ int EVP_PBE_alg_add(int nid, const EVP_CIPHER *cipher, const EVP_MD *md, EVP_PBE_KEYGEN *keygen); void EVP_PBE_cleanup(void); +#ifdef OPENSSL_FIPS +#ifndef OPENSSL_NO_ENGINE +void int_EVP_MD_set_engine_callbacks( + int (*eng_md_init)(ENGINE *impl), + int (*eng_md_fin)(ENGINE *impl), + int (*eng_md_evp) + (EVP_MD_CTX *ctx, const EVP_MD **ptype, ENGINE *impl)); +void int_EVP_MD_init_engine_callbacks(void); +void int_EVP_CIPHER_set_engine_callbacks( + int (*eng_ciph_fin)(ENGINE *impl), + int (*eng_ciph_evp) + (EVP_CIPHER_CTX *ctx, const EVP_CIPHER **pciph, ENGINE *impl)); +void int_EVP_CIPHER_init_engine_callbacks(void); +#endif +#endif + +void EVP_add_alg_module(void); + /* BEGIN ERROR CODES */ /* The following lines are auto generated by the script mkerr.pl. Any changes * made after this point may be overwritten when the script is next run. @@ -895,16 +960,23 @@ void ERR_load_EVP_strings(void); /* Function codes. */ #define EVP_F_AES_INIT_KEY 133 +#define EVP_F_ALG_MODULE_INIT 138 #define EVP_F_CAMELLIA_INIT_KEY 159 #define EVP_F_D2I_PKEY 100 +#define EVP_F_DO_EVP_ENC_ENGINE 140 +#define EVP_F_DO_EVP_ENC_ENGINE_FULL 141 +#define EVP_F_DO_EVP_MD_ENGINE 139 +#define EVP_F_DO_EVP_MD_ENGINE_FULL 142 #define EVP_F_DSAPKEY2PKCS8 134 #define EVP_F_DSA_PKEY2PKCS8 135 #define EVP_F_ECDSA_PKEY2PKCS8 129 #define EVP_F_ECKEY_PKEY2PKCS8 132 +#define EVP_F_EVP_CIPHERINIT 137 #define EVP_F_EVP_CIPHERINIT_EX 123 #define EVP_F_EVP_CIPHER_CTX_CTRL 124 #define EVP_F_EVP_CIPHER_CTX_SET_KEY_LENGTH 122 #define EVP_F_EVP_DECRYPTFINAL_EX 101 +#define EVP_F_EVP_DIGESTINIT 136 #define EVP_F_EVP_DIGESTINIT_EX 128 #define EVP_F_EVP_ENCRYPTFINAL_EX 127 #define EVP_F_EVP_MD_CTX_COPY_EX 110 @@ -946,15 +1018,20 @@ void ERR_load_EVP_strings(void); #define EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH 138 #define EVP_R_DECODE_ERROR 114 #define EVP_R_DIFFERENT_KEY_TYPES 101 +#define EVP_R_DISABLED_FOR_FIPS 144 #define EVP_R_ENCODE_ERROR 115 +#define EVP_R_ERROR_LOADING_SECTION 145 +#define EVP_R_ERROR_SETTING_FIPS_MODE 146 #define EVP_R_EVP_PBE_CIPHERINIT_ERROR 119 #define EVP_R_EXPECTING_AN_RSA_KEY 127 #define EVP_R_EXPECTING_A_DH_KEY 128 #define EVP_R_EXPECTING_A_DSA_KEY 129 #define EVP_R_EXPECTING_A_ECDSA_KEY 141 #define EVP_R_EXPECTING_A_EC_KEY 142 +#define EVP_R_FIPS_MODE_NOT_SUPPORTED 147 #define EVP_R_INITIALIZATION_ERROR 134 #define EVP_R_INPUT_NOT_INITIALIZED 111 +#define EVP_R_INVALID_FIPS_MODE 148 #define EVP_R_INVALID_KEY_LENGTH 130 #define EVP_R_IV_TOO_LARGE 102 #define EVP_R_KEYGEN_FAILURE 120 @@ -966,6 +1043,7 @@ void ERR_load_EVP_strings(void); #define EVP_R_NO_VERIFY_FUNCTION_CONFIGURED 105 #define EVP_R_PKCS8_UNKNOWN_BROKEN_TYPE 117 #define EVP_R_PUBLIC_KEY_NOT_RSA 106 +#define EVP_R_UNKNOWN_OPTION 149 #define EVP_R_UNKNOWN_PBE_ALGORITHM 121 #define EVP_R_UNSUPORTED_NUMBER_OF_ROUNDS 135 #define EVP_R_UNSUPPORTED_CIPHER 107 diff --git a/lib/libssl/src/crypto/evp/evp_acnf.c b/lib/libssl/src/crypto/evp/evp_acnf.c index ff3e311cc52..643a1864e83 100644 --- a/lib/libssl/src/crypto/evp/evp_acnf.c +++ b/lib/libssl/src/crypto/evp/evp_acnf.c @@ -1,5 +1,5 @@ /* evp_acnf.c */ -/* Written by Stephen Henson (shenson@bigfoot.com) for the OpenSSL +/* Written by Stephen Henson (steve@openssl.org) for the OpenSSL * project 2001. */ /* ==================================================================== diff --git a/lib/libssl/src/crypto/evp/evp_enc.c b/lib/libssl/src/crypto/evp/evp_enc.c index 6e582c458de..30e0ca4d9fa 100644 --- a/lib/libssl/src/crypto/evp/evp_enc.c +++ b/lib/libssl/src/crypto/evp/evp_enc.c @@ -66,13 +66,15 @@ #endif #include "evp_locl.h" -const char EVP_version[]="EVP" OPENSSL_VERSION_PTEXT; +#ifdef OPENSSL_FIPS + #define M_do_cipher(ctx, out, in, inl) \ + EVP_Cipher(ctx,out,in,inl) +#else + #define M_do_cipher(ctx, out, in, inl) \ + ctx->cipher->do_cipher(ctx,out,in,inl) +#endif -void EVP_CIPHER_CTX_init(EVP_CIPHER_CTX *ctx) - { - memset(ctx,0,sizeof(EVP_CIPHER_CTX)); - /* ctx->cipher=NULL; */ - } +const char EVP_version[]="EVP" OPENSSL_VERSION_PTEXT; EVP_CIPHER_CTX *EVP_CIPHER_CTX_new(void) { @@ -90,144 +92,6 @@ int EVP_CipherInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, return EVP_CipherInit_ex(ctx,cipher,NULL,key,iv,enc); } -int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *impl, - const unsigned char *key, const unsigned char *iv, int enc) - { - if (enc == -1) - enc = ctx->encrypt; - else - { - if (enc) - enc = 1; - ctx->encrypt = enc; - } -#ifndef OPENSSL_NO_ENGINE - /* Whether it's nice or not, "Inits" can be used on "Final"'d contexts - * so this context may already have an ENGINE! Try to avoid releasing - * the previous handle, re-querying for an ENGINE, and having a - * reinitialisation, when it may all be unecessary. */ - if (ctx->engine && ctx->cipher && (!cipher || - (cipher && (cipher->nid == ctx->cipher->nid)))) - goto skip_to_init; -#endif - if (cipher) - { - /* Ensure a context left lying around from last time is cleared - * (the previous check attempted to avoid this if the same - * ENGINE and EVP_CIPHER could be used). */ - EVP_CIPHER_CTX_cleanup(ctx); - - /* Restore encrypt field: it is zeroed by cleanup */ - ctx->encrypt = enc; -#ifndef OPENSSL_NO_ENGINE - if(impl) - { - if (!ENGINE_init(impl)) - { - EVPerr(EVP_F_EVP_CIPHERINIT_EX, EVP_R_INITIALIZATION_ERROR); - return 0; - } - } - else - /* Ask if an ENGINE is reserved for this job */ - impl = ENGINE_get_cipher_engine(cipher->nid); - if(impl) - { - /* There's an ENGINE for this job ... (apparently) */ - const EVP_CIPHER *c = ENGINE_get_cipher(impl, cipher->nid); - if(!c) - { - /* One positive side-effect of US's export - * control history, is that we should at least - * be able to avoid using US mispellings of - * "initialisation"? */ - EVPerr(EVP_F_EVP_CIPHERINIT_EX, EVP_R_INITIALIZATION_ERROR); - return 0; - } - /* We'll use the ENGINE's private cipher definition */ - cipher = c; - /* Store the ENGINE functional reference so we know - * 'cipher' came from an ENGINE and we need to release - * it when done. */ - ctx->engine = impl; - } - else - ctx->engine = NULL; -#endif - - ctx->cipher=cipher; - if (ctx->cipher->ctx_size) - { - ctx->cipher_data=OPENSSL_malloc(ctx->cipher->ctx_size); - if (!ctx->cipher_data) - { - EVPerr(EVP_F_EVP_CIPHERINIT_EX, ERR_R_MALLOC_FAILURE); - return 0; - } - } - else - { - ctx->cipher_data = NULL; - } - ctx->key_len = cipher->key_len; - ctx->flags = 0; - if(ctx->cipher->flags & EVP_CIPH_CTRL_INIT) - { - if(!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_INIT, 0, NULL)) - { - EVPerr(EVP_F_EVP_CIPHERINIT_EX, EVP_R_INITIALIZATION_ERROR); - return 0; - } - } - } - else if(!ctx->cipher) - { - EVPerr(EVP_F_EVP_CIPHERINIT_EX, EVP_R_NO_CIPHER_SET); - return 0; - } -#ifndef OPENSSL_NO_ENGINE -skip_to_init: -#endif - /* we assume block size is a power of 2 in *cryptUpdate */ - OPENSSL_assert(ctx->cipher->block_size == 1 - || ctx->cipher->block_size == 8 - || ctx->cipher->block_size == 16); - - if(!(EVP_CIPHER_CTX_flags(ctx) & EVP_CIPH_CUSTOM_IV)) { - switch(EVP_CIPHER_CTX_mode(ctx)) { - - case EVP_CIPH_STREAM_CIPHER: - case EVP_CIPH_ECB_MODE: - break; - - case EVP_CIPH_CFB_MODE: - case EVP_CIPH_OFB_MODE: - - ctx->num = 0; - - case EVP_CIPH_CBC_MODE: - - OPENSSL_assert(EVP_CIPHER_CTX_iv_length(ctx) <= - (int)sizeof(ctx->iv)); - if(iv) memcpy(ctx->oiv, iv, EVP_CIPHER_CTX_iv_length(ctx)); - memcpy(ctx->iv, ctx->oiv, EVP_CIPHER_CTX_iv_length(ctx)); - break; - - default: - return 0; - break; - } - } - - if(key || (ctx->cipher->flags & EVP_CIPH_ALWAYS_CALL_INIT)) { - if(!ctx->cipher->init(ctx,key,iv,enc)) return 0; - } - ctx->buf_len=0; - ctx->final_used=0; - ctx->block_mask=ctx->cipher->block_size-1; - return 1; - } - int EVP_CipherUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl, const unsigned char *in, int inl) { @@ -287,7 +151,7 @@ int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl, if(ctx->buf_len == 0 && (inl&(ctx->block_mask)) == 0) { - if(ctx->cipher->do_cipher(ctx,out,in,inl)) + if(M_do_cipher(ctx,out,in,inl)) { *outl=inl; return 1; @@ -314,7 +178,7 @@ int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl, { j=bl-i; memcpy(&(ctx->buf[i]),in,j); - if(!ctx->cipher->do_cipher(ctx,out,ctx->buf,bl)) return 0; + if(!M_do_cipher(ctx,out,ctx->buf,bl)) return 0; inl-=j; in+=j; out+=bl; @@ -327,7 +191,7 @@ int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl, inl-=i; if (inl > 0) { - if(!ctx->cipher->do_cipher(ctx,out,in,inl)) return 0; + if(!M_do_cipher(ctx,out,in,inl)) return 0; *outl+=inl; } @@ -371,7 +235,7 @@ int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) n=b-bl; for (i=bl; i<b; i++) ctx->buf[i]=n; - ret=ctx->cipher->do_cipher(ctx,out,ctx->buf,b); + ret=M_do_cipher(ctx,out,ctx->buf,b); if(ret) @@ -493,28 +357,6 @@ void EVP_CIPHER_CTX_free(EVP_CIPHER_CTX *ctx) } } -int EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *c) - { - if (c->cipher != NULL) - { - if(c->cipher->cleanup && !c->cipher->cleanup(c)) - return 0; - /* Cleanse cipher context data */ - if (c->cipher_data) - OPENSSL_cleanse(c->cipher_data, c->cipher->ctx_size); - } - if (c->cipher_data) - OPENSSL_free(c->cipher_data); -#ifndef OPENSSL_NO_ENGINE - if (c->engine) - /* The EVP_CIPHER we used belongs to an ENGINE, release the - * functional reference we held for this reason. */ - ENGINE_finish(c->engine); -#endif - memset(c,0,sizeof(EVP_CIPHER_CTX)); - return 1; - } - int EVP_CIPHER_CTX_set_key_length(EVP_CIPHER_CTX *c, int keylen) { if(c->cipher->flags & EVP_CIPH_CUSTOM_KEY_LENGTH) @@ -536,27 +378,6 @@ int EVP_CIPHER_CTX_set_padding(EVP_CIPHER_CTX *ctx, int pad) return 1; } -int EVP_CIPHER_CTX_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr) -{ - int ret; - if(!ctx->cipher) { - EVPerr(EVP_F_EVP_CIPHER_CTX_CTRL, EVP_R_NO_CIPHER_SET); - return 0; - } - - if(!ctx->cipher->ctrl) { - EVPerr(EVP_F_EVP_CIPHER_CTX_CTRL, EVP_R_CTRL_NOT_IMPLEMENTED); - return 0; - } - - ret = ctx->cipher->ctrl(ctx, type, arg, ptr); - if(ret == -1) { - EVPerr(EVP_F_EVP_CIPHER_CTX_CTRL, EVP_R_CTRL_OPERATION_NOT_IMPLEMENTED); - return 0; - } - return ret; -} - int EVP_CIPHER_CTX_rand_key(EVP_CIPHER_CTX *ctx, unsigned char *key) { if (ctx->cipher->flags & EVP_CIPH_RAND_KEY) @@ -566,3 +387,54 @@ int EVP_CIPHER_CTX_rand_key(EVP_CIPHER_CTX *ctx, unsigned char *key) return 1; } +#ifndef OPENSSL_NO_ENGINE + +#ifdef OPENSSL_FIPS + +static int do_evp_enc_engine_full(EVP_CIPHER_CTX *ctx, const EVP_CIPHER **pcipher, ENGINE *impl) + { + if(impl) + { + if (!ENGINE_init(impl)) + { + EVPerr(EVP_F_DO_EVP_ENC_ENGINE_FULL, EVP_R_INITIALIZATION_ERROR); + return 0; + } + } + else + /* Ask if an ENGINE is reserved for this job */ + impl = ENGINE_get_cipher_engine((*pcipher)->nid); + if(impl) + { + /* There's an ENGINE for this job ... (apparently) */ + const EVP_CIPHER *c = ENGINE_get_cipher(impl, (*pcipher)->nid); + if(!c) + { + /* One positive side-effect of US's export + * control history, is that we should at least + * be able to avoid using US mispellings of + * "initialisation"? */ + EVPerr(EVP_F_DO_EVP_ENC_ENGINE_FULL, EVP_R_INITIALIZATION_ERROR); + return 0; + } + /* We'll use the ENGINE's private cipher definition */ + *pcipher = c; + /* Store the ENGINE functional reference so we know + * 'cipher' came from an ENGINE and we need to release + * it when done. */ + ctx->engine = impl; + } + else + ctx->engine = NULL; + return 1; + } + +void int_EVP_CIPHER_init_engine_callbacks(void) + { + int_EVP_CIPHER_set_engine_callbacks( + ENGINE_finish, do_evp_enc_engine_full); + } + +#endif + +#endif diff --git a/lib/libssl/src/crypto/evp/evp_err.c b/lib/libssl/src/crypto/evp/evp_err.c index e8c9e8de9ca..b5b900d4fe4 100644 --- a/lib/libssl/src/crypto/evp/evp_err.c +++ b/lib/libssl/src/crypto/evp/evp_err.c @@ -1,6 +1,6 @@ /* crypto/evp/evp_err.c */ /* ==================================================================== - * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved. + * Copyright (c) 1999-2007 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -71,16 +71,23 @@ static ERR_STRING_DATA EVP_str_functs[]= { {ERR_FUNC(EVP_F_AES_INIT_KEY), "AES_INIT_KEY"}, +{ERR_FUNC(EVP_F_ALG_MODULE_INIT), "ALG_MODULE_INIT"}, {ERR_FUNC(EVP_F_CAMELLIA_INIT_KEY), "CAMELLIA_INIT_KEY"}, {ERR_FUNC(EVP_F_D2I_PKEY), "D2I_PKEY"}, +{ERR_FUNC(EVP_F_DO_EVP_ENC_ENGINE), "DO_EVP_ENC_ENGINE"}, +{ERR_FUNC(EVP_F_DO_EVP_ENC_ENGINE_FULL), "DO_EVP_ENC_ENGINE_FULL"}, +{ERR_FUNC(EVP_F_DO_EVP_MD_ENGINE), "DO_EVP_MD_ENGINE"}, +{ERR_FUNC(EVP_F_DO_EVP_MD_ENGINE_FULL), "DO_EVP_MD_ENGINE_FULL"}, {ERR_FUNC(EVP_F_DSAPKEY2PKCS8), "DSAPKEY2PKCS8"}, {ERR_FUNC(EVP_F_DSA_PKEY2PKCS8), "DSA_PKEY2PKCS8"}, {ERR_FUNC(EVP_F_ECDSA_PKEY2PKCS8), "ECDSA_PKEY2PKCS8"}, {ERR_FUNC(EVP_F_ECKEY_PKEY2PKCS8), "ECKEY_PKEY2PKCS8"}, +{ERR_FUNC(EVP_F_EVP_CIPHERINIT), "EVP_CipherInit"}, {ERR_FUNC(EVP_F_EVP_CIPHERINIT_EX), "EVP_CipherInit_ex"}, {ERR_FUNC(EVP_F_EVP_CIPHER_CTX_CTRL), "EVP_CIPHER_CTX_ctrl"}, {ERR_FUNC(EVP_F_EVP_CIPHER_CTX_SET_KEY_LENGTH), "EVP_CIPHER_CTX_set_key_length"}, {ERR_FUNC(EVP_F_EVP_DECRYPTFINAL_EX), "EVP_DecryptFinal_ex"}, +{ERR_FUNC(EVP_F_EVP_DIGESTINIT), "EVP_DigestInit"}, {ERR_FUNC(EVP_F_EVP_DIGESTINIT_EX), "EVP_DigestInit_ex"}, {ERR_FUNC(EVP_F_EVP_ENCRYPTFINAL_EX), "EVP_EncryptFinal_ex"}, {ERR_FUNC(EVP_F_EVP_MD_CTX_COPY_EX), "EVP_MD_CTX_copy_ex"}, @@ -125,15 +132,20 @@ static ERR_STRING_DATA EVP_str_reasons[]= {ERR_REASON(EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH),"data not multiple of block length"}, {ERR_REASON(EVP_R_DECODE_ERROR) ,"decode error"}, {ERR_REASON(EVP_R_DIFFERENT_KEY_TYPES) ,"different key types"}, +{ERR_REASON(EVP_R_DISABLED_FOR_FIPS) ,"disabled for fips"}, {ERR_REASON(EVP_R_ENCODE_ERROR) ,"encode error"}, +{ERR_REASON(EVP_R_ERROR_LOADING_SECTION) ,"error loading section"}, +{ERR_REASON(EVP_R_ERROR_SETTING_FIPS_MODE),"error setting fips mode"}, {ERR_REASON(EVP_R_EVP_PBE_CIPHERINIT_ERROR),"evp pbe cipherinit error"}, {ERR_REASON(EVP_R_EXPECTING_AN_RSA_KEY) ,"expecting an rsa key"}, {ERR_REASON(EVP_R_EXPECTING_A_DH_KEY) ,"expecting a dh key"}, {ERR_REASON(EVP_R_EXPECTING_A_DSA_KEY) ,"expecting a dsa key"}, {ERR_REASON(EVP_R_EXPECTING_A_ECDSA_KEY) ,"expecting a ecdsa key"}, {ERR_REASON(EVP_R_EXPECTING_A_EC_KEY) ,"expecting a ec key"}, +{ERR_REASON(EVP_R_FIPS_MODE_NOT_SUPPORTED),"fips mode not supported"}, {ERR_REASON(EVP_R_INITIALIZATION_ERROR) ,"initialization error"}, {ERR_REASON(EVP_R_INPUT_NOT_INITIALIZED) ,"input not initialized"}, +{ERR_REASON(EVP_R_INVALID_FIPS_MODE) ,"invalid fips mode"}, {ERR_REASON(EVP_R_INVALID_KEY_LENGTH) ,"invalid key length"}, {ERR_REASON(EVP_R_IV_TOO_LARGE) ,"iv too large"}, {ERR_REASON(EVP_R_KEYGEN_FAILURE) ,"keygen failure"}, @@ -145,6 +157,8 @@ static ERR_STRING_DATA EVP_str_reasons[]= {ERR_REASON(EVP_R_NO_VERIFY_FUNCTION_CONFIGURED),"no verify function configured"}, {ERR_REASON(EVP_R_PKCS8_UNKNOWN_BROKEN_TYPE),"pkcs8 unknown broken type"}, {ERR_REASON(EVP_R_PUBLIC_KEY_NOT_RSA) ,"public key not rsa"}, +{ERR_REASON(EVP_R_SEED_KEY_SETUP_FAILED) ,"seed key setup failed"}, +{ERR_REASON(EVP_R_UNKNOWN_OPTION) ,"unknown option"}, {ERR_REASON(EVP_R_UNKNOWN_PBE_ALGORITHM) ,"unknown pbe algorithm"}, {ERR_REASON(EVP_R_UNSUPORTED_NUMBER_OF_ROUNDS),"unsuported number of rounds"}, {ERR_REASON(EVP_R_UNSUPPORTED_CIPHER) ,"unsupported cipher"}, diff --git a/lib/libssl/src/crypto/evp/evp_lib.c b/lib/libssl/src/crypto/evp/evp_lib.c index edb28ef38ed..174cf6c5942 100644 --- a/lib/libssl/src/crypto/evp/evp_lib.c +++ b/lib/libssl/src/crypto/evp/evp_lib.c @@ -67,6 +67,8 @@ int EVP_CIPHER_param_to_asn1(EVP_CIPHER_CTX *c, ASN1_TYPE *type) if (c->cipher->set_asn1_parameters != NULL) ret=c->cipher->set_asn1_parameters(c,type); + else if (c->cipher->flags & EVP_CIPH_FLAG_DEFAULT_ASN1) + ret=EVP_CIPHER_set_asn1_iv(c, type); else ret=-1; return(ret); @@ -78,6 +80,8 @@ int EVP_CIPHER_asn1_to_param(EVP_CIPHER_CTX *c, ASN1_TYPE *type) if (c->cipher->get_asn1_parameters != NULL) ret=c->cipher->get_asn1_parameters(c,type); + else if (c->cipher->flags & EVP_CIPH_FLAG_DEFAULT_ASN1) + ret=EVP_CIPHER_get_asn1_iv(c, type); else ret=-1; return(ret); @@ -178,11 +182,6 @@ int EVP_CIPHER_CTX_block_size(const EVP_CIPHER_CTX *ctx) return ctx->cipher->block_size; } -int EVP_Cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, unsigned int inl) - { - return ctx->cipher->do_cipher(ctx,out,in,inl); - } - const EVP_CIPHER *EVP_CIPHER_CTX_cipher(const EVP_CIPHER_CTX *ctx) { return ctx->cipher; @@ -193,11 +192,6 @@ unsigned long EVP_CIPHER_flags(const EVP_CIPHER *cipher) return cipher->flags; } -unsigned long EVP_CIPHER_CTX_flags(const EVP_CIPHER_CTX *ctx) - { - return ctx->cipher->flags; - } - void *EVP_CIPHER_CTX_get_app_data(const EVP_CIPHER_CTX *ctx) { return ctx->app_data; @@ -213,11 +207,6 @@ int EVP_CIPHER_iv_length(const EVP_CIPHER *cipher) return cipher->iv_len; } -int EVP_CIPHER_CTX_iv_length(const EVP_CIPHER_CTX *ctx) - { - return ctx->cipher->iv_len; - } - int EVP_CIPHER_key_length(const EVP_CIPHER *cipher) { return cipher->key_len; @@ -228,11 +217,6 @@ int EVP_CIPHER_CTX_key_length(const EVP_CIPHER_CTX *ctx) return ctx->key_len; } -int EVP_CIPHER_nid(const EVP_CIPHER *cipher) - { - return cipher->nid; - } - int EVP_CIPHER_CTX_nid(const EVP_CIPHER_CTX *ctx) { return ctx->cipher->nid; @@ -277,3 +261,18 @@ int EVP_MD_CTX_test_flags(const EVP_MD_CTX *ctx, int flags) { return (ctx->flags & flags); } + +void EVP_CIPHER_CTX_set_flags(EVP_CIPHER_CTX *ctx, int flags) + { + ctx->flags |= flags; + } + +void EVP_CIPHER_CTX_clear_flags(EVP_CIPHER_CTX *ctx, int flags) + { + ctx->flags &= ~flags; + } + +int EVP_CIPHER_CTX_test_flags(const EVP_CIPHER_CTX *ctx, int flags) + { + return (ctx->flags & flags); + } diff --git a/lib/libssl/src/crypto/evp/evp_locl.h b/lib/libssl/src/crypto/evp/evp_locl.h index 073b0adcffe..eabcc96f30d 100644 --- a/lib/libssl/src/crypto/evp/evp_locl.h +++ b/lib/libssl/src/crypto/evp/evp_locl.h @@ -1,5 +1,5 @@ /* evp_locl.h */ -/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2000. */ /* ==================================================================== @@ -92,7 +92,7 @@ static int cname##_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const uns #define BLOCK_CIPHER_func_cfb(cname, cprefix, cbits, kstruct, ksched) \ static int cname##_cfb##cbits##_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, unsigned int inl) \ {\ - cprefix##_cfb##cbits##_encrypt(in, out, (long)(cbits==1?inl*8:inl), &((kstruct *)ctx->cipher_data)->ksched, ctx->iv, &ctx->num, ctx->encrypt);\ + cprefix##_cfb##cbits##_encrypt(in, out, (long)((cbits==1) && !(ctx->flags & EVP_CIPH_FLAG_LENGTH_BITS) ?inl*8:inl), &((kstruct *)ctx->cipher_data)->ksched, ctx->iv, &ctx->num, ctx->encrypt);\ return 1;\ } @@ -226,11 +226,27 @@ const EVP_CIPHER *EVP_##cname##_ecb(void) { return &cname##_ecb; } #define EVP_C_DATA(kstruct, ctx) ((kstruct *)(ctx)->cipher_data) -#define IMPLEMENT_CFBR(cipher,cprefix,kstruct,ksched,keysize,cbits,iv_len) \ +#define IMPLEMENT_CFBR(cipher,cprefix,kstruct,ksched,keysize,cbits,iv_len,fl) \ BLOCK_CIPHER_func_cfb(cipher##_##keysize,cprefix,cbits,kstruct,ksched) \ BLOCK_CIPHER_def_cfb(cipher##_##keysize,kstruct, \ NID_##cipher##_##keysize, keysize/8, iv_len, cbits, \ - 0, cipher##_init_key, NULL, \ - EVP_CIPHER_set_asn1_iv, \ - EVP_CIPHER_get_asn1_iv, \ - NULL) + (fl)|EVP_CIPH_FLAG_DEFAULT_ASN1, \ + cipher##_init_key, NULL, NULL, NULL, NULL) + +#ifdef OPENSSL_FIPS +#define RC2_set_key private_RC2_set_key +#define RC4_set_key private_RC4_set_key +#define CAST_set_key private_CAST_set_key +#define RC5_32_set_key private_RC5_32_set_key +#define BF_set_key private_BF_set_key +#define Camellia_set_key private_Camellia_set_key +#define idea_set_encrypt_key private_idea_set_encrypt_key + +#define MD5_Init private_MD5_Init +#define MD4_Init private_MD4_Init +#define MD2_Init private_MD2_Init +#define MDC2_Init private_MDC2_Init +#define SHA_Init private_SHA_Init + +#endif + diff --git a/lib/libssl/src/crypto/evp/evp_pbe.c b/lib/libssl/src/crypto/evp/evp_pbe.c index c26d2de0f38..5e830be65ff 100644 --- a/lib/libssl/src/crypto/evp/evp_pbe.c +++ b/lib/libssl/src/crypto/evp/evp_pbe.c @@ -1,5 +1,5 @@ /* evp_pbe.c */ -/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 1999. */ /* ==================================================================== diff --git a/lib/libssl/src/crypto/evp/evp_pkey.c b/lib/libssl/src/crypto/evp/evp_pkey.c index 0147f3e02a6..10d9e9e772b 100644 --- a/lib/libssl/src/crypto/evp/evp_pkey.c +++ b/lib/libssl/src/crypto/evp/evp_pkey.c @@ -1,5 +1,5 @@ /* evp_pkey.c */ -/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 1999. */ /* ==================================================================== diff --git a/lib/libssl/src/crypto/evp/m_dss.c b/lib/libssl/src/crypto/evp/m_dss.c index a948c77fa49..6b0c0aa7a3f 100644 --- a/lib/libssl/src/crypto/evp/m_dss.c +++ b/lib/libssl/src/crypto/evp/m_dss.c @@ -81,7 +81,7 @@ static const EVP_MD dsa_md= NID_dsaWithSHA, NID_dsaWithSHA, SHA_DIGEST_LENGTH, - 0, + EVP_MD_FLAG_FIPS, init, update, final, diff --git a/lib/libssl/src/crypto/evp/m_dss1.c b/lib/libssl/src/crypto/evp/m_dss1.c index c12e13972b5..da8babc147d 100644 --- a/lib/libssl/src/crypto/evp/m_dss1.c +++ b/lib/libssl/src/crypto/evp/m_dss1.c @@ -68,6 +68,8 @@ #include <openssl/dsa.h> #endif +#ifndef OPENSSL_FIPS + static int init(EVP_MD_CTX *ctx) { return SHA1_Init(ctx->md_data); } @@ -98,3 +100,4 @@ const EVP_MD *EVP_dss1(void) return(&dss1_md); } #endif +#endif diff --git a/lib/libssl/src/crypto/evp/m_md2.c b/lib/libssl/src/crypto/evp/m_md2.c index 5ce849f161d..8eee6236ba2 100644 --- a/lib/libssl/src/crypto/evp/m_md2.c +++ b/lib/libssl/src/crypto/evp/m_md2.c @@ -58,6 +58,7 @@ #include <stdio.h> #include "cryptlib.h" +#include "evp_locl.h" #ifndef OPENSSL_NO_MD2 diff --git a/lib/libssl/src/crypto/evp/m_md4.c b/lib/libssl/src/crypto/evp/m_md4.c index 1e0b7c5b424..5cd2ab5adee 100644 --- a/lib/libssl/src/crypto/evp/m_md4.c +++ b/lib/libssl/src/crypto/evp/m_md4.c @@ -58,6 +58,7 @@ #include <stdio.h> #include "cryptlib.h" +#include "evp_locl.h" #ifndef OPENSSL_NO_MD4 diff --git a/lib/libssl/src/crypto/evp/m_md5.c b/lib/libssl/src/crypto/evp/m_md5.c index 63c142119eb..6455829671e 100644 --- a/lib/libssl/src/crypto/evp/m_md5.c +++ b/lib/libssl/src/crypto/evp/m_md5.c @@ -62,6 +62,7 @@ #ifndef OPENSSL_NO_MD5 #include <openssl/evp.h> +#include "evp_locl.h" #include <openssl/objects.h> #include <openssl/x509.h> #include <openssl/md5.h> diff --git a/lib/libssl/src/crypto/evp/m_mdc2.c b/lib/libssl/src/crypto/evp/m_mdc2.c index 36c4e9b1343..9f9bcf06ed2 100644 --- a/lib/libssl/src/crypto/evp/m_mdc2.c +++ b/lib/libssl/src/crypto/evp/m_mdc2.c @@ -58,6 +58,7 @@ #include <stdio.h> #include "cryptlib.h" +#include "evp_locl.h" #ifndef OPENSSL_NO_MDC2 diff --git a/lib/libssl/src/crypto/evp/m_sha.c b/lib/libssl/src/crypto/evp/m_sha.c index acccc8f92d8..3f30dfc579c 100644 --- a/lib/libssl/src/crypto/evp/m_sha.c +++ b/lib/libssl/src/crypto/evp/m_sha.c @@ -58,6 +58,7 @@ #include <stdio.h> #include "cryptlib.h" +#include "evp_locl.h" #if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA0) diff --git a/lib/libssl/src/crypto/evp/m_sha1.c b/lib/libssl/src/crypto/evp/m_sha1.c index 4679b1c4638..471ec30be01 100644 --- a/lib/libssl/src/crypto/evp/m_sha1.c +++ b/lib/libssl/src/crypto/evp/m_sha1.c @@ -68,6 +68,8 @@ #include <openssl/rsa.h> #endif +#ifndef OPENSSL_FIPS + static int init(EVP_MD_CTX *ctx) { return SHA1_Init(ctx->md_data); } @@ -97,7 +99,6 @@ const EVP_MD *EVP_sha1(void) { return(&sha1_md); } -#endif #ifndef OPENSSL_NO_SHA256 static int init224(EVP_MD_CTX *ctx) @@ -202,3 +203,7 @@ static const EVP_MD sha512_md= const EVP_MD *EVP_sha512(void) { return(&sha512_md); } #endif /* ifndef OPENSSL_NO_SHA512 */ + +#endif + +#endif diff --git a/lib/libssl/src/crypto/evp/names.c b/lib/libssl/src/crypto/evp/names.c index 88c1e780dd7..e2e04c3570f 100644 --- a/lib/libssl/src/crypto/evp/names.c +++ b/lib/libssl/src/crypto/evp/names.c @@ -66,6 +66,10 @@ int EVP_add_cipher(const EVP_CIPHER *c) { int r; +#ifdef OPENSSL_FIPS + OPENSSL_init(); +#endif + r=OBJ_NAME_add(OBJ_nid2sn(c->nid),OBJ_NAME_TYPE_CIPHER_METH,(const char *)c); if (r == 0) return(0); r=OBJ_NAME_add(OBJ_nid2ln(c->nid),OBJ_NAME_TYPE_CIPHER_METH,(const char *)c); @@ -77,6 +81,9 @@ int EVP_add_digest(const EVP_MD *md) int r; const char *name; +#ifdef OPENSSL_FIPS + OPENSSL_init(); +#endif name=OBJ_nid2sn(md->type); r=OBJ_NAME_add(name,OBJ_NAME_TYPE_MD_METH,(const char *)md); if (r == 0) return(0); diff --git a/lib/libssl/src/crypto/evp/p5_crpt.c b/lib/libssl/src/crypto/evp/p5_crpt.c index 48d50014a04..2a265fdee27 100644 --- a/lib/libssl/src/crypto/evp/p5_crpt.c +++ b/lib/libssl/src/crypto/evp/p5_crpt.c @@ -1,5 +1,5 @@ /* p5_crpt.c */ -/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 1999. */ /* ==================================================================== diff --git a/lib/libssl/src/crypto/evp/p5_crpt2.c b/lib/libssl/src/crypto/evp/p5_crpt2.c index c969d5a2062..6bec77baf96 100644 --- a/lib/libssl/src/crypto/evp/p5_crpt2.c +++ b/lib/libssl/src/crypto/evp/p5_crpt2.c @@ -1,5 +1,5 @@ /* p5_crpt2.c */ -/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 1999. */ /* ==================================================================== diff --git a/lib/libssl/src/crypto/evp/p_sign.c b/lib/libssl/src/crypto/evp/p_sign.c index e4ae5906f55..bf41a0db68a 100644 --- a/lib/libssl/src/crypto/evp/p_sign.c +++ b/lib/libssl/src/crypto/evp/p_sign.c @@ -84,10 +84,6 @@ int EVP_SignFinal(EVP_MD_CTX *ctx, unsigned char *sigret, unsigned int *siglen, MS_STATIC EVP_MD_CTX tmp_ctx; *siglen=0; - EVP_MD_CTX_init(&tmp_ctx); - EVP_MD_CTX_copy_ex(&tmp_ctx,ctx); - EVP_DigestFinal_ex(&tmp_ctx,&(m[0]),&m_len); - EVP_MD_CTX_cleanup(&tmp_ctx); for (i=0; i<4; i++) { v=ctx->digest->required_pkey_type[i]; @@ -108,7 +104,23 @@ int EVP_SignFinal(EVP_MD_CTX *ctx, unsigned char *sigret, unsigned int *siglen, EVPerr(EVP_F_EVP_SIGNFINAL,EVP_R_NO_SIGN_FUNCTION_CONFIGURED); return(0); } - return(ctx->digest->sign(ctx->digest->type,m,m_len,sigret,siglen, - pkey->pkey.ptr)); + EVP_MD_CTX_init(&tmp_ctx); + EVP_MD_CTX_copy_ex(&tmp_ctx,ctx); + if (ctx->digest->flags & EVP_MD_FLAG_SVCTX) + { + EVP_MD_SVCTX sctmp; + sctmp.mctx = &tmp_ctx; + sctmp.key = pkey->pkey.ptr; + i = ctx->digest->sign(ctx->digest->type, + NULL, -1, sigret, siglen, &sctmp); + } + else + { + EVP_DigestFinal_ex(&tmp_ctx,&(m[0]),&m_len); + i = ctx->digest->sign(ctx->digest->type,m,m_len,sigret,siglen, + pkey->pkey.ptr); + } + EVP_MD_CTX_cleanup(&tmp_ctx); + return i; } diff --git a/lib/libssl/src/crypto/evp/p_verify.c b/lib/libssl/src/crypto/evp/p_verify.c index 21a40a375e1..2d46dffe7e1 100644 --- a/lib/libssl/src/crypto/evp/p_verify.c +++ b/lib/libssl/src/crypto/evp/p_verify.c @@ -85,17 +85,29 @@ int EVP_VerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sigbuf, EVPerr(EVP_F_EVP_VERIFYFINAL,EVP_R_WRONG_PUBLIC_KEY_TYPE); return(-1); } - EVP_MD_CTX_init(&tmp_ctx); - EVP_MD_CTX_copy_ex(&tmp_ctx,ctx); - EVP_DigestFinal_ex(&tmp_ctx,&(m[0]),&m_len); - EVP_MD_CTX_cleanup(&tmp_ctx); - if (ctx->digest->verify == NULL) + if (ctx->digest->verify == NULL) { EVPerr(EVP_F_EVP_VERIFYFINAL,EVP_R_NO_VERIFY_FUNCTION_CONFIGURED); return(0); } - return(ctx->digest->verify(ctx->digest->type,m,m_len, - sigbuf,siglen,pkey->pkey.ptr)); + EVP_MD_CTX_init(&tmp_ctx); + EVP_MD_CTX_copy_ex(&tmp_ctx,ctx); + if (ctx->digest->flags & EVP_MD_FLAG_SVCTX) + { + EVP_MD_SVCTX sctmp; + sctmp.mctx = &tmp_ctx; + sctmp.key = pkey->pkey.ptr; + i = ctx->digest->verify(ctx->digest->type, + NULL, -1, sigbuf, siglen, &sctmp); + } + else + { + EVP_DigestFinal_ex(&tmp_ctx,&(m[0]),&m_len); + i = ctx->digest->verify(ctx->digest->type,m,m_len, + sigbuf,siglen,pkey->pkey.ptr); + } + EVP_MD_CTX_cleanup(&tmp_ctx); + return i; } diff --git a/lib/libssl/src/crypto/hmac/hmac.c b/lib/libssl/src/crypto/hmac/hmac.c index 1d140f7adb4..cbc1c76a57b 100644 --- a/lib/libssl/src/crypto/hmac/hmac.c +++ b/lib/libssl/src/crypto/hmac/hmac.c @@ -61,6 +61,8 @@ #include "cryptlib.h" #include <openssl/hmac.h> +#ifndef OPENSSL_FIPS + void HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len, const EVP_MD *md, ENGINE *impl) { @@ -178,3 +180,4 @@ void HMAC_CTX_set_flags(HMAC_CTX *ctx, unsigned long flags) EVP_MD_CTX_set_flags(&ctx->md_ctx, flags); } +#endif diff --git a/lib/libssl/src/crypto/idea/idea.h b/lib/libssl/src/crypto/idea/idea.h index bf97a37e39b..a137d4cbce2 100644 --- a/lib/libssl/src/crypto/idea/idea.h +++ b/lib/libssl/src/crypto/idea/idea.h @@ -83,6 +83,9 @@ typedef struct idea_key_st const char *idea_options(void); void idea_ecb_encrypt(const unsigned char *in, unsigned char *out, IDEA_KEY_SCHEDULE *ks); +#ifdef OPENSSL_FIPS +void private_idea_set_encrypt_key(const unsigned char *key, IDEA_KEY_SCHEDULE *ks); +#endif void idea_set_encrypt_key(const unsigned char *key, IDEA_KEY_SCHEDULE *ks); void idea_set_decrypt_key(const IDEA_KEY_SCHEDULE *ek, IDEA_KEY_SCHEDULE *dk); void idea_cbc_encrypt(const unsigned char *in, unsigned char *out, diff --git a/lib/libssl/src/crypto/install.com b/lib/libssl/src/crypto/install.com index 58a4fecdaa4..ffad1f97a72 100644 --- a/lib/libssl/src/crypto/install.com +++ b/lib/libssl/src/crypto/install.com @@ -35,12 +35,12 @@ $ $ SDIRS := ,- OBJECTS,- MD2,MD4,MD5,SHA,MDC2,HMAC,RIPEMD,- - DES,RC2,RC4,RC5,IDEA,BF,CAST,CAMELLIA,SEED,- - BN,EC,RSA,DSA,ECDSA,DH,ECDH,DSO,ENGINE,AES,- + DES,AES,RC2,RC4,RC5,IDEA,BF,CAST,CAMELLIA,SEED,- + BN,EC,RSA,DSA,ECDSA,DH,ECDH,DSO,ENGINE,- BUFFER,BIO,STACK,LHASH,RAND,ERR,- EVP,ASN1,PEM,X509,X509V3,CONF,TXT_DB,PKCS7,PKCS12,COMP,OCSP,- UI,KRB5,- - STORE,CMS,PQUEUE + STORE,PQUEUE,JPAKE $ EXHEADER_ := crypto.h,tmdiff.h,opensslv.h,opensslconf.h,ebcdic.h,- symhacks.h,ossl_typ.h $ EXHEADER_OBJECTS := objects.h,obj_mac.h @@ -52,6 +52,7 @@ $ EXHEADER_MDC2 := mdc2.h $ EXHEADER_HMAC := hmac.h $ EXHEADER_RIPEMD := ripemd.h $ EXHEADER_DES := des.h,des_old.h +$ EXHEADER_AES := aes.h $ EXHEADER_RC2 := rc2.h $ EXHEADER_RC4 := rc4.h $ EXHEADER_RC5 := rc5.h @@ -69,7 +70,6 @@ $ EXHEADER_DH := dh.h $ EXHEADER_ECDH := ecdh.h $ EXHEADER_DSO := dso.h $ EXHEADER_ENGINE := engine.h -$ EXHEADER_AES := aes.h $ EXHEADER_BUFFER := buffer.h $ EXHEADER_BIO := bio.h $ EXHEADER_STACK := stack.h,safestack.h @@ -92,7 +92,7 @@ $ EXHEADER_KRB5 := krb5_asn.h $! EXHEADER_STORE := store.h,str_compat.h $ EXHEADER_STORE := store.h $ EXHEADER_PQUEUE := pqueue.h,pq_compat.h -$ EXHEADER_CMS := cms.h +$ EXHEADER_JPAKE := jpake.h $ LIBS := LIBCRYPTO $ $ VEXE_DIR := [-.VAX.EXE.CRYPTO] diff --git a/lib/libssl/src/crypto/md2/md2.h b/lib/libssl/src/crypto/md2/md2.h index a46120e7d41..d59c9f25931 100644 --- a/lib/libssl/src/crypto/md2/md2.h +++ b/lib/libssl/src/crypto/md2/md2.h @@ -81,6 +81,9 @@ typedef struct MD2state_st } MD2_CTX; const char *MD2_options(void); +#ifdef OPENSSL_FIPS +int private_MD2_Init(MD2_CTX *c); +#endif int MD2_Init(MD2_CTX *c); int MD2_Update(MD2_CTX *c, const unsigned char *data, size_t len); int MD2_Final(unsigned char *md, MD2_CTX *c); diff --git a/lib/libssl/src/crypto/md2/md2_dgst.c b/lib/libssl/src/crypto/md2/md2_dgst.c index 6f68b25c6a8..cc4eeaf7a7a 100644 --- a/lib/libssl/src/crypto/md2/md2_dgst.c +++ b/lib/libssl/src/crypto/md2/md2_dgst.c @@ -62,6 +62,11 @@ #include <openssl/md2.h> #include <openssl/opensslv.h> #include <openssl/crypto.h> +#ifdef OPENSSL_FIPS +#include <openssl/fips.h> +#endif + +#include <openssl/err.h> const char MD2_version[]="MD2" OPENSSL_VERSION_PTEXT; @@ -116,7 +121,7 @@ const char *MD2_options(void) return("md2(int)"); } -int MD2_Init(MD2_CTX *c) +FIPS_NON_FIPS_MD_Init(MD2) { c->num=0; memset(c->state,0,sizeof c->state); diff --git a/lib/libssl/src/crypto/md4/md4.h b/lib/libssl/src/crypto/md4/md4.h index 5598c93a4fe..ba1fe4a6ee8 100644 --- a/lib/libssl/src/crypto/md4/md4.h +++ b/lib/libssl/src/crypto/md4/md4.h @@ -105,6 +105,9 @@ typedef struct MD4state_st unsigned int num; } MD4_CTX; +#ifdef OPENSSL_FIPS +int private_MD4_Init(MD4_CTX *c); +#endif int MD4_Init(MD4_CTX *c); int MD4_Update(MD4_CTX *c, const void *data, size_t len); int MD4_Final(unsigned char *md, MD4_CTX *c); diff --git a/lib/libssl/src/crypto/md4/md4_dgst.c b/lib/libssl/src/crypto/md4/md4_dgst.c index cfef94af39a..0f5448601d8 100644 --- a/lib/libssl/src/crypto/md4/md4_dgst.c +++ b/lib/libssl/src/crypto/md4/md4_dgst.c @@ -59,6 +59,11 @@ #include <stdio.h> #include "md4_locl.h" #include <openssl/opensslv.h> +#include <openssl/err.h> +#ifdef OPENSSL_FIPS +#include <openssl/fips.h> +#endif + const char MD4_version[]="MD4" OPENSSL_VERSION_PTEXT; @@ -70,7 +75,7 @@ const char MD4_version[]="MD4" OPENSSL_VERSION_PTEXT; #define INIT_DATA_C (unsigned long)0x98badcfeL #define INIT_DATA_D (unsigned long)0x10325476L -int MD4_Init(MD4_CTX *c) +FIPS_NON_FIPS_MD_Init(MD4) { c->A=INIT_DATA_A; c->B=INIT_DATA_B; diff --git a/lib/libssl/src/crypto/md5/md5.h b/lib/libssl/src/crypto/md5/md5.h index dbdc0e1abc7..0761f84a27b 100644 --- a/lib/libssl/src/crypto/md5/md5.h +++ b/lib/libssl/src/crypto/md5/md5.h @@ -105,6 +105,9 @@ typedef struct MD5state_st unsigned int num; } MD5_CTX; +#ifdef OPENSSL_FIPS +int private_MD5_Init(MD5_CTX *c); +#endif int MD5_Init(MD5_CTX *c); int MD5_Update(MD5_CTX *c, const void *data, size_t len); int MD5_Final(unsigned char *md, MD5_CTX *c); diff --git a/lib/libssl/src/crypto/md5/md5_dgst.c b/lib/libssl/src/crypto/md5/md5_dgst.c index b96e332ba41..47bb9020ee1 100644 --- a/lib/libssl/src/crypto/md5/md5_dgst.c +++ b/lib/libssl/src/crypto/md5/md5_dgst.c @@ -59,6 +59,11 @@ #include <stdio.h> #include "md5_locl.h" #include <openssl/opensslv.h> +#include <openssl/err.h> +#ifdef OPENSSL_FIPS +#include <openssl/fips.h> +#endif + const char MD5_version[]="MD5" OPENSSL_VERSION_PTEXT; @@ -70,7 +75,7 @@ const char MD5_version[]="MD5" OPENSSL_VERSION_PTEXT; #define INIT_DATA_C (unsigned long)0x98badcfeL #define INIT_DATA_D (unsigned long)0x10325476L -int MD5_Init(MD5_CTX *c) +FIPS_NON_FIPS_MD_Init(MD5) { c->A=INIT_DATA_A; c->B=INIT_DATA_B; diff --git a/lib/libssl/src/crypto/mdc2/Makefile b/lib/libssl/src/crypto/mdc2/Makefile index 1d064f17a62..ea25688d888 100644 --- a/lib/libssl/src/crypto/mdc2/Makefile +++ b/lib/libssl/src/crypto/mdc2/Makefile @@ -33,7 +33,7 @@ top: all: lib lib: $(LIBOBJ) - $(AR) $(LIB) $(LIBOBJ) + $(ARX) $(LIB) $(LIBOBJ) $(RANLIB) $(LIB) || echo Never mind. @touch lib diff --git a/lib/libssl/src/crypto/mdc2/mdc2.h b/lib/libssl/src/crypto/mdc2/mdc2.h index 72778a52123..7e1354116ad 100644 --- a/lib/libssl/src/crypto/mdc2/mdc2.h +++ b/lib/libssl/src/crypto/mdc2/mdc2.h @@ -80,7 +80,9 @@ typedef struct mdc2_ctx_st int pad_type; /* either 1 or 2, default 1 */ } MDC2_CTX; - +#ifdef OPENSSL_FIPS +int private_MDC2_Init(MDC2_CTX *c); +#endif int MDC2_Init(MDC2_CTX *c); int MDC2_Update(MDC2_CTX *c, const unsigned char *data, size_t len); int MDC2_Final(unsigned char *md, MDC2_CTX *c); diff --git a/lib/libssl/src/crypto/mem.c b/lib/libssl/src/crypto/mem.c index 6635167228d..00ebaf0b9b5 100644 --- a/lib/libssl/src/crypto/mem.c +++ b/lib/libssl/src/crypto/mem.c @@ -101,7 +101,7 @@ static void (*free_locked_func)(void *) = free; /* may be changed as long as 'allow_customize_debug' is set */ /* XXX use correct function pointer types */ -#ifdef CRYPTO_MDEBUG +#if defined(CRYPTO_MDEBUG) && !defined(OPENSSL_FIPS) /* use default functions from mem_dbg.c */ static void (*malloc_debug_func)(void *,int,const char *,int,int) = CRYPTO_dbg_malloc; @@ -110,6 +110,14 @@ static void (*realloc_debug_func)(void *,void *,int,const char *,int,int) static void (*free_debug_func)(void *,int) = CRYPTO_dbg_free; static void (*set_debug_options_func)(long) = CRYPTO_dbg_set_options; static long (*get_debug_options_func)(void) = CRYPTO_dbg_get_options; + +static int (*push_info_func)(const char *info, const char *file, int line) + = CRYPTO_dbg_push_info; +static int (*pop_info_func)(void) + = CRYPTO_dbg_pop_info; +static int (*remove_all_info_func)(void) + = CRYPTO_dbg_remove_all_info; + #else /* applications can use CRYPTO_malloc_debug_init() to select above case * at run-time */ @@ -119,6 +127,13 @@ static void (*realloc_debug_func)(void *,void *,int,const char *,int,int) static void (*free_debug_func)(void *,int) = NULL; static void (*set_debug_options_func)(long) = NULL; static long (*get_debug_options_func)(void) = NULL; + + +static int (*push_info_func)(const char *info, const char *file, int line) + = NULL; +static int (*pop_info_func)(void) = NULL; +static int (*remove_all_info_func)(void) = NULL; + #endif @@ -194,6 +209,15 @@ int CRYPTO_set_mem_debug_functions(void (*m)(void *,int,const char *,int,int), return 1; } +void CRYPTO_set_mem_info_functions( + int (*push_info_fn)(const char *info, const char *file, int line), + int (*pop_info_fn)(void), + int (*remove_all_info_fn)(void)) + { + push_info_func = push_info_fn; + pop_info_func = pop_info_fn; + remove_all_info_func = remove_all_info_fn; + } void CRYPTO_get_mem_functions(void *(**m)(size_t), void *(**r)(void *, size_t), void (**f)(void *)) @@ -399,3 +423,24 @@ long CRYPTO_get_mem_debug_options(void) return get_debug_options_func(); return 0; } + +int CRYPTO_push_info_(const char *info, const char *file, int line) + { + if (push_info_func) + return push_info_func(info, file, line); + return 1; + } + +int CRYPTO_pop_info(void) + { + if (pop_info_func) + return pop_info_func(); + return 1; + } + +int CRYPTO_remove_all_info(void) + { + if (remove_all_info_func) + return remove_all_info_func(); + return 1; + } diff --git a/lib/libssl/src/crypto/mem_dbg.c b/lib/libssl/src/crypto/mem_dbg.c index 8316485217a..dfeb0847993 100644 --- a/lib/libssl/src/crypto/mem_dbg.c +++ b/lib/libssl/src/crypto/mem_dbg.c @@ -330,7 +330,7 @@ static APP_INFO *pop_info(void) return(ret); } -int CRYPTO_push_info_(const char *info, const char *file, int line) +int CRYPTO_dbg_push_info(const char *info, const char *file, int line) { APP_INFO *ami, *amim; int ret=0; @@ -380,7 +380,7 @@ int CRYPTO_push_info_(const char *info, const char *file, int line) return(ret); } -int CRYPTO_pop_info(void) +int CRYPTO_dbg_pop_info(void) { int ret=0; @@ -395,7 +395,7 @@ int CRYPTO_pop_info(void) return(ret); } -int CRYPTO_remove_all_info(void) +int CRYPTO_dbg_remove_all_info(void) { int ret=0; @@ -793,3 +793,25 @@ void CRYPTO_mem_leaks_cb(CRYPTO_MEM_LEAK_CB *cb) lh_doall_arg(mh, LHASH_DOALL_ARG_FN(cb_leak), &cb); CRYPTO_w_unlock(CRYPTO_LOCK_MALLOC2); } + +void CRYPTO_malloc_debug_init(void) + { + CRYPTO_set_mem_debug_functions( + CRYPTO_dbg_malloc, + CRYPTO_dbg_realloc, + CRYPTO_dbg_free, + CRYPTO_dbg_set_options, + CRYPTO_dbg_get_options); + CRYPTO_set_mem_info_functions( + CRYPTO_dbg_push_info, + CRYPTO_dbg_pop_info, + CRYPTO_dbg_remove_all_info); + } + +char *CRYPTO_strdup(const char *str, const char *file, int line) + { + char *ret = CRYPTO_malloc(strlen(str)+1, file, line); + + strcpy(ret, str); + return ret; + } diff --git a/lib/libssl/src/crypto/objects/obj_dat.pl b/lib/libssl/src/crypto/objects/obj_dat.pl index 8a09a46ee65..7de2f77afda 100644 --- a/lib/libssl/src/crypto/objects/obj_dat.pl +++ b/lib/libssl/src/crypto/objects/obj_dat.pl @@ -2,7 +2,9 @@ # fixes bug in floating point emulation on sparc64 when # this script produces off-by-one output on sparc64 -use integer; +eval 'use integer;'; + +print STDERR "Warning: perl module integer not found.\n" if ($@); sub obj_cmp { diff --git a/lib/libssl/src/crypto/objects/obj_mac.num b/lib/libssl/src/crypto/objects/obj_mac.num index 53c9cb0d6ae..e3f56bc52ca 100644 --- a/lib/libssl/src/crypto/objects/obj_mac.num +++ b/lib/libssl/src/crypto/objects/obj_mac.num @@ -854,3 +854,5 @@ id_GostR3411_94_with_GostR3410_2001_cc 853 id_GostR3410_2001_ParamSet_cc 854 hmac 855 LocalKeySet 856 +freshest_crl 857 +id_on_permanentIdentifier 858 diff --git a/lib/libssl/src/crypto/objects/objects.txt b/lib/libssl/src/crypto/objects/objects.txt index e009702e553..a6a811b8e7c 100644 --- a/lib/libssl/src/crypto/objects/objects.txt +++ b/lib/libssl/src/crypto/objects/objects.txt @@ -557,6 +557,7 @@ id-cmc 24 : id-cmc-confirmCertAcceptance # other names id-on 1 : id-on-personalData +id-on 3 : id-on-permanentIdentifier : Permanent Identifier # personal data attributes id-pda 1 : id-pda-dateOfBirth @@ -726,6 +727,8 @@ id-ce 35 : authorityKeyIdentifier : X509v3 Authority Key Identifier id-ce 36 : policyConstraints : X509v3 Policy Constraints !Cname ext-key-usage id-ce 37 : extendedKeyUsage : X509v3 Extended Key Usage +!Cname freshest-crl +id-ce 46 : freshestCRL : X509v3 Freshest CRL !Cname inhibit-any-policy id-ce 54 : inhibitAnyPolicy : X509v3 Inhibit Any Policy !Cname target-information diff --git a/lib/libssl/src/crypto/ocsp/ocsp_asn.c b/lib/libssl/src/crypto/ocsp/ocsp_asn.c index 39b7a1c5687..bfe892ac705 100644 --- a/lib/libssl/src/crypto/ocsp/ocsp_asn.c +++ b/lib/libssl/src/crypto/ocsp/ocsp_asn.c @@ -1,5 +1,5 @@ /* ocsp_asn.c */ -/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2000. */ /* ==================================================================== diff --git a/lib/libssl/src/crypto/ocsp/ocsp_ht.c b/lib/libssl/src/crypto/ocsp/ocsp_ht.c index a8e569b74a0..6abb30b2c07 100644 --- a/lib/libssl/src/crypto/ocsp/ocsp_ht.c +++ b/lib/libssl/src/crypto/ocsp/ocsp_ht.c @@ -1,5 +1,5 @@ /* ocsp_ht.c */ -/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2006. */ /* ==================================================================== @@ -56,11 +56,12 @@ * */ -#include <openssl/asn1.h> #include <stdio.h> #include <stdlib.h> #include <ctype.h> #include <string.h> +#include "e_os.h" +#include <openssl/asn1.h> #include <openssl/ocsp.h> #include <openssl/err.h> #include <openssl/buffer.h> diff --git a/lib/libssl/src/crypto/ocsp/ocsp_srv.c b/lib/libssl/src/crypto/ocsp/ocsp_srv.c index fffa134e754..1c606dd0b61 100644 --- a/lib/libssl/src/crypto/ocsp/ocsp_srv.c +++ b/lib/libssl/src/crypto/ocsp/ocsp_srv.c @@ -1,5 +1,5 @@ /* ocsp_srv.c */ -/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2001. */ /* ==================================================================== diff --git a/lib/libssl/src/crypto/ocsp/ocsp_vfy.c b/lib/libssl/src/crypto/ocsp/ocsp_vfy.c index 23ea41c847b..4a0c3870d83 100644 --- a/lib/libssl/src/crypto/ocsp/ocsp_vfy.c +++ b/lib/libssl/src/crypto/ocsp/ocsp_vfy.c @@ -1,5 +1,5 @@ /* ocsp_vfy.c */ -/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2000. */ /* ==================================================================== diff --git a/lib/libssl/src/crypto/opensslconf.h.in b/lib/libssl/src/crypto/opensslconf.h.in index cee83acf989..1c77f03c3dc 100644 --- a/lib/libssl/src/crypto/opensslconf.h.in +++ b/lib/libssl/src/crypto/opensslconf.h.in @@ -1,5 +1,20 @@ /* crypto/opensslconf.h.in */ +#ifdef OPENSSL_DOING_MAKEDEPEND + +/* Include any symbols here that have to be explicitly set to enable a feature + * that should be visible to makedepend. + * + * [Our "make depend" doesn't actually look at this, we use actual build settings + * instead; we want to make it easy to remove subdirectories with disabled algorithms.] + */ + +#ifndef OPENSSL_FIPS +#define OPENSSL_FIPS +#endif + +#endif + /* Generate 80386 code? */ #undef I386_ONLY diff --git a/lib/libssl/src/crypto/opensslv.h b/lib/libssl/src/crypto/opensslv.h index 5bdd370ac91..09687b5136a 100644 --- a/lib/libssl/src/crypto/opensslv.h +++ b/lib/libssl/src/crypto/opensslv.h @@ -25,11 +25,11 @@ * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for * major minor fix final patch/beta) */ -#define OPENSSL_VERSION_NUMBER 0x0090809fL +#define OPENSSL_VERSION_NUMBER 0x009080afL #ifdef OPENSSL_FIPS -#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.8i-fips 15 Sep 2008" +#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.8j-fips 07 Jan 2009" #else -#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.8i 15 Sep 2008" +#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.8j 07 Jan 2009" #endif #define OPENSSL_VERSION_PTEXT " part of " OPENSSL_VERSION_TEXT diff --git a/lib/libssl/src/crypto/ossl_typ.h b/lib/libssl/src/crypto/ossl_typ.h index 734200428f6..0e7a3808803 100644 --- a/lib/libssl/src/crypto/ossl_typ.h +++ b/lib/libssl/src/crypto/ossl_typ.h @@ -100,6 +100,8 @@ typedef int ASN1_NULL; #undef X509_EXTENSIONS #undef X509_CERT_PAIR #undef PKCS7_ISSUER_AND_SERIAL +#undef OCSP_REQUEST +#undef OCSP_RESPONSE #endif #ifdef BIGNUM diff --git a/lib/libssl/src/crypto/pem/pem.h b/lib/libssl/src/crypto/pem/pem.h index 670afa670ba..6f8e01544bb 100644 --- a/lib/libssl/src/crypto/pem/pem.h +++ b/lib/libssl/src/crypto/pem/pem.h @@ -125,6 +125,7 @@ extern "C" { #define PEM_STRING_DSA "DSA PRIVATE KEY" #define PEM_STRING_DSA_PUBLIC "DSA PUBLIC KEY" #define PEM_STRING_PKCS7 "PKCS7" +#define PEM_STRING_PKCS7_SIGNED "PKCS #7 SIGNED DATA" #define PEM_STRING_PKCS8 "ENCRYPTED PRIVATE KEY" #define PEM_STRING_PKCS8INF "PRIVATE KEY" #define PEM_STRING_DHPARAMS "DH PARAMETERS" diff --git a/lib/libssl/src/crypto/pem/pem_all.c b/lib/libssl/src/crypto/pem/pem_all.c index 66cbc7eb82c..69dd19bf2e7 100644 --- a/lib/libssl/src/crypto/pem/pem_all.c +++ b/lib/libssl/src/crypto/pem/pem_all.c @@ -194,7 +194,49 @@ RSA *PEM_read_RSAPrivateKey(FILE *fp, RSA **rsa, pem_password_cb *cb, #endif +#ifdef OPENSSL_FIPS + +int PEM_write_bio_RSAPrivateKey(BIO *bp, RSA *x, const EVP_CIPHER *enc, + unsigned char *kstr, int klen, + pem_password_cb *cb, void *u) +{ + EVP_PKEY *k; + int ret; + k = EVP_PKEY_new(); + if (!k) + return 0; + EVP_PKEY_set1_RSA(k, x); + + ret = PEM_write_bio_PrivateKey(bp, k, enc, kstr, klen, cb, u); + EVP_PKEY_free(k); + return ret; +} + +#ifndef OPENSSL_NO_FP_API +int PEM_write_RSAPrivateKey(FILE *fp, RSA *x, const EVP_CIPHER *enc, + unsigned char *kstr, int klen, + pem_password_cb *cb, void *u) +{ + EVP_PKEY *k; + int ret; + k = EVP_PKEY_new(); + if (!k) + return 0; + + EVP_PKEY_set1_RSA(k, x); + + ret = PEM_write_PrivateKey(fp, k, enc, kstr, klen, cb, u); + EVP_PKEY_free(k); + return ret; +} +#endif + +#else + IMPLEMENT_PEM_write_cb_const(RSAPrivateKey, RSA, PEM_STRING_RSA, RSAPrivateKey) + +#endif + IMPLEMENT_PEM_rw_const(RSAPublicKey, RSA, PEM_STRING_RSA_PUBLIC, RSAPublicKey) IMPLEMENT_PEM_rw(RSA_PUBKEY, RSA, PEM_STRING_PUBLIC, RSA_PUBKEY) @@ -224,7 +266,47 @@ DSA *PEM_read_bio_DSAPrivateKey(BIO *bp, DSA **dsa, pem_password_cb *cb, return pkey_get_dsa(pktmp, dsa); } +#ifdef OPENSSL_FIPS + +int PEM_write_bio_DSAPrivateKey(BIO *bp, DSA *x, const EVP_CIPHER *enc, + unsigned char *kstr, int klen, + pem_password_cb *cb, void *u) +{ + EVP_PKEY *k; + int ret; + k = EVP_PKEY_new(); + if (!k) + return 0; + EVP_PKEY_set1_DSA(k, x); + + ret = PEM_write_bio_PrivateKey(bp, k, enc, kstr, klen, cb, u); + EVP_PKEY_free(k); + return ret; +} + +#ifndef OPENSSL_NO_FP_API +int PEM_write_DSAPrivateKey(FILE *fp, DSA *x, const EVP_CIPHER *enc, + unsigned char *kstr, int klen, + pem_password_cb *cb, void *u) +{ + EVP_PKEY *k; + int ret; + k = EVP_PKEY_new(); + if (!k) + return 0; + EVP_PKEY_set1_DSA(k, x); + ret = PEM_write_PrivateKey(fp, k, enc, kstr, klen, cb, u); + EVP_PKEY_free(k); + return ret; +} +#endif + +#else + IMPLEMENT_PEM_write_cb_const(DSAPrivateKey, DSA, PEM_STRING_DSA, DSAPrivateKey) + +#endif + IMPLEMENT_PEM_rw(DSA_PUBKEY, DSA, PEM_STRING_PUBLIC, DSA_PUBKEY) #ifndef OPENSSL_NO_FP_API @@ -270,8 +352,49 @@ EC_KEY *PEM_read_bio_ECPrivateKey(BIO *bp, EC_KEY **key, pem_password_cb *cb, IMPLEMENT_PEM_rw_const(ECPKParameters, EC_GROUP, PEM_STRING_ECPARAMETERS, ECPKParameters) + + +#ifdef OPENSSL_FIPS + +int PEM_write_bio_ECPrivateKey(BIO *bp, EC_KEY *x, const EVP_CIPHER *enc, + unsigned char *kstr, int klen, + pem_password_cb *cb, void *u) +{ + EVP_PKEY *k; + int ret; + k = EVP_PKEY_new(); + if (!k) + return 0; + EVP_PKEY_set1_EC_KEY(k, x); + + ret = PEM_write_bio_PrivateKey(bp, k, enc, kstr, klen, cb, u); + EVP_PKEY_free(k); + return ret; +} + +#ifndef OPENSSL_NO_FP_API +int PEM_write_ECPrivateKey(FILE *fp, EC_KEY *x, const EVP_CIPHER *enc, + unsigned char *kstr, int klen, + pem_password_cb *cb, void *u) +{ + EVP_PKEY *k; + int ret; + k = EVP_PKEY_new(); + if (!k) + return 0; + EVP_PKEY_set1_EC_KEY(k, x); + ret = PEM_write_PrivateKey(fp, k, enc, kstr, klen, cb, u); + EVP_PKEY_free(k); + return ret; +} +#endif + +#else + IMPLEMENT_PEM_write_cb(ECPrivateKey, EC_KEY, PEM_STRING_ECPRIVATEKEY, ECPrivateKey) +#endif + IMPLEMENT_PEM_rw(EC_PUBKEY, EC_KEY, PEM_STRING_PUBLIC, EC_PUBKEY) #ifndef OPENSSL_NO_FP_API @@ -301,8 +424,59 @@ IMPLEMENT_PEM_rw_const(DHparams, DH, PEM_STRING_DHPARAMS, DHparams) * (When reading, parameter PEM_STRING_EVP_PKEY is a wildcard for anything * appropriate.) */ + +#ifdef OPENSSL_FIPS + +static const char *pkey_str(EVP_PKEY *x) + { + switch (x->type) + { + case EVP_PKEY_RSA: + return PEM_STRING_RSA; + + case EVP_PKEY_DSA: + return PEM_STRING_DSA; + + case EVP_PKEY_EC: + return PEM_STRING_ECPRIVATEKEY; + + default: + return NULL; + } + } + + +int PEM_write_bio_PrivateKey(BIO *bp, EVP_PKEY *x, const EVP_CIPHER *enc, + unsigned char *kstr, int klen, + pem_password_cb *cb, void *u) + { + if (FIPS_mode()) + return PEM_write_bio_PKCS8PrivateKey(bp, x, enc, + (char *)kstr, klen, cb, u); + else + return PEM_ASN1_write_bio((i2d_of_void *)i2d_PrivateKey, + pkey_str(x), bp,(char *)x,enc,kstr,klen,cb,u); + } + +#ifndef OPENSSL_NO_FP_API +int PEM_write_PrivateKey(FILE *fp, EVP_PKEY *x, const EVP_CIPHER *enc, + unsigned char *kstr, int klen, + pem_password_cb *cb, void *u) + { + if (FIPS_mode()) + return PEM_write_PKCS8PrivateKey(fp, x, enc, + (char *)kstr, klen, cb, u); + else + return PEM_ASN1_write((i2d_of_void *)i2d_PrivateKey, + pkey_str(x), fp,(char *)x,enc,kstr,klen,cb,u); + } +#endif + +#else IMPLEMENT_PEM_write_cb(PrivateKey, EVP_PKEY, ((x->type == EVP_PKEY_DSA)?PEM_STRING_DSA:\ (x->type == EVP_PKEY_RSA)?PEM_STRING_RSA:PEM_STRING_ECPRIVATEKEY), PrivateKey) +#endif + IMPLEMENT_PEM_rw(PUBKEY, EVP_PKEY, PEM_STRING_PUBLIC, PUBKEY) diff --git a/lib/libssl/src/crypto/pem/pem_lib.c b/lib/libssl/src/crypto/pem/pem_lib.c index 9bae4c8850c..cbafefe416e 100644 --- a/lib/libssl/src/crypto/pem/pem_lib.c +++ b/lib/libssl/src/crypto/pem/pem_lib.c @@ -216,6 +216,9 @@ static int check_pem(const char *nm, const char *name) if(!strcmp(nm, PEM_STRING_X509) && !strcmp(name, PEM_STRING_PKCS7)) return 1; + if(!strcmp(nm, PEM_STRING_PKCS7_SIGNED) && + !strcmp(name, PEM_STRING_PKCS7)) return 1; + return 0; } diff --git a/lib/libssl/src/crypto/pem/pem_x509.c b/lib/libssl/src/crypto/pem/pem_x509.c index 19f88d8d3a6..3f709f13e65 100644 --- a/lib/libssl/src/crypto/pem/pem_x509.c +++ b/lib/libssl/src/crypto/pem/pem_x509.c @@ -1,5 +1,5 @@ /* pem_x509.c */ -/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2001. */ /* ==================================================================== diff --git a/lib/libssl/src/crypto/pem/pem_xaux.c b/lib/libssl/src/crypto/pem/pem_xaux.c index 63ce660cf1a..7cc74910095 100644 --- a/lib/libssl/src/crypto/pem/pem_xaux.c +++ b/lib/libssl/src/crypto/pem/pem_xaux.c @@ -1,5 +1,5 @@ /* pem_xaux.c */ -/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2001. */ /* ==================================================================== diff --git a/lib/libssl/src/crypto/pkcs12/p12_add.c b/lib/libssl/src/crypto/pkcs12/p12_add.c index 41bdc005510..1f3e378f5cb 100644 --- a/lib/libssl/src/crypto/pkcs12/p12_add.c +++ b/lib/libssl/src/crypto/pkcs12/p12_add.c @@ -1,5 +1,5 @@ /* p12_add.c */ -/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 1999. */ /* ==================================================================== diff --git a/lib/libssl/src/crypto/pkcs12/p12_asn.c b/lib/libssl/src/crypto/pkcs12/p12_asn.c index a3739fee1a6..6e276338175 100644 --- a/lib/libssl/src/crypto/pkcs12/p12_asn.c +++ b/lib/libssl/src/crypto/pkcs12/p12_asn.c @@ -1,5 +1,5 @@ /* p12_asn.c */ -/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 1999. */ /* ==================================================================== diff --git a/lib/libssl/src/crypto/pkcs12/p12_attr.c b/lib/libssl/src/crypto/pkcs12/p12_attr.c index 026cf3826a7..68d6c5ad159 100644 --- a/lib/libssl/src/crypto/pkcs12/p12_attr.c +++ b/lib/libssl/src/crypto/pkcs12/p12_attr.c @@ -1,5 +1,5 @@ /* p12_attr.c */ -/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 1999. */ /* ==================================================================== diff --git a/lib/libssl/src/crypto/pkcs12/p12_crpt.c b/lib/libssl/src/crypto/pkcs12/p12_crpt.c index 3ad33c49d82..f8b952e27ee 100644 --- a/lib/libssl/src/crypto/pkcs12/p12_crpt.c +++ b/lib/libssl/src/crypto/pkcs12/p12_crpt.c @@ -1,5 +1,5 @@ /* p12_crpt.c */ -/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 1999. */ /* ==================================================================== diff --git a/lib/libssl/src/crypto/pkcs12/p12_crt.c b/lib/libssl/src/crypto/pkcs12/p12_crt.c index 9748256b6fe..e863de52cef 100644 --- a/lib/libssl/src/crypto/pkcs12/p12_crt.c +++ b/lib/libssl/src/crypto/pkcs12/p12_crt.c @@ -1,5 +1,5 @@ /* p12_crt.c */ -/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project. */ /* ==================================================================== @@ -59,6 +59,10 @@ #include <stdio.h> #include "cryptlib.h" #include <openssl/pkcs12.h> +#ifdef OPENSSL_FIPS +#include <openssl/fips.h> +#endif + static int pkcs12_add_bag(STACK_OF(PKCS12_SAFEBAG) **pbags, PKCS12_SAFEBAG *bag); @@ -90,7 +94,14 @@ PKCS12 *PKCS12_create(char *pass, char *name, EVP_PKEY *pkey, X509 *cert, /* Set defaults */ if (!nid_cert) + { +#ifdef OPENSSL_FIPS + if (FIPS_mode()) + nid_cert = NID_pbe_WithSHA1And3_Key_TripleDES_CBC; + else +#endif nid_cert = NID_pbe_WithSHA1And40BitRC2_CBC; + } if (!nid_key) nid_key = NID_pbe_WithSHA1And3_Key_TripleDES_CBC; if (!iter) diff --git a/lib/libssl/src/crypto/pkcs12/p12_decr.c b/lib/libssl/src/crypto/pkcs12/p12_decr.c index 74c961a92b8..ba77dbbe32c 100644 --- a/lib/libssl/src/crypto/pkcs12/p12_decr.c +++ b/lib/libssl/src/crypto/pkcs12/p12_decr.c @@ -1,5 +1,5 @@ /* p12_decr.c */ -/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 1999. */ /* ==================================================================== diff --git a/lib/libssl/src/crypto/pkcs12/p12_init.c b/lib/libssl/src/crypto/pkcs12/p12_init.c index 6bdc1326317..d4d84b056a2 100644 --- a/lib/libssl/src/crypto/pkcs12/p12_init.c +++ b/lib/libssl/src/crypto/pkcs12/p12_init.c @@ -1,5 +1,5 @@ /* p12_init.c */ -/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 1999. */ /* ==================================================================== diff --git a/lib/libssl/src/crypto/pkcs12/p12_key.c b/lib/libssl/src/crypto/pkcs12/p12_key.c index 18e72d0a1b8..9e57eee4a4d 100644 --- a/lib/libssl/src/crypto/pkcs12/p12_key.c +++ b/lib/libssl/src/crypto/pkcs12/p12_key.c @@ -1,5 +1,5 @@ /* p12_key.c */ -/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 1999. */ /* ==================================================================== diff --git a/lib/libssl/src/crypto/pkcs12/p12_kiss.c b/lib/libssl/src/crypto/pkcs12/p12_kiss.c index c2ee2cc6f3a..5c4c6ec9888 100644 --- a/lib/libssl/src/crypto/pkcs12/p12_kiss.c +++ b/lib/libssl/src/crypto/pkcs12/p12_kiss.c @@ -1,5 +1,5 @@ /* p12_kiss.c */ -/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 1999. */ /* ==================================================================== diff --git a/lib/libssl/src/crypto/pkcs12/p12_mutl.c b/lib/libssl/src/crypto/pkcs12/p12_mutl.c index c408cc8ab8d..70bfef6e5d1 100644 --- a/lib/libssl/src/crypto/pkcs12/p12_mutl.c +++ b/lib/libssl/src/crypto/pkcs12/p12_mutl.c @@ -1,5 +1,5 @@ /* p12_mutl.c */ -/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 1999. */ /* ==================================================================== diff --git a/lib/libssl/src/crypto/pkcs12/p12_npas.c b/lib/libssl/src/crypto/pkcs12/p12_npas.c index 48eacc5c49c..47e5e9c3775 100644 --- a/lib/libssl/src/crypto/pkcs12/p12_npas.c +++ b/lib/libssl/src/crypto/pkcs12/p12_npas.c @@ -1,5 +1,5 @@ /* p12_npas.c */ -/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 1999. */ /* ==================================================================== diff --git a/lib/libssl/src/crypto/pkcs12/p12_p8d.c b/lib/libssl/src/crypto/pkcs12/p12_p8d.c index 3c6f377933c..deba81e4a97 100644 --- a/lib/libssl/src/crypto/pkcs12/p12_p8d.c +++ b/lib/libssl/src/crypto/pkcs12/p12_p8d.c @@ -1,5 +1,5 @@ /* p12_p8d.c */ -/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2001. */ /* ==================================================================== diff --git a/lib/libssl/src/crypto/pkcs12/p12_p8e.c b/lib/libssl/src/crypto/pkcs12/p12_p8e.c index 3d47956652a..bf20a77b4c7 100644 --- a/lib/libssl/src/crypto/pkcs12/p12_p8e.c +++ b/lib/libssl/src/crypto/pkcs12/p12_p8e.c @@ -1,5 +1,5 @@ /* p12_p8e.c */ -/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2001. */ /* ==================================================================== diff --git a/lib/libssl/src/crypto/pkcs12/p12_utl.c b/lib/libssl/src/crypto/pkcs12/p12_utl.c index 243ec76be95..ca30ac4f6d5 100644 --- a/lib/libssl/src/crypto/pkcs12/p12_utl.c +++ b/lib/libssl/src/crypto/pkcs12/p12_utl.c @@ -1,5 +1,5 @@ /* p12_utl.c */ -/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 1999. */ /* ==================================================================== diff --git a/lib/libssl/src/crypto/pkcs12/pkcs12.h b/lib/libssl/src/crypto/pkcs12/pkcs12.h index a2d7e359a0f..4bee605dc0d 100644 --- a/lib/libssl/src/crypto/pkcs12/pkcs12.h +++ b/lib/libssl/src/crypto/pkcs12/pkcs12.h @@ -1,5 +1,5 @@ /* pkcs12.h */ -/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 1999. */ /* ==================================================================== diff --git a/lib/libssl/src/crypto/pkcs7/pk7_asn1.c b/lib/libssl/src/crypto/pkcs7/pk7_asn1.c index 77931feeb41..1f70d313867 100644 --- a/lib/libssl/src/crypto/pkcs7/pk7_asn1.c +++ b/lib/libssl/src/crypto/pkcs7/pk7_asn1.c @@ -1,5 +1,5 @@ /* pk7_asn.c */ -/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2000. */ /* ==================================================================== diff --git a/lib/libssl/src/crypto/pkcs7/pk7_attr.c b/lib/libssl/src/crypto/pkcs7/pk7_attr.c index 735c8800e10..d5497171691 100644 --- a/lib/libssl/src/crypto/pkcs7/pk7_attr.c +++ b/lib/libssl/src/crypto/pkcs7/pk7_attr.c @@ -1,5 +1,5 @@ /* pk7_attr.c */ -/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2001. */ /* ==================================================================== diff --git a/lib/libssl/src/crypto/pkcs7/pk7_mime.c b/lib/libssl/src/crypto/pkcs7/pk7_mime.c index 17b68992f7d..bf190360d75 100644 --- a/lib/libssl/src/crypto/pkcs7/pk7_mime.c +++ b/lib/libssl/src/crypto/pkcs7/pk7_mime.c @@ -1,5 +1,5 @@ /* pk7_mime.c */ -/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project. */ /* ==================================================================== diff --git a/lib/libssl/src/crypto/pkcs7/pk7_smime.c b/lib/libssl/src/crypto/pkcs7/pk7_smime.c index 5c6b0fe24bc..c34db1d6fed 100644 --- a/lib/libssl/src/crypto/pkcs7/pk7_smime.c +++ b/lib/libssl/src/crypto/pkcs7/pk7_smime.c @@ -1,5 +1,5 @@ /* pk7_smime.c */ -/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project. */ /* ==================================================================== @@ -282,6 +282,7 @@ int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store, PKCS7err(PKCS7_F_PKCS7_VERIFY,ERR_R_MALLOC_FAILURE); goto err; } + BIO_set_mem_eof_return(tmpout, 0); } else tmpout = out; /* We now have to 'read' from p7bio to calculate digests etc. */ diff --git a/lib/libssl/src/crypto/rand/Makefile b/lib/libssl/src/crypto/rand/Makefile index 27694aa6649..30794305cb3 100644 --- a/lib/libssl/src/crypto/rand/Makefile +++ b/lib/libssl/src/crypto/rand/Makefile @@ -17,9 +17,9 @@ TEST= randtest.c APPS= LIB=$(TOP)/libcrypto.a -LIBSRC=md_rand.c randfile.c rand_lib.c rand_err.c rand_egd.c \ +LIBSRC=md_rand.c randfile.c rand_lib.c rand_eng.c rand_err.c rand_egd.c \ rand_win.c rand_unix.c rand_os2.c rand_nw.c -LIBOBJ=md_rand.o randfile.o rand_lib.o rand_err.o rand_egd.o \ +LIBOBJ=md_rand.o randfile.o rand_lib.o rand_eng.o rand_err.o rand_egd.o \ rand_win.o rand_unix.o rand_os2.o rand_nw.o SRC= $(LIBSRC) @@ -35,7 +35,7 @@ top: all: lib lib: $(LIBOBJ) - $(AR) $(LIB) $(LIBOBJ) + $(ARX) $(LIB) $(LIBOBJ) $(RANLIB) $(LIB) || echo Never mind. @touch lib @@ -79,17 +79,34 @@ clean: md_rand.o: ../../e_os.h ../../include/openssl/asn1.h md_rand.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h md_rand.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -md_rand.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h -md_rand.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -md_rand.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -md_rand.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h -md_rand.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -md_rand.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -md_rand.o: md_rand.c rand_lcl.h +md_rand.o: ../../include/openssl/evp.h ../../include/openssl/fips.h +md_rand.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +md_rand.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +md_rand.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +md_rand.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h +md_rand.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +md_rand.o: ../../include/openssl/symhacks.h md_rand.c rand_lcl.h rand_egd.o: ../../include/openssl/buffer.h ../../include/openssl/e_os2.h rand_egd.o: ../../include/openssl/opensslconf.h rand_egd.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h rand_egd.o: rand_egd.c +rand_eng.o: ../../e_os.h ../../include/openssl/asn1.h +rand_eng.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h +rand_eng.o: ../../include/openssl/crypto.h ../../include/openssl/des.h +rand_eng.o: ../../include/openssl/des_old.h ../../include/openssl/e_os2.h +rand_eng.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h +rand_eng.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h +rand_eng.o: ../../include/openssl/err.h ../../include/openssl/evp.h +rand_eng.o: ../../include/openssl/fips.h ../../include/openssl/fips_rand.h +rand_eng.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +rand_eng.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +rand_eng.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +rand_eng.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h +rand_eng.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +rand_eng.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +rand_eng.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h +rand_eng.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +rand_eng.o: ../cryptlib.h rand_eng.c rand_lcl.h rand_err.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h rand_err.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h rand_err.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h @@ -99,34 +116,39 @@ rand_err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h rand_err.o: rand_err.c rand_lib.o: ../../e_os.h ../../include/openssl/asn1.h rand_lib.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h -rand_lib.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h +rand_lib.o: ../../include/openssl/crypto.h ../../include/openssl/des.h +rand_lib.o: ../../include/openssl/des_old.h ../../include/openssl/e_os2.h rand_lib.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h rand_lib.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h rand_lib.o: ../../include/openssl/err.h ../../include/openssl/evp.h +rand_lib.o: ../../include/openssl/fips.h ../../include/openssl/fips_rand.h rand_lib.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h rand_lib.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h rand_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h rand_lib.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h rand_lib.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h rand_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +rand_lib.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h rand_lib.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -rand_lib.o: ../cryptlib.h rand_lib.c +rand_lib.o: ../cryptlib.h rand_lcl.h rand_lib.c rand_nw.o: ../../e_os.h ../../include/openssl/asn1.h rand_nw.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h rand_nw.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h rand_nw.o: ../../include/openssl/err.h ../../include/openssl/evp.h -rand_nw.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -rand_nw.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -rand_nw.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -rand_nw.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h -rand_nw.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -rand_nw.o: ../../include/openssl/symhacks.h ../cryptlib.h rand_lcl.h rand_nw.c +rand_nw.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h +rand_nw.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +rand_nw.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +rand_nw.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h +rand_nw.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +rand_nw.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +rand_nw.o: ../cryptlib.h rand_lcl.h rand_nw.c rand_os2.o: ../../e_os.h ../../include/openssl/asn1.h rand_os2.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h rand_os2.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h rand_os2.o: ../../include/openssl/err.h ../../include/openssl/evp.h -rand_os2.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -rand_os2.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +rand_os2.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h +rand_os2.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +rand_os2.o: ../../include/openssl/opensslconf.h rand_os2.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h rand_os2.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h rand_os2.o: ../../include/openssl/sha.h ../../include/openssl/stack.h @@ -136,8 +158,8 @@ rand_unix.o: ../../e_os.h ../../include/openssl/asn1.h rand_unix.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h rand_unix.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h rand_unix.o: ../../include/openssl/err.h ../../include/openssl/evp.h -rand_unix.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -rand_unix.o: ../../include/openssl/objects.h +rand_unix.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h +rand_unix.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h rand_unix.o: ../../include/openssl/opensslconf.h rand_unix.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h rand_unix.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h @@ -148,8 +170,9 @@ rand_win.o: ../../e_os.h ../../include/openssl/asn1.h rand_win.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h rand_win.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h rand_win.o: ../../include/openssl/err.h ../../include/openssl/evp.h -rand_win.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -rand_win.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +rand_win.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h +rand_win.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +rand_win.o: ../../include/openssl/opensslconf.h rand_win.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h rand_win.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h rand_win.o: ../../include/openssl/sha.h ../../include/openssl/stack.h diff --git a/lib/libssl/src/crypto/rand/md_rand.c b/lib/libssl/src/crypto/rand/md_rand.c index 9783d0c23e9..0f8dd3e00fa 100644 --- a/lib/libssl/src/crypto/rand/md_rand.c +++ b/lib/libssl/src/crypto/rand/md_rand.c @@ -126,6 +126,10 @@ #include <openssl/crypto.h> #include <openssl/err.h> +#ifdef OPENSSL_FIPS +#include <openssl/fips.h> +#endif + #ifdef BN_DEBUG # define PREDICT @@ -332,6 +336,14 @@ static int ssleay_rand_bytes(unsigned char *buf, int num) #endif int do_stir_pool = 0; +#ifdef OPENSSL_FIPS + if(FIPS_mode()) + { + FIPSerr(FIPS_F_SSLEAY_RAND_BYTES,FIPS_R_NON_FIPS_METHOD); + return 0; + } +#endif + #ifdef PREDICT if (rand_predictable) { diff --git a/lib/libssl/src/crypto/rand/rand.h b/lib/libssl/src/crypto/rand/rand.h index ac6c0217636..ea89153cba3 100644 --- a/lib/libssl/src/crypto/rand/rand.h +++ b/lib/libssl/src/crypto/rand/rand.h @@ -72,7 +72,7 @@ extern "C" { #endif #if defined(OPENSSL_FIPS) -#define FIPS_RAND_SIZE_T size_t +#define FIPS_RAND_SIZE_T int #endif /* Already defined in ossl_typ.h */ @@ -111,6 +111,15 @@ int RAND_query_egd_bytes(const char *path, unsigned char *buf, int bytes); int RAND_egd(const char *path); int RAND_egd_bytes(const char *path,int bytes); int RAND_poll(void); +#ifndef OPENSSL_NO_ENGINE +#ifdef OPENSSL_FIPS +void int_RAND_init_engine_callbacks(void); +void int_RAND_set_callbacks( + int (*set_rand_func)(const RAND_METHOD *meth, + const RAND_METHOD **pmeth), + const RAND_METHOD *(*get_rand_func)(const RAND_METHOD **pmeth)); +#endif +#endif #if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32) @@ -128,11 +137,29 @@ void ERR_load_RAND_strings(void); /* Error codes for the RAND functions. */ /* Function codes. */ +#define RAND_F_ENG_RAND_GET_RAND_METHOD 108 +#define RAND_F_FIPS_RAND 103 +#define RAND_F_FIPS_RAND_BYTES 102 +#define RAND_F_FIPS_RAND_GET_RAND_METHOD 109 +#define RAND_F_FIPS_RAND_SET_DT 106 +#define RAND_F_FIPS_SET_DT 104 +#define RAND_F_FIPS_SET_PRNG_SEED 107 +#define RAND_F_FIPS_SET_TEST_MODE 105 #define RAND_F_RAND_GET_RAND_METHOD 101 #define RAND_F_SSLEAY_RAND_BYTES 100 /* Reason codes. */ +#define RAND_R_NON_FIPS_METHOD 105 +#define RAND_R_NOT_IN_TEST_MODE 106 +#define RAND_R_NO_KEY_SET 107 +#define RAND_R_PRNG_ASKING_FOR_TOO_MUCH 101 +#define RAND_R_PRNG_ERROR 108 +#define RAND_R_PRNG_KEYED 109 +#define RAND_R_PRNG_NOT_REKEYED 102 +#define RAND_R_PRNG_NOT_RESEEDED 103 #define RAND_R_PRNG_NOT_SEEDED 100 +#define RAND_R_PRNG_SEED_MUST_NOT_MATCH_KEY 110 +#define RAND_R_PRNG_STUCK 104 #ifdef __cplusplus } diff --git a/lib/libssl/src/crypto/rand/rand_err.c b/lib/libssl/src/crypto/rand/rand_err.c index 386934dcd18..829fb44d77e 100644 --- a/lib/libssl/src/crypto/rand/rand_err.c +++ b/lib/libssl/src/crypto/rand/rand_err.c @@ -1,6 +1,6 @@ /* crypto/rand/rand_err.c */ /* ==================================================================== - * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved. + * Copyright (c) 1999-2007 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -70,6 +70,14 @@ static ERR_STRING_DATA RAND_str_functs[]= { +{ERR_FUNC(RAND_F_ENG_RAND_GET_RAND_METHOD), "ENG_RAND_GET_RAND_METHOD"}, +{ERR_FUNC(RAND_F_FIPS_RAND), "FIPS_RAND"}, +{ERR_FUNC(RAND_F_FIPS_RAND_BYTES), "FIPS_RAND_BYTES"}, +{ERR_FUNC(RAND_F_FIPS_RAND_GET_RAND_METHOD), "FIPS_RAND_GET_RAND_METHOD"}, +{ERR_FUNC(RAND_F_FIPS_RAND_SET_DT), "FIPS_RAND_SET_DT"}, +{ERR_FUNC(RAND_F_FIPS_SET_DT), "FIPS_SET_DT"}, +{ERR_FUNC(RAND_F_FIPS_SET_PRNG_SEED), "FIPS_SET_PRNG_SEED"}, +{ERR_FUNC(RAND_F_FIPS_SET_TEST_MODE), "FIPS_SET_TEST_MODE"}, {ERR_FUNC(RAND_F_RAND_GET_RAND_METHOD), "RAND_get_rand_method"}, {ERR_FUNC(RAND_F_SSLEAY_RAND_BYTES), "SSLEAY_RAND_BYTES"}, {0,NULL} @@ -77,7 +85,17 @@ static ERR_STRING_DATA RAND_str_functs[]= static ERR_STRING_DATA RAND_str_reasons[]= { +{ERR_REASON(RAND_R_NON_FIPS_METHOD) ,"non fips method"}, +{ERR_REASON(RAND_R_NOT_IN_TEST_MODE) ,"not in test mode"}, +{ERR_REASON(RAND_R_NO_KEY_SET) ,"no key set"}, +{ERR_REASON(RAND_R_PRNG_ASKING_FOR_TOO_MUCH),"prng asking for too much"}, +{ERR_REASON(RAND_R_PRNG_ERROR) ,"prng error"}, +{ERR_REASON(RAND_R_PRNG_KEYED) ,"prng keyed"}, +{ERR_REASON(RAND_R_PRNG_NOT_REKEYED) ,"prng not rekeyed"}, +{ERR_REASON(RAND_R_PRNG_NOT_RESEEDED) ,"prng not reseeded"}, {ERR_REASON(RAND_R_PRNG_NOT_SEEDED) ,"PRNG not seeded"}, +{ERR_REASON(RAND_R_PRNG_SEED_MUST_NOT_MATCH_KEY),"prng seed must not match key"}, +{ERR_REASON(RAND_R_PRNG_STUCK) ,"prng stuck"}, {0,NULL} }; diff --git a/lib/libssl/src/crypto/rand/rand_lcl.h b/lib/libssl/src/crypto/rand/rand_lcl.h index 618a8ec899c..18cc9b1e4af 100644 --- a/lib/libssl/src/crypto/rand/rand_lcl.h +++ b/lib/libssl/src/crypto/rand/rand_lcl.h @@ -154,5 +154,16 @@ #define MD(a,b,c) EVP_Digest(a,b,c,NULL,EVP_md2(), NULL) #endif +#ifndef OPENSSL_NO_ENGINE +void int_RAND_set_callbacks( + int (*set_rand_func)(const RAND_METHOD *meth, + const RAND_METHOD **pmeth), + const RAND_METHOD *(*get_rand_func) + (const RAND_METHOD **pmeth)); +int eng_RAND_set_rand_method(const RAND_METHOD *meth, + const RAND_METHOD **pmeth); +const RAND_METHOD *eng_RAND_get_rand_method(const RAND_METHOD **pmeth); +#endif + #endif diff --git a/lib/libssl/src/crypto/rand/rand_lib.c b/lib/libssl/src/crypto/rand/rand_lib.c index 513e3389859..da6b4e0e862 100644 --- a/lib/libssl/src/crypto/rand/rand_lib.c +++ b/lib/libssl/src/crypto/rand/rand_lib.c @@ -60,15 +60,82 @@ #include <time.h> #include "cryptlib.h" #include <openssl/rand.h> +#include "rand_lcl.h" +#ifdef OPENSSL_FIPS +#include <openssl/fips.h> +#include <openssl/fips_rand.h> +#endif + #ifndef OPENSSL_NO_ENGINE #include <openssl/engine.h> #endif +static const RAND_METHOD *default_RAND_meth = NULL; + +#ifdef OPENSSL_FIPS + +static int fips_RAND_set_rand_method(const RAND_METHOD *meth, + const RAND_METHOD **pmeth) + { + *pmeth = meth; + return 1; + } + +static const RAND_METHOD *fips_RAND_get_rand_method(const RAND_METHOD **pmeth) + { + if (!*pmeth) + { + if(FIPS_mode()) + *pmeth=FIPS_rand_method(); + else + *pmeth = RAND_SSLeay(); + } + + if(FIPS_mode() + && *pmeth != FIPS_rand_check()) + { + RANDerr(RAND_F_FIPS_RAND_GET_RAND_METHOD,RAND_R_NON_FIPS_METHOD); + return 0; + } + + return *pmeth; + } + +static int (*RAND_set_rand_method_func)(const RAND_METHOD *meth, + const RAND_METHOD **pmeth) + = fips_RAND_set_rand_method; +static const RAND_METHOD *(*RAND_get_rand_method_func) + (const RAND_METHOD **pmeth) + = fips_RAND_get_rand_method; + +#ifndef OPENSSL_NO_ENGINE +void int_RAND_set_callbacks( + int (*set_rand_func)(const RAND_METHOD *meth, + const RAND_METHOD **pmeth), + const RAND_METHOD *(*get_rand_func) + (const RAND_METHOD **pmeth)) + { + RAND_set_rand_method_func = set_rand_func; + RAND_get_rand_method_func = get_rand_func; + } +#endif + +int RAND_set_rand_method(const RAND_METHOD *meth) + { + return RAND_set_rand_method_func(meth, &default_RAND_meth); + } + +const RAND_METHOD *RAND_get_rand_method(void) + { + return RAND_get_rand_method_func(&default_RAND_meth); + } + +#else + #ifndef OPENSSL_NO_ENGINE /* non-NULL if default_RAND_meth is ENGINE-provided */ static ENGINE *funct_ref =NULL; #endif -static const RAND_METHOD *default_RAND_meth = NULL; int RAND_set_rand_method(const RAND_METHOD *meth) { @@ -129,6 +196,8 @@ int RAND_set_rand_engine(ENGINE *engine) } #endif +#endif + void RAND_cleanup(void) { const RAND_METHOD *meth = RAND_get_rand_method(); diff --git a/lib/libssl/src/crypto/rand/randfile.c b/lib/libssl/src/crypto/rand/randfile.c index 005cb38cb0c..f63fbc17319 100644 --- a/lib/libssl/src/crypto/rand/randfile.c +++ b/lib/libssl/src/crypto/rand/randfile.c @@ -81,10 +81,25 @@ # include <sys/stat.h> #endif +#ifdef _WIN32 +#define stat _stat +#define chmod _chmod +#define open _open +#define fdopen _fdopen +#endif + #undef BUFSIZE #define BUFSIZE 1024 #define RAND_DATA 1024 +#ifdef OPENSSL_SYS_VMS +/* This declaration is a nasty hack to get around vms' extension to fopen + * for passing in sharing options being disabled by our /STANDARD=ANSI89 */ +static FILE *(*const vms_fopen)(const char *, const char *, ...) = + (FILE *(*)(const char *, const char *, ...))fopen; +#define VMS_OPEN_ATTRS "shr=get,put,upd,del","ctx=bin,stm","rfm=stm","rat=none","mrs=0" +#endif + /* #define RFILE ".rnd" - defined in ../../e_os.h */ /* Note that these functions are intended for seed files only. @@ -106,7 +121,11 @@ int RAND_load_file(const char *file, long bytes) RAND_add(&sb,sizeof(sb),0.0); if (bytes == 0) return(ret); +#ifdef OPENSSL_SYS_VMS + in=vms_fopen(file,"rb",VMS_OPEN_ATTRS); +#else in=fopen(file,"rb"); +#endif if (in == NULL) goto err; #if defined(S_IFBLK) && defined(S_IFCHR) if (sb.st_mode & (S_IFBLK | S_IFCHR)) { @@ -167,7 +186,7 @@ int RAND_write_file(const char *file) #endif } -#if defined(O_CREAT) && !defined(OPENSSL_SYS_WIN32) +#if defined(O_CREAT) && !defined(OPENSSL_SYS_WIN32) && !defined(OPENSSL_SYS_VMS) { /* For some reason Win32 can't write to files created this way */ @@ -178,8 +197,34 @@ int RAND_write_file(const char *file) out = fdopen(fd, "wb"); } #endif + +#ifdef OPENSSL_SYS_VMS + /* VMS NOTE: Prior versions of this routine created a _new_ + * version of the rand file for each call into this routine, then + * deleted all existing versions named ;-1, and finally renamed + * the current version as ';1'. Under concurrent usage, this + * resulted in an RMS race condition in rename() which could + * orphan files (see vms message help for RMS$_REENT). With the + * fopen() calls below, openssl/VMS now shares the top-level + * version of the rand file. Note that there may still be + * conditions where the top-level rand file is locked. If so, this + * code will then create a new version of the rand file. Without + * the delete and rename code, this can result in ascending file + * versions that stop at version 32767, and this routine will then + * return an error. The remedy for this is to recode the calling + * application to avoid concurrent use of the rand file, or + * synchronize usage at the application level. Also consider + * whether or not you NEED a persistent rand file in a concurrent + * use situation. + */ + + out = vms_fopen(file,"rb+",VMS_OPEN_ATTRS); + if (out == NULL) + out = vms_fopen(file,"wb",VMS_OPEN_ATTRS); +#else if (out == NULL) out = fopen(file,"wb"); +#endif if (out == NULL) goto err; #ifndef NO_CHMOD @@ -201,25 +246,6 @@ int RAND_write_file(const char *file) ret+=i; if (n <= 0) break; } -#ifdef OPENSSL_SYS_VMS - /* Try to delete older versions of the file, until there aren't - any */ - { - char *tmpf; - - tmpf = OPENSSL_malloc(strlen(file) + 4); /* to add ";-1" and a nul */ - if (tmpf) - { - strcpy(tmpf, file); - strcat(tmpf, ";-1"); - while(delete(tmpf) == 0) - ; - rename(file,";1"); /* Make sure it's version 1, or we - will reach the limit (32767) at - some point... */ - } - } -#endif /* OPENSSL_SYS_VMS */ fclose(out); OPENSSL_cleanse(buf,BUFSIZE); diff --git a/lib/libssl/src/crypto/rc2/rc2.h b/lib/libssl/src/crypto/rc2/rc2.h index 34c83623172..e542ec94ffb 100644 --- a/lib/libssl/src/crypto/rc2/rc2.h +++ b/lib/libssl/src/crypto/rc2/rc2.h @@ -79,7 +79,9 @@ typedef struct rc2_key_st RC2_INT data[64]; } RC2_KEY; - +#ifdef OPENSSL_FIPS +void private_RC2_set_key(RC2_KEY *key, int len, const unsigned char *data,int bits); +#endif void RC2_set_key(RC2_KEY *key, int len, const unsigned char *data,int bits); void RC2_ecb_encrypt(const unsigned char *in,unsigned char *out,RC2_KEY *key, int enc); diff --git a/lib/libssl/src/crypto/rc2/rc2_skey.c b/lib/libssl/src/crypto/rc2/rc2_skey.c index 49536420566..4e000e5b992 100644 --- a/lib/libssl/src/crypto/rc2/rc2_skey.c +++ b/lib/libssl/src/crypto/rc2/rc2_skey.c @@ -57,6 +57,11 @@ */ #include <openssl/rc2.h> +#include <openssl/crypto.h> +#ifdef OPENSSL_FIPS +#include <openssl/fips.h> +#endif + #include "rc2_locl.h" static unsigned char key_table[256]={ @@ -94,8 +99,20 @@ static unsigned char key_table[256]={ * BSAFE uses the 'retarded' version. What I previously shipped is * the same as specifying 1024 for the 'bits' parameter. Bsafe uses * a version where the bits parameter is the same as len*8 */ + +#ifdef OPENSSL_FIPS void RC2_set_key(RC2_KEY *key, int len, const unsigned char *data, int bits) { + if (FIPS_mode()) + FIPS_BAD_ABORT(RC2) + private_RC2_set_key(key, len, data, bits); + } +void private_RC2_set_key(RC2_KEY *key, int len, const unsigned char *data, + int bits) +#else +void RC2_set_key(RC2_KEY *key, int len, const unsigned char *data, int bits) +#endif + { int i,j; unsigned char *k; RC2_INT *ki; diff --git a/lib/libssl/src/crypto/rc4/asm/rc4-x86_64.pl b/lib/libssl/src/crypto/rc4/asm/rc4-x86_64.pl index 92c52f34333..3a546234955 100755 --- a/lib/libssl/src/crypto/rc4/asm/rc4-x86_64.pl +++ b/lib/libssl/src/crypto/rc4/asm/rc4-x86_64.pl @@ -358,6 +358,8 @@ ___ $code =~ s/#([bwd])/$1/gm; +$code =~ s/RC4_set_key/private_RC4_set_key/g if ($ENV{FIPSCANLIB} ne ""); + print $code; close STDOUT; diff --git a/lib/libssl/src/crypto/rc4/rc4.h b/lib/libssl/src/crypto/rc4/rc4.h index 7aec04fe93a..2d8620d33b9 100644 --- a/lib/libssl/src/crypto/rc4/rc4.h +++ b/lib/libssl/src/crypto/rc4/rc4.h @@ -76,6 +76,9 @@ typedef struct rc4_key_st const char *RC4_options(void); +#ifdef OPENSSL_FIPS +void private_RC4_set_key(RC4_KEY *key, int len, const unsigned char *data); +#endif void RC4_set_key(RC4_KEY *key, int len, const unsigned char *data); void RC4(RC4_KEY *key, unsigned long len, const unsigned char *indata, unsigned char *outdata); diff --git a/lib/libssl/src/crypto/rc4/rc4_skey.c b/lib/libssl/src/crypto/rc4/rc4_skey.c index 46b77ec3216..4478d1a4b3b 100644 --- a/lib/libssl/src/crypto/rc4/rc4_skey.c +++ b/lib/libssl/src/crypto/rc4/rc4_skey.c @@ -59,6 +59,11 @@ #include <openssl/rc4.h> #include "rc4_locl.h" #include <openssl/opensslv.h> +#include <openssl/crypto.h> +#ifdef OPENSSL_FIPS +#include <openssl/fips.h> +#endif + const char RC4_version[]="RC4" OPENSSL_VERSION_PTEXT; @@ -85,7 +90,11 @@ const char *RC4_options(void) * Date: Wed, 14 Sep 1994 06:35:31 GMT */ +#ifdef OPENSSL_FIPS +void private_RC4_set_key(RC4_KEY *key, int len, const unsigned char *data) +#else void RC4_set_key(RC4_KEY *key, int len, const unsigned char *data) +#endif { register RC4_INT tmp; register int id1,id2; @@ -127,7 +136,12 @@ void RC4_set_key(RC4_KEY *key, int len, const unsigned char *data) * * <appro@fy.chalmers.se> */ - if (OPENSSL_ia32cap_P & (1<<20)) { +#ifdef OPENSSL_FIPS + unsigned long *ia32cap_ptr = OPENSSL_ia32cap_loc(); + if (ia32cap_ptr && (*ia32cap_ptr & (1<<28))) { +#else + if (OPENSSL_ia32cap_P & (1<<28)) { +#endif unsigned char *cp=(unsigned char *)d; for (i=0;i<256;i++) cp[i]=i; diff --git a/lib/libssl/src/crypto/rc5/rc5.h b/lib/libssl/src/crypto/rc5/rc5.h index 4b3c153b503..f73a2a02a45 100644 --- a/lib/libssl/src/crypto/rc5/rc5.h +++ b/lib/libssl/src/crypto/rc5/rc5.h @@ -94,7 +94,10 @@ typedef struct rc5_key_st RC5_32_INT data[2*(RC5_16_ROUNDS+1)]; } RC5_32_KEY; - +#ifdef OPENSSL_FIPS +void private_RC5_32_set_key(RC5_32_KEY *key, int len, const unsigned char *data, + int rounds); +#endif void RC5_32_set_key(RC5_32_KEY *key, int len, const unsigned char *data, int rounds); void RC5_32_ecb_encrypt(const unsigned char *in,unsigned char *out,RC5_32_KEY *key, diff --git a/lib/libssl/src/crypto/ripemd/ripemd.h b/lib/libssl/src/crypto/ripemd/ripemd.h index 033a5965b58..3b6d04386d4 100644 --- a/lib/libssl/src/crypto/ripemd/ripemd.h +++ b/lib/libssl/src/crypto/ripemd/ripemd.h @@ -90,7 +90,9 @@ typedef struct RIPEMD160state_st RIPEMD160_LONG data[RIPEMD160_LBLOCK]; unsigned int num; } RIPEMD160_CTX; - +#ifdef OPENSSL_FIPS +int private_RIPEMD160_Init(RIPEMD160_CTX *c); +#endif int RIPEMD160_Init(RIPEMD160_CTX *c); int RIPEMD160_Update(RIPEMD160_CTX *c, const void *data, size_t len); int RIPEMD160_Final(unsigned char *md, RIPEMD160_CTX *c); diff --git a/lib/libssl/src/crypto/ripemd/rmd_dgst.c b/lib/libssl/src/crypto/ripemd/rmd_dgst.c index 1f2401aa7ec..a845e17ed86 100644 --- a/lib/libssl/src/crypto/ripemd/rmd_dgst.c +++ b/lib/libssl/src/crypto/ripemd/rmd_dgst.c @@ -59,6 +59,11 @@ #include <stdio.h> #include "rmd_locl.h" #include <openssl/opensslv.h> +#include <openssl/err.h> +#ifdef OPENSSL_FIPS +#include <openssl/fips.h> +#endif + const char RMD160_version[]="RIPE-MD160" OPENSSL_VERSION_PTEXT; @@ -69,7 +74,7 @@ const char RMD160_version[]="RIPE-MD160" OPENSSL_VERSION_PTEXT; void ripemd160_block(RIPEMD160_CTX *c, unsigned long *p,size_t num); # endif -int RIPEMD160_Init(RIPEMD160_CTX *c) +FIPS_NON_FIPS_MD_Init(RIPEMD160) { c->A=RIPEMD160_A; c->B=RIPEMD160_B; diff --git a/lib/libssl/src/crypto/ripemd/rmd_locl.h b/lib/libssl/src/crypto/ripemd/rmd_locl.h index f14b346e662..ce12a8000ea 100644 --- a/lib/libssl/src/crypto/ripemd/rmd_locl.h +++ b/lib/libssl/src/crypto/ripemd/rmd_locl.h @@ -72,7 +72,7 @@ */ #ifdef RMD160_ASM # if defined(__i386) || defined(__i386__) || defined(_M_IX86) || defined(__INTEL__) -# define ripemd160_block_data_order ripemd160_block_asm_data_order +# define ripemd160_block_host_order ripemd160_block_asm_data_order # endif #endif diff --git a/lib/libssl/src/crypto/rsa/Makefile b/lib/libssl/src/crypto/rsa/Makefile index 8f1c611800c..7b1fd6428c9 100644 --- a/lib/libssl/src/crypto/rsa/Makefile +++ b/lib/libssl/src/crypto/rsa/Makefile @@ -19,10 +19,10 @@ APPS= LIB=$(TOP)/libcrypto.a LIBSRC= rsa_eay.c rsa_gen.c rsa_lib.c rsa_sign.c rsa_saos.c rsa_err.c \ rsa_pk1.c rsa_ssl.c rsa_none.c rsa_oaep.c rsa_chk.c rsa_null.c \ - rsa_pss.c rsa_x931.c rsa_asn1.c rsa_depr.c + rsa_pss.c rsa_x931.c rsa_x931g.c rsa_asn1.c rsa_depr.c rsa_eng.c LIBOBJ= rsa_eay.o rsa_gen.o rsa_lib.o rsa_sign.o rsa_saos.o rsa_err.o \ rsa_pk1.o rsa_ssl.o rsa_none.o rsa_oaep.o rsa_chk.o rsa_null.o \ - rsa_pss.o rsa_x931.o rsa_asn1.o rsa_depr.o + rsa_pss.o rsa_x931.o rsa_x931g.o rsa_asn1.o rsa_depr.o rsa_eng.o SRC= $(LIBSRC) @@ -37,7 +37,7 @@ top: all: lib lib: $(LIBOBJ) - $(AR) $(LIB) $(LIBOBJ) + $(ARX) $(LIB) $(LIBOBJ) $(RANLIB) $(LIB) || echo Never mind. @touch lib @@ -114,6 +114,21 @@ rsa_eay.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h rsa_eay.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h rsa_eay.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h rsa_eay.o: ../../include/openssl/symhacks.h ../cryptlib.h rsa_eay.c +rsa_eng.o: ../../e_os.h ../../include/openssl/asn1.h +rsa_eng.o: ../../include/openssl/bio.h ../../include/openssl/bn.h +rsa_eng.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h +rsa_eng.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h +rsa_eng.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h +rsa_eng.o: ../../include/openssl/engine.h ../../include/openssl/err.h +rsa_eng.o: ../../include/openssl/evp.h ../../include/openssl/fips.h +rsa_eng.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +rsa_eng.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +rsa_eng.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +rsa_eng.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h +rsa_eng.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h +rsa_eng.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +rsa_eng.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +rsa_eng.o: ../../include/openssl/x509_vfy.h ../cryptlib.h rsa_eng.c rsa_err.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h rsa_err.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h rsa_err.o: ../../include/openssl/err.h ../../include/openssl/lhash.h @@ -136,15 +151,15 @@ rsa_lib.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h rsa_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h rsa_lib.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h rsa_lib.o: ../../include/openssl/engine.h ../../include/openssl/err.h -rsa_lib.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h -rsa_lib.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -rsa_lib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -rsa_lib.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h -rsa_lib.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h -rsa_lib.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -rsa_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -rsa_lib.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -rsa_lib.o: ../cryptlib.h rsa_lib.c +rsa_lib.o: ../../include/openssl/evp.h ../../include/openssl/fips.h +rsa_lib.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +rsa_lib.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +rsa_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +rsa_lib.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h +rsa_lib.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h +rsa_lib.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +rsa_lib.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +rsa_lib.o: ../../include/openssl/x509_vfy.h ../cryptlib.h rsa_lib.c rsa_none.o: ../../e_os.h ../../include/openssl/asn1.h rsa_none.o: ../../include/openssl/bio.h ../../include/openssl/bn.h rsa_none.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h @@ -167,9 +182,9 @@ rsa_oaep.o: ../../e_os.h ../../include/openssl/asn1.h rsa_oaep.o: ../../include/openssl/bio.h ../../include/openssl/bn.h rsa_oaep.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h rsa_oaep.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -rsa_oaep.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h -rsa_oaep.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -rsa_oaep.o: ../../include/openssl/opensslconf.h +rsa_oaep.o: ../../include/openssl/evp.h ../../include/openssl/fips.h +rsa_oaep.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +rsa_oaep.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h rsa_oaep.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h rsa_oaep.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h rsa_oaep.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h @@ -188,21 +203,23 @@ rsa_pss.o: ../../e_os.h ../../include/openssl/asn1.h rsa_pss.o: ../../include/openssl/bio.h ../../include/openssl/bn.h rsa_pss.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h rsa_pss.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -rsa_pss.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h -rsa_pss.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -rsa_pss.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -rsa_pss.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h -rsa_pss.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h -rsa_pss.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -rsa_pss.o: ../../include/openssl/symhacks.h ../cryptlib.h rsa_pss.c +rsa_pss.o: ../../include/openssl/evp.h ../../include/openssl/fips.h +rsa_pss.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +rsa_pss.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +rsa_pss.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +rsa_pss.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h +rsa_pss.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +rsa_pss.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +rsa_pss.o: ../cryptlib.h rsa_pss.c rsa_saos.o: ../../e_os.h ../../include/openssl/asn1.h rsa_saos.o: ../../include/openssl/bio.h ../../include/openssl/bn.h rsa_saos.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h rsa_saos.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h rsa_saos.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h rsa_saos.o: ../../include/openssl/err.h ../../include/openssl/evp.h -rsa_saos.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -rsa_saos.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +rsa_saos.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h +rsa_saos.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +rsa_saos.o: ../../include/openssl/opensslconf.h rsa_saos.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h rsa_saos.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h rsa_saos.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h @@ -215,8 +232,9 @@ rsa_sign.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h rsa_sign.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h rsa_sign.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h rsa_sign.o: ../../include/openssl/err.h ../../include/openssl/evp.h -rsa_sign.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -rsa_sign.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +rsa_sign.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h +rsa_sign.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +rsa_sign.o: ../../include/openssl/opensslconf.h rsa_sign.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h rsa_sign.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h rsa_sign.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h @@ -242,3 +260,11 @@ rsa_x931.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h rsa_x931.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h rsa_x931.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h rsa_x931.o: ../../include/openssl/symhacks.h ../cryptlib.h rsa_x931.c +rsa_x931g.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h +rsa_x931g.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h +rsa_x931g.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h +rsa_x931g.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h +rsa_x931g.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +rsa_x931g.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h +rsa_x931g.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +rsa_x931g.o: rsa_x931g.c diff --git a/lib/libssl/src/crypto/rsa/rsa.h b/lib/libssl/src/crypto/rsa/rsa.h index 3699afaaaf9..5bb932ae15f 100644 --- a/lib/libssl/src/crypto/rsa/rsa.h +++ b/lib/libssl/src/crypto/rsa/rsa.h @@ -74,6 +74,25 @@ #error RSA is disabled. #endif +/* If this flag is set the RSA method is FIPS compliant and can be used + * in FIPS mode. This is set in the validated module method. If an + * application sets this flag in its own methods it is its reposibility + * to ensure the result is compliant. + */ + +#define RSA_FLAG_FIPS_METHOD 0x0400 + +/* If this flag is set the operations normally disabled in FIPS mode are + * permitted it is then the applications responsibility to ensure that the + * usage is compliant. + */ + +#define RSA_FLAG_NON_FIPS_ALLOW 0x0400 + +#ifdef OPENSSL_FIPS +#define FIPS_RSA_SIZE_T int +#endif + #ifdef __cplusplus extern "C" { #endif @@ -163,6 +182,8 @@ struct rsa_st # define OPENSSL_RSA_MAX_MODULUS_BITS 16384 #endif +#define OPENSSL_RSA_FIPS_MIN_MODULUS_BITS 1024 + #ifndef OPENSSL_RSA_SMALL_MODULUS_BITS # define OPENSSL_RSA_SMALL_MODULUS_BITS 3072 #endif @@ -240,6 +261,11 @@ RSA * RSA_generate_key(int bits, unsigned long e,void /* New version */ int RSA_generate_key_ex(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb); +int RSA_X931_derive_ex(RSA *rsa, BIGNUM *p1, BIGNUM *p2, BIGNUM *q1, BIGNUM *q2, + const BIGNUM *Xp1, const BIGNUM *Xp2, const BIGNUM *Xp, + const BIGNUM *Xq1, const BIGNUM *Xq2, const BIGNUM *Xq, + const BIGNUM *e, BN_GENCB *cb); +int RSA_X931_generate_key_ex(RSA *rsa, int bits, const BIGNUM *e, BN_GENCB *cb); int RSA_check_key(const RSA *); /* next 4 return -1 on error */ @@ -257,6 +283,11 @@ int RSA_up_ref(RSA *r); int RSA_flags(const RSA *r); +#ifdef OPENSSL_FIPS +RSA *FIPS_rsa_new(void); +void FIPS_rsa_free(RSA *r); +#endif + void RSA_set_default_method(const RSA_METHOD *meth); const RSA_METHOD *RSA_get_default_method(void); const RSA_METHOD *RSA_get_method(const RSA *rsa); @@ -370,6 +401,8 @@ void ERR_load_RSA_strings(void); /* Error codes for the RSA functions. */ /* Function codes. */ +#define RSA_F_FIPS_RSA_SIGN 140 +#define RSA_F_FIPS_RSA_VERIFY 141 #define RSA_F_MEMORY_LOCK 100 #define RSA_F_RSA_BUILTIN_KEYGEN 129 #define RSA_F_RSA_CHECK_KEY 123 @@ -401,7 +434,11 @@ void ERR_load_RSA_strings(void); #define RSA_F_RSA_PADDING_CHECK_X931 128 #define RSA_F_RSA_PRINT 115 #define RSA_F_RSA_PRINT_FP 116 +#define RSA_F_RSA_PRIVATE_ENCRYPT 137 +#define RSA_F_RSA_PUBLIC_DECRYPT 138 #define RSA_F_RSA_SETUP_BLINDING 136 +#define RSA_F_RSA_SET_DEFAULT_METHOD 139 +#define RSA_F_RSA_SET_METHOD 142 #define RSA_F_RSA_SIGN 117 #define RSA_F_RSA_SIGN_ASN1_OCTET_STRING 118 #define RSA_F_RSA_VERIFY 119 @@ -435,10 +472,12 @@ void ERR_load_RSA_strings(void); #define RSA_R_KEY_SIZE_TOO_SMALL 120 #define RSA_R_LAST_OCTET_INVALID 134 #define RSA_R_MODULUS_TOO_LARGE 105 +#define RSA_R_NON_FIPS_METHOD 141 #define RSA_R_NO_PUBLIC_EXPONENT 140 #define RSA_R_NULL_BEFORE_BLOCK_MISSING 113 #define RSA_R_N_DOES_NOT_EQUAL_P_Q 127 #define RSA_R_OAEP_DECODING_ERROR 121 +#define RSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE 142 #define RSA_R_PADDING_CHECK_FAILED 114 #define RSA_R_P_NOT_PRIME 128 #define RSA_R_Q_NOT_PRIME 129 diff --git a/lib/libssl/src/crypto/rsa/rsa_asn1.c b/lib/libssl/src/crypto/rsa/rsa_asn1.c index bbbf26d50ed..6e8a803e814 100644 --- a/lib/libssl/src/crypto/rsa/rsa_asn1.c +++ b/lib/libssl/src/crypto/rsa/rsa_asn1.c @@ -1,5 +1,5 @@ /* rsa_asn1.c */ -/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2000. */ /* ==================================================================== diff --git a/lib/libssl/src/crypto/rsa/rsa_eay.c b/lib/libssl/src/crypto/rsa/rsa_eay.c index 5a6eda79617..04ec789ee9c 100644 --- a/lib/libssl/src/crypto/rsa/rsa_eay.c +++ b/lib/libssl/src/crypto/rsa/rsa_eay.c @@ -115,7 +115,7 @@ #include <openssl/rsa.h> #include <openssl/rand.h> -#ifndef RSA_NULL +#if !defined(RSA_NULL) && !defined(OPENSSL_FIPS) static int RSA_eay_public_encrypt(int flen, const unsigned char *from, unsigned char *to, RSA *rsa,int padding); diff --git a/lib/libssl/src/crypto/rsa/rsa_err.c b/lib/libssl/src/crypto/rsa/rsa_err.c index fe3ba1b44bb..501f5ea3894 100644 --- a/lib/libssl/src/crypto/rsa/rsa_err.c +++ b/lib/libssl/src/crypto/rsa/rsa_err.c @@ -1,6 +1,6 @@ /* crypto/rsa/rsa_err.c */ /* ==================================================================== - * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved. + * Copyright (c) 1999-2007 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -70,6 +70,8 @@ static ERR_STRING_DATA RSA_str_functs[]= { +{ERR_FUNC(RSA_F_FIPS_RSA_SIGN), "FIPS_RSA_SIGN"}, +{ERR_FUNC(RSA_F_FIPS_RSA_VERIFY), "FIPS_RSA_VERIFY"}, {ERR_FUNC(RSA_F_MEMORY_LOCK), "MEMORY_LOCK"}, {ERR_FUNC(RSA_F_RSA_BUILTIN_KEYGEN), "RSA_BUILTIN_KEYGEN"}, {ERR_FUNC(RSA_F_RSA_CHECK_KEY), "RSA_check_key"}, @@ -101,7 +103,11 @@ static ERR_STRING_DATA RSA_str_functs[]= {ERR_FUNC(RSA_F_RSA_PADDING_CHECK_X931), "RSA_padding_check_X931"}, {ERR_FUNC(RSA_F_RSA_PRINT), "RSA_print"}, {ERR_FUNC(RSA_F_RSA_PRINT_FP), "RSA_print_fp"}, +{ERR_FUNC(RSA_F_RSA_PRIVATE_ENCRYPT), "RSA_private_encrypt"}, +{ERR_FUNC(RSA_F_RSA_PUBLIC_DECRYPT), "RSA_public_decrypt"}, {ERR_FUNC(RSA_F_RSA_SETUP_BLINDING), "RSA_setup_blinding"}, +{ERR_FUNC(RSA_F_RSA_SET_DEFAULT_METHOD), "RSA_set_default_method"}, +{ERR_FUNC(RSA_F_RSA_SET_METHOD), "RSA_set_method"}, {ERR_FUNC(RSA_F_RSA_SIGN), "RSA_sign"}, {ERR_FUNC(RSA_F_RSA_SIGN_ASN1_OCTET_STRING), "RSA_sign_ASN1_OCTET_STRING"}, {ERR_FUNC(RSA_F_RSA_VERIFY), "RSA_verify"}, @@ -138,10 +144,12 @@ static ERR_STRING_DATA RSA_str_reasons[]= {ERR_REASON(RSA_R_KEY_SIZE_TOO_SMALL) ,"key size too small"}, {ERR_REASON(RSA_R_LAST_OCTET_INVALID) ,"last octet invalid"}, {ERR_REASON(RSA_R_MODULUS_TOO_LARGE) ,"modulus too large"}, +{ERR_REASON(RSA_R_NON_FIPS_METHOD) ,"non fips method"}, {ERR_REASON(RSA_R_NO_PUBLIC_EXPONENT) ,"no public exponent"}, {ERR_REASON(RSA_R_NULL_BEFORE_BLOCK_MISSING),"null before block missing"}, {ERR_REASON(RSA_R_N_DOES_NOT_EQUAL_P_Q) ,"n does not equal p q"}, {ERR_REASON(RSA_R_OAEP_DECODING_ERROR) ,"oaep decoding error"}, +{ERR_REASON(RSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE),"operation not allowed in fips mode"}, {ERR_REASON(RSA_R_PADDING_CHECK_FAILED) ,"padding check failed"}, {ERR_REASON(RSA_R_P_NOT_PRIME) ,"p not prime"}, {ERR_REASON(RSA_R_Q_NOT_PRIME) ,"q not prime"}, diff --git a/lib/libssl/src/crypto/rsa/rsa_gen.c b/lib/libssl/src/crypto/rsa/rsa_gen.c index 767f7ab682a..41278f83c68 100644 --- a/lib/libssl/src/crypto/rsa/rsa_gen.c +++ b/lib/libssl/src/crypto/rsa/rsa_gen.c @@ -68,6 +68,8 @@ #include <openssl/bn.h> #include <openssl/rsa.h> +#ifndef OPENSSL_FIPS + static int rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value, BN_GENCB *cb); /* NB: this wrapper would normally be placed in rsa_lib.c and the static @@ -217,3 +219,4 @@ err: return ok; } +#endif diff --git a/lib/libssl/src/crypto/rsa/rsa_lib.c b/lib/libssl/src/crypto/rsa/rsa_lib.c index 104aa4c1f2d..5714841f4ca 100644 --- a/lib/libssl/src/crypto/rsa/rsa_lib.c +++ b/lib/libssl/src/crypto/rsa/rsa_lib.c @@ -67,215 +67,6 @@ #include <openssl/engine.h> #endif -const char RSA_version[]="RSA" OPENSSL_VERSION_PTEXT; - -static const RSA_METHOD *default_RSA_meth=NULL; - -RSA *RSA_new(void) - { - RSA *r=RSA_new_method(NULL); - - return r; - } - -void RSA_set_default_method(const RSA_METHOD *meth) - { - default_RSA_meth = meth; - } - -const RSA_METHOD *RSA_get_default_method(void) - { - if (default_RSA_meth == NULL) - { -#ifdef RSA_NULL - default_RSA_meth=RSA_null_method(); -#else -#if 0 /* was: #ifdef RSAref */ - default_RSA_meth=RSA_PKCS1_RSAref(); -#else - default_RSA_meth=RSA_PKCS1_SSLeay(); -#endif -#endif - } - - return default_RSA_meth; - } - -const RSA_METHOD *RSA_get_method(const RSA *rsa) - { - return rsa->meth; - } - -int RSA_set_method(RSA *rsa, const RSA_METHOD *meth) - { - /* NB: The caller is specifically setting a method, so it's not up to us - * to deal with which ENGINE it comes from. */ - const RSA_METHOD *mtmp; - mtmp = rsa->meth; - if (mtmp->finish) mtmp->finish(rsa); -#ifndef OPENSSL_NO_ENGINE - if (rsa->engine) - { - ENGINE_finish(rsa->engine); - rsa->engine = NULL; - } -#endif - rsa->meth = meth; - if (meth->init) meth->init(rsa); - return 1; - } - -RSA *RSA_new_method(ENGINE *engine) - { - RSA *ret; - - ret=(RSA *)OPENSSL_malloc(sizeof(RSA)); - if (ret == NULL) - { - RSAerr(RSA_F_RSA_NEW_METHOD,ERR_R_MALLOC_FAILURE); - return NULL; - } - - ret->meth = RSA_get_default_method(); -#ifndef OPENSSL_NO_ENGINE - if (engine) - { - if (!ENGINE_init(engine)) - { - RSAerr(RSA_F_RSA_NEW_METHOD, ERR_R_ENGINE_LIB); - OPENSSL_free(ret); - return NULL; - } - ret->engine = engine; - } - else - ret->engine = ENGINE_get_default_RSA(); - if(ret->engine) - { - ret->meth = ENGINE_get_RSA(ret->engine); - if(!ret->meth) - { - RSAerr(RSA_F_RSA_NEW_METHOD, - ERR_R_ENGINE_LIB); - ENGINE_finish(ret->engine); - OPENSSL_free(ret); - return NULL; - } - } -#endif - - ret->pad=0; - ret->version=0; - ret->n=NULL; - ret->e=NULL; - ret->d=NULL; - ret->p=NULL; - ret->q=NULL; - ret->dmp1=NULL; - ret->dmq1=NULL; - ret->iqmp=NULL; - ret->references=1; - ret->_method_mod_n=NULL; - ret->_method_mod_p=NULL; - ret->_method_mod_q=NULL; - ret->blinding=NULL; - ret->mt_blinding=NULL; - ret->bignum_data=NULL; - ret->flags=ret->meth->flags; - CRYPTO_new_ex_data(CRYPTO_EX_INDEX_RSA, ret, &ret->ex_data); - if ((ret->meth->init != NULL) && !ret->meth->init(ret)) - { -#ifndef OPENSSL_NO_ENGINE - if (ret->engine) - ENGINE_finish(ret->engine); -#endif - CRYPTO_free_ex_data(CRYPTO_EX_INDEX_RSA, ret, &ret->ex_data); - OPENSSL_free(ret); - ret=NULL; - } - return(ret); - } - -void RSA_free(RSA *r) - { - int i; - - if (r == NULL) return; - - i=CRYPTO_add(&r->references,-1,CRYPTO_LOCK_RSA); -#ifdef REF_PRINT - REF_PRINT("RSA",r); -#endif - if (i > 0) return; -#ifdef REF_CHECK - if (i < 0) - { - fprintf(stderr,"RSA_free, bad reference count\n"); - abort(); - } -#endif - - if (r->meth->finish) - r->meth->finish(r); -#ifndef OPENSSL_NO_ENGINE - if (r->engine) - ENGINE_finish(r->engine); -#endif - - CRYPTO_free_ex_data(CRYPTO_EX_INDEX_RSA, r, &r->ex_data); - - if (r->n != NULL) BN_clear_free(r->n); - if (r->e != NULL) BN_clear_free(r->e); - if (r->d != NULL) BN_clear_free(r->d); - if (r->p != NULL) BN_clear_free(r->p); - if (r->q != NULL) BN_clear_free(r->q); - if (r->dmp1 != NULL) BN_clear_free(r->dmp1); - if (r->dmq1 != NULL) BN_clear_free(r->dmq1); - if (r->iqmp != NULL) BN_clear_free(r->iqmp); - if (r->blinding != NULL) BN_BLINDING_free(r->blinding); - if (r->mt_blinding != NULL) BN_BLINDING_free(r->mt_blinding); - if (r->bignum_data != NULL) OPENSSL_free_locked(r->bignum_data); - OPENSSL_free(r); - } - -int RSA_up_ref(RSA *r) - { - int i = CRYPTO_add(&r->references, 1, CRYPTO_LOCK_RSA); -#ifdef REF_PRINT - REF_PRINT("RSA",r); -#endif -#ifdef REF_CHECK - if (i < 2) - { - fprintf(stderr, "RSA_up_ref, bad reference count\n"); - abort(); - } -#endif - return ((i > 1) ? 1 : 0); - } - -int RSA_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, - CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func) - { - return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_RSA, argl, argp, - new_func, dup_func, free_func); - } - -int RSA_set_ex_data(RSA *r, int idx, void *arg) - { - return(CRYPTO_set_ex_data(&r->ex_data,idx,arg)); - } - -void *RSA_get_ex_data(const RSA *r, int idx) - { - return(CRYPTO_get_ex_data(&r->ex_data,idx)); - } - -int RSA_size(const RSA *r) - { - return(BN_num_bytes(r->n)); - } - int RSA_public_encrypt(int flen, const unsigned char *from, unsigned char *to, RSA *rsa, int padding) { @@ -285,6 +76,13 @@ int RSA_public_encrypt(int flen, const unsigned char *from, unsigned char *to, int RSA_private_encrypt(int flen, const unsigned char *from, unsigned char *to, RSA *rsa, int padding) { +#ifdef OPENSSL_FIPS + if(FIPS_mode() && !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW)) + { + RSAerr(RSA_F_RSA_PRIVATE_ENCRYPT, RSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE); + return 0; + } +#endif return(rsa->meth->rsa_priv_enc(flen, from, to, rsa, padding)); } @@ -297,12 +95,19 @@ int RSA_private_decrypt(int flen, const unsigned char *from, unsigned char *to, int RSA_public_decrypt(int flen, const unsigned char *from, unsigned char *to, RSA *rsa, int padding) { +#ifdef OPENSSL_FIPS + if(FIPS_mode() && !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW)) + { + RSAerr(RSA_F_RSA_PUBLIC_DECRYPT, RSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE); + return 0; + } +#endif return(rsa->meth->rsa_pub_dec(flen, from, to, rsa, padding)); } -int RSA_flags(const RSA *r) +int RSA_size(const RSA *r) { - return((r == NULL)?0:r->meth->flags); + return(BN_num_bytes(r->n)); } void RSA_blinding_off(RSA *rsa) @@ -427,48 +232,3 @@ err: return ret; } - -int RSA_memory_lock(RSA *r) - { - int i,j,k,off; - char *p; - BIGNUM *bn,**t[6],*b; - BN_ULONG *ul; - - if (r->d == NULL) return(1); - t[0]= &r->d; - t[1]= &r->p; - t[2]= &r->q; - t[3]= &r->dmp1; - t[4]= &r->dmq1; - t[5]= &r->iqmp; - k=sizeof(BIGNUM)*6; - off=k/sizeof(BN_ULONG)+1; - j=1; - for (i=0; i<6; i++) - j+= (*t[i])->top; - if ((p=OPENSSL_malloc_locked((off+j)*sizeof(BN_ULONG))) == NULL) - { - RSAerr(RSA_F_RSA_MEMORY_LOCK,ERR_R_MALLOC_FAILURE); - return(0); - } - bn=(BIGNUM *)p; - ul=(BN_ULONG *)&(p[off]); - for (i=0; i<6; i++) - { - b= *(t[i]); - *(t[i])= &(bn[i]); - memcpy((char *)&(bn[i]),(char *)b,sizeof(BIGNUM)); - bn[i].flags=BN_FLG_STATIC_DATA; - bn[i].d=ul; - memcpy((char *)ul,b->d,sizeof(BN_ULONG)*b->top); - ul+=b->top; - BN_clear_free(b); - } - - /* I should fix this so it can still be done */ - r->flags&= ~(RSA_FLAG_CACHE_PRIVATE|RSA_FLAG_CACHE_PUBLIC); - - r->bignum_data=p; - return(1); - } diff --git a/lib/libssl/src/crypto/rsa/rsa_null.c b/lib/libssl/src/crypto/rsa/rsa_null.c index 491572c82bd..2f2202f142f 100644 --- a/lib/libssl/src/crypto/rsa/rsa_null.c +++ b/lib/libssl/src/crypto/rsa/rsa_null.c @@ -1,5 +1,5 @@ /* rsa_null.c */ -/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 1999. */ /* ==================================================================== diff --git a/lib/libssl/src/crypto/rsa/rsa_oaep.c b/lib/libssl/src/crypto/rsa/rsa_oaep.c index 3652677a998..4d30c9d2d35 100644 --- a/lib/libssl/src/crypto/rsa/rsa_oaep.c +++ b/lib/libssl/src/crypto/rsa/rsa_oaep.c @@ -187,7 +187,7 @@ int PKCS1_MGF1(unsigned char *mask, long len, int mdlen; EVP_MD_CTX_init(&c); - mdlen = EVP_MD_size(dgst); + mdlen = M_EVP_MD_size(dgst); for (i = 0; outlen < len; i++) { cnt[0] = (unsigned char)((i >> 24) & 255); diff --git a/lib/libssl/src/crypto/rsa/rsa_sign.c b/lib/libssl/src/crypto/rsa/rsa_sign.c index 71aabeea1bd..5488c06f6d8 100644 --- a/lib/libssl/src/crypto/rsa/rsa_sign.c +++ b/lib/libssl/src/crypto/rsa/rsa_sign.c @@ -90,6 +90,14 @@ int RSA_sign(int type, const unsigned char *m, unsigned int m_len, i = SSL_SIG_LENGTH; s = m; } else { + /* NB: in FIPS mode block anything that isn't a TLS signature */ +#ifdef OPENSSL_FIPS + if(FIPS_mode() && !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW)) + { + RSAerr(RSA_F_RSA_SIGN, RSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE); + return 0; + } +#endif sig.algor= &algor; sig.algor->algorithm=OBJ_nid2obj(type); if (sig.algor->algorithm == NULL) @@ -167,10 +175,22 @@ int RSA_verify(int dtype, const unsigned char *m, unsigned int m_len, RSAerr(RSA_F_RSA_VERIFY,ERR_R_MALLOC_FAILURE); goto err; } - if((dtype == NID_md5_sha1) && (m_len != SSL_SIG_LENGTH) ) { + if(dtype == NID_md5_sha1) + { + if (m_len != SSL_SIG_LENGTH) + { RSAerr(RSA_F_RSA_VERIFY,RSA_R_INVALID_MESSAGE_LENGTH); goto err; - } + } + } + /* NB: in FIPS mode block anything that isn't a TLS signature */ +#ifdef OPENSSL_FIPS + else if(FIPS_mode() && !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW)) + { + RSAerr(RSA_F_RSA_VERIFY, RSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE); + return 0; + } +#endif i=RSA_public_decrypt((int)siglen,sigbuf,s,rsa,RSA_PKCS1_PADDING); if (i <= 0) goto err; diff --git a/lib/libssl/src/crypto/sha/sha.h b/lib/libssl/src/crypto/sha/sha.h index eed44d7f946..47a2c29f662 100644 --- a/lib/libssl/src/crypto/sha/sha.h +++ b/lib/libssl/src/crypto/sha/sha.h @@ -106,6 +106,9 @@ typedef struct SHAstate_st } SHA_CTX; #ifndef OPENSSL_NO_SHA0 +#ifdef OPENSSL_FIPS +int private_SHA_Init(SHA_CTX *c); +#endif int SHA_Init(SHA_CTX *c); int SHA_Update(SHA_CTX *c, const void *data, size_t len); int SHA_Final(unsigned char *md, SHA_CTX *c); diff --git a/lib/libssl/src/crypto/sha/sha1_one.c b/lib/libssl/src/crypto/sha/sha1_one.c index 7c65b60276c..4831174198e 100644 --- a/lib/libssl/src/crypto/sha/sha1_one.c +++ b/lib/libssl/src/crypto/sha/sha1_one.c @@ -61,7 +61,7 @@ #include <openssl/sha.h> #include <openssl/crypto.h> -#ifndef OPENSSL_NO_SHA1 +#if !defined(OPENSSL_NO_SHA1) unsigned char *SHA1(const unsigned char *d, size_t n, unsigned char *md) { SHA_CTX c; diff --git a/lib/libssl/src/crypto/sha/sha1dgst.c b/lib/libssl/src/crypto/sha/sha1dgst.c index 50d1925cdeb..d31f0781a06 100644 --- a/lib/libssl/src/crypto/sha/sha1dgst.c +++ b/lib/libssl/src/crypto/sha/sha1dgst.c @@ -63,6 +63,10 @@ #define SHA_1 #include <openssl/opensslv.h> +#ifdef OPENSSL_FIPS +#include <openssl/fips.h> +#endif + const char SHA1_version[]="SHA1" OPENSSL_VERSION_PTEXT; diff --git a/lib/libssl/src/crypto/sha/sha_dgst.c b/lib/libssl/src/crypto/sha/sha_dgst.c index 70eb56032c3..598f4d721af 100644 --- a/lib/libssl/src/crypto/sha/sha_dgst.c +++ b/lib/libssl/src/crypto/sha/sha_dgst.c @@ -57,6 +57,12 @@ */ #include <openssl/opensslconf.h> +#include <openssl/crypto.h> +#ifdef OPENSSL_FIPS +#include <openssl/fips.h> +#endif + +#include <openssl/err.h> #if !defined(OPENSSL_NO_SHA0) && !defined(OPENSSL_NO_SHA) #undef SHA_1 diff --git a/lib/libssl/src/crypto/sha/sha_locl.h b/lib/libssl/src/crypto/sha/sha_locl.h index e37e5726e33..da46ddfe794 100644 --- a/lib/libssl/src/crypto/sha/sha_locl.h +++ b/lib/libssl/src/crypto/sha/sha_locl.h @@ -122,8 +122,15 @@ void sha1_block_data_order (SHA_CTX *c, const void *p,size_t num); #define INIT_DATA_h3 0x10325476UL #define INIT_DATA_h4 0xc3d2e1f0UL +#if defined(SHA_0) && defined(OPENSSL_FIPS) +FIPS_NON_FIPS_MD_Init(SHA) +#else int HASH_INIT (SHA_CTX *c) +#endif { +#if defined(SHA_1) && defined(OPENSSL_FIPS) + FIPS_selftest_check(); +#endif c->h0=INIT_DATA_h0; c->h1=INIT_DATA_h1; c->h2=INIT_DATA_h2; diff --git a/lib/libssl/src/crypto/symhacks.h b/lib/libssl/src/crypto/symhacks.h index 64528ad5c2e..6cfb5fe4794 100644 --- a/lib/libssl/src/crypto/symhacks.h +++ b/lib/libssl/src/crypto/symhacks.h @@ -179,6 +179,11 @@ #define ENGINE_set_load_privkey_function ENGINE_set_load_privkey_fn #undef ENGINE_get_load_privkey_function #define ENGINE_get_load_privkey_function ENGINE_get_load_privkey_fn +#undef ENGINE_set_load_ssl_client_cert_function +#define ENGINE_set_load_ssl_client_cert_function \ + ENGINE_set_ld_ssl_clnt_cert_fn +#undef ENGINE_get_ssl_client_cert_function +#define ENGINE_get_ssl_client_cert_function ENGINE_get_ssl_client_cert_fn /* Hack some long OCSP names */ #undef OCSP_REQUEST_get_ext_by_critical diff --git a/lib/libssl/src/crypto/ui/ui_openssl.c b/lib/libssl/src/crypto/ui/ui_openssl.c index 8446673ed4b..5fbedf6ff8c 100644 --- a/lib/libssl/src/crypto/ui/ui_openssl.c +++ b/lib/libssl/src/crypto/ui/ui_openssl.c @@ -678,6 +678,8 @@ static int noecho_fgets(char *buf, int size, FILE *tty) size--; #ifdef WIN16TTY i=_inchar(); +#elif defined(_WIN32) + i=_getch(); #else i=getch(); #endif diff --git a/lib/libssl/src/crypto/x509/by_dir.c b/lib/libssl/src/crypto/x509/by_dir.c index 37f9a482069..341e0ba6a41 100644 --- a/lib/libssl/src/crypto/x509/by_dir.c +++ b/lib/libssl/src/crypto/x509/by_dir.c @@ -74,6 +74,10 @@ #include <openssl/lhash.h> #include <openssl/x509.h> +#ifdef _WIN32 +#define stat _stat +#endif + typedef struct lookup_dir_st { BUF_MEM *buffer; diff --git a/lib/libssl/src/crypto/x509/x509_cmp.c b/lib/libssl/src/crypto/x509/x509_cmp.c index 0d6bc653b21..e4c682fc44e 100644 --- a/lib/libssl/src/crypto/x509/x509_cmp.c +++ b/lib/libssl/src/crypto/x509/x509_cmp.c @@ -322,10 +322,16 @@ unsigned long X509_NAME_hash(X509_NAME *x) { unsigned long ret=0; unsigned char md[16]; + EVP_MD_CTX md_ctx; /* Make sure X509_NAME structure contains valid cached encoding */ i2d_X509_NAME(x,NULL); - EVP_Digest(x->bytes->data, x->bytes->length, md, NULL, EVP_md5(), NULL); + EVP_MD_CTX_init(&md_ctx); + EVP_MD_CTX_set_flags(&md_ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW); + EVP_DigestInit_ex(&md_ctx, EVP_md5(), NULL); + EVP_DigestUpdate(&md_ctx, x->bytes->data, x->bytes->length); + EVP_DigestFinal_ex(&md_ctx,md,NULL); + EVP_MD_CTX_cleanup(&md_ctx); ret=( ((unsigned long)md[0] )|((unsigned long)md[1]<<8L)| ((unsigned long)md[2]<<16L)|((unsigned long)md[3]<<24L) diff --git a/lib/libssl/src/crypto/x509/x509_trs.c b/lib/libssl/src/crypto/x509/x509_trs.c index 9c84a59d523..ed187005859 100644 --- a/lib/libssl/src/crypto/x509/x509_trs.c +++ b/lib/libssl/src/crypto/x509/x509_trs.c @@ -1,5 +1,5 @@ /* x509_trs.c */ -/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 1999. */ /* ==================================================================== diff --git a/lib/libssl/src/crypto/x509/x509cset.c b/lib/libssl/src/crypto/x509/x509cset.c index 9d1646d5c8d..7f4004b2911 100644 --- a/lib/libssl/src/crypto/x509/x509cset.c +++ b/lib/libssl/src/crypto/x509/x509cset.c @@ -1,5 +1,5 @@ /* crypto/x509/x509cset.c */ -/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2001. */ /* ==================================================================== diff --git a/lib/libssl/src/crypto/x509/x509spki.c b/lib/libssl/src/crypto/x509/x509spki.c index ed868b838e3..02a203d72c6 100644 --- a/lib/libssl/src/crypto/x509/x509spki.c +++ b/lib/libssl/src/crypto/x509/x509spki.c @@ -1,5 +1,5 @@ /* x509spki.c */ -/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 1999. */ /* ==================================================================== diff --git a/lib/libssl/src/crypto/x509v3/ext_dat.h b/lib/libssl/src/crypto/x509v3/ext_dat.h index 5c063ac65df..3eaec46f8a6 100644 --- a/lib/libssl/src/crypto/x509v3/ext_dat.h +++ b/lib/libssl/src/crypto/x509v3/ext_dat.h @@ -1,5 +1,5 @@ /* ext_dat.h */ -/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 1999. */ /* ==================================================================== diff --git a/lib/libssl/src/crypto/x509v3/pcy_data.c b/lib/libssl/src/crypto/x509v3/pcy_data.c index 4711b1ee927..fb392b901f0 100644 --- a/lib/libssl/src/crypto/x509v3/pcy_data.c +++ b/lib/libssl/src/crypto/x509v3/pcy_data.c @@ -1,5 +1,5 @@ /* pcy_data.c */ -/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2004. */ /* ==================================================================== diff --git a/lib/libssl/src/crypto/x509v3/pcy_tree.c b/lib/libssl/src/crypto/x509v3/pcy_tree.c index b1ce77b9afc..6c87a7f506c 100644 --- a/lib/libssl/src/crypto/x509v3/pcy_tree.c +++ b/lib/libssl/src/crypto/x509v3/pcy_tree.c @@ -1,5 +1,5 @@ /* pcy_tree.c */ -/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2004. */ /* ==================================================================== diff --git a/lib/libssl/src/crypto/x509v3/tabtest.c b/lib/libssl/src/crypto/x509v3/tabtest.c index dad0d38dd53..5ed6eb68911 100644 --- a/lib/libssl/src/crypto/x509v3/tabtest.c +++ b/lib/libssl/src/crypto/x509v3/tabtest.c @@ -1,5 +1,5 @@ /* tabtest.c */ -/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 1999. */ /* ==================================================================== diff --git a/lib/libssl/src/crypto/x509v3/v3_addr.c b/lib/libssl/src/crypto/x509v3/v3_addr.c index c6730ab3fd2..a37f844d3c2 100644 --- a/lib/libssl/src/crypto/x509v3/v3_addr.c +++ b/lib/libssl/src/crypto/x509v3/v3_addr.c @@ -878,6 +878,7 @@ int v3_addr_canonize(IPAddrBlocks *addr) v3_addr_get_afi(f))) return 0; } + (void)sk_IPAddressFamily_set_cmp_func(addr, IPAddressFamily_cmp); sk_IPAddressFamily_sort(addr); assert(v3_addr_is_canonical(addr)); return 1; diff --git a/lib/libssl/src/crypto/x509v3/v3_akey.c b/lib/libssl/src/crypto/x509v3/v3_akey.c index ac0548b7751..c6b68ee2211 100644 --- a/lib/libssl/src/crypto/x509v3/v3_akey.c +++ b/lib/libssl/src/crypto/x509v3/v3_akey.c @@ -1,5 +1,5 @@ /* v3_akey.c */ -/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 1999. */ /* ==================================================================== diff --git a/lib/libssl/src/crypto/x509v3/v3_akeya.c b/lib/libssl/src/crypto/x509v3/v3_akeya.c index 2aafa26ba71..2c50f7360eb 100644 --- a/lib/libssl/src/crypto/x509v3/v3_akeya.c +++ b/lib/libssl/src/crypto/x509v3/v3_akeya.c @@ -1,5 +1,5 @@ /* v3_akey_asn1.c */ -/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 1999. */ /* ==================================================================== diff --git a/lib/libssl/src/crypto/x509v3/v3_alt.c b/lib/libssl/src/crypto/x509v3/v3_alt.c index ac3139d1e65..75fda7f2681 100644 --- a/lib/libssl/src/crypto/x509v3/v3_alt.c +++ b/lib/libssl/src/crypto/x509v3/v3_alt.c @@ -1,5 +1,5 @@ /* v3_alt.c */ -/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project. */ /* ==================================================================== @@ -527,7 +527,8 @@ GENERAL_NAME *v2i_GENERAL_NAME_ex(GENERAL_NAME *out, return gen; err: - GENERAL_NAME_free(gen); + if (!out) + GENERAL_NAME_free(gen); return NULL; } diff --git a/lib/libssl/src/crypto/x509v3/v3_bcons.c b/lib/libssl/src/crypto/x509v3/v3_bcons.c index 74b1233071c..82aa488f75c 100644 --- a/lib/libssl/src/crypto/x509v3/v3_bcons.c +++ b/lib/libssl/src/crypto/x509v3/v3_bcons.c @@ -1,5 +1,5 @@ /* v3_bcons.c */ -/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 1999. */ /* ==================================================================== diff --git a/lib/libssl/src/crypto/x509v3/v3_bitst.c b/lib/libssl/src/crypto/x509v3/v3_bitst.c index cf31f0816ee..058d0d4dceb 100644 --- a/lib/libssl/src/crypto/x509v3/v3_bitst.c +++ b/lib/libssl/src/crypto/x509v3/v3_bitst.c @@ -1,5 +1,5 @@ /* v3_bitst.c */ -/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 1999. */ /* ==================================================================== diff --git a/lib/libssl/src/crypto/x509v3/v3_conf.c b/lib/libssl/src/crypto/x509v3/v3_conf.c index 2b867305fba..11eb6b7fd5f 100644 --- a/lib/libssl/src/crypto/x509v3/v3_conf.c +++ b/lib/libssl/src/crypto/x509v3/v3_conf.c @@ -1,5 +1,5 @@ /* v3_conf.c */ -/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 1999. */ /* ==================================================================== diff --git a/lib/libssl/src/crypto/x509v3/v3_cpols.c b/lib/libssl/src/crypto/x509v3/v3_cpols.c index a40f490aa90..95596055ab4 100644 --- a/lib/libssl/src/crypto/x509v3/v3_cpols.c +++ b/lib/libssl/src/crypto/x509v3/v3_cpols.c @@ -1,5 +1,5 @@ /* v3_cpols.c */ -/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 1999. */ /* ==================================================================== diff --git a/lib/libssl/src/crypto/x509v3/v3_crld.c b/lib/libssl/src/crypto/x509v3/v3_crld.c index c6e3ebae7b2..181a8977b12 100644 --- a/lib/libssl/src/crypto/x509v3/v3_crld.c +++ b/lib/libssl/src/crypto/x509v3/v3_crld.c @@ -1,5 +1,5 @@ /* v3_crld.c */ -/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 1999. */ /* ==================================================================== diff --git a/lib/libssl/src/crypto/x509v3/v3_enum.c b/lib/libssl/src/crypto/x509v3/v3_enum.c index a236cb22e15..36576eaa4d1 100644 --- a/lib/libssl/src/crypto/x509v3/v3_enum.c +++ b/lib/libssl/src/crypto/x509v3/v3_enum.c @@ -1,5 +1,5 @@ /* v3_enum.c */ -/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 1999. */ /* ==================================================================== diff --git a/lib/libssl/src/crypto/x509v3/v3_extku.c b/lib/libssl/src/crypto/x509v3/v3_extku.c index a4efe0031e1..c0d14500ed8 100644 --- a/lib/libssl/src/crypto/x509v3/v3_extku.c +++ b/lib/libssl/src/crypto/x509v3/v3_extku.c @@ -1,5 +1,5 @@ /* v3_extku.c */ -/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 1999. */ /* ==================================================================== diff --git a/lib/libssl/src/crypto/x509v3/v3_genn.c b/lib/libssl/src/crypto/x509v3/v3_genn.c index 650b510980d..84b4b1c8813 100644 --- a/lib/libssl/src/crypto/x509v3/v3_genn.c +++ b/lib/libssl/src/crypto/x509v3/v3_genn.c @@ -1,5 +1,5 @@ /* v3_genn.c */ -/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 1999. */ /* ==================================================================== diff --git a/lib/libssl/src/crypto/x509v3/v3_ia5.c b/lib/libssl/src/crypto/x509v3/v3_ia5.c index b739ccd0361..4ff12b52b54 100644 --- a/lib/libssl/src/crypto/x509v3/v3_ia5.c +++ b/lib/libssl/src/crypto/x509v3/v3_ia5.c @@ -1,5 +1,5 @@ /* v3_ia5.c */ -/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 1999. */ /* ==================================================================== diff --git a/lib/libssl/src/crypto/x509v3/v3_info.c b/lib/libssl/src/crypto/x509v3/v3_info.c index e0ef69de423..e1b8699f921 100644 --- a/lib/libssl/src/crypto/x509v3/v3_info.c +++ b/lib/libssl/src/crypto/x509v3/v3_info.c @@ -1,5 +1,5 @@ /* v3_info.c */ -/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 1999. */ /* ==================================================================== diff --git a/lib/libssl/src/crypto/x509v3/v3_int.c b/lib/libssl/src/crypto/x509v3/v3_int.c index 9a48dc1508d..4bfd14cf46b 100644 --- a/lib/libssl/src/crypto/x509v3/v3_int.c +++ b/lib/libssl/src/crypto/x509v3/v3_int.c @@ -1,5 +1,5 @@ /* v3_int.c */ -/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 1999. */ /* ==================================================================== diff --git a/lib/libssl/src/crypto/x509v3/v3_lib.c b/lib/libssl/src/crypto/x509v3/v3_lib.c index f3015ea610c..df3a48f43ef 100644 --- a/lib/libssl/src/crypto/x509v3/v3_lib.c +++ b/lib/libssl/src/crypto/x509v3/v3_lib.c @@ -1,5 +1,5 @@ /* v3_lib.c */ -/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 1999. */ /* ==================================================================== diff --git a/lib/libssl/src/crypto/x509v3/v3_ocsp.c b/lib/libssl/src/crypto/x509v3/v3_ocsp.c index 62aac063353..e426ea930c4 100644 --- a/lib/libssl/src/crypto/x509v3/v3_ocsp.c +++ b/lib/libssl/src/crypto/x509v3/v3_ocsp.c @@ -1,5 +1,5 @@ /* v3_ocsp.c */ -/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 1999. */ /* ==================================================================== diff --git a/lib/libssl/src/crypto/x509v3/v3_pku.c b/lib/libssl/src/crypto/x509v3/v3_pku.c index 5c4626e89b5..076f3ff48e2 100644 --- a/lib/libssl/src/crypto/x509v3/v3_pku.c +++ b/lib/libssl/src/crypto/x509v3/v3_pku.c @@ -1,5 +1,5 @@ /* v3_pku.c */ -/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 1999. */ /* ==================================================================== diff --git a/lib/libssl/src/crypto/x509v3/v3_prn.c b/lib/libssl/src/crypto/x509v3/v3_prn.c index 20bd9bda190..c1bb17f105a 100644 --- a/lib/libssl/src/crypto/x509v3/v3_prn.c +++ b/lib/libssl/src/crypto/x509v3/v3_prn.c @@ -1,5 +1,5 @@ /* v3_prn.c */ -/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 1999. */ /* ==================================================================== diff --git a/lib/libssl/src/crypto/x509v3/v3_purp.c b/lib/libssl/src/crypto/x509v3/v3_purp.c index c54e7887c70..e18751e01cb 100644 --- a/lib/libssl/src/crypto/x509v3/v3_purp.c +++ b/lib/libssl/src/crypto/x509v3/v3_purp.c @@ -1,5 +1,5 @@ /* v3_purp.c */ -/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2001. */ /* ==================================================================== diff --git a/lib/libssl/src/crypto/x509v3/v3_skey.c b/lib/libssl/src/crypto/x509v3/v3_skey.c index da0a3558f65..202c9e48965 100644 --- a/lib/libssl/src/crypto/x509v3/v3_skey.c +++ b/lib/libssl/src/crypto/x509v3/v3_skey.c @@ -1,5 +1,5 @@ /* v3_skey.c */ -/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 1999. */ /* ==================================================================== diff --git a/lib/libssl/src/crypto/x509v3/v3_sxnet.c b/lib/libssl/src/crypto/x509v3/v3_sxnet.c index eaea9ea01b4..2a6bf11b650 100644 --- a/lib/libssl/src/crypto/x509v3/v3_sxnet.c +++ b/lib/libssl/src/crypto/x509v3/v3_sxnet.c @@ -1,5 +1,5 @@ /* v3_sxnet.c */ -/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 1999. */ /* ==================================================================== diff --git a/lib/libssl/src/crypto/x509v3/v3_utl.c b/lib/libssl/src/crypto/x509v3/v3_utl.c index 57be441399f..2cb53008e37 100644 --- a/lib/libssl/src/crypto/x509v3/v3_utl.c +++ b/lib/libssl/src/crypto/x509v3/v3_utl.c @@ -1,5 +1,5 @@ /* v3_utl.c */ -/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project. */ /* ==================================================================== @@ -736,17 +736,20 @@ static int ipv6_from_asc(unsigned char *v6, const char *in) /* Format result */ - /* Copy initial part */ - if (v6stat.zero_pos > 0) + if (v6stat.zero_pos >= 0) + { + /* Copy initial part */ memcpy(v6, v6stat.tmp, v6stat.zero_pos); - /* Zero middle */ - if (v6stat.total != 16) + /* Zero middle */ memset(v6 + v6stat.zero_pos, 0, 16 - v6stat.total); - /* Copy final part */ - if (v6stat.total != v6stat.zero_pos) - memcpy(v6 + v6stat.zero_pos + 16 - v6stat.total, - v6stat.tmp + v6stat.zero_pos, - v6stat.total - v6stat.zero_pos); + /* Copy final part */ + if (v6stat.total != v6stat.zero_pos) + memcpy(v6 + v6stat.zero_pos + 16 - v6stat.total, + v6stat.tmp + v6stat.zero_pos, + v6stat.total - v6stat.zero_pos); + } + else + memcpy(v6, v6stat.tmp, 16); return 1; } diff --git a/lib/libssl/src/crypto/x509v3/v3conf.c b/lib/libssl/src/crypto/x509v3/v3conf.c index 00cf5b4a5b2..a9e6ca35428 100644 --- a/lib/libssl/src/crypto/x509v3/v3conf.c +++ b/lib/libssl/src/crypto/x509v3/v3conf.c @@ -1,5 +1,5 @@ /* v3conf.c */ -/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 1999. */ /* ==================================================================== diff --git a/lib/libssl/src/crypto/x509v3/v3prin.c b/lib/libssl/src/crypto/x509v3/v3prin.c index b529814319b..d5ff268296f 100644 --- a/lib/libssl/src/crypto/x509v3/v3prin.c +++ b/lib/libssl/src/crypto/x509v3/v3prin.c @@ -1,5 +1,5 @@ /* v3prin.c */ -/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 1999. */ /* ==================================================================== diff --git a/lib/libssl/src/crypto/x509v3/x509v3.h b/lib/libssl/src/crypto/x509v3/x509v3.h index 5ba59f71c94..9ef83da755e 100644 --- a/lib/libssl/src/crypto/x509v3/x509v3.h +++ b/lib/libssl/src/crypto/x509v3/x509v3.h @@ -1,5 +1,5 @@ /* x509v3.h */ -/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 1999. */ /* ==================================================================== diff --git a/lib/libssl/src/demos/asn1/ocsp.c b/lib/libssl/src/demos/asn1/ocsp.c index 0199fe10040..e89f1f72a61 100644 --- a/lib/libssl/src/demos/asn1/ocsp.c +++ b/lib/libssl/src/demos/asn1/ocsp.c @@ -1,5 +1,5 @@ /* ocsp.c */ -/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2000. */ /* ==================================================================== diff --git a/lib/libssl/src/doc/crypto/RAND_egd.pod b/lib/libssl/src/doc/crypto/RAND_egd.pod index 079838ea2e4..8b8c61d161b 100644 --- a/lib/libssl/src/doc/crypto/RAND_egd.pod +++ b/lib/libssl/src/doc/crypto/RAND_egd.pod @@ -45,8 +45,11 @@ EGD is available from http://www.lothar.com/tech/crypto/ (C<perl Makefile.PL; make; make install> to install). It is run as B<egd> I<path>, where I<path> is an absolute path designating a socket. When RAND_egd() is called with that path as an argument, it tries to read -random bytes that EGD has collected. The read is performed in -non-blocking mode. +random bytes that EGD has collected. RAND_egd() retrieves entropy from the +daemon using the daemon's "non-blocking read" command which shall +be answered immediately by the daemon without waiting for additional +entropy to be collected. The write and read socket operations in the +communication are blocking. Alternatively, the EGD-interface compatible daemon PRNGD can be used. It is available from diff --git a/lib/libssl/src/e_os.h b/lib/libssl/src/e_os.h index acc6a15eb7c..9c5c6fdb92f 100644 --- a/lib/libssl/src/e_os.h +++ b/lib/libssl/src/e_os.h @@ -269,6 +269,7 @@ extern "C" { # define _WIN32_WINNT 0x0400 # endif # include <windows.h> +# include <stdio.h> # include <stddef.h> # include <errno.h> # include <string.h> @@ -284,13 +285,38 @@ static unsigned int _strlen31(const char *str) # endif # include <malloc.h> # if defined(_MSC_VER) && _MSC_VER<=1200 && defined(_MT) && defined(isspace) - /* compensate for bug is VC6 ctype.h */ + /* compensate for bug in VC6 ctype.h */ # undef isspace # undef isdigit # undef isalnum # undef isupper # undef isxdigit # endif +# if defined(_MSC_VER) && !defined(_DLL) && defined(stdin) +# if _MSC_VER>=1300 +# undef stdin +# undef stdout +# undef stderr + FILE *__iob_func(); +# define stdin (&__iob_func()[0]) +# define stdout (&__iob_func()[1]) +# define stderr (&__iob_func()[2]) +# elif defined(I_CAN_LIVE_WITH_LNK4049) +# undef stdin +# undef stdout +# undef stderr + /* pre-1300 has __p__iob(), but it's available only in msvcrt.lib, + * or in other words with /MD. Declaring implicit import, i.e. + * with _imp_ prefix, works correctly with all compiler options, + * but without /MD results in LINK warning LNK4049: + * 'locally defined symbol "__iob" imported'. + */ + extern FILE *_imp___iob; +# define stdin (&_imp___iob[0]) +# define stdout (&_imp___iob[1]) +# define stderr (&_imp___iob[2]) +# endif +# endif # endif # include <io.h> # include <fcntl.h> diff --git a/lib/libssl/src/engines/Makefile b/lib/libssl/src/engines/Makefile index dbf1bd72514..002d40c9645 100644 --- a/lib/libssl/src/engines/Makefile +++ b/lib/libssl/src/engines/Makefile @@ -146,16 +146,16 @@ e_4758cca.o: ../include/openssl/crypto.h ../include/openssl/dso.h e_4758cca.o: ../include/openssl/e_os2.h ../include/openssl/ec.h e_4758cca.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h e_4758cca.o: ../include/openssl/engine.h ../include/openssl/err.h -e_4758cca.o: ../include/openssl/evp.h ../include/openssl/lhash.h -e_4758cca.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h -e_4758cca.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -e_4758cca.o: ../include/openssl/ossl_typ.h ../include/openssl/pkcs7.h -e_4758cca.o: ../include/openssl/rand.h ../include/openssl/rsa.h -e_4758cca.o: ../include/openssl/safestack.h ../include/openssl/sha.h -e_4758cca.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -e_4758cca.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h -e_4758cca.o: e_4758cca.c e_4758cca_err.c e_4758cca_err.h -e_4758cca.o: vendor_defns/hw_4758_cca.h +e_4758cca.o: ../include/openssl/evp.h ../include/openssl/fips.h +e_4758cca.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h +e_4758cca.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h +e_4758cca.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +e_4758cca.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h +e_4758cca.o: ../include/openssl/rsa.h ../include/openssl/safestack.h +e_4758cca.o: ../include/openssl/sha.h ../include/openssl/stack.h +e_4758cca.o: ../include/openssl/symhacks.h ../include/openssl/x509.h +e_4758cca.o: ../include/openssl/x509_vfy.h e_4758cca.c e_4758cca_err.c +e_4758cca.o: e_4758cca_err.h vendor_defns/hw_4758_cca.h e_aep.o: ../include/openssl/asn1.h ../include/openssl/bio.h e_aep.o: ../include/openssl/bn.h ../include/openssl/buffer.h e_aep.o: ../include/openssl/crypto.h ../include/openssl/dh.h @@ -163,15 +163,15 @@ e_aep.o: ../include/openssl/dsa.h ../include/openssl/dso.h e_aep.o: ../include/openssl/e_os2.h ../include/openssl/ec.h e_aep.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h e_aep.o: ../include/openssl/engine.h ../include/openssl/err.h -e_aep.o: ../include/openssl/evp.h ../include/openssl/lhash.h -e_aep.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h -e_aep.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -e_aep.o: ../include/openssl/ossl_typ.h ../include/openssl/pkcs7.h -e_aep.o: ../include/openssl/rsa.h ../include/openssl/safestack.h -e_aep.o: ../include/openssl/sha.h ../include/openssl/stack.h -e_aep.o: ../include/openssl/symhacks.h ../include/openssl/x509.h -e_aep.o: ../include/openssl/x509_vfy.h e_aep.c e_aep_err.c e_aep_err.h -e_aep.o: vendor_defns/aep.h +e_aep.o: ../include/openssl/evp.h ../include/openssl/fips.h +e_aep.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h +e_aep.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h +e_aep.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +e_aep.o: ../include/openssl/pkcs7.h ../include/openssl/rsa.h +e_aep.o: ../include/openssl/safestack.h ../include/openssl/sha.h +e_aep.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +e_aep.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h e_aep.c +e_aep.o: e_aep_err.c e_aep_err.h vendor_defns/aep.h e_atalla.o: ../include/openssl/asn1.h ../include/openssl/bio.h e_atalla.o: ../include/openssl/bn.h ../include/openssl/buffer.h e_atalla.o: ../include/openssl/crypto.h ../include/openssl/dh.h @@ -179,28 +179,28 @@ e_atalla.o: ../include/openssl/dsa.h ../include/openssl/dso.h e_atalla.o: ../include/openssl/e_os2.h ../include/openssl/ec.h e_atalla.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h e_atalla.o: ../include/openssl/engine.h ../include/openssl/err.h -e_atalla.o: ../include/openssl/evp.h ../include/openssl/lhash.h -e_atalla.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h -e_atalla.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -e_atalla.o: ../include/openssl/ossl_typ.h ../include/openssl/pkcs7.h -e_atalla.o: ../include/openssl/rsa.h ../include/openssl/safestack.h -e_atalla.o: ../include/openssl/sha.h ../include/openssl/stack.h -e_atalla.o: ../include/openssl/symhacks.h ../include/openssl/x509.h -e_atalla.o: ../include/openssl/x509_vfy.h e_atalla.c e_atalla_err.c -e_atalla.o: e_atalla_err.h vendor_defns/atalla.h +e_atalla.o: ../include/openssl/evp.h ../include/openssl/fips.h +e_atalla.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h +e_atalla.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h +e_atalla.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +e_atalla.o: ../include/openssl/pkcs7.h ../include/openssl/rsa.h +e_atalla.o: ../include/openssl/safestack.h ../include/openssl/sha.h +e_atalla.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +e_atalla.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h e_atalla.c +e_atalla.o: e_atalla_err.c e_atalla_err.h vendor_defns/atalla.h e_capi.o: ../include/openssl/asn1.h ../include/openssl/bio.h e_capi.o: ../include/openssl/bn.h ../include/openssl/buffer.h e_capi.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h e_capi.o: ../include/openssl/ec.h ../include/openssl/ecdh.h e_capi.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h -e_capi.o: ../include/openssl/evp.h ../include/openssl/lhash.h -e_capi.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h -e_capi.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -e_capi.o: ../include/openssl/ossl_typ.h ../include/openssl/pkcs7.h -e_capi.o: ../include/openssl/rsa.h ../include/openssl/safestack.h -e_capi.o: ../include/openssl/sha.h ../include/openssl/stack.h -e_capi.o: ../include/openssl/symhacks.h ../include/openssl/x509.h -e_capi.o: ../include/openssl/x509_vfy.h e_capi.c +e_capi.o: ../include/openssl/evp.h ../include/openssl/fips.h +e_capi.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h +e_capi.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h +e_capi.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +e_capi.o: ../include/openssl/pkcs7.h ../include/openssl/rsa.h +e_capi.o: ../include/openssl/safestack.h ../include/openssl/sha.h +e_capi.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +e_capi.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h e_capi.c e_chil.o: ../include/openssl/asn1.h ../include/openssl/bio.h e_chil.o: ../include/openssl/bn.h ../include/openssl/buffer.h e_chil.o: ../include/openssl/crypto.h ../include/openssl/dh.h @@ -208,16 +208,17 @@ e_chil.o: ../include/openssl/dso.h ../include/openssl/e_os2.h e_chil.o: ../include/openssl/ec.h ../include/openssl/ecdh.h e_chil.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h e_chil.o: ../include/openssl/err.h ../include/openssl/evp.h -e_chil.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h -e_chil.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h -e_chil.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h -e_chil.o: ../include/openssl/pem.h ../include/openssl/pem2.h -e_chil.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h -e_chil.o: ../include/openssl/rsa.h ../include/openssl/safestack.h -e_chil.o: ../include/openssl/sha.h ../include/openssl/stack.h -e_chil.o: ../include/openssl/symhacks.h ../include/openssl/ui.h -e_chil.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h e_chil.c -e_chil.o: e_chil_err.c e_chil_err.h vendor_defns/hwcryptohook.h +e_chil.o: ../include/openssl/fips.h ../include/openssl/lhash.h +e_chil.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h +e_chil.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +e_chil.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h +e_chil.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h +e_chil.o: ../include/openssl/rand.h ../include/openssl/rsa.h +e_chil.o: ../include/openssl/safestack.h ../include/openssl/sha.h +e_chil.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +e_chil.o: ../include/openssl/ui.h ../include/openssl/x509.h +e_chil.o: ../include/openssl/x509_vfy.h e_chil.c e_chil_err.c e_chil_err.h +e_chil.o: vendor_defns/hwcryptohook.h e_cswift.o: ../include/openssl/asn1.h ../include/openssl/bio.h e_cswift.o: ../include/openssl/bn.h ../include/openssl/buffer.h e_cswift.o: ../include/openssl/crypto.h ../include/openssl/dh.h @@ -225,28 +226,29 @@ e_cswift.o: ../include/openssl/dsa.h ../include/openssl/dso.h e_cswift.o: ../include/openssl/e_os2.h ../include/openssl/ec.h e_cswift.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h e_cswift.o: ../include/openssl/engine.h ../include/openssl/err.h -e_cswift.o: ../include/openssl/evp.h ../include/openssl/lhash.h -e_cswift.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h -e_cswift.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -e_cswift.o: ../include/openssl/ossl_typ.h ../include/openssl/pkcs7.h -e_cswift.o: ../include/openssl/rand.h ../include/openssl/rsa.h -e_cswift.o: ../include/openssl/safestack.h ../include/openssl/sha.h -e_cswift.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -e_cswift.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h e_cswift.c -e_cswift.o: e_cswift_err.c e_cswift_err.h vendor_defns/cswift.h +e_cswift.o: ../include/openssl/evp.h ../include/openssl/fips.h +e_cswift.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h +e_cswift.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h +e_cswift.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +e_cswift.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h +e_cswift.o: ../include/openssl/rsa.h ../include/openssl/safestack.h +e_cswift.o: ../include/openssl/sha.h ../include/openssl/stack.h +e_cswift.o: ../include/openssl/symhacks.h ../include/openssl/x509.h +e_cswift.o: ../include/openssl/x509_vfy.h e_cswift.c e_cswift_err.c +e_cswift.o: e_cswift_err.h vendor_defns/cswift.h e_gmp.o: ../include/openssl/asn1.h ../include/openssl/bio.h e_gmp.o: ../include/openssl/bn.h ../include/openssl/buffer.h e_gmp.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h e_gmp.o: ../include/openssl/ec.h ../include/openssl/ecdh.h e_gmp.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h -e_gmp.o: ../include/openssl/evp.h ../include/openssl/lhash.h -e_gmp.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h -e_gmp.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -e_gmp.o: ../include/openssl/ossl_typ.h ../include/openssl/pkcs7.h -e_gmp.o: ../include/openssl/rsa.h ../include/openssl/safestack.h -e_gmp.o: ../include/openssl/sha.h ../include/openssl/stack.h -e_gmp.o: ../include/openssl/symhacks.h ../include/openssl/x509.h -e_gmp.o: ../include/openssl/x509_vfy.h e_gmp.c +e_gmp.o: ../include/openssl/evp.h ../include/openssl/fips.h +e_gmp.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h +e_gmp.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h +e_gmp.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +e_gmp.o: ../include/openssl/pkcs7.h ../include/openssl/rsa.h +e_gmp.o: ../include/openssl/safestack.h ../include/openssl/sha.h +e_gmp.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +e_gmp.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h e_gmp.c e_nuron.o: ../include/openssl/asn1.h ../include/openssl/bio.h e_nuron.o: ../include/openssl/bn.h ../include/openssl/buffer.h e_nuron.o: ../include/openssl/crypto.h ../include/openssl/dh.h @@ -254,14 +256,15 @@ e_nuron.o: ../include/openssl/dsa.h ../include/openssl/dso.h e_nuron.o: ../include/openssl/e_os2.h ../include/openssl/ec.h e_nuron.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h e_nuron.o: ../include/openssl/engine.h ../include/openssl/err.h -e_nuron.o: ../include/openssl/evp.h ../include/openssl/lhash.h -e_nuron.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h -e_nuron.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -e_nuron.o: ../include/openssl/ossl_typ.h ../include/openssl/pkcs7.h -e_nuron.o: ../include/openssl/rsa.h ../include/openssl/safestack.h -e_nuron.o: ../include/openssl/sha.h ../include/openssl/stack.h -e_nuron.o: ../include/openssl/symhacks.h ../include/openssl/x509.h -e_nuron.o: ../include/openssl/x509_vfy.h e_nuron.c e_nuron_err.c e_nuron_err.h +e_nuron.o: ../include/openssl/evp.h ../include/openssl/fips.h +e_nuron.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h +e_nuron.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h +e_nuron.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +e_nuron.o: ../include/openssl/pkcs7.h ../include/openssl/rsa.h +e_nuron.o: ../include/openssl/safestack.h ../include/openssl/sha.h +e_nuron.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +e_nuron.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h e_nuron.c +e_nuron.o: e_nuron_err.c e_nuron_err.h e_sureware.o: ../include/openssl/asn1.h ../include/openssl/bio.h e_sureware.o: ../include/openssl/bn.h ../include/openssl/buffer.h e_sureware.o: ../include/openssl/crypto.h ../include/openssl/dh.h @@ -269,17 +272,17 @@ e_sureware.o: ../include/openssl/dsa.h ../include/openssl/dso.h e_sureware.o: ../include/openssl/e_os2.h ../include/openssl/ec.h e_sureware.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h e_sureware.o: ../include/openssl/engine.h ../include/openssl/err.h -e_sureware.o: ../include/openssl/evp.h ../include/openssl/lhash.h -e_sureware.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h -e_sureware.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -e_sureware.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h -e_sureware.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h -e_sureware.o: ../include/openssl/rand.h ../include/openssl/rsa.h -e_sureware.o: ../include/openssl/safestack.h ../include/openssl/sha.h -e_sureware.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -e_sureware.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h -e_sureware.o: e_sureware.c e_sureware_err.c e_sureware_err.h -e_sureware.o: vendor_defns/sureware.h +e_sureware.o: ../include/openssl/evp.h ../include/openssl/fips.h +e_sureware.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h +e_sureware.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h +e_sureware.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +e_sureware.o: ../include/openssl/pem.h ../include/openssl/pem2.h +e_sureware.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h +e_sureware.o: ../include/openssl/rsa.h ../include/openssl/safestack.h +e_sureware.o: ../include/openssl/sha.h ../include/openssl/stack.h +e_sureware.o: ../include/openssl/symhacks.h ../include/openssl/x509.h +e_sureware.o: ../include/openssl/x509_vfy.h e_sureware.c e_sureware_err.c +e_sureware.o: e_sureware_err.h vendor_defns/sureware.h e_ubsec.o: ../include/openssl/asn1.h ../include/openssl/bio.h e_ubsec.o: ../include/openssl/bn.h ../include/openssl/buffer.h e_ubsec.o: ../include/openssl/crypto.h ../include/openssl/dh.h @@ -287,12 +290,12 @@ e_ubsec.o: ../include/openssl/dsa.h ../include/openssl/dso.h e_ubsec.o: ../include/openssl/e_os2.h ../include/openssl/ec.h e_ubsec.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h e_ubsec.o: ../include/openssl/engine.h ../include/openssl/err.h -e_ubsec.o: ../include/openssl/evp.h ../include/openssl/lhash.h -e_ubsec.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h -e_ubsec.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -e_ubsec.o: ../include/openssl/ossl_typ.h ../include/openssl/pkcs7.h -e_ubsec.o: ../include/openssl/rsa.h ../include/openssl/safestack.h -e_ubsec.o: ../include/openssl/sha.h ../include/openssl/stack.h -e_ubsec.o: ../include/openssl/symhacks.h ../include/openssl/x509.h -e_ubsec.o: ../include/openssl/x509_vfy.h e_ubsec.c e_ubsec_err.c e_ubsec_err.h -e_ubsec.o: vendor_defns/hw_ubsec.h +e_ubsec.o: ../include/openssl/evp.h ../include/openssl/fips.h +e_ubsec.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h +e_ubsec.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h +e_ubsec.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +e_ubsec.o: ../include/openssl/pkcs7.h ../include/openssl/rsa.h +e_ubsec.o: ../include/openssl/safestack.h ../include/openssl/sha.h +e_ubsec.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +e_ubsec.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h e_ubsec.c +e_ubsec.o: e_ubsec_err.c e_ubsec_err.h vendor_defns/hw_ubsec.h diff --git a/lib/libssl/src/makevms.com b/lib/libssl/src/makevms.com index 4f70308082b..e0b856d1bb7 100644 --- a/lib/libssl/src/makevms.com +++ b/lib/libssl/src/makevms.com @@ -429,11 +429,11 @@ $! $ SDIRS := ,- OBJECTS,- MD2,MD4,MD5,SHA,MDC2,HMAC,RIPEMD,- - DES,RC2,RC4,RC5,IDEA,BF,CAST,CAMELLIA,SEED,- - BN,EC,RSA,DSA,ECDSA,DH,ECDH,DSO,ENGINE,AES,- + DES,AES,RC2,RC4,RC5,IDEA,BF,CAST,CAMELLIA,SEED,- + BN,EC,RSA,DSA,ECDSA,DH,ECDH,DSO,ENGINE,- BUFFER,BIO,STACK,LHASH,RAND,ERR,- EVP,ASN1,PEM,X509,X509V3,CONF,TXT_DB,PKCS7,PKCS12,COMP,OCSP,UI,KRB5,- - STORE,CMS,PQUEUE + STORE,CMS,PQUEUE,JPAKE $ EXHEADER_ := crypto.h,tmdiff.h,opensslv.h,opensslconf.h,ebcdic.h,symhacks.h,- ossl_typ.h $ EXHEADER_OBJECTS := objects.h,obj_mac.h @@ -445,6 +445,7 @@ $ EXHEADER_MDC2 := mdc2.h $ EXHEADER_HMAC := hmac.h $ EXHEADER_RIPEMD := ripemd.h $ EXHEADER_DES := des.h,des_old.h +$ EXHEADER_AES := aes.h $ EXHEADER_RC2 := rc2.h $ EXHEADER_RC4 := rc4.h $ EXHEADER_RC5 := rc5.h @@ -462,7 +463,6 @@ $ EXHEADER_DH := dh.h $ EXHEADER_ECDH := ecdh.h $ EXHEADER_DSO := dso.h $ EXHEADER_ENGINE := engine.h -$ EXHEADER_AES := aes.h $ EXHEADER_BUFFER := buffer.h $ EXHEADER_BIO := bio.h $ EXHEADER_STACK := stack.h,safestack.h @@ -486,6 +486,7 @@ $!EXHEADER_STORE := store.h,str_compat.h $ EXHEADER_STORE := store.h $ EXHEADER_CMS := cms.h $ EXHEADER_PQUEUE := pqueue.h,pq_compat.h +$ EXHEADER_JPAKE := jpake.h $ $ I = 0 $ LOOP_SDIRS: diff --git a/lib/libssl/src/ms/do_masm.bat b/lib/libssl/src/ms/do_masm.bat index 6ea1c987169..8c22256b32f 100644 --- a/lib/libssl/src/ms/do_masm.bat +++ b/lib/libssl/src/ms/do_masm.bat @@ -7,6 +7,7 @@ echo Bignum cd crypto\bn\asm perl bn-586.pl win32 %ASMOPTS% > bn_win32.asm perl co-586.pl win32 %ASMOPTS% > co_win32.asm +perl mo-586.pl win32 %ASMOPTS% > mt_win32.asm cd ..\..\.. echo AES diff --git a/lib/libssl/src/ms/do_nasm.bat b/lib/libssl/src/ms/do_nasm.bat index 7a2fa456630..7656c498dfc 100644 --- a/lib/libssl/src/ms/do_nasm.bat +++ b/lib/libssl/src/ms/do_nasm.bat @@ -8,6 +8,7 @@ echo Bignum cd crypto\bn\asm perl bn-586.pl win32n %ASMOPTS% > bn_win32.asm perl co-586.pl win32n %ASMOPTS% > co_win32.asm +perl mo-586.pl win32n %ASMOPTS% > mt_win32.asm cd ..\..\.. echo AES diff --git a/lib/libssl/src/ms/test.bat b/lib/libssl/src/ms/test.bat index 5085670b99e..f729261782c 100644 --- a/lib/libssl/src/ms/test.bat +++ b/lib/libssl/src/ms/test.bat @@ -1,195 +1,190 @@ -@echo off
-
-set test=..\ms
-set opath=%PATH%
-PATH=..\ms;%PATH%
-set OPENSSL_CONF=..\apps\openssl.cnf
-
-rem run this from inside the bin directory
-
-echo rsa_test
-rsa_test
-if errorlevel 1 goto done
-
-echo destest
-destest
-if errorlevel 1 goto done
-
-echo ideatest
-ideatest
-if errorlevel 1 goto done
-
-echo bftest
-bftest
-if errorlevel 1 goto done
-
-echo shatest
-shatest
-if errorlevel 1 goto done
-
-echo sha1test
-sha1test
-if errorlevel 1 goto done
-
-echo md5test
-md5test
-if errorlevel 1 goto done
-
-echo md2test
-md2test
-if errorlevel 1 goto done
-
-echo rc2test
-rc2test
-if errorlevel 1 goto done
-
-echo rc4test
-rc4test
-if errorlevel 1 goto done
-
-echo randtest
-randtest
-if errorlevel 1 goto done
-
-echo dhtest
-dhtest
-if errorlevel 1 goto done
-
-echo exptest
-exptest
-if errorlevel 1 goto done
-
-echo dsatest
-dsatest
-if errorlevel 1 goto done
-
-echo ectest
-ectest
-if errorlevel 1 goto done
-
-echo testenc
-call %test%\testenc openssl
-if errorlevel 1 goto done
-
-echo testpem
-call %test%\testpem openssl
-if errorlevel 1 goto done
-
-echo verify
-copy ..\certs\*.pem cert.tmp >nul
-openssl verify -CAfile cert.tmp ..\certs\*.pem
-
-echo testss
-call %test%\testss openssl
-if errorlevel 1 goto done
-
-set SSL_TEST=ssltest -key keyU.ss -cert certU.ss -c_key keyU.ss -c_cert certU.ss -CAfile certCA.ss
-
-echo test sslv2
-ssltest -ssl2
-if errorlevel 1 goto done
-
-echo test sslv2 with server authentication
-%SSL_TEST% -ssl2 -server_auth
-if errorlevel 1 goto done
-
-echo test sslv2 with client authentication
-%SSL_TEST% -ssl2 -client_auth
-if errorlevel 1 goto done
-
-echo test sslv2 with both client and server authentication
-%SSL_TEST% -ssl2 -server_auth -client_auth
-if errorlevel 1 goto done
-
-echo test sslv3
-ssltest -ssl3
-if errorlevel 1 goto done
-
-echo test sslv3 with server authentication
-%SSL_TEST% -ssl3 -server_auth
-if errorlevel 1 goto done
-
-echo test sslv3 with client authentication
-%SSL_TEST% -ssl3 -client_auth
-if errorlevel 1 goto done
-
-echo test sslv3 with both client and server authentication
-%SSL_TEST% -ssl3 -server_auth -client_auth
-if errorlevel 1 goto done
-
-echo test sslv2/sslv3
-ssltest
-if errorlevel 1 goto done
-
-echo test sslv2/sslv3 with server authentication
-%SSL_TEST% -server_auth
-if errorlevel 1 goto done
-
-echo test sslv2/sslv3 with client authentication
-%SSL_TEST% -client_auth
-if errorlevel 1 goto done
-
-echo test sslv2/sslv3 with both client and server authentication
-%SSL_TEST% -server_auth -client_auth
-if errorlevel 1 goto done
-
-echo test sslv2 via BIO pair
-ssltest -bio_pair -ssl2
-if errorlevel 1 goto done
-
-echo test sslv2/sslv3 with 1024 bit DHE via BIO pair
-ssltest -bio_pair -dhe1024dsa -v
-if errorlevel 1 goto done
-
-echo test sslv2 with server authentication via BIO pair
-%SSL_TEST% -bio_pair -ssl2 -server_auth
-if errorlevel 1 goto done
-
-echo test sslv2 with client authentication via BIO pair
-%SSL_TEST% -bio_pair -ssl2 -client_auth
-if errorlevel 1 goto done
-
-echo test sslv2 with both client and server authentication via BIO pair
-%SSL_TEST% -bio_pair -ssl2 -server_auth -client_auth
-if errorlevel 1 goto done
-
-echo test sslv3 via BIO pair
-ssltest -bio_pair -ssl3
-if errorlevel 1 goto done
-
-echo test sslv3 with server authentication via BIO pair
-%SSL_TEST% -bio_pair -ssl3 -server_auth
-if errorlevel 1 goto done
-
-echo test sslv3 with client authentication via BIO pair
-%SSL_TEST% -bio_pair -ssl3 -client_auth
-if errorlevel 1 goto done
-
-echo test sslv3 with both client and server authentication via BIO pair
-%SSL_TEST% -bio_pair -ssl3 -server_auth -client_auth
-if errorlevel 1 goto done
-
-echo test sslv2/sslv3 via BIO pair
-ssltest -bio_pair
-if errorlevel 1 goto done
-
-echo test sslv2/sslv3 with server authentication
-%SSL_TEST% -bio_pair -server_auth
-if errorlevel 1 goto done
-
-echo test sslv2/sslv3 with client authentication via BIO pair
-%SSL_TEST% -bio_pair -client_auth
-if errorlevel 1 goto done
-
-echo test sslv2/sslv3 with both client and server authentication via BIO pair
-%SSL_TEST% -bio_pair -server_auth -client_auth
-if errorlevel 1 goto done
-
-del cert.tmp
-
-echo passed all tests
-goto end
-:done
-echo problems.....
-:end
-PATH=%opath%
+@echo off + +set test=..\ms +set opath=%PATH% +PATH=..\ms;%PATH% +set OPENSSL_CONF=..\apps\openssl.cnf + +rem run this from inside the bin directory + +echo rsa_test +rsa_test +if errorlevel 1 goto done + +echo destest +destest +if errorlevel 1 goto done + +echo ideatest +ideatest +if errorlevel 1 goto done + +echo bftest +bftest +if errorlevel 1 goto done + +echo shatest +shatest +if errorlevel 1 goto done + +echo sha1test +sha1test +if errorlevel 1 goto done + +echo md5test +md5test +if errorlevel 1 goto done + +echo md2test +md2test +if errorlevel 1 goto done + +echo rc2test +rc2test +if errorlevel 1 goto done + +echo rc4test +rc4test +if errorlevel 1 goto done + +echo randtest +randtest +if errorlevel 1 goto done + +echo dhtest +dhtest +if errorlevel 1 goto done + +echo exptest +exptest +if errorlevel 1 goto done + +echo dsatest +dsatest +if errorlevel 1 goto done + +echo ectest +ectest +if errorlevel 1 goto done + +echo testenc +call %test%\testenc openssl +if errorlevel 1 goto done + +echo testpem +call %test%\testpem openssl +if errorlevel 1 goto done + +echo testss +call %test%\testss openssl +if errorlevel 1 goto done + +set SSL_TEST=ssltest -key keyU.ss -cert certU.ss -c_key keyU.ss -c_cert certU.ss -CAfile certCA.ss + +echo test sslv2 +ssltest -ssl2 +if errorlevel 1 goto done + +echo test sslv2 with server authentication +%SSL_TEST% -ssl2 -server_auth +if errorlevel 1 goto done + +echo test sslv2 with client authentication +%SSL_TEST% -ssl2 -client_auth +if errorlevel 1 goto done + +echo test sslv2 with both client and server authentication +%SSL_TEST% -ssl2 -server_auth -client_auth +if errorlevel 1 goto done + +echo test sslv3 +ssltest -ssl3 +if errorlevel 1 goto done + +echo test sslv3 with server authentication +%SSL_TEST% -ssl3 -server_auth +if errorlevel 1 goto done + +echo test sslv3 with client authentication +%SSL_TEST% -ssl3 -client_auth +if errorlevel 1 goto done + +echo test sslv3 with both client and server authentication +%SSL_TEST% -ssl3 -server_auth -client_auth +if errorlevel 1 goto done + +echo test sslv2/sslv3 +ssltest +if errorlevel 1 goto done + +echo test sslv2/sslv3 with server authentication +%SSL_TEST% -server_auth +if errorlevel 1 goto done + +echo test sslv2/sslv3 with client authentication +%SSL_TEST% -client_auth +if errorlevel 1 goto done + +echo test sslv2/sslv3 with both client and server authentication +%SSL_TEST% -server_auth -client_auth +if errorlevel 1 goto done + +echo test sslv2 via BIO pair +ssltest -bio_pair -ssl2 +if errorlevel 1 goto done + +echo test sslv2/sslv3 with 1024 bit DHE via BIO pair +ssltest -bio_pair -dhe1024dsa -v +if errorlevel 1 goto done + +echo test sslv2 with server authentication via BIO pair +%SSL_TEST% -bio_pair -ssl2 -server_auth +if errorlevel 1 goto done + +echo test sslv2 with client authentication via BIO pair +%SSL_TEST% -bio_pair -ssl2 -client_auth +if errorlevel 1 goto done + +echo test sslv2 with both client and server authentication via BIO pair +%SSL_TEST% -bio_pair -ssl2 -server_auth -client_auth +if errorlevel 1 goto done + +echo test sslv3 via BIO pair +ssltest -bio_pair -ssl3 +if errorlevel 1 goto done + +echo test sslv3 with server authentication via BIO pair +%SSL_TEST% -bio_pair -ssl3 -server_auth +if errorlevel 1 goto done + +echo test sslv3 with client authentication via BIO pair +%SSL_TEST% -bio_pair -ssl3 -client_auth +if errorlevel 1 goto done + +echo test sslv3 with both client and server authentication via BIO pair +%SSL_TEST% -bio_pair -ssl3 -server_auth -client_auth +if errorlevel 1 goto done + +echo test sslv2/sslv3 via BIO pair +ssltest -bio_pair +if errorlevel 1 goto done + +echo test sslv2/sslv3 with server authentication +%SSL_TEST% -bio_pair -server_auth +if errorlevel 1 goto done + +echo test sslv2/sslv3 with client authentication via BIO pair +%SSL_TEST% -bio_pair -client_auth +if errorlevel 1 goto done + +echo test sslv2/sslv3 with both client and server authentication via BIO pair +%SSL_TEST% -bio_pair -server_auth -client_auth +if errorlevel 1 goto done + + +echo passed all tests +goto end +:done +echo problems..... +:end +PATH=%opath% diff --git a/lib/libssl/src/openssl.spec b/lib/libssl/src/openssl.spec index a1fa1984237..6008c3c9c83 100644 --- a/lib/libssl/src/openssl.spec +++ b/lib/libssl/src/openssl.spec @@ -1,7 +1,7 @@ %define libmaj 0 %define libmin 9 %define librel 8 -%define librev i +%define librev j Release: 1 %define openssldir /var/ssl diff --git a/lib/libssl/src/ssl/Makefile b/lib/libssl/src/ssl/Makefile index cb4267f5de6..46c06597fa4 100644 --- a/lib/libssl/src/ssl/Makefile +++ b/lib/libssl/src/ssl/Makefile @@ -53,7 +53,7 @@ ALL= $(GENERAL) $(SRC) $(HEADER) top: (cd ..; $(MAKE) DIRS=$(DIR) all) -all: shared +all: lib lib: $(LIBOBJ) $(AR) $(LIB) $(LIBOBJ) @@ -111,19 +111,19 @@ bio_ssl.o: ../include/openssl/comp.h ../include/openssl/crypto.h bio_ssl.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h bio_ssl.o: ../include/openssl/ec.h ../include/openssl/ecdh.h bio_ssl.o: ../include/openssl/ecdsa.h ../include/openssl/err.h -bio_ssl.o: ../include/openssl/evp.h ../include/openssl/hmac.h -bio_ssl.o: ../include/openssl/kssl.h ../include/openssl/lhash.h -bio_ssl.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h -bio_ssl.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -bio_ssl.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h -bio_ssl.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h -bio_ssl.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h -bio_ssl.o: ../include/openssl/safestack.h ../include/openssl/sha.h -bio_ssl.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h -bio_ssl.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h -bio_ssl.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -bio_ssl.o: ../include/openssl/tls1.h ../include/openssl/x509.h -bio_ssl.o: ../include/openssl/x509_vfy.h bio_ssl.c +bio_ssl.o: ../include/openssl/evp.h ../include/openssl/fips.h +bio_ssl.o: ../include/openssl/hmac.h ../include/openssl/kssl.h +bio_ssl.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h +bio_ssl.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h +bio_ssl.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +bio_ssl.o: ../include/openssl/pem.h ../include/openssl/pem2.h +bio_ssl.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h +bio_ssl.o: ../include/openssl/pqueue.h ../include/openssl/safestack.h +bio_ssl.o: ../include/openssl/sha.h ../include/openssl/ssl.h +bio_ssl.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h +bio_ssl.o: ../include/openssl/ssl3.h ../include/openssl/stack.h +bio_ssl.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h +bio_ssl.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h bio_ssl.c d1_both.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h d1_both.o: ../include/openssl/bn.h ../include/openssl/buffer.h d1_both.o: ../include/openssl/comp.h ../include/openssl/crypto.h @@ -131,20 +131,20 @@ d1_both.o: ../include/openssl/dsa.h ../include/openssl/dtls1.h d1_both.o: ../include/openssl/e_os2.h ../include/openssl/ec.h d1_both.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h d1_both.o: ../include/openssl/err.h ../include/openssl/evp.h -d1_both.o: ../include/openssl/hmac.h ../include/openssl/kssl.h -d1_both.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h -d1_both.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h -d1_both.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h -d1_both.o: ../include/openssl/pem.h ../include/openssl/pem2.h -d1_both.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h -d1_both.o: ../include/openssl/pqueue.h ../include/openssl/rand.h -d1_both.o: ../include/openssl/rsa.h ../include/openssl/safestack.h -d1_both.o: ../include/openssl/sha.h ../include/openssl/ssl.h -d1_both.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h -d1_both.o: ../include/openssl/ssl3.h ../include/openssl/stack.h -d1_both.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h -d1_both.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h d1_both.c -d1_both.o: ssl_locl.h +d1_both.o: ../include/openssl/fips.h ../include/openssl/hmac.h +d1_both.o: ../include/openssl/kssl.h ../include/openssl/lhash.h +d1_both.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h +d1_both.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +d1_both.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h +d1_both.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h +d1_both.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h +d1_both.o: ../include/openssl/rand.h ../include/openssl/rsa.h +d1_both.o: ../include/openssl/safestack.h ../include/openssl/sha.h +d1_both.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h +d1_both.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h +d1_both.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +d1_both.o: ../include/openssl/tls1.h ../include/openssl/x509.h +d1_both.o: ../include/openssl/x509_vfy.h d1_both.c ssl_locl.h d1_clnt.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h d1_clnt.o: ../include/openssl/bn.h ../include/openssl/buffer.h d1_clnt.o: ../include/openssl/comp.h ../include/openssl/crypto.h @@ -152,21 +152,21 @@ d1_clnt.o: ../include/openssl/dh.h ../include/openssl/dsa.h d1_clnt.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h d1_clnt.o: ../include/openssl/ec.h ../include/openssl/ecdh.h d1_clnt.o: ../include/openssl/ecdsa.h ../include/openssl/err.h -d1_clnt.o: ../include/openssl/evp.h ../include/openssl/hmac.h -d1_clnt.o: ../include/openssl/kssl.h ../include/openssl/lhash.h -d1_clnt.o: ../include/openssl/md5.h ../include/openssl/obj_mac.h -d1_clnt.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h -d1_clnt.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h -d1_clnt.o: ../include/openssl/pem.h ../include/openssl/pem2.h -d1_clnt.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h -d1_clnt.o: ../include/openssl/pqueue.h ../include/openssl/rand.h -d1_clnt.o: ../include/openssl/rsa.h ../include/openssl/safestack.h -d1_clnt.o: ../include/openssl/sha.h ../include/openssl/ssl.h -d1_clnt.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h -d1_clnt.o: ../include/openssl/ssl3.h ../include/openssl/stack.h -d1_clnt.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h -d1_clnt.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h d1_clnt.c -d1_clnt.o: kssl_lcl.h ssl_locl.h +d1_clnt.o: ../include/openssl/evp.h ../include/openssl/fips.h +d1_clnt.o: ../include/openssl/hmac.h ../include/openssl/kssl.h +d1_clnt.o: ../include/openssl/lhash.h ../include/openssl/md5.h +d1_clnt.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h +d1_clnt.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +d1_clnt.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h +d1_clnt.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h +d1_clnt.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h +d1_clnt.o: ../include/openssl/rand.h ../include/openssl/rsa.h +d1_clnt.o: ../include/openssl/safestack.h ../include/openssl/sha.h +d1_clnt.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h +d1_clnt.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h +d1_clnt.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +d1_clnt.o: ../include/openssl/tls1.h ../include/openssl/x509.h +d1_clnt.o: ../include/openssl/x509_vfy.h d1_clnt.c kssl_lcl.h ssl_locl.h d1_enc.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h d1_enc.o: ../include/openssl/bn.h ../include/openssl/buffer.h d1_enc.o: ../include/openssl/comp.h ../include/openssl/crypto.h @@ -174,20 +174,21 @@ d1_enc.o: ../include/openssl/dsa.h ../include/openssl/dtls1.h d1_enc.o: ../include/openssl/e_os2.h ../include/openssl/ec.h d1_enc.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h d1_enc.o: ../include/openssl/err.h ../include/openssl/evp.h -d1_enc.o: ../include/openssl/hmac.h ../include/openssl/kssl.h -d1_enc.o: ../include/openssl/lhash.h ../include/openssl/md5.h -d1_enc.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h -d1_enc.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -d1_enc.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h -d1_enc.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h -d1_enc.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h -d1_enc.o: ../include/openssl/rand.h ../include/openssl/rsa.h -d1_enc.o: ../include/openssl/safestack.h ../include/openssl/sha.h -d1_enc.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h -d1_enc.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h -d1_enc.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -d1_enc.o: ../include/openssl/tls1.h ../include/openssl/x509.h -d1_enc.o: ../include/openssl/x509_vfy.h d1_enc.c ssl_locl.h +d1_enc.o: ../include/openssl/fips.h ../include/openssl/hmac.h +d1_enc.o: ../include/openssl/kssl.h ../include/openssl/lhash.h +d1_enc.o: ../include/openssl/md5.h ../include/openssl/obj_mac.h +d1_enc.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h +d1_enc.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +d1_enc.o: ../include/openssl/pem.h ../include/openssl/pem2.h +d1_enc.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h +d1_enc.o: ../include/openssl/pqueue.h ../include/openssl/rand.h +d1_enc.o: ../include/openssl/rsa.h ../include/openssl/safestack.h +d1_enc.o: ../include/openssl/sha.h ../include/openssl/ssl.h +d1_enc.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h +d1_enc.o: ../include/openssl/ssl3.h ../include/openssl/stack.h +d1_enc.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h +d1_enc.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h d1_enc.c +d1_enc.o: ssl_locl.h d1_lib.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h d1_lib.o: ../include/openssl/bn.h ../include/openssl/buffer.h d1_lib.o: ../include/openssl/comp.h ../include/openssl/crypto.h @@ -195,19 +196,20 @@ d1_lib.o: ../include/openssl/dsa.h ../include/openssl/dtls1.h d1_lib.o: ../include/openssl/e_os2.h ../include/openssl/ec.h d1_lib.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h d1_lib.o: ../include/openssl/err.h ../include/openssl/evp.h -d1_lib.o: ../include/openssl/hmac.h ../include/openssl/kssl.h -d1_lib.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h -d1_lib.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h -d1_lib.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h -d1_lib.o: ../include/openssl/pem.h ../include/openssl/pem2.h -d1_lib.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h -d1_lib.o: ../include/openssl/pqueue.h ../include/openssl/rsa.h -d1_lib.o: ../include/openssl/safestack.h ../include/openssl/sha.h -d1_lib.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h -d1_lib.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h -d1_lib.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -d1_lib.o: ../include/openssl/tls1.h ../include/openssl/x509.h -d1_lib.o: ../include/openssl/x509_vfy.h d1_lib.c ssl_locl.h +d1_lib.o: ../include/openssl/fips.h ../include/openssl/hmac.h +d1_lib.o: ../include/openssl/kssl.h ../include/openssl/lhash.h +d1_lib.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h +d1_lib.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +d1_lib.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h +d1_lib.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h +d1_lib.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h +d1_lib.o: ../include/openssl/rsa.h ../include/openssl/safestack.h +d1_lib.o: ../include/openssl/sha.h ../include/openssl/ssl.h +d1_lib.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h +d1_lib.o: ../include/openssl/ssl3.h ../include/openssl/stack.h +d1_lib.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h +d1_lib.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h d1_lib.c +d1_lib.o: ssl_locl.h d1_meth.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h d1_meth.o: ../include/openssl/bn.h ../include/openssl/buffer.h d1_meth.o: ../include/openssl/comp.h ../include/openssl/crypto.h @@ -215,19 +217,20 @@ d1_meth.o: ../include/openssl/dsa.h ../include/openssl/dtls1.h d1_meth.o: ../include/openssl/e_os2.h ../include/openssl/ec.h d1_meth.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h d1_meth.o: ../include/openssl/err.h ../include/openssl/evp.h -d1_meth.o: ../include/openssl/hmac.h ../include/openssl/kssl.h -d1_meth.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h -d1_meth.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h -d1_meth.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h -d1_meth.o: ../include/openssl/pem.h ../include/openssl/pem2.h -d1_meth.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h -d1_meth.o: ../include/openssl/pqueue.h ../include/openssl/rsa.h -d1_meth.o: ../include/openssl/safestack.h ../include/openssl/sha.h -d1_meth.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h -d1_meth.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h -d1_meth.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -d1_meth.o: ../include/openssl/tls1.h ../include/openssl/x509.h -d1_meth.o: ../include/openssl/x509_vfy.h d1_meth.c ssl_locl.h +d1_meth.o: ../include/openssl/fips.h ../include/openssl/hmac.h +d1_meth.o: ../include/openssl/kssl.h ../include/openssl/lhash.h +d1_meth.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h +d1_meth.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +d1_meth.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h +d1_meth.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h +d1_meth.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h +d1_meth.o: ../include/openssl/rsa.h ../include/openssl/safestack.h +d1_meth.o: ../include/openssl/sha.h ../include/openssl/ssl.h +d1_meth.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h +d1_meth.o: ../include/openssl/ssl3.h ../include/openssl/stack.h +d1_meth.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h +d1_meth.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h d1_meth.c +d1_meth.o: ssl_locl.h d1_pkt.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h d1_pkt.o: ../include/openssl/bn.h ../include/openssl/buffer.h d1_pkt.o: ../include/openssl/comp.h ../include/openssl/crypto.h @@ -235,20 +238,20 @@ d1_pkt.o: ../include/openssl/dsa.h ../include/openssl/dtls1.h d1_pkt.o: ../include/openssl/e_os2.h ../include/openssl/ec.h d1_pkt.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h d1_pkt.o: ../include/openssl/err.h ../include/openssl/evp.h -d1_pkt.o: ../include/openssl/hmac.h ../include/openssl/kssl.h -d1_pkt.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h -d1_pkt.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h -d1_pkt.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h -d1_pkt.o: ../include/openssl/pem.h ../include/openssl/pem2.h -d1_pkt.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h -d1_pkt.o: ../include/openssl/pqueue.h ../include/openssl/rand.h -d1_pkt.o: ../include/openssl/rsa.h ../include/openssl/safestack.h -d1_pkt.o: ../include/openssl/sha.h ../include/openssl/ssl.h -d1_pkt.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h -d1_pkt.o: ../include/openssl/ssl3.h ../include/openssl/stack.h -d1_pkt.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h -d1_pkt.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h d1_pkt.c -d1_pkt.o: ssl_locl.h +d1_pkt.o: ../include/openssl/fips.h ../include/openssl/hmac.h +d1_pkt.o: ../include/openssl/kssl.h ../include/openssl/lhash.h +d1_pkt.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h +d1_pkt.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +d1_pkt.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h +d1_pkt.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h +d1_pkt.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h +d1_pkt.o: ../include/openssl/rand.h ../include/openssl/rsa.h +d1_pkt.o: ../include/openssl/safestack.h ../include/openssl/sha.h +d1_pkt.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h +d1_pkt.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h +d1_pkt.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +d1_pkt.o: ../include/openssl/tls1.h ../include/openssl/x509.h +d1_pkt.o: ../include/openssl/x509_vfy.h d1_pkt.c ssl_locl.h d1_srvr.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h d1_srvr.o: ../include/openssl/bn.h ../include/openssl/buffer.h d1_srvr.o: ../include/openssl/comp.h ../include/openssl/crypto.h @@ -256,40 +259,40 @@ d1_srvr.o: ../include/openssl/dh.h ../include/openssl/dsa.h d1_srvr.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h d1_srvr.o: ../include/openssl/ec.h ../include/openssl/ecdh.h d1_srvr.o: ../include/openssl/ecdsa.h ../include/openssl/err.h -d1_srvr.o: ../include/openssl/evp.h ../include/openssl/hmac.h -d1_srvr.o: ../include/openssl/kssl.h ../include/openssl/lhash.h -d1_srvr.o: ../include/openssl/md5.h ../include/openssl/obj_mac.h -d1_srvr.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h -d1_srvr.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h -d1_srvr.o: ../include/openssl/pem.h ../include/openssl/pem2.h -d1_srvr.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h -d1_srvr.o: ../include/openssl/pqueue.h ../include/openssl/rand.h -d1_srvr.o: ../include/openssl/rsa.h ../include/openssl/safestack.h -d1_srvr.o: ../include/openssl/sha.h ../include/openssl/ssl.h -d1_srvr.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h -d1_srvr.o: ../include/openssl/ssl3.h ../include/openssl/stack.h -d1_srvr.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h -d1_srvr.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h d1_srvr.c -d1_srvr.o: ssl_locl.h +d1_srvr.o: ../include/openssl/evp.h ../include/openssl/fips.h +d1_srvr.o: ../include/openssl/hmac.h ../include/openssl/kssl.h +d1_srvr.o: ../include/openssl/lhash.h ../include/openssl/md5.h +d1_srvr.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h +d1_srvr.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +d1_srvr.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h +d1_srvr.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h +d1_srvr.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h +d1_srvr.o: ../include/openssl/rand.h ../include/openssl/rsa.h +d1_srvr.o: ../include/openssl/safestack.h ../include/openssl/sha.h +d1_srvr.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h +d1_srvr.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h +d1_srvr.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +d1_srvr.o: ../include/openssl/tls1.h ../include/openssl/x509.h +d1_srvr.o: ../include/openssl/x509_vfy.h d1_srvr.c ssl_locl.h kssl.o: ../include/openssl/asn1.h ../include/openssl/bio.h kssl.o: ../include/openssl/bn.h ../include/openssl/buffer.h kssl.o: ../include/openssl/comp.h ../include/openssl/crypto.h kssl.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h kssl.o: ../include/openssl/ec.h ../include/openssl/ecdh.h kssl.o: ../include/openssl/ecdsa.h ../include/openssl/evp.h -kssl.o: ../include/openssl/hmac.h ../include/openssl/krb5_asn.h -kssl.o: ../include/openssl/kssl.h ../include/openssl/lhash.h -kssl.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h -kssl.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -kssl.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h -kssl.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h -kssl.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h -kssl.o: ../include/openssl/safestack.h ../include/openssl/sha.h -kssl.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h -kssl.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h -kssl.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -kssl.o: ../include/openssl/tls1.h ../include/openssl/x509.h -kssl.o: ../include/openssl/x509_vfy.h kssl.c +kssl.o: ../include/openssl/fips.h ../include/openssl/hmac.h +kssl.o: ../include/openssl/krb5_asn.h ../include/openssl/kssl.h +kssl.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h +kssl.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h +kssl.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +kssl.o: ../include/openssl/pem.h ../include/openssl/pem2.h +kssl.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h +kssl.o: ../include/openssl/pqueue.h ../include/openssl/safestack.h +kssl.o: ../include/openssl/sha.h ../include/openssl/ssl.h +kssl.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h +kssl.o: ../include/openssl/ssl3.h ../include/openssl/stack.h +kssl.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h +kssl.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h kssl.c s23_clnt.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h s23_clnt.o: ../include/openssl/bn.h ../include/openssl/buffer.h s23_clnt.o: ../include/openssl/comp.h ../include/openssl/crypto.h @@ -297,20 +300,20 @@ s23_clnt.o: ../include/openssl/dsa.h ../include/openssl/dtls1.h s23_clnt.o: ../include/openssl/e_os2.h ../include/openssl/ec.h s23_clnt.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h s23_clnt.o: ../include/openssl/err.h ../include/openssl/evp.h -s23_clnt.o: ../include/openssl/hmac.h ../include/openssl/kssl.h -s23_clnt.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h -s23_clnt.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h -s23_clnt.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h -s23_clnt.o: ../include/openssl/pem.h ../include/openssl/pem2.h -s23_clnt.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h -s23_clnt.o: ../include/openssl/pqueue.h ../include/openssl/rand.h -s23_clnt.o: ../include/openssl/rsa.h ../include/openssl/safestack.h -s23_clnt.o: ../include/openssl/sha.h ../include/openssl/ssl.h -s23_clnt.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h -s23_clnt.o: ../include/openssl/ssl3.h ../include/openssl/stack.h -s23_clnt.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h -s23_clnt.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h s23_clnt.c -s23_clnt.o: ssl_locl.h +s23_clnt.o: ../include/openssl/fips.h ../include/openssl/hmac.h +s23_clnt.o: ../include/openssl/kssl.h ../include/openssl/lhash.h +s23_clnt.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h +s23_clnt.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +s23_clnt.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h +s23_clnt.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h +s23_clnt.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h +s23_clnt.o: ../include/openssl/rand.h ../include/openssl/rsa.h +s23_clnt.o: ../include/openssl/safestack.h ../include/openssl/sha.h +s23_clnt.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h +s23_clnt.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h +s23_clnt.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +s23_clnt.o: ../include/openssl/tls1.h ../include/openssl/x509.h +s23_clnt.o: ../include/openssl/x509_vfy.h s23_clnt.c ssl_locl.h s23_lib.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h s23_lib.o: ../include/openssl/bn.h ../include/openssl/buffer.h s23_lib.o: ../include/openssl/comp.h ../include/openssl/crypto.h @@ -318,19 +321,20 @@ s23_lib.o: ../include/openssl/dsa.h ../include/openssl/dtls1.h s23_lib.o: ../include/openssl/e_os2.h ../include/openssl/ec.h s23_lib.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h s23_lib.o: ../include/openssl/err.h ../include/openssl/evp.h -s23_lib.o: ../include/openssl/hmac.h ../include/openssl/kssl.h -s23_lib.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h -s23_lib.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h -s23_lib.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h -s23_lib.o: ../include/openssl/pem.h ../include/openssl/pem2.h -s23_lib.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h -s23_lib.o: ../include/openssl/pqueue.h ../include/openssl/rsa.h -s23_lib.o: ../include/openssl/safestack.h ../include/openssl/sha.h -s23_lib.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h -s23_lib.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h -s23_lib.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -s23_lib.o: ../include/openssl/tls1.h ../include/openssl/x509.h -s23_lib.o: ../include/openssl/x509_vfy.h s23_lib.c ssl_locl.h +s23_lib.o: ../include/openssl/fips.h ../include/openssl/hmac.h +s23_lib.o: ../include/openssl/kssl.h ../include/openssl/lhash.h +s23_lib.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h +s23_lib.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +s23_lib.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h +s23_lib.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h +s23_lib.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h +s23_lib.o: ../include/openssl/rsa.h ../include/openssl/safestack.h +s23_lib.o: ../include/openssl/sha.h ../include/openssl/ssl.h +s23_lib.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h +s23_lib.o: ../include/openssl/ssl3.h ../include/openssl/stack.h +s23_lib.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h +s23_lib.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h s23_lib.c +s23_lib.o: ssl_locl.h s23_meth.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h s23_meth.o: ../include/openssl/bn.h ../include/openssl/buffer.h s23_meth.o: ../include/openssl/comp.h ../include/openssl/crypto.h @@ -338,19 +342,20 @@ s23_meth.o: ../include/openssl/dsa.h ../include/openssl/dtls1.h s23_meth.o: ../include/openssl/e_os2.h ../include/openssl/ec.h s23_meth.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h s23_meth.o: ../include/openssl/err.h ../include/openssl/evp.h -s23_meth.o: ../include/openssl/hmac.h ../include/openssl/kssl.h -s23_meth.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h -s23_meth.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h -s23_meth.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h -s23_meth.o: ../include/openssl/pem.h ../include/openssl/pem2.h -s23_meth.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h -s23_meth.o: ../include/openssl/pqueue.h ../include/openssl/rsa.h -s23_meth.o: ../include/openssl/safestack.h ../include/openssl/sha.h -s23_meth.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h -s23_meth.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h -s23_meth.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -s23_meth.o: ../include/openssl/tls1.h ../include/openssl/x509.h -s23_meth.o: ../include/openssl/x509_vfy.h s23_meth.c ssl_locl.h +s23_meth.o: ../include/openssl/fips.h ../include/openssl/hmac.h +s23_meth.o: ../include/openssl/kssl.h ../include/openssl/lhash.h +s23_meth.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h +s23_meth.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +s23_meth.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h +s23_meth.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h +s23_meth.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h +s23_meth.o: ../include/openssl/rsa.h ../include/openssl/safestack.h +s23_meth.o: ../include/openssl/sha.h ../include/openssl/ssl.h +s23_meth.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h +s23_meth.o: ../include/openssl/ssl3.h ../include/openssl/stack.h +s23_meth.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h +s23_meth.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h s23_meth.c +s23_meth.o: ssl_locl.h s23_pkt.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h s23_pkt.o: ../include/openssl/bn.h ../include/openssl/buffer.h s23_pkt.o: ../include/openssl/comp.h ../include/openssl/crypto.h @@ -358,19 +363,20 @@ s23_pkt.o: ../include/openssl/dsa.h ../include/openssl/dtls1.h s23_pkt.o: ../include/openssl/e_os2.h ../include/openssl/ec.h s23_pkt.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h s23_pkt.o: ../include/openssl/err.h ../include/openssl/evp.h -s23_pkt.o: ../include/openssl/hmac.h ../include/openssl/kssl.h -s23_pkt.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h -s23_pkt.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h -s23_pkt.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h -s23_pkt.o: ../include/openssl/pem.h ../include/openssl/pem2.h -s23_pkt.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h -s23_pkt.o: ../include/openssl/pqueue.h ../include/openssl/rsa.h -s23_pkt.o: ../include/openssl/safestack.h ../include/openssl/sha.h -s23_pkt.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h -s23_pkt.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h -s23_pkt.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -s23_pkt.o: ../include/openssl/tls1.h ../include/openssl/x509.h -s23_pkt.o: ../include/openssl/x509_vfy.h s23_pkt.c ssl_locl.h +s23_pkt.o: ../include/openssl/fips.h ../include/openssl/hmac.h +s23_pkt.o: ../include/openssl/kssl.h ../include/openssl/lhash.h +s23_pkt.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h +s23_pkt.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +s23_pkt.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h +s23_pkt.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h +s23_pkt.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h +s23_pkt.o: ../include/openssl/rsa.h ../include/openssl/safestack.h +s23_pkt.o: ../include/openssl/sha.h ../include/openssl/ssl.h +s23_pkt.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h +s23_pkt.o: ../include/openssl/ssl3.h ../include/openssl/stack.h +s23_pkt.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h +s23_pkt.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h s23_pkt.c +s23_pkt.o: ssl_locl.h s23_srvr.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h s23_srvr.o: ../include/openssl/bn.h ../include/openssl/buffer.h s23_srvr.o: ../include/openssl/comp.h ../include/openssl/crypto.h @@ -378,20 +384,20 @@ s23_srvr.o: ../include/openssl/dsa.h ../include/openssl/dtls1.h s23_srvr.o: ../include/openssl/e_os2.h ../include/openssl/ec.h s23_srvr.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h s23_srvr.o: ../include/openssl/err.h ../include/openssl/evp.h -s23_srvr.o: ../include/openssl/hmac.h ../include/openssl/kssl.h -s23_srvr.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h -s23_srvr.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h -s23_srvr.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h -s23_srvr.o: ../include/openssl/pem.h ../include/openssl/pem2.h -s23_srvr.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h -s23_srvr.o: ../include/openssl/pqueue.h ../include/openssl/rand.h -s23_srvr.o: ../include/openssl/rsa.h ../include/openssl/safestack.h -s23_srvr.o: ../include/openssl/sha.h ../include/openssl/ssl.h -s23_srvr.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h -s23_srvr.o: ../include/openssl/ssl3.h ../include/openssl/stack.h -s23_srvr.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h -s23_srvr.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h s23_srvr.c -s23_srvr.o: ssl_locl.h +s23_srvr.o: ../include/openssl/fips.h ../include/openssl/hmac.h +s23_srvr.o: ../include/openssl/kssl.h ../include/openssl/lhash.h +s23_srvr.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h +s23_srvr.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +s23_srvr.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h +s23_srvr.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h +s23_srvr.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h +s23_srvr.o: ../include/openssl/rand.h ../include/openssl/rsa.h +s23_srvr.o: ../include/openssl/safestack.h ../include/openssl/sha.h +s23_srvr.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h +s23_srvr.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h +s23_srvr.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +s23_srvr.o: ../include/openssl/tls1.h ../include/openssl/x509.h +s23_srvr.o: ../include/openssl/x509_vfy.h s23_srvr.c ssl_locl.h s2_clnt.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h s2_clnt.o: ../include/openssl/bn.h ../include/openssl/buffer.h s2_clnt.o: ../include/openssl/comp.h ../include/openssl/crypto.h @@ -399,20 +405,20 @@ s2_clnt.o: ../include/openssl/dsa.h ../include/openssl/dtls1.h s2_clnt.o: ../include/openssl/e_os2.h ../include/openssl/ec.h s2_clnt.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h s2_clnt.o: ../include/openssl/err.h ../include/openssl/evp.h -s2_clnt.o: ../include/openssl/hmac.h ../include/openssl/kssl.h -s2_clnt.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h -s2_clnt.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h -s2_clnt.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h -s2_clnt.o: ../include/openssl/pem.h ../include/openssl/pem2.h -s2_clnt.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h -s2_clnt.o: ../include/openssl/pqueue.h ../include/openssl/rand.h -s2_clnt.o: ../include/openssl/rsa.h ../include/openssl/safestack.h -s2_clnt.o: ../include/openssl/sha.h ../include/openssl/ssl.h -s2_clnt.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h -s2_clnt.o: ../include/openssl/ssl3.h ../include/openssl/stack.h -s2_clnt.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h -s2_clnt.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h s2_clnt.c -s2_clnt.o: ssl_locl.h +s2_clnt.o: ../include/openssl/fips.h ../include/openssl/hmac.h +s2_clnt.o: ../include/openssl/kssl.h ../include/openssl/lhash.h +s2_clnt.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h +s2_clnt.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +s2_clnt.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h +s2_clnt.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h +s2_clnt.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h +s2_clnt.o: ../include/openssl/rand.h ../include/openssl/rsa.h +s2_clnt.o: ../include/openssl/safestack.h ../include/openssl/sha.h +s2_clnt.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h +s2_clnt.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h +s2_clnt.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +s2_clnt.o: ../include/openssl/tls1.h ../include/openssl/x509.h +s2_clnt.o: ../include/openssl/x509_vfy.h s2_clnt.c ssl_locl.h s2_enc.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h s2_enc.o: ../include/openssl/bn.h ../include/openssl/buffer.h s2_enc.o: ../include/openssl/comp.h ../include/openssl/crypto.h @@ -420,19 +426,20 @@ s2_enc.o: ../include/openssl/dsa.h ../include/openssl/dtls1.h s2_enc.o: ../include/openssl/e_os2.h ../include/openssl/ec.h s2_enc.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h s2_enc.o: ../include/openssl/err.h ../include/openssl/evp.h -s2_enc.o: ../include/openssl/hmac.h ../include/openssl/kssl.h -s2_enc.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h -s2_enc.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h -s2_enc.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h -s2_enc.o: ../include/openssl/pem.h ../include/openssl/pem2.h -s2_enc.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h -s2_enc.o: ../include/openssl/pqueue.h ../include/openssl/rsa.h -s2_enc.o: ../include/openssl/safestack.h ../include/openssl/sha.h -s2_enc.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h -s2_enc.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h -s2_enc.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -s2_enc.o: ../include/openssl/tls1.h ../include/openssl/x509.h -s2_enc.o: ../include/openssl/x509_vfy.h s2_enc.c ssl_locl.h +s2_enc.o: ../include/openssl/fips.h ../include/openssl/hmac.h +s2_enc.o: ../include/openssl/kssl.h ../include/openssl/lhash.h +s2_enc.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h +s2_enc.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +s2_enc.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h +s2_enc.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h +s2_enc.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h +s2_enc.o: ../include/openssl/rsa.h ../include/openssl/safestack.h +s2_enc.o: ../include/openssl/sha.h ../include/openssl/ssl.h +s2_enc.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h +s2_enc.o: ../include/openssl/ssl3.h ../include/openssl/stack.h +s2_enc.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h +s2_enc.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h s2_enc.c +s2_enc.o: ssl_locl.h s2_lib.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h s2_lib.o: ../include/openssl/bn.h ../include/openssl/buffer.h s2_lib.o: ../include/openssl/comp.h ../include/openssl/crypto.h @@ -440,20 +447,20 @@ s2_lib.o: ../include/openssl/dsa.h ../include/openssl/dtls1.h s2_lib.o: ../include/openssl/e_os2.h ../include/openssl/ec.h s2_lib.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h s2_lib.o: ../include/openssl/err.h ../include/openssl/evp.h -s2_lib.o: ../include/openssl/hmac.h ../include/openssl/kssl.h -s2_lib.o: ../include/openssl/lhash.h ../include/openssl/md5.h -s2_lib.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h -s2_lib.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -s2_lib.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h -s2_lib.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h -s2_lib.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h -s2_lib.o: ../include/openssl/rsa.h ../include/openssl/safestack.h -s2_lib.o: ../include/openssl/sha.h ../include/openssl/ssl.h -s2_lib.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h -s2_lib.o: ../include/openssl/ssl3.h ../include/openssl/stack.h -s2_lib.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h -s2_lib.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h s2_lib.c -s2_lib.o: ssl_locl.h +s2_lib.o: ../include/openssl/fips.h ../include/openssl/hmac.h +s2_lib.o: ../include/openssl/kssl.h ../include/openssl/lhash.h +s2_lib.o: ../include/openssl/md5.h ../include/openssl/obj_mac.h +s2_lib.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h +s2_lib.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +s2_lib.o: ../include/openssl/pem.h ../include/openssl/pem2.h +s2_lib.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h +s2_lib.o: ../include/openssl/pqueue.h ../include/openssl/rsa.h +s2_lib.o: ../include/openssl/safestack.h ../include/openssl/sha.h +s2_lib.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h +s2_lib.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h +s2_lib.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +s2_lib.o: ../include/openssl/tls1.h ../include/openssl/x509.h +s2_lib.o: ../include/openssl/x509_vfy.h s2_lib.c ssl_locl.h s2_meth.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h s2_meth.o: ../include/openssl/bn.h ../include/openssl/buffer.h s2_meth.o: ../include/openssl/comp.h ../include/openssl/crypto.h @@ -461,19 +468,20 @@ s2_meth.o: ../include/openssl/dsa.h ../include/openssl/dtls1.h s2_meth.o: ../include/openssl/e_os2.h ../include/openssl/ec.h s2_meth.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h s2_meth.o: ../include/openssl/err.h ../include/openssl/evp.h -s2_meth.o: ../include/openssl/hmac.h ../include/openssl/kssl.h -s2_meth.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h -s2_meth.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h -s2_meth.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h -s2_meth.o: ../include/openssl/pem.h ../include/openssl/pem2.h -s2_meth.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h -s2_meth.o: ../include/openssl/pqueue.h ../include/openssl/rsa.h -s2_meth.o: ../include/openssl/safestack.h ../include/openssl/sha.h -s2_meth.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h -s2_meth.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h -s2_meth.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -s2_meth.o: ../include/openssl/tls1.h ../include/openssl/x509.h -s2_meth.o: ../include/openssl/x509_vfy.h s2_meth.c ssl_locl.h +s2_meth.o: ../include/openssl/fips.h ../include/openssl/hmac.h +s2_meth.o: ../include/openssl/kssl.h ../include/openssl/lhash.h +s2_meth.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h +s2_meth.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +s2_meth.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h +s2_meth.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h +s2_meth.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h +s2_meth.o: ../include/openssl/rsa.h ../include/openssl/safestack.h +s2_meth.o: ../include/openssl/sha.h ../include/openssl/ssl.h +s2_meth.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h +s2_meth.o: ../include/openssl/ssl3.h ../include/openssl/stack.h +s2_meth.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h +s2_meth.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h s2_meth.c +s2_meth.o: ssl_locl.h s2_pkt.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h s2_pkt.o: ../include/openssl/bn.h ../include/openssl/buffer.h s2_pkt.o: ../include/openssl/comp.h ../include/openssl/crypto.h @@ -481,19 +489,20 @@ s2_pkt.o: ../include/openssl/dsa.h ../include/openssl/dtls1.h s2_pkt.o: ../include/openssl/e_os2.h ../include/openssl/ec.h s2_pkt.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h s2_pkt.o: ../include/openssl/err.h ../include/openssl/evp.h -s2_pkt.o: ../include/openssl/hmac.h ../include/openssl/kssl.h -s2_pkt.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h -s2_pkt.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h -s2_pkt.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h -s2_pkt.o: ../include/openssl/pem.h ../include/openssl/pem2.h -s2_pkt.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h -s2_pkt.o: ../include/openssl/pqueue.h ../include/openssl/rsa.h -s2_pkt.o: ../include/openssl/safestack.h ../include/openssl/sha.h -s2_pkt.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h -s2_pkt.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h -s2_pkt.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -s2_pkt.o: ../include/openssl/tls1.h ../include/openssl/x509.h -s2_pkt.o: ../include/openssl/x509_vfy.h s2_pkt.c ssl_locl.h +s2_pkt.o: ../include/openssl/fips.h ../include/openssl/hmac.h +s2_pkt.o: ../include/openssl/kssl.h ../include/openssl/lhash.h +s2_pkt.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h +s2_pkt.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +s2_pkt.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h +s2_pkt.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h +s2_pkt.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h +s2_pkt.o: ../include/openssl/rsa.h ../include/openssl/safestack.h +s2_pkt.o: ../include/openssl/sha.h ../include/openssl/ssl.h +s2_pkt.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h +s2_pkt.o: ../include/openssl/ssl3.h ../include/openssl/stack.h +s2_pkt.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h +s2_pkt.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h s2_pkt.c +s2_pkt.o: ssl_locl.h s2_srvr.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h s2_srvr.o: ../include/openssl/bn.h ../include/openssl/buffer.h s2_srvr.o: ../include/openssl/comp.h ../include/openssl/crypto.h @@ -501,20 +510,20 @@ s2_srvr.o: ../include/openssl/dsa.h ../include/openssl/dtls1.h s2_srvr.o: ../include/openssl/e_os2.h ../include/openssl/ec.h s2_srvr.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h s2_srvr.o: ../include/openssl/err.h ../include/openssl/evp.h -s2_srvr.o: ../include/openssl/hmac.h ../include/openssl/kssl.h -s2_srvr.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h -s2_srvr.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h -s2_srvr.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h -s2_srvr.o: ../include/openssl/pem.h ../include/openssl/pem2.h -s2_srvr.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h -s2_srvr.o: ../include/openssl/pqueue.h ../include/openssl/rand.h -s2_srvr.o: ../include/openssl/rsa.h ../include/openssl/safestack.h -s2_srvr.o: ../include/openssl/sha.h ../include/openssl/ssl.h -s2_srvr.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h -s2_srvr.o: ../include/openssl/ssl3.h ../include/openssl/stack.h -s2_srvr.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h -s2_srvr.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h s2_srvr.c -s2_srvr.o: ssl_locl.h +s2_srvr.o: ../include/openssl/fips.h ../include/openssl/hmac.h +s2_srvr.o: ../include/openssl/kssl.h ../include/openssl/lhash.h +s2_srvr.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h +s2_srvr.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +s2_srvr.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h +s2_srvr.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h +s2_srvr.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h +s2_srvr.o: ../include/openssl/rand.h ../include/openssl/rsa.h +s2_srvr.o: ../include/openssl/safestack.h ../include/openssl/sha.h +s2_srvr.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h +s2_srvr.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h +s2_srvr.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +s2_srvr.o: ../include/openssl/tls1.h ../include/openssl/x509.h +s2_srvr.o: ../include/openssl/x509_vfy.h s2_srvr.c ssl_locl.h s3_both.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h s3_both.o: ../include/openssl/bn.h ../include/openssl/buffer.h s3_both.o: ../include/openssl/comp.h ../include/openssl/crypto.h @@ -522,20 +531,20 @@ s3_both.o: ../include/openssl/dsa.h ../include/openssl/dtls1.h s3_both.o: ../include/openssl/e_os2.h ../include/openssl/ec.h s3_both.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h s3_both.o: ../include/openssl/err.h ../include/openssl/evp.h -s3_both.o: ../include/openssl/hmac.h ../include/openssl/kssl.h -s3_both.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h -s3_both.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h -s3_both.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h -s3_both.o: ../include/openssl/pem.h ../include/openssl/pem2.h -s3_both.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h -s3_both.o: ../include/openssl/pqueue.h ../include/openssl/rand.h -s3_both.o: ../include/openssl/rsa.h ../include/openssl/safestack.h -s3_both.o: ../include/openssl/sha.h ../include/openssl/ssl.h -s3_both.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h -s3_both.o: ../include/openssl/ssl3.h ../include/openssl/stack.h -s3_both.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h -s3_both.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h s3_both.c -s3_both.o: ssl_locl.h +s3_both.o: ../include/openssl/fips.h ../include/openssl/hmac.h +s3_both.o: ../include/openssl/kssl.h ../include/openssl/lhash.h +s3_both.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h +s3_both.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +s3_both.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h +s3_both.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h +s3_both.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h +s3_both.o: ../include/openssl/rand.h ../include/openssl/rsa.h +s3_both.o: ../include/openssl/safestack.h ../include/openssl/sha.h +s3_both.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h +s3_both.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h +s3_both.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +s3_both.o: ../include/openssl/tls1.h ../include/openssl/x509.h +s3_both.o: ../include/openssl/x509_vfy.h s3_both.c ssl_locl.h s3_clnt.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h s3_clnt.o: ../include/openssl/bn.h ../include/openssl/buffer.h s3_clnt.o: ../include/openssl/comp.h ../include/openssl/crypto.h @@ -544,20 +553,21 @@ s3_clnt.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h s3_clnt.o: ../include/openssl/ec.h ../include/openssl/ecdh.h s3_clnt.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h s3_clnt.o: ../include/openssl/err.h ../include/openssl/evp.h -s3_clnt.o: ../include/openssl/hmac.h ../include/openssl/kssl.h -s3_clnt.o: ../include/openssl/lhash.h ../include/openssl/md5.h -s3_clnt.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h -s3_clnt.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -s3_clnt.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h -s3_clnt.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h -s3_clnt.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h -s3_clnt.o: ../include/openssl/rand.h ../include/openssl/rsa.h -s3_clnt.o: ../include/openssl/safestack.h ../include/openssl/sha.h -s3_clnt.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h -s3_clnt.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h -s3_clnt.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -s3_clnt.o: ../include/openssl/tls1.h ../include/openssl/x509.h -s3_clnt.o: ../include/openssl/x509_vfy.h kssl_lcl.h s3_clnt.c ssl_locl.h +s3_clnt.o: ../include/openssl/fips.h ../include/openssl/hmac.h +s3_clnt.o: ../include/openssl/kssl.h ../include/openssl/lhash.h +s3_clnt.o: ../include/openssl/md5.h ../include/openssl/obj_mac.h +s3_clnt.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h +s3_clnt.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +s3_clnt.o: ../include/openssl/pem.h ../include/openssl/pem2.h +s3_clnt.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h +s3_clnt.o: ../include/openssl/pqueue.h ../include/openssl/rand.h +s3_clnt.o: ../include/openssl/rsa.h ../include/openssl/safestack.h +s3_clnt.o: ../include/openssl/sha.h ../include/openssl/ssl.h +s3_clnt.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h +s3_clnt.o: ../include/openssl/ssl3.h ../include/openssl/stack.h +s3_clnt.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h +s3_clnt.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h kssl_lcl.h +s3_clnt.o: s3_clnt.c ssl_locl.h s3_enc.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h s3_enc.o: ../include/openssl/bn.h ../include/openssl/buffer.h s3_enc.o: ../include/openssl/comp.h ../include/openssl/crypto.h @@ -565,20 +575,20 @@ s3_enc.o: ../include/openssl/dsa.h ../include/openssl/dtls1.h s3_enc.o: ../include/openssl/e_os2.h ../include/openssl/ec.h s3_enc.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h s3_enc.o: ../include/openssl/err.h ../include/openssl/evp.h -s3_enc.o: ../include/openssl/hmac.h ../include/openssl/kssl.h -s3_enc.o: ../include/openssl/lhash.h ../include/openssl/md5.h -s3_enc.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h -s3_enc.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -s3_enc.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h -s3_enc.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h -s3_enc.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h -s3_enc.o: ../include/openssl/rsa.h ../include/openssl/safestack.h -s3_enc.o: ../include/openssl/sha.h ../include/openssl/ssl.h -s3_enc.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h -s3_enc.o: ../include/openssl/ssl3.h ../include/openssl/stack.h -s3_enc.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h -s3_enc.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h s3_enc.c -s3_enc.o: ssl_locl.h +s3_enc.o: ../include/openssl/fips.h ../include/openssl/hmac.h +s3_enc.o: ../include/openssl/kssl.h ../include/openssl/lhash.h +s3_enc.o: ../include/openssl/md5.h ../include/openssl/obj_mac.h +s3_enc.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h +s3_enc.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +s3_enc.o: ../include/openssl/pem.h ../include/openssl/pem2.h +s3_enc.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h +s3_enc.o: ../include/openssl/pqueue.h ../include/openssl/rsa.h +s3_enc.o: ../include/openssl/safestack.h ../include/openssl/sha.h +s3_enc.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h +s3_enc.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h +s3_enc.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +s3_enc.o: ../include/openssl/tls1.h ../include/openssl/x509.h +s3_enc.o: ../include/openssl/x509_vfy.h s3_enc.c ssl_locl.h s3_lib.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h s3_lib.o: ../include/openssl/bn.h ../include/openssl/buffer.h s3_lib.o: ../include/openssl/comp.h ../include/openssl/crypto.h @@ -586,20 +596,21 @@ s3_lib.o: ../include/openssl/dh.h ../include/openssl/dsa.h s3_lib.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h s3_lib.o: ../include/openssl/ec.h ../include/openssl/ecdh.h s3_lib.o: ../include/openssl/ecdsa.h ../include/openssl/err.h -s3_lib.o: ../include/openssl/evp.h ../include/openssl/hmac.h -s3_lib.o: ../include/openssl/kssl.h ../include/openssl/lhash.h -s3_lib.o: ../include/openssl/md5.h ../include/openssl/obj_mac.h -s3_lib.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h -s3_lib.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h -s3_lib.o: ../include/openssl/pem.h ../include/openssl/pem2.h -s3_lib.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h -s3_lib.o: ../include/openssl/pqueue.h ../include/openssl/rsa.h -s3_lib.o: ../include/openssl/safestack.h ../include/openssl/sha.h -s3_lib.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h -s3_lib.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h -s3_lib.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -s3_lib.o: ../include/openssl/tls1.h ../include/openssl/x509.h -s3_lib.o: ../include/openssl/x509_vfy.h kssl_lcl.h s3_lib.c ssl_locl.h +s3_lib.o: ../include/openssl/evp.h ../include/openssl/fips.h +s3_lib.o: ../include/openssl/hmac.h ../include/openssl/kssl.h +s3_lib.o: ../include/openssl/lhash.h ../include/openssl/md5.h +s3_lib.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h +s3_lib.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +s3_lib.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h +s3_lib.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h +s3_lib.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h +s3_lib.o: ../include/openssl/rsa.h ../include/openssl/safestack.h +s3_lib.o: ../include/openssl/sha.h ../include/openssl/ssl.h +s3_lib.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h +s3_lib.o: ../include/openssl/ssl3.h ../include/openssl/stack.h +s3_lib.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h +s3_lib.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h kssl_lcl.h +s3_lib.o: s3_lib.c ssl_locl.h s3_meth.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h s3_meth.o: ../include/openssl/bn.h ../include/openssl/buffer.h s3_meth.o: ../include/openssl/comp.h ../include/openssl/crypto.h @@ -607,19 +618,20 @@ s3_meth.o: ../include/openssl/dsa.h ../include/openssl/dtls1.h s3_meth.o: ../include/openssl/e_os2.h ../include/openssl/ec.h s3_meth.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h s3_meth.o: ../include/openssl/err.h ../include/openssl/evp.h -s3_meth.o: ../include/openssl/hmac.h ../include/openssl/kssl.h -s3_meth.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h -s3_meth.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h -s3_meth.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h -s3_meth.o: ../include/openssl/pem.h ../include/openssl/pem2.h -s3_meth.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h -s3_meth.o: ../include/openssl/pqueue.h ../include/openssl/rsa.h -s3_meth.o: ../include/openssl/safestack.h ../include/openssl/sha.h -s3_meth.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h -s3_meth.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h -s3_meth.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -s3_meth.o: ../include/openssl/tls1.h ../include/openssl/x509.h -s3_meth.o: ../include/openssl/x509_vfy.h s3_meth.c ssl_locl.h +s3_meth.o: ../include/openssl/fips.h ../include/openssl/hmac.h +s3_meth.o: ../include/openssl/kssl.h ../include/openssl/lhash.h +s3_meth.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h +s3_meth.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +s3_meth.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h +s3_meth.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h +s3_meth.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h +s3_meth.o: ../include/openssl/rsa.h ../include/openssl/safestack.h +s3_meth.o: ../include/openssl/sha.h ../include/openssl/ssl.h +s3_meth.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h +s3_meth.o: ../include/openssl/ssl3.h ../include/openssl/stack.h +s3_meth.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h +s3_meth.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h s3_meth.c +s3_meth.o: ssl_locl.h s3_pkt.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h s3_pkt.o: ../include/openssl/bn.h ../include/openssl/buffer.h s3_pkt.o: ../include/openssl/comp.h ../include/openssl/crypto.h @@ -627,19 +639,20 @@ s3_pkt.o: ../include/openssl/dsa.h ../include/openssl/dtls1.h s3_pkt.o: ../include/openssl/e_os2.h ../include/openssl/ec.h s3_pkt.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h s3_pkt.o: ../include/openssl/err.h ../include/openssl/evp.h -s3_pkt.o: ../include/openssl/hmac.h ../include/openssl/kssl.h -s3_pkt.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h -s3_pkt.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h -s3_pkt.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h -s3_pkt.o: ../include/openssl/pem.h ../include/openssl/pem2.h -s3_pkt.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h -s3_pkt.o: ../include/openssl/pqueue.h ../include/openssl/rsa.h -s3_pkt.o: ../include/openssl/safestack.h ../include/openssl/sha.h -s3_pkt.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h -s3_pkt.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h -s3_pkt.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -s3_pkt.o: ../include/openssl/tls1.h ../include/openssl/x509.h -s3_pkt.o: ../include/openssl/x509_vfy.h s3_pkt.c ssl_locl.h +s3_pkt.o: ../include/openssl/fips.h ../include/openssl/hmac.h +s3_pkt.o: ../include/openssl/kssl.h ../include/openssl/lhash.h +s3_pkt.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h +s3_pkt.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +s3_pkt.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h +s3_pkt.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h +s3_pkt.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h +s3_pkt.o: ../include/openssl/rsa.h ../include/openssl/safestack.h +s3_pkt.o: ../include/openssl/sha.h ../include/openssl/ssl.h +s3_pkt.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h +s3_pkt.o: ../include/openssl/ssl3.h ../include/openssl/stack.h +s3_pkt.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h +s3_pkt.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h s3_pkt.c +s3_pkt.o: ssl_locl.h s3_srvr.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h s3_srvr.o: ../include/openssl/bn.h ../include/openssl/buffer.h s3_srvr.o: ../include/openssl/comp.h ../include/openssl/crypto.h @@ -647,21 +660,22 @@ s3_srvr.o: ../include/openssl/dh.h ../include/openssl/dsa.h s3_srvr.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h s3_srvr.o: ../include/openssl/ec.h ../include/openssl/ecdh.h s3_srvr.o: ../include/openssl/ecdsa.h ../include/openssl/err.h -s3_srvr.o: ../include/openssl/evp.h ../include/openssl/hmac.h -s3_srvr.o: ../include/openssl/krb5_asn.h ../include/openssl/kssl.h -s3_srvr.o: ../include/openssl/lhash.h ../include/openssl/md5.h -s3_srvr.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h -s3_srvr.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -s3_srvr.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h -s3_srvr.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h -s3_srvr.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h -s3_srvr.o: ../include/openssl/rand.h ../include/openssl/rsa.h -s3_srvr.o: ../include/openssl/safestack.h ../include/openssl/sha.h -s3_srvr.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h -s3_srvr.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h -s3_srvr.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -s3_srvr.o: ../include/openssl/tls1.h ../include/openssl/x509.h -s3_srvr.o: ../include/openssl/x509_vfy.h kssl_lcl.h s3_srvr.c ssl_locl.h +s3_srvr.o: ../include/openssl/evp.h ../include/openssl/fips.h +s3_srvr.o: ../include/openssl/hmac.h ../include/openssl/krb5_asn.h +s3_srvr.o: ../include/openssl/kssl.h ../include/openssl/lhash.h +s3_srvr.o: ../include/openssl/md5.h ../include/openssl/obj_mac.h +s3_srvr.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h +s3_srvr.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +s3_srvr.o: ../include/openssl/pem.h ../include/openssl/pem2.h +s3_srvr.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h +s3_srvr.o: ../include/openssl/pqueue.h ../include/openssl/rand.h +s3_srvr.o: ../include/openssl/rsa.h ../include/openssl/safestack.h +s3_srvr.o: ../include/openssl/sha.h ../include/openssl/ssl.h +s3_srvr.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h +s3_srvr.o: ../include/openssl/ssl3.h ../include/openssl/stack.h +s3_srvr.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h +s3_srvr.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h kssl_lcl.h +s3_srvr.o: s3_srvr.c ssl_locl.h ssl_algs.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h ssl_algs.o: ../include/openssl/bn.h ../include/openssl/buffer.h ssl_algs.o: ../include/openssl/comp.h ../include/openssl/crypto.h @@ -669,19 +683,20 @@ ssl_algs.o: ../include/openssl/dsa.h ../include/openssl/dtls1.h ssl_algs.o: ../include/openssl/e_os2.h ../include/openssl/ec.h ssl_algs.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h ssl_algs.o: ../include/openssl/err.h ../include/openssl/evp.h -ssl_algs.o: ../include/openssl/hmac.h ../include/openssl/kssl.h -ssl_algs.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h -ssl_algs.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h -ssl_algs.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h -ssl_algs.o: ../include/openssl/pem.h ../include/openssl/pem2.h -ssl_algs.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h -ssl_algs.o: ../include/openssl/pqueue.h ../include/openssl/rsa.h -ssl_algs.o: ../include/openssl/safestack.h ../include/openssl/sha.h -ssl_algs.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h -ssl_algs.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h -ssl_algs.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -ssl_algs.o: ../include/openssl/tls1.h ../include/openssl/x509.h -ssl_algs.o: ../include/openssl/x509_vfy.h ssl_algs.c ssl_locl.h +ssl_algs.o: ../include/openssl/fips.h ../include/openssl/hmac.h +ssl_algs.o: ../include/openssl/kssl.h ../include/openssl/lhash.h +ssl_algs.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h +ssl_algs.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +ssl_algs.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h +ssl_algs.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h +ssl_algs.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h +ssl_algs.o: ../include/openssl/rsa.h ../include/openssl/safestack.h +ssl_algs.o: ../include/openssl/sha.h ../include/openssl/ssl.h +ssl_algs.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h +ssl_algs.o: ../include/openssl/ssl3.h ../include/openssl/stack.h +ssl_algs.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h +ssl_algs.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssl_algs.c +ssl_algs.o: ssl_locl.h ssl_asn1.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/asn1_mac.h ssl_asn1.o: ../include/openssl/bio.h ../include/openssl/bn.h ssl_asn1.o: ../include/openssl/buffer.h ../include/openssl/comp.h @@ -689,20 +704,20 @@ ssl_asn1.o: ../include/openssl/crypto.h ../include/openssl/dsa.h ssl_asn1.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h ssl_asn1.o: ../include/openssl/ec.h ../include/openssl/ecdh.h ssl_asn1.o: ../include/openssl/ecdsa.h ../include/openssl/err.h -ssl_asn1.o: ../include/openssl/evp.h ../include/openssl/hmac.h -ssl_asn1.o: ../include/openssl/kssl.h ../include/openssl/lhash.h -ssl_asn1.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h -ssl_asn1.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -ssl_asn1.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h -ssl_asn1.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h -ssl_asn1.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h -ssl_asn1.o: ../include/openssl/rsa.h ../include/openssl/safestack.h -ssl_asn1.o: ../include/openssl/sha.h ../include/openssl/ssl.h -ssl_asn1.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h -ssl_asn1.o: ../include/openssl/ssl3.h ../include/openssl/stack.h -ssl_asn1.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h -ssl_asn1.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssl_asn1.c -ssl_asn1.o: ssl_locl.h +ssl_asn1.o: ../include/openssl/evp.h ../include/openssl/fips.h +ssl_asn1.o: ../include/openssl/hmac.h ../include/openssl/kssl.h +ssl_asn1.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h +ssl_asn1.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h +ssl_asn1.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +ssl_asn1.o: ../include/openssl/pem.h ../include/openssl/pem2.h +ssl_asn1.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h +ssl_asn1.o: ../include/openssl/pqueue.h ../include/openssl/rsa.h +ssl_asn1.o: ../include/openssl/safestack.h ../include/openssl/sha.h +ssl_asn1.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h +ssl_asn1.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h +ssl_asn1.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +ssl_asn1.o: ../include/openssl/tls1.h ../include/openssl/x509.h +ssl_asn1.o: ../include/openssl/x509_vfy.h ssl_asn1.c ssl_locl.h ssl_cert.o: ../crypto/o_dir.h ../e_os.h ../include/openssl/asn1.h ssl_cert.o: ../include/openssl/bio.h ../include/openssl/bn.h ssl_cert.o: ../include/openssl/buffer.h ../include/openssl/comp.h @@ -711,20 +726,21 @@ ssl_cert.o: ../include/openssl/dh.h ../include/openssl/dsa.h ssl_cert.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h ssl_cert.o: ../include/openssl/ec.h ../include/openssl/ecdh.h ssl_cert.o: ../include/openssl/ecdsa.h ../include/openssl/err.h -ssl_cert.o: ../include/openssl/evp.h ../include/openssl/hmac.h -ssl_cert.o: ../include/openssl/kssl.h ../include/openssl/lhash.h -ssl_cert.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h -ssl_cert.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -ssl_cert.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h -ssl_cert.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h -ssl_cert.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h -ssl_cert.o: ../include/openssl/rsa.h ../include/openssl/safestack.h -ssl_cert.o: ../include/openssl/sha.h ../include/openssl/ssl.h -ssl_cert.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h -ssl_cert.o: ../include/openssl/ssl3.h ../include/openssl/stack.h -ssl_cert.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h -ssl_cert.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h -ssl_cert.o: ../include/openssl/x509v3.h ssl_cert.c ssl_locl.h +ssl_cert.o: ../include/openssl/evp.h ../include/openssl/fips.h +ssl_cert.o: ../include/openssl/hmac.h ../include/openssl/kssl.h +ssl_cert.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h +ssl_cert.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h +ssl_cert.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +ssl_cert.o: ../include/openssl/pem.h ../include/openssl/pem2.h +ssl_cert.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h +ssl_cert.o: ../include/openssl/pqueue.h ../include/openssl/rsa.h +ssl_cert.o: ../include/openssl/safestack.h ../include/openssl/sha.h +ssl_cert.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h +ssl_cert.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h +ssl_cert.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +ssl_cert.o: ../include/openssl/tls1.h ../include/openssl/x509.h +ssl_cert.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h +ssl_cert.o: ssl_cert.c ssl_locl.h ssl_ciph.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h ssl_ciph.o: ../include/openssl/bn.h ../include/openssl/buffer.h ssl_ciph.o: ../include/openssl/comp.h ../include/openssl/crypto.h @@ -732,57 +748,58 @@ ssl_ciph.o: ../include/openssl/dsa.h ../include/openssl/dtls1.h ssl_ciph.o: ../include/openssl/e_os2.h ../include/openssl/ec.h ssl_ciph.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h ssl_ciph.o: ../include/openssl/err.h ../include/openssl/evp.h -ssl_ciph.o: ../include/openssl/hmac.h ../include/openssl/kssl.h -ssl_ciph.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h -ssl_ciph.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h -ssl_ciph.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h -ssl_ciph.o: ../include/openssl/pem.h ../include/openssl/pem2.h -ssl_ciph.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h -ssl_ciph.o: ../include/openssl/pqueue.h ../include/openssl/rsa.h -ssl_ciph.o: ../include/openssl/safestack.h ../include/openssl/sha.h -ssl_ciph.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h -ssl_ciph.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h -ssl_ciph.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -ssl_ciph.o: ../include/openssl/tls1.h ../include/openssl/x509.h -ssl_ciph.o: ../include/openssl/x509_vfy.h ssl_ciph.c ssl_locl.h +ssl_ciph.o: ../include/openssl/fips.h ../include/openssl/hmac.h +ssl_ciph.o: ../include/openssl/kssl.h ../include/openssl/lhash.h +ssl_ciph.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h +ssl_ciph.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +ssl_ciph.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h +ssl_ciph.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h +ssl_ciph.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h +ssl_ciph.o: ../include/openssl/rsa.h ../include/openssl/safestack.h +ssl_ciph.o: ../include/openssl/sha.h ../include/openssl/ssl.h +ssl_ciph.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h +ssl_ciph.o: ../include/openssl/ssl3.h ../include/openssl/stack.h +ssl_ciph.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h +ssl_ciph.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssl_ciph.c +ssl_ciph.o: ssl_locl.h ssl_err.o: ../include/openssl/asn1.h ../include/openssl/bio.h ssl_err.o: ../include/openssl/bn.h ../include/openssl/buffer.h ssl_err.o: ../include/openssl/comp.h ../include/openssl/crypto.h ssl_err.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h ssl_err.o: ../include/openssl/ec.h ../include/openssl/ecdh.h ssl_err.o: ../include/openssl/ecdsa.h ../include/openssl/err.h -ssl_err.o: ../include/openssl/evp.h ../include/openssl/hmac.h -ssl_err.o: ../include/openssl/kssl.h ../include/openssl/lhash.h -ssl_err.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h -ssl_err.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -ssl_err.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h -ssl_err.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h -ssl_err.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h -ssl_err.o: ../include/openssl/safestack.h ../include/openssl/sha.h -ssl_err.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h -ssl_err.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h -ssl_err.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -ssl_err.o: ../include/openssl/tls1.h ../include/openssl/x509.h -ssl_err.o: ../include/openssl/x509_vfy.h ssl_err.c +ssl_err.o: ../include/openssl/evp.h ../include/openssl/fips.h +ssl_err.o: ../include/openssl/hmac.h ../include/openssl/kssl.h +ssl_err.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h +ssl_err.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h +ssl_err.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +ssl_err.o: ../include/openssl/pem.h ../include/openssl/pem2.h +ssl_err.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h +ssl_err.o: ../include/openssl/pqueue.h ../include/openssl/safestack.h +ssl_err.o: ../include/openssl/sha.h ../include/openssl/ssl.h +ssl_err.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h +ssl_err.o: ../include/openssl/ssl3.h ../include/openssl/stack.h +ssl_err.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h +ssl_err.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssl_err.c ssl_err2.o: ../include/openssl/asn1.h ../include/openssl/bio.h ssl_err2.o: ../include/openssl/bn.h ../include/openssl/buffer.h ssl_err2.o: ../include/openssl/comp.h ../include/openssl/crypto.h ssl_err2.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h ssl_err2.o: ../include/openssl/ec.h ../include/openssl/ecdh.h ssl_err2.o: ../include/openssl/ecdsa.h ../include/openssl/err.h -ssl_err2.o: ../include/openssl/evp.h ../include/openssl/hmac.h -ssl_err2.o: ../include/openssl/kssl.h ../include/openssl/lhash.h -ssl_err2.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h -ssl_err2.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -ssl_err2.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h -ssl_err2.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h -ssl_err2.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h -ssl_err2.o: ../include/openssl/safestack.h ../include/openssl/sha.h -ssl_err2.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h -ssl_err2.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h -ssl_err2.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -ssl_err2.o: ../include/openssl/tls1.h ../include/openssl/x509.h -ssl_err2.o: ../include/openssl/x509_vfy.h ssl_err2.c +ssl_err2.o: ../include/openssl/evp.h ../include/openssl/fips.h +ssl_err2.o: ../include/openssl/hmac.h ../include/openssl/kssl.h +ssl_err2.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h +ssl_err2.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h +ssl_err2.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +ssl_err2.o: ../include/openssl/pem.h ../include/openssl/pem2.h +ssl_err2.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h +ssl_err2.o: ../include/openssl/pqueue.h ../include/openssl/safestack.h +ssl_err2.o: ../include/openssl/sha.h ../include/openssl/ssl.h +ssl_err2.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h +ssl_err2.o: ../include/openssl/ssl3.h ../include/openssl/stack.h +ssl_err2.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h +ssl_err2.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssl_err2.c ssl_lib.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h ssl_lib.o: ../include/openssl/bn.h ../include/openssl/buffer.h ssl_lib.o: ../include/openssl/comp.h ../include/openssl/conf.h @@ -791,21 +808,22 @@ ssl_lib.o: ../include/openssl/dsa.h ../include/openssl/dtls1.h ssl_lib.o: ../include/openssl/e_os2.h ../include/openssl/ec.h ssl_lib.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h ssl_lib.o: ../include/openssl/engine.h ../include/openssl/err.h -ssl_lib.o: ../include/openssl/evp.h ../include/openssl/hmac.h -ssl_lib.o: ../include/openssl/kssl.h ../include/openssl/lhash.h -ssl_lib.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h -ssl_lib.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h -ssl_lib.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h -ssl_lib.o: ../include/openssl/pem.h ../include/openssl/pem2.h -ssl_lib.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h -ssl_lib.o: ../include/openssl/pqueue.h ../include/openssl/rand.h -ssl_lib.o: ../include/openssl/rsa.h ../include/openssl/safestack.h -ssl_lib.o: ../include/openssl/sha.h ../include/openssl/ssl.h -ssl_lib.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h -ssl_lib.o: ../include/openssl/ssl3.h ../include/openssl/stack.h -ssl_lib.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h -ssl_lib.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h -ssl_lib.o: ../include/openssl/x509v3.h kssl_lcl.h ssl_lib.c ssl_locl.h +ssl_lib.o: ../include/openssl/evp.h ../include/openssl/fips.h +ssl_lib.o: ../include/openssl/hmac.h ../include/openssl/kssl.h +ssl_lib.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h +ssl_lib.o: ../include/openssl/objects.h ../include/openssl/ocsp.h +ssl_lib.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +ssl_lib.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h +ssl_lib.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h +ssl_lib.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h +ssl_lib.o: ../include/openssl/rand.h ../include/openssl/rsa.h +ssl_lib.o: ../include/openssl/safestack.h ../include/openssl/sha.h +ssl_lib.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h +ssl_lib.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h +ssl_lib.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +ssl_lib.o: ../include/openssl/tls1.h ../include/openssl/x509.h +ssl_lib.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h kssl_lcl.h +ssl_lib.o: ssl_lib.c ssl_locl.h ssl_rsa.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h ssl_rsa.o: ../include/openssl/bn.h ../include/openssl/buffer.h ssl_rsa.o: ../include/openssl/comp.h ../include/openssl/crypto.h @@ -813,19 +831,20 @@ ssl_rsa.o: ../include/openssl/dsa.h ../include/openssl/dtls1.h ssl_rsa.o: ../include/openssl/e_os2.h ../include/openssl/ec.h ssl_rsa.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h ssl_rsa.o: ../include/openssl/err.h ../include/openssl/evp.h -ssl_rsa.o: ../include/openssl/hmac.h ../include/openssl/kssl.h -ssl_rsa.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h -ssl_rsa.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h -ssl_rsa.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h -ssl_rsa.o: ../include/openssl/pem.h ../include/openssl/pem2.h -ssl_rsa.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h -ssl_rsa.o: ../include/openssl/pqueue.h ../include/openssl/rsa.h -ssl_rsa.o: ../include/openssl/safestack.h ../include/openssl/sha.h -ssl_rsa.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h -ssl_rsa.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h -ssl_rsa.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -ssl_rsa.o: ../include/openssl/tls1.h ../include/openssl/x509.h -ssl_rsa.o: ../include/openssl/x509_vfy.h ssl_locl.h ssl_rsa.c +ssl_rsa.o: ../include/openssl/fips.h ../include/openssl/hmac.h +ssl_rsa.o: ../include/openssl/kssl.h ../include/openssl/lhash.h +ssl_rsa.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h +ssl_rsa.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +ssl_rsa.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h +ssl_rsa.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h +ssl_rsa.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h +ssl_rsa.o: ../include/openssl/rsa.h ../include/openssl/safestack.h +ssl_rsa.o: ../include/openssl/sha.h ../include/openssl/ssl.h +ssl_rsa.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h +ssl_rsa.o: ../include/openssl/ssl3.h ../include/openssl/stack.h +ssl_rsa.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h +ssl_rsa.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssl_locl.h +ssl_rsa.o: ssl_rsa.c ssl_sess.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h ssl_sess.o: ../include/openssl/bn.h ../include/openssl/buffer.h ssl_sess.o: ../include/openssl/comp.h ../include/openssl/crypto.h @@ -833,20 +852,21 @@ ssl_sess.o: ../include/openssl/dsa.h ../include/openssl/dtls1.h ssl_sess.o: ../include/openssl/e_os2.h ../include/openssl/ec.h ssl_sess.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h ssl_sess.o: ../include/openssl/engine.h ../include/openssl/err.h -ssl_sess.o: ../include/openssl/evp.h ../include/openssl/hmac.h -ssl_sess.o: ../include/openssl/kssl.h ../include/openssl/lhash.h -ssl_sess.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h -ssl_sess.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -ssl_sess.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h -ssl_sess.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h -ssl_sess.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h -ssl_sess.o: ../include/openssl/rand.h ../include/openssl/rsa.h -ssl_sess.o: ../include/openssl/safestack.h ../include/openssl/sha.h -ssl_sess.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h -ssl_sess.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h -ssl_sess.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -ssl_sess.o: ../include/openssl/tls1.h ../include/openssl/x509.h -ssl_sess.o: ../include/openssl/x509_vfy.h ssl_locl.h ssl_sess.c +ssl_sess.o: ../include/openssl/evp.h ../include/openssl/fips.h +ssl_sess.o: ../include/openssl/hmac.h ../include/openssl/kssl.h +ssl_sess.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h +ssl_sess.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h +ssl_sess.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +ssl_sess.o: ../include/openssl/pem.h ../include/openssl/pem2.h +ssl_sess.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h +ssl_sess.o: ../include/openssl/pqueue.h ../include/openssl/rand.h +ssl_sess.o: ../include/openssl/rsa.h ../include/openssl/safestack.h +ssl_sess.o: ../include/openssl/sha.h ../include/openssl/ssl.h +ssl_sess.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h +ssl_sess.o: ../include/openssl/ssl3.h ../include/openssl/stack.h +ssl_sess.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h +ssl_sess.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssl_locl.h +ssl_sess.o: ssl_sess.c ssl_stat.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h ssl_stat.o: ../include/openssl/bn.h ../include/openssl/buffer.h ssl_stat.o: ../include/openssl/comp.h ../include/openssl/crypto.h @@ -854,19 +874,20 @@ ssl_stat.o: ../include/openssl/dsa.h ../include/openssl/dtls1.h ssl_stat.o: ../include/openssl/e_os2.h ../include/openssl/ec.h ssl_stat.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h ssl_stat.o: ../include/openssl/err.h ../include/openssl/evp.h -ssl_stat.o: ../include/openssl/hmac.h ../include/openssl/kssl.h -ssl_stat.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h -ssl_stat.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h -ssl_stat.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h -ssl_stat.o: ../include/openssl/pem.h ../include/openssl/pem2.h -ssl_stat.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h -ssl_stat.o: ../include/openssl/pqueue.h ../include/openssl/rsa.h -ssl_stat.o: ../include/openssl/safestack.h ../include/openssl/sha.h -ssl_stat.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h -ssl_stat.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h -ssl_stat.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -ssl_stat.o: ../include/openssl/tls1.h ../include/openssl/x509.h -ssl_stat.o: ../include/openssl/x509_vfy.h ssl_locl.h ssl_stat.c +ssl_stat.o: ../include/openssl/fips.h ../include/openssl/hmac.h +ssl_stat.o: ../include/openssl/kssl.h ../include/openssl/lhash.h +ssl_stat.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h +ssl_stat.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +ssl_stat.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h +ssl_stat.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h +ssl_stat.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h +ssl_stat.o: ../include/openssl/rsa.h ../include/openssl/safestack.h +ssl_stat.o: ../include/openssl/sha.h ../include/openssl/ssl.h +ssl_stat.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h +ssl_stat.o: ../include/openssl/ssl3.h ../include/openssl/stack.h +ssl_stat.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h +ssl_stat.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssl_locl.h +ssl_stat.o: ssl_stat.c ssl_txt.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h ssl_txt.o: ../include/openssl/bn.h ../include/openssl/buffer.h ssl_txt.o: ../include/openssl/comp.h ../include/openssl/crypto.h @@ -874,19 +895,20 @@ ssl_txt.o: ../include/openssl/dsa.h ../include/openssl/dtls1.h ssl_txt.o: ../include/openssl/e_os2.h ../include/openssl/ec.h ssl_txt.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h ssl_txt.o: ../include/openssl/err.h ../include/openssl/evp.h -ssl_txt.o: ../include/openssl/hmac.h ../include/openssl/kssl.h -ssl_txt.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h -ssl_txt.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h -ssl_txt.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h -ssl_txt.o: ../include/openssl/pem.h ../include/openssl/pem2.h -ssl_txt.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h -ssl_txt.o: ../include/openssl/pqueue.h ../include/openssl/rsa.h -ssl_txt.o: ../include/openssl/safestack.h ../include/openssl/sha.h -ssl_txt.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h -ssl_txt.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h -ssl_txt.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -ssl_txt.o: ../include/openssl/tls1.h ../include/openssl/x509.h -ssl_txt.o: ../include/openssl/x509_vfy.h ssl_locl.h ssl_txt.c +ssl_txt.o: ../include/openssl/fips.h ../include/openssl/hmac.h +ssl_txt.o: ../include/openssl/kssl.h ../include/openssl/lhash.h +ssl_txt.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h +ssl_txt.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +ssl_txt.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h +ssl_txt.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h +ssl_txt.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h +ssl_txt.o: ../include/openssl/rsa.h ../include/openssl/safestack.h +ssl_txt.o: ../include/openssl/sha.h ../include/openssl/ssl.h +ssl_txt.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h +ssl_txt.o: ../include/openssl/ssl3.h ../include/openssl/stack.h +ssl_txt.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h +ssl_txt.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssl_locl.h +ssl_txt.o: ssl_txt.c t1_clnt.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h t1_clnt.o: ../include/openssl/bn.h ../include/openssl/buffer.h t1_clnt.o: ../include/openssl/comp.h ../include/openssl/crypto.h @@ -894,20 +916,20 @@ t1_clnt.o: ../include/openssl/dsa.h ../include/openssl/dtls1.h t1_clnt.o: ../include/openssl/e_os2.h ../include/openssl/ec.h t1_clnt.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h t1_clnt.o: ../include/openssl/err.h ../include/openssl/evp.h -t1_clnt.o: ../include/openssl/hmac.h ../include/openssl/kssl.h -t1_clnt.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h -t1_clnt.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h -t1_clnt.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h -t1_clnt.o: ../include/openssl/pem.h ../include/openssl/pem2.h -t1_clnt.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h -t1_clnt.o: ../include/openssl/pqueue.h ../include/openssl/rand.h -t1_clnt.o: ../include/openssl/rsa.h ../include/openssl/safestack.h -t1_clnt.o: ../include/openssl/sha.h ../include/openssl/ssl.h -t1_clnt.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h -t1_clnt.o: ../include/openssl/ssl3.h ../include/openssl/stack.h -t1_clnt.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h -t1_clnt.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssl_locl.h -t1_clnt.o: t1_clnt.c +t1_clnt.o: ../include/openssl/fips.h ../include/openssl/hmac.h +t1_clnt.o: ../include/openssl/kssl.h ../include/openssl/lhash.h +t1_clnt.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h +t1_clnt.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +t1_clnt.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h +t1_clnt.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h +t1_clnt.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h +t1_clnt.o: ../include/openssl/rand.h ../include/openssl/rsa.h +t1_clnt.o: ../include/openssl/safestack.h ../include/openssl/sha.h +t1_clnt.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h +t1_clnt.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h +t1_clnt.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +t1_clnt.o: ../include/openssl/tls1.h ../include/openssl/x509.h +t1_clnt.o: ../include/openssl/x509_vfy.h ssl_locl.h t1_clnt.c t1_enc.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h t1_enc.o: ../include/openssl/bn.h ../include/openssl/buffer.h t1_enc.o: ../include/openssl/comp.h ../include/openssl/crypto.h @@ -915,20 +937,20 @@ t1_enc.o: ../include/openssl/dsa.h ../include/openssl/dtls1.h t1_enc.o: ../include/openssl/e_os2.h ../include/openssl/ec.h t1_enc.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h t1_enc.o: ../include/openssl/err.h ../include/openssl/evp.h -t1_enc.o: ../include/openssl/hmac.h ../include/openssl/kssl.h -t1_enc.o: ../include/openssl/lhash.h ../include/openssl/md5.h -t1_enc.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h -t1_enc.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -t1_enc.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h -t1_enc.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h -t1_enc.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h -t1_enc.o: ../include/openssl/rsa.h ../include/openssl/safestack.h -t1_enc.o: ../include/openssl/sha.h ../include/openssl/ssl.h -t1_enc.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h -t1_enc.o: ../include/openssl/ssl3.h ../include/openssl/stack.h -t1_enc.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h -t1_enc.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssl_locl.h -t1_enc.o: t1_enc.c +t1_enc.o: ../include/openssl/fips.h ../include/openssl/hmac.h +t1_enc.o: ../include/openssl/kssl.h ../include/openssl/lhash.h +t1_enc.o: ../include/openssl/md5.h ../include/openssl/obj_mac.h +t1_enc.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h +t1_enc.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +t1_enc.o: ../include/openssl/pem.h ../include/openssl/pem2.h +t1_enc.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h +t1_enc.o: ../include/openssl/pqueue.h ../include/openssl/rsa.h +t1_enc.o: ../include/openssl/safestack.h ../include/openssl/sha.h +t1_enc.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h +t1_enc.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h +t1_enc.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +t1_enc.o: ../include/openssl/tls1.h ../include/openssl/x509.h +t1_enc.o: ../include/openssl/x509_vfy.h ssl_locl.h t1_enc.c t1_lib.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h t1_lib.o: ../include/openssl/bn.h ../include/openssl/buffer.h t1_lib.o: ../include/openssl/comp.h ../include/openssl/conf.h @@ -936,21 +958,21 @@ t1_lib.o: ../include/openssl/crypto.h ../include/openssl/dsa.h t1_lib.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h t1_lib.o: ../include/openssl/ec.h ../include/openssl/ecdh.h t1_lib.o: ../include/openssl/ecdsa.h ../include/openssl/err.h -t1_lib.o: ../include/openssl/evp.h ../include/openssl/hmac.h -t1_lib.o: ../include/openssl/kssl.h ../include/openssl/lhash.h -t1_lib.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h -t1_lib.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h -t1_lib.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h -t1_lib.o: ../include/openssl/pem.h ../include/openssl/pem2.h -t1_lib.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h -t1_lib.o: ../include/openssl/pqueue.h ../include/openssl/rsa.h -t1_lib.o: ../include/openssl/safestack.h ../include/openssl/sha.h -t1_lib.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h -t1_lib.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h -t1_lib.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -t1_lib.o: ../include/openssl/tls1.h ../include/openssl/x509.h -t1_lib.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h ssl_locl.h -t1_lib.o: t1_lib.c +t1_lib.o: ../include/openssl/evp.h ../include/openssl/fips.h +t1_lib.o: ../include/openssl/hmac.h ../include/openssl/kssl.h +t1_lib.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h +t1_lib.o: ../include/openssl/objects.h ../include/openssl/ocsp.h +t1_lib.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +t1_lib.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h +t1_lib.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h +t1_lib.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h +t1_lib.o: ../include/openssl/rsa.h ../include/openssl/safestack.h +t1_lib.o: ../include/openssl/sha.h ../include/openssl/ssl.h +t1_lib.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h +t1_lib.o: ../include/openssl/ssl3.h ../include/openssl/stack.h +t1_lib.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h +t1_lib.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h +t1_lib.o: ../include/openssl/x509v3.h ssl_locl.h t1_lib.c t1_meth.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h t1_meth.o: ../include/openssl/bn.h ../include/openssl/buffer.h t1_meth.o: ../include/openssl/comp.h ../include/openssl/crypto.h @@ -958,19 +980,20 @@ t1_meth.o: ../include/openssl/dsa.h ../include/openssl/dtls1.h t1_meth.o: ../include/openssl/e_os2.h ../include/openssl/ec.h t1_meth.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h t1_meth.o: ../include/openssl/err.h ../include/openssl/evp.h -t1_meth.o: ../include/openssl/hmac.h ../include/openssl/kssl.h -t1_meth.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h -t1_meth.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h -t1_meth.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h -t1_meth.o: ../include/openssl/pem.h ../include/openssl/pem2.h -t1_meth.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h -t1_meth.o: ../include/openssl/pqueue.h ../include/openssl/rsa.h -t1_meth.o: ../include/openssl/safestack.h ../include/openssl/sha.h -t1_meth.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h -t1_meth.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h -t1_meth.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -t1_meth.o: ../include/openssl/tls1.h ../include/openssl/x509.h -t1_meth.o: ../include/openssl/x509_vfy.h ssl_locl.h t1_meth.c +t1_meth.o: ../include/openssl/fips.h ../include/openssl/hmac.h +t1_meth.o: ../include/openssl/kssl.h ../include/openssl/lhash.h +t1_meth.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h +t1_meth.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +t1_meth.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h +t1_meth.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h +t1_meth.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h +t1_meth.o: ../include/openssl/rsa.h ../include/openssl/safestack.h +t1_meth.o: ../include/openssl/sha.h ../include/openssl/ssl.h +t1_meth.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h +t1_meth.o: ../include/openssl/ssl3.h ../include/openssl/stack.h +t1_meth.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h +t1_meth.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssl_locl.h +t1_meth.o: t1_meth.c t1_srvr.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h t1_srvr.o: ../include/openssl/bn.h ../include/openssl/buffer.h t1_srvr.o: ../include/openssl/comp.h ../include/openssl/crypto.h @@ -978,17 +1001,17 @@ t1_srvr.o: ../include/openssl/dsa.h ../include/openssl/dtls1.h t1_srvr.o: ../include/openssl/e_os2.h ../include/openssl/ec.h t1_srvr.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h t1_srvr.o: ../include/openssl/err.h ../include/openssl/evp.h -t1_srvr.o: ../include/openssl/hmac.h ../include/openssl/kssl.h -t1_srvr.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h -t1_srvr.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h -t1_srvr.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h -t1_srvr.o: ../include/openssl/pem.h ../include/openssl/pem2.h -t1_srvr.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h -t1_srvr.o: ../include/openssl/pqueue.h ../include/openssl/rand.h -t1_srvr.o: ../include/openssl/rsa.h ../include/openssl/safestack.h -t1_srvr.o: ../include/openssl/sha.h ../include/openssl/ssl.h -t1_srvr.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h -t1_srvr.o: ../include/openssl/ssl3.h ../include/openssl/stack.h -t1_srvr.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h -t1_srvr.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssl_locl.h -t1_srvr.o: t1_srvr.c +t1_srvr.o: ../include/openssl/fips.h ../include/openssl/hmac.h +t1_srvr.o: ../include/openssl/kssl.h ../include/openssl/lhash.h +t1_srvr.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h +t1_srvr.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +t1_srvr.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h +t1_srvr.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h +t1_srvr.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h +t1_srvr.o: ../include/openssl/rand.h ../include/openssl/rsa.h +t1_srvr.o: ../include/openssl/safestack.h ../include/openssl/sha.h +t1_srvr.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h +t1_srvr.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h +t1_srvr.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +t1_srvr.o: ../include/openssl/tls1.h ../include/openssl/x509.h +t1_srvr.o: ../include/openssl/x509_vfy.h ssl_locl.h t1_srvr.c diff --git a/lib/libssl/src/ssl/d1_pkt.c b/lib/libssl/src/ssl/d1_pkt.c index b2765ba8019..eb56cf987ba 100644 --- a/lib/libssl/src/ssl/d1_pkt.c +++ b/lib/libssl/src/ssl/d1_pkt.c @@ -597,6 +597,7 @@ again: /* check whether this is a repeat, or aged record */ if ( ! dtls1_record_replay_check(s, bitmap, &(rr->seq_num))) { + rr->length = 0; s->packet_length=0; /* dump this record */ goto again; /* get another record */ } diff --git a/lib/libssl/src/ssl/s2_clnt.c b/lib/libssl/src/ssl/s2_clnt.c index e2a90a3ca26..782129cd5d5 100644 --- a/lib/libssl/src/ssl/s2_clnt.c +++ b/lib/libssl/src/ssl/s2_clnt.c @@ -1044,7 +1044,7 @@ int ssl2_set_certificate(SSL *s, int type, int len, const unsigned char *data) i=ssl_verify_cert_chain(s,sk); - if ((s->verify_mode != SSL_VERIFY_NONE) && (!i)) + if ((s->verify_mode != SSL_VERIFY_NONE) && (i <= 0)) { SSLerr(SSL_F_SSL2_SET_CERTIFICATE,SSL_R_CERTIFICATE_VERIFY_FAILED); goto err; diff --git a/lib/libssl/src/ssl/s2_srvr.c b/lib/libssl/src/ssl/s2_srvr.c index 0daf2b129df..50d55e6bf14 100644 --- a/lib/libssl/src/ssl/s2_srvr.c +++ b/lib/libssl/src/ssl/s2_srvr.c @@ -1054,7 +1054,7 @@ static int request_certificate(SSL *s) i=ssl_verify_cert_chain(s,sk); - if (i) /* we like the packet, now check the chksum */ + if (i > 0) /* we like the packet, now check the chksum */ { EVP_MD_CTX ctx; EVP_PKEY *pkey=NULL; @@ -1083,7 +1083,7 @@ static int request_certificate(SSL *s) EVP_PKEY_free(pkey); EVP_MD_CTX_cleanup(&ctx); - if (i) + if (i > 0) { if (s->session->peer != NULL) X509_free(s->session->peer); diff --git a/lib/libssl/src/ssl/s3_clnt.c b/lib/libssl/src/ssl/s3_clnt.c index 9b823fddbd3..50308487aa5 100644 --- a/lib/libssl/src/ssl/s3_clnt.c +++ b/lib/libssl/src/ssl/s3_clnt.c @@ -972,7 +972,7 @@ int ssl3_get_server_certificate(SSL *s) } i=ssl_verify_cert_chain(s,sk); - if ((s->verify_mode != SSL_VERIFY_NONE) && (!i) + if ((s->verify_mode != SSL_VERIFY_NONE) && (i <= 0) #ifndef OPENSSL_NO_KRB5 && (s->s3->tmp.new_cipher->algorithms & (SSL_MKEY_MASK|SSL_AUTH_MASK)) != (SSL_aKRB5|SSL_kKRB5) @@ -1006,7 +1006,7 @@ int ssl3_get_server_certificate(SSL *s) == (SSL_aKRB5|SSL_kKRB5))? 0: 1; #ifdef KSSL_DEBUG - printf("pkey,x = %p, %p\n", pkey,x); + printf("pkey,x = %p, %p\n", (void *)pkey,(void *)x); printf("ssl_cert_type(x,pkey) = %d\n", ssl_cert_type(x,pkey)); printf("cipher, alg, nc = %s, %lx, %d\n", s->s3->tmp.new_cipher->name, s->s3->tmp.new_cipher->algorithms, need_cert); @@ -1459,7 +1459,7 @@ int ssl3_get_key_exchange(SSL *s) EVP_VerifyUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE); EVP_VerifyUpdate(&md_ctx,&(s->s3->server_random[0]),SSL3_RANDOM_SIZE); EVP_VerifyUpdate(&md_ctx,param,param_len); - if (!EVP_VerifyFinal(&md_ctx,p,(int)n,pkey)) + if (EVP_VerifyFinal(&md_ctx,p,(int)n,pkey) <= 0) { /* bad signature */ al=SSL_AD_DECRYPT_ERROR; @@ -1477,7 +1477,7 @@ int ssl3_get_key_exchange(SSL *s) EVP_VerifyUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE); EVP_VerifyUpdate(&md_ctx,&(s->s3->server_random[0]),SSL3_RANDOM_SIZE); EVP_VerifyUpdate(&md_ctx,param,param_len); - if (!EVP_VerifyFinal(&md_ctx,p,(int)n,pkey)) + if (EVP_VerifyFinal(&md_ctx,p,(int)n,pkey) <= 0) { /* bad signature */ al=SSL_AD_DECRYPT_ERROR; @@ -1777,7 +1777,7 @@ int ssl3_get_cert_status(SSL *s) goto f_err; } n2l3(p, resplen); - if (resplen + 4 != n) + if (resplen + 4 != (unsigned long)n) { al = SSL_AD_DECODE_ERROR; SSLerr(SSL_F_SSL3_GET_CERT_STATUS,SSL_R_LENGTH_MISMATCH); diff --git a/lib/libssl/src/ssl/s3_pkt.c b/lib/libssl/src/ssl/s3_pkt.c index 72853a2e728..9476dcddf6e 100644 --- a/lib/libssl/src/ssl/s3_pkt.c +++ b/lib/libssl/src/ssl/s3_pkt.c @@ -753,8 +753,15 @@ int ssl3_write_pending(SSL *s, int type, const unsigned char *buf, s->rwstate=SSL_NOTHING; return(s->s3->wpend_ret); } - else if (i <= 0) + else if (i <= 0) { + if (s->version == DTLS1_VERSION || + s->version == DTLS1_BAD_VER) { + /* For DTLS, just drop it. That's kind of the whole + point in using a datagram service */ + s->s3->wbuf.left = 0; + } return(i); + } s->s3->wbuf.offset+=i; s->s3->wbuf.left-=i; } diff --git a/lib/libssl/src/ssl/s3_srvr.c b/lib/libssl/src/ssl/s3_srvr.c index 398ce469d68..80b45eb86ff 100644 --- a/lib/libssl/src/ssl/s3_srvr.c +++ b/lib/libssl/src/ssl/s3_srvr.c @@ -902,22 +902,28 @@ int ssl3_get_client_hello(SSL *s) break; } } - if (j == 0) - { - if ((s->options & SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG) && (sk_SSL_CIPHER_num(ciphers) == 1)) - { - /* Very bad for multi-threading.... */ - s->session->cipher=sk_SSL_CIPHER_value(ciphers, 0); - } - else + if (j == 0 && (s->options & SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG) && (sk_SSL_CIPHER_num(ciphers) == 1)) + { + /* Special case as client bug workaround: the previously used cipher may + * not be in the current list, the client instead might be trying to + * continue using a cipher that before wasn't chosen due to server + * preferences. We'll have to reject the connection if the cipher is not + * enabled, though. */ + c = sk_SSL_CIPHER_value(ciphers, 0); + if (sk_SSL_CIPHER_find(SSL_get_ciphers(s), c) >= 0) { - /* we need to have the cipher in the cipher - * list if we are asked to reuse it */ - al=SSL_AD_ILLEGAL_PARAMETER; - SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_REQUIRED_CIPHER_MISSING); - goto f_err; + s->session->cipher = c; + j = 1; } } + if (j == 0) + { + /* we need to have the cipher in the cipher + * list if we are asked to reuse it */ + al=SSL_AD_ILLEGAL_PARAMETER; + SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_REQUIRED_CIPHER_MISSING); + goto f_err; + } } /* compression */ @@ -2560,7 +2566,7 @@ int ssl3_get_client_certificate(SSL *s) else { i=ssl_verify_cert_chain(s,sk); - if (!i) + if (i <= 0) { al=ssl_verify_alarm_type(s->verify_result); SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,SSL_R_NO_CERTIFICATE_RETURNED); diff --git a/lib/libssl/src/ssl/ssl_ciph.c b/lib/libssl/src/ssl/ssl_ciph.c index 514292a03ed..4116fd12f1a 100644 --- a/lib/libssl/src/ssl/ssl_ciph.c +++ b/lib/libssl/src/ssl/ssl_ciph.c @@ -115,7 +115,10 @@ */ #include <stdio.h> #include <openssl/objects.h> +#ifndef OPENSSL_NO_COMP #include <openssl/comp.h> +#endif + #include "ssl_locl.h" #define SSL_ENC_DES_IDX 0 diff --git a/lib/libssl/src/ssl/ssl_locl.h b/lib/libssl/src/ssl/ssl_locl.h index 735db397132..ed4ddbbae6c 100644 --- a/lib/libssl/src/ssl/ssl_locl.h +++ b/lib/libssl/src/ssl/ssl_locl.h @@ -124,7 +124,9 @@ #include "e_os.h" #include <openssl/buffer.h> +#ifndef OPENSSL_NO_COMP #include <openssl/comp.h> +#endif #include <openssl/bio.h> #include <openssl/stack.h> #ifndef OPENSSL_NO_RSA @@ -500,6 +502,7 @@ typedef struct ssl3_enc_method int (*alert_value)(int); } SSL3_ENC_METHOD; +#ifndef OPENSSL_NO_COMP /* Used for holding the relevant compression methods loaded into SSL_CTX */ typedef struct ssl3_comp_st { @@ -507,6 +510,7 @@ typedef struct ssl3_comp_st char *name; /* Text name used for the compression type */ COMP_METHOD *method; /* The method :-) */ } SSL3_COMP; +#endif extern SSL3_ENC_METHOD ssl3_undef_enc_method; OPENSSL_EXTERN SSL_CIPHER ssl2_ciphers[]; diff --git a/lib/libssl/src/ssl/ssltest.c b/lib/libssl/src/ssl/ssltest.c index f409f3dc76b..5e666aedea1 100644 --- a/lib/libssl/src/ssl/ssltest.c +++ b/lib/libssl/src/ssl/ssltest.c @@ -2095,7 +2095,7 @@ static int MS_CALLBACK app_verify_callback(X509_STORE_CTX *ctx, void *arg) if (cb_arg->proxy_auth) { - if (ok) + if (ok > 0) { const char *cond_end = NULL; diff --git a/lib/libssl/src/ssl/t1_enc.c b/lib/libssl/src/ssl/t1_enc.c index 3c4dec76d75..7cb3e29a41b 100644 --- a/lib/libssl/src/ssl/t1_enc.c +++ b/lib/libssl/src/ssl/t1_enc.c @@ -111,10 +111,15 @@ #include <stdio.h> #include "ssl_locl.h" +#ifndef OPENSSL_NO_COMP #include <openssl/comp.h> +#endif #include <openssl/evp.h> #include <openssl/hmac.h> #include <openssl/md5.h> +#ifdef KSSL_DEBUG +#include <openssl/des.h> +#endif static void tls1_P_hash(const EVP_MD *md, const unsigned char *sec, int sec_len, unsigned char *seed, int seed_len, @@ -251,15 +256,15 @@ int tls1_change_cipher_state(SSL *s, int which) #ifdef KSSL_DEBUG printf("tls1_change_cipher_state(which= %d) w/\n", which); printf("\talg= %ld, comp= %p\n", s->s3->tmp.new_cipher->algorithms, - comp); - printf("\tevp_cipher == %p ==? &d_cbc_ede_cipher3\n", c); + (void *)comp); + printf("\tevp_cipher == %p ==? &d_cbc_ede_cipher3\n", (void *)c); printf("\tevp_cipher: nid, blksz= %d, %d, keylen=%d, ivlen=%d\n", c->nid,c->block_size,c->key_len,c->iv_len); printf("\tkey_block: len= %d, data= ", s->s3->tmp.key_block_length); { - int i; - for (i=0; i<s->s3->tmp.key_block_length; i++) - printf("%02x", key_block[i]); printf("\n"); + int ki; + for (ki=0; ki<s->s3->tmp.key_block_length; ki++) + printf("%02x", key_block[ki]); printf("\n"); } #endif /* KSSL_DEBUG */ @@ -415,11 +420,13 @@ printf("which = %04X\nmac key=",which); s->session->key_arg_length=0; #ifdef KSSL_DEBUG { - int i; + int ki; printf("EVP_CipherInit_ex(dd,c,key=,iv=,which)\n"); - printf("\tkey= "); for (i=0; i<c->key_len; i++) printf("%02x", key[i]); + printf("\tkey= "); + for (ki=0; ki<c->key_len; ki++) printf("%02x", key[ki]); printf("\n"); - printf("\t iv= "); for (i=0; i<c->iv_len; i++) printf("%02x", iv[i]); + printf("\t iv= "); + for (ki=0; ki<c->iv_len; ki++) printf("%02x", iv[ki]); printf("\n"); } #endif /* KSSL_DEBUG */ @@ -592,10 +599,11 @@ int tls1_enc(SSL *s, int send) { unsigned long ui; printf("EVP_Cipher(ds=%p,rec->data=%p,rec->input=%p,l=%ld) ==>\n", - ds,rec->data,rec->input,l); - printf("\tEVP_CIPHER_CTX: %d buf_len, %d key_len [%d %d], %d iv_len\n", + (void *)ds,rec->data,rec->input,l); + printf("\tEVP_CIPHER_CTX: %d buf_len, %d key_len [%ld %ld], %d iv_len\n", ds->buf_len, ds->cipher->key_len, - DES_KEY_SZ, DES_SCHEDULE_SZ, + (unsigned long)DES_KEY_SZ, + (unsigned long)DES_SCHEDULE_SZ, ds->cipher->iv_len); printf("\t\tIV: "); for (i=0; i<ds->cipher->iv_len; i++) printf("%02X", ds->iv[i]); @@ -620,10 +628,10 @@ int tls1_enc(SSL *s, int send) #ifdef KSSL_DEBUG { - unsigned long i; + unsigned long ki; printf("\trec->data="); - for (i=0; i<l; i++) - printf(" %02x", rec->data[i]); printf("\n"); + for (ki=0; ki<l; i++) + printf(" %02x", rec->data[ki]); printf("\n"); } #endif /* KSSL_DEBUG */ @@ -807,7 +815,7 @@ int tls1_generate_master_secret(SSL *s, unsigned char *out, unsigned char *p, unsigned char buff[SSL_MAX_MASTER_KEY_LENGTH]; #ifdef KSSL_DEBUG - printf ("tls1_generate_master_secret(%p,%p, %p, %d)\n", s,out, p,len); + printf ("tls1_generate_master_secret(%p,%p, %p, %d)\n", (void *)s,out, p,len); #endif /* KSSL_DEBUG */ /* Setup the stuff to munge */ diff --git a/lib/libssl/src/test/Makefile b/lib/libssl/src/test/Makefile index 3e58351cb9b..73d64440b15 100644 --- a/lib/libssl/src/test/Makefile +++ b/lib/libssl/src/test/Makefile @@ -5,7 +5,7 @@ DIR= test TOP= .. CC= cc -INCLUDES= -I$(TOP) -I../include $(KRB5_INCLUDES) +INCLUDES= -I$(TOP) -I../include $(KRB5_INCLUDES) -I$(TOP)/fips CFLAG= -g MAKEDEPEND= $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG) PERL= perl @@ -27,6 +27,7 @@ DLIBCRYPTO= ../libcrypto.a DLIBSSL= ../libssl.a LIBCRYPTO= -L.. -lcrypto LIBSSL= -L.. -lssl +LIBFIPS= -L.. -lfips BNTEST= bntest ECTEST= ectest @@ -59,6 +60,18 @@ RSATEST= rsa_test ENGINETEST= enginetest EVPTEST= evp_test IGETEST= igetest +FIPS_SHATEST= fips_shatest +FIPS_DESTEST= fips_desmovs +FIPS_RANDTEST= fips_randtest +FIPS_AESTEST= fips_aesavs +FIPS_HMACTEST= fips_hmactest +FIPS_RSAVTEST= fips_rsavtest +FIPS_RSASTEST= fips_rsastest +FIPS_RSAGTEST= fips_rsagtest +FIPS_DSATEST= fips_dsatest +FIPS_DSSVS= fips_dssvs +FIPS_RNGVS= fips_rngvs +FIPS_TEST_SUITE=fips_test_suite TESTS= alltests @@ -69,7 +82,13 @@ EXE= $(BNTEST)$(EXE_EXT) $(ECTEST)$(EXE_EXT) $(ECDSATEST)$(EXE_EXT) $(ECDHTEST) $(MDC2TEST)$(EXE_EXT) $(RMDTEST)$(EXE_EXT) \ $(RANDTEST)$(EXE_EXT) $(DHTEST)$(EXE_EXT) $(ENGINETEST)$(EXE_EXT) \ $(BFTEST)$(EXE_EXT) $(CASTTEST)$(EXE_EXT) $(SSLTEST)$(EXE_EXT) $(EXPTEST)$(EXE_EXT) $(DSATEST)$(EXE_EXT) $(RSATEST)$(EXE_EXT) \ - $(EVPTEST)$(EXE_EXT) $(IGETEST)$(EXE_EXT) + $(EVPTEST)$(EXE_EXT) $(IGETEST)$(EXE_EXT) \ + $(FIPS_SHATEST)$(EXE_EXT) $(FIPS_DESTEST)$(EXE_EXT) \ + $(FIPS_RANDTEST)$(EXE_EXT) $(FIPS_AESTEST)$(EXE_EXT) \ + $(FIPS_HMACTEST)$(EXE_EXT) $(FIPS_RSAVTEST)$(EXE_EXT) \ + $(FIPS_RSASTEST)$(EXE_EXT) $(FIPS_RSAGTEST)$(EXE_EXT) \ + $(FIPS_DSSVS)$(EXE_EXT) $(FIPS_DSATEST)$(EXE_EXT) \ + $(FIPS_RNGVS)$(EXE_EXT) $(FIPS_TEST_SUITE)$(EXE_EXT) jpaketest$(EXE_EXT) # $(METHTEST)$(EXE_EXT) @@ -81,7 +100,13 @@ OBJ= $(BNTEST).o $(ECTEST).o $(ECDSATEST).o $(ECDHTEST).o $(IDEATEST).o \ $(MDC2TEST).o $(RMDTEST).o \ $(RANDTEST).o $(DHTEST).o $(ENGINETEST).o $(CASTTEST).o \ $(BFTEST).o $(SSLTEST).o $(DSATEST).o $(EXPTEST).o $(RSATEST).o \ - $(EVPTEST).o $(IGETEST).o + $(EVPTEST).o $(IGETEST).o \ + $(FIPS_SHATEST).o $(FIPS_DESTEST).o $(FIPS_RANDTEST).o \ + $(FIPS_AESTEST).o $(FIPS_HMACTEST).o $(FIPS_RSAVTEST).o \ + $(FIPS_RSASTEST).o $(FIPS_RSAGTEST).o \ + $(FIPS_DSSVS).o $(FIPS_DSATEST).o $(FIPS_RNGVS).o $(FIPS_TEST_SUITE).o \ + jpaketest.o + SRC= $(BNTEST).c $(ECTEST).c $(ECDSATEST).c $(ECDHTEST).c $(IDEATEST).c \ $(MD2TEST).c $(MD4TEST).c $(MD5TEST).c \ $(HMACTEST).c \ @@ -89,7 +114,12 @@ SRC= $(BNTEST).c $(ECTEST).c $(ECDSATEST).c $(ECDHTEST).c $(IDEATEST).c \ $(DESTEST).c $(SHATEST).c $(SHA1TEST).c $(MDC2TEST).c $(RMDTEST).c \ $(RANDTEST).c $(DHTEST).c $(ENGINETEST).c $(CASTTEST).c \ $(BFTEST).c $(SSLTEST).c $(DSATEST).c $(EXPTEST).c $(RSATEST).c \ - $(EVPTEST).c $(IGETEST).c + $(EVPTEST).c $(IGETEST).c \ + $(FIPS_SHATEST).c $(FIPS_DESTEST).c $(FIPS_RANDTEST).c \ + $(FIPS_AESTEST).c $(FIPS_HMACTEST).c $(FIPS_RSAVTEST).c \ + $(FIPS_RSASTEST).c $(FIPS_RSAGTEST).c \ + $(FIPS_DSSVS).c $(FIPS_DSATEST).c $(FIPS_RNGVS).c $(FIPS_TEST_SUITE).c \ + jpaketest.c EXHEADER= HEADER= $(EXHEADER) @@ -131,7 +161,7 @@ alltests: \ test_rand test_bn test_ec test_ecdsa test_ecdh \ test_enc test_x509 test_rsa test_crl test_sid \ test_gen test_req test_pkcs7 test_verify test_dh test_dsa \ - test_ss test_ca test_engine test_evp test_ssl test_ige + test_ss test_ca test_engine test_evp test_ssl test_ige test_jpake test_evp: ../util/shlib_wrap.sh ./$(EVPTEST) evptests.txt @@ -147,6 +177,9 @@ test_sha: ../util/shlib_wrap.sh ./$(SHA1TEST) ../util/shlib_wrap.sh ./$(SHA256TEST) ../util/shlib_wrap.sh ./$(SHA512TEST) + if [ -n "$(FIPSCANLIB)" ]; then \ + ../util/shlib_wrap.sh ./$(FIPS_SHATEST) < SHAmix.r | diff -w SHAmix.x - ; \ + fi test_mdc2: ../util/shlib_wrap.sh ./$(MDC2TEST) @@ -183,6 +216,9 @@ test_rc5: test_rand: ../util/shlib_wrap.sh ./$(RANDTEST) + if [ -n "$(FIPSCANLIB)" ]; then \ + ../util/shlib_wrap.sh ./$(FIPS_RANDTEST); \ + fi test_enc: sh ./testenc @@ -247,6 +283,9 @@ test_dsa: @echo "Generate a set of DSA parameters" ../util/shlib_wrap.sh ./$(DSATEST) ../util/shlib_wrap.sh ./$(DSATEST) -app2_1 + if [ -n "$(FIPSCANLIB)" ]; then \ + ../util/shlib_wrap.sh ./$(FIPS_DSATEST); \ + fi test_gen: @echo "Generate and verify a certificate request" @@ -266,6 +305,9 @@ test_engine: test_ssl: keyU.ss certU.ss certCA.ss certP1.ss keyP1.ss certP2.ss keyP2.ss \ intP1.ss intP2.ss @echo "test SSL protocol" + @if [ -n "$(FIPSCANLIB)" ]; then \ + sh ./testfipsssl keyU.ss certU.ss certCA.ss; \ + fi ../util/shlib_wrap.sh ./$(SSLTEST) -test_cipherlist @sh ./testssl keyU.ss certU.ss certCA.ss @sh ./testsslproxy keyP1.ss certP1.ss intP1.ss @@ -287,6 +329,10 @@ test_ige: $(IGETEST)$(EXE_EXT) @echo "Test IGE mode" ../util/shlib_wrap.sh ./$(IGETEST) +test_jpake: jpaketest$(EXE_EXT) + @echo "Test JPAKE" + ../util/shlib_wrap.sh ./jpaketest + lint: lint -DLINT $(INCLUDES) $(SRC)>fluff @@ -302,7 +348,7 @@ dclean: mv -f Makefile.new $(MAKEFILE) clean: - rm -f .rnd tmp.bntest tmp.bctest *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff $(EXE) *.ss *.srl log + rm -f .rnd tmp.bntest tmp.bctest *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff $(EXE) *.ss *.srl log dummytest $(DLIBSSL): (cd ..; $(MAKE) DIRS=ssl all) @@ -314,6 +360,7 @@ BUILD_CMD=shlib_target=; if [ -n "$(SHARED_LIBS)" ]; then \ shlib_target="$(SHLIB_TARGET)"; \ fi; \ LIBRARIES="$(LIBSSL) $(LIBCRYPTO) $(LIBKRB5)"; \ + [ "$(FIPSCANLIB)" = "libfips" ] && LIBRARIES="$$LIBRARIES -lfips"; \ $(MAKE) -f $(TOP)/Makefile.shared -e \ APPNAME=$$target$(EXE_EXT) OBJECTS="$$target.o" \ LIBDEPS="$(PEX_LIBS) $$LIBRARIES $(EX_LIBS)" \ @@ -349,6 +396,69 @@ $(SHA256TEST)$(EXE_EXT): $(SHA256TEST).o $(DLIBCRYPTO) $(SHA512TEST)$(EXE_EXT): $(SHA512TEST).o $(DLIBCRYPTO) @target=$(SHA512TEST); $(BUILD_CMD) +FIPS_BUILD_CMD=shlib_target=; if [ -n "$(SHARED_LIBS)" ]; then \ + shlib_target="$(SHLIB_TARGET)"; \ + fi; \ + if [ "$(FIPSCANLIB)" = "libfips" ]; then \ + LIBRARIES="-L$(TOP) -lfips"; \ + elif [ -n "$(FIPSCANLIB)" ]; then \ + FIPSLD_CC=$(CC); CC=$(TOP)/fips/fipsld; export CC FIPSLD_CC; \ + LIBRARIES="$${FIPSLIBDIR:-$(TOP)/fips/}fipscanister.o"; \ + fi; \ + $(MAKE) -f $(TOP)/Makefile.shared -e \ + CC=$${CC} APPNAME=$$target$(EXE_EXT) OBJECTS="$$target.o" \ + LIBDEPS="$(PEX_LIBS) $$LIBRARIES $(EX_LIBS)" \ + link_app.$${shlib_target} + +FIPS_CRYPTO_BUILD_CMD=shlib_target=; if [ -n "$(SHARED_LIBS)" ]; then \ + shlib_target="$(SHLIB_TARGET)"; \ + fi; \ + LIBRARIES="$(LIBSSL) $(LIBCRYPTO) $(LIBKRB5)"; \ + if [ -z "$(SHARED_LIBS)" -a -n "$(FIPSCANLIB)" ] ; then \ + FIPSLD_CC=$(CC); CC=$(TOP)/fips/fipsld; export CC FIPSLD_CC; \ + fi; \ + [ "$(FIPSCANLIB)" = "libfips" ] && LIBRARIES="$$LIBRARIES -lfips"; \ + $(MAKE) -f $(TOP)/Makefile.shared -e \ + CC=$${CC} APPNAME=$$target$(EXE_EXT) OBJECTS="$$target.o" \ + LIBDEPS="$(PEX_LIBS) $$LIBRARIES $(EX_LIBS)" \ + link_app.$${shlib_target} + +$(FIPS_SHATEST)$(EXE_EXT): $(FIPS_SHATEST).o $(DLIBCRYPTO) + @target=$(FIPS_SHATEST); $(FIPS_BUILD_CMD) + +$(FIPS_AESTEST)$(EXE_EXT): $(FIPS_AESTEST).o $(DLIBCRYPTO) + @target=$(FIPS_AESTEST); $(FIPS_BUILD_CMD) + +$(FIPS_DESTEST)$(EXE_EXT): $(FIPS_DESTEST).o $(DLIBCRYPTO) + @target=$(FIPS_DESTEST); $(FIPS_BUILD_CMD) + +$(FIPS_HMACTEST)$(EXE_EXT): $(FIPS_HMACTEST).o $(DLIBCRYPTO) + @target=$(FIPS_HMACTEST); $(FIPS_BUILD_CMD) + +$(FIPS_RANDTEST)$(EXE_EXT): $(FIPS_RANDTEST).o $(DLIBCRYPTO) + @target=$(FIPS_RANDTEST); $(FIPS_BUILD_CMD) + +$(FIPS_RSAVTEST)$(EXE_EXT): $(FIPS_RSAVTEST).o $(DLIBCRYPTO) + @target=$(FIPS_RSAVTEST); $(FIPS_BUILD_CMD) + +$(FIPS_RSASTEST)$(EXE_EXT): $(FIPS_RSASTEST).o $(DLIBCRYPTO) + @target=$(FIPS_RSASTEST); $(FIPS_BUILD_CMD) + +$(FIPS_RSAGTEST)$(EXE_EXT): $(FIPS_RSAGTEST).o $(DLIBCRYPTO) + @target=$(FIPS_RSAGTEST); $(FIPS_BUILD_CMD) + +$(FIPS_DSATEST)$(EXE_EXT): $(FIPS_DSATEST).o $(DLIBCRYPTO) + @target=$(FIPS_DSATEST); $(FIPS_BUILD_CMD) + +$(FIPS_DSSVS)$(EXE_EXT): $(FIPS_DSSVS).o $(DLIBCRYPTO) + @target=$(FIPS_DSSVS); $(FIPS_BUILD_CMD) + +$(FIPS_RNGVS)$(EXE_EXT): $(FIPS_RNGVS).o $(DLIBCRYPTO) + @target=$(FIPS_RNGVS); $(FIPS_BUILD_CMD) + +$(FIPS_TEST_SUITE)$(EXE_EXT): $(FIPS_TEST_SUITE).o $(DLIBCRYPTO) + @target=$(FIPS_TEST_SUITE); $(FIPS_BUILD_CMD) + $(RMDTEST)$(EXE_EXT): $(RMDTEST).o $(DLIBCRYPTO) @target=$(RMDTEST); $(BUILD_CMD) @@ -395,7 +505,7 @@ $(METHTEST)$(EXE_EXT): $(METHTEST).o $(DLIBCRYPTO) @target=$(METHTEST); $(BUILD_CMD) $(SSLTEST)$(EXE_EXT): $(SSLTEST).o $(DLIBSSL) $(DLIBCRYPTO) - @target=$(SSLTEST); $(BUILD_CMD) + @target=$(SSLTEST); $(FIPS_CRYPTO_BUILD_CMD) $(ENGINETEST)$(EXE_EXT): $(ENGINETEST).o $(DLIBCRYPTO) @target=$(ENGINETEST); $(BUILD_CMD) @@ -412,6 +522,9 @@ $(ECDHTEST)$(EXE_EXT): $(ECDHTEST).o $(DLIBCRYPTO) $(IGETEST)$(EXE_EXT): $(IGETEST).o $(DLIBCRYPTO) @target=$(IGETEST); $(BUILD_CMD) +jpaketest$(EXE_EXT): jpaketest.o $(DLIBCRYPTO) + @target=jpaketest; $(BUILD_CMD) + #$(AESTEST).o: $(AESTEST).c # $(CC) -c $(CFLAGS) -DINTERMEDIATE_VALUE_KAT -DTRACE_KAT_MCT $(AESTEST).c @@ -435,14 +548,15 @@ bntest.o: ../include/openssl/crypto.h ../include/openssl/dh.h bntest.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h bntest.o: ../include/openssl/ec.h ../include/openssl/ecdh.h bntest.o: ../include/openssl/ecdsa.h ../include/openssl/err.h -bntest.o: ../include/openssl/evp.h ../include/openssl/lhash.h -bntest.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h -bntest.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -bntest.o: ../include/openssl/ossl_typ.h ../include/openssl/pkcs7.h -bntest.o: ../include/openssl/rand.h ../include/openssl/rsa.h -bntest.o: ../include/openssl/safestack.h ../include/openssl/sha.h -bntest.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -bntest.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h bntest.c +bntest.o: ../include/openssl/evp.h ../include/openssl/fips.h +bntest.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h +bntest.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h +bntest.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +bntest.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h +bntest.o: ../include/openssl/rsa.h ../include/openssl/safestack.h +bntest.o: ../include/openssl/sha.h ../include/openssl/stack.h +bntest.o: ../include/openssl/symhacks.h ../include/openssl/x509.h +bntest.o: ../include/openssl/x509_vfy.h bntest.c casttest.o: ../e_os.h ../include/openssl/cast.h ../include/openssl/e_os2.h casttest.o: ../include/openssl/opensslconf.h casttest.c destest.o: ../include/openssl/des.h ../include/openssl/des_old.h @@ -481,53 +595,54 @@ ecdsatest.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h ecdsatest.o: ../include/openssl/ec.h ../include/openssl/ecdh.h ecdsatest.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h ecdsatest.o: ../include/openssl/err.h ../include/openssl/evp.h -ecdsatest.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h -ecdsatest.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h -ecdsatest.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h -ecdsatest.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h -ecdsatest.o: ../include/openssl/safestack.h ../include/openssl/sha.h -ecdsatest.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -ecdsatest.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h -ecdsatest.o: ecdsatest.c +ecdsatest.o: ../include/openssl/fips.h ../include/openssl/lhash.h +ecdsatest.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h +ecdsatest.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +ecdsatest.o: ../include/openssl/ossl_typ.h ../include/openssl/pkcs7.h +ecdsatest.o: ../include/openssl/rand.h ../include/openssl/safestack.h +ecdsatest.o: ../include/openssl/sha.h ../include/openssl/stack.h +ecdsatest.o: ../include/openssl/symhacks.h ../include/openssl/x509.h +ecdsatest.o: ../include/openssl/x509_vfy.h ecdsatest.c ectest.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h ectest.o: ../include/openssl/bn.h ../include/openssl/buffer.h ectest.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h ectest.o: ../include/openssl/ec.h ../include/openssl/ecdh.h ectest.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h ectest.o: ../include/openssl/err.h ../include/openssl/evp.h -ectest.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h -ectest.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h -ectest.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h -ectest.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h -ectest.o: ../include/openssl/safestack.h ../include/openssl/sha.h -ectest.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -ectest.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ectest.c +ectest.o: ../include/openssl/fips.h ../include/openssl/lhash.h +ectest.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h +ectest.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +ectest.o: ../include/openssl/ossl_typ.h ../include/openssl/pkcs7.h +ectest.o: ../include/openssl/rand.h ../include/openssl/safestack.h +ectest.o: ../include/openssl/sha.h ../include/openssl/stack.h +ectest.o: ../include/openssl/symhacks.h ../include/openssl/x509.h +ectest.o: ../include/openssl/x509_vfy.h ectest.c enginetest.o: ../include/openssl/asn1.h ../include/openssl/bio.h enginetest.o: ../include/openssl/buffer.h ../include/openssl/crypto.h enginetest.o: ../include/openssl/e_os2.h ../include/openssl/ec.h enginetest.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h enginetest.o: ../include/openssl/engine.h ../include/openssl/err.h -enginetest.o: ../include/openssl/evp.h ../include/openssl/lhash.h -enginetest.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h -enginetest.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -enginetest.o: ../include/openssl/ossl_typ.h ../include/openssl/pkcs7.h -enginetest.o: ../include/openssl/safestack.h ../include/openssl/sha.h -enginetest.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -enginetest.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h -enginetest.o: enginetest.c +enginetest.o: ../include/openssl/evp.h ../include/openssl/fips.h +enginetest.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h +enginetest.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h +enginetest.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +enginetest.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h +enginetest.o: ../include/openssl/sha.h ../include/openssl/stack.h +enginetest.o: ../include/openssl/symhacks.h ../include/openssl/x509.h +enginetest.o: ../include/openssl/x509_vfy.h enginetest.c evp_test.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h evp_test.o: ../include/openssl/buffer.h ../include/openssl/conf.h evp_test.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h evp_test.o: ../include/openssl/ec.h ../include/openssl/ecdh.h evp_test.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h evp_test.o: ../include/openssl/err.h ../include/openssl/evp.h -evp_test.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h -evp_test.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h -evp_test.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h -evp_test.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h -evp_test.o: ../include/openssl/sha.h ../include/openssl/stack.h -evp_test.o: ../include/openssl/symhacks.h ../include/openssl/x509.h -evp_test.o: ../include/openssl/x509_vfy.h evp_test.c +evp_test.o: ../include/openssl/fips.h ../include/openssl/lhash.h +evp_test.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h +evp_test.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +evp_test.o: ../include/openssl/ossl_typ.h ../include/openssl/pkcs7.h +evp_test.o: ../include/openssl/safestack.h ../include/openssl/sha.h +evp_test.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +evp_test.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h evp_test.c exptest.o: ../e_os.h ../include/openssl/bio.h ../include/openssl/bn.h exptest.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h exptest.o: ../include/openssl/err.h ../include/openssl/lhash.h @@ -535,40 +650,220 @@ exptest.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h exptest.o: ../include/openssl/ossl_typ.h ../include/openssl/rand.h exptest.o: ../include/openssl/safestack.h ../include/openssl/stack.h exptest.o: ../include/openssl/symhacks.h exptest.c +fips_aesavs.o: ../e_os.h ../fips/fips_utl.h ../include/openssl/aes.h +fips_aesavs.o: ../include/openssl/asn1.h ../include/openssl/bio.h +fips_aesavs.o: ../include/openssl/bn.h ../include/openssl/crypto.h +fips_aesavs.o: ../include/openssl/e_os2.h ../include/openssl/err.h +fips_aesavs.o: ../include/openssl/evp.h ../include/openssl/fips.h +fips_aesavs.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h +fips_aesavs.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h +fips_aesavs.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +fips_aesavs.o: ../include/openssl/safestack.h ../include/openssl/stack.h +fips_aesavs.o: ../include/openssl/symhacks.h fips_aesavs.c +fips_desmovs.o: ../e_os.h ../fips/fips_utl.h ../include/openssl/asn1.h +fips_desmovs.o: ../include/openssl/bio.h ../include/openssl/bn.h +fips_desmovs.o: ../include/openssl/crypto.h ../include/openssl/des.h +fips_desmovs.o: ../include/openssl/des_old.h ../include/openssl/e_os2.h +fips_desmovs.o: ../include/openssl/err.h ../include/openssl/evp.h +fips_desmovs.o: ../include/openssl/fips.h ../include/openssl/lhash.h +fips_desmovs.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h +fips_desmovs.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +fips_desmovs.o: ../include/openssl/ossl_typ.h ../include/openssl/safestack.h +fips_desmovs.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +fips_desmovs.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h +fips_desmovs.o: fips_desmovs.c +fips_dsatest.o: ../e_os.h ../fips/fips_utl.h ../include/openssl/asn1.h +fips_dsatest.o: ../include/openssl/bio.h ../include/openssl/bn.h +fips_dsatest.o: ../include/openssl/buffer.h ../include/openssl/crypto.h +fips_dsatest.o: ../include/openssl/des.h ../include/openssl/des_old.h +fips_dsatest.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h +fips_dsatest.o: ../include/openssl/ec.h ../include/openssl/ecdh.h +fips_dsatest.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h +fips_dsatest.o: ../include/openssl/err.h ../include/openssl/evp.h +fips_dsatest.o: ../include/openssl/fips.h ../include/openssl/fips_rand.h +fips_dsatest.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h +fips_dsatest.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h +fips_dsatest.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +fips_dsatest.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h +fips_dsatest.o: ../include/openssl/safestack.h ../include/openssl/sha.h +fips_dsatest.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +fips_dsatest.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h +fips_dsatest.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h +fips_dsatest.o: fips_dsatest.c +fips_dssvs.o: ../fips/fips_utl.h ../include/openssl/asn1.h +fips_dssvs.o: ../include/openssl/bio.h ../include/openssl/bn.h +fips_dssvs.o: ../include/openssl/crypto.h ../include/openssl/dsa.h +fips_dssvs.o: ../include/openssl/e_os2.h ../include/openssl/err.h +fips_dssvs.o: ../include/openssl/evp.h ../include/openssl/fips.h +fips_dssvs.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h +fips_dssvs.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h +fips_dssvs.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +fips_dssvs.o: ../include/openssl/safestack.h ../include/openssl/stack.h +fips_dssvs.o: ../include/openssl/symhacks.h fips_dssvs.c +fips_hmactest.o: ../fips/fips_utl.h ../include/openssl/asn1.h +fips_hmactest.o: ../include/openssl/bio.h ../include/openssl/bn.h +fips_hmactest.o: ../include/openssl/buffer.h ../include/openssl/conf.h +fips_hmactest.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h +fips_hmactest.o: ../include/openssl/ec.h ../include/openssl/ecdh.h +fips_hmactest.o: ../include/openssl/ecdsa.h ../include/openssl/err.h +fips_hmactest.o: ../include/openssl/evp.h ../include/openssl/fips.h +fips_hmactest.o: ../include/openssl/hmac.h ../include/openssl/lhash.h +fips_hmactest.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h +fips_hmactest.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +fips_hmactest.o: ../include/openssl/ossl_typ.h ../include/openssl/pkcs7.h +fips_hmactest.o: ../include/openssl/safestack.h ../include/openssl/sha.h +fips_hmactest.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +fips_hmactest.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h +fips_hmactest.o: ../include/openssl/x509v3.h fips_hmactest.c +fips_randtest.o: ../e_os.h ../fips/fips_utl.h ../include/openssl/bio.h +fips_randtest.o: ../include/openssl/bn.h ../include/openssl/crypto.h +fips_randtest.o: ../include/openssl/des.h ../include/openssl/des_old.h +fips_randtest.o: ../include/openssl/e_os2.h ../include/openssl/err.h +fips_randtest.o: ../include/openssl/fips_rand.h ../include/openssl/lhash.h +fips_randtest.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +fips_randtest.o: ../include/openssl/ossl_typ.h ../include/openssl/rand.h +fips_randtest.o: ../include/openssl/safestack.h ../include/openssl/stack.h +fips_randtest.o: ../include/openssl/symhacks.h ../include/openssl/ui.h +fips_randtest.o: ../include/openssl/ui_compat.h fips_randtest.c +fips_rngvs.o: ../fips/fips_utl.h ../include/openssl/asn1.h +fips_rngvs.o: ../include/openssl/bio.h ../include/openssl/bn.h +fips_rngvs.o: ../include/openssl/buffer.h ../include/openssl/conf.h +fips_rngvs.o: ../include/openssl/crypto.h ../include/openssl/des.h +fips_rngvs.o: ../include/openssl/des_old.h ../include/openssl/dsa.h +fips_rngvs.o: ../include/openssl/e_os2.h ../include/openssl/ec.h +fips_rngvs.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h +fips_rngvs.o: ../include/openssl/err.h ../include/openssl/evp.h +fips_rngvs.o: ../include/openssl/fips.h ../include/openssl/fips_rand.h +fips_rngvs.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h +fips_rngvs.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h +fips_rngvs.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +fips_rngvs.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h +fips_rngvs.o: ../include/openssl/safestack.h ../include/openssl/sha.h +fips_rngvs.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +fips_rngvs.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h +fips_rngvs.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h +fips_rngvs.o: ../include/openssl/x509v3.h fips_rngvs.c +fips_rsagtest.o: ../fips/fips_utl.h ../include/openssl/asn1.h +fips_rsagtest.o: ../include/openssl/bio.h ../include/openssl/bn.h +fips_rsagtest.o: ../include/openssl/buffer.h ../include/openssl/conf.h +fips_rsagtest.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h +fips_rsagtest.o: ../include/openssl/ec.h ../include/openssl/ecdh.h +fips_rsagtest.o: ../include/openssl/ecdsa.h ../include/openssl/err.h +fips_rsagtest.o: ../include/openssl/evp.h ../include/openssl/fips.h +fips_rsagtest.o: ../include/openssl/hmac.h ../include/openssl/lhash.h +fips_rsagtest.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h +fips_rsagtest.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +fips_rsagtest.o: ../include/openssl/ossl_typ.h ../include/openssl/pkcs7.h +fips_rsagtest.o: ../include/openssl/rsa.h ../include/openssl/safestack.h +fips_rsagtest.o: ../include/openssl/sha.h ../include/openssl/stack.h +fips_rsagtest.o: ../include/openssl/symhacks.h ../include/openssl/x509.h +fips_rsagtest.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h +fips_rsagtest.o: fips_rsagtest.c +fips_rsastest.o: ../fips/fips_utl.h ../include/openssl/asn1.h +fips_rsastest.o: ../include/openssl/bio.h ../include/openssl/bn.h +fips_rsastest.o: ../include/openssl/buffer.h ../include/openssl/conf.h +fips_rsastest.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h +fips_rsastest.o: ../include/openssl/ec.h ../include/openssl/ecdh.h +fips_rsastest.o: ../include/openssl/ecdsa.h ../include/openssl/err.h +fips_rsastest.o: ../include/openssl/evp.h ../include/openssl/fips.h +fips_rsastest.o: ../include/openssl/hmac.h ../include/openssl/lhash.h +fips_rsastest.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h +fips_rsastest.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +fips_rsastest.o: ../include/openssl/ossl_typ.h ../include/openssl/pkcs7.h +fips_rsastest.o: ../include/openssl/rsa.h ../include/openssl/safestack.h +fips_rsastest.o: ../include/openssl/sha.h ../include/openssl/stack.h +fips_rsastest.o: ../include/openssl/symhacks.h ../include/openssl/x509.h +fips_rsastest.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h +fips_rsastest.o: fips_rsastest.c +fips_rsavtest.o: ../fips/fips_utl.h ../include/openssl/asn1.h +fips_rsavtest.o: ../include/openssl/bio.h ../include/openssl/bn.h +fips_rsavtest.o: ../include/openssl/buffer.h ../include/openssl/conf.h +fips_rsavtest.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h +fips_rsavtest.o: ../include/openssl/ec.h ../include/openssl/ecdh.h +fips_rsavtest.o: ../include/openssl/ecdsa.h ../include/openssl/err.h +fips_rsavtest.o: ../include/openssl/evp.h ../include/openssl/fips.h +fips_rsavtest.o: ../include/openssl/hmac.h ../include/openssl/lhash.h +fips_rsavtest.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h +fips_rsavtest.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +fips_rsavtest.o: ../include/openssl/ossl_typ.h ../include/openssl/pkcs7.h +fips_rsavtest.o: ../include/openssl/rsa.h ../include/openssl/safestack.h +fips_rsavtest.o: ../include/openssl/sha.h ../include/openssl/stack.h +fips_rsavtest.o: ../include/openssl/symhacks.h ../include/openssl/x509.h +fips_rsavtest.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h +fips_rsavtest.o: fips_rsavtest.c +fips_shatest.o: ../fips/fips_utl.h ../include/openssl/asn1.h +fips_shatest.o: ../include/openssl/bio.h ../include/openssl/bn.h +fips_shatest.o: ../include/openssl/buffer.h ../include/openssl/conf.h +fips_shatest.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h +fips_shatest.o: ../include/openssl/ec.h ../include/openssl/ecdh.h +fips_shatest.o: ../include/openssl/ecdsa.h ../include/openssl/err.h +fips_shatest.o: ../include/openssl/evp.h ../include/openssl/fips.h +fips_shatest.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h +fips_shatest.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h +fips_shatest.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +fips_shatest.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h +fips_shatest.o: ../include/openssl/sha.h ../include/openssl/stack.h +fips_shatest.o: ../include/openssl/symhacks.h ../include/openssl/x509.h +fips_shatest.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h +fips_shatest.o: fips_shatest.c +fips_test_suite.o: ../fips/fips_utl.h ../include/openssl/aes.h +fips_test_suite.o: ../include/openssl/asn1.h ../include/openssl/bio.h +fips_test_suite.o: ../include/openssl/bn.h ../include/openssl/crypto.h +fips_test_suite.o: ../include/openssl/des.h ../include/openssl/des_old.h +fips_test_suite.o: ../include/openssl/dh.h ../include/openssl/dsa.h +fips_test_suite.o: ../include/openssl/e_os2.h ../include/openssl/err.h +fips_test_suite.o: ../include/openssl/evp.h ../include/openssl/fips.h +fips_test_suite.o: ../include/openssl/hmac.h ../include/openssl/lhash.h +fips_test_suite.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h +fips_test_suite.o: ../include/openssl/opensslconf.h +fips_test_suite.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +fips_test_suite.o: ../include/openssl/rand.h ../include/openssl/rsa.h +fips_test_suite.o: ../include/openssl/safestack.h ../include/openssl/sha.h +fips_test_suite.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +fips_test_suite.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h +fips_test_suite.o: fips_test_suite.c hmactest.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h hmactest.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h -hmactest.o: ../include/openssl/evp.h ../include/openssl/hmac.h -hmactest.o: ../include/openssl/md5.h ../include/openssl/obj_mac.h -hmactest.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h -hmactest.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h -hmactest.o: ../include/openssl/safestack.h ../include/openssl/stack.h -hmactest.o: ../include/openssl/symhacks.h hmactest.c +hmactest.o: ../include/openssl/evp.h ../include/openssl/fips.h +hmactest.o: ../include/openssl/hmac.h ../include/openssl/md5.h +hmactest.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h +hmactest.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +hmactest.o: ../include/openssl/ossl_typ.h ../include/openssl/safestack.h +hmactest.o: ../include/openssl/stack.h ../include/openssl/symhacks.h hmactest.c ideatest.o: ../e_os.h ../include/openssl/e_os2.h ../include/openssl/idea.h ideatest.o: ../include/openssl/opensslconf.h ideatest.c igetest.o: ../include/openssl/aes.h ../include/openssl/e_os2.h igetest.o: ../include/openssl/opensslconf.h ../include/openssl/ossl_typ.h igetest.o: ../include/openssl/rand.h igetest.c +jpaketest.o: ../include/openssl/buffer.h ../include/openssl/crypto.h +jpaketest.o: ../include/openssl/e_os2.h ../include/openssl/opensslconf.h +jpaketest.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +jpaketest.o: ../include/openssl/safestack.h ../include/openssl/stack.h +jpaketest.o: ../include/openssl/symhacks.h jpaketest.c md2test.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h md2test.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h -md2test.o: ../include/openssl/evp.h ../include/openssl/md2.h -md2test.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h -md2test.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -md2test.o: ../include/openssl/ossl_typ.h ../include/openssl/safestack.h -md2test.o: ../include/openssl/stack.h ../include/openssl/symhacks.h md2test.c +md2test.o: ../include/openssl/evp.h ../include/openssl/fips.h +md2test.o: ../include/openssl/md2.h ../include/openssl/obj_mac.h +md2test.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h +md2test.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +md2test.o: ../include/openssl/safestack.h ../include/openssl/stack.h +md2test.o: ../include/openssl/symhacks.h md2test.c md4test.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h md4test.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h -md4test.o: ../include/openssl/evp.h ../include/openssl/md4.h -md4test.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h -md4test.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -md4test.o: ../include/openssl/ossl_typ.h ../include/openssl/safestack.h -md4test.o: ../include/openssl/stack.h ../include/openssl/symhacks.h md4test.c +md4test.o: ../include/openssl/evp.h ../include/openssl/fips.h +md4test.o: ../include/openssl/md4.h ../include/openssl/obj_mac.h +md4test.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h +md4test.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +md4test.o: ../include/openssl/safestack.h ../include/openssl/stack.h +md4test.o: ../include/openssl/symhacks.h md4test.c md5test.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h md5test.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h -md5test.o: ../include/openssl/evp.h ../include/openssl/md5.h -md5test.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h -md5test.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -md5test.o: ../include/openssl/ossl_typ.h ../include/openssl/safestack.h -md5test.o: ../include/openssl/stack.h ../include/openssl/symhacks.h md5test.c +md5test.o: ../include/openssl/evp.h ../include/openssl/fips.h +md5test.o: ../include/openssl/md5.h ../include/openssl/obj_mac.h +md5test.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h +md5test.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +md5test.o: ../include/openssl/safestack.h ../include/openssl/stack.h +md5test.o: ../include/openssl/symhacks.h md5test.c mdc2test.o: ../include/openssl/buffer.h ../include/openssl/crypto.h mdc2test.o: ../include/openssl/e_os2.h ../include/openssl/opensslconf.h mdc2test.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h @@ -589,11 +884,12 @@ rc5test.o: ../include/openssl/safestack.h ../include/openssl/stack.h rc5test.o: ../include/openssl/symhacks.h rc5test.c rmdtest.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h rmdtest.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h -rmdtest.o: ../include/openssl/evp.h ../include/openssl/obj_mac.h -rmdtest.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h -rmdtest.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h -rmdtest.o: ../include/openssl/ripemd.h ../include/openssl/safestack.h -rmdtest.o: ../include/openssl/stack.h ../include/openssl/symhacks.h rmdtest.c +rmdtest.o: ../include/openssl/evp.h ../include/openssl/fips.h +rmdtest.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h +rmdtest.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +rmdtest.o: ../include/openssl/ossl_typ.h ../include/openssl/ripemd.h +rmdtest.o: ../include/openssl/safestack.h ../include/openssl/stack.h +rmdtest.o: ../include/openssl/symhacks.h rmdtest.c rsa_test.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h rsa_test.o: ../include/openssl/bn.h ../include/openssl/crypto.h rsa_test.o: ../include/openssl/e_os2.h ../include/openssl/err.h @@ -604,18 +900,20 @@ rsa_test.o: ../include/openssl/safestack.h ../include/openssl/stack.h rsa_test.o: ../include/openssl/symhacks.h rsa_test.c sha1test.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h sha1test.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h -sha1test.o: ../include/openssl/evp.h ../include/openssl/obj_mac.h -sha1test.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h -sha1test.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h -sha1test.o: ../include/openssl/safestack.h ../include/openssl/sha.h -sha1test.o: ../include/openssl/stack.h ../include/openssl/symhacks.h sha1test.c +sha1test.o: ../include/openssl/evp.h ../include/openssl/fips.h +sha1test.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h +sha1test.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +sha1test.o: ../include/openssl/ossl_typ.h ../include/openssl/safestack.h +sha1test.o: ../include/openssl/sha.h ../include/openssl/stack.h +sha1test.o: ../include/openssl/symhacks.h sha1test.c shatest.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h shatest.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h -shatest.o: ../include/openssl/evp.h ../include/openssl/obj_mac.h -shatest.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h -shatest.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h -shatest.o: ../include/openssl/safestack.h ../include/openssl/sha.h -shatest.o: ../include/openssl/stack.h ../include/openssl/symhacks.h shatest.c +shatest.o: ../include/openssl/evp.h ../include/openssl/fips.h +shatest.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h +shatest.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +shatest.o: ../include/openssl/ossl_typ.h ../include/openssl/safestack.h +shatest.o: ../include/openssl/sha.h ../include/openssl/stack.h +shatest.o: ../include/openssl/symhacks.h shatest.c ssltest.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h ssltest.o: ../include/openssl/bn.h ../include/openssl/buffer.h ssltest.o: ../include/openssl/comp.h ../include/openssl/conf.h @@ -624,17 +922,18 @@ ssltest.o: ../include/openssl/dsa.h ../include/openssl/dtls1.h ssltest.o: ../include/openssl/e_os2.h ../include/openssl/ec.h ssltest.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h ssltest.o: ../include/openssl/engine.h ../include/openssl/err.h -ssltest.o: ../include/openssl/evp.h ../include/openssl/hmac.h -ssltest.o: ../include/openssl/kssl.h ../include/openssl/lhash.h -ssltest.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h -ssltest.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -ssltest.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h -ssltest.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h -ssltest.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h -ssltest.o: ../include/openssl/rand.h ../include/openssl/rsa.h -ssltest.o: ../include/openssl/safestack.h ../include/openssl/sha.h -ssltest.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h -ssltest.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h -ssltest.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -ssltest.o: ../include/openssl/tls1.h ../include/openssl/x509.h -ssltest.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h ssltest.c +ssltest.o: ../include/openssl/evp.h ../include/openssl/fips.h +ssltest.o: ../include/openssl/hmac.h ../include/openssl/kssl.h +ssltest.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h +ssltest.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h +ssltest.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +ssltest.o: ../include/openssl/pem.h ../include/openssl/pem2.h +ssltest.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h +ssltest.o: ../include/openssl/pqueue.h ../include/openssl/rand.h +ssltest.o: ../include/openssl/rsa.h ../include/openssl/safestack.h +ssltest.o: ../include/openssl/sha.h ../include/openssl/ssl.h +ssltest.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h +ssltest.o: ../include/openssl/ssl3.h ../include/openssl/stack.h +ssltest.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h +ssltest.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h +ssltest.o: ../include/openssl/x509v3.h ssltest.c diff --git a/lib/libssl/src/test/tests.com b/lib/libssl/src/test/tests.com index 056082e7fe7..88a33d0531b 100644 --- a/lib/libssl/src/test/tests.com +++ b/lib/libssl/src/test/tests.com @@ -25,7 +25,7 @@ $ tests := - test_rand,test_bn,test_ec,test_ecdsa,test_ecdh,- test_enc,test_x509,test_rsa,test_crl,test_sid,- test_gen,test_req,test_pkcs7,test_verify,test_dh,test_dsa,- - test_ss,test_ca,test_engine,test_evp,test_ssl + test_ss,test_ca,test_engine,test_evp,test_ssl,test_ige,test_jpake $ endif $ tests = f$edit(tests,"COLLAPSE") $ @@ -57,6 +57,8 @@ $ SSLTEST := ssltest $ RSATEST := rsa_test $ ENGINETEST := enginetest $ EVPTEST := evp_test +$ IGETEST := igetest +$ JPAKETEST := jpaketest $ $ tests_i = 0 $ loop_tests: @@ -250,6 +252,14 @@ $ test_rd: $ write sys$output "test Rijndael" $ !mcr 'texe_dir''rdtest' $ return +$ test_ige: +$ write sys$output "Test IGE mode" +$ mcr 'texe_dir''igetest' +$ return +$ test_jpake: +$ write sys$output "Test JPAKE" +$ mcr 'texe_dir''jpaketest' +$ return $ $ $ exit: diff --git a/lib/libssl/src/util/libeay.num b/lib/libssl/src/util/libeay.num index 62664f3c374..0eb54ddc891 100644 --- a/lib/libssl/src/util/libeay.num +++ b/lib/libssl/src/util/libeay.num @@ -2804,12 +2804,12 @@ OPENSSL_cleanse 3245 EXIST::FUNCTION: ENGINE_setup_bsd_cryptodev 3246 EXIST:__FreeBSD__:FUNCTION:ENGINE ERR_release_err_state_table 3247 EXIST::FUNCTION:LHASH EVP_aes_128_cfb8 3248 EXIST::FUNCTION:AES -FIPS_corrupt_rsa 3249 NOEXIST::FUNCTION: -FIPS_selftest_des 3250 NOEXIST::FUNCTION: +FIPS_corrupt_rsa 3249 EXIST:OPENSSL_FIPS:FUNCTION: +FIPS_selftest_des 3250 EXIST:OPENSSL_FIPS:FUNCTION: EVP_aes_128_cfb1 3251 EXIST::FUNCTION:AES EVP_aes_192_cfb8 3252 EXIST::FUNCTION:AES -FIPS_mode_set 3253 NOEXIST::FUNCTION: -FIPS_selftest_dsa 3254 NOEXIST::FUNCTION: +FIPS_mode_set 3253 EXIST:OPENSSL_FIPS:FUNCTION: +FIPS_selftest_dsa 3254 EXIST:OPENSSL_FIPS:FUNCTION: EVP_aes_256_cfb8 3255 EXIST::FUNCTION:AES FIPS_allow_md5 3256 NOEXIST::FUNCTION: DES_ede3_cfb_encrypt 3257 EXIST::FUNCTION:DES @@ -2817,44 +2817,44 @@ EVP_des_ede3_cfb8 3258 EXIST::FUNCTION:DES FIPS_rand_seeded 3259 NOEXIST::FUNCTION: AES_cfbr_encrypt_block 3260 EXIST::FUNCTION:AES AES_cfb8_encrypt 3261 EXIST::FUNCTION:AES -FIPS_rand_seed 3262 NOEXIST::FUNCTION: -FIPS_corrupt_des 3263 NOEXIST::FUNCTION: +FIPS_rand_seed 3262 EXIST:OPENSSL_FIPS:FUNCTION: +FIPS_corrupt_des 3263 EXIST:OPENSSL_FIPS:FUNCTION: EVP_aes_192_cfb1 3264 EXIST::FUNCTION:AES -FIPS_selftest_aes 3265 NOEXIST::FUNCTION: +FIPS_selftest_aes 3265 EXIST:OPENSSL_FIPS:FUNCTION: FIPS_set_prng_key 3266 NOEXIST::FUNCTION: EVP_des_cfb8 3267 EXIST::FUNCTION:DES -FIPS_corrupt_dsa 3268 NOEXIST::FUNCTION: +FIPS_corrupt_dsa 3268 EXIST:OPENSSL_FIPS:FUNCTION: FIPS_test_mode 3269 NOEXIST::FUNCTION: -FIPS_rand_method 3270 NOEXIST::FUNCTION: +FIPS_rand_method 3270 EXIST:OPENSSL_FIPS:FUNCTION: EVP_aes_256_cfb1 3271 EXIST::FUNCTION:AES -ERR_load_FIPS_strings 3272 NOEXIST::FUNCTION: -FIPS_corrupt_aes 3273 NOEXIST::FUNCTION: -FIPS_selftest_sha1 3274 NOEXIST::FUNCTION: -FIPS_selftest_rsa 3275 NOEXIST::FUNCTION: -FIPS_corrupt_sha1 3276 NOEXIST::FUNCTION: +ERR_load_FIPS_strings 3272 EXIST:OPENSSL_FIPS:FUNCTION: +FIPS_corrupt_aes 3273 EXIST:OPENSSL_FIPS:FUNCTION: +FIPS_selftest_sha1 3274 EXIST:OPENSSL_FIPS:FUNCTION: +FIPS_selftest_rsa 3275 EXIST:OPENSSL_FIPS:FUNCTION: +FIPS_corrupt_sha1 3276 EXIST:OPENSSL_FIPS:FUNCTION: EVP_des_cfb1 3277 EXIST::FUNCTION:DES FIPS_dsa_check 3278 NOEXIST::FUNCTION: AES_cfb1_encrypt 3279 EXIST::FUNCTION:AES EVP_des_ede3_cfb1 3280 EXIST::FUNCTION:DES -FIPS_rand_check 3281 NOEXIST::FUNCTION: +FIPS_rand_check 3281 EXIST:OPENSSL_FIPS:FUNCTION: FIPS_md5_allowed 3282 NOEXIST::FUNCTION: -FIPS_mode 3283 NOEXIST::FUNCTION: -FIPS_selftest_failed 3284 NOEXIST::FUNCTION: +FIPS_mode 3283 EXIST:OPENSSL_FIPS:FUNCTION: +FIPS_selftest_failed 3284 EXIST:OPENSSL_FIPS:FUNCTION: sk_is_sorted 3285 EXIST::FUNCTION: X509_check_ca 3286 EXIST::FUNCTION: -private_idea_set_encrypt_key 3287 NOEXIST::FUNCTION: +private_idea_set_encrypt_key 3287 EXIST:OPENSSL_FIPS:FUNCTION:IDEA HMAC_CTX_set_flags 3288 EXIST::FUNCTION:HMAC -private_SHA_Init 3289 NOEXIST::FUNCTION: -private_CAST_set_key 3290 NOEXIST::FUNCTION: -private_RIPEMD160_Init 3291 NOEXIST::FUNCTION: -private_RC5_32_set_key 3292 NOEXIST::FUNCTION: -private_MD5_Init 3293 NOEXIST::FUNCTION: -private_RC4_set_key 3294 NOEXIST::FUNCTION: -private_MDC2_Init 3295 NOEXIST::FUNCTION: -private_RC2_set_key 3296 NOEXIST::FUNCTION: -private_MD4_Init 3297 NOEXIST::FUNCTION: -private_BF_set_key 3298 NOEXIST::FUNCTION: -private_MD2_Init 3299 NOEXIST::FUNCTION: +private_SHA_Init 3289 EXIST:OPENSSL_FIPS:FUNCTION:SHA,SHA0 +private_CAST_set_key 3290 EXIST:OPENSSL_FIPS:FUNCTION:CAST +private_RIPEMD160_Init 3291 EXIST:OPENSSL_FIPS:FUNCTION:RIPEMD +private_RC5_32_set_key 3292 EXIST:OPENSSL_FIPS:FUNCTION:RC5 +private_MD5_Init 3293 EXIST:OPENSSL_FIPS:FUNCTION:MD5 +private_RC4_set_key 3294 EXIST:OPENSSL_FIPS:FUNCTION:RC4 +private_MDC2_Init 3295 EXIST:OPENSSL_FIPS:FUNCTION:MDC2 +private_RC2_set_key 3296 EXIST:OPENSSL_FIPS:FUNCTION:RC2 +private_MD4_Init 3297 EXIST:OPENSSL_FIPS:FUNCTION:MD4 +private_BF_set_key 3298 EXIST:OPENSSL_FIPS:FUNCTION:BF +private_MD2_Init 3299 EXIST:OPENSSL_FIPS:FUNCTION:MD2 d2i_PROXY_CERT_INFO_EXTENSION 3300 EXIST::FUNCTION: PROXY_POLICY_it 3301 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: PROXY_POLICY_it 3301 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: @@ -2868,13 +2868,13 @@ PROXY_CERT_INFO_EXTENSION_it 3307 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTI PROXY_POLICY_free 3308 EXIST::FUNCTION: PROXY_POLICY_new 3309 EXIST::FUNCTION: BN_MONT_CTX_set_locked 3310 EXIST::FUNCTION: -FIPS_selftest_rng 3311 NOEXIST::FUNCTION: +FIPS_selftest_rng 3311 EXIST:OPENSSL_FIPS:FUNCTION: EVP_sha384 3312 EXIST::FUNCTION:SHA,SHA512 EVP_sha512 3313 EXIST::FUNCTION:SHA,SHA512 EVP_sha224 3314 EXIST::FUNCTION:SHA,SHA256 EVP_sha256 3315 EXIST::FUNCTION:SHA,SHA256 -FIPS_selftest_hmac 3316 NOEXIST::FUNCTION: -FIPS_corrupt_rng 3317 NOEXIST::FUNCTION: +FIPS_selftest_hmac 3316 EXIST:OPENSSL_FIPS:FUNCTION: +FIPS_corrupt_rng 3317 EXIST:OPENSSL_FIPS:FUNCTION: BN_mod_exp_mont_consttime 3318 EXIST::FUNCTION: RSA_X931_hash_id 3319 EXIST::FUNCTION:RSA RSA_padding_check_X931 3320 EXIST::FUNCTION:RSA @@ -2882,7 +2882,7 @@ RSA_verify_PKCS1_PSS 3321 EXIST::FUNCTION:RSA RSA_padding_add_X931 3322 EXIST::FUNCTION:RSA RSA_padding_add_PKCS1_PSS 3323 EXIST::FUNCTION:RSA PKCS1_MGF1 3324 EXIST::FUNCTION:RSA -BN_X931_generate_Xpq 3325 NOEXIST::FUNCTION: +BN_X931_generate_Xpq 3325 EXIST::FUNCTION: RSA_X931_generate_key 3326 NOEXIST::FUNCTION: BN_X931_derive_prime 3327 NOEXIST::FUNCTION: BN_X931_generate_prime 3328 NOEXIST::FUNCTION: @@ -3652,51 +3652,75 @@ CMS_set1_eContentType 4040 EXIST::FUNCTION:CMS CMS_ReceiptRequest_create0 4041 EXIST::FUNCTION:CMS CMS_add1_signer 4042 EXIST::FUNCTION:CMS CMS_RecipientInfo_set0_pkey 4043 EXIST::FUNCTION:CMS -ENGINE_set_load_ssl_client_cert_function 4044 EXIST::FUNCTION:ENGINE -ENGINE_get_ssl_client_cert_function 4045 EXIST::FUNCTION:ENGINE +ENGINE_set_load_ssl_client_cert_function 4044 EXIST:!VMS:FUNCTION:ENGINE +ENGINE_set_ld_ssl_clnt_cert_fn 4044 EXIST:VMS:FUNCTION:ENGINE +ENGINE_get_ssl_client_cert_function 4045 EXIST:!VMS:FUNCTION:ENGINE +ENGINE_get_ssl_client_cert_fn 4045 EXIST:VMS:FUNCTION:ENGINE ENGINE_load_ssl_client_cert 4046 EXIST::FUNCTION:ENGINE ENGINE_load_capi 4047 EXIST::FUNCTION:CAPIENG,ENGINE OPENSSL_isservice 4048 EXIST::FUNCTION: -FIPS_dsa_sig_decode 4049 NOEXIST::FUNCTION: -EVP_CIPHER_CTX_clear_flags 4050 NOEXIST::FUNCTION: -FIPS_rand_status 4051 NOEXIST::FUNCTION: -FIPS_rand_set_key 4052 NOEXIST::FUNCTION: -CRYPTO_set_mem_info_functions 4053 NOEXIST::FUNCTION: -RSA_X931_generate_key_ex 4054 NOEXIST::FUNCTION: -int_ERR_set_state_func 4055 NOEXIST::FUNCTION: -int_EVP_MD_set_engine_callbacks 4056 NOEXIST::FUNCTION: -int_CRYPTO_set_do_dynlock_callback 4057 NOEXIST::FUNCTION: -FIPS_rng_stick 4058 NOEXIST::FUNCTION: -EVP_CIPHER_CTX_set_flags 4059 NOEXIST::FUNCTION: -BN_X931_generate_prime_ex 4060 NOEXIST::FUNCTION: -FIPS_selftest_check 4061 NOEXIST::FUNCTION: -FIPS_rand_set_dt 4062 NOEXIST::FUNCTION: -CRYPTO_dbg_pop_info 4063 NOEXIST::FUNCTION: -FIPS_dsa_free 4064 NOEXIST::FUNCTION: -RSA_X931_derive_ex 4065 NOEXIST::FUNCTION: -FIPS_rsa_new 4066 NOEXIST::FUNCTION: -FIPS_rand_bytes 4067 NOEXIST::FUNCTION: -fips_cipher_test 4068 NOEXIST::FUNCTION: -EVP_CIPHER_CTX_test_flags 4069 NOEXIST::FUNCTION: -CRYPTO_malloc_debug_init 4070 NOEXIST::FUNCTION: -CRYPTO_dbg_push_info 4071 NOEXIST::FUNCTION: -FIPS_corrupt_rsa_keygen 4072 NOEXIST::FUNCTION: -FIPS_dh_new 4073 NOEXIST::FUNCTION: -FIPS_corrupt_dsa_keygen 4074 NOEXIST::FUNCTION: -FIPS_dh_free 4075 NOEXIST::FUNCTION: -fips_pkey_signature_test 4076 NOEXIST::FUNCTION: -EVP_add_alg_module 4077 NOEXIST::FUNCTION: -int_RAND_init_engine_callbacks 4078 NOEXIST::FUNCTION: -int_EVP_CIPHER_set_engine_callbacks 4079 NOEXIST::FUNCTION: -int_EVP_MD_init_engine_callbacks 4080 NOEXIST::FUNCTION: -FIPS_rand_test_mode 4081 NOEXIST::FUNCTION: -FIPS_rand_reset 4082 NOEXIST::FUNCTION: -FIPS_dsa_new 4083 NOEXIST::FUNCTION: -int_RAND_set_callbacks 4084 NOEXIST::FUNCTION: -BN_X931_derive_prime_ex 4085 NOEXIST::FUNCTION: -int_ERR_lib_init 4086 NOEXIST::FUNCTION: -int_EVP_CIPHER_init_engine_callbacks 4087 NOEXIST::FUNCTION: -FIPS_rsa_free 4088 NOEXIST::FUNCTION: -FIPS_dsa_sig_encode 4089 NOEXIST::FUNCTION: -CRYPTO_dbg_remove_all_info 4090 NOEXIST::FUNCTION: -OPENSSL_init 4091 NOEXIST::FUNCTION: +FIPS_dsa_sig_decode 4049 EXIST:OPENSSL_FIPS:FUNCTION:DSA +EVP_CIPHER_CTX_clear_flags 4050 EXIST::FUNCTION: +FIPS_rand_status 4051 EXIST:OPENSSL_FIPS:FUNCTION: +FIPS_rand_set_key 4052 EXIST:OPENSSL_FIPS:FUNCTION: +CRYPTO_set_mem_info_functions 4053 EXIST::FUNCTION: +RSA_X931_generate_key_ex 4054 EXIST::FUNCTION:RSA +int_ERR_set_state_func 4055 EXIST:OPENSSL_FIPS:FUNCTION: +int_EVP_MD_set_engine_callbacks 4056 EXIST:OPENSSL_FIPS:FUNCTION:ENGINE +int_CRYPTO_set_do_dynlock_callback 4057 EXIST::FUNCTION: +FIPS_rng_stick 4058 EXIST:OPENSSL_FIPS:FUNCTION: +EVP_CIPHER_CTX_set_flags 4059 EXIST::FUNCTION: +BN_X931_generate_prime_ex 4060 EXIST::FUNCTION: +FIPS_selftest_check 4061 EXIST:OPENSSL_FIPS:FUNCTION: +FIPS_rand_set_dt 4062 EXIST:OPENSSL_FIPS:FUNCTION: +CRYPTO_dbg_pop_info 4063 EXIST::FUNCTION: +FIPS_dsa_free 4064 EXIST:OPENSSL_FIPS:FUNCTION:DSA +RSA_X931_derive_ex 4065 EXIST::FUNCTION:RSA +FIPS_rsa_new 4066 EXIST:OPENSSL_FIPS:FUNCTION:RSA +FIPS_rand_bytes 4067 EXIST:OPENSSL_FIPS:FUNCTION: +fips_cipher_test 4068 EXIST:OPENSSL_FIPS:FUNCTION: +EVP_CIPHER_CTX_test_flags 4069 EXIST::FUNCTION: +CRYPTO_malloc_debug_init 4070 EXIST::FUNCTION: +CRYPTO_dbg_push_info 4071 EXIST::FUNCTION: +FIPS_corrupt_rsa_keygen 4072 EXIST:OPENSSL_FIPS:FUNCTION: +FIPS_dh_new 4073 EXIST:OPENSSL_FIPS:FUNCTION:DH +FIPS_corrupt_dsa_keygen 4074 EXIST:OPENSSL_FIPS:FUNCTION: +FIPS_dh_free 4075 EXIST:OPENSSL_FIPS:FUNCTION:DH +fips_pkey_signature_test 4076 EXIST:OPENSSL_FIPS:FUNCTION: +EVP_add_alg_module 4077 EXIST::FUNCTION: +int_RAND_init_engine_callbacks 4078 EXIST:OPENSSL_FIPS:FUNCTION:ENGINE +int_EVP_CIPHER_set_engine_callbacks 4079 EXIST:OPENSSL_FIPS:FUNCTION:ENGINE +int_EVP_MD_init_engine_callbacks 4080 EXIST:OPENSSL_FIPS:FUNCTION:ENGINE +FIPS_rand_test_mode 4081 EXIST:OPENSSL_FIPS:FUNCTION: +FIPS_rand_reset 4082 EXIST:OPENSSL_FIPS:FUNCTION: +FIPS_dsa_new 4083 EXIST:OPENSSL_FIPS:FUNCTION:DSA +int_RAND_set_callbacks 4084 EXIST:OPENSSL_FIPS:FUNCTION:ENGINE +BN_X931_derive_prime_ex 4085 EXIST::FUNCTION: +int_ERR_lib_init 4086 EXIST:OPENSSL_FIPS:FUNCTION: +int_EVP_CIPHER_init_engine_callbacks 4087 EXIST:OPENSSL_FIPS:FUNCTION:ENGINE +FIPS_rsa_free 4088 EXIST:OPENSSL_FIPS:FUNCTION:RSA +FIPS_dsa_sig_encode 4089 EXIST:OPENSSL_FIPS:FUNCTION:DSA +CRYPTO_dbg_remove_all_info 4090 EXIST::FUNCTION: +OPENSSL_init 4091 EXIST::FUNCTION: +private_Camellia_set_key 4092 EXIST:OPENSSL_FIPS:FUNCTION:CAMELLIA +CRYPTO_strdup 4093 EXIST::FUNCTION: +JPAKE_STEP3A_process 4094 EXIST::FUNCTION:JPAKE +JPAKE_STEP1_release 4095 EXIST::FUNCTION:JPAKE +JPAKE_get_shared_key 4096 EXIST::FUNCTION:JPAKE +JPAKE_STEP3B_init 4097 EXIST::FUNCTION:JPAKE +JPAKE_STEP1_generate 4098 EXIST::FUNCTION:JPAKE +JPAKE_STEP1_init 4099 EXIST::FUNCTION:JPAKE +JPAKE_STEP3B_process 4100 EXIST::FUNCTION:JPAKE +JPAKE_STEP2_generate 4101 EXIST::FUNCTION:JPAKE +JPAKE_CTX_new 4102 EXIST::FUNCTION:JPAKE +JPAKE_CTX_free 4103 EXIST::FUNCTION:JPAKE +JPAKE_STEP3B_release 4104 EXIST::FUNCTION:JPAKE +JPAKE_STEP3A_release 4105 EXIST::FUNCTION:JPAKE +JPAKE_STEP2_process 4106 EXIST::FUNCTION:JPAKE +JPAKE_STEP3B_generate 4107 EXIST::FUNCTION:JPAKE +JPAKE_STEP1_process 4108 EXIST::FUNCTION:JPAKE +JPAKE_STEP3A_generate 4109 EXIST::FUNCTION:JPAKE +JPAKE_STEP2_release 4110 EXIST::FUNCTION:JPAKE +JPAKE_STEP3A_init 4111 EXIST::FUNCTION:JPAKE +ERR_load_JPAKE_strings 4112 EXIST::FUNCTION:JPAKE +JPAKE_STEP2_init 4113 EXIST::FUNCTION:JPAKE diff --git a/lib/libssl/src/util/mk1mf.pl b/lib/libssl/src/util/mk1mf.pl index 7ba804ce33a..4c16f1dc9ee 100644 --- a/lib/libssl/src/util/mk1mf.pl +++ b/lib/libssl/src/util/mk1mf.pl @@ -15,6 +15,18 @@ my $engines = ""; local $zlib_opt = 0; # 0 = no zlib, 1 = static, 2 = dynamic local $zlib_lib = ""; +local $fips_canister_path = ""; +my $fips_premain_dso_exe_path = ""; +my $fips_premain_c_path = ""; +my $fips_sha1_exe_path = ""; + +local $fipscanisterbuild = 0; +local $fipsdso = 0; + +my $fipslibdir = ""; +my $baseaddr = ""; + +my $ex_l_libs = ""; open(IN,"<Makefile") || die "unable to open Makefile!\n"; while(<IN>) { @@ -221,6 +233,7 @@ $cflags.=" -DOPENSSL_NO_SSL2" if $no_ssl2; $cflags.=" -DOPENSSL_NO_SSL3" if $no_ssl3; $cflags.=" -DOPENSSL_NO_TLSEXT" if $no_tlsext; $cflags.=" -DOPENSSL_NO_CMS" if $no_cms; +$cflags.=" -DOPENSSL_NO_JPAKE" if $no_jpake; $cflags.=" -DOPENSSL_NO_CAPIENG" if $no_capieng; $cflags.=" -DOPENSSL_NO_ERR" if $no_err; $cflags.=" -DOPENSSL_NO_KRB5" if $no_krb5; @@ -229,7 +242,7 @@ $cflags.=" -DOPENSSL_NO_ECDSA" if $no_ecdsa; $cflags.=" -DOPENSSL_NO_ECDH" if $no_ecdh; $cflags.=" -DOPENSSL_NO_ENGINE" if $no_engine; $cflags.=" -DOPENSSL_NO_HW" if $no_hw; - +$cflags.=" -DOPENSSL_FIPS" if $fips; $cflags.= " -DZLIB" if $zlib_opt; $cflags.= " -DZLIB_SHARED" if $zlib_opt == 2; @@ -251,9 +264,9 @@ else $ex_libs="$l_flags$ex_libs" if ($l_flags ne ""); - %shlib_ex_cflags=("SSL" => " -DOPENSSL_BUILD_SHLIBSSL", - "CRYPTO" => " -DOPENSSL_BUILD_SHLIBCRYPTO"); + "CRYPTO" => " -DOPENSSL_BUILD_SHLIBCRYPTO", + "FIPS" => " -DOPENSSL_BUILD_SHLIBCRYPTO"); if ($msdos) { @@ -281,11 +294,21 @@ for (;;) { if ($lib ne "") { - $uc=$lib; - $uc =~ s/^lib(.*)\.a/$1/; - $uc =~ tr/a-z/A-Z/; - $lib_nam{$uc}=$uc; - $lib_obj{$uc}.=$libobj." "; + if ($fips && $dir =~ /^fips/) + { + $uc = "FIPS"; + } + else + { + $uc=$lib; + $uc =~ s/^lib(.*)\.a/$1/; + $uc =~ tr/a-z/A-Z/; + } + if (($uc ne "FIPS") || $fipscanisterbuild) + { + $lib_nam{$uc}=$uc; + $lib_obj{$uc}.=$libobj." "; + } } last if ($val eq "FINISHED"); $lib=""; @@ -328,11 +351,130 @@ for (;;) if ($key eq "LIBNAMES" && $dir eq "engines" && $no_static_engine) { $engines.=$val } + if ($key eq "FIPS_EX_OBJ") + { + $fips_ex_obj=&var_add("crypto",$val,0); + } + + if ($key eq "FIPSLIBDIR") + { + $fipslibdir=$val; + $fipslibdir =~ s/\/$//; + $fipslibdir =~ s/\//$o/g; + } + + if ($key eq "BASEADDR") + { $baseaddr=$val;} + if (!($_=<IN>)) { $_="RELATIVE_DIRECTORY=FINISHED\n"; } } close(IN); +if ($fips) + { + + foreach (split " ", $fips_ex_obj) + { + $fips_exclude_obj{$1} = 1 if (/\/([^\/]*)$/); + } + + $fips_exclude_obj{"cpu_win32"} = 1; + $fips_exclude_obj{"bn_asm"} = 1; + $fips_exclude_obj{"des_enc"} = 1; + $fips_exclude_obj{"fcrypt_b"} = 1; + $fips_exclude_obj{"aes_core"} = 1; + $fips_exclude_obj{"aes_cbc"} = 1; + + my @ltmp = split " ", $lib_obj{"CRYPTO"}; + + + $lib_obj{"CRYPTO"} = ""; + + foreach(@ltmp) + { + if (/\/([^\/]*)$/ && exists $fips_exclude_obj{$1}) + { + if ($fipscanisterbuild) + { + $lib_obj{"FIPS"} .= "$_ "; + } + } + else + { + $lib_obj{"CRYPTO"} .= "$_ "; + } + } + + } + +if ($fipscanisterbuild) + { + $fips_canister_path = "\$(LIB_D)${o}fipscanister.lib" if $fips_canister_path eq ""; + $fips_premain_c_path = "\$(LIB_D)${o}fips_premain.c"; + } +else + { + if ($fips_canister_path eq "") + { + $fips_canister_path = "\$(FIPSLIB_D)${o}fipscanister.lib"; + } + + if ($fips_premain_c_path eq "") + { + $fips_premain_c_path = "\$(FIPSLIB_D)${o}fips_premain.c"; + } + } + +if ($fips) + { + if ($fips_sha1_exe_path eq "") + { + $fips_sha1_exe_path = + "\$(BIN_D)${o}fips_standalone_sha1$exep"; + } + } + else + { + $fips_sha1_exe_path = ""; + } + +if ($fips_premain_dso_exe_path eq "") + { + $fips_premain_dso_exe_path = "\$(BIN_D)${o}fips_premain_dso$exep"; + } + +# $ex_build_targets .= "\$(BIN_D)${o}\$(E_PREMAIN_DSO)$exep" if ($fips); + +#$ex_l_libs .= " \$(L_FIPS)" if $fipsdso; + +if ($fips) + { + if (!$shlib) + { + $ex_build_targets .= " \$(LIB_D)$o$crypto_compat \$(PREMAIN_DSO_EXE)"; + $ex_l_libs .= " \$(O_FIPSCANISTER)"; + $ex_libs_dep .= " \$(O_FIPSCANISTER)" if $fipscanisterbuild; + } + if ($fipscanisterbuild) + { + $fipslibdir = "\$(LIB_D)"; + } + else + { + if ($fipslibdir eq "") + { + open (IN, "util/fipslib_path.txt") || fipslib_error(); + $fipslibdir = <IN>; + chomp $fipslibdir; + close IN; + } + fips_check_files($fipslibdir, + "fipscanister.lib", "fipscanister.lib.sha1", + "fips_premain.c", "fips_premain.c.sha1"); + } + } + if ($shlib) { $extra_install= <<"EOF"; @@ -398,6 +540,7 @@ SRC_D=$src_dir LINK=$link LFLAGS=$lflags RSC=$rsc +FIPSLINK=\$(PERL) util${o}fipslink.pl AES_ASM_OBJ=$aes_asm_obj AES_ASM_SRC=$aes_asm_src @@ -441,6 +584,17 @@ MKLIB=$bin_dir$mklib MLFLAGS=$mlflags ASM=$bin_dir$asm +# FIPS validated module and support file locations + +E_PREMAIN_DSO=fips_premain_dso + +FIPSLIB_D=$fipslibdir +BASEADDR=$baseaddr +FIPS_PREMAIN_SRC=$fips_premain_c_path +O_FIPSCANISTER=$fips_canister_path +FIPS_SHA1_EXE=$fips_sha1_exe_path +PREMAIN_DSO_EXE=$fips_premain_dso_exe_path + ###################################################### # You should not need to touch anything below this point ###################################################### @@ -448,6 +602,7 @@ ASM=$bin_dir$asm E_EXE=openssl SSL=$ssl CRYPTO=$crypto +LIBFIPS=libosslfips # BIN_D - Binary output directory # TEST_D - Binary test file output directory @@ -468,12 +623,14 @@ INCL_D=\$(TMP_D) O_SSL= \$(LIB_D)$o$plib\$(SSL)$shlibp O_CRYPTO= \$(LIB_D)$o$plib\$(CRYPTO)$shlibp +O_FIPS= \$(LIB_D)$o$plib\$(LIBFIPS)$shlibp SO_SSL= $plib\$(SSL)$so_shlibp SO_CRYPTO= $plib\$(CRYPTO)$so_shlibp L_SSL= \$(LIB_D)$o$plib\$(SSL)$libp L_CRYPTO= \$(LIB_D)$o$plib\$(CRYPTO)$libp +L_FIPS= \$(LIB_D)$o$plib\$(LIBFIPS)$libp -L_LIBS= \$(L_SSL) \$(L_CRYPTO) +L_LIBS= \$(L_SSL) \$(L_CRYPTO) $ex_l_libs ###################################################### # Don't touch anything below this point @@ -483,13 +640,13 @@ INC=-I\$(INC_D) -I\$(INCL_D) APP_CFLAGS=\$(INC) \$(CFLAG) \$(APP_CFLAG) LIB_CFLAGS=\$(INC) \$(CFLAG) \$(LIB_CFLAG) SHLIB_CFLAGS=\$(INC) \$(CFLAG) \$(LIB_CFLAG) \$(SHLIB_CFLAG) -LIBS_DEP=\$(O_CRYPTO) \$(O_SSL) +LIBS_DEP=\$(O_CRYPTO) \$(O_SSL) $ex_libs_dep ############################################# EOF $rules=<<"EOF"; -all: banner \$(TMP_D) \$(BIN_D) \$(TEST_D) \$(LIB_D) \$(INCO_D) headers lib exe +all: banner \$(TMP_D) \$(BIN_D) \$(TEST_D) \$(LIB_D) \$(INCO_D) headers \$(FIPS_SHA1_EXE) lib exe $ex_build_targets banner: $banner @@ -604,6 +761,26 @@ $rules.=&do_compile_rule("\$(OBJ_D)",$test,"\$(APP_CFLAGS)"); $defs.=&do_defs("E_OBJ",$e_exe,"\$(OBJ_D)",$obj); $rules.=&do_compile_rule("\$(OBJ_D)",$e_exe,'-DMONOLITH $(APP_CFLAGS)'); +# Special case rules for fips_start and fips_end fips_premain_dso + +if ($fips) + { + if ($fipscanisterbuild) + { + $rules.=&cc_compile_target("\$(OBJ_D)${o}fips_start$obj", + "fips${o}fips_canister.c", + "-DFIPS_START \$(SHLIB_CFLAGS)"); + $rules.=&cc_compile_target("\$(OBJ_D)${o}fips_end$obj", + "fips${o}fips_canister.c", "\$(SHLIB_CFLAGS)"); + } + $rules.=&cc_compile_target("\$(OBJ_D)${o}fips_standalone_sha1$obj", + "fips${o}sha${o}fips_standalone_sha1.c", + "\$(SHLIB_CFLAGS)"); + $rules.=&cc_compile_target("\$(OBJ_D)${o}\$(E_PREMAIN_DSO)$obj", + "fips${o}fips_premain.c", + "-DFINGERPRINT_PREMAIN_DSO_LOAD \$(SHLIB_CFLAGS)"); + } + foreach (values %lib_nam) { $lib_obj=$lib_obj{$_}; @@ -614,27 +791,41 @@ foreach (values %lib_nam) $rules.="\$(O_SSL):\n\n"; next; } - if (($aes_asm_obj ne "") && ($_ eq "CRYPTO")) - { - $lib_obj =~ s/\s(\S*\/aes_core\S*)/ \$(AES_ASM_OBJ)/; - $lib_obj =~ s/\s\S*\/aes_cbc\S*//; - $rules.=&do_asm_rule($aes_asm_obj,$aes_asm_src); - } - if (($bn_asm_obj ne "") && ($_ eq "CRYPTO")) - { - $lib_obj =~ s/\s\S*\/bn_asm\S*/ \$(BN_ASM_OBJ)/; - $rules.=&do_asm_rule($bn_asm_obj,$bn_asm_src); - } - if (($bnco_asm_obj ne "") && ($_ eq "CRYPTO")) - { - $lib_obj .= "\$(BNCO_ASM_OBJ)"; - $rules.=&do_asm_rule($bnco_asm_obj,$bnco_asm_src); - } - if (($des_enc_obj ne "") && ($_ eq "CRYPTO")) + + if ((!$fips && ($_ eq "CRYPTO")) || ($fips && ($_ eq "FIPS"))) { - $lib_obj =~ s/\s\S*des_enc\S*/ \$(DES_ENC_OBJ)/; - $lib_obj =~ s/\s\S*\/fcrypt_b\S*\s*/ /; - $rules.=&do_asm_rule($des_enc_obj,$des_enc_src); + if ($cpuid_asm_obj ne "") + { + $lib_obj =~ s/(\S*\/cryptlib\S*)/$1 \$(CPUID_ASM_OBJ)/; + $rules.=&do_asm_rule($cpuid_asm_obj,$cpuid_asm_src); + } + if ($aes_asm_obj ne "") + { + $lib_obj =~ s/\s(\S*\/aes_core\S*)/ \$(AES_ASM_OBJ)/; + $lib_obj =~ s/\s\S*\/aes_cbc\S*//; + $rules.=&do_asm_rule($aes_asm_obj,$aes_asm_src); + } + if ($sha1_asm_obj ne "") + { + $lib_obj =~ s/\s(\S*\/sha1dgst\S*)/ $1 \$(SHA1_ASM_OBJ)/; + $rules.=&do_asm_rule($sha1_asm_obj,$sha1_asm_src); + } + if ($bn_asm_obj ne "") + { + $lib_obj =~ s/\s\S*\/bn_asm\S*/ \$(BN_ASM_OBJ)/; + $rules.=&do_asm_rule($bn_asm_obj,$bn_asm_src); + } + if ($bnco_asm_obj ne "") + { + $lib_obj .= "\$(BNCO_ASM_OBJ)"; + $rules.=&do_asm_rule($bnco_asm_obj,$bnco_asm_src); + } + if ($des_enc_obj ne "") + { + $lib_obj =~ s/\s\S*des_enc\S*/ \$(DES_ENC_OBJ)/; + $lib_obj =~ s/\s\S*\/fcrypt_b\S*\s*/ /; + $rules.=&do_asm_rule($des_enc_obj,$des_enc_src); + } } if (($bf_enc_obj ne "") && ($_ eq "CRYPTO")) { @@ -661,21 +852,11 @@ foreach (values %lib_nam) $lib_obj =~ s/\s(\S*\/md5_dgst\S*)/ $1 \$(MD5_ASM_OBJ)/; $rules.=&do_asm_rule($md5_asm_obj,$md5_asm_src); } - if (($sha1_asm_obj ne "") && ($_ eq "CRYPTO")) - { - $lib_obj =~ s/\s(\S*\/sha1dgst\S*)/ $1 \$(SHA1_ASM_OBJ)/; - $rules.=&do_asm_rule($sha1_asm_obj,$sha1_asm_src); - } if (($rmd160_asm_obj ne "") && ($_ eq "CRYPTO")) { $lib_obj =~ s/\s(\S*\/rmd_dgst\S*)/ $1 \$(RMD160_ASM_OBJ)/; $rules.=&do_asm_rule($rmd160_asm_obj,$rmd160_asm_src); } - if (($cpuid_asm_obj ne "") && ($_ eq "CRYPTO")) - { - $lib_obj =~ s/\s(\S*\/cversion\S*)/ $1 \$(CPUID_ASM_OBJ)/; - $rules.=&do_asm_rule($cpuid_asm_obj,$cpuid_asm_src); - } $defs.=&do_defs(${_}."OBJ",$lib_obj,"\$(OBJ_D)",$obj); $lib=($slib)?" \$(SHLIB_CFLAGS)".$shlib_ex_cflags{$_}:" \$(LIB_CFLAGS)"; $rules.=&do_compile_rule("\$(OBJ_D)",$lib_obj{$_},$lib); @@ -690,15 +871,43 @@ if (($platform eq "VC-WIN32") || ($platform eq "VC-NT")) { \$(OBJ_D)\\\$(SSL).res: ms\\version32.rc \$(RSC) /fo"\$(OBJ_D)\\\$(SSL).res" /d SSL ms\\version32.rc +\$(OBJ_D)\\\$(LIBFIPS).res: ms\\version32.rc + \$(RSC) /fo"\$(OBJ_D)\\\$(LIBFIPS).res" /d FIPS ms\\version32.rc + EOF } $defs.=&do_defs("T_EXE",$test,"\$(TEST_D)",$exep); foreach (split(/\s+/,$test)) { + my $t_libs; $t=&bname($_); + my $ltype; + # Check to see if test program is FIPS + if ($fips && /fips/) + { + # If fipsdso link to libosslfips.dll + # otherwise perform static link to + # $(O_FIPSCANISTER) + if ($fipsdso) + { + $t_libs = "\$(L_FIPS)"; + $ltype = 0; + } + else + { + $t_libs = "\$(O_FIPSCANISTER)"; + $ltype = 2; + } + } + else + { + $t_libs = "\$(L_LIBS)"; + $ltype = 0; + } + $tt="\$(OBJ_D)${o}$t${obj}"; - $rules.=&do_link_rule("\$(TEST_D)$o$t$exep",$tt,"\$(LIBS_DEP)","\$(L_LIBS) \$(EX_LIBS)"); + $rules.=&do_link_rule("\$(TEST_D)$o$t$exep",$tt,"\$(LIBS_DEP)","$t_libs \$(EX_LIBS)", $ltype); } $defs.=&do_defs("E_SHLIB",$engines,"\$(ENG_D)",$shlibp); @@ -712,9 +921,69 @@ foreach (split(/\s+/,$engines)) $rules.= &do_lib_rule("\$(SSLOBJ)","\$(O_SSL)",$ssl,$shlib,"\$(SO_SSL)"); -$rules.= &do_lib_rule("\$(CRYPTOOBJ)","\$(O_CRYPTO)",$crypto,$shlib,"\$(SO_CRYPTO)"); -$rules.=&do_link_rule("\$(BIN_D)$o\$(E_EXE)$exep","\$(E_OBJ)","\$(LIBS_DEP)","\$(L_LIBS) \$(EX_LIBS)"); +if ($fips) + { + if ($shlib) + { + if ($fipsdso) + { + $rules.= &do_lib_rule("\$(CRYPTOOBJ)", + "\$(O_CRYPTO)", "$crypto", + $shlib, "", ""); + $rules.= &do_lib_rule( + "\$(O_FIPSCANISTER)", + "\$(O_FIPS)", "\$(LIBFIPS)", + $shlib, "\$(SO_CRYPTO)", "\$(BASEADDR)"); + $rules.= &do_sdef_rule(); + } + else + { + $rules.= &do_lib_rule( + "\$(CRYPTOOBJ) \$(O_FIPSCANISTER)", + "\$(O_CRYPTO)", "$crypto", + $shlib, "\$(SO_CRYPTO)", "\$(BASEADDR)"); + } + } + else + { + $rules.= &do_lib_rule("\$(CRYPTOOBJ)", + "\$(O_CRYPTO)",$crypto,$shlib,"\$(SO_CRYPTO)", ""); + $rules.= &do_lib_rule("\$(CRYPTOOBJ) \$(FIPSOBJ)", + "\$(LIB_D)$o$crypto_compat",$crypto,$shlib,"\$(SO_CRYPTO)", ""); + } + } + else + { + $rules.= &do_lib_rule("\$(CRYPTOOBJ)","\$(O_CRYPTO)",$crypto,$shlib, + "\$(SO_CRYPTO)"); + } + +if ($fips) + { + if ($fipscanisterbuild) + { + $rules.= &do_rlink_rule("\$(O_FIPSCANISTER)", + "\$(OBJ_D)${o}fips_start$obj", + "\$(FIPSOBJ)", + "\$(OBJ_D)${o}fips_end$obj", + "\$(FIPS_SHA1_EXE)", ""); + $rules.=&do_link_rule("\$(FIPS_SHA1_EXE)", + "\$(OBJ_D)${o}fips_standalone_sha1$obj \$(OBJ_D)${o}sha1dgst$obj \$(SHA1_ASM_OBJ)", + "","\$(EX_LIBS)", 1); + } + else + { + $rules.=&do_link_rule("\$(FIPS_SHA1_EXE)", + "\$(OBJ_D)${o}fips_standalone_sha1$obj \$(O_FIPSCANISTER)", + "","", 1); + + } + $rules.=&do_link_rule("\$(PREMAIN_DSO_EXE)","\$(OBJ_D)${o}\$(E_PREMAIN_DSO)$obj \$(CRYPTOOBJ) \$(O_FIPSCANISTER)","","\$(EX_LIBS)", 1); + + } + +$rules.=&do_link_rule("\$(BIN_D)$o\$(E_EXE)$exep","\$(E_OBJ)","\$(LIBS_DEP)","\$(L_LIBS) \$(EX_LIBS)", ($fips && !$shlib) ? 2 : 0); print $defs; @@ -752,6 +1021,8 @@ sub var_add return("") if $no_dh && $dir =~ /\/dh/; return("") if $no_ec && $dir =~ /\/ec/; return("") if $no_cms && $dir =~ /\/cms/; + return("") if $no_jpake && $dir =~ /\/jpake/; + return("") if !$fips && $dir =~ /^fips/; if ($no_des && $dir =~ /\/des/) { if ($val =~ /read_pwd/) @@ -1011,6 +1282,7 @@ sub read_options "no-hmac" => \$no_hmac, "no-asm" => \$no_asm, "nasm" => \$nasm, + "ml64" => \$ml64, "nw-nasm" => \$nw_nasm, "nw-mwasm" => \$nw_mwasm, "gaswin" => \$gaswin, @@ -1018,6 +1290,7 @@ sub read_options "no-ssl3" => \$no_ssl3, "no-tlsext" => \$no_tlsext, "no-cms" => \$no_cms, + "no-jpake" => \$no_jpake, "no-capieng" => \$no_capieng, "no-err" => \$no_err, "no-sock" => \$no_sock, @@ -1045,6 +1318,9 @@ sub read_options "no-shared" => 0, "no-zlib" => 0, "no-zlib-dynamic" => 0, + "fips" => \$fips, + "fipscanisterbuild" => [\$fips, \$fipscanisterbuild], + "fipsdso" => [\$fips, \$fipscanisterbuild, \$fipsdso], ); if (exists $valid_options{$_}) @@ -1086,6 +1362,18 @@ sub read_options {return 1;} return 0; } + # experimental-xxx is mostly like enable-xxx, but opensslconf.v + # will still set OPENSSL_NO_xxx unless we set OPENSSL_EXPERIMENTAL_xxx. + # (No need to fail if we don't know the algorithm -- this is for adventurous users only.) + elsif (/^experimental-/) + { + my $algo, $ALGO; + ($algo = $_) =~ s/^experimental-//; + ($ALGO = $algo) =~ tr/[a-z]/[A-Z]/; + + $xcflags="-DOPENSSL_EXPERIMENTAL_$ALGO $xcflags"; + + } elsif (/^--with-krb5-flavor=(.*)$/) { my $krb5_flavor = $1; @@ -1109,3 +1397,31 @@ sub read_options else { return(0); } return(1); } + +sub fipslib_error + { + print STDERR "***FIPS module directory sanity check failed***\n"; + print STDERR "FIPS module build failed, or was deleted\n"; + print STDERR "Please rebuild FIPS module.\n"; + exit 1; + } + +sub fips_check_files + { + my $dir = shift @_; + my $ret = 1; + if (!-d $dir) + { + print STDERR "FIPS module directory $dir does not exist\n"; + fipslib_error(); + } + foreach (@_) + { + if (!-f "$dir${o}$_") + { + print STDERR "FIPS module file $_ does not exist!\n"; + $ret = 0; + } + } + fipslib_error() if ($ret == 0); + } diff --git a/lib/libssl/src/util/mkdef.pl b/lib/libssl/src/util/mkdef.pl index 8ecfde1848a..5ae9ebb6191 100644 --- a/lib/libssl/src/util/mkdef.pl +++ b/lib/libssl/src/util/mkdef.pl @@ -79,7 +79,7 @@ my $OS2=0; my $safe_stack_def = 0; my @known_platforms = ( "__FreeBSD__", "PERL5", "NeXT", - "EXPORT_VAR_AS_FUNCTION", "ZLIB" ); + "EXPORT_VAR_AS_FUNCTION", "ZLIB", "OPENSSL_FIPS"); my @known_ossl_platforms = ( "VMS", "WIN16", "WIN32", "WINNT", "OS2" ); my @known_algorithms = ( "RC2", "RC4", "RC5", "IDEA", "DES", "BF", "CAST", "MD2", "MD4", "MD5", "SHA", "SHA0", "SHA1", @@ -102,6 +102,8 @@ my @known_algorithms = ( "RC2", "RC4", "RC5", "IDEA", "DES", "BF", "CMS", # CryptoAPI Engine "CAPIENG", + # JPAKE + "JPAKE", # Deprecated functions "DEPRECATED" ); @@ -122,7 +124,8 @@ my $no_rsa; my $no_dsa; my $no_dh; my $no_hmac=0; my $no_aes; my $no_krb5; my $no_ec; my $no_ecdsa; my $no_ecdh; my $no_engine; my $no_hw; my $no_camellia; my $no_seed; my $no_fp_api; my $no_static_engine; my $no_gmp; my $no_deprecated; -my $no_rfc3779; my $no_tlsext; my $no_cms; my $no_capieng; +my $no_rfc3779; my $no_tlsext; my $no_cms; my $no_capieng; my $no_jpake; +my $fips; foreach (@ARGV, split(/ /, $options)) @@ -144,12 +147,13 @@ foreach (@ARGV, split(/ /, $options)) } $VMS=1 if $_ eq "VMS"; $OS2=1 if $_ eq "OS2"; + $fips=1 if /^fips/; + if ($_ eq "zlib" || $_ eq "zlib-dynamic" - || $_ eq "enable-zlib-dynamic") { - $zlib = 1; + || $_ eq "enable-zlib-dynamic") { + $zlib = 1; } - $do_ssl=1 if $_ eq "ssleay"; if ($_ eq "ssl") { $do_ssl=1; @@ -209,6 +213,7 @@ foreach (@ARGV, split(/ /, $options)) elsif (/^no-tlsext$/) { $no_tlsext=1; } elsif (/^no-cms$/) { $no_cms=1; } elsif (/^no-capieng$/) { $no_capieng=1; } + elsif (/^no-jpake$/) { $no_jpake=1; } } @@ -305,6 +310,8 @@ $crypto.=" crypto/tmdiff.h"; $crypto.=" crypto/store/store.h"; $crypto.=" crypto/pqueue/pqueue.h"; $crypto.=" crypto/cms/cms.h"; +$crypto.=" crypto/jpake/jpake.h"; +$crypto.=" fips/fips.h fips/rand/fips_rand.h"; my $symhacks="crypto/symhacks.h"; @@ -1090,6 +1097,9 @@ sub is_valid if ($keyword eq "EXPORT_VAR_AS_FUNCTION" && ($VMSVAX || $W32 || $W16)) { return 1; } + if ($keyword eq "OPENSSL_FIPS" && $fips) { + return 1; + } if ($keyword eq "ZLIB" && $zlib) { return 1; } return 0; } else { @@ -1135,6 +1145,7 @@ sub is_valid if ($keyword eq "TLSEXT" && $no_tlsext) { return 0; } if ($keyword eq "CMS" && $no_cms) { return 0; } if ($keyword eq "CAPIENG" && $no_capieng) { return 0; } + if ($keyword eq "JPAKE" && $no_jpake) { return 0; } if ($keyword eq "DEPRECATED" && $no_deprecated) { return 0; } # Nothing recognise as true diff --git a/lib/libssl/src/util/mkerr.pl b/lib/libssl/src/util/mkerr.pl index 53e14ab4df9..554bebb1590 100644 --- a/lib/libssl/src/util/mkerr.pl +++ b/lib/libssl/src/util/mkerr.pl @@ -44,7 +44,8 @@ while (@ARGV) { } if($recurse) { - @source = (<crypto/*.c>, <crypto/*/*.c>, <ssl/*.c>); + @source = ( <crypto/*.c>, <crypto/*/*.c>, <ssl/*.c>, + <fips/*.c>, <fips/*/*.c>); } else { @source = @ARGV; } diff --git a/lib/libssl/src/util/mkfiles.pl b/lib/libssl/src/util/mkfiles.pl index 1282392feae..67fb8694c88 100644 --- a/lib/libssl/src/util/mkfiles.pl +++ b/lib/libssl/src/util/mkfiles.pl @@ -47,6 +47,7 @@ my @dirs = ( "crypto/x509", "crypto/x509v3", "crypto/conf", +"crypto/jpake", "crypto/txt_db", "crypto/pkcs7", "crypto/pkcs12", @@ -58,6 +59,15 @@ my @dirs = ( "crypto/store", "crypto/pqueue", "crypto/cms", +"fips", +"fips/aes", +"fips/des", +"fips/dsa", +"fips/dh", +"fips/hmac", +"fips/rand", +"fips/rsa", +"fips/sha", "ssl", "apps", "engines", diff --git a/lib/libssl/src/util/mklink.pl b/lib/libssl/src/util/mklink.pl index d9bc98aab87..eacc3278826 100644 --- a/lib/libssl/src/util/mklink.pl +++ b/lib/libssl/src/util/mklink.pl @@ -15,13 +15,21 @@ # Apart from this, this script should be able to handle even the most # pathological cases. -use Cwd; +my $pwd; +eval 'use Cwd;'; +if ($@) + { + $pwd = `pwd`; + } +else + { + $pwd = getcwd(); + } my $from = shift; my @files = @ARGV; my @from_path = split(/[\\\/]/, $from); -my $pwd = getcwd(); chomp($pwd); my @pwd_path = split(/[\\\/]/, $pwd); diff --git a/lib/libssl/src/util/pl/VC-32.pl b/lib/libssl/src/util/pl/VC-32.pl index 1e254119e6a..166785db8d3 100644 --- a/lib/libssl/src/util/pl/VC-32.pl +++ b/lib/libssl/src/util/pl/VC-32.pl @@ -4,12 +4,26 @@ # $ssl= "ssleay32"; -$crypto="libeay32"; + +if ($fips && !$shlib) + { + $crypto="libeayfips32"; + $crypto_compat = "libeaycompat32.lib"; + } +else + { + $crypto="libeay32"; + } + +if ($fipscanisterbuild) + { + $fips_canister_path = "\$(LIB_D)\\fipscanister.lib"; + } $o='\\'; $cp='$(PERL) util/copy.pl'; $mkdir='$(PERL) util/mkdir-p.pl'; -$rm='del'; +$rm='del /Q'; $zlib_lib="zlib1.lib"; @@ -96,7 +110,7 @@ else # Win32 $base_cflags=' /W3 /WX /Gs0 /GF /Gy /nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DDSO_WIN32'; $base_cflags.=' -D_CRT_SECURE_NO_DEPRECATE'; # shut up VC8 $base_cflags.=' -D_CRT_NONSTDC_NO_DEPRECATE'; # shut up VC8 - my $f = $shlib?' /MD':' /MT'; + my $f = $shlib || $fips ?' /MD':' /MT'; $lib_cflag='/Zl' if (!$shlib); # remove /DEFAULTLIBs from static lib $opt_cflags=$f.' /Ox /O2 /Ob2'; $dbg_cflags=$f.'d /Od -DDEBUG -D_DEBUG'; @@ -165,12 +179,17 @@ if ($nasm) { # pick newest version $asm=($ver gt $vew?"nasm":"nasmw")." -f win32"; $afile='-o '; +} elsif ($ml64) { + $asm='ml64 /c /Cp /Cx'; + $asm.=' /Zi' if $debug; + $afile='/Fo'; } else { $asm='ml /Cp /coff /c /Cx'; $asm.=" /Zi" if $debug; $afile='/Fo'; } +$aes_asm_obj=''; $bn_asm_obj=''; $bn_asm_src=''; $des_enc_obj=''; @@ -179,11 +198,13 @@ $bf_enc_obj=''; $bf_enc_src=''; if (!$no_asm) + { + if ($FLAVOR =~ "WIN32") { $aes_asm_obj='crypto\aes\asm\a_win32.obj'; $aes_asm_src='crypto\aes\asm\a_win32.asm'; - $bn_asm_obj='crypto\bn\asm\bn_win32.obj'; - $bn_asm_src='crypto\bn\asm\bn_win32.asm'; + $bn_asm_obj='crypto\bn\asm\bn_win32.obj crypto\bn\asm\mt_win32.obj'; + $bn_asm_src='crypto\bn\asm\bn_win32.asm crypto\bn\asm\mt_win32.asm'; $bnco_asm_obj='crypto\bn\asm\co_win32.obj'; $bnco_asm_src='crypto\bn\asm\co_win32.asm'; $des_enc_obj='crypto\des\asm\d_win32.obj crypto\des\asm\y_win32.obj'; @@ -204,12 +225,26 @@ if (!$no_asm) $rmd160_asm_src='crypto\ripemd\asm\rm_win32.asm'; $cpuid_asm_obj='crypto\cpu_win32.obj'; $cpuid_asm_src='crypto\cpu_win32.asm'; - $cflags.=" -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DAES_ASM -DBN_ASM -DOPENSSL_BN_ASM_PART_WORDS -DMD5_ASM -DSHA1_ASM -DRMD160_ASM"; + $cflags.=" -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DAES_ASM -DBN_ASM -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_BN_ASM_MONT -DMD5_ASM -DSHA1_ASM -DRMD160_ASM"; } + elsif ($FLAVOR =~ "WIN64A") + { + $aes_asm_obj='$(OBJ_D)\aes-x86_64.obj'; + $aes_asm_src='crypto\aes\asm\aes-x86_64.asm'; + $bn_asm_obj='$(OBJ_D)\x86_64-mont.obj $(OBJ_D)\bn_asm.obj'; + $bn_asm_src='crypto\bn\asm\x86_64-mont.asm'; + $sha1_asm_obj='$(OBJ_D)\sha1-x86_64.obj $(OBJ_D)\sha256-x86_64.obj $(OBJ_D)\sha512-x86_64.obj'; + $sha1_asm_src='crypto\sha\asm\sha1-x86_64.asm crypto\sha\asm\sha256-x86_64.asm crypto\sha\asm\sha512-x86_64.asm'; + $cpuid_asm_obj='$(OBJ_D)\cpuid-x86_64.obj'; + $cpuid_asm_src='crypto\cpuid-x86_64.asm'; + $cflags.=" -DOPENSSL_CPUID_OBJ -DAES_ASM -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM"; + } + } if ($shlib && $FLAVOR !~ /CE/) { $mlflags.=" $lflags /dll"; +# $cflags =~ s| /MD| /MT|; $lib_cflag=" -D_WINDLL"; $out_def="out32dll"; $tmp_def="tmp32dll"; @@ -232,8 +267,8 @@ $(INCO_D)\applink.c: ms\applink.c EXHEADER= $(EXHEADER) $(INCO_D)\applink.c LIBS_DEP=$(LIBS_DEP) $(OBJ_D)\applink.obj -CRYPTOOBJ=$(OBJ_D)\uplink.obj $(CRYPTOOBJ) ___ +$banner .= "CRYPTOOBJ=\$(OBJ_D)\\uplink.obj \$(CRYPTOOBJ)\n"; $banner.=<<'___' if ($FLAVOR =~ /WIN64/); CRYPTOOBJ=ms\uptable.obj $(CRYPTOOBJ) ___ @@ -250,26 +285,56 @@ $cflags.=" /Fd$out_def"; sub do_lib_rule { - local($objs,$target,$name,$shlib)=@_; + my($objs,$target,$name,$shlib,$ign,$base_addr) = @_; local($ret); $taget =~ s/\//$o/g if $o ne '/'; - if ($name ne "") + my $base_arg; + if ($base_addr ne "") + { + $base_arg= " /base:$base_addr"; + } + else + { + $base_arg = ""; + } + if ($target =~ /O_CRYPTO/ && $fipsdso) + { + $name = "/def:ms/libeayfips.def"; + } + elsif ($name ne "") { $name =~ tr/a-z/A-Z/; $name = "/def:ms/${name}.def"; } # $target="\$(LIB_D)$o$target"; - $ret.="$target: $objs\n"; +# $ret.="$target: $objs\n"; if (!$shlib) { # $ret.="\t\$(RM) \$(O_$Name)\n"; $ex =' '; + $ret.="$target: $objs\n"; $ret.="\t\$(MKLIB) $lfile$target @<<\n $objs $ex\n<<\n"; } else { - local($ex)=($target =~ /O_CRYPTO/)?'':' $(L_CRYPTO)'; + my $ex = ""; + if ($target =~ /O_SSL/) + { + $ex .= " \$(L_CRYPTO)"; + #$ex .= " \$(L_FIPS)" if $fipsdso; + } + my $fipstarget; + if ($fipsdso) + { + $fipstarget = "O_FIPS"; + } + else + { + $fipstarget = "O_CRYPTO"; + } + + if ($name eq "") { $ex.=' bufferoverflowu.lib' if ($FLAVOR =~ /WIN64/); @@ -290,7 +355,39 @@ sub do_lib_rule $ex.=' bufferoverflowu.lib' if ($FLAVOR =~ /WIN64/); } $ex.=" $zlib_lib" if $zlib_opt == 1 && $target =~ /O_CRYPTO/; - $ret.="\t\$(LINK) \$(MLFLAGS) $efile$target $name @<<\n \$(SHLIB_EX_OBJ) $objs $ex\n<<\n"; + + if ($fips && $target =~ /$fipstarget/) + { + $ex.= $mwex unless $fipscanisterbuild; + $ret.="$target: $objs \$(PREMAIN_DSO_EXE)"; + if ($fipsdso) + { + $ex.=" \$(OBJ_D)\\\$(LIBFIPS).res"; + $ret.=" \$(OBJ_D)\\\$(LIBFIPS).res"; + $ret.=" ms/\$(LIBFIPS).def"; + } + $ret.="\n\tSET FIPS_LINK=\$(LINK)\n"; + $ret.="\tSET FIPS_CC=\$(CC)\n"; + $ret.="\tSET FIPS_CC_ARGS=/Fo\$(OBJ_D)${o}fips_premain.obj \$(SHLIB_CFLAGS) -c\n"; + $ret.="\tSET PREMAIN_DSO_EXE=\$(PREMAIN_DSO_EXE)\n"; + $ret.="\tSET FIPS_SHA1_EXE=\$(FIPS_SHA1_EXE)\n"; + $ret.="\tSET FIPS_TARGET=$target\n"; + $ret.="\tSET FIPSLIB_D=\$(FIPSLIB_D)\n"; + $ret.="\t\$(FIPSLINK) \$(MLFLAGS) /map $base_arg $efile$target "; + $ret.="$name @<<\n \$(SHLIB_EX_OBJ) $objs "; + $ret.="\$(OBJ_D)${o}fips_premain.obj $ex\n<<\n"; + } + else + { + $ret.="$target: $objs"; + if ($target =~ /O_CRYPTO/ && $fipsdso) + { + $ret .= " \$(O_FIPS)"; + $ex .= " \$(L_FIPS)"; + } + $ret.="\n\t\$(LINK) \$(MLFLAGS) $efile$target $name @<<\n \$(SHLIB_EX_OBJ) $objs $ex\n<<\n"; + } + $ret.="\tIF EXIST \$@.manifest mt -nologo -manifest \$@.manifest -outputresource:\$@;2\n\n"; } $ret.="\n"; @@ -299,16 +396,64 @@ sub do_lib_rule sub do_link_rule { - local($target,$files,$dep_libs,$libs)=@_; + my($target,$files,$dep_libs,$libs,$standalone)=@_; local($ret,$_); - $file =~ s/\//$o/g if $o ne '/'; $n=&bname($targer); $ret.="$target: $files $dep_libs\n"; - $ret.="\t\$(LINK) \$(LFLAGS) $efile$target @<<\n"; - $ret.=" \$(APP_EX_OBJ) $files $libs\n<<\n"; - $ret.="\tIF EXIST \$@.manifest mt -nologo -manifest \$@.manifest -outputresource:\$@;1\n\n"; + if ($standalone == 1) + { + $ret.=" \$(LINK) \$(LFLAGS) $efile$target @<<\n\t"; + $ret.= "$mwex advapi32.lib " if ($files =~ /O_FIPSCANISTER/ && !$fipscanisterbuild); + $ret.="$files $libs\n<<\n"; + } + elsif ($standalone == 2) + { + $ret.="\tSET FIPS_LINK=\$(LINK)\n"; + $ret.="\tSET FIPS_CC=\$(CC)\n"; + $ret.="\tSET FIPS_CC_ARGS=/Fo\$(OBJ_D)${o}fips_premain.obj \$(SHLIB_CFLAGS) -c\n"; + $ret.="\tSET PREMAIN_DSO_EXE=\n"; + $ret.="\tSET FIPS_TARGET=$target\n"; + $ret.="\tSET FIPS_SHA1_EXE=\$(FIPS_SHA1_EXE)\n"; + $ret.="\tSET FIPSLIB_D=\$(FIPSLIB_D)\n"; + $ret.="\t\$(FIPSLINK) \$(LFLAGS) /map $efile$target @<<\n"; + $ret.="\t\$(APP_EX_OBJ) $files \$(OBJ_D)${o}fips_premain.obj $libs\n<<\n"; + } + else + { + $ret.="\t\$(LINK) \$(LFLAGS) $efile$target @<<\n"; + $ret.="\t\$(APP_EX_OBJ) $files $libs\n<<\n"; + } + $ret.="\tIF EXIST \$@.manifest mt -nologo -manifest \$@.manifest -outputresource:\$@;1\n\n"; return($ret); } +sub do_rlink_rule + { + local($target,$rl_start, $rl_mid, $rl_end,$dep_libs,$libs)=@_; + local($ret,$_); + my $files = "$rl_start $rl_mid $rl_end"; + + $file =~ s/\//$o/g if $o ne '/'; + $n=&bname($targer); + $ret.="$target: $files $dep_libs \$(FIPS_SHA1_EXE)\n"; + $ret.="\t\$(PERL) ms\\segrenam.pl \$\$a $rl_start\n"; + $ret.="\t\$(PERL) ms\\segrenam.pl \$\$b $rl_mid\n"; + $ret.="\t\$(PERL) ms\\segrenam.pl \$\$c $rl_end\n"; + $ret.="\t\$(MKLIB) $lfile$target @<<\n\t$files\n<<\n"; + $ret.="\t\$(FIPS_SHA1_EXE) $target > ${target}.sha1\n"; + $ret.="\t\$(PERL) util${o}copy.pl -stripcr fips${o}fips_premain.c \$(LIB_D)${o}fips_premain.c\n"; + $ret.="\t\$(CP) fips${o}fips_premain.c.sha1 \$(LIB_D)${o}fips_premain.c.sha1\n"; + $ret.="\n"; + return($ret); + } + +sub do_sdef_rule + { + my $ret = "ms/\$(LIBFIPS).def: \$(O_FIPSCANISTER)\n"; + $ret.="\t\$(PERL) util/mksdef.pl \$(MLFLAGS) /out:dummy.dll /def:ms/libeay32.def @<<\n \$(O_FIPSCANISTER)\n<<\n"; + $ret.="\n"; + return $ret; + } + 1; |