summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--lib/libcrypto/aes/aes.h4
-rw-r--r--lib/libcrypto/aes/aes_cbc.c2
-rw-r--r--lib/libcrypto/aes/aes_core.c8
-rw-r--r--lib/libcrypto/aes/asm/aes-586.pl3
-rw-r--r--lib/libcrypto/asn1/a_mbstr.c2
-rw-r--r--lib/libcrypto/asn1/a_sign.c7
-rw-r--r--lib/libcrypto/asn1/a_strex.c2
-rw-r--r--lib/libcrypto/asn1/a_strnid.c2
-rw-r--r--lib/libcrypto/asn1/a_verify.c7
-rw-r--r--lib/libcrypto/asn1/asn1t.h2
-rw-r--r--lib/libcrypto/asn1/asn_moid.c2
-rw-r--r--lib/libcrypto/asn1/asn_pack.c2
-rw-r--r--lib/libcrypto/asn1/nsseq.c2
-rw-r--r--lib/libcrypto/asn1/p5_pbe.c2
-rw-r--r--lib/libcrypto/asn1/p5_pbev2.c2
-rw-r--r--lib/libcrypto/asn1/p8_pkey.c2
-rw-r--r--lib/libcrypto/asn1/t_bitst.c2
-rw-r--r--lib/libcrypto/asn1/t_crl.c2
-rw-r--r--lib/libcrypto/asn1/t_spki.c2
-rw-r--r--lib/libcrypto/asn1/t_x509.c4
-rw-r--r--lib/libcrypto/asn1/t_x509a.c2
-rw-r--r--lib/libcrypto/asn1/tasn_dec.c2
-rw-r--r--lib/libcrypto/asn1/tasn_enc.c2
-rw-r--r--lib/libcrypto/asn1/tasn_fre.c2
-rw-r--r--lib/libcrypto/asn1/tasn_new.c2
-rw-r--r--lib/libcrypto/asn1/tasn_prn.c2
-rw-r--r--lib/libcrypto/asn1/tasn_typ.c2
-rw-r--r--lib/libcrypto/asn1/tasn_utl.c2
-rw-r--r--lib/libcrypto/asn1/x_algor.c2
-rw-r--r--lib/libcrypto/asn1/x_bignum.c2
-rw-r--r--lib/libcrypto/asn1/x_exten.c2
-rw-r--r--lib/libcrypto/asn1/x_long.c2
-rw-r--r--lib/libcrypto/asn1/x_x509a.c2
-rw-r--r--lib/libcrypto/bf/bf_skey.c7
-rw-r--r--lib/libcrypto/bf/blowfish.h4
-rw-r--r--lib/libcrypto/bio/bss_bio.c2
-rw-r--r--lib/libcrypto/bio/bss_file.c2
-rw-r--r--lib/libcrypto/bn/Makefile16
-rw-r--r--lib/libcrypto/bn/bn.h15
-rw-r--r--lib/libcrypto/bn/bn_lib.c19
-rw-r--r--lib/libcrypto/bn/bn_nist.c706
-rw-r--r--lib/libcrypto/bn/bn_rand.c6
-rw-r--r--lib/libcrypto/bn/bn_shift.c2
-rw-r--r--lib/libcrypto/buffer/buffer.c58
-rw-r--r--lib/libcrypto/cast/c_skey.c7
-rw-r--r--lib/libcrypto/cast/cast.h4
-rw-r--r--lib/libcrypto/cms/cms_smime.c3
-rw-r--r--lib/libcrypto/comp/c_zlib.c4
-rw-r--r--lib/libcrypto/conf/conf_mall.c4
-rw-r--r--lib/libcrypto/conf/conf_mod.c2
-rw-r--r--lib/libcrypto/conf/conf_sap.c2
-rw-r--r--lib/libcrypto/cryptlib.c351
-rw-r--r--lib/libcrypto/crypto-lib.com26
-rw-r--r--lib/libcrypto/crypto.h84
-rw-r--r--lib/libcrypto/des/des_enc.c4
-rw-r--r--lib/libcrypto/des/ecb_enc.c47
-rw-r--r--lib/libcrypto/des/enc_read.c4
-rw-r--r--lib/libcrypto/des/enc_writ.c4
-rw-r--r--lib/libcrypto/des/set_key.c9
-rw-r--r--lib/libcrypto/dh/Makefile18
-rw-r--r--lib/libcrypto/dh/dh.h11
-rw-r--r--lib/libcrypto/dh/dh_asn1.c2
-rw-r--r--lib/libcrypto/dh/dh_check.c4
-rw-r--r--lib/libcrypto/dh/dh_err.c6
-rw-r--r--lib/libcrypto/dh/dh_gen.c4
-rw-r--r--lib/libcrypto/dh/dh_key.c4
-rw-r--r--lib/libcrypto/dsa/Makefile76
-rw-r--r--lib/libcrypto/dsa/dsa.h39
-rw-r--r--lib/libcrypto/dsa/dsa_asn1.c82
-rw-r--r--lib/libcrypto/dsa/dsa_err.c10
-rw-r--r--lib/libcrypto/dsa/dsa_gen.c3
-rw-r--r--lib/libcrypto/dsa/dsa_key.c4
-rw-r--r--lib/libcrypto/dsa/dsa_lib.c49
-rw-r--r--lib/libcrypto/dsa/dsa_ossl.c3
-rw-r--r--lib/libcrypto/dsa/dsa_sign.c31
-rw-r--r--lib/libcrypto/dsa/dsa_vrf.c32
-rw-r--r--lib/libcrypto/ecdh/Makefile33
-rw-r--r--lib/libcrypto/ecdsa/Makefile37
-rw-r--r--lib/libcrypto/engine/Makefile231
-rw-r--r--lib/libcrypto/engine/eng_cnf.c18
-rw-r--r--lib/libcrypto/engine/enginetest.c2
-rw-r--r--lib/libcrypto/err/err.c782
-rw-r--r--lib/libcrypto/err/err.h8
-rw-r--r--lib/libcrypto/err/err_all.c13
-rw-r--r--lib/libcrypto/err/err_prn.c70
-rw-r--r--lib/libcrypto/err/openssl.ec2
-rw-r--r--lib/libcrypto/evp/Makefile687
-rw-r--r--lib/libcrypto/evp/bio_md.c9
-rw-r--r--lib/libcrypto/evp/digest.c154
-rw-r--r--lib/libcrypto/evp/e_aes.c35
-rw-r--r--lib/libcrypto/evp/e_des.c9
-rw-r--r--lib/libcrypto/evp/e_des3.c29
-rw-r--r--lib/libcrypto/evp/e_null.c2
-rw-r--r--lib/libcrypto/evp/e_rc4.c1
-rw-r--r--lib/libcrypto/evp/evp.h78
-rw-r--r--lib/libcrypto/evp/evp_acnf.c2
-rw-r--r--lib/libcrypto/evp/evp_enc.c254
-rw-r--r--lib/libcrypto/evp/evp_err.c16
-rw-r--r--lib/libcrypto/evp/evp_lib.c39
-rw-r--r--lib/libcrypto/evp/evp_locl.h30
-rw-r--r--lib/libcrypto/evp/evp_pbe.c2
-rw-r--r--lib/libcrypto/evp/evp_pkey.c2
-rw-r--r--lib/libcrypto/evp/m_dss.c2
-rw-r--r--lib/libcrypto/evp/m_dss1.c3
-rw-r--r--lib/libcrypto/evp/m_md2.c1
-rw-r--r--lib/libcrypto/evp/m_md4.c1
-rw-r--r--lib/libcrypto/evp/m_md5.c1
-rw-r--r--lib/libcrypto/evp/m_mdc2.c1
-rw-r--r--lib/libcrypto/evp/m_sha.c1
-rw-r--r--lib/libcrypto/evp/m_sha1.c7
-rw-r--r--lib/libcrypto/evp/names.c7
-rw-r--r--lib/libcrypto/evp/p5_crpt.c2
-rw-r--r--lib/libcrypto/evp/p5_crpt2.c2
-rw-r--r--lib/libcrypto/evp/p_sign.c24
-rw-r--r--lib/libcrypto/evp/p_verify.c26
-rw-r--r--lib/libcrypto/hmac/hmac.c3
-rw-r--r--lib/libcrypto/idea/idea.h3
-rw-r--r--lib/libcrypto/install.com10
-rw-r--r--lib/libcrypto/md2/md2.h3
-rw-r--r--lib/libcrypto/md2/md2_dgst.c7
-rw-r--r--lib/libcrypto/md4/md4.h3
-rw-r--r--lib/libcrypto/md4/md4_dgst.c7
-rw-r--r--lib/libcrypto/md5/md5.h3
-rw-r--r--lib/libcrypto/md5/md5_dgst.c7
-rw-r--r--lib/libcrypto/mdc2/Makefile2
-rw-r--r--lib/libcrypto/mdc2/mdc2.h4
-rw-r--r--lib/libcrypto/mem.c47
-rw-r--r--lib/libcrypto/mem_dbg.c28
-rw-r--r--lib/libcrypto/objects/obj_dat.pl4
-rw-r--r--lib/libcrypto/objects/obj_mac.num2
-rw-r--r--lib/libcrypto/objects/objects.txt3
-rw-r--r--lib/libcrypto/ocsp/ocsp_asn.c2
-rw-r--r--lib/libcrypto/ocsp/ocsp_ht.c5
-rw-r--r--lib/libcrypto/ocsp/ocsp_srv.c2
-rw-r--r--lib/libcrypto/ocsp/ocsp_vfy.c2
-rw-r--r--lib/libcrypto/opensslconf.h.in15
-rw-r--r--lib/libcrypto/opensslv.h6
-rw-r--r--lib/libcrypto/ossl_typ.h2
-rw-r--r--lib/libcrypto/pem/pem.h1
-rw-r--r--lib/libcrypto/pem/pem_all.c174
-rw-r--r--lib/libcrypto/pem/pem_lib.c3
-rw-r--r--lib/libcrypto/pem/pem_x509.c2
-rw-r--r--lib/libcrypto/pem/pem_xaux.c2
-rw-r--r--lib/libcrypto/pkcs12/p12_add.c2
-rw-r--r--lib/libcrypto/pkcs12/p12_asn.c2
-rw-r--r--lib/libcrypto/pkcs12/p12_attr.c2
-rw-r--r--lib/libcrypto/pkcs12/p12_crpt.c2
-rw-r--r--lib/libcrypto/pkcs12/p12_crt.c13
-rw-r--r--lib/libcrypto/pkcs12/p12_decr.c2
-rw-r--r--lib/libcrypto/pkcs12/p12_init.c2
-rw-r--r--lib/libcrypto/pkcs12/p12_key.c2
-rw-r--r--lib/libcrypto/pkcs12/p12_kiss.c2
-rw-r--r--lib/libcrypto/pkcs12/p12_mutl.c2
-rw-r--r--lib/libcrypto/pkcs12/p12_npas.c2
-rw-r--r--lib/libcrypto/pkcs12/p12_p8d.c2
-rw-r--r--lib/libcrypto/pkcs12/p12_p8e.c2
-rw-r--r--lib/libcrypto/pkcs12/p12_utl.c2
-rw-r--r--lib/libcrypto/pkcs12/pkcs12.h2
-rw-r--r--lib/libcrypto/pkcs7/pk7_asn1.c2
-rw-r--r--lib/libcrypto/pkcs7/pk7_attr.c2
-rw-r--r--lib/libcrypto/pkcs7/pk7_mime.c2
-rw-r--r--lib/libcrypto/pkcs7/pk7_smime.c3
-rw-r--r--lib/libcrypto/rand/Makefile71
-rw-r--r--lib/libcrypto/rand/md_rand.c12
-rw-r--r--lib/libcrypto/rand/rand.h29
-rw-r--r--lib/libcrypto/rand/rand_err.c20
-rw-r--r--lib/libcrypto/rand/rand_lcl.h11
-rw-r--r--lib/libcrypto/rand/rand_lib.c71
-rw-r--r--lib/libcrypto/rand/randfile.c66
-rw-r--r--lib/libcrypto/rc2/rc2.h4
-rw-r--r--lib/libcrypto/rc2/rc2_skey.c17
-rwxr-xr-xlib/libcrypto/rc4/asm/rc4-x86_64.pl2
-rw-r--r--lib/libcrypto/rc4/rc4.h3
-rw-r--r--lib/libcrypto/rc4/rc4_skey.c16
-rw-r--r--lib/libcrypto/rc5/rc5.h5
-rw-r--r--lib/libcrypto/ripemd/ripemd.h4
-rw-r--r--lib/libcrypto/ripemd/rmd_dgst.c7
-rw-r--r--lib/libcrypto/ripemd/rmd_locl.h2
-rw-r--r--lib/libcrypto/rsa/Makefile78
-rw-r--r--lib/libcrypto/rsa/rsa.h39
-rw-r--r--lib/libcrypto/rsa/rsa_asn1.c2
-rw-r--r--lib/libcrypto/rsa/rsa_eay.c2
-rw-r--r--lib/libcrypto/rsa/rsa_err.c10
-rw-r--r--lib/libcrypto/rsa/rsa_gen.c3
-rw-r--r--lib/libcrypto/rsa/rsa_lib.c272
-rw-r--r--lib/libcrypto/rsa/rsa_null.c2
-rw-r--r--lib/libcrypto/rsa/rsa_oaep.c2
-rw-r--r--lib/libcrypto/rsa/rsa_sign.c24
-rw-r--r--lib/libcrypto/sha/sha.h3
-rw-r--r--lib/libcrypto/sha/sha1_one.c2
-rw-r--r--lib/libcrypto/sha/sha1dgst.c4
-rw-r--r--lib/libcrypto/sha/sha_dgst.c6
-rw-r--r--lib/libcrypto/sha/sha_locl.h7
-rw-r--r--lib/libcrypto/symhacks.h5
-rw-r--r--lib/libcrypto/ui/ui_openssl.c2
-rw-r--r--lib/libcrypto/util/libeay.num180
-rw-r--r--lib/libcrypto/util/mk1mf.pl404
-rw-r--r--lib/libcrypto/util/mkdef.pl21
-rw-r--r--lib/libcrypto/util/mkerr.pl3
-rw-r--r--lib/libcrypto/util/mkfiles.pl10
-rw-r--r--lib/libcrypto/util/mklink.pl12
-rw-r--r--lib/libcrypto/util/pl/VC-32.pl179
-rw-r--r--lib/libcrypto/x509/by_dir.c4
-rw-r--r--lib/libcrypto/x509/x509_cmp.c8
-rw-r--r--lib/libcrypto/x509/x509_trs.c2
-rw-r--r--lib/libcrypto/x509/x509cset.c2
-rw-r--r--lib/libcrypto/x509/x509spki.c2
-rw-r--r--lib/libcrypto/x509v3/ext_dat.h2
-rw-r--r--lib/libcrypto/x509v3/pcy_data.c2
-rw-r--r--lib/libcrypto/x509v3/pcy_tree.c2
-rw-r--r--lib/libcrypto/x509v3/tabtest.c2
-rw-r--r--lib/libcrypto/x509v3/v3_addr.c1
-rw-r--r--lib/libcrypto/x509v3/v3_akey.c2
-rw-r--r--lib/libcrypto/x509v3/v3_akeya.c2
-rw-r--r--lib/libcrypto/x509v3/v3_alt.c5
-rw-r--r--lib/libcrypto/x509v3/v3_bcons.c2
-rw-r--r--lib/libcrypto/x509v3/v3_bitst.c2
-rw-r--r--lib/libcrypto/x509v3/v3_conf.c2
-rw-r--r--lib/libcrypto/x509v3/v3_cpols.c2
-rw-r--r--lib/libcrypto/x509v3/v3_crld.c2
-rw-r--r--lib/libcrypto/x509v3/v3_enum.c2
-rw-r--r--lib/libcrypto/x509v3/v3_extku.c2
-rw-r--r--lib/libcrypto/x509v3/v3_genn.c2
-rw-r--r--lib/libcrypto/x509v3/v3_ia5.c2
-rw-r--r--lib/libcrypto/x509v3/v3_info.c2
-rw-r--r--lib/libcrypto/x509v3/v3_int.c2
-rw-r--r--lib/libcrypto/x509v3/v3_lib.c2
-rw-r--r--lib/libcrypto/x509v3/v3_ocsp.c2
-rw-r--r--lib/libcrypto/x509v3/v3_pku.c2
-rw-r--r--lib/libcrypto/x509v3/v3_prn.c2
-rw-r--r--lib/libcrypto/x509v3/v3_purp.c2
-rw-r--r--lib/libcrypto/x509v3/v3_skey.c2
-rw-r--r--lib/libcrypto/x509v3/v3_sxnet.c2
-rw-r--r--lib/libcrypto/x509v3/v3_utl.c23
-rw-r--r--lib/libcrypto/x509v3/v3conf.c2
-rw-r--r--lib/libcrypto/x509v3/v3prin.c2
-rw-r--r--lib/libcrypto/x509v3/x509v3.h2
-rw-r--r--lib/libssl/d1_pkt.c1
-rw-r--r--lib/libssl/s3_clnt.c10
-rw-r--r--lib/libssl/s3_pkt.c9
-rw-r--r--lib/libssl/s3_srvr.c34
-rw-r--r--lib/libssl/ssl_ciph.c3
-rw-r--r--lib/libssl/ssl_locl.h4
-rw-r--r--lib/libssl/t1_enc.c38
-rw-r--r--lib/libssl/test/Makefile489
-rw-r--r--lib/libssl/test/tests.com12
246 files changed, 4057 insertions, 3138 deletions
diff --git a/lib/libcrypto/aes/aes.h b/lib/libcrypto/aes/aes.h
index baf0222d49d..450f2b4051b 100644
--- a/lib/libcrypto/aes/aes.h
+++ b/lib/libcrypto/aes/aes.h
@@ -66,6 +66,10 @@
#define AES_MAXNR 14
#define AES_BLOCK_SIZE 16
+#ifdef OPENSSL_FIPS
+#define FIPS_AES_SIZE_T int
+#endif
+
#ifdef __cplusplus
extern "C" {
#endif
diff --git a/lib/libcrypto/aes/aes_cbc.c b/lib/libcrypto/aes/aes_cbc.c
index d2ba6bcdb46..373864cd4bd 100644
--- a/lib/libcrypto/aes/aes_cbc.c
+++ b/lib/libcrypto/aes/aes_cbc.c
@@ -59,6 +59,7 @@
#include <openssl/aes.h>
#include "aes_locl.h"
+#if !defined(OPENSSL_FIPS_AES_ASM)
void AES_cbc_encrypt(const unsigned char *in, unsigned char *out,
const unsigned long length, const AES_KEY *key,
unsigned char *ivec, const int enc) {
@@ -129,3 +130,4 @@ void AES_cbc_encrypt(const unsigned char *in, unsigned char *out,
}
}
}
+#endif
diff --git a/lib/libcrypto/aes/aes_core.c b/lib/libcrypto/aes/aes_core.c
index 3a80e18b0a4..cffdd4daec4 100644
--- a/lib/libcrypto/aes/aes_core.c
+++ b/lib/libcrypto/aes/aes_core.c
@@ -37,6 +37,10 @@
#include <stdlib.h>
#include <openssl/aes.h>
+#ifdef OPENSSL_FIPS
+#include <openssl/fips.h>
+#endif
+
#include "aes_locl.h"
/*
@@ -631,6 +635,10 @@ int AES_set_encrypt_key(const unsigned char *userKey, const int bits,
int i = 0;
u32 temp;
+#ifdef OPENSSL_FIPS
+ FIPS_selftest_check();
+#endif
+
if (!userKey || !key)
return -1;
if (bits != 128 && bits != 192 && bits != 256)
diff --git a/lib/libcrypto/aes/asm/aes-586.pl b/lib/libcrypto/aes/asm/aes-586.pl
index 3da307bef94..e771e839535 100644
--- a/lib/libcrypto/aes/asm/aes-586.pl
+++ b/lib/libcrypto/aes/asm/aes-586.pl
@@ -955,8 +955,9 @@ my $mark=&DWP(60+240,"esp"); #copy of aes_key->rounds
&align (4);
&set_label("enc_tail");
- &push ($key eq "edi" ? $key : ""); # push ivp
+ &mov ($s0,$key eq "edi" ? $key : "");
&mov ($key,$_out); # load out
+ &push ($s0); # push ivp
&mov ($s1,16);
&sub ($s1,$s2);
&cmp ($key,$acc); # compare with inp
diff --git a/lib/libcrypto/asn1/a_mbstr.c b/lib/libcrypto/asn1/a_mbstr.c
index 2d4800a22a4..1bcd0468938 100644
--- a/lib/libcrypto/asn1/a_mbstr.c
+++ b/lib/libcrypto/asn1/a_mbstr.c
@@ -1,5 +1,5 @@
/* a_mbstr.c */
-/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project 1999.
*/
/* ====================================================================
diff --git a/lib/libcrypto/asn1/a_sign.c b/lib/libcrypto/asn1/a_sign.c
index 1081950518c..4dee45fbb83 100644
--- a/lib/libcrypto/asn1/a_sign.c
+++ b/lib/libcrypto/asn1/a_sign.c
@@ -267,7 +267,12 @@ int ASN1_item_sign(const ASN1_ITEM *it, X509_ALGOR *algor1, X509_ALGOR *algor2,
goto err;
}
- EVP_SignInit_ex(&ctx,type, NULL);
+ if (!EVP_SignInit_ex(&ctx,type, NULL))
+ {
+ outl=0;
+ ASN1err(ASN1_F_ASN1_ITEM_SIGN,ERR_R_EVP_LIB);
+ goto err;
+ }
EVP_SignUpdate(&ctx,(unsigned char *)buf_in,inl);
if (!EVP_SignFinal(&ctx,(unsigned char *)buf_out,
(unsigned int *)&outl,pkey))
diff --git a/lib/libcrypto/asn1/a_strex.c b/lib/libcrypto/asn1/a_strex.c
index c2dbb6f9a58..7fc14d3296c 100644
--- a/lib/libcrypto/asn1/a_strex.c
+++ b/lib/libcrypto/asn1/a_strex.c
@@ -1,5 +1,5 @@
/* a_strex.c */
-/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project 2000.
*/
/* ====================================================================
diff --git a/lib/libcrypto/asn1/a_strnid.c b/lib/libcrypto/asn1/a_strnid.c
index 613bbc4a7da..fe515b52bae 100644
--- a/lib/libcrypto/asn1/a_strnid.c
+++ b/lib/libcrypto/asn1/a_strnid.c
@@ -1,5 +1,5 @@
/* a_strnid.c */
-/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project 1999.
*/
/* ====================================================================
diff --git a/lib/libcrypto/asn1/a_verify.c b/lib/libcrypto/asn1/a_verify.c
index fdce6e4380b..da3efaaf8de 100644
--- a/lib/libcrypto/asn1/a_verify.c
+++ b/lib/libcrypto/asn1/a_verify.c
@@ -100,7 +100,12 @@ int ASN1_verify(i2d_of_void *i2d, X509_ALGOR *a, ASN1_BIT_STRING *signature,
p=buf_in;
i2d(data,&p);
- EVP_VerifyInit_ex(&ctx,type, NULL);
+ if (!EVP_VerifyInit_ex(&ctx,type, NULL))
+ {
+ ASN1err(ASN1_F_ASN1_VERIFY,ERR_R_EVP_LIB);
+ ret=0;
+ goto err;
+ }
EVP_VerifyUpdate(&ctx,(unsigned char *)buf_in,inl);
OPENSSL_cleanse(buf_in,(unsigned int)inl);
diff --git a/lib/libcrypto/asn1/asn1t.h b/lib/libcrypto/asn1/asn1t.h
index bf315e65ed3..ac14f9415b8 100644
--- a/lib/libcrypto/asn1/asn1t.h
+++ b/lib/libcrypto/asn1/asn1t.h
@@ -1,5 +1,5 @@
/* asn1t.h */
-/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project 2000.
*/
/* ====================================================================
diff --git a/lib/libcrypto/asn1/asn_moid.c b/lib/libcrypto/asn1/asn_moid.c
index 9132350f107..1ea6a592483 100644
--- a/lib/libcrypto/asn1/asn_moid.c
+++ b/lib/libcrypto/asn1/asn_moid.c
@@ -1,5 +1,5 @@
/* asn_moid.c */
-/* Written by Stephen Henson (shenson@bigfoot.com) for the OpenSSL
+/* Written by Stephen Henson (steve@openssl.org) for the OpenSSL
* project 2001.
*/
/* ====================================================================
diff --git a/lib/libcrypto/asn1/asn_pack.c b/lib/libcrypto/asn1/asn_pack.c
index e8b671b7b51..f1a5a056322 100644
--- a/lib/libcrypto/asn1/asn_pack.c
+++ b/lib/libcrypto/asn1/asn_pack.c
@@ -1,5 +1,5 @@
/* asn_pack.c */
-/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project 1999.
*/
/* ====================================================================
diff --git a/lib/libcrypto/asn1/nsseq.c b/lib/libcrypto/asn1/nsseq.c
index 50e2d4d07a1..e551c57d59d 100644
--- a/lib/libcrypto/asn1/nsseq.c
+++ b/lib/libcrypto/asn1/nsseq.c
@@ -1,5 +1,5 @@
/* nsseq.c */
-/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project 1999.
*/
/* ====================================================================
diff --git a/lib/libcrypto/asn1/p5_pbe.c b/lib/libcrypto/asn1/p5_pbe.c
index da91170094b..c4582f8041e 100644
--- a/lib/libcrypto/asn1/p5_pbe.c
+++ b/lib/libcrypto/asn1/p5_pbe.c
@@ -1,5 +1,5 @@
/* p5_pbe.c */
-/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project 1999.
*/
/* ====================================================================
diff --git a/lib/libcrypto/asn1/p5_pbev2.c b/lib/libcrypto/asn1/p5_pbev2.c
index c834a38ddf3..2b0516afeed 100644
--- a/lib/libcrypto/asn1/p5_pbev2.c
+++ b/lib/libcrypto/asn1/p5_pbev2.c
@@ -1,5 +1,5 @@
/* p5_pbev2.c */
-/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project 1999-2004.
*/
/* ====================================================================
diff --git a/lib/libcrypto/asn1/p8_pkey.c b/lib/libcrypto/asn1/p8_pkey.c
index 24b409132f5..0a1957556e5 100644
--- a/lib/libcrypto/asn1/p8_pkey.c
+++ b/lib/libcrypto/asn1/p8_pkey.c
@@ -1,5 +1,5 @@
/* p8_pkey.c */
-/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project 1999.
*/
/* ====================================================================
diff --git a/lib/libcrypto/asn1/t_bitst.c b/lib/libcrypto/asn1/t_bitst.c
index 397332d9b8e..2e59a25fa1e 100644
--- a/lib/libcrypto/asn1/t_bitst.c
+++ b/lib/libcrypto/asn1/t_bitst.c
@@ -1,5 +1,5 @@
/* t_bitst.c */
-/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project 1999.
*/
/* ====================================================================
diff --git a/lib/libcrypto/asn1/t_crl.c b/lib/libcrypto/asn1/t_crl.c
index 929b3e59043..bdb244c015b 100644
--- a/lib/libcrypto/asn1/t_crl.c
+++ b/lib/libcrypto/asn1/t_crl.c
@@ -1,5 +1,5 @@
/* t_crl.c */
-/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project 1999.
*/
/* ====================================================================
diff --git a/lib/libcrypto/asn1/t_spki.c b/lib/libcrypto/asn1/t_spki.c
index c2a5797dd8b..a73369b9492 100644
--- a/lib/libcrypto/asn1/t_spki.c
+++ b/lib/libcrypto/asn1/t_spki.c
@@ -1,5 +1,5 @@
/* t_spki.c */
-/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project 1999.
*/
/* ====================================================================
diff --git a/lib/libcrypto/asn1/t_x509.c b/lib/libcrypto/asn1/t_x509.c
index cb76c32c8d0..8f746f9c051 100644
--- a/lib/libcrypto/asn1/t_x509.c
+++ b/lib/libcrypto/asn1/t_x509.c
@@ -393,7 +393,7 @@ int ASN1_GENERALIZEDTIME_print(BIO *bp, ASN1_GENERALIZEDTIME *tm)
d= (v[6]-'0')*10+(v[7]-'0');
h= (v[8]-'0')*10+(v[9]-'0');
m= (v[10]-'0')*10+(v[11]-'0');
- if (i >= 14 &&
+ if (tm->length >= 14 &&
(v[12] >= '0') && (v[12] <= '9') &&
(v[13] >= '0') && (v[13] <= '9'))
s= (v[12]-'0')*10+(v[13]-'0');
@@ -429,7 +429,7 @@ int ASN1_UTCTIME_print(BIO *bp, ASN1_UTCTIME *tm)
d= (v[4]-'0')*10+(v[5]-'0');
h= (v[6]-'0')*10+(v[7]-'0');
m= (v[8]-'0')*10+(v[9]-'0');
- if (i >=12 &&
+ if (tm->length >=12 &&
(v[10] >= '0') && (v[10] <= '9') &&
(v[11] >= '0') && (v[11] <= '9'))
s= (v[10]-'0')*10+(v[11]-'0');
diff --git a/lib/libcrypto/asn1/t_x509a.c b/lib/libcrypto/asn1/t_x509a.c
index ffbbfb51f43..8b18801a173 100644
--- a/lib/libcrypto/asn1/t_x509a.c
+++ b/lib/libcrypto/asn1/t_x509a.c
@@ -1,5 +1,5 @@
/* t_x509a.c */
-/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project 1999.
*/
/* ====================================================================
diff --git a/lib/libcrypto/asn1/tasn_dec.c b/lib/libcrypto/asn1/tasn_dec.c
index 0ee406231e7..ced641698eb 100644
--- a/lib/libcrypto/asn1/tasn_dec.c
+++ b/lib/libcrypto/asn1/tasn_dec.c
@@ -1,5 +1,5 @@
/* tasn_dec.c */
-/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project 2000.
*/
/* ====================================================================
diff --git a/lib/libcrypto/asn1/tasn_enc.c b/lib/libcrypto/asn1/tasn_enc.c
index be19b36acd5..2721f904a63 100644
--- a/lib/libcrypto/asn1/tasn_enc.c
+++ b/lib/libcrypto/asn1/tasn_enc.c
@@ -1,5 +1,5 @@
/* tasn_enc.c */
-/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project 2000.
*/
/* ====================================================================
diff --git a/lib/libcrypto/asn1/tasn_fre.c b/lib/libcrypto/asn1/tasn_fre.c
index bb7c1e2af48..d7c017fa1d4 100644
--- a/lib/libcrypto/asn1/tasn_fre.c
+++ b/lib/libcrypto/asn1/tasn_fre.c
@@ -1,5 +1,5 @@
/* tasn_fre.c */
-/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project 2000.
*/
/* ====================================================================
diff --git a/lib/libcrypto/asn1/tasn_new.c b/lib/libcrypto/asn1/tasn_new.c
index 531dad365c0..5c6a2ebd4d0 100644
--- a/lib/libcrypto/asn1/tasn_new.c
+++ b/lib/libcrypto/asn1/tasn_new.c
@@ -1,5 +1,5 @@
/* tasn_new.c */
-/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project 2000.
*/
/* ====================================================================
diff --git a/lib/libcrypto/asn1/tasn_prn.c b/lib/libcrypto/asn1/tasn_prn.c
index 719639b511f..b9c96a6dbe1 100644
--- a/lib/libcrypto/asn1/tasn_prn.c
+++ b/lib/libcrypto/asn1/tasn_prn.c
@@ -1,5 +1,5 @@
/* tasn_prn.c */
-/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project 2000.
*/
/* ====================================================================
diff --git a/lib/libcrypto/asn1/tasn_typ.c b/lib/libcrypto/asn1/tasn_typ.c
index 6f17f1bec71..6252213d15f 100644
--- a/lib/libcrypto/asn1/tasn_typ.c
+++ b/lib/libcrypto/asn1/tasn_typ.c
@@ -1,5 +1,5 @@
/* tasn_typ.c */
-/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project 2000.
*/
/* ====================================================================
diff --git a/lib/libcrypto/asn1/tasn_utl.c b/lib/libcrypto/asn1/tasn_utl.c
index 34d520b180a..ca9ec7a32f5 100644
--- a/lib/libcrypto/asn1/tasn_utl.c
+++ b/lib/libcrypto/asn1/tasn_utl.c
@@ -1,5 +1,5 @@
/* tasn_utl.c */
-/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project 2000.
*/
/* ====================================================================
diff --git a/lib/libcrypto/asn1/x_algor.c b/lib/libcrypto/asn1/x_algor.c
index 33533aba862..99e53429b79 100644
--- a/lib/libcrypto/asn1/x_algor.c
+++ b/lib/libcrypto/asn1/x_algor.c
@@ -1,5 +1,5 @@
/* x_algor.c */
-/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project 2000.
*/
/* ====================================================================
diff --git a/lib/libcrypto/asn1/x_bignum.c b/lib/libcrypto/asn1/x_bignum.c
index 869c05d931d..9cf3204a1b5 100644
--- a/lib/libcrypto/asn1/x_bignum.c
+++ b/lib/libcrypto/asn1/x_bignum.c
@@ -1,5 +1,5 @@
/* x_bignum.c */
-/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project 2000.
*/
/* ====================================================================
diff --git a/lib/libcrypto/asn1/x_exten.c b/lib/libcrypto/asn1/x_exten.c
index 1732e667125..3a21239926a 100644
--- a/lib/libcrypto/asn1/x_exten.c
+++ b/lib/libcrypto/asn1/x_exten.c
@@ -1,5 +1,5 @@
/* x_exten.c */
-/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project 2000.
*/
/* ====================================================================
diff --git a/lib/libcrypto/asn1/x_long.c b/lib/libcrypto/asn1/x_long.c
index 0db233cb95f..bf35457c1f7 100644
--- a/lib/libcrypto/asn1/x_long.c
+++ b/lib/libcrypto/asn1/x_long.c
@@ -1,5 +1,5 @@
/* x_long.c */
-/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project 2000.
*/
/* ====================================================================
diff --git a/lib/libcrypto/asn1/x_x509a.c b/lib/libcrypto/asn1/x_x509a.c
index 13db5fd03fd..b603f82de71 100644
--- a/lib/libcrypto/asn1/x_x509a.c
+++ b/lib/libcrypto/asn1/x_x509a.c
@@ -1,5 +1,5 @@
/* a_x509a.c */
-/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project 1999.
*/
/* ====================================================================
diff --git a/lib/libcrypto/bf/bf_skey.c b/lib/libcrypto/bf/bf_skey.c
index 3673cdee6e2..6ac2aeb2795 100644
--- a/lib/libcrypto/bf/bf_skey.c
+++ b/lib/libcrypto/bf/bf_skey.c
@@ -59,10 +59,15 @@
#include <stdio.h>
#include <string.h>
#include <openssl/blowfish.h>
+#include <openssl/crypto.h>
+#ifdef OPENSSL_FIPS
+#include <openssl/fips.h>
+#endif
+
#include "bf_locl.h"
#include "bf_pi.h"
-void BF_set_key(BF_KEY *key, int len, const unsigned char *data)
+FIPS_NON_FIPS_VCIPHER_Init(BF)
{
int i;
BF_LONG *p,ri,in[2];
diff --git a/lib/libcrypto/bf/blowfish.h b/lib/libcrypto/bf/blowfish.h
index cd49e85ab29..d24ffccb65f 100644
--- a/lib/libcrypto/bf/blowfish.h
+++ b/lib/libcrypto/bf/blowfish.h
@@ -104,7 +104,9 @@ typedef struct bf_key_st
BF_LONG S[4*256];
} BF_KEY;
-
+#ifdef OPENSSL_FIPS
+void private_BF_set_key(BF_KEY *key, int len, const unsigned char *data);
+#endif
void BF_set_key(BF_KEY *key, int len, const unsigned char *data);
void BF_encrypt(BF_LONG *data,const BF_KEY *key);
diff --git a/lib/libcrypto/bio/bss_bio.c b/lib/libcrypto/bio/bss_bio.c
index 0f9f0955b41..76bd48e7679 100644
--- a/lib/libcrypto/bio/bss_bio.c
+++ b/lib/libcrypto/bio/bss_bio.c
@@ -919,6 +919,6 @@ int BIO_nwrite(BIO *bio, char **buf, int num)
ret = BIO_ctrl(bio, BIO_C_NWRITE, num, buf);
if (ret > 0)
- bio->num_read += ret;
+ bio->num_write += ret;
return ret;
}
diff --git a/lib/libcrypto/bio/bss_file.c b/lib/libcrypto/bio/bss_file.c
index 0c8c8115faa..e692a08e586 100644
--- a/lib/libcrypto/bio/bss_file.c
+++ b/lib/libcrypto/bio/bss_file.c
@@ -279,7 +279,7 @@ static long MS_CALLBACK file_ctrl(BIO *b, int cmd, long num, void *ptr)
#endif
{
#if defined(OPENSSL_SYS_WINDOWS)
- int fd = fileno((FILE*)ptr);
+ int fd = _fileno((FILE*)ptr);
if (num & BIO_FP_TEXT)
_setmode(fd,_O_TEXT);
else
diff --git a/lib/libcrypto/bn/Makefile b/lib/libcrypto/bn/Makefile
index 0491e3db4c4..f5e8f65a469 100644
--- a/lib/libcrypto/bn/Makefile
+++ b/lib/libcrypto/bn/Makefile
@@ -28,13 +28,13 @@ LIBSRC= bn_add.c bn_div.c bn_exp.c bn_lib.c bn_ctx.c bn_mul.c bn_mod.c \
bn_print.c bn_rand.c bn_shift.c bn_word.c bn_blind.c \
bn_kron.c bn_sqrt.c bn_gcd.c bn_prime.c bn_err.c bn_sqr.c bn_asm.c \
bn_recp.c bn_mont.c bn_mpi.c bn_exp2.c bn_gf2m.c bn_nist.c \
- bn_depr.c bn_const.c
+ bn_depr.c bn_x931p.c bn_const.c bn_opt.c
LIBOBJ= bn_add.o bn_div.o bn_exp.o bn_lib.o bn_ctx.o bn_mul.o bn_mod.o \
bn_print.o bn_rand.o bn_shift.o bn_word.o bn_blind.o \
bn_kron.o bn_sqrt.o bn_gcd.o bn_prime.o bn_err.o bn_sqr.o $(BN_ASM) \
bn_recp.o bn_mont.o bn_mpi.o bn_exp2.o bn_gf2m.o bn_nist.o \
- bn_depr.o bn_const.o
+ bn_depr.o bn_x931p.o bn_const.o bn_opt.o
SRC= $(LIBSRC)
@@ -58,7 +58,7 @@ bnbug: bnbug.c ../../libcrypto.a top
cc -g -I../../include bnbug.c -o bnbug ../../libcrypto.a
lib: $(LIBOBJ)
- $(AR) $(LIB) $(LIBOBJ)
+ $(ARX) $(LIB) $(LIBOBJ)
$(RANLIB) $(LIB) || echo Never mind.
@touch lib
@@ -292,6 +292,13 @@ bn_nist.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
bn_nist.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
bn_nist.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
bn_nist.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_lcl.h bn_nist.c
+bn_opt.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
+bn_opt.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+bn_opt.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bn_opt.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+bn_opt.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+bn_opt.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+bn_opt.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_lcl.h bn_opt.c
bn_prime.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
bn_prime.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
bn_prime.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
@@ -350,3 +357,6 @@ bn_word.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
bn_word.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
bn_word.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
bn_word.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_lcl.h bn_word.c
+bn_x931p.o: ../../include/openssl/bn.h ../../include/openssl/e_os2.h
+bn_x931p.o: ../../include/openssl/opensslconf.h
+bn_x931p.o: ../../include/openssl/ossl_typ.h bn_x931p.c
diff --git a/lib/libcrypto/bn/bn.h b/lib/libcrypto/bn/bn.h
index 6d754d55477..f1719a5877f 100644
--- a/lib/libcrypto/bn/bn.h
+++ b/lib/libcrypto/bn/bn.h
@@ -408,8 +408,8 @@ BIGNUM *BN_CTX_get(BN_CTX *ctx);
void BN_CTX_end(BN_CTX *ctx);
int BN_rand(BIGNUM *rnd, int bits, int top,int bottom);
int BN_pseudo_rand(BIGNUM *rnd, int bits, int top,int bottom);
-int BN_rand_range(BIGNUM *rnd, BIGNUM *range);
-int BN_pseudo_rand_range(BIGNUM *rnd, BIGNUM *range);
+int BN_rand_range(BIGNUM *rnd, const BIGNUM *range);
+int BN_pseudo_rand_range(BIGNUM *rnd, const BIGNUM *range);
int BN_num_bits(const BIGNUM *a);
int BN_num_bits_word(BN_ULONG);
BIGNUM *BN_new(void);
@@ -531,6 +531,17 @@ int BN_is_prime_ex(const BIGNUM *p,int nchecks, BN_CTX *ctx, BN_GENCB *cb);
int BN_is_prime_fasttest_ex(const BIGNUM *p,int nchecks, BN_CTX *ctx,
int do_trial_division, BN_GENCB *cb);
+int BN_X931_generate_Xpq(BIGNUM *Xp, BIGNUM *Xq, int nbits, BN_CTX *ctx);
+
+int BN_X931_derive_prime_ex(BIGNUM *p, BIGNUM *p1, BIGNUM *p2,
+ const BIGNUM *Xp, const BIGNUM *Xp1, const BIGNUM *Xp2,
+ const BIGNUM *e, BN_CTX *ctx, BN_GENCB *cb);
+int BN_X931_generate_prime_ex(BIGNUM *p, BIGNUM *p1, BIGNUM *p2,
+ BIGNUM *Xp1, BIGNUM *Xp2,
+ const BIGNUM *Xp,
+ const BIGNUM *e, BN_CTX *ctx,
+ BN_GENCB *cb);
+
BN_MONT_CTX *BN_MONT_CTX_new(void );
void BN_MONT_CTX_init(BN_MONT_CTX *ctx);
int BN_mod_mul_montgomery(BIGNUM *r,const BIGNUM *a,const BIGNUM *b,
diff --git a/lib/libcrypto/bn/bn_lib.c b/lib/libcrypto/bn/bn_lib.c
index 2649b8c5385..32a8fbaf51e 100644
--- a/lib/libcrypto/bn/bn_lib.c
+++ b/lib/libcrypto/bn/bn_lib.c
@@ -139,25 +139,6 @@ const BIGNUM *BN_value_one(void)
return(&const_one);
}
-char *BN_options(void)
- {
- static int init=0;
- static char data[16];
-
- if (!init)
- {
- init++;
-#ifdef BN_LLONG
- BIO_snprintf(data,sizeof data,"bn(%d,%d)",
- (int)sizeof(BN_ULLONG)*8,(int)sizeof(BN_ULONG)*8);
-#else
- BIO_snprintf(data,sizeof data,"bn(%d,%d)",
- (int)sizeof(BN_ULONG)*8,(int)sizeof(BN_ULONG)*8);
-#endif
- }
- return(data);
- }
-
int BN_num_bits_word(BN_ULONG l)
{
static const char bits[256]={
diff --git a/lib/libcrypto/bn/bn_nist.c b/lib/libcrypto/bn/bn_nist.c
index 1fc94f55c32..2ca5b013911 100644
--- a/lib/libcrypto/bn/bn_nist.c
+++ b/lib/libcrypto/bn/bn_nist.c
@@ -66,46 +66,157 @@
#define BN_NIST_384_TOP (384+BN_BITS2-1)/BN_BITS2
#define BN_NIST_521_TOP (521+BN_BITS2-1)/BN_BITS2
+/* pre-computed tables are "carry-less" values of modulus*(i+1) */
#if BN_BITS2 == 64
-static const BN_ULONG _nist_p_192[] =
- {0xFFFFFFFFFFFFFFFFULL,0xFFFFFFFFFFFFFFFEULL,
- 0xFFFFFFFFFFFFFFFFULL};
-static const BN_ULONG _nist_p_224[] =
+static const BN_ULONG _nist_p_192[][BN_NIST_192_TOP] = {
+ {0xFFFFFFFFFFFFFFFFULL,0xFFFFFFFFFFFFFFFEULL,0xFFFFFFFFFFFFFFFFULL},
+ {0xFFFFFFFFFFFFFFFEULL,0xFFFFFFFFFFFFFFFDULL,0xFFFFFFFFFFFFFFFFULL},
+ {0xFFFFFFFFFFFFFFFDULL,0xFFFFFFFFFFFFFFFCULL,0xFFFFFFFFFFFFFFFFULL}
+ };
+static const BN_ULONG _nist_p_192_sqr[] = {
+ 0x0000000000000001ULL,0x0000000000000002ULL,0x0000000000000001ULL,
+ 0xFFFFFFFFFFFFFFFEULL,0xFFFFFFFFFFFFFFFDULL,0xFFFFFFFFFFFFFFFFULL
+ };
+static const BN_ULONG _nist_p_224[][BN_NIST_224_TOP] = {
{0x0000000000000001ULL,0xFFFFFFFF00000000ULL,
- 0xFFFFFFFFFFFFFFFFULL,0x00000000FFFFFFFFULL};
-static const BN_ULONG _nist_p_256[] =
+ 0xFFFFFFFFFFFFFFFFULL,0x00000000FFFFFFFFULL},
+ {0x0000000000000002ULL,0xFFFFFFFE00000000ULL,
+ 0xFFFFFFFFFFFFFFFFULL,0x00000001FFFFFFFFULL} /* this one is "carry-full" */
+ };
+static const BN_ULONG _nist_p_224_sqr[] = {
+ 0x0000000000000001ULL,0xFFFFFFFE00000000ULL,
+ 0xFFFFFFFFFFFFFFFFULL,0x0000000200000000ULL,
+ 0x0000000000000000ULL,0xFFFFFFFFFFFFFFFEULL,
+ 0xFFFFFFFFFFFFFFFFULL
+ };
+static const BN_ULONG _nist_p_256[][BN_NIST_256_TOP] = {
{0xFFFFFFFFFFFFFFFFULL,0x00000000FFFFFFFFULL,
- 0x0000000000000000ULL,0xFFFFFFFF00000001ULL};
-static const BN_ULONG _nist_p_384[] =
- {0x00000000FFFFFFFFULL,0xFFFFFFFF00000000ULL,
- 0xFFFFFFFFFFFFFFFEULL,0xFFFFFFFFFFFFFFFFULL,
- 0xFFFFFFFFFFFFFFFFULL,0xFFFFFFFFFFFFFFFFULL};
+ 0x0000000000000000ULL,0xFFFFFFFF00000001ULL},
+ {0xFFFFFFFFFFFFFFFEULL,0x00000001FFFFFFFFULL,
+ 0x0000000000000000ULL,0xFFFFFFFE00000002ULL},
+ {0xFFFFFFFFFFFFFFFDULL,0x00000002FFFFFFFFULL,
+ 0x0000000000000000ULL,0xFFFFFFFD00000003ULL},
+ {0xFFFFFFFFFFFFFFFCULL,0x00000003FFFFFFFFULL,
+ 0x0000000000000000ULL,0xFFFFFFFC00000004ULL},
+ {0xFFFFFFFFFFFFFFFBULL,0x00000004FFFFFFFFULL,
+ 0x0000000000000000ULL,0xFFFFFFFB00000005ULL},
+ };
+static const BN_ULONG _nist_p_256_sqr[] = {
+ 0x0000000000000001ULL,0xFFFFFFFE00000000ULL,
+ 0xFFFFFFFFFFFFFFFFULL,0x00000001FFFFFFFEULL,
+ 0x00000001FFFFFFFEULL,0x00000001FFFFFFFEULL,
+ 0xFFFFFFFE00000001ULL,0xFFFFFFFE00000002ULL
+ };
+static const BN_ULONG _nist_p_384[][BN_NIST_384_TOP] = {
+ {0x00000000FFFFFFFFULL,0xFFFFFFFF00000000ULL,0xFFFFFFFFFFFFFFFEULL,
+ 0xFFFFFFFFFFFFFFFFULL,0xFFFFFFFFFFFFFFFFULL,0xFFFFFFFFFFFFFFFFULL},
+ {0x00000001FFFFFFFEULL,0xFFFFFFFE00000000ULL,0xFFFFFFFFFFFFFFFDULL,
+ 0xFFFFFFFFFFFFFFFFULL,0xFFFFFFFFFFFFFFFFULL,0xFFFFFFFFFFFFFFFFULL},
+ {0x00000002FFFFFFFDULL,0xFFFFFFFD00000000ULL,0xFFFFFFFFFFFFFFFCULL,
+ 0xFFFFFFFFFFFFFFFFULL,0xFFFFFFFFFFFFFFFFULL,0xFFFFFFFFFFFFFFFFULL},
+ {0x00000003FFFFFFFCULL,0xFFFFFFFC00000000ULL,0xFFFFFFFFFFFFFFFBULL,
+ 0xFFFFFFFFFFFFFFFFULL,0xFFFFFFFFFFFFFFFFULL,0xFFFFFFFFFFFFFFFFULL},
+ {0x00000004FFFFFFFBULL,0xFFFFFFFB00000000ULL,0xFFFFFFFFFFFFFFFAULL,
+ 0xFFFFFFFFFFFFFFFFULL,0xFFFFFFFFFFFFFFFFULL,0xFFFFFFFFFFFFFFFFULL},
+ };
+static const BN_ULONG _nist_p_384_sqr[] = {
+ 0xFFFFFFFE00000001ULL,0x0000000200000000ULL,0xFFFFFFFE00000000ULL,
+ 0x0000000200000000ULL,0x0000000000000001ULL,0x0000000000000000ULL,
+ 0x00000001FFFFFFFEULL,0xFFFFFFFE00000000ULL,0xFFFFFFFFFFFFFFFDULL,
+ 0xFFFFFFFFFFFFFFFFULL,0xFFFFFFFFFFFFFFFFULL,0xFFFFFFFFFFFFFFFFULL
+ };
static const BN_ULONG _nist_p_521[] =
{0xFFFFFFFFFFFFFFFFULL,0xFFFFFFFFFFFFFFFFULL,
0xFFFFFFFFFFFFFFFFULL,0xFFFFFFFFFFFFFFFFULL,
0xFFFFFFFFFFFFFFFFULL,0xFFFFFFFFFFFFFFFFULL,
0xFFFFFFFFFFFFFFFFULL,0xFFFFFFFFFFFFFFFFULL,
0x00000000000001FFULL};
+static const BN_ULONG _nist_p_521_sqr[] = {
+ 0x0000000000000001ULL,0x0000000000000000ULL,0x0000000000000000ULL,
+ 0x0000000000000000ULL,0x0000000000000000ULL,0x0000000000000000ULL,
+ 0x0000000000000000ULL,0x0000000000000000ULL,0xFFFFFFFFFFFFFC00ULL,
+ 0xFFFFFFFFFFFFFFFFULL,0xFFFFFFFFFFFFFFFFULL,0xFFFFFFFFFFFFFFFFULL,
+ 0xFFFFFFFFFFFFFFFFULL,0xFFFFFFFFFFFFFFFFULL,0xFFFFFFFFFFFFFFFFULL,
+ 0xFFFFFFFFFFFFFFFFULL,0x000000000003FFFFULL
+ };
#elif BN_BITS2 == 32
-static const BN_ULONG _nist_p_192[] = {0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFE,
- 0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF};
-static const BN_ULONG _nist_p_224[] = {0x00000001,0x00000000,0x00000000,
- 0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF};
-static const BN_ULONG _nist_p_256[] = {0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,
- 0x00000000,0x00000000,0x00000000,0x00000001,0xFFFFFFFF};
-static const BN_ULONG _nist_p_384[] = {0xFFFFFFFF,0x00000000,0x00000000,
- 0xFFFFFFFF,0xFFFFFFFE,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,
- 0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF};
+static const BN_ULONG _nist_p_192[][BN_NIST_192_TOP] = {
+ {0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFE,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF},
+ {0xFFFFFFFE,0xFFFFFFFF,0xFFFFFFFD,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF},
+ {0xFFFFFFFD,0xFFFFFFFF,0xFFFFFFFC,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF}
+ };
+static const BN_ULONG _nist_p_192_sqr[] = {
+ 0x00000001,0x00000000,0x00000002,0x00000000,0x00000001,0x00000000,
+ 0xFFFFFFFE,0xFFFFFFFF,0xFFFFFFFD,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF
+ };
+static const BN_ULONG _nist_p_224[][BN_NIST_224_TOP] = {
+ {0x00000001,0x00000000,0x00000000,0xFFFFFFFF,
+ 0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF},
+ {0x00000002,0x00000000,0x00000000,0xFFFFFFFE,
+ 0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF}
+ };
+static const BN_ULONG _nist_p_224_sqr[] = {
+ 0x00000001,0x00000000,0x00000000,0xFFFFFFFE,
+ 0xFFFFFFFF,0xFFFFFFFF,0x00000000,0x00000002,
+ 0x00000000,0x00000000,0xFFFFFFFE,0xFFFFFFFF,
+ 0xFFFFFFFF,0xFFFFFFFF
+ };
+static const BN_ULONG _nist_p_256[][BN_NIST_256_TOP] = {
+ {0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0x00000000,
+ 0x00000000,0x00000000,0x00000001,0xFFFFFFFF},
+ {0xFFFFFFFE,0xFFFFFFFF,0xFFFFFFFF,0x00000001,
+ 0x00000000,0x00000000,0x00000002,0xFFFFFFFE},
+ {0xFFFFFFFD,0xFFFFFFFF,0xFFFFFFFF,0x00000002,
+ 0x00000000,0x00000000,0x00000003,0xFFFFFFFD},
+ {0xFFFFFFFC,0xFFFFFFFF,0xFFFFFFFF,0x00000003,
+ 0x00000000,0x00000000,0x00000004,0xFFFFFFFC},
+ {0xFFFFFFFB,0xFFFFFFFF,0xFFFFFFFF,0x00000004,
+ 0x00000000,0x00000000,0x00000005,0xFFFFFFFB},
+ };
+static const BN_ULONG _nist_p_256_sqr[] = {
+ 0x00000001,0x00000000,0x00000000,0xFFFFFFFE,
+ 0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFE,0x00000001,
+ 0xFFFFFFFE,0x00000001,0xFFFFFFFE,0x00000001,
+ 0x00000001,0xFFFFFFFE,0x00000002,0xFFFFFFFE
+ };
+static const BN_ULONG _nist_p_384[][BN_NIST_384_TOP] = {
+ {0xFFFFFFFF,0x00000000,0x00000000,0xFFFFFFFF,0xFFFFFFFE,0xFFFFFFFF,
+ 0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF},
+ {0xFFFFFFFE,0x00000001,0x00000000,0xFFFFFFFE,0xFFFFFFFD,0xFFFFFFFF,
+ 0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF},
+ {0xFFFFFFFD,0x00000002,0x00000000,0xFFFFFFFD,0xFFFFFFFC,0xFFFFFFFF,
+ 0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF},
+ {0xFFFFFFFC,0x00000003,0x00000000,0xFFFFFFFC,0xFFFFFFFB,0xFFFFFFFF,
+ 0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF},
+ {0xFFFFFFFB,0x00000004,0x00000000,0xFFFFFFFB,0xFFFFFFFA,0xFFFFFFFF,
+ 0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF},
+ };
+static const BN_ULONG _nist_p_384_sqr[] = {
+ 0x00000001,0xFFFFFFFE,0x00000000,0x00000002,0x00000000,0xFFFFFFFE,
+ 0x00000000,0x00000002,0x00000001,0x00000000,0x00000000,0x00000000,
+ 0xFFFFFFFE,0x00000001,0x00000000,0xFFFFFFFE,0xFFFFFFFD,0xFFFFFFFF,
+ 0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF
+ };
static const BN_ULONG _nist_p_521[] = {0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,
0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,
0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,
0xFFFFFFFF,0x000001FF};
+static const BN_ULONG _nist_p_521_sqr[] = {
+ 0x00000001,0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,
+ 0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,
+ 0x00000000,0x00000000,0x00000000,0x00000000,0xFFFFFC00,0xFFFFFFFF,
+ 0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,
+ 0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,
+ 0xFFFFFFFF,0xFFFFFFFF,0x0003FFFF
+ };
+#else
+#error "unsupported BN_BITS2"
#endif
static const BIGNUM _bignum_nist_p_192 =
{
- (BN_ULONG *)_nist_p_192,
+ (BN_ULONG *)_nist_p_192[0],
BN_NIST_192_TOP,
BN_NIST_192_TOP,
0,
@@ -114,7 +225,7 @@ static const BIGNUM _bignum_nist_p_192 =
static const BIGNUM _bignum_nist_p_224 =
{
- (BN_ULONG *)_nist_p_224,
+ (BN_ULONG *)_nist_p_224[0],
BN_NIST_224_TOP,
BN_NIST_224_TOP,
0,
@@ -123,7 +234,7 @@ static const BIGNUM _bignum_nist_p_224 =
static const BIGNUM _bignum_nist_p_256 =
{
- (BN_ULONG *)_nist_p_256,
+ (BN_ULONG *)_nist_p_256[0],
BN_NIST_256_TOP,
BN_NIST_256_TOP,
0,
@@ -132,7 +243,7 @@ static const BIGNUM _bignum_nist_p_256 =
static const BIGNUM _bignum_nist_p_384 =
{
- (BN_ULONG *)_nist_p_384,
+ (BN_ULONG *)_nist_p_384[0],
BN_NIST_384_TOP,
BN_NIST_384_TOP,
0,
@@ -180,7 +291,9 @@ static void nist_cp_bn_0(BN_ULONG *buf, BN_ULONG *a, int top, int max)
int i;
BN_ULONG *_tmp1 = (buf), *_tmp2 = (a);
+#ifdef BN_DEBUG
OPENSSL_assert(top <= max);
+#endif
for (i = (top); i != 0; i--)
*_tmp1++ = *_tmp2++;
for (i = (max) - (top); i != 0; i--)
@@ -198,9 +311,14 @@ static void nist_cp_bn(BN_ULONG *buf, BN_ULONG *a, int top)
#if BN_BITS2 == 64
#define bn_cp_64(to, n, from, m) (to)[n] = (m>=0)?((from)[m]):0;
#define bn_64_set_0(to, n) (to)[n] = (BN_ULONG)0;
-/* TBD */
-#define bn_cp_32(to, n, from, m) (to)[n] = (m>=0)?((from)[m]):0;
-#define bn_32_set_0(to, n) (to)[n] = (BN_ULONG)0;
+/*
+ * two following macros are implemented under assumption that they
+ * are called in a sequence with *ascending* n, i.e. as they are...
+ */
+#define bn_cp_32_naked(to, n, from, m) (((n)&1)?(to[(n)/2]|=((m)&1)?(from[(m)/2]&BN_MASK2h):(from[(m)/2]<<32))\
+ :(to[(n)/2] =((m)&1)?(from[(m)/2]>>32):(from[(m)/2]&BN_MASK2l)))
+#define bn_32_set_0(to, n) (((n)&1)?(to[(n)/2]&=BN_MASK2l):(to[(n)/2]=0));
+#define bn_cp_32(to,n,from,m) ((m)>=0)?bn_cp_32_naked(to,n,from,m):bn_32_set_0(to,n)
#else
#define bn_cp_64(to, n, from, m) \
{ \
@@ -221,9 +339,9 @@ static void nist_cp_bn(BN_ULONG *buf, BN_ULONG *a, int top)
#define nist_set_192(to, from, a1, a2, a3) \
{ \
- if (a3 != 0) bn_cp_64(to, 0, from, (a3) - 3) else bn_64_set_0(to, 0)\
+ bn_cp_64(to, 0, from, (a3) - 3) \
bn_cp_64(to, 1, from, (a2) - 3) \
- if (a1 != 0) bn_cp_64(to, 2, from, (a1) - 3) else bn_64_set_0(to, 2)\
+ bn_cp_64(to, 2, from, (a1) - 3) \
}
int BN_nist_mod_192(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
@@ -237,11 +355,16 @@ int BN_nist_mod_192(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
c_d[BN_NIST_192_TOP],
*res;
size_t mask;
+ static const BIGNUM _bignum_nist_p_192_sqr = {
+ (BN_ULONG *)_nist_p_192_sqr,
+ sizeof(_nist_p_192_sqr)/sizeof(_nist_p_192_sqr[0]),
+ sizeof(_nist_p_192_sqr)/sizeof(_nist_p_192_sqr[0]),
+ 0,BN_FLG_STATIC_DATA };
field = &_bignum_nist_p_192; /* just to make sure */
- if (BN_is_negative(a) || a->top > 2*BN_NIST_192_TOP)
- return BN_nnmod(r, field, a, ctx);
+ if (BN_is_negative(a) || BN_ucmp(a,&_bignum_nist_p_192_sqr)>=0)
+ return BN_nnmod(r, a, field, ctx);
i = BN_ucmp(field, a);
if (i == 0)
@@ -265,50 +388,49 @@ int BN_nist_mod_192(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
nist_cp_bn_0(buf, a_d + BN_NIST_192_TOP, top - BN_NIST_192_TOP, BN_NIST_192_TOP);
nist_set_192(t_d, buf, 0, 3, 3);
- carry = bn_add_words(r_d, r_d, t_d, BN_NIST_192_TOP);
- mask = 0-(size_t)bn_sub_words(c_d,r_d,_nist_p_192,BN_NIST_192_TOP);
- mask = ~mask | (0-(size_t)carry);
- res = (BN_ULONG *)(((size_t)c_d&mask) | ((size_t)r_d&~mask));
-
+ carry = (int)bn_add_words(r_d, r_d, t_d, BN_NIST_192_TOP);
nist_set_192(t_d, buf, 4, 4, 0);
- carry = bn_add_words(r_d, res, t_d, BN_NIST_192_TOP);
- mask = 0-(size_t)bn_sub_words(c_d,r_d,_nist_p_192,BN_NIST_192_TOP);
- mask = ~mask | (0-(size_t)carry);
- res = (BN_ULONG *)(((size_t)c_d&mask) | ((size_t)r_d&~mask));
-
+ carry += (int)bn_add_words(r_d, r_d, t_d, BN_NIST_192_TOP);
nist_set_192(t_d, buf, 5, 5, 5)
- carry = bn_add_words(r_d, res, t_d, BN_NIST_192_TOP);
- mask = 0-(size_t)bn_sub_words(c_d,r_d,_nist_p_192,BN_NIST_192_TOP);
- mask = ~mask | (0-(size_t)carry);
- res = (BN_ULONG *)(((size_t)c_d&mask) | ((size_t)r_d&~mask));
+ carry += (int)bn_add_words(r_d, r_d, t_d, BN_NIST_192_TOP);
+ if (carry > 0)
+ carry = (int)bn_sub_words(r_d,r_d,_nist_p_192[carry-1],BN_NIST_192_TOP);
+ else
+ carry = 1;
+
+ /*
+ * we need 'if (carry==0 || result>=modulus) result-=modulus;'
+ * as comparison implies subtraction, we can write
+ * 'tmp=result-modulus; if (!carry || !borrow) result=tmp;'
+ * this is what happens below, but without explicit if:-) a.
+ */
+ mask = 0-(size_t)bn_sub_words(c_d,r_d,_nist_p_192[0],BN_NIST_192_TOP);
+ mask &= 0-(size_t)carry;
+ res = (BN_ULONG *)(((size_t)c_d&~mask) | ((size_t)r_d&mask));
nist_cp_bn(r_d, res, BN_NIST_192_TOP);
r->top = BN_NIST_192_TOP;
bn_correct_top(r);
- if (BN_ucmp(field, r) <= 0)
- {
- if (!BN_usub(r, r, field)) return 0;
- }
-
return 1;
}
+typedef BN_ULONG (*bn_addsub_f)(BN_ULONG *,const BN_ULONG *,const BN_ULONG *,int);
+
#define nist_set_224(to, from, a1, a2, a3, a4, a5, a6, a7) \
{ \
- if (a7 != 0) bn_cp_32(to, 0, from, (a7) - 7) else bn_32_set_0(to, 0)\
- if (a6 != 0) bn_cp_32(to, 1, from, (a6) - 7) else bn_32_set_0(to, 1)\
- if (a5 != 0) bn_cp_32(to, 2, from, (a5) - 7) else bn_32_set_0(to, 2)\
- if (a4 != 0) bn_cp_32(to, 3, from, (a4) - 7) else bn_32_set_0(to, 3)\
- if (a3 != 0) bn_cp_32(to, 4, from, (a3) - 7) else bn_32_set_0(to, 4)\
- if (a2 != 0) bn_cp_32(to, 5, from, (a2) - 7) else bn_32_set_0(to, 5)\
- if (a1 != 0) bn_cp_32(to, 6, from, (a1) - 7) else bn_32_set_0(to, 6)\
+ bn_cp_32(to, 0, from, (a7) - 7) \
+ bn_cp_32(to, 1, from, (a6) - 7) \
+ bn_cp_32(to, 2, from, (a5) - 7) \
+ bn_cp_32(to, 3, from, (a4) - 7) \
+ bn_cp_32(to, 4, from, (a3) - 7) \
+ bn_cp_32(to, 5, from, (a2) - 7) \
+ bn_cp_32(to, 6, from, (a1) - 7) \
}
int BN_nist_mod_224(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
BN_CTX *ctx)
{
-#if BN_BITS2 == 32
int top = a->top, i;
int carry;
BN_ULONG *r_d, *a_d = a->d;
@@ -317,11 +439,18 @@ int BN_nist_mod_224(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
c_d[BN_NIST_224_TOP],
*res;
size_t mask;
+ union { bn_addsub_f f; size_t p; } u;
+ static const BIGNUM _bignum_nist_p_224_sqr = {
+ (BN_ULONG *)_nist_p_224_sqr,
+ sizeof(_nist_p_224_sqr)/sizeof(_nist_p_224_sqr[0]),
+ sizeof(_nist_p_224_sqr)/sizeof(_nist_p_224_sqr[0]),
+ 0,BN_FLG_STATIC_DATA };
+
field = &_bignum_nist_p_224; /* just to make sure */
- if (BN_is_negative(a) || a->top > 2*BN_NIST_224_TOP)
- return BN_nnmod(r, field, a, ctx);
+ if (BN_is_negative(a) || BN_ucmp(a,&_bignum_nist_p_224_sqr)>=0)
+ return BN_nnmod(r, a, field, ctx);
i = BN_ucmp(field, a);
if (i == 0)
@@ -342,72 +471,77 @@ int BN_nist_mod_224(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
else
r_d = a_d;
+#if BN_BITS2==64
+ /* copy upper 256 bits of 448 bit number ... */
+ nist_cp_bn_0(t_d, a_d + (BN_NIST_224_TOP-1), top - (BN_NIST_224_TOP-1), BN_NIST_224_TOP);
+ /* ... and right shift by 32 to obtain upper 224 bits */
+ nist_set_224(buf, t_d, 14, 13, 12, 11, 10, 9, 8);
+ /* truncate lower part to 224 bits too */
+ r_d[BN_NIST_224_TOP-1] &= BN_MASK2l;
+#else
nist_cp_bn_0(buf, a_d + BN_NIST_224_TOP, top - BN_NIST_224_TOP, BN_NIST_224_TOP);
-
+#endif
nist_set_224(t_d, buf, 10, 9, 8, 7, 0, 0, 0);
- carry = bn_add_words(r_d, r_d, t_d, BN_NIST_224_TOP);
- mask = 0-(size_t)bn_sub_words(c_d,r_d,_nist_p_224,BN_NIST_224_TOP);
- mask = ~mask | (0-(size_t)carry);
- res = (BN_ULONG *)(((size_t)c_d&mask) | ((size_t)r_d&~mask));
-
+ carry = (int)bn_add_words(r_d, r_d, t_d, BN_NIST_224_TOP);
nist_set_224(t_d, buf, 0, 13, 12, 11, 0, 0, 0);
- carry = bn_add_words(r_d, res, t_d, BN_NIST_224_TOP);
- mask = 0-(size_t)bn_sub_words(c_d,r_d,_nist_p_224,BN_NIST_224_TOP);
- mask = ~mask | (0-(size_t)carry);
- res = (BN_ULONG *)(((size_t)c_d&mask) | ((size_t)r_d&~mask));
-
+ carry += (int)bn_add_words(r_d, r_d, t_d, BN_NIST_224_TOP);
nist_set_224(t_d, buf, 13, 12, 11, 10, 9, 8, 7);
-#if BRANCH_FREE
- carry = bn_sub_words(r_d, res, t_d, BN_NIST_224_TOP);
- bn_add_words(c_d,r_d,_nist_p_224,BN_NIST_224_TOP);
- mask = 0-(size_t)carry;
- res = (BN_ULONG *)(((size_t)c_d&mask) | ((size_t)r_d&~mask));
-#else
- if (bn_sub_words(r_d, res, t_d, BN_NIST_224_TOP))
- bn_add_words(r_d,r_d,_nist_p_224,BN_NIST_224_TOP);
-#endif
+ carry -= (int)bn_sub_words(r_d, r_d, t_d, BN_NIST_224_TOP);
nist_set_224(t_d, buf, 0, 0, 0, 0, 13, 12, 11);
-#if BRANCH_FREE
- carry = bn_sub_words(r_d, res, t_d, BN_NIST_224_TOP);
- bn_add_words(c_d,r_d,_nist_p_224,BN_NIST_224_TOP);
- mask = 0-(size_t)carry;
- res = (BN_ULONG *)(((size_t)c_d&mask) | ((size_t)r_d&~mask));
+ carry -= (int)bn_sub_words(r_d, r_d, t_d, BN_NIST_224_TOP);
- nist_cp_bn(r_d, res, BN_NIST_224_TOP);
-#else
- if (bn_sub_words(r_d, r_d, t_d, BN_NIST_224_TOP))
- bn_add_words(r_d,r_d,_nist_p_224,BN_NIST_224_TOP);
+#if BN_BITS2==64
+ carry = (int)(r_d[BN_NIST_224_TOP-1]>>32);
#endif
- r->top = BN_NIST_224_TOP;
- bn_correct_top(r);
-
- if (BN_ucmp(field, r) <= 0)
+ u.f = bn_sub_words;
+ if (carry > 0)
{
- if (!BN_usub(r, r, field)) return 0;
+ carry = (int)bn_sub_words(r_d,r_d,_nist_p_224[carry-1],BN_NIST_224_TOP);
+#if BN_BITS2==64
+ carry=(int)(~(r_d[BN_NIST_224_TOP-1]>>32))&1;
+#endif
}
+ else if (carry < 0)
+ {
+ /* it's a bit more comlicated logic in this case.
+ * if bn_add_words yields no carry, then result
+ * has to be adjusted by unconditionally *adding*
+ * the modulus. but if it does, then result has
+ * to be compared to the modulus and conditionally
+ * adjusted by *subtracting* the latter. */
+ carry = (int)bn_add_words(r_d,r_d,_nist_p_224[-carry-1],BN_NIST_224_TOP);
+ mask = 0-(size_t)carry;
+ u.p = ((size_t)bn_sub_words&mask) | ((size_t)bn_add_words&~mask);
+ }
+ else
+ carry = 1;
+
+ /* otherwise it's effectively same as in BN_nist_mod_192... */
+ mask = 0-(size_t)(*u.f)(c_d,r_d,_nist_p_224[0],BN_NIST_224_TOP);
+ mask &= 0-(size_t)carry;
+ res = (BN_ULONG *)(((size_t)c_d&~mask) | ((size_t)r_d&mask));
+ nist_cp_bn(r_d, res, BN_NIST_224_TOP);
+ r->top = BN_NIST_224_TOP;
+ bn_correct_top(r);
return 1;
-#else /* BN_BITS!=32 */
- return 0;
-#endif
}
#define nist_set_256(to, from, a1, a2, a3, a4, a5, a6, a7, a8) \
{ \
- if (a8 != 0) bn_cp_32(to, 0, from, (a8) - 8) else bn_32_set_0(to, 0)\
- if (a7 != 0) bn_cp_32(to, 1, from, (a7) - 8) else bn_32_set_0(to, 1)\
- if (a6 != 0) bn_cp_32(to, 2, from, (a6) - 8) else bn_32_set_0(to, 2)\
- if (a5 != 0) bn_cp_32(to, 3, from, (a5) - 8) else bn_32_set_0(to, 3)\
- if (a4 != 0) bn_cp_32(to, 4, from, (a4) - 8) else bn_32_set_0(to, 4)\
- if (a3 != 0) bn_cp_32(to, 5, from, (a3) - 8) else bn_32_set_0(to, 5)\
- if (a2 != 0) bn_cp_32(to, 6, from, (a2) - 8) else bn_32_set_0(to, 6)\
- if (a1 != 0) bn_cp_32(to, 7, from, (a1) - 8) else bn_32_set_0(to, 7)\
+ bn_cp_32(to, 0, from, (a8) - 8) \
+ bn_cp_32(to, 1, from, (a7) - 8) \
+ bn_cp_32(to, 2, from, (a6) - 8) \
+ bn_cp_32(to, 3, from, (a5) - 8) \
+ bn_cp_32(to, 4, from, (a4) - 8) \
+ bn_cp_32(to, 5, from, (a3) - 8) \
+ bn_cp_32(to, 6, from, (a2) - 8) \
+ bn_cp_32(to, 7, from, (a1) - 8) \
}
int BN_nist_mod_256(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
BN_CTX *ctx)
{
-#if BN_BITS2 == 32
int i, top = a->top;
int carry = 0;
register BN_ULONG *a_d = a->d, *r_d;
@@ -416,11 +550,17 @@ int BN_nist_mod_256(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
c_d[BN_NIST_256_TOP],
*res;
size_t mask;
+ union { bn_addsub_f f; size_t p; } u;
+ static const BIGNUM _bignum_nist_p_256_sqr = {
+ (BN_ULONG *)_nist_p_256_sqr,
+ sizeof(_nist_p_256_sqr)/sizeof(_nist_p_256_sqr[0]),
+ sizeof(_nist_p_256_sqr)/sizeof(_nist_p_256_sqr[0]),
+ 0,BN_FLG_STATIC_DATA };
field = &_bignum_nist_p_256; /* just to make sure */
- if (BN_is_negative(a) || a->top > 2*BN_NIST_256_TOP)
- return BN_nnmod(r, field, a, ctx);
+ if (BN_is_negative(a) || BN_ucmp(a,&_bignum_nist_p_256_sqr)>=0)
+ return BN_nnmod(r, a, field, ctx);
i = BN_ucmp(field, a);
if (i == 0)
@@ -446,116 +586,84 @@ int BN_nist_mod_256(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
/*S1*/
nist_set_256(t_d, buf, 15, 14, 13, 12, 11, 0, 0, 0);
/*S2*/
- nist_set_256(c_d,buf, 0, 15, 14, 13, 12, 0, 0, 0);
- carry = bn_add_words(t_d, t_d, c_d, BN_NIST_256_TOP);
- mask = 0-(size_t)bn_sub_words(c_d,t_d,_nist_p_256,BN_NIST_256_TOP);
- mask = ~mask | (0-(size_t)carry);
- res = (BN_ULONG *)(((size_t)c_d&mask) | ((size_t)t_d&~mask));
-
- carry = bn_add_words(t_d, res, res, BN_NIST_256_TOP);
- mask = 0-(size_t)bn_sub_words(c_d,t_d,_nist_p_256,BN_NIST_256_TOP);
- mask = ~mask | (0-(size_t)carry);
- res = (BN_ULONG *)(((size_t)c_d&mask) | ((size_t)t_d&~mask));
-
- carry = bn_add_words(r_d, r_d, res, BN_NIST_256_TOP);
- mask = 0-(size_t)bn_sub_words(c_d,r_d,_nist_p_256,BN_NIST_256_TOP);
- mask = ~mask | (0-(size_t)carry);
- res = (BN_ULONG *)(((size_t)c_d&mask) | ((size_t)r_d&~mask));
-
+ nist_set_256(c_d, buf, 0, 15, 14, 13, 12, 0, 0, 0);
+ carry = (int)bn_add_words(t_d, t_d, c_d, BN_NIST_256_TOP);
+ /* left shift */
+ {
+ register BN_ULONG *ap,t,c;
+ ap = t_d;
+ c=0;
+ for (i = BN_NIST_256_TOP; i != 0; --i)
+ {
+ t= *ap;
+ *(ap++)=((t<<1)|c)&BN_MASK2;
+ c=(t & BN_TBIT)?1:0;
+ }
+ carry <<= 1;
+ carry |= c;
+ }
+ carry += (int)bn_add_words(r_d, r_d, t_d, BN_NIST_256_TOP);
/*S3*/
nist_set_256(t_d, buf, 15, 14, 0, 0, 0, 10, 9, 8);
- carry = bn_add_words(r_d, res, t_d, BN_NIST_256_TOP);
- mask = 0-(size_t)bn_sub_words(c_d,r_d,_nist_p_256,BN_NIST_256_TOP);
- mask = ~mask | (0-(size_t)carry);
- res = (BN_ULONG *)(((size_t)c_d&mask) | ((size_t)r_d&~mask));
-
+ carry += (int)bn_add_words(r_d, r_d, t_d, BN_NIST_256_TOP);
/*S4*/
nist_set_256(t_d, buf, 8, 13, 15, 14, 13, 11, 10, 9);
- carry = bn_add_words(r_d, res, t_d, BN_NIST_256_TOP);
- mask = 0-(size_t)bn_sub_words(c_d,r_d,_nist_p_256,BN_NIST_256_TOP);
- mask = ~mask | (0-(size_t)carry);
- res = (BN_ULONG *)(((size_t)c_d&mask) | ((size_t)r_d&~mask));
-
+ carry += (int)bn_add_words(r_d, r_d, t_d, BN_NIST_256_TOP);
/*D1*/
nist_set_256(t_d, buf, 10, 8, 0, 0, 0, 13, 12, 11);
-#if BRANCH_FREE
- carry = bn_sub_words(r_d, res, t_d, BN_NIST_256_TOP);
- bn_add_words(c_d,r_d,_nist_p_256,BN_NIST_256_TOP);
- mask = 0-(size_t)carry;
- res = (BN_ULONG *)(((size_t)c_d&mask) | ((size_t)r_d&~mask));
-#else
- if (bn_sub_words(r_d, res, t_d, BN_NIST_256_TOP))
- bn_add_words(r_d,r_d,_nist_p_256,BN_NIST_256_TOP);
-#endif
+ carry -= (int)bn_sub_words(r_d, r_d, t_d, BN_NIST_256_TOP);
/*D2*/
nist_set_256(t_d, buf, 11, 9, 0, 0, 15, 14, 13, 12);
-#if BRANCH_FREE
- carry = bn_sub_words(r_d, res, t_d, BN_NIST_256_TOP);
- bn_add_words(c_d,r_d,_nist_p_256,BN_NIST_256_TOP);
- mask = 0-(size_t)carry;
- res = (BN_ULONG *)(((size_t)c_d&mask) | ((size_t)r_d&~mask));
-#else
- if (bn_sub_words(r_d, r_d, t_d, BN_NIST_256_TOP))
- bn_add_words(r_d,r_d,_nist_p_256,BN_NIST_256_TOP);
-#endif
+ carry -= (int)bn_sub_words(r_d, r_d, t_d, BN_NIST_256_TOP);
/*D3*/
nist_set_256(t_d, buf, 12, 0, 10, 9, 8, 15, 14, 13);
-#if BRANCH_FREE
- carry = bn_sub_words(r_d, res, t_d, BN_NIST_256_TOP);
- bn_add_words(c_d,r_d,_nist_p_256,BN_NIST_256_TOP);
- mask = 0-(size_t)carry;
- res = (BN_ULONG *)(((size_t)c_d&mask) | ((size_t)r_d&~mask));
-#else
- if (bn_sub_words(r_d, r_d, t_d, BN_NIST_256_TOP))
- bn_add_words(r_d,r_d,_nist_p_256,BN_NIST_256_TOP);
-#endif
+ carry -= (int)bn_sub_words(r_d, r_d, t_d, BN_NIST_256_TOP);
/*D4*/
nist_set_256(t_d, buf, 13, 0, 11, 10, 9, 0, 15, 14);
-#if BRANCH_FREE
- carry = bn_sub_words(r_d, res, t_d, BN_NIST_256_TOP);
- bn_add_words(c_d,r_d,_nist_p_256,BN_NIST_256_TOP);
- mask = 0-(size_t)carry;
- res = (BN_ULONG *)(((size_t)c_d&mask) | ((size_t)r_d&~mask));
-
- nist_cp_bn(r_d, res, BN_NIST_384_TOP);
-#else
- if (bn_sub_words(r_d, r_d, t_d, BN_NIST_256_TOP))
- bn_add_words(r_d,r_d,_nist_p_256,BN_NIST_256_TOP);
-#endif
- r->top = BN_NIST_256_TOP;
- bn_correct_top(r);
+ carry -= (int)bn_sub_words(r_d, r_d, t_d, BN_NIST_256_TOP);
- if (BN_ucmp(field, r) <= 0)
+ /* see BN_nist_mod_224 for explanation */
+ u.f = bn_sub_words;
+ if (carry > 0)
+ carry = (int)bn_sub_words(r_d,r_d,_nist_p_256[carry-1],BN_NIST_256_TOP);
+ else if (carry < 0)
{
- if (!BN_usub(r, r, field)) return 0;
+ carry = (int)bn_add_words(r_d,r_d,_nist_p_256[-carry-1],BN_NIST_256_TOP);
+ mask = 0-(size_t)carry;
+ u.p = ((size_t)bn_sub_words&mask) | ((size_t)bn_add_words&~mask);
}
+ else
+ carry = 1;
+
+ mask = 0-(size_t)(*u.f)(c_d,r_d,_nist_p_256[0],BN_NIST_256_TOP);
+ mask &= 0-(size_t)carry;
+ res = (BN_ULONG *)(((size_t)c_d&~mask) | ((size_t)r_d&mask));
+ nist_cp_bn(r_d, res, BN_NIST_256_TOP);
+ r->top = BN_NIST_256_TOP;
+ bn_correct_top(r);
return 1;
-#else /* BN_BITS!=32 */
- return 0;
-#endif
}
#define nist_set_384(to,from,a1,a2,a3,a4,a5,a6,a7,a8,a9,a10,a11,a12) \
{ \
- if (a12 != 0) bn_cp_32(to, 0, from, (a12) - 12) else bn_32_set_0(to, 0)\
- if (a11 != 0) bn_cp_32(to, 1, from, (a11) - 12) else bn_32_set_0(to, 1)\
- if (a10 != 0) bn_cp_32(to, 2, from, (a10) - 12) else bn_32_set_0(to, 2)\
- if (a9 != 0) bn_cp_32(to, 3, from, (a9) - 12) else bn_32_set_0(to, 3)\
- if (a8 != 0) bn_cp_32(to, 4, from, (a8) - 12) else bn_32_set_0(to, 4)\
- if (a7 != 0) bn_cp_32(to, 5, from, (a7) - 12) else bn_32_set_0(to, 5)\
- if (a6 != 0) bn_cp_32(to, 6, from, (a6) - 12) else bn_32_set_0(to, 6)\
- if (a5 != 0) bn_cp_32(to, 7, from, (a5) - 12) else bn_32_set_0(to, 7)\
- if (a4 != 0) bn_cp_32(to, 8, from, (a4) - 12) else bn_32_set_0(to, 8)\
- if (a3 != 0) bn_cp_32(to, 9, from, (a3) - 12) else bn_32_set_0(to, 9)\
- if (a2 != 0) bn_cp_32(to, 10, from, (a2) - 12) else bn_32_set_0(to, 10)\
- if (a1 != 0) bn_cp_32(to, 11, from, (a1) - 12) else bn_32_set_0(to, 11)\
+ bn_cp_32(to, 0, from, (a12) - 12) \
+ bn_cp_32(to, 1, from, (a11) - 12) \
+ bn_cp_32(to, 2, from, (a10) - 12) \
+ bn_cp_32(to, 3, from, (a9) - 12) \
+ bn_cp_32(to, 4, from, (a8) - 12) \
+ bn_cp_32(to, 5, from, (a7) - 12) \
+ bn_cp_32(to, 6, from, (a6) - 12) \
+ bn_cp_32(to, 7, from, (a5) - 12) \
+ bn_cp_32(to, 8, from, (a4) - 12) \
+ bn_cp_32(to, 9, from, (a3) - 12) \
+ bn_cp_32(to, 10, from, (a2) - 12) \
+ bn_cp_32(to, 11, from, (a1) - 12) \
}
int BN_nist_mod_384(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
BN_CTX *ctx)
{
-#if BN_BITS2 == 32
int i, top = a->top;
int carry = 0;
register BN_ULONG *r_d, *a_d = a->d;
@@ -564,11 +672,18 @@ int BN_nist_mod_384(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
c_d[BN_NIST_384_TOP],
*res;
size_t mask;
+ union { bn_addsub_f f; size_t p; } u;
+ static const BIGNUM _bignum_nist_p_384_sqr = {
+ (BN_ULONG *)_nist_p_384_sqr,
+ sizeof(_nist_p_384_sqr)/sizeof(_nist_p_384_sqr[0]),
+ sizeof(_nist_p_384_sqr)/sizeof(_nist_p_384_sqr[0]),
+ 0,BN_FLG_STATIC_DATA };
+
field = &_bignum_nist_p_384; /* just to make sure */
- if (BN_is_negative(a) || a->top > 2*BN_NIST_384_TOP)
- return BN_nnmod(r, field, a, ctx);
+ if (BN_is_negative(a) || BN_ucmp(a,&_bignum_nist_p_384_sqr)>=0)
+ return BN_nnmod(r, a, field, ctx);
i = BN_ucmp(field, a);
if (i == 0)
@@ -606,171 +721,116 @@ int BN_nist_mod_384(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
}
*ap=c;
}
- carry = bn_add_words(r_d+(128/BN_BITS2), r_d+(128/BN_BITS2),
+ carry = (int)bn_add_words(r_d+(128/BN_BITS2), r_d+(128/BN_BITS2),
t_d, BN_NIST_256_TOP);
- /*
- * we need if (result>=modulus) subtract(result,modulus);
- * in n-bit space this can be expressed as
- * if (carry || result>=modulus) subtract(result,modulus);
- * the catch is that comparison implies subtraction and
- * therefore one can write tmp=subtract(result,modulus);
- * and then if(carry || !borrow) result=tmp; this's what
- * happens below, but without explicit if:-) a.
- */
- mask = 0-(size_t)bn_sub_words(c_d,r_d,_nist_p_384,BN_NIST_384_TOP);
- mask = ~mask | (0-(size_t)carry);
- res = (BN_ULONG *)(((size_t)c_d&mask) | ((size_t)r_d&~mask));
-
/*S2 */
- carry = bn_add_words(r_d, res, buf, BN_NIST_384_TOP);
- mask = 0-(size_t)bn_sub_words(c_d,r_d,_nist_p_384,BN_NIST_384_TOP);
- mask = ~mask | (0-(size_t)carry);
- res = (BN_ULONG *)(((size_t)c_d&mask) | ((size_t)r_d&~mask));
-
+ carry += (int)bn_add_words(r_d, r_d, buf, BN_NIST_384_TOP);
/*S3*/
nist_set_384(t_d,buf,20,19,18,17,16,15,14,13,12,23,22,21);
- carry = bn_add_words(r_d, res, t_d, BN_NIST_384_TOP);
- mask = 0-(size_t)bn_sub_words(c_d,r_d,_nist_p_384,BN_NIST_384_TOP);
- mask = ~mask | (0-(size_t)carry);
- res = (BN_ULONG *)(((size_t)c_d&mask) | ((size_t)r_d&~mask));
-
+ carry += (int)bn_add_words(r_d, r_d, t_d, BN_NIST_384_TOP);
/*S4*/
nist_set_384(t_d,buf,19,18,17,16,15,14,13,12,20,0,23,0);
- carry = bn_add_words(r_d, res, t_d, BN_NIST_384_TOP);
- mask = 0-(size_t)bn_sub_words(c_d,r_d,_nist_p_384,BN_NIST_384_TOP);
- mask = ~mask | (0-(size_t)carry);
- res = (BN_ULONG *)(((size_t)c_d&mask) | ((size_t)r_d&~mask));
-
+ carry += (int)bn_add_words(r_d, r_d, t_d, BN_NIST_384_TOP);
/*S5*/
nist_set_384(t_d, buf,0,0,0,0,23,22,21,20,0,0,0,0);
- carry = bn_add_words(r_d, res, t_d, BN_NIST_384_TOP);
- mask = 0-(size_t)bn_sub_words(c_d,r_d,_nist_p_384,BN_NIST_384_TOP);
- mask = ~mask | (0-(size_t)carry);
- res = (BN_ULONG *)(((size_t)c_d&mask) | ((size_t)r_d&~mask));
-
+ carry += (int)bn_add_words(r_d, r_d, t_d, BN_NIST_384_TOP);
/*S6*/
nist_set_384(t_d,buf,0,0,0,0,0,0,23,22,21,0,0,20);
- carry = bn_add_words(r_d, res, t_d, BN_NIST_384_TOP);
- mask = 0-(size_t)bn_sub_words(c_d,r_d,_nist_p_384,BN_NIST_384_TOP);
- mask = ~mask | (0-(size_t)carry);
- res = (BN_ULONG *)(((size_t)c_d&mask) | ((size_t)r_d&~mask));
-
+ carry += (int)bn_add_words(r_d, r_d, t_d, BN_NIST_384_TOP);
/*D1*/
nist_set_384(t_d,buf,22,21,20,19,18,17,16,15,14,13,12,23);
-#if BRANCH_FREE
- carry = bn_sub_words(r_d, res, t_d, BN_NIST_384_TOP);
- bn_add_words(c_d,r_d,_nist_p_384,BN_NIST_384_TOP);
- mask = 0-(size_t)carry;
- res = (BN_ULONG *)(((size_t)c_d&mask) | ((size_t)r_d&~mask));
-#else
- if (bn_sub_words(r_d, res, t_d, BN_NIST_384_TOP))
- bn_add_words(r_d,r_d,_nist_p_384,BN_NIST_384_TOP);
-#endif
+ carry -= (int)bn_sub_words(r_d, r_d, t_d, BN_NIST_384_TOP);
/*D2*/
nist_set_384(t_d,buf,0,0,0,0,0,0,0,23,22,21,20,0);
-#if BRANCH_FREE
- carry = bn_sub_words(r_d, res, t_d, BN_NIST_384_TOP);
- bn_add_words(c_d,r_d,_nist_p_384,BN_NIST_384_TOP);
- mask = 0-(size_t)carry;
- res = (BN_ULONG *)(((size_t)c_d&mask) | ((size_t)r_d&~mask));
-#else
- if (bn_sub_words(r_d, r_d, t_d, BN_NIST_384_TOP))
- bn_add_words(r_d,r_d,_nist_p_384,BN_NIST_384_TOP);
-#endif
+ carry -= (int)bn_sub_words(r_d, r_d, t_d, BN_NIST_384_TOP);
/*D3*/
nist_set_384(t_d,buf,0,0,0,0,0,0,0,23,23,0,0,0);
-#if BRANCH_FREE
- carry = bn_sub_words(r_d, res, t_d, BN_NIST_384_TOP);
- bn_add_words(c_d,r_d,_nist_p_384,BN_NIST_384_TOP);
- mask = 0-(size_t)carry;
- res = (BN_ULONG *)(((size_t)c_d&mask) | ((size_t)r_d&~mask));
+ carry -= (int)bn_sub_words(r_d, r_d, t_d, BN_NIST_384_TOP);
+ /* see BN_nist_mod_224 for explanation */
+ u.f = bn_sub_words;
+ if (carry > 0)
+ carry = (int)bn_sub_words(r_d,r_d,_nist_p_384[carry-1],BN_NIST_384_TOP);
+ else if (carry < 0)
+ {
+ carry = (int)bn_add_words(r_d,r_d,_nist_p_384[-carry-1],BN_NIST_384_TOP);
+ mask = 0-(size_t)carry;
+ u.p = ((size_t)bn_sub_words&mask) | ((size_t)bn_add_words&~mask);
+ }
+ else
+ carry = 1;
+
+ mask = 0-(size_t)(*u.f)(c_d,r_d,_nist_p_384[0],BN_NIST_384_TOP);
+ mask &= 0-(size_t)carry;
+ res = (BN_ULONG *)(((size_t)c_d&~mask) | ((size_t)r_d&mask));
nist_cp_bn(r_d, res, BN_NIST_384_TOP);
-#else
- if (bn_sub_words(r_d, r_d, t_d, BN_NIST_384_TOP))
- bn_add_words(r_d,r_d,_nist_p_384,BN_NIST_384_TOP);
-#endif
r->top = BN_NIST_384_TOP;
bn_correct_top(r);
- if (BN_ucmp(field, r) <= 0)
- {
- if (!BN_usub(r, r, field)) return 0;
- }
-
return 1;
-#else /* BN_BITS!=32 */
- return 0;
-#endif
}
+#define BN_NIST_521_RSHIFT (521%BN_BITS2)
+#define BN_NIST_521_LSHIFT (BN_BITS2-BN_NIST_521_RSHIFT)
+#define BN_NIST_521_TOP_MASK ((BN_ULONG)BN_MASK2>>BN_NIST_521_LSHIFT)
+
int BN_nist_mod_521(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
BN_CTX *ctx)
{
-#if BN_BITS2 == 64
-#define BN_NIST_521_TOP_MASK (BN_ULONG)0x1FF
-#elif BN_BITS2 == 32
-#define BN_NIST_521_TOP_MASK (BN_ULONG)0x1FF
-#endif
- int top, ret = 0;
- BIGNUM *tmp;
+ int top = a->top, i;
+ BN_ULONG *r_d, *a_d = a->d,
+ t_d[BN_NIST_521_TOP],
+ val,tmp,*res;
+ size_t mask;
+ static const BIGNUM _bignum_nist_p_521_sqr = {
+ (BN_ULONG *)_nist_p_521_sqr,
+ sizeof(_nist_p_521_sqr)/sizeof(_nist_p_521_sqr[0]),
+ sizeof(_nist_p_521_sqr)/sizeof(_nist_p_521_sqr[0]),
+ 0,BN_FLG_STATIC_DATA };
field = &_bignum_nist_p_521; /* just to make sure */
- if (BN_is_negative(a))
- return BN_nnmod(r, field, a, ctx);
+ if (BN_is_negative(a) || BN_ucmp(a,&_bignum_nist_p_521_sqr)>=0)
+ return BN_nnmod(r, a, field, ctx);
- /* check whether a reduction is necessary */
- top = a->top;
- if (top < BN_NIST_521_TOP || ( top == BN_NIST_521_TOP &&
- (!(a->d[BN_NIST_521_TOP-1] & ~(BN_NIST_521_TOP_MASK)))))
+ i = BN_ucmp(field, a);
+ if (i == 0)
{
- int i = BN_ucmp(field, a);
- if (i == 0)
- {
- BN_zero(r);
- return 1;
- }
- else
- {
-#ifdef BN_DEBUG
- OPENSSL_assert(i > 0); /* because 'field' is 1111...1111 */
-#endif
- return (r == a)? 1 : (BN_copy(r ,a) != NULL);
- }
+ BN_zero(r);
+ return 1;
}
+ else if (i > 0)
+ return (r == a)? 1 : (BN_copy(r ,a) != NULL);
- if (BN_num_bits(a) > 2*521)
- return BN_nnmod(r, field, a, ctx);
-
- BN_CTX_start(ctx);
- tmp = BN_CTX_get(ctx);
- if (!tmp)
- goto err;
-
- if (!bn_wexpand(tmp, BN_NIST_521_TOP))
- goto err;
- nist_cp_bn(tmp->d, a->d, BN_NIST_521_TOP);
-
- tmp->top = BN_NIST_521_TOP;
- tmp->d[BN_NIST_521_TOP-1] &= BN_NIST_521_TOP_MASK;
- bn_correct_top(tmp);
-
- if (!BN_rshift(r, a, 521))
- goto err;
-
- if (!BN_uadd(r, tmp, r))
- goto err;
-
- if (BN_ucmp(field, r) <= 0)
+ if (r != a)
{
- if (!BN_usub(r, r, field)) goto err;
+ if (!bn_wexpand(r,BN_NIST_521_TOP))
+ return 0;
+ r_d = r->d;
+ nist_cp_bn(r_d,a_d, BN_NIST_521_TOP);
}
+ else
+ r_d = a_d;
- ret = 1;
-err:
- BN_CTX_end(ctx);
+ /* upper 521 bits, copy ... */
+ nist_cp_bn_0(t_d,a_d + (BN_NIST_521_TOP-1), top - (BN_NIST_521_TOP-1),BN_NIST_521_TOP);
+ /* ... and right shift */
+ for (val=t_d[0],i=0; i<BN_NIST_521_TOP-1; i++)
+ {
+ tmp = val>>BN_NIST_521_RSHIFT;
+ val = t_d[i+1];
+ t_d[i] = (tmp | val<<BN_NIST_521_LSHIFT) & BN_MASK2;
+ }
+ t_d[i] = val>>BN_NIST_521_RSHIFT;
+ /* lower 521 bits */
+ r_d[i] &= BN_NIST_521_TOP_MASK;
+
+ bn_add_words(r_d,r_d,t_d,BN_NIST_521_TOP);
+ mask = 0-(size_t)bn_sub_words(t_d,r_d,_nist_p_521,BN_NIST_521_TOP);
+ res = (BN_ULONG *)(((size_t)t_d&~mask) | ((size_t)r_d&mask));
+ nist_cp_bn(r_d,res,BN_NIST_521_TOP);
+ r->top = BN_NIST_521_TOP;
+ bn_correct_top(r);
- bn_check_top(r);
- return ret;
+ return 1;
}
diff --git a/lib/libcrypto/bn/bn_rand.c b/lib/libcrypto/bn/bn_rand.c
index f51830b12ba..b376c28ff3f 100644
--- a/lib/libcrypto/bn/bn_rand.c
+++ b/lib/libcrypto/bn/bn_rand.c
@@ -227,7 +227,7 @@ int BN_bntest_rand(BIGNUM *rnd, int bits, int top, int bottom)
/* random number r: 0 <= r < range */
-static int bn_rand_range(int pseudo, BIGNUM *r, BIGNUM *range)
+static int bn_rand_range(int pseudo, BIGNUM *r, const BIGNUM *range)
{
int (*bn_rand)(BIGNUM *, int, int, int) = pseudo ? BN_pseudo_rand : BN_rand;
int n;
@@ -294,12 +294,12 @@ static int bn_rand_range(int pseudo, BIGNUM *r, BIGNUM *range)
}
-int BN_rand_range(BIGNUM *r, BIGNUM *range)
+int BN_rand_range(BIGNUM *r, const BIGNUM *range)
{
return bn_rand_range(0, r, range);
}
-int BN_pseudo_rand_range(BIGNUM *r, BIGNUM *range)
+int BN_pseudo_rand_range(BIGNUM *r, const BIGNUM *range)
{
return bn_rand_range(1, r, range);
}
diff --git a/lib/libcrypto/bn/bn_shift.c b/lib/libcrypto/bn/bn_shift.c
index de9312dce23..c4d301afc46 100644
--- a/lib/libcrypto/bn/bn_shift.c
+++ b/lib/libcrypto/bn/bn_shift.c
@@ -177,7 +177,7 @@ int BN_rshift(BIGNUM *r, const BIGNUM *a, int n)
nw=n/BN_BITS2;
rb=n%BN_BITS2;
lb=BN_BITS2-rb;
- if (nw > a->top || a->top == 0)
+ if (nw >= a->top || a->top == 0)
{
BN_zero(r);
return(1);
diff --git a/lib/libcrypto/buffer/buffer.c b/lib/libcrypto/buffer/buffer.c
index 3bf03c7eff0..b3e947771d5 100644
--- a/lib/libcrypto/buffer/buffer.c
+++ b/lib/libcrypto/buffer/buffer.c
@@ -161,61 +161,3 @@ int BUF_MEM_grow_clean(BUF_MEM *str, int len)
}
return(len);
}
-
-char *BUF_strdup(const char *str)
- {
- if (str == NULL) return(NULL);
- return BUF_strndup(str, strlen(str));
- }
-
-char *BUF_strndup(const char *str, size_t siz)
- {
- char *ret;
-
- if (str == NULL) return(NULL);
-
- ret=OPENSSL_malloc(siz+1);
- if (ret == NULL)
- {
- BUFerr(BUF_F_BUF_STRNDUP,ERR_R_MALLOC_FAILURE);
- return(NULL);
- }
- BUF_strlcpy(ret,str,siz+1);
- return(ret);
- }
-
-void *BUF_memdup(const void *data, size_t siz)
- {
- void *ret;
-
- if (data == NULL) return(NULL);
-
- ret=OPENSSL_malloc(siz);
- if (ret == NULL)
- {
- BUFerr(BUF_F_BUF_MEMDUP,ERR_R_MALLOC_FAILURE);
- return(NULL);
- }
- return memcpy(ret, data, siz);
- }
-
-size_t BUF_strlcpy(char *dst, const char *src, size_t size)
- {
- size_t l = 0;
- for(; size > 1 && *src; size--)
- {
- *dst++ = *src++;
- l++;
- }
- if (size)
- *dst = '\0';
- return l + strlen(src);
- }
-
-size_t BUF_strlcat(char *dst, const char *src, size_t size)
- {
- size_t l = 0;
- for(; size > 0 && *dst; size--, dst++)
- l++;
- return l + BUF_strlcpy(dst, src, size);
- }
diff --git a/lib/libcrypto/cast/c_skey.c b/lib/libcrypto/cast/c_skey.c
index 76e40005c99..68e690a60c2 100644
--- a/lib/libcrypto/cast/c_skey.c
+++ b/lib/libcrypto/cast/c_skey.c
@@ -57,6 +57,11 @@
*/
#include <openssl/cast.h>
+#include <openssl/crypto.h>
+#ifdef OPENSSL_FIPS
+#include <openssl/fips.h>
+#endif
+
#include "cast_lcl.h"
#include "cast_s.h"
@@ -72,7 +77,7 @@
#define S6 CAST_S_table6
#define S7 CAST_S_table7
-void CAST_set_key(CAST_KEY *key, int len, const unsigned char *data)
+FIPS_NON_FIPS_VCIPHER_Init(CAST)
{
CAST_LONG x[16];
CAST_LONG z[16];
diff --git a/lib/libcrypto/cast/cast.h b/lib/libcrypto/cast/cast.h
index 90b45b950aa..1faf5806aac 100644
--- a/lib/libcrypto/cast/cast.h
+++ b/lib/libcrypto/cast/cast.h
@@ -83,7 +83,9 @@ typedef struct cast_key_st
int short_key; /* Use reduced rounds for short key */
} CAST_KEY;
-
+#ifdef OPENSSL_FIPS
+void private_CAST_set_key(CAST_KEY *key, int len, const unsigned char *data);
+#endif
void CAST_set_key(CAST_KEY *key, int len, const unsigned char *data);
void CAST_ecb_encrypt(const unsigned char *in,unsigned char *out,CAST_KEY *key,
int enc);
diff --git a/lib/libcrypto/cms/cms_smime.c b/lib/libcrypto/cms/cms_smime.c
index b35d28d411a..b9463f9abbc 100644
--- a/lib/libcrypto/cms/cms_smime.c
+++ b/lib/libcrypto/cms/cms_smime.c
@@ -68,7 +68,10 @@ static int cms_copy_content(BIO *out, BIO *in, unsigned int flags)
if (out == NULL)
tmpout = BIO_new(BIO_s_null());
else if (flags & CMS_TEXT)
+ {
tmpout = BIO_new(BIO_s_mem());
+ BIO_set_mem_eof_return(tmpout, 0);
+ }
else
tmpout = out;
diff --git a/lib/libcrypto/comp/c_zlib.c b/lib/libcrypto/comp/c_zlib.c
index 0f34597e704..eccfd091378 100644
--- a/lib/libcrypto/comp/c_zlib.c
+++ b/lib/libcrypto/comp/c_zlib.c
@@ -727,6 +727,7 @@ static long bio_zlib_ctrl(BIO *b, int cmd, long num, void *ptr)
case BIO_CTRL_RESET:
ctx->ocount = 0;
ctx->odone = 0;
+ ret = 1;
break;
case BIO_CTRL_FLUSH:
@@ -771,7 +772,7 @@ static long bio_zlib_ctrl(BIO *b, int cmd, long num, void *ptr)
}
ctx->obufsize = obs;
}
-
+ ret = 1;
break;
case BIO_C_DO_STATE_MACHINE:
@@ -783,7 +784,6 @@ static long bio_zlib_ctrl(BIO *b, int cmd, long num, void *ptr)
default:
ret = BIO_ctrl(b->next_bio, cmd, num, ptr);
break;
-
}
return ret;
diff --git a/lib/libcrypto/conf/conf_mall.c b/lib/libcrypto/conf/conf_mall.c
index 4ba40cf44cc..1cc1fd55345 100644
--- a/lib/libcrypto/conf/conf_mall.c
+++ b/lib/libcrypto/conf/conf_mall.c
@@ -1,5 +1,5 @@
/* conf_mall.c */
-/* Written by Stephen Henson (shenson@bigfoot.com) for the OpenSSL
+/* Written by Stephen Henson (steve@openssl.org) for the OpenSSL
* project 2001.
*/
/* ====================================================================
@@ -63,6 +63,7 @@
#include <openssl/dso.h>
#include <openssl/x509.h>
#include <openssl/asn1.h>
+#include <openssl/evp.h>
#ifndef OPENSSL_NO_ENGINE
#include <openssl/engine.h>
#endif
@@ -76,5 +77,6 @@ void OPENSSL_load_builtin_modules(void)
#ifndef OPENSSL_NO_ENGINE
ENGINE_add_conf_module();
#endif
+ EVP_add_alg_module();
}
diff --git a/lib/libcrypto/conf/conf_mod.c b/lib/libcrypto/conf/conf_mod.c
index 58b23ba9928..e286378cb19 100644
--- a/lib/libcrypto/conf/conf_mod.c
+++ b/lib/libcrypto/conf/conf_mod.c
@@ -1,5 +1,5 @@
/* conf_mod.c */
-/* Written by Stephen Henson (shenson@bigfoot.com) for the OpenSSL
+/* Written by Stephen Henson (steve@openssl.org) for the OpenSSL
* project 2001.
*/
/* ====================================================================
diff --git a/lib/libcrypto/conf/conf_sap.c b/lib/libcrypto/conf/conf_sap.c
index 9c53bac1a8c..760dc2632d3 100644
--- a/lib/libcrypto/conf/conf_sap.c
+++ b/lib/libcrypto/conf/conf_sap.c
@@ -1,5 +1,5 @@
/* conf_sap.c */
-/* Written by Stephen Henson (shenson@bigfoot.com) for the OpenSSL
+/* Written by Stephen Henson (steve@openssl.org) for the OpenSSL
* project 2001.
*/
/* ====================================================================
diff --git a/lib/libcrypto/cryptlib.c b/lib/libcrypto/cryptlib.c
index 8c686238286..8f9e88e403d 100644
--- a/lib/libcrypto/cryptlib.c
+++ b/lib/libcrypto/cryptlib.c
@@ -121,275 +121,17 @@
static double SSLeay_MSVC5_hack=0.0; /* and for VC1.5 */
#endif
-DECLARE_STACK_OF(CRYPTO_dynlock)
-IMPLEMENT_STACK_OF(CRYPTO_dynlock)
-
-/* real #defines in crypto.h, keep these upto date */
-static const char* const lock_names[CRYPTO_NUM_LOCKS] =
- {
- "<<ERROR>>",
- "err",
- "ex_data",
- "x509",
- "x509_info",
- "x509_pkey",
- "x509_crl",
- "x509_req",
- "dsa",
- "rsa",
- "evp_pkey",
- "x509_store",
- "ssl_ctx",
- "ssl_cert",
- "ssl_session",
- "ssl_sess_cert",
- "ssl",
- "ssl_method",
- "rand",
- "rand2",
- "debug_malloc",
- "BIO",
- "gethostbyname",
- "getservbyname",
- "readdir",
- "RSA_blinding",
- "dh",
- "debug_malloc2",
- "dso",
- "dynlock",
- "engine",
- "ui",
- "ecdsa",
- "ec",
- "ecdh",
- "bn",
- "ec_pre_comp",
- "store",
- "comp",
-#if CRYPTO_NUM_LOCKS != 39
-# error "Inconsistency between crypto.h and cryptlib.c"
-#endif
- };
-
-/* This is for applications to allocate new type names in the non-dynamic
- array of lock names. These are numbered with positive numbers. */
-static STACK *app_locks=NULL;
-
-/* For applications that want a more dynamic way of handling threads, the
- following stack is used. These are externally numbered with negative
- numbers. */
-static STACK_OF(CRYPTO_dynlock) *dyn_locks=NULL;
-
-
static void (MS_FAR *locking_callback)(int mode,int type,
const char *file,int line)=NULL;
static int (MS_FAR *add_lock_callback)(int *pointer,int amount,
int type,const char *file,int line)=NULL;
static unsigned long (MS_FAR *id_callback)(void)=NULL;
-static struct CRYPTO_dynlock_value *(MS_FAR *dynlock_create_callback)
- (const char *file,int line)=NULL;
-static void (MS_FAR *dynlock_lock_callback)(int mode,
- struct CRYPTO_dynlock_value *l, const char *file,int line)=NULL;
-static void (MS_FAR *dynlock_destroy_callback)(struct CRYPTO_dynlock_value *l,
- const char *file,int line)=NULL;
-
-int CRYPTO_get_new_lockid(char *name)
- {
- char *str;
- int i;
-
-#if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_WIN16)
- /* A hack to make Visual C++ 5.0 work correctly when linking as
- * a DLL using /MT. Without this, the application cannot use
- * and floating point printf's.
- * It also seems to be needed for Visual C 1.5 (win16) */
- SSLeay_MSVC5_hack=(double)name[0]*(double)name[1];
-#endif
-
- if ((app_locks == NULL) && ((app_locks=sk_new_null()) == NULL))
- {
- CRYPTOerr(CRYPTO_F_CRYPTO_GET_NEW_LOCKID,ERR_R_MALLOC_FAILURE);
- return(0);
- }
- if ((str=BUF_strdup(name)) == NULL)
- {
- CRYPTOerr(CRYPTO_F_CRYPTO_GET_NEW_LOCKID,ERR_R_MALLOC_FAILURE);
- return(0);
- }
- i=sk_push(app_locks,str);
- if (!i)
- OPENSSL_free(str);
- else
- i+=CRYPTO_NUM_LOCKS; /* gap of one :-) */
- return(i);
- }
int CRYPTO_num_locks(void)
{
return CRYPTO_NUM_LOCKS;
}
-int CRYPTO_get_new_dynlockid(void)
- {
- int i = 0;
- CRYPTO_dynlock *pointer = NULL;
-
- if (dynlock_create_callback == NULL)
- {
- CRYPTOerr(CRYPTO_F_CRYPTO_GET_NEW_DYNLOCKID,CRYPTO_R_NO_DYNLOCK_CREATE_CALLBACK);
- return(0);
- }
- CRYPTO_w_lock(CRYPTO_LOCK_DYNLOCK);
- if ((dyn_locks == NULL)
- && ((dyn_locks=sk_CRYPTO_dynlock_new_null()) == NULL))
- {
- CRYPTO_w_unlock(CRYPTO_LOCK_DYNLOCK);
- CRYPTOerr(CRYPTO_F_CRYPTO_GET_NEW_DYNLOCKID,ERR_R_MALLOC_FAILURE);
- return(0);
- }
- CRYPTO_w_unlock(CRYPTO_LOCK_DYNLOCK);
-
- pointer = (CRYPTO_dynlock *)OPENSSL_malloc(sizeof(CRYPTO_dynlock));
- if (pointer == NULL)
- {
- CRYPTOerr(CRYPTO_F_CRYPTO_GET_NEW_DYNLOCKID,ERR_R_MALLOC_FAILURE);
- return(0);
- }
- pointer->references = 1;
- pointer->data = dynlock_create_callback(__FILE__,__LINE__);
- if (pointer->data == NULL)
- {
- OPENSSL_free(pointer);
- CRYPTOerr(CRYPTO_F_CRYPTO_GET_NEW_DYNLOCKID,ERR_R_MALLOC_FAILURE);
- return(0);
- }
-
- CRYPTO_w_lock(CRYPTO_LOCK_DYNLOCK);
- /* First, try to find an existing empty slot */
- i=sk_CRYPTO_dynlock_find(dyn_locks,NULL);
- /* If there was none, push, thereby creating a new one */
- if (i == -1)
- /* Since sk_push() returns the number of items on the
- stack, not the location of the pushed item, we need
- to transform the returned number into a position,
- by decreasing it. */
- i=sk_CRYPTO_dynlock_push(dyn_locks,pointer) - 1;
- else
- /* If we found a place with a NULL pointer, put our pointer
- in it. */
- (void)sk_CRYPTO_dynlock_set(dyn_locks,i,pointer);
- CRYPTO_w_unlock(CRYPTO_LOCK_DYNLOCK);
-
- if (i == -1)
- {
- dynlock_destroy_callback(pointer->data,__FILE__,__LINE__);
- OPENSSL_free(pointer);
- }
- else
- i += 1; /* to avoid 0 */
- return -i;
- }
-
-void CRYPTO_destroy_dynlockid(int i)
- {
- CRYPTO_dynlock *pointer = NULL;
- if (i)
- i = -i-1;
- if (dynlock_destroy_callback == NULL)
- return;
-
- CRYPTO_w_lock(CRYPTO_LOCK_DYNLOCK);
-
- if (dyn_locks == NULL || i >= sk_CRYPTO_dynlock_num(dyn_locks))
- {
- CRYPTO_w_unlock(CRYPTO_LOCK_DYNLOCK);
- return;
- }
- pointer = sk_CRYPTO_dynlock_value(dyn_locks, i);
- if (pointer != NULL)
- {
- --pointer->references;
-#ifdef REF_CHECK
- if (pointer->references < 0)
- {
- fprintf(stderr,"CRYPTO_destroy_dynlockid, bad reference count\n");
- abort();
- }
- else
-#endif
- if (pointer->references <= 0)
- {
- (void)sk_CRYPTO_dynlock_set(dyn_locks, i, NULL);
- }
- else
- pointer = NULL;
- }
- CRYPTO_w_unlock(CRYPTO_LOCK_DYNLOCK);
-
- if (pointer)
- {
- dynlock_destroy_callback(pointer->data,__FILE__,__LINE__);
- OPENSSL_free(pointer);
- }
- }
-
-struct CRYPTO_dynlock_value *CRYPTO_get_dynlock_value(int i)
- {
- CRYPTO_dynlock *pointer = NULL;
- if (i)
- i = -i-1;
-
- CRYPTO_w_lock(CRYPTO_LOCK_DYNLOCK);
-
- if (dyn_locks != NULL && i < sk_CRYPTO_dynlock_num(dyn_locks))
- pointer = sk_CRYPTO_dynlock_value(dyn_locks, i);
- if (pointer)
- pointer->references++;
-
- CRYPTO_w_unlock(CRYPTO_LOCK_DYNLOCK);
-
- if (pointer)
- return pointer->data;
- return NULL;
- }
-
-struct CRYPTO_dynlock_value *(*CRYPTO_get_dynlock_create_callback(void))
- (const char *file,int line)
- {
- return(dynlock_create_callback);
- }
-
-void (*CRYPTO_get_dynlock_lock_callback(void))(int mode,
- struct CRYPTO_dynlock_value *l, const char *file,int line)
- {
- return(dynlock_lock_callback);
- }
-
-void (*CRYPTO_get_dynlock_destroy_callback(void))
- (struct CRYPTO_dynlock_value *l, const char *file,int line)
- {
- return(dynlock_destroy_callback);
- }
-
-void CRYPTO_set_dynlock_create_callback(struct CRYPTO_dynlock_value *(*func)
- (const char *file, int line))
- {
- dynlock_create_callback=func;
- }
-
-void CRYPTO_set_dynlock_lock_callback(void (*func)(int mode,
- struct CRYPTO_dynlock_value *l, const char *file, int line))
- {
- dynlock_lock_callback=func;
- }
-
-void CRYPTO_set_dynlock_destroy_callback(void (*func)
- (struct CRYPTO_dynlock_value *l, const char *file, int line))
- {
- dynlock_destroy_callback=func;
- }
-
-
void (*CRYPTO_get_locking_callback(void))(int mode,int type,const char *file,
int line)
{
@@ -445,6 +187,14 @@ unsigned long CRYPTO_thread_id(void)
return(ret);
}
+static void (*do_dynlock_cb)(int mode, int type, const char *file, int line);
+
+void int_CRYPTO_set_do_dynlock_callback(
+ void (*dyn_cb)(int mode, int type, const char *file, int line))
+ {
+ do_dynlock_cb = dyn_cb;
+ }
+
void CRYPTO_lock(int mode, int type, const char *file, int line)
{
#ifdef LOCK_DEBUG
@@ -472,17 +222,8 @@ void CRYPTO_lock(int mode, int type, const char *file, int line)
#endif
if (type < 0)
{
- if (dynlock_lock_callback != NULL)
- {
- struct CRYPTO_dynlock_value *pointer
- = CRYPTO_get_dynlock_value(type);
-
- OPENSSL_assert(pointer != NULL);
-
- dynlock_lock_callback(mode, pointer, file, line);
-
- CRYPTO_destroy_dynlockid(type);
- }
+ if (do_dynlock_cb)
+ do_dynlock_cb(mode, type, file, line);
}
else
if (locking_callback != NULL)
@@ -527,21 +268,9 @@ int CRYPTO_add_lock(int *pointer, int amount, int type, const char *file,
return(ret);
}
-const char *CRYPTO_get_lock_name(int type)
- {
- if (type < 0)
- return("dynamic");
- else if (type < CRYPTO_NUM_LOCKS)
- return(lock_names[type]);
- else if (type-CRYPTO_NUM_LOCKS > sk_num(app_locks))
- return("ERROR");
- else
- return(sk_value(app_locks,type-CRYPTO_NUM_LOCKS));
- }
-
#if defined(__i386) || defined(__i386__) || defined(_M_IX86) || \
defined(__INTEL__) || \
- defined(__x86_64) || defined(__x86_64__) || defined(_M_AMD64)
+ defined(__x86_64) || defined(__x86_64__) || defined(_M_AMD64) || defined(_M_X64)
unsigned long OPENSSL_ia32cap_P=0;
unsigned long *OPENSSL_ia32cap_loc(void) { return &OPENSSL_ia32cap_P; }
@@ -577,6 +306,62 @@ void OPENSSL_cpuid_setup(void) {}
#endif
#if (defined(_WIN32) || defined(__CYGWIN__)) && defined(_WINDLL)
+
+#ifdef OPENSSL_FIPS
+
+#include <tlhelp32.h>
+#if defined(__GNUC__) && __GNUC__>=2
+static int DllInit(void) __attribute__((constructor));
+#elif defined(_MSC_VER)
+static int DllInit(void);
+# ifdef _WIN64
+# pragma section(".CRT$XCU",read)
+ __declspec(allocate(".CRT$XCU"))
+# else
+# pragma data_seg(".CRT$XCU")
+# endif
+ static int (*p)(void) = DllInit;
+# pragma data_seg()
+#endif
+
+static int DllInit(void)
+{
+#if defined(_WIN32_WINNT)
+ union { int(*f)(void); BYTE *p; } t = { DllInit };
+ HANDLE hModuleSnap = INVALID_HANDLE_VALUE;
+ IMAGE_DOS_HEADER *dos_header;
+ IMAGE_NT_HEADERS *nt_headers;
+ MODULEENTRY32 me32 = {sizeof(me32)};
+
+ hModuleSnap = CreateToolhelp32Snapshot(TH32CS_SNAPMODULE,0);
+ if (hModuleSnap != INVALID_HANDLE_VALUE &&
+ Module32First(hModuleSnap,&me32)) do
+ {
+ if (t.p >= me32.modBaseAddr &&
+ t.p < me32.modBaseAddr+me32.modBaseSize)
+ {
+ dos_header=(IMAGE_DOS_HEADER *)me32.modBaseAddr;
+ if (dos_header->e_magic==IMAGE_DOS_SIGNATURE)
+ {
+ nt_headers=(IMAGE_NT_HEADERS *)
+ ((BYTE *)dos_header+dos_header->e_lfanew);
+ if (nt_headers->Signature==IMAGE_NT_SIGNATURE &&
+ me32.modBaseAddr!=(BYTE*)nt_headers->OptionalHeader.ImageBase)
+ OPENSSL_NONPIC_relocated=1;
+ }
+ break;
+ }
+ } while (Module32Next(hModuleSnap,&me32));
+
+ if (hModuleSnap != INVALID_HANDLE_VALUE)
+ CloseHandle(hModuleSnap);
+#endif
+ OPENSSL_cpuid_setup();
+ return 0;
+}
+
+#else
+
#ifdef __CYGWIN__
/* pick DLL_[PROCESS|THREAD]_[ATTACH|DETACH] definitions */
#include <windows.h>
@@ -620,6 +405,8 @@ BOOL WINAPI DllMain(HINSTANCE hinstDLL, DWORD fdwReason,
}
#endif
+#endif
+
#if defined(_WIN32) && !defined(__CYGWIN__)
#include <tchar.h>
diff --git a/lib/libcrypto/crypto-lib.com b/lib/libcrypto/crypto-lib.com
index 8898f30c1f7..db9c882fb08 100644
--- a/lib/libcrypto/crypto-lib.com
+++ b/lib/libcrypto/crypto-lib.com
@@ -83,7 +83,7 @@ $ ENCRYPT_TYPES = "Basic,"+ -
"BUFFER,BIO,STACK,LHASH,RAND,ERR,"+ -
"EVP,EVP_2,ASN1,ASN1_2,PEM,X509,X509V3,"+ -
"CONF,TXT_DB,PKCS7,PKCS12,COMP,OCSP,UI,KRB5,"+ -
- "STORE,CMS,PQUEUE"
+ "STORE,CMS,PQUEUE,JPAKE"
$!
$! Check To Make Sure We Have Valid Command Line Parameters.
$!
@@ -161,7 +161,7 @@ $!
$ APPS_DES = "DES/DES,CBC3_ENC"
$ APPS_PKCS7 = "ENC/ENC;DEC/DEC;SIGN/SIGN;VERIFY/VERIFY,EXAMPLE"
$
-$ LIB_ = "cryptlib,mem,mem_clr,mem_dbg,cversion,ex_data,tmdiff,cpt_err,ebcdic,uid,o_time,o_str,o_dir"
+$ LIB_ = "cryptlib,dyn_lck,mem,mem_clr,mem_dbg,cversion,ex_data,tmdiff,cpt_err,ebcdic,uid,o_time,o_str,o_dir,o_init,fips_err"
$ LIB_MD2 = "md2_dgst,md2_one"
$ LIB_MD4 = "md4_dgst,md4_one"
$ LIB_MD5 = "md5_dgst,md5_one"
@@ -197,9 +197,9 @@ $ LIB_EC = "ec_lib,ecp_smpl,ecp_mont,ecp_nist,ec_cvt,ec_mult,"+ -
"ec2_smpl,ec2_mult"
$ LIB_RSA = "rsa_eay,rsa_gen,rsa_lib,rsa_sign,rsa_saos,rsa_err,"+ -
"rsa_pk1,rsa_ssl,rsa_none,rsa_oaep,rsa_chk,rsa_null,"+ -
- "rsa_pss,rsa_x931,rsa_asn1,rsa_depr"
+ "rsa_pss,rsa_x931,rsa_x931g,rsa_asn1,rsa_depr,rsa_eng"
$ LIB_DSA = "dsa_gen,dsa_key,dsa_lib,dsa_asn1,dsa_vrf,dsa_sign,"+ -
- "dsa_err,dsa_ossl,dsa_depr"
+ "dsa_err,dsa_ossl,dsa_depr,dsa_utl"
$ LIB_ECDSA = "ecs_lib,ecs_asn1,ecs_ossl,ecs_sign,ecs_vrf,ecs_err"
$ LIB_DH = "dh_asn1,dh_gen,dh_key,dh_lib,dh_check,dh_err,dh_depr"
$ LIB_ECDH = "ech_lib,ech_ossl,ech_key,ech_err"
@@ -211,8 +211,8 @@ $ LIB_ENGINE = "eng_err,eng_lib,eng_list,eng_init,eng_ctrl,"+ -
"tb_cipher,tb_digest,"+ -
"eng_openssl,eng_dyn,eng_cnf,eng_cryptodev,eng_padlock"
$ LIB_AES = "aes_core,aes_misc,aes_ecb,aes_cbc,aes_cfb,aes_ofb,"+ -
- "aes_ctr,aes_ige,aes_wrap"
-$ LIB_BUFFER = "buffer,buf_err"
+ "aes_ctr,aes_ige"
+$ LIB_BUFFER = "buffer,buf_str,buf_err"
$ LIB_BIO = "bio_lib,bio_cb,bio_err,"+ -
"bss_mem,bss_null,bss_fd,"+ -
"bss_file,bss_sock,bss_conn,"+ -
@@ -224,18 +224,19 @@ $ LIB_STACK = "stack"
$ LIB_LHASH = "lhash,lh_stats"
$ LIB_RAND = "md_rand,randfile,rand_lib,rand_err,rand_egd,"+ -
"rand_vms"
-$ LIB_ERR = "err,err_all,err_prn"
+$ LIB_ERR = "err,err_def,err_all,err_prn,err_str,err_bio"
$ LIB_OBJECTS = "o_names,obj_dat,obj_lib,obj_err"
-$ LIB_EVP = "encode,digest,evp_enc,evp_key,evp_acnf,"+ -
- "e_des,e_bf,e_idea,e_des3,e_camellia,e_seed,"+ -
- "e_rc4,e_aes,names,"+ -
- "e_xcbc_d,e_rc2,e_cast,e_rc5"
+$ LIB_EVP = "encode,digest,dig_eng,evp_enc,evp_key,evp_acnf,evp_cnf,"+ -
+ "e_des,e_bf,e_idea,e_des3,e_camellia,"+ -
+ "e_rc4,e_aes,names,e_seed,"+ -
+ "e_xcbc_d,e_rc2,e_cast,e_rc5,enc_min"
$ LIB_EVP_2 = "m_null,m_md2,m_md4,m_md5,m_sha,m_sha1," + -
"m_dss,m_dss1,m_mdc2,m_ripemd,m_ecdsa,"+ -
"p_open,p_seal,p_sign,p_verify,p_lib,p_enc,p_dec,"+ -
"bio_md,bio_b64,bio_enc,evp_err,e_null,"+ -
"c_all,c_allc,c_alld,evp_lib,bio_ok,"+-
"evp_pkey,evp_pbe,p5_crpt,p5_crpt2"
+$ LIB_EVP_3 = "e_old"
$ LIB_ASN1 = "a_object,a_bitstr,a_utctm,a_gentm,a_time,a_int,a_octet,"+ -
"a_print,a_type,a_set,a_dup,a_d2i_fp,a_i2d_fp,"+ -
"a_enum,a_utf8,a_sign,a_digest,a_verify,a_mbstr,a_strex,"+ -
@@ -245,7 +246,7 @@ $ LIB_ASN1 = "a_object,a_bitstr,a_utctm,a_gentm,a_time,a_int,a_octet,"+ -
$ LIB_ASN1_2 = "t_req,t_x509,t_x509a,t_crl,t_pkey,t_spki,t_bitst,"+ -
"tasn_new,tasn_fre,tasn_enc,tasn_dec,tasn_utl,tasn_typ,"+ -
"f_int,f_string,n_pkey,"+ -
- "f_enum,a_hdr,x_pkey,a_bool,x_exten,asn_mime,"+ -
+ "f_enum,a_hdr,x_pkey,a_bool,x_exten,"+ -
"asn1_gen,asn1_par,asn1_lib,asn1_err,a_meth,a_bytes,a_strnid,"+ -
"evp_asn1,asn_pack,p5_pbe,p5_pbev2,p8_pkey,asn_moid"
$ LIB_PEM = "pem_sign,pem_seal,pem_info,pem_lib,pem_all,pem_err,"+ -
@@ -280,6 +281,7 @@ $ LIB_STORE = "str_err,str_lib,str_meth,str_mem"
$ LIB_CMS = "cms_lib,cms_asn1,cms_att,cms_io,cms_smime,cms_err,"+ -
"cms_sd,cms_dd,cms_cd,cms_env,cms_enc,cms_ess"
$ LIB_PQUEUE = "pqueue"
+$ LIB_JPAKE = "jpake,jpake_err"
$!
$! Setup exceptional compilations
$!
diff --git a/lib/libcrypto/crypto.h b/lib/libcrypto/crypto.h
index fe2c1d64034..0e4fb0723ce 100644
--- a/lib/libcrypto/crypto.h
+++ b/lib/libcrypto/crypto.h
@@ -219,7 +219,13 @@ typedef struct openssl_item_st
#define CRYPTO_LOCK_EC_PRE_COMP 36
#define CRYPTO_LOCK_STORE 37
#define CRYPTO_LOCK_COMP 38
+#ifndef OPENSSL_FIPS
#define CRYPTO_NUM_LOCKS 39
+#else
+#define CRYPTO_LOCK_FIPS 39
+#define CRYPTO_LOCK_FIPS2 40
+#define CRYPTO_NUM_LOCKS 41
+#endif
#define CRYPTO_LOCK 1
#define CRYPTO_UNLOCK 2
@@ -341,14 +347,7 @@ DECLARE_STACK_OF(CRYPTO_EX_DATA_FUNCS)
/* Set standard debugging functions (not done by default
* unless CRYPTO_MDEBUG is defined) */
-#define CRYPTO_malloc_debug_init() do {\
- CRYPTO_set_mem_debug_functions(\
- CRYPTO_dbg_malloc,\
- CRYPTO_dbg_realloc,\
- CRYPTO_dbg_free,\
- CRYPTO_dbg_set_options,\
- CRYPTO_dbg_get_options);\
- } while(0)
+void CRYPTO_malloc_debug_init(void);
int CRYPTO_mem_ctrl(int mode);
int CRYPTO_is_mem_check_on(void);
@@ -363,6 +362,7 @@ int CRYPTO_is_mem_check_on(void);
#define is_MemCheck_on() CRYPTO_is_mem_check_on()
#define OPENSSL_malloc(num) CRYPTO_malloc((int)num,__FILE__,__LINE__)
+#define OPENSSL_strdup(str) CRYPTO_strdup((str),__FILE__,__LINE__)
#define OPENSSL_realloc(addr,num) \
CRYPTO_realloc((char *)addr,(int)num,__FILE__,__LINE__)
#define OPENSSL_realloc_clean(addr,old_num,num) \
@@ -427,6 +427,9 @@ const char *CRYPTO_get_lock_name(int type);
int CRYPTO_add_lock(int *pointer,int amount,int type, const char *file,
int line);
+void int_CRYPTO_set_do_dynlock_callback(
+ void (*do_dynlock_cb)(int mode, int type, const char *file, int line));
+
int CRYPTO_get_new_dynlockid(void);
void CRYPTO_destroy_dynlockid(int i);
struct CRYPTO_dynlock_value *CRYPTO_get_dynlock_value(int i);
@@ -451,6 +454,10 @@ int CRYPTO_set_mem_debug_functions(void (*m)(void *,int,const char *,int,int),
void (*f)(void *,int),
void (*so)(long),
long (*go)(void));
+void CRYPTO_set_mem_info_functions(
+ int (*push_info_fn)(const char *info, const char *file, int line),
+ int (*pop_info_fn)(void),
+ int (*remove_all_info_fn)(void));
void CRYPTO_get_mem_functions(void *(**m)(size_t),void *(**r)(void *, size_t), void (**f)(void *));
void CRYPTO_get_locked_mem_functions(void *(**m)(size_t), void (**f)(void *));
void CRYPTO_get_mem_ex_functions(void *(**m)(size_t,const char *,int),
@@ -467,6 +474,7 @@ void CRYPTO_get_mem_debug_functions(void (**m)(void *,int,const char *,int,int),
void *CRYPTO_malloc_locked(int num, const char *file, int line);
void CRYPTO_free_locked(void *);
void *CRYPTO_malloc(int num, const char *file, int line);
+char *CRYPTO_strdup(const char *str, const char *file, int line);
void CRYPTO_free(void *);
void *CRYPTO_realloc(void *addr,int num, const char *file, int line);
void *CRYPTO_realloc_clean(void *addr,int old_num,int num,const char *file,
@@ -506,6 +514,9 @@ void CRYPTO_dbg_free(void *addr,int before_p);
void CRYPTO_dbg_set_options(long bits);
long CRYPTO_dbg_get_options(void);
+int CRYPTO_dbg_push_info(const char *info, const char *file, int line);
+int CRYPTO_dbg_pop_info(void);
+int CRYPTO_dbg_remove_all_info(void);
#ifndef OPENSSL_NO_FP_API
void CRYPTO_mem_leaks_fp(FILE *);
@@ -523,12 +534,69 @@ unsigned long *OPENSSL_ia32cap_loc(void);
#define OPENSSL_ia32cap (*(OPENSSL_ia32cap_loc()))
int OPENSSL_isservice(void);
+#ifdef OPENSSL_FIPS
+#define FIPS_ERROR_IGNORED(alg) OpenSSLDie(__FILE__, __LINE__, \
+ alg " previous FIPS forbidden algorithm error ignored");
+
+#define FIPS_BAD_ABORT(alg) OpenSSLDie(__FILE__, __LINE__, \
+ #alg " Algorithm forbidden in FIPS mode");
+
+#ifdef OPENSSL_FIPS_STRICT
+#define FIPS_BAD_ALGORITHM(alg) FIPS_BAD_ABORT(alg)
+#else
+#define FIPS_BAD_ALGORITHM(alg) \
+ { \
+ FIPSerr(FIPS_F_HASH_FINAL,FIPS_R_NON_FIPS_METHOD); \
+ ERR_add_error_data(2, "Algorithm=", #alg); \
+ return 0; \
+ }
+#endif
+
+/* Low level digest API blocking macro */
+
+#define FIPS_NON_FIPS_MD_Init(alg) \
+ int alg##_Init(alg##_CTX *c) \
+ { \
+ if (FIPS_mode()) \
+ FIPS_BAD_ALGORITHM(alg) \
+ return private_##alg##_Init(c); \
+ } \
+ int private_##alg##_Init(alg##_CTX *c)
+
+/* For ciphers the API often varies from cipher to cipher and each needs to
+ * be treated as a special case. Variable key length ciphers (Blowfish, RC4,
+ * CAST) however are very similar and can use a blocking macro.
+ */
+
+#define FIPS_NON_FIPS_VCIPHER_Init(alg) \
+ void alg##_set_key(alg##_KEY *key, int len, const unsigned char *data) \
+ { \
+ if (FIPS_mode()) \
+ FIPS_BAD_ABORT(alg) \
+ private_##alg##_set_key(key, len, data); \
+ } \
+ void private_##alg##_set_key(alg##_KEY *key, int len, \
+ const unsigned char *data)
+
+#else
+
+#define FIPS_NON_FIPS_VCIPHER_Init(alg) \
+ void alg##_set_key(alg##_KEY *key, int len, const unsigned char *data)
+
+#define FIPS_NON_FIPS_MD_Init(alg) \
+ int alg##_Init(alg##_CTX *c)
+
+#endif /* def OPENSSL_FIPS */
+
/* BEGIN ERROR CODES */
/* The following lines are auto generated by the script mkerr.pl. Any changes
* made after this point may be overwritten when the script is next run.
*/
void ERR_load_CRYPTO_strings(void);
+#define OPENSSL_HAVE_INIT 1
+void OPENSSL_init(void);
+
/* Error codes for the CRYPTO functions. */
/* Function codes. */
diff --git a/lib/libcrypto/des/des_enc.c b/lib/libcrypto/des/des_enc.c
index 0fe4e0b2adc..22701e06693 100644
--- a/lib/libcrypto/des/des_enc.c
+++ b/lib/libcrypto/des/des_enc.c
@@ -293,6 +293,8 @@ void DES_decrypt3(DES_LONG *data, DES_key_schedule *ks1,
#ifndef DES_DEFAULT_OPTIONS
+#if !defined(OPENSSL_FIPS_DES_ASM)
+
#undef CBC_ENC_C__DONT_UPDATE_IV
#include "ncbc_enc.c" /* DES_ncbc_encrypt */
@@ -408,4 +410,6 @@ void DES_ede3_cbc_encrypt(const unsigned char *input, unsigned char *output,
tin[0]=tin[1]=0;
}
+#endif
+
#endif /* DES_DEFAULT_OPTIONS */
diff --git a/lib/libcrypto/des/ecb_enc.c b/lib/libcrypto/des/ecb_enc.c
index 00d5b91e8ca..75ae6cf8bb6 100644
--- a/lib/libcrypto/des/ecb_enc.c
+++ b/lib/libcrypto/des/ecb_enc.c
@@ -57,54 +57,7 @@
*/
#include "des_locl.h"
-#include "des_ver.h"
#include "spr.h"
-#include <openssl/opensslv.h>
-#include <openssl/bio.h>
-
-OPENSSL_GLOBAL const char libdes_version[]="libdes" OPENSSL_VERSION_PTEXT;
-OPENSSL_GLOBAL const char DES_version[]="DES" OPENSSL_VERSION_PTEXT;
-
-const char *DES_options(void)
- {
- static int init=1;
- static char buf[32];
-
- if (init)
- {
- const char *ptr,*unroll,*risc,*size;
-
-#ifdef DES_PTR
- ptr="ptr";
-#else
- ptr="idx";
-#endif
-#if defined(DES_RISC1) || defined(DES_RISC2)
-#ifdef DES_RISC1
- risc="risc1";
-#endif
-#ifdef DES_RISC2
- risc="risc2";
-#endif
-#else
- risc="cisc";
-#endif
-#ifdef DES_UNROLL
- unroll="16";
-#else
- unroll="4";
-#endif
- if (sizeof(DES_LONG) != sizeof(long))
- size="int";
- else
- size="long";
- BIO_snprintf(buf,sizeof buf,"des(%s,%s,%s,%s)",ptr,risc,unroll,
- size);
- init=0;
- }
- return(buf);
- }
-
void DES_ecb_encrypt(const_DES_cblock *input, DES_cblock *output,
DES_key_schedule *ks, int enc)
diff --git a/lib/libcrypto/des/enc_read.c b/lib/libcrypto/des/enc_read.c
index c70fb686b8b..e7da2ec66b0 100644
--- a/lib/libcrypto/des/enc_read.c
+++ b/lib/libcrypto/des/enc_read.c
@@ -147,7 +147,11 @@ int DES_enc_read(int fd, void *buf, int len, DES_key_schedule *sched,
/* first - get the length */
while (net_num < HDRSIZE)
{
+#ifndef _WIN32
i=read(fd,(void *)&(net[net_num]),HDRSIZE-net_num);
+#else
+ i=_read(fd,(void *)&(net[net_num]),HDRSIZE-net_num);
+#endif
#ifdef EINTR
if ((i == -1) && (errno == EINTR)) continue;
#endif
diff --git a/lib/libcrypto/des/enc_writ.c b/lib/libcrypto/des/enc_writ.c
index af5b8c2349b..c2f032c9a6a 100644
--- a/lib/libcrypto/des/enc_writ.c
+++ b/lib/libcrypto/des/enc_writ.c
@@ -153,7 +153,11 @@ int DES_enc_write(int fd, const void *_buf, int len,
{
/* eay 26/08/92 I was not doing writing from where we
* got up to. */
+#ifndef _WIN32
i=write(fd,(void *)&(outbuf[j]),outnum-j);
+#else
+ i=_write(fd,(void *)&(outbuf[j]),outnum-j);
+#endif
if (i == -1)
{
#ifdef EINTR
diff --git a/lib/libcrypto/des/set_key.c b/lib/libcrypto/des/set_key.c
index a43ef3c8818..c0806d593c1 100644
--- a/lib/libcrypto/des/set_key.c
+++ b/lib/libcrypto/des/set_key.c
@@ -64,6 +64,10 @@
* 1.0 First working version
*/
#include "des_locl.h"
+#ifdef OPENSSL_FIPS
+#include <openssl/fips.h>
+#endif
+
OPENSSL_IMPLEMENT_GLOBAL(int,DES_check_key); /* defaults to false */
@@ -349,6 +353,10 @@ void DES_set_key_unchecked(const_DES_cblock *key, DES_key_schedule *schedule)
k = &schedule->ks->deslong[0];
in = &(*key)[0];
+#ifdef OPENSSL_FIPS
+ FIPS_selftest_check();
+#endif
+
c2l(in,c);
c2l(in,d);
@@ -405,3 +413,4 @@ void des_fixup_key_parity(des_cblock *key)
des_set_odd_parity(key);
}
*/
+
diff --git a/lib/libcrypto/dh/Makefile b/lib/libcrypto/dh/Makefile
index 950cad9c5ba..d01fa960ebc 100644
--- a/lib/libcrypto/dh/Makefile
+++ b/lib/libcrypto/dh/Makefile
@@ -33,7 +33,7 @@ top:
all: lib
lib: $(LIBOBJ)
- $(AR) $(LIB) $(LIBOBJ)
+ $(ARX) $(LIB) $(LIBOBJ)
$(RANLIB) $(LIB) || echo Never mind.
@touch lib
@@ -129,11 +129,11 @@ dh_lib.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
dh_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
dh_lib.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
dh_lib.o: ../../include/openssl/engine.h ../../include/openssl/err.h
-dh_lib.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-dh_lib.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-dh_lib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-dh_lib.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
-dh_lib.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-dh_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-dh_lib.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-dh_lib.o: ../cryptlib.h dh_lib.c
+dh_lib.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+dh_lib.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+dh_lib.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+dh_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+dh_lib.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+dh_lib.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+dh_lib.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+dh_lib.o: ../../include/openssl/x509_vfy.h ../cryptlib.h dh_lib.c
diff --git a/lib/libcrypto/dh/dh.h b/lib/libcrypto/dh/dh.h
index 0afabc7dd32..0a39742773c 100644
--- a/lib/libcrypto/dh/dh.h
+++ b/lib/libcrypto/dh/dh.h
@@ -77,6 +77,8 @@
# define OPENSSL_DH_MAX_MODULUS_BITS 10000
#endif
+#define OPENSSL_DH_FIPS_MIN_MODULUS_BITS 1024
+
#define DH_FLAG_CACHE_MONT_P 0x01
#define DH_FLAG_NO_EXP_CONSTTIME 0x02 /* new with 0.9.7h; the built-in DH
* implementation now uses constant time
@@ -167,6 +169,11 @@ struct dh_st
const DH_METHOD *DH_OpenSSL(void);
+#ifdef OPENSSL_FIPS
+DH * FIPS_dh_new(void);
+void FIPS_dh_free(DH *dh);
+#endif
+
void DH_set_default_method(const DH_METHOD *meth);
const DH_METHOD *DH_get_default_method(void);
int DH_set_method(DH *dh, const DH_METHOD *meth);
@@ -218,6 +225,9 @@ void ERR_load_DH_strings(void);
#define DH_F_DHPARAMS_PRINT 100
#define DH_F_DHPARAMS_PRINT_FP 101
#define DH_F_DH_BUILTIN_GENPARAMS 106
+#define DH_F_DH_COMPUTE_KEY 107
+#define DH_F_DH_GENERATE_KEY 108
+#define DH_F_DH_GENERATE_PARAMETERS 109
#define DH_F_DH_NEW_METHOD 105
#define DH_F_GENERATE_KEY 103
#define DH_F_GENERATE_PARAMETERS 104
@@ -225,6 +235,7 @@ void ERR_load_DH_strings(void);
/* Reason codes. */
#define DH_R_BAD_GENERATOR 101
#define DH_R_INVALID_PUBKEY 102
+#define DH_R_KEY_SIZE_TOO_SMALL 104
#define DH_R_MODULUS_TOO_LARGE 103
#define DH_R_NO_PRIVATE_VALUE 100
#define DH_R_INVALID_PUBKEY 102
diff --git a/lib/libcrypto/dh/dh_asn1.c b/lib/libcrypto/dh/dh_asn1.c
index 769b5b68c53..76740af2bd1 100644
--- a/lib/libcrypto/dh/dh_asn1.c
+++ b/lib/libcrypto/dh/dh_asn1.c
@@ -1,5 +1,5 @@
/* dh_asn1.c */
-/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project 2000.
*/
/* ====================================================================
diff --git a/lib/libcrypto/dh/dh_check.c b/lib/libcrypto/dh/dh_check.c
index b8469130045..316cb9221df 100644
--- a/lib/libcrypto/dh/dh_check.c
+++ b/lib/libcrypto/dh/dh_check.c
@@ -70,6 +70,8 @@
* should hold.
*/
+#ifndef OPENSSL_FIPS
+
int DH_check(const DH *dh, int *ret)
{
int ok=0;
@@ -140,3 +142,5 @@ err:
if (q != NULL) BN_free(q);
return(ok);
}
+
+#endif
diff --git a/lib/libcrypto/dh/dh_err.c b/lib/libcrypto/dh/dh_err.c
index b2361c73898..b364362fcae 100644
--- a/lib/libcrypto/dh/dh_err.c
+++ b/lib/libcrypto/dh/dh_err.c
@@ -1,6 +1,6 @@
/* crypto/dh/dh_err.c */
/* ====================================================================
- * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved.
+ * Copyright (c) 1999-2007 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -74,6 +74,9 @@ static ERR_STRING_DATA DH_str_functs[]=
{ERR_FUNC(DH_F_DHPARAMS_PRINT), "DHparams_print"},
{ERR_FUNC(DH_F_DHPARAMS_PRINT_FP), "DHparams_print_fp"},
{ERR_FUNC(DH_F_DH_BUILTIN_GENPARAMS), "DH_BUILTIN_GENPARAMS"},
+{ERR_FUNC(DH_F_DH_COMPUTE_KEY), "DH_compute_key"},
+{ERR_FUNC(DH_F_DH_GENERATE_KEY), "DH_generate_key"},
+{ERR_FUNC(DH_F_DH_GENERATE_PARAMETERS), "DH_generate_parameters"},
{ERR_FUNC(DH_F_DH_NEW_METHOD), "DH_new_method"},
{ERR_FUNC(DH_F_GENERATE_KEY), "GENERATE_KEY"},
{ERR_FUNC(DH_F_GENERATE_PARAMETERS), "GENERATE_PARAMETERS"},
@@ -84,6 +87,7 @@ static ERR_STRING_DATA DH_str_reasons[]=
{
{ERR_REASON(DH_R_BAD_GENERATOR) ,"bad generator"},
{ERR_REASON(DH_R_INVALID_PUBKEY) ,"invalid public key"},
+{ERR_REASON(DH_R_KEY_SIZE_TOO_SMALL) ,"key size too small"},
{ERR_REASON(DH_R_MODULUS_TOO_LARGE) ,"modulus too large"},
{ERR_REASON(DH_R_NO_PRIVATE_VALUE) ,"no private value"},
{ERR_REASON(DH_R_INVALID_PUBKEY) ,"invalid public key"},
diff --git a/lib/libcrypto/dh/dh_gen.c b/lib/libcrypto/dh/dh_gen.c
index cfd5b118681..999e1deb409 100644
--- a/lib/libcrypto/dh/dh_gen.c
+++ b/lib/libcrypto/dh/dh_gen.c
@@ -66,6 +66,8 @@
#include <openssl/bn.h>
#include <openssl/dh.h>
+#ifndef OPENSSL_FIPS
+
static int dh_builtin_genparams(DH *ret, int prime_len, int generator, BN_GENCB *cb);
int DH_generate_parameters_ex(DH *ret, int prime_len, int generator, BN_GENCB *cb)
@@ -173,3 +175,5 @@ err:
}
return ok;
}
+
+#endif
diff --git a/lib/libcrypto/dh/dh_key.c b/lib/libcrypto/dh/dh_key.c
index e7db440342f..79dd3318634 100644
--- a/lib/libcrypto/dh/dh_key.c
+++ b/lib/libcrypto/dh/dh_key.c
@@ -62,6 +62,8 @@
#include <openssl/rand.h>
#include <openssl/dh.h>
+#ifndef OPENSSL_FIPS
+
static int generate_key(DH *dh);
static int compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh);
static int dh_bn_mod_exp(const DH *dh, BIGNUM *r,
@@ -261,3 +263,5 @@ static int dh_finish(DH *dh)
BN_MONT_CTX_free(dh->method_mont_p);
return(1);
}
+
+#endif
diff --git a/lib/libcrypto/dsa/Makefile b/lib/libcrypto/dsa/Makefile
index 5493f19e85c..2cc45cdc625 100644
--- a/lib/libcrypto/dsa/Makefile
+++ b/lib/libcrypto/dsa/Makefile
@@ -18,9 +18,9 @@ APPS=
LIB=$(TOP)/libcrypto.a
LIBSRC= dsa_gen.c dsa_key.c dsa_lib.c dsa_asn1.c dsa_vrf.c dsa_sign.c \
- dsa_err.c dsa_ossl.c dsa_depr.c
+ dsa_err.c dsa_ossl.c dsa_depr.c dsa_utl.c
LIBOBJ= dsa_gen.o dsa_key.o dsa_lib.o dsa_asn1.o dsa_vrf.o dsa_sign.o \
- dsa_err.o dsa_ossl.o dsa_depr.o
+ dsa_err.o dsa_ossl.o dsa_depr.o dsa_utl.o
SRC= $(LIBSRC)
@@ -35,7 +35,7 @@ top:
all: lib
lib: $(LIBOBJ)
- $(AR) $(LIB) $(LIBOBJ)
+ $(ARX) $(LIB) $(LIBOBJ)
$(RANLIB) $(LIB) || echo Never mind.
@touch lib
@@ -78,9 +78,10 @@ clean:
dsa_asn1.o: ../../e_os.h ../../include/openssl/asn1.h
dsa_asn1.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
-dsa_asn1.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-dsa_asn1.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
-dsa_asn1.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+dsa_asn1.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+dsa_asn1.o: ../../include/openssl/crypto.h ../../include/openssl/dsa.h
+dsa_asn1.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+dsa_asn1.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
dsa_asn1.o: ../../include/openssl/opensslconf.h
dsa_asn1.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
dsa_asn1.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
@@ -90,8 +91,9 @@ dsa_depr.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
dsa_depr.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
dsa_depr.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
dsa_depr.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-dsa_depr.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-dsa_depr.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+dsa_depr.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+dsa_depr.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+dsa_depr.o: ../../include/openssl/opensslconf.h
dsa_depr.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
dsa_depr.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
dsa_depr.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
@@ -108,12 +110,13 @@ dsa_gen.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
dsa_gen.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
dsa_gen.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
dsa_gen.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-dsa_gen.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-dsa_gen.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-dsa_gen.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-dsa_gen.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
-dsa_gen.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-dsa_gen.o: ../../include/openssl/symhacks.h ../cryptlib.h dsa_gen.c
+dsa_gen.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+dsa_gen.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+dsa_gen.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+dsa_gen.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h
+dsa_gen.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+dsa_gen.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+dsa_gen.o: ../cryptlib.h dsa_gen.c
dsa_key.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
dsa_key.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
dsa_key.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
@@ -129,14 +132,14 @@ dsa_lib.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
dsa_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
dsa_lib.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
dsa_lib.o: ../../include/openssl/engine.h ../../include/openssl/err.h
-dsa_lib.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-dsa_lib.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-dsa_lib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-dsa_lib.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
-dsa_lib.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-dsa_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-dsa_lib.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-dsa_lib.o: ../cryptlib.h dsa_lib.c
+dsa_lib.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+dsa_lib.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+dsa_lib.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+dsa_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+dsa_lib.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+dsa_lib.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+dsa_lib.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+dsa_lib.o: ../../include/openssl/x509_vfy.h ../cryptlib.h dsa_lib.c
dsa_ossl.o: ../../e_os.h ../../include/openssl/asn1.h
dsa_ossl.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
dsa_ossl.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
@@ -151,19 +154,34 @@ dsa_sign.o: ../../e_os.h ../../include/openssl/asn1.h
dsa_sign.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
dsa_sign.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
dsa_sign.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
-dsa_sign.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
-dsa_sign.o: ../../include/openssl/opensslconf.h
+dsa_sign.o: ../../include/openssl/err.h ../../include/openssl/fips.h
+dsa_sign.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
dsa_sign.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
dsa_sign.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
dsa_sign.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
dsa_sign.o: ../cryptlib.h dsa_sign.c
+dsa_utl.o: ../../e_os.h ../../include/openssl/asn1.h
+dsa_utl.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+dsa_utl.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+dsa_utl.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+dsa_utl.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+dsa_utl.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+dsa_utl.o: ../../include/openssl/engine.h ../../include/openssl/err.h
+dsa_utl.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+dsa_utl.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+dsa_utl.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+dsa_utl.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+dsa_utl.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+dsa_utl.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+dsa_utl.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+dsa_utl.o: ../../include/openssl/x509_vfy.h ../cryptlib.h dsa_utl.c
dsa_vrf.o: ../../e_os.h ../../include/openssl/asn1.h
dsa_vrf.o: ../../include/openssl/asn1_mac.h ../../include/openssl/bio.h
dsa_vrf.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
dsa_vrf.o: ../../include/openssl/crypto.h ../../include/openssl/dsa.h
dsa_vrf.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-dsa_vrf.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
-dsa_vrf.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-dsa_vrf.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
-dsa_vrf.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-dsa_vrf.o: ../cryptlib.h dsa_vrf.c
+dsa_vrf.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+dsa_vrf.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+dsa_vrf.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h
+dsa_vrf.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+dsa_vrf.o: ../../include/openssl/symhacks.h ../cryptlib.h dsa_vrf.c
diff --git a/lib/libcrypto/dsa/dsa.h b/lib/libcrypto/dsa/dsa.h
index 3a8fe5b56bb..702c50d6dc8 100644
--- a/lib/libcrypto/dsa/dsa.h
+++ b/lib/libcrypto/dsa/dsa.h
@@ -88,6 +88,8 @@
# define OPENSSL_DSA_MAX_MODULUS_BITS 10000
#endif
+#define OPENSSL_DSA_FIPS_MIN_MODULUS_BITS 1024
+
#define DSA_FLAG_CACHE_MONT_P 0x01
#define DSA_FLAG_NO_EXP_CONSTTIME 0x02 /* new with 0.9.7h; the built-in DSA
* implementation now uses constant time
@@ -97,6 +99,25 @@
* be used for all exponents.
*/
+/* If this flag is set the DSA method is FIPS compliant and can be used
+ * in FIPS mode. This is set in the validated module method. If an
+ * application sets this flag in its own methods it is its reposibility
+ * to ensure the result is compliant.
+ */
+
+#define DSA_FLAG_FIPS_METHOD 0x0400
+
+/* If this flag is set the operations normally disabled in FIPS mode are
+ * permitted it is then the applications responsibility to ensure that the
+ * usage is compliant.
+ */
+
+#define DSA_FLAG_NON_FIPS_ALLOW 0x0400
+
+#ifdef OPENSSL_FIPS
+#define FIPS_DSA_SIZE_T int
+#endif
+
#ifdef __cplusplus
extern "C" {
#endif
@@ -189,6 +210,11 @@ void DSA_set_default_method(const DSA_METHOD *);
const DSA_METHOD *DSA_get_default_method(void);
int DSA_set_method(DSA *dsa, const DSA_METHOD *);
+#ifdef OPENSSL_FIPS
+DSA * FIPS_dsa_new(void);
+void FIPS_dsa_free (DSA *r);
+#endif
+
DSA * DSA_new(void);
DSA * DSA_new_method(ENGINE *engine);
void DSA_free (DSA *r);
@@ -249,6 +275,11 @@ int DSA_print_fp(FILE *bp, const DSA *x, int off);
DH *DSA_dup_DH(const DSA *r);
#endif
+#ifdef OPENSSL_FIPS
+int FIPS_dsa_sig_encode(unsigned char *out, DSA_SIG *sig);
+int FIPS_dsa_sig_decode(DSA_SIG *sig, const unsigned char *in, int inlen);
+#endif
+
/* BEGIN ERROR CODES */
/* The following lines are auto generated by the script mkerr.pl. Any changes
* made after this point may be overwritten when the script is next run.
@@ -261,11 +292,16 @@ void ERR_load_DSA_strings(void);
#define DSA_F_D2I_DSA_SIG 110
#define DSA_F_DSAPARAMS_PRINT 100
#define DSA_F_DSAPARAMS_PRINT_FP 101
+#define DSA_F_DSA_BUILTIN_KEYGEN 119
+#define DSA_F_DSA_BUILTIN_PARAMGEN 118
#define DSA_F_DSA_DO_SIGN 112
#define DSA_F_DSA_DO_VERIFY 113
+#define DSA_F_DSA_GENERATE_PARAMETERS 117
#define DSA_F_DSA_NEW_METHOD 103
#define DSA_F_DSA_PRINT 104
#define DSA_F_DSA_PRINT_FP 105
+#define DSA_F_DSA_SET_DEFAULT_METHOD 115
+#define DSA_F_DSA_SET_METHOD 116
#define DSA_F_DSA_SIGN 106
#define DSA_F_DSA_SIGN_SETUP 107
#define DSA_F_DSA_SIG_NEW 109
@@ -276,8 +312,11 @@ void ERR_load_DSA_strings(void);
/* Reason codes. */
#define DSA_R_BAD_Q_VALUE 102
#define DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE 100
+#define DSA_R_KEY_SIZE_TOO_SMALL 106
#define DSA_R_MISSING_PARAMETERS 101
#define DSA_R_MODULUS_TOO_LARGE 103
+#define DSA_R_NON_FIPS_METHOD 104
+#define DSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE 105
#ifdef __cplusplus
}
diff --git a/lib/libcrypto/dsa/dsa_asn1.c b/lib/libcrypto/dsa/dsa_asn1.c
index 23fce555aa4..0645facb4bf 100644
--- a/lib/libcrypto/dsa/dsa_asn1.c
+++ b/lib/libcrypto/dsa/dsa_asn1.c
@@ -1,5 +1,5 @@
/* dsa_asn1.c */
-/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project 2000.
*/
/* ====================================================================
@@ -61,6 +61,11 @@
#include <openssl/dsa.h>
#include <openssl/asn1.h>
#include <openssl/asn1t.h>
+#include <openssl/bn.h>
+#ifdef OPENSSL_FIPS
+#include <openssl/fips.h>
+#endif
+
/* Override the default new methods */
static int sig_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it)
@@ -83,7 +88,7 @@ ASN1_SEQUENCE_cb(DSA_SIG, sig_cb) = {
ASN1_SIMPLE(DSA_SIG, s, CBIGNUM)
} ASN1_SEQUENCE_END_cb(DSA_SIG, DSA_SIG)
-IMPLEMENT_ASN1_FUNCTIONS_const(DSA_SIG)
+IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(DSA_SIG,DSA_SIG,DSA_SIG)
/* Override the default free and new methods */
static int dsa_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it)
@@ -138,3 +143,76 @@ ASN1_CHOICE_cb(DSAPublicKey, dsa_cb) = {
} ASN1_CHOICE_END_cb(DSA, DSAPublicKey, write_params)
IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(DSA, DSAPublicKey, DSAPublicKey)
+
+int DSA_sign(int type, const unsigned char *dgst, int dlen, unsigned char *sig,
+ unsigned int *siglen, DSA *dsa)
+ {
+ DSA_SIG *s;
+#ifdef OPENSSL_FIPS
+ if(FIPS_mode() && !(dsa->flags & DSA_FLAG_NON_FIPS_ALLOW))
+ {
+ DSAerr(DSA_F_DSA_SIGN, DSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE);
+ return 0;
+ }
+#endif
+ s=DSA_do_sign(dgst,dlen,dsa);
+ if (s == NULL)
+ {
+ *siglen=0;
+ return(0);
+ }
+ *siglen=i2d_DSA_SIG(s,&sig);
+ DSA_SIG_free(s);
+ return(1);
+ }
+
+int DSA_size(const DSA *r)
+ {
+ int ret,i;
+ ASN1_INTEGER bs;
+ unsigned char buf[4]; /* 4 bytes looks really small.
+ However, i2d_ASN1_INTEGER() will not look
+ beyond the first byte, as long as the second
+ parameter is NULL. */
+
+ i=BN_num_bits(r->q);
+ bs.length=(i+7)/8;
+ bs.data=buf;
+ bs.type=V_ASN1_INTEGER;
+ /* If the top bit is set the asn1 encoding is 1 larger. */
+ buf[0]=0xff;
+
+ i=i2d_ASN1_INTEGER(&bs,NULL);
+ i+=i; /* r and s */
+ ret=ASN1_object_size(1,i,V_ASN1_SEQUENCE);
+ return(ret);
+ }
+
+/* data has already been hashed (probably with SHA or SHA-1). */
+/* returns
+ * 1: correct signature
+ * 0: incorrect signature
+ * -1: error
+ */
+int DSA_verify(int type, const unsigned char *dgst, int dgst_len,
+ const unsigned char *sigbuf, int siglen, DSA *dsa)
+ {
+ DSA_SIG *s;
+ int ret=-1;
+#ifdef OPENSSL_FIPS
+ if(FIPS_mode() && !(dsa->flags & DSA_FLAG_NON_FIPS_ALLOW))
+ {
+ DSAerr(DSA_F_DSA_VERIFY, DSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE);
+ return 0;
+ }
+#endif
+
+ s = DSA_SIG_new();
+ if (s == NULL) return(ret);
+ if (d2i_DSA_SIG(&s,&sigbuf,siglen) == NULL) goto err;
+ ret=DSA_do_verify(dgst,dgst_len,s,dsa);
+err:
+ DSA_SIG_free(s);
+ return(ret);
+ }
+
diff --git a/lib/libcrypto/dsa/dsa_err.c b/lib/libcrypto/dsa/dsa_err.c
index 768711994b9..872839af944 100644
--- a/lib/libcrypto/dsa/dsa_err.c
+++ b/lib/libcrypto/dsa/dsa_err.c
@@ -1,6 +1,6 @@
/* crypto/dsa/dsa_err.c */
/* ====================================================================
- * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved.
+ * Copyright (c) 1999-2007 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -73,11 +73,16 @@ static ERR_STRING_DATA DSA_str_functs[]=
{ERR_FUNC(DSA_F_D2I_DSA_SIG), "d2i_DSA_SIG"},
{ERR_FUNC(DSA_F_DSAPARAMS_PRINT), "DSAparams_print"},
{ERR_FUNC(DSA_F_DSAPARAMS_PRINT_FP), "DSAparams_print_fp"},
+{ERR_FUNC(DSA_F_DSA_BUILTIN_KEYGEN), "DSA_BUILTIN_KEYGEN"},
+{ERR_FUNC(DSA_F_DSA_BUILTIN_PARAMGEN), "DSA_BUILTIN_PARAMGEN"},
{ERR_FUNC(DSA_F_DSA_DO_SIGN), "DSA_do_sign"},
{ERR_FUNC(DSA_F_DSA_DO_VERIFY), "DSA_do_verify"},
+{ERR_FUNC(DSA_F_DSA_GENERATE_PARAMETERS), "DSA_generate_parameters"},
{ERR_FUNC(DSA_F_DSA_NEW_METHOD), "DSA_new_method"},
{ERR_FUNC(DSA_F_DSA_PRINT), "DSA_print"},
{ERR_FUNC(DSA_F_DSA_PRINT_FP), "DSA_print_fp"},
+{ERR_FUNC(DSA_F_DSA_SET_DEFAULT_METHOD), "DSA_set_default_method"},
+{ERR_FUNC(DSA_F_DSA_SET_METHOD), "DSA_set_method"},
{ERR_FUNC(DSA_F_DSA_SIGN), "DSA_sign"},
{ERR_FUNC(DSA_F_DSA_SIGN_SETUP), "DSA_sign_setup"},
{ERR_FUNC(DSA_F_DSA_SIG_NEW), "DSA_SIG_new"},
@@ -91,8 +96,11 @@ static ERR_STRING_DATA DSA_str_reasons[]=
{
{ERR_REASON(DSA_R_BAD_Q_VALUE) ,"bad q value"},
{ERR_REASON(DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE),"data too large for key size"},
+{ERR_REASON(DSA_R_KEY_SIZE_TOO_SMALL) ,"key size too small"},
{ERR_REASON(DSA_R_MISSING_PARAMETERS) ,"missing parameters"},
{ERR_REASON(DSA_R_MODULUS_TOO_LARGE) ,"modulus too large"},
+{ERR_REASON(DSA_R_NON_FIPS_METHOD) ,"non fips method"},
+{ERR_REASON(DSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE),"operation not allowed in fips mode"},
{0,NULL}
};
diff --git a/lib/libcrypto/dsa/dsa_gen.c b/lib/libcrypto/dsa/dsa_gen.c
index ca0b86a6cfc..6f1728e3cf0 100644
--- a/lib/libcrypto/dsa/dsa_gen.c
+++ b/lib/libcrypto/dsa/dsa_gen.c
@@ -82,6 +82,8 @@
#include <openssl/rand.h>
#include <openssl/sha.h>
+#ifndef OPENSSL_FIPS
+
static int dsa_builtin_paramgen(DSA *ret, int bits,
unsigned char *seed_in, int seed_len,
int *counter_ret, unsigned long *h_ret, BN_GENCB *cb);
@@ -320,3 +322,4 @@ err:
return ok;
}
#endif
+#endif
diff --git a/lib/libcrypto/dsa/dsa_key.c b/lib/libcrypto/dsa/dsa_key.c
index c4aa86bc6dc..5e391242301 100644
--- a/lib/libcrypto/dsa/dsa_key.c
+++ b/lib/libcrypto/dsa/dsa_key.c
@@ -64,6 +64,8 @@
#include <openssl/dsa.h>
#include <openssl/rand.h>
+#ifndef OPENSSL_FIPS
+
static int dsa_builtin_keygen(DSA *dsa);
int DSA_generate_key(DSA *dsa)
@@ -126,3 +128,5 @@ err:
return(ok);
}
#endif
+
+#endif
diff --git a/lib/libcrypto/dsa/dsa_lib.c b/lib/libcrypto/dsa/dsa_lib.c
index e9b75902dbc..7ac9dc8c892 100644
--- a/lib/libcrypto/dsa/dsa_lib.c
+++ b/lib/libcrypto/dsa/dsa_lib.c
@@ -76,6 +76,14 @@ static const DSA_METHOD *default_DSA_method = NULL;
void DSA_set_default_method(const DSA_METHOD *meth)
{
+#ifdef OPENSSL_FIPS
+ if (FIPS_mode() && !(meth->flags & DSA_FLAG_FIPS_METHOD))
+ {
+ DSAerr(DSA_F_DSA_SET_DEFAULT_METHOD, DSA_R_NON_FIPS_METHOD);
+ return;
+ }
+#endif
+
default_DSA_method = meth;
}
@@ -96,6 +104,13 @@ int DSA_set_method(DSA *dsa, const DSA_METHOD *meth)
/* NB: The caller is specifically setting a method, so it's not up to us
* to deal with which ENGINE it comes from. */
const DSA_METHOD *mtmp;
+#ifdef OPENSSL_FIPS
+ if (FIPS_mode() && !(meth->flags & DSA_FLAG_FIPS_METHOD))
+ {
+ DSAerr(DSA_F_DSA_SET_METHOD, DSA_R_NON_FIPS_METHOD);
+ return 0;
+ }
+#endif
mtmp = dsa->meth;
if (mtmp->finish) mtmp->finish(dsa);
#ifndef OPENSSL_NO_ENGINE
@@ -147,6 +162,18 @@ DSA *DSA_new_method(ENGINE *engine)
}
}
#endif
+#ifdef OPENSSL_FIPS
+ if (FIPS_mode() && !(ret->meth->flags & DSA_FLAG_FIPS_METHOD))
+ {
+ DSAerr(DSA_F_DSA_NEW_METHOD, DSA_R_NON_FIPS_METHOD);
+#ifndef OPENSSL_NO_ENGINE
+ if (ret->engine)
+ ENGINE_finish(ret->engine);
+#endif
+ OPENSSL_free(ret);
+ return NULL;
+ }
+#endif
ret->pad=0;
ret->version=0;
@@ -233,28 +260,6 @@ int DSA_up_ref(DSA *r)
return ((i > 1) ? 1 : 0);
}
-int DSA_size(const DSA *r)
- {
- int ret,i;
- ASN1_INTEGER bs;
- unsigned char buf[4]; /* 4 bytes looks really small.
- However, i2d_ASN1_INTEGER() will not look
- beyond the first byte, as long as the second
- parameter is NULL. */
-
- i=BN_num_bits(r->q);
- bs.length=(i+7)/8;
- bs.data=buf;
- bs.type=V_ASN1_INTEGER;
- /* If the top bit is set the asn1 encoding is 1 larger. */
- buf[0]=0xff;
-
- i=i2d_ASN1_INTEGER(&bs,NULL);
- i+=i; /* r and s */
- ret=ASN1_object_size(1,i,V_ASN1_SEQUENCE);
- return(ret);
- }
-
int DSA_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func)
{
diff --git a/lib/libcrypto/dsa/dsa_ossl.c b/lib/libcrypto/dsa/dsa_ossl.c
index 75ff7cc4afa..412cf1d88b6 100644
--- a/lib/libcrypto/dsa/dsa_ossl.c
+++ b/lib/libcrypto/dsa/dsa_ossl.c
@@ -65,6 +65,8 @@
#include <openssl/rand.h>
#include <openssl/asn1.h>
+#ifndef OPENSSL_FIPS
+
static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa);
static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp);
static int dsa_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig,
@@ -391,3 +393,4 @@ static int dsa_finish(DSA *dsa)
return(1);
}
+#endif
diff --git a/lib/libcrypto/dsa/dsa_sign.c b/lib/libcrypto/dsa/dsa_sign.c
index 89205026f01..4cfbbe57a80 100644
--- a/lib/libcrypto/dsa/dsa_sign.c
+++ b/lib/libcrypto/dsa/dsa_sign.c
@@ -64,29 +64,32 @@
#include <openssl/dsa.h>
#include <openssl/rand.h>
#include <openssl/asn1.h>
+#ifdef OPENSSL_FIPS
+#include <openssl/fips.h>
+#endif
-DSA_SIG * DSA_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
- {
- return dsa->meth->dsa_do_sign(dgst, dlen, dsa);
- }
-int DSA_sign(int type, const unsigned char *dgst, int dlen, unsigned char *sig,
- unsigned int *siglen, DSA *dsa)
+DSA_SIG * DSA_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
{
- DSA_SIG *s;
- s=DSA_do_sign(dgst,dlen,dsa);
- if (s == NULL)
+#ifdef OPENSSL_FIPS
+ if(FIPS_mode() && !(dsa->flags & DSA_FLAG_NON_FIPS_ALLOW))
{
- *siglen=0;
- return(0);
+ DSAerr(DSA_F_DSA_DO_SIGN, DSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE);
+ return NULL;
}
- *siglen=i2d_DSA_SIG(s,&sig);
- DSA_SIG_free(s);
- return(1);
+#endif
+ return dsa->meth->dsa_do_sign(dgst, dlen, dsa);
}
int DSA_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp)
{
+#ifdef OPENSSL_FIPS
+ if(FIPS_mode() && !(dsa->flags & DSA_FLAG_NON_FIPS_ALLOW))
+ {
+ DSAerr(DSA_F_DSA_SIGN_SETUP, DSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE);
+ return 0;
+ }
+#endif
return dsa->meth->dsa_sign_setup(dsa, ctx_in, kinvp, rp);
}
diff --git a/lib/libcrypto/dsa/dsa_vrf.c b/lib/libcrypto/dsa/dsa_vrf.c
index c4aeddd0560..c75e423048a 100644
--- a/lib/libcrypto/dsa/dsa_vrf.c
+++ b/lib/libcrypto/dsa/dsa_vrf.c
@@ -64,31 +64,21 @@
#include <openssl/dsa.h>
#include <openssl/rand.h>
#include <openssl/asn1.h>
+#ifdef OPENSSL_FIPS
+#include <openssl/fips.h>
+#endif
+
#include <openssl/asn1_mac.h>
int DSA_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig,
DSA *dsa)
{
+#ifdef OPENSSL_FIPS
+ if(FIPS_mode() && !(dsa->flags & DSA_FLAG_NON_FIPS_ALLOW))
+ {
+ DSAerr(DSA_F_DSA_DO_VERIFY, DSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE);
+ return 0;
+ }
+#endif
return dsa->meth->dsa_do_verify(dgst, dgst_len, sig, dsa);
}
-
-/* data has already been hashed (probably with SHA or SHA-1). */
-/* returns
- * 1: correct signature
- * 0: incorrect signature
- * -1: error
- */
-int DSA_verify(int type, const unsigned char *dgst, int dgst_len,
- const unsigned char *sigbuf, int siglen, DSA *dsa)
- {
- DSA_SIG *s;
- int ret=-1;
-
- s = DSA_SIG_new();
- if (s == NULL) return(ret);
- if (d2i_DSA_SIG(&s,&sigbuf,siglen) == NULL) goto err;
- ret=DSA_do_verify(dgst,dgst_len,s,dsa);
-err:
- DSA_SIG_free(s);
- return(ret);
- }
diff --git a/lib/libcrypto/ecdh/Makefile b/lib/libcrypto/ecdh/Makefile
index 65d8904ee8a..7a7b618eeb8 100644
--- a/lib/libcrypto/ecdh/Makefile
+++ b/lib/libcrypto/ecdh/Makefile
@@ -34,7 +34,7 @@ top:
all: lib
lib: $(LIBOBJ)
- $(AR) $(LIB) $(LIBOBJ)
+ $(ARX) $(LIB) $(LIBOBJ)
$(RANLIB) $(LIB) || echo Never mind.
@touch lib
@@ -88,26 +88,27 @@ ech_key.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
ech_key.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
ech_key.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
ech_key.o: ../../include/openssl/engine.h ../../include/openssl/evp.h
-ech_key.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-ech_key.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-ech_key.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-ech_key.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
-ech_key.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-ech_key.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-ech_key.o: ../../include/openssl/x509_vfy.h ech_key.c ech_locl.h
+ech_key.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+ech_key.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+ech_key.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+ech_key.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+ech_key.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+ech_key.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+ech_key.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+ech_key.o: ech_key.c ech_locl.h
ech_lib.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
ech_lib.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
ech_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
ech_lib.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
ech_lib.o: ../../include/openssl/engine.h ../../include/openssl/err.h
-ech_lib.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-ech_lib.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-ech_lib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-ech_lib.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
-ech_lib.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-ech_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-ech_lib.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-ech_lib.o: ech_lib.c ech_locl.h
+ech_lib.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+ech_lib.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+ech_lib.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+ech_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+ech_lib.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+ech_lib.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+ech_lib.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+ech_lib.o: ../../include/openssl/x509_vfy.h ech_lib.c ech_locl.h
ech_ossl.o: ../../e_os.h ../../include/openssl/asn1.h
ech_ossl.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
ech_ossl.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
diff --git a/lib/libcrypto/ecdsa/Makefile b/lib/libcrypto/ecdsa/Makefile
index 9b48d5641f0..4865f3c8d60 100644
--- a/lib/libcrypto/ecdsa/Makefile
+++ b/lib/libcrypto/ecdsa/Makefile
@@ -34,7 +34,7 @@ top:
all: lib
lib: $(LIBOBJ)
- $(AR) $(LIB) $(LIBOBJ)
+ $(ARX) $(LIB) $(LIBOBJ)
$(RANLIB) $(LIB) || echo Never mind.
@touch lib
@@ -97,13 +97,14 @@ ecs_lib.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
ecs_lib.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
ecs_lib.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h
ecs_lib.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-ecs_lib.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-ecs_lib.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-ecs_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-ecs_lib.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
-ecs_lib.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-ecs_lib.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-ecs_lib.o: ../../include/openssl/x509_vfy.h ecs_lib.c ecs_locl.h
+ecs_lib.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+ecs_lib.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+ecs_lib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+ecs_lib.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+ecs_lib.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+ecs_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+ecs_lib.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+ecs_lib.o: ecs_lib.c ecs_locl.h
ecs_ossl.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
ecs_ossl.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h
ecs_ossl.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
@@ -118,8 +119,9 @@ ecs_sign.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
ecs_sign.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
ecs_sign.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
ecs_sign.o: ../../include/openssl/engine.h ../../include/openssl/evp.h
-ecs_sign.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-ecs_sign.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+ecs_sign.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+ecs_sign.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+ecs_sign.o: ../../include/openssl/opensslconf.h
ecs_sign.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
ecs_sign.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
ecs_sign.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
@@ -130,10 +132,11 @@ ecs_vrf.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
ecs_vrf.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
ecs_vrf.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
ecs_vrf.o: ../../include/openssl/engine.h ../../include/openssl/evp.h
-ecs_vrf.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-ecs_vrf.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-ecs_vrf.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-ecs_vrf.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
-ecs_vrf.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-ecs_vrf.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-ecs_vrf.o: ../../include/openssl/x509_vfy.h ecs_locl.h ecs_vrf.c
+ecs_vrf.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+ecs_vrf.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+ecs_vrf.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+ecs_vrf.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+ecs_vrf.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+ecs_vrf.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+ecs_vrf.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+ecs_vrf.o: ecs_locl.h ecs_vrf.c
diff --git a/lib/libcrypto/engine/Makefile b/lib/libcrypto/engine/Makefile
index 47cc619b8ab..0cc37220896 100644
--- a/lib/libcrypto/engine/Makefile
+++ b/lib/libcrypto/engine/Makefile
@@ -41,7 +41,7 @@ top:
all: lib
lib: $(LIBOBJ)
- $(AR) $(LIB) $(LIBOBJ)
+ $(ARX) $(LIB) $(LIBOBJ)
$(RANLIB) $(LIB) || echo Never mind.
@touch lib
@@ -88,34 +88,35 @@ eng_all.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
eng_all.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
eng_all.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h
eng_all.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-eng_all.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-eng_all.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-eng_all.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-eng_all.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
-eng_all.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-eng_all.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-eng_all.o: ../../include/openssl/x509_vfy.h ../cryptlib.h eng_all.c eng_int.h
+eng_all.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+eng_all.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+eng_all.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+eng_all.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+eng_all.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+eng_all.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+eng_all.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+eng_all.o: ../cryptlib.h eng_all.c eng_int.h
eng_cnf.o: ../../e_os.h ../../include/openssl/asn1.h
eng_cnf.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
eng_cnf.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
eng_cnf.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
eng_cnf.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
eng_cnf.o: ../../include/openssl/engine.h ../../include/openssl/err.h
-eng_cnf.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-eng_cnf.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-eng_cnf.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-eng_cnf.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
-eng_cnf.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-eng_cnf.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-eng_cnf.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-eng_cnf.o: ../cryptlib.h eng_cnf.c eng_int.h
+eng_cnf.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+eng_cnf.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+eng_cnf.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+eng_cnf.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+eng_cnf.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+eng_cnf.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+eng_cnf.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+eng_cnf.o: ../../include/openssl/x509_vfy.h ../cryptlib.h eng_cnf.c eng_int.h
eng_cryptodev.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
eng_cryptodev.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
eng_cryptodev.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
eng_cryptodev.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
eng_cryptodev.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h
-eng_cryptodev.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-eng_cryptodev.o: ../../include/openssl/obj_mac.h
+eng_cryptodev.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+eng_cryptodev.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
eng_cryptodev.o: ../../include/openssl/objects.h
eng_cryptodev.o: ../../include/openssl/opensslconf.h
eng_cryptodev.o: ../../include/openssl/opensslv.h
@@ -130,8 +131,9 @@ eng_ctrl.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
eng_ctrl.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
eng_ctrl.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h
eng_ctrl.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-eng_ctrl.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-eng_ctrl.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+eng_ctrl.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+eng_ctrl.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+eng_ctrl.o: ../../include/openssl/opensslconf.h
eng_ctrl.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
eng_ctrl.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
eng_ctrl.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
@@ -143,49 +145,50 @@ eng_dyn.o: ../../include/openssl/crypto.h ../../include/openssl/dso.h
eng_dyn.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
eng_dyn.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
eng_dyn.o: ../../include/openssl/engine.h ../../include/openssl/err.h
-eng_dyn.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-eng_dyn.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-eng_dyn.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-eng_dyn.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
-eng_dyn.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-eng_dyn.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-eng_dyn.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-eng_dyn.o: ../cryptlib.h eng_dyn.c eng_int.h
+eng_dyn.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+eng_dyn.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+eng_dyn.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+eng_dyn.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+eng_dyn.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+eng_dyn.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+eng_dyn.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+eng_dyn.o: ../../include/openssl/x509_vfy.h ../cryptlib.h eng_dyn.c eng_int.h
eng_err.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
eng_err.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
eng_err.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
eng_err.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
eng_err.o: ../../include/openssl/engine.h ../../include/openssl/err.h
-eng_err.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-eng_err.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-eng_err.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-eng_err.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
-eng_err.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-eng_err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-eng_err.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-eng_err.o: eng_err.c
+eng_err.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+eng_err.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+eng_err.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+eng_err.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+eng_err.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+eng_err.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+eng_err.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+eng_err.o: ../../include/openssl/x509_vfy.h eng_err.c
eng_fat.o: ../../e_os.h ../../include/openssl/asn1.h
eng_fat.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
eng_fat.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
eng_fat.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
eng_fat.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
eng_fat.o: ../../include/openssl/engine.h ../../include/openssl/err.h
-eng_fat.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-eng_fat.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-eng_fat.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-eng_fat.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
-eng_fat.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-eng_fat.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-eng_fat.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-eng_fat.o: ../cryptlib.h eng_fat.c eng_int.h
+eng_fat.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+eng_fat.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+eng_fat.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+eng_fat.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+eng_fat.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+eng_fat.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+eng_fat.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+eng_fat.o: ../../include/openssl/x509_vfy.h ../cryptlib.h eng_fat.c eng_int.h
eng_init.o: ../../e_os.h ../../include/openssl/asn1.h
eng_init.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
eng_init.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
eng_init.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
eng_init.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h
eng_init.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-eng_init.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-eng_init.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+eng_init.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+eng_init.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+eng_init.o: ../../include/openssl/opensslconf.h
eng_init.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
eng_init.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
eng_init.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
@@ -197,22 +200,23 @@ eng_lib.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
eng_lib.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
eng_lib.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h
eng_lib.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-eng_lib.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-eng_lib.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-eng_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-eng_lib.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
-eng_lib.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-eng_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-eng_lib.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-eng_lib.o: ../cryptlib.h eng_int.h eng_lib.c
+eng_lib.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+eng_lib.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+eng_lib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+eng_lib.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+eng_lib.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
+eng_lib.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+eng_lib.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+eng_lib.o: ../../include/openssl/x509_vfy.h ../cryptlib.h eng_int.h eng_lib.c
eng_list.o: ../../e_os.h ../../include/openssl/asn1.h
eng_list.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
eng_list.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
eng_list.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
eng_list.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h
eng_list.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-eng_list.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-eng_list.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+eng_list.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+eng_list.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+eng_list.o: ../../include/openssl/opensslconf.h
eng_list.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
eng_list.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
eng_list.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
@@ -225,8 +229,9 @@ eng_openssl.o: ../../include/openssl/dsa.h ../../include/openssl/dso.h
eng_openssl.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
eng_openssl.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
eng_openssl.o: ../../include/openssl/engine.h ../../include/openssl/err.h
-eng_openssl.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-eng_openssl.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+eng_openssl.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+eng_openssl.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+eng_openssl.o: ../../include/openssl/objects.h
eng_openssl.o: ../../include/openssl/opensslconf.h
eng_openssl.o: ../../include/openssl/opensslv.h
eng_openssl.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pem.h
@@ -242,8 +247,9 @@ eng_padlock.o: ../../include/openssl/crypto.h ../../include/openssl/dso.h
eng_padlock.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
eng_padlock.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
eng_padlock.o: ../../include/openssl/engine.h ../../include/openssl/err.h
-eng_padlock.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-eng_padlock.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+eng_padlock.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+eng_padlock.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+eng_padlock.o: ../../include/openssl/objects.h
eng_padlock.o: ../../include/openssl/opensslconf.h
eng_padlock.o: ../../include/openssl/opensslv.h
eng_padlock.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
@@ -257,8 +263,9 @@ eng_pkey.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
eng_pkey.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
eng_pkey.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h
eng_pkey.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-eng_pkey.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-eng_pkey.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+eng_pkey.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+eng_pkey.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+eng_pkey.o: ../../include/openssl/opensslconf.h
eng_pkey.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
eng_pkey.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
eng_pkey.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
@@ -270,8 +277,8 @@ eng_table.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
eng_table.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
eng_table.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h
eng_table.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-eng_table.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-eng_table.o: ../../include/openssl/objects.h
+eng_table.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+eng_table.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
eng_table.o: ../../include/openssl/opensslconf.h
eng_table.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
eng_table.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
@@ -285,8 +292,8 @@ tb_cipher.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
tb_cipher.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
tb_cipher.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h
tb_cipher.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-tb_cipher.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-tb_cipher.o: ../../include/openssl/objects.h
+tb_cipher.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+tb_cipher.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
tb_cipher.o: ../../include/openssl/opensslconf.h
tb_cipher.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
tb_cipher.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
@@ -299,22 +306,22 @@ tb_dh.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
tb_dh.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
tb_dh.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
tb_dh.o: ../../include/openssl/engine.h ../../include/openssl/err.h
-tb_dh.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-tb_dh.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-tb_dh.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-tb_dh.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
-tb_dh.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-tb_dh.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-tb_dh.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-tb_dh.o: ../cryptlib.h eng_int.h tb_dh.c
+tb_dh.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+tb_dh.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+tb_dh.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+tb_dh.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+tb_dh.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+tb_dh.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+tb_dh.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+tb_dh.o: ../../include/openssl/x509_vfy.h ../cryptlib.h eng_int.h tb_dh.c
tb_digest.o: ../../e_os.h ../../include/openssl/asn1.h
tb_digest.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
tb_digest.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
tb_digest.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
tb_digest.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h
tb_digest.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-tb_digest.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-tb_digest.o: ../../include/openssl/objects.h
+tb_digest.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+tb_digest.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
tb_digest.o: ../../include/openssl/opensslconf.h
tb_digest.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
tb_digest.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
@@ -327,35 +334,37 @@ tb_dsa.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
tb_dsa.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
tb_dsa.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
tb_dsa.o: ../../include/openssl/engine.h ../../include/openssl/err.h
-tb_dsa.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-tb_dsa.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-tb_dsa.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-tb_dsa.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
-tb_dsa.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-tb_dsa.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-tb_dsa.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-tb_dsa.o: ../cryptlib.h eng_int.h tb_dsa.c
+tb_dsa.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+tb_dsa.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+tb_dsa.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+tb_dsa.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+tb_dsa.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+tb_dsa.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+tb_dsa.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+tb_dsa.o: ../../include/openssl/x509_vfy.h ../cryptlib.h eng_int.h tb_dsa.c
tb_ecdh.o: ../../e_os.h ../../include/openssl/asn1.h
tb_ecdh.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
tb_ecdh.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
tb_ecdh.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
tb_ecdh.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h
tb_ecdh.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-tb_ecdh.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-tb_ecdh.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-tb_ecdh.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-tb_ecdh.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
-tb_ecdh.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-tb_ecdh.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-tb_ecdh.o: ../../include/openssl/x509_vfy.h ../cryptlib.h eng_int.h tb_ecdh.c
+tb_ecdh.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+tb_ecdh.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+tb_ecdh.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+tb_ecdh.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+tb_ecdh.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+tb_ecdh.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+tb_ecdh.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+tb_ecdh.o: ../cryptlib.h eng_int.h tb_ecdh.c
tb_ecdsa.o: ../../e_os.h ../../include/openssl/asn1.h
tb_ecdsa.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
tb_ecdsa.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
tb_ecdsa.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
tb_ecdsa.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h
tb_ecdsa.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-tb_ecdsa.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-tb_ecdsa.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+tb_ecdsa.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+tb_ecdsa.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+tb_ecdsa.o: ../../include/openssl/opensslconf.h
tb_ecdsa.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
tb_ecdsa.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
tb_ecdsa.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
@@ -367,34 +376,36 @@ tb_rand.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
tb_rand.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
tb_rand.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h
tb_rand.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-tb_rand.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-tb_rand.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-tb_rand.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-tb_rand.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
-tb_rand.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-tb_rand.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-tb_rand.o: ../../include/openssl/x509_vfy.h ../cryptlib.h eng_int.h tb_rand.c
+tb_rand.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+tb_rand.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+tb_rand.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+tb_rand.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+tb_rand.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+tb_rand.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+tb_rand.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+tb_rand.o: ../cryptlib.h eng_int.h tb_rand.c
tb_rsa.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
tb_rsa.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
tb_rsa.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
tb_rsa.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
tb_rsa.o: ../../include/openssl/engine.h ../../include/openssl/err.h
-tb_rsa.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-tb_rsa.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-tb_rsa.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-tb_rsa.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
-tb_rsa.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-tb_rsa.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-tb_rsa.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-tb_rsa.o: ../cryptlib.h eng_int.h tb_rsa.c
+tb_rsa.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+tb_rsa.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+tb_rsa.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+tb_rsa.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+tb_rsa.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+tb_rsa.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+tb_rsa.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+tb_rsa.o: ../../include/openssl/x509_vfy.h ../cryptlib.h eng_int.h tb_rsa.c
tb_store.o: ../../e_os.h ../../include/openssl/asn1.h
tb_store.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
tb_store.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
tb_store.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
tb_store.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h
tb_store.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-tb_store.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-tb_store.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+tb_store.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+tb_store.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+tb_store.o: ../../include/openssl/opensslconf.h
tb_store.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
tb_store.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
tb_store.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
diff --git a/lib/libcrypto/engine/eng_cnf.c b/lib/libcrypto/engine/eng_cnf.c
index 8417ddaaef8..08066cea592 100644
--- a/lib/libcrypto/engine/eng_cnf.c
+++ b/lib/libcrypto/engine/eng_cnf.c
@@ -1,5 +1,5 @@
/* eng_cnf.c */
-/* Written by Stephen Henson (shenson@bigfoot.com) for the OpenSSL
+/* Written by Stephen Henson (steve@openssl.org) for the OpenSSL
* project 2001.
*/
/* ====================================================================
@@ -98,7 +98,7 @@ static int int_engine_configure(char *name, char *value, const CONF *cnf)
CONF_VALUE *ecmd;
char *ctrlname, *ctrlvalue;
ENGINE *e = NULL;
- int soft = 0;
+ int soft = 0;
name = skip_dot(name);
#ifdef ENGINE_CONF_DEBUG
@@ -127,8 +127,8 @@ static int int_engine_configure(char *name, char *value, const CONF *cnf)
/* Override engine name to use */
if (!strcmp(ctrlname, "engine_id"))
name = ctrlvalue;
- else if (!strcmp(ctrlname, "soft_load"))
- soft = 1;
+ else if (!strcmp(ctrlname, "soft_load"))
+ soft = 1;
/* Load a dynamic ENGINE */
else if (!strcmp(ctrlname, "dynamic_path"))
{
@@ -151,11 +151,11 @@ static int int_engine_configure(char *name, char *value, const CONF *cnf)
if (!e)
{
e = ENGINE_by_id(name);
- if (!e && soft)
- {
- ERR_clear_error();
- return 1;
- }
+ if (!e && soft)
+ {
+ ERR_clear_error();
+ return 1;
+ }
if (!e)
return 0;
}
diff --git a/lib/libcrypto/engine/enginetest.c b/lib/libcrypto/engine/enginetest.c
index cf82f490dbb..e3834611dbd 100644
--- a/lib/libcrypto/engine/enginetest.c
+++ b/lib/libcrypto/engine/enginetest.c
@@ -58,6 +58,7 @@
#include <stdio.h>
#include <string.h>
+#include <openssl/e_os2.h>
#ifdef OPENSSL_NO_ENGINE
int main(int argc, char *argv[])
@@ -66,7 +67,6 @@ int main(int argc, char *argv[])
return(0);
}
#else
-#include <openssl/e_os2.h>
#include <openssl/buffer.h>
#include <openssl/crypto.h>
#include <openssl/engine.h>
diff --git a/lib/libcrypto/err/err.c b/lib/libcrypto/err/err.c
index 7952e70ab0e..292404a2fb9 100644
--- a/lib/libcrypto/err/err.c
+++ b/lib/libcrypto/err/err.c
@@ -119,480 +119,9 @@
#include <openssl/bio.h>
#include <openssl/err.h>
-static void err_load_strings(int lib, ERR_STRING_DATA *str);
-
-static void ERR_STATE_free(ERR_STATE *s);
-#ifndef OPENSSL_NO_ERR
-static ERR_STRING_DATA ERR_str_libraries[]=
- {
-{ERR_PACK(ERR_LIB_NONE,0,0) ,"unknown library"},
-{ERR_PACK(ERR_LIB_SYS,0,0) ,"system library"},
-{ERR_PACK(ERR_LIB_BN,0,0) ,"bignum routines"},
-{ERR_PACK(ERR_LIB_RSA,0,0) ,"rsa routines"},
-{ERR_PACK(ERR_LIB_DH,0,0) ,"Diffie-Hellman routines"},
-{ERR_PACK(ERR_LIB_EVP,0,0) ,"digital envelope routines"},
-{ERR_PACK(ERR_LIB_BUF,0,0) ,"memory buffer routines"},
-{ERR_PACK(ERR_LIB_OBJ,0,0) ,"object identifier routines"},
-{ERR_PACK(ERR_LIB_PEM,0,0) ,"PEM routines"},
-{ERR_PACK(ERR_LIB_DSA,0,0) ,"dsa routines"},
-{ERR_PACK(ERR_LIB_X509,0,0) ,"x509 certificate routines"},
-{ERR_PACK(ERR_LIB_ASN1,0,0) ,"asn1 encoding routines"},
-{ERR_PACK(ERR_LIB_CONF,0,0) ,"configuration file routines"},
-{ERR_PACK(ERR_LIB_CRYPTO,0,0) ,"common libcrypto routines"},
-{ERR_PACK(ERR_LIB_EC,0,0) ,"elliptic curve routines"},
-{ERR_PACK(ERR_LIB_SSL,0,0) ,"SSL routines"},
-{ERR_PACK(ERR_LIB_BIO,0,0) ,"BIO routines"},
-{ERR_PACK(ERR_LIB_PKCS7,0,0) ,"PKCS7 routines"},
-{ERR_PACK(ERR_LIB_X509V3,0,0) ,"X509 V3 routines"},
-{ERR_PACK(ERR_LIB_PKCS12,0,0) ,"PKCS12 routines"},
-{ERR_PACK(ERR_LIB_RAND,0,0) ,"random number generator"},
-{ERR_PACK(ERR_LIB_DSO,0,0) ,"DSO support routines"},
-{ERR_PACK(ERR_LIB_ENGINE,0,0) ,"engine routines"},
-{ERR_PACK(ERR_LIB_OCSP,0,0) ,"OCSP routines"},
-{ERR_PACK(ERR_LIB_FIPS,0,0) ,"FIPS routines"},
-{ERR_PACK(ERR_LIB_CMS,0,0) ,"CMS routines"},
-{0,NULL},
- };
-
-static ERR_STRING_DATA ERR_str_functs[]=
- {
- {ERR_PACK(0,SYS_F_FOPEN,0), "fopen"},
- {ERR_PACK(0,SYS_F_CONNECT,0), "connect"},
- {ERR_PACK(0,SYS_F_GETSERVBYNAME,0), "getservbyname"},
- {ERR_PACK(0,SYS_F_SOCKET,0), "socket"},
- {ERR_PACK(0,SYS_F_IOCTLSOCKET,0), "ioctlsocket"},
- {ERR_PACK(0,SYS_F_BIND,0), "bind"},
- {ERR_PACK(0,SYS_F_LISTEN,0), "listen"},
- {ERR_PACK(0,SYS_F_ACCEPT,0), "accept"},
-#ifdef OPENSSL_SYS_WINDOWS
- {ERR_PACK(0,SYS_F_WSASTARTUP,0), "WSAstartup"},
-#endif
- {ERR_PACK(0,SYS_F_OPENDIR,0), "opendir"},
- {ERR_PACK(0,SYS_F_FREAD,0), "fread"},
- {0,NULL},
- };
-
-static ERR_STRING_DATA ERR_str_reasons[]=
- {
-{ERR_R_SYS_LIB ,"system lib"},
-{ERR_R_BN_LIB ,"BN lib"},
-{ERR_R_RSA_LIB ,"RSA lib"},
-{ERR_R_DH_LIB ,"DH lib"},
-{ERR_R_EVP_LIB ,"EVP lib"},
-{ERR_R_BUF_LIB ,"BUF lib"},
-{ERR_R_OBJ_LIB ,"OBJ lib"},
-{ERR_R_PEM_LIB ,"PEM lib"},
-{ERR_R_DSA_LIB ,"DSA lib"},
-{ERR_R_X509_LIB ,"X509 lib"},
-{ERR_R_ASN1_LIB ,"ASN1 lib"},
-{ERR_R_CONF_LIB ,"CONF lib"},
-{ERR_R_CRYPTO_LIB ,"CRYPTO lib"},
-{ERR_R_EC_LIB ,"EC lib"},
-{ERR_R_SSL_LIB ,"SSL lib"},
-{ERR_R_BIO_LIB ,"BIO lib"},
-{ERR_R_PKCS7_LIB ,"PKCS7 lib"},
-{ERR_R_X509V3_LIB ,"X509V3 lib"},
-{ERR_R_PKCS12_LIB ,"PKCS12 lib"},
-{ERR_R_RAND_LIB ,"RAND lib"},
-{ERR_R_DSO_LIB ,"DSO lib"},
-{ERR_R_ENGINE_LIB ,"ENGINE lib"},
-{ERR_R_OCSP_LIB ,"OCSP lib"},
-
-{ERR_R_NESTED_ASN1_ERROR ,"nested asn1 error"},
-{ERR_R_BAD_ASN1_OBJECT_HEADER ,"bad asn1 object header"},
-{ERR_R_BAD_GET_ASN1_OBJECT_CALL ,"bad get asn1 object call"},
-{ERR_R_EXPECTING_AN_ASN1_SEQUENCE ,"expecting an asn1 sequence"},
-{ERR_R_ASN1_LENGTH_MISMATCH ,"asn1 length mismatch"},
-{ERR_R_MISSING_ASN1_EOS ,"missing asn1 eos"},
-
-{ERR_R_FATAL ,"fatal"},
-{ERR_R_MALLOC_FAILURE ,"malloc failure"},
-{ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED ,"called a function you should not call"},
-{ERR_R_PASSED_NULL_PARAMETER ,"passed a null parameter"},
-{ERR_R_INTERNAL_ERROR ,"internal error"},
-{ERR_R_DISABLED ,"called a function that was disabled at compile-time"},
-
-{0,NULL},
- };
-#endif
-
-
-/* Define the predeclared (but externally opaque) "ERR_FNS" type */
-struct st_ERR_FNS
- {
- /* Works on the "error_hash" string table */
- LHASH *(*cb_err_get)(int create);
- void (*cb_err_del)(void);
- ERR_STRING_DATA *(*cb_err_get_item)(const ERR_STRING_DATA *);
- ERR_STRING_DATA *(*cb_err_set_item)(ERR_STRING_DATA *);
- ERR_STRING_DATA *(*cb_err_del_item)(ERR_STRING_DATA *);
- /* Works on the "thread_hash" error-state table */
- LHASH *(*cb_thread_get)(int create);
- void (*cb_thread_release)(LHASH **hash);
- ERR_STATE *(*cb_thread_get_item)(const ERR_STATE *);
- ERR_STATE *(*cb_thread_set_item)(ERR_STATE *);
- void (*cb_thread_del_item)(const ERR_STATE *);
- /* Returns the next available error "library" numbers */
- int (*cb_get_next_lib)(void);
- };
-
-/* Predeclarations of the "err_defaults" functions */
-static LHASH *int_err_get(int create);
-static void int_err_del(void);
-static ERR_STRING_DATA *int_err_get_item(const ERR_STRING_DATA *);
-static ERR_STRING_DATA *int_err_set_item(ERR_STRING_DATA *);
-static ERR_STRING_DATA *int_err_del_item(ERR_STRING_DATA *);
-static LHASH *int_thread_get(int create);
-static void int_thread_release(LHASH **hash);
-static ERR_STATE *int_thread_get_item(const ERR_STATE *);
-static ERR_STATE *int_thread_set_item(ERR_STATE *);
-static void int_thread_del_item(const ERR_STATE *);
-static int int_err_get_next_lib(void);
-/* The static ERR_FNS table using these defaults functions */
-static const ERR_FNS err_defaults =
- {
- int_err_get,
- int_err_del,
- int_err_get_item,
- int_err_set_item,
- int_err_del_item,
- int_thread_get,
- int_thread_release,
- int_thread_get_item,
- int_thread_set_item,
- int_thread_del_item,
- int_err_get_next_lib
- };
-
-/* The replacable table of ERR_FNS functions we use at run-time */
-static const ERR_FNS *err_fns = NULL;
-
-/* Eg. rather than using "err_get()", use "ERRFN(err_get)()". */
-#define ERRFN(a) err_fns->cb_##a
-
-/* The internal state used by "err_defaults" - as such, the setting, reading,
- * creating, and deleting of this data should only be permitted via the
- * "err_defaults" functions. This way, a linked module can completely defer all
- * ERR state operation (together with requisite locking) to the implementations
- * and state in the loading application. */
-static LHASH *int_error_hash = NULL;
-static LHASH *int_thread_hash = NULL;
-static int int_thread_hash_references = 0;
-static int int_err_library_number= ERR_LIB_USER;
-
-/* Internal function that checks whether "err_fns" is set and if not, sets it to
- * the defaults. */
-static void err_fns_check(void)
- {
- if (err_fns) return;
-
- CRYPTO_w_lock(CRYPTO_LOCK_ERR);
- if (!err_fns)
- err_fns = &err_defaults;
- CRYPTO_w_unlock(CRYPTO_LOCK_ERR);
- }
-
-/* API functions to get or set the underlying ERR functions. */
-
-const ERR_FNS *ERR_get_implementation(void)
- {
- err_fns_check();
- return err_fns;
- }
-
-int ERR_set_implementation(const ERR_FNS *fns)
- {
- int ret = 0;
-
- CRYPTO_w_lock(CRYPTO_LOCK_ERR);
- /* It's too late if 'err_fns' is non-NULL. BTW: not much point setting
- * an error is there?! */
- if (!err_fns)
- {
- err_fns = fns;
- ret = 1;
- }
- CRYPTO_w_unlock(CRYPTO_LOCK_ERR);
- return ret;
- }
-
-/* These are the callbacks provided to "lh_new()" when creating the LHASH tables
- * internal to the "err_defaults" implementation. */
-
-/* static unsigned long err_hash(ERR_STRING_DATA *a); */
-static unsigned long err_hash(const void *a_void);
-/* static int err_cmp(ERR_STRING_DATA *a, ERR_STRING_DATA *b); */
-static int err_cmp(const void *a_void, const void *b_void);
-/* static unsigned long pid_hash(ERR_STATE *pid); */
-static unsigned long pid_hash(const void *pid_void);
-/* static int pid_cmp(ERR_STATE *a,ERR_STATE *pid); */
-static int pid_cmp(const void *a_void,const void *pid_void);
-static unsigned long get_error_values(int inc,int top,const char **file,int *line,
- const char **data,int *flags);
-
-/* The internal functions used in the "err_defaults" implementation */
-
-static LHASH *int_err_get(int create)
- {
- LHASH *ret = NULL;
-
- CRYPTO_w_lock(CRYPTO_LOCK_ERR);
- if (!int_error_hash && create)
- {
- CRYPTO_push_info("int_err_get (err.c)");
- int_error_hash = lh_new(err_hash, err_cmp);
- CRYPTO_pop_info();
- }
- if (int_error_hash)
- ret = int_error_hash;
- CRYPTO_w_unlock(CRYPTO_LOCK_ERR);
-
- return ret;
- }
-
-static void int_err_del(void)
- {
- CRYPTO_w_lock(CRYPTO_LOCK_ERR);
- if (int_error_hash)
- {
- lh_free(int_error_hash);
- int_error_hash = NULL;
- }
- CRYPTO_w_unlock(CRYPTO_LOCK_ERR);
- }
-
-static ERR_STRING_DATA *int_err_get_item(const ERR_STRING_DATA *d)
- {
- ERR_STRING_DATA *p;
- LHASH *hash;
-
- err_fns_check();
- hash = ERRFN(err_get)(0);
- if (!hash)
- return NULL;
-
- CRYPTO_r_lock(CRYPTO_LOCK_ERR);
- p = (ERR_STRING_DATA *)lh_retrieve(hash, d);
- CRYPTO_r_unlock(CRYPTO_LOCK_ERR);
-
- return p;
- }
-
-static ERR_STRING_DATA *int_err_set_item(ERR_STRING_DATA *d)
- {
- ERR_STRING_DATA *p;
- LHASH *hash;
-
- err_fns_check();
- hash = ERRFN(err_get)(1);
- if (!hash)
- return NULL;
-
- CRYPTO_w_lock(CRYPTO_LOCK_ERR);
- p = (ERR_STRING_DATA *)lh_insert(hash, d);
- CRYPTO_w_unlock(CRYPTO_LOCK_ERR);
-
- return p;
- }
-
-static ERR_STRING_DATA *int_err_del_item(ERR_STRING_DATA *d)
- {
- ERR_STRING_DATA *p;
- LHASH *hash;
-
- err_fns_check();
- hash = ERRFN(err_get)(0);
- if (!hash)
- return NULL;
-
- CRYPTO_w_lock(CRYPTO_LOCK_ERR);
- p = (ERR_STRING_DATA *)lh_delete(hash, d);
- CRYPTO_w_unlock(CRYPTO_LOCK_ERR);
-
- return p;
- }
-
-static LHASH *int_thread_get(int create)
- {
- LHASH *ret = NULL;
-
- CRYPTO_w_lock(CRYPTO_LOCK_ERR);
- if (!int_thread_hash && create)
- {
- CRYPTO_push_info("int_thread_get (err.c)");
- int_thread_hash = lh_new(pid_hash, pid_cmp);
- CRYPTO_pop_info();
- }
- if (int_thread_hash)
- {
- int_thread_hash_references++;
- ret = int_thread_hash;
- }
- CRYPTO_w_unlock(CRYPTO_LOCK_ERR);
- return ret;
- }
-
-static void int_thread_release(LHASH **hash)
- {
- int i;
-
- if (hash == NULL || *hash == NULL)
- return;
-
- i = CRYPTO_add(&int_thread_hash_references, -1, CRYPTO_LOCK_ERR);
-
-#ifdef REF_PRINT
- fprintf(stderr,"%4d:%s\n",int_thread_hash_references,"ERR");
-#endif
- if (i > 0) return;
-#ifdef REF_CHECK
- if (i < 0)
- {
- fprintf(stderr,"int_thread_release, bad reference count\n");
- abort(); /* ok */
- }
-#endif
- *hash = NULL;
- }
-
-static ERR_STATE *int_thread_get_item(const ERR_STATE *d)
- {
- ERR_STATE *p;
- LHASH *hash;
-
- err_fns_check();
- hash = ERRFN(thread_get)(0);
- if (!hash)
- return NULL;
-
- CRYPTO_r_lock(CRYPTO_LOCK_ERR);
- p = (ERR_STATE *)lh_retrieve(hash, d);
- CRYPTO_r_unlock(CRYPTO_LOCK_ERR);
-
- ERRFN(thread_release)(&hash);
- return p;
- }
-
-static ERR_STATE *int_thread_set_item(ERR_STATE *d)
- {
- ERR_STATE *p;
- LHASH *hash;
-
- err_fns_check();
- hash = ERRFN(thread_get)(1);
- if (!hash)
- return NULL;
-
- CRYPTO_w_lock(CRYPTO_LOCK_ERR);
- p = (ERR_STATE *)lh_insert(hash, d);
- CRYPTO_w_unlock(CRYPTO_LOCK_ERR);
-
- ERRFN(thread_release)(&hash);
- return p;
- }
-
-static void int_thread_del_item(const ERR_STATE *d)
- {
- ERR_STATE *p;
- LHASH *hash;
-
- err_fns_check();
- hash = ERRFN(thread_get)(0);
- if (!hash)
- return;
-
- CRYPTO_w_lock(CRYPTO_LOCK_ERR);
- p = (ERR_STATE *)lh_delete(hash, d);
- /* make sure we don't leak memory */
- if (int_thread_hash_references == 1
- && int_thread_hash && (lh_num_items(int_thread_hash) == 0))
- {
- lh_free(int_thread_hash);
- int_thread_hash = NULL;
- }
- CRYPTO_w_unlock(CRYPTO_LOCK_ERR);
-
- ERRFN(thread_release)(&hash);
- if (p)
- ERR_STATE_free(p);
- }
-
-static int int_err_get_next_lib(void)
- {
- int ret;
-
- CRYPTO_w_lock(CRYPTO_LOCK_ERR);
- ret = int_err_library_number++;
- CRYPTO_w_unlock(CRYPTO_LOCK_ERR);
-
- return ret;
- }
-
-
-#ifndef OPENSSL_NO_ERR
-#define NUM_SYS_STR_REASONS 127
-#define LEN_SYS_STR_REASON 32
-
-static ERR_STRING_DATA SYS_str_reasons[NUM_SYS_STR_REASONS + 1];
-/* SYS_str_reasons is filled with copies of strerror() results at
- * initialization.
- * 'errno' values up to 127 should cover all usual errors,
- * others will be displayed numerically by ERR_error_string.
- * It is crucial that we have something for each reason code
- * that occurs in ERR_str_reasons, or bogus reason strings
- * will be returned for SYSerr(), which always gets an errno
- * value and never one of those 'standard' reason codes. */
-
-static void build_SYS_str_reasons(void)
- {
- /* OPENSSL_malloc cannot be used here, use static storage instead */
- static char strerror_tab[NUM_SYS_STR_REASONS][LEN_SYS_STR_REASON];
- int i;
- static int init = 1;
-
- CRYPTO_r_lock(CRYPTO_LOCK_ERR);
- if (!init)
- {
- CRYPTO_r_unlock(CRYPTO_LOCK_ERR);
- return;
- }
-
- CRYPTO_r_unlock(CRYPTO_LOCK_ERR);
- CRYPTO_w_lock(CRYPTO_LOCK_ERR);
- if (!init)
- {
- CRYPTO_w_unlock(CRYPTO_LOCK_ERR);
- return;
- }
-
- for (i = 1; i <= NUM_SYS_STR_REASONS; i++)
- {
- ERR_STRING_DATA *str = &SYS_str_reasons[i - 1];
-
- str->error = (unsigned long)i;
- if (str->string == NULL)
- {
- char (*dest)[LEN_SYS_STR_REASON] = &(strerror_tab[i - 1]);
- char *src = strerror(i);
- if (src != NULL)
- {
- strncpy(*dest, src, sizeof *dest);
- (*dest)[sizeof *dest - 1] = '\0';
- str->string = *dest;
- }
- }
- if (str->string == NULL)
- str->string = "unknown";
- }
-
- /* Now we still have SYS_str_reasons[NUM_SYS_STR_REASONS] = {0, NULL},
- * as required by ERR_load_strings. */
-
- init = 0;
-
- CRYPTO_w_unlock(CRYPTO_LOCK_ERR);
- }
-#endif
+static unsigned long get_error_values(int inc,int top,
+ const char **file,int *line,
+ const char **data,int *flags);
#define err_clear_data(p,i) \
do { \
@@ -614,68 +143,6 @@ static void build_SYS_str_reasons(void)
(p)->err_line[i]= -1; \
} while(0)
-static void ERR_STATE_free(ERR_STATE *s)
- {
- int i;
-
- if (s == NULL)
- return;
-
- for (i=0; i<ERR_NUM_ERRORS; i++)
- {
- err_clear_data(s,i);
- }
- OPENSSL_free(s);
- }
-
-void ERR_load_ERR_strings(void)
- {
- err_fns_check();
-#ifndef OPENSSL_NO_ERR
- err_load_strings(0,ERR_str_libraries);
- err_load_strings(0,ERR_str_reasons);
- err_load_strings(ERR_LIB_SYS,ERR_str_functs);
- build_SYS_str_reasons();
- err_load_strings(ERR_LIB_SYS,SYS_str_reasons);
-#endif
- }
-
-static void err_load_strings(int lib, ERR_STRING_DATA *str)
- {
- while (str->error)
- {
- if (lib)
- str->error|=ERR_PACK(lib,0,0);
- ERRFN(err_set_item)(str);
- str++;
- }
- }
-
-void ERR_load_strings(int lib, ERR_STRING_DATA *str)
- {
- ERR_load_ERR_strings();
- err_load_strings(lib, str);
- }
-
-void ERR_unload_strings(int lib, ERR_STRING_DATA *str)
- {
- while (str->error)
- {
- if (lib)
- str->error|=ERR_PACK(lib,0,0);
- ERRFN(err_del_item)(str);
- str++;
- }
- }
-
-void ERR_free_strings(void)
- {
- err_fns_check();
- ERRFN(err_del)();
- }
-
-/********************************************************/
-
void ERR_put_error(int lib, int func, int reason, const char *file,
int line)
{
@@ -830,218 +297,6 @@ static unsigned long get_error_values(int inc, int top, const char **file, int *
return ret;
}
-void ERR_error_string_n(unsigned long e, char *buf, size_t len)
- {
- char lsbuf[64], fsbuf[64], rsbuf[64];
- const char *ls,*fs,*rs;
- unsigned long l,f,r;
-
- l=ERR_GET_LIB(e);
- f=ERR_GET_FUNC(e);
- r=ERR_GET_REASON(e);
-
- ls=ERR_lib_error_string(e);
- fs=ERR_func_error_string(e);
- rs=ERR_reason_error_string(e);
-
- if (ls == NULL)
- BIO_snprintf(lsbuf, sizeof(lsbuf), "lib(%lu)", l);
- if (fs == NULL)
- BIO_snprintf(fsbuf, sizeof(fsbuf), "func(%lu)", f);
- if (rs == NULL)
- BIO_snprintf(rsbuf, sizeof(rsbuf), "reason(%lu)", r);
-
- BIO_snprintf(buf, len,"error:%08lX:%s:%s:%s", e, ls?ls:lsbuf,
- fs?fs:fsbuf, rs?rs:rsbuf);
- if (strlen(buf) == len-1)
- {
- /* output may be truncated; make sure we always have 5
- * colon-separated fields, i.e. 4 colons ... */
-#define NUM_COLONS 4
- if (len > NUM_COLONS) /* ... if possible */
- {
- int i;
- char *s = buf;
-
- for (i = 0; i < NUM_COLONS; i++)
- {
- char *colon = strchr(s, ':');
- if (colon == NULL || colon > &buf[len-1] - NUM_COLONS + i)
- {
- /* set colon no. i at last possible position
- * (buf[len-1] is the terminating 0)*/
- colon = &buf[len-1] - NUM_COLONS + i;
- *colon = ':';
- }
- s = colon + 1;
- }
- }
- }
- }
-
-/* BAD for multi-threading: uses a local buffer if ret == NULL */
-/* ERR_error_string_n should be used instead for ret != NULL
- * as ERR_error_string cannot know how large the buffer is */
-char *ERR_error_string(unsigned long e, char *ret)
- {
- static char buf[256];
-
- if (ret == NULL) ret=buf;
- ERR_error_string_n(e, ret, 256);
-
- return ret;
- }
-
-LHASH *ERR_get_string_table(void)
- {
- err_fns_check();
- return ERRFN(err_get)(0);
- }
-
-LHASH *ERR_get_err_state_table(void)
- {
- err_fns_check();
- return ERRFN(thread_get)(0);
- }
-
-void ERR_release_err_state_table(LHASH **hash)
- {
- err_fns_check();
- ERRFN(thread_release)(hash);
- }
-
-const char *ERR_lib_error_string(unsigned long e)
- {
- ERR_STRING_DATA d,*p;
- unsigned long l;
-
- err_fns_check();
- l=ERR_GET_LIB(e);
- d.error=ERR_PACK(l,0,0);
- p=ERRFN(err_get_item)(&d);
- return((p == NULL)?NULL:p->string);
- }
-
-const char *ERR_func_error_string(unsigned long e)
- {
- ERR_STRING_DATA d,*p;
- unsigned long l,f;
-
- err_fns_check();
- l=ERR_GET_LIB(e);
- f=ERR_GET_FUNC(e);
- d.error=ERR_PACK(l,f,0);
- p=ERRFN(err_get_item)(&d);
- return((p == NULL)?NULL:p->string);
- }
-
-const char *ERR_reason_error_string(unsigned long e)
- {
- ERR_STRING_DATA d,*p=NULL;
- unsigned long l,r;
-
- err_fns_check();
- l=ERR_GET_LIB(e);
- r=ERR_GET_REASON(e);
- d.error=ERR_PACK(l,0,r);
- p=ERRFN(err_get_item)(&d);
- if (!p)
- {
- d.error=ERR_PACK(0,0,r);
- p=ERRFN(err_get_item)(&d);
- }
- return((p == NULL)?NULL:p->string);
- }
-
-/* static unsigned long err_hash(ERR_STRING_DATA *a) */
-static unsigned long err_hash(const void *a_void)
- {
- unsigned long ret,l;
-
- l=((const ERR_STRING_DATA *)a_void)->error;
- ret=l^ERR_GET_LIB(l)^ERR_GET_FUNC(l);
- return(ret^ret%19*13);
- }
-
-/* static int err_cmp(ERR_STRING_DATA *a, ERR_STRING_DATA *b) */
-static int err_cmp(const void *a_void, const void *b_void)
- {
- return((int)(((const ERR_STRING_DATA *)a_void)->error -
- ((const ERR_STRING_DATA *)b_void)->error));
- }
-
-/* static unsigned long pid_hash(ERR_STATE *a) */
-static unsigned long pid_hash(const void *a_void)
- {
- return(((const ERR_STATE *)a_void)->pid*13);
- }
-
-/* static int pid_cmp(ERR_STATE *a, ERR_STATE *b) */
-static int pid_cmp(const void *a_void, const void *b_void)
- {
- return((int)((long)((const ERR_STATE *)a_void)->pid -
- (long)((const ERR_STATE *)b_void)->pid));
- }
-
-void ERR_remove_state(unsigned long pid)
- {
- ERR_STATE tmp;
-
- err_fns_check();
- if (pid == 0)
- pid=(unsigned long)CRYPTO_thread_id();
- tmp.pid=pid;
- /* thread_del_item automatically destroys the LHASH if the number of
- * items reaches zero. */
- ERRFN(thread_del_item)(&tmp);
- }
-
-ERR_STATE *ERR_get_state(void)
- {
- static ERR_STATE fallback;
- ERR_STATE *ret,tmp,*tmpp=NULL;
- int i;
- unsigned long pid;
-
- err_fns_check();
- pid=(unsigned long)CRYPTO_thread_id();
- tmp.pid=pid;
- ret=ERRFN(thread_get_item)(&tmp);
-
- /* ret == the error state, if NULL, make a new one */
- if (ret == NULL)
- {
- ret=(ERR_STATE *)OPENSSL_malloc(sizeof(ERR_STATE));
- if (ret == NULL) return(&fallback);
- ret->pid=pid;
- ret->top=0;
- ret->bottom=0;
- for (i=0; i<ERR_NUM_ERRORS; i++)
- {
- ret->err_data[i]=NULL;
- ret->err_data_flags[i]=0;
- }
- tmpp = ERRFN(thread_set_item)(ret);
- /* To check if insertion failed, do a get. */
- if (ERRFN(thread_get_item)(ret) != ret)
- {
- ERR_STATE_free(ret); /* could not insert it */
- return(&fallback);
- }
- /* If a race occured in this function and we came second, tmpp
- * is the first one that we just replaced. */
- if (tmpp)
- ERR_STATE_free(tmpp);
- }
- return ret;
- }
-
-int ERR_get_next_error_library(void)
- {
- err_fns_check();
- return ERRFN(get_next_lib)();
- }
-
void ERR_set_error_data(char *data, int flags)
{
ERR_STATE *es;
@@ -1128,3 +383,34 @@ int ERR_pop_to_mark(void)
es->err_flags[es->top]&=~ERR_FLAG_MARK;
return 1;
}
+
+#ifdef OPENSSL_FIPS
+
+static ERR_STATE *fget_state(void)
+ {
+ static ERR_STATE fstate;
+ return &fstate;
+ }
+
+ERR_STATE *(*get_state_func)(void) = fget_state;
+void (*remove_state_func)(unsigned long pid);
+
+ERR_STATE *ERR_get_state(void)
+ {
+ return get_state_func();
+ }
+
+void int_ERR_set_state_func(ERR_STATE *(*get_func)(void),
+ void (*remove_func)(unsigned long pid))
+ {
+ get_state_func = get_func;
+ remove_state_func = remove_func;
+ }
+
+void ERR_remove_state(unsigned long pid)
+ {
+ if (remove_state_func)
+ remove_state_func(pid);
+ }
+
+#endif
diff --git a/lib/libcrypto/err/err.h b/lib/libcrypto/err/err.h
index 8d9f0da172e..dcac4152310 100644
--- a/lib/libcrypto/err/err.h
+++ b/lib/libcrypto/err/err.h
@@ -142,6 +142,7 @@ typedef struct err_state_st
#define ERR_LIB_STORE 44
#define ERR_LIB_FIPS 45
#define ERR_LIB_CMS 46
+#define ERR_LIB_JPAKE 47
#define ERR_LIB_USER 128
@@ -175,6 +176,7 @@ typedef struct err_state_st
#define STOREerr(f,r) ERR_PUT_error(ERR_LIB_STORE,(f),(r),__FILE__,__LINE__)
#define FIPSerr(f,r) ERR_PUT_error(ERR_LIB_FIPS,(f),(r),__FILE__,__LINE__)
#define CMSerr(f,r) ERR_PUT_error(ERR_LIB_CMS,(f),(r),__FILE__,__LINE__)
+#define JPAKEerr(f,r) ERR_PUT_error(ERR_LIB_JPAKE,(f),(r),__FILE__,__LINE__)
/* Borland C seems too stupid to be able to shift and do longs in
* the pre-processor :-( */
@@ -306,6 +308,12 @@ int ERR_get_next_error_library(void);
int ERR_set_mark(void);
int ERR_pop_to_mark(void);
+#ifdef OPENSSL_FIPS
+void int_ERR_set_state_func(ERR_STATE *(*get_func)(void),
+ void (*remove_func)(unsigned long pid));
+void int_ERR_lib_init(void);
+#endif
+
/* Already defined in ossl_typ.h */
/* typedef struct st_ERR_FNS ERR_FNS; */
/* An application can use this function and provide the return value to loaded
diff --git a/lib/libcrypto/err/err_all.c b/lib/libcrypto/err/err_all.c
index 5813060ce24..f21a5276ed7 100644
--- a/lib/libcrypto/err/err_all.c
+++ b/lib/libcrypto/err/err_all.c
@@ -94,9 +94,16 @@
#include <openssl/ui.h>
#include <openssl/ocsp.h>
#include <openssl/err.h>
+#ifdef OPENSSL_FIPS
+#include <openssl/fips.h>
+#endif
+
#ifndef OPENSSL_NO_CMS
#include <openssl/cms.h>
#endif
+#ifndef OPENSSL_NO_JPAKE
+#include <openssl/jpake.h>
+#endif
void ERR_load_crypto_strings(void)
{
@@ -141,8 +148,14 @@ void ERR_load_crypto_strings(void)
#endif
ERR_load_OCSP_strings();
ERR_load_UI_strings();
+#ifdef OPENSSL_FIPS
+ ERR_load_FIPS_strings();
+#endif
#ifndef OPENSSL_NO_CMS
ERR_load_CMS_strings();
#endif
+#ifndef OPENSSL_NO_JPAKE
+ ERR_load_JPAKE_strings();
+#endif
#endif
}
diff --git a/lib/libcrypto/err/err_prn.c b/lib/libcrypto/err/err_prn.c
index 2224a901e5e..4cdf342fa63 100644
--- a/lib/libcrypto/err/err_prn.c
+++ b/lib/libcrypto/err/err_prn.c
@@ -86,12 +86,7 @@ void ERR_print_errors_cb(int (*cb)(const char *str, size_t len, void *u),
#ifndef OPENSSL_NO_FP_API
static int print_fp(const char *str, size_t len, void *fp)
{
- BIO bio;
-
- BIO_set(&bio,BIO_s_file());
- BIO_set_fp(&bio,fp,BIO_NOCLOSE);
-
- return BIO_printf(&bio, "%s", str);
+ return fwrite(str, 1, len, fp);
}
void ERR_print_errors_fp(FILE *fp)
{
@@ -99,13 +94,64 @@ void ERR_print_errors_fp(FILE *fp)
}
#endif
-static int print_bio(const char *str, size_t len, void *bp)
+void ERR_error_string_n(unsigned long e, char *buf, size_t len)
{
- return BIO_write((BIO *)bp, str, len);
+ char lsbuf[64], fsbuf[64], rsbuf[64];
+ const char *ls,*fs,*rs;
+ unsigned long l,f,r;
+
+ l=ERR_GET_LIB(e);
+ f=ERR_GET_FUNC(e);
+ r=ERR_GET_REASON(e);
+
+ ls=ERR_lib_error_string(e);
+ fs=ERR_func_error_string(e);
+ rs=ERR_reason_error_string(e);
+
+ if (ls == NULL)
+ BIO_snprintf(lsbuf, sizeof(lsbuf), "lib(%lu)", l);
+ if (fs == NULL)
+ BIO_snprintf(fsbuf, sizeof(fsbuf), "func(%lu)", f);
+ if (rs == NULL)
+ BIO_snprintf(rsbuf, sizeof(rsbuf), "reason(%lu)", r);
+
+ BIO_snprintf(buf, len,"error:%08lX:%s:%s:%s", e, ls?ls:lsbuf,
+ fs?fs:fsbuf, rs?rs:rsbuf);
+ if (strlen(buf) == len-1)
+ {
+ /* output may be truncated; make sure we always have 5
+ * colon-separated fields, i.e. 4 colons ... */
+#define NUM_COLONS 4
+ if (len > NUM_COLONS) /* ... if possible */
+ {
+ int i;
+ char *s = buf;
+
+ for (i = 0; i < NUM_COLONS; i++)
+ {
+ char *colon = strchr(s, ':');
+ if (colon == NULL || colon > &buf[len-1] - NUM_COLONS + i)
+ {
+ /* set colon no. i at last possible position
+ * (buf[len-1] is the terminating 0)*/
+ colon = &buf[len-1] - NUM_COLONS + i;
+ *colon = ':';
+ }
+ s = colon + 1;
+ }
+ }
+ }
}
-void ERR_print_errors(BIO *bp)
+
+/* BAD for multi-threading: uses a local buffer if ret == NULL */
+/* ERR_error_string_n should be used instead for ret != NULL
+ * as ERR_error_string cannot know how large the buffer is */
+char *ERR_error_string(unsigned long e, char *ret)
{
- ERR_print_errors_cb(print_bio, bp);
- }
+ static char buf[256];
+
+ if (ret == NULL) ret=buf;
+ ERR_error_string_n(e, ret, 256);
-
+ return ret;
+ }
diff --git a/lib/libcrypto/err/openssl.ec b/lib/libcrypto/err/openssl.ec
index 1938f081ac5..868826624db 100644
--- a/lib/libcrypto/err/openssl.ec
+++ b/lib/libcrypto/err/openssl.ec
@@ -31,7 +31,9 @@ L COMP crypto/comp/comp.h crypto/comp/comp_err.c
L ECDSA crypto/ecdsa/ecdsa.h crypto/ecdsa/ecs_err.c
L ECDH crypto/ecdh/ecdh.h crypto/ecdh/ech_err.c
L STORE crypto/store/store.h crypto/store/str_err.c
+L FIPS fips/fips.h crypto/fips_err.h
L CMS crypto/cms/cms.h crypto/cms/cms_err.c
+L JPAKE crypto/jpake/jpake.h crypto/jpake/jpake_err.c
# additional header files to be scanned for function names
L NONE crypto/x509/x509_vfy.h NONE
diff --git a/lib/libcrypto/evp/Makefile b/lib/libcrypto/evp/Makefile
index 9de56dc03d7..c204f84c1d6 100644
--- a/lib/libcrypto/evp/Makefile
+++ b/lib/libcrypto/evp/Makefile
@@ -18,10 +18,10 @@ TESTDATA=evptests.txt
APPS=
LIB=$(TOP)/libcrypto.a
-LIBSRC= encode.c digest.c evp_enc.c evp_key.c evp_acnf.c \
+LIBSRC= encode.c digest.c dig_eng.c evp_enc.c evp_key.c evp_acnf.c evp_cnf.c \
e_des.c e_bf.c e_idea.c e_des3.c e_camellia.c\
e_rc4.c e_aes.c names.c e_seed.c \
- e_xcbc_d.c e_rc2.c e_cast.c e_rc5.c \
+ e_xcbc_d.c e_rc2.c e_cast.c e_rc5.c enc_min.c \
m_null.c m_md2.c m_md4.c m_md5.c m_sha.c m_sha1.c \
m_dss.c m_dss1.c m_mdc2.c m_ripemd.c m_ecdsa.c\
p_open.c p_seal.c p_sign.c p_verify.c p_lib.c p_enc.c p_dec.c \
@@ -30,10 +30,10 @@ LIBSRC= encode.c digest.c evp_enc.c evp_key.c evp_acnf.c \
evp_pkey.c evp_pbe.c p5_crpt.c p5_crpt2.c \
e_old.c
-LIBOBJ= encode.o digest.o evp_enc.o evp_key.o evp_acnf.o \
+LIBOBJ= encode.o digest.o dig_eng.o evp_enc.o evp_key.o evp_acnf.o evp_cnf.o \
e_des.o e_bf.o e_idea.o e_des3.o e_camellia.o\
e_rc4.o e_aes.o names.o e_seed.o \
- e_xcbc_d.o e_rc2.o e_cast.o e_rc5.o \
+ e_xcbc_d.o e_rc2.o e_cast.o e_rc5.o enc_min.o \
m_null.o m_md2.o m_md4.o m_md5.o m_sha.o m_sha1.o \
m_dss.o m_dss1.o m_mdc2.o m_ripemd.o m_ecdsa.o\
p_open.o p_seal.o p_sign.o p_verify.o p_lib.o p_enc.o p_dec.o \
@@ -55,7 +55,7 @@ top:
all: lib
lib: $(LIBOBJ)
- $(AR) $(LIB) $(LIBOBJ)
+ $(ARX) $(LIB) $(LIBOBJ)
$(RANLIB) $(LIB) || echo Never mind.
@touch lib
@@ -101,177 +101,201 @@ bio_b64.o: ../../e_os.h ../../include/openssl/asn1.h
bio_b64.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
bio_b64.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
bio_b64.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-bio_b64.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-bio_b64.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-bio_b64.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-bio_b64.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-bio_b64.o: ../../include/openssl/symhacks.h ../cryptlib.h bio_b64.c
+bio_b64.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+bio_b64.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+bio_b64.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+bio_b64.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
+bio_b64.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+bio_b64.o: ../cryptlib.h bio_b64.c
bio_enc.o: ../../e_os.h ../../include/openssl/asn1.h
bio_enc.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
bio_enc.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
bio_enc.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-bio_enc.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-bio_enc.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-bio_enc.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-bio_enc.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-bio_enc.o: ../../include/openssl/symhacks.h ../cryptlib.h bio_enc.c
+bio_enc.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+bio_enc.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+bio_enc.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+bio_enc.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
+bio_enc.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+bio_enc.o: ../cryptlib.h bio_enc.c
bio_md.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
bio_md.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
bio_md.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-bio_md.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-bio_md.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-bio_md.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-bio_md.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
-bio_md.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-bio_md.o: ../cryptlib.h bio_md.c
+bio_md.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+bio_md.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+bio_md.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+bio_md.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+bio_md.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+bio_md.o: ../../include/openssl/symhacks.h ../cryptlib.h bio_md.c
bio_ok.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
bio_ok.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
bio_ok.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-bio_ok.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-bio_ok.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-bio_ok.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-bio_ok.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h
-bio_ok.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-bio_ok.o: ../../include/openssl/symhacks.h ../cryptlib.h bio_ok.c
+bio_ok.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+bio_ok.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+bio_ok.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+bio_ok.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+bio_ok.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
+bio_ok.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+bio_ok.o: ../cryptlib.h bio_ok.c
c_all.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
c_all.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
c_all.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
c_all.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
c_all.o: ../../include/openssl/engine.h ../../include/openssl/err.h
-c_all.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-c_all.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-c_all.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-c_all.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
-c_all.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-c_all.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-c_all.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-c_all.o: ../cryptlib.h c_all.c
+c_all.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+c_all.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+c_all.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+c_all.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+c_all.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+c_all.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+c_all.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+c_all.o: ../../include/openssl/x509_vfy.h ../cryptlib.h c_all.c
c_allc.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
c_allc.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
c_allc.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
c_allc.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
c_allc.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-c_allc.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-c_allc.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-c_allc.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-c_allc.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h
-c_allc.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-c_allc.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-c_allc.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-c_allc.o: ../cryptlib.h c_allc.c
+c_allc.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+c_allc.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+c_allc.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+c_allc.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs12.h
+c_allc.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+c_allc.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+c_allc.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+c_allc.o: ../../include/openssl/x509_vfy.h ../cryptlib.h c_allc.c
c_alld.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
c_alld.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
c_alld.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
c_alld.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
c_alld.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-c_alld.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-c_alld.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-c_alld.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-c_alld.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h
-c_alld.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-c_alld.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-c_alld.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-c_alld.o: ../cryptlib.h c_alld.c
+c_alld.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+c_alld.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+c_alld.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+c_alld.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs12.h
+c_alld.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+c_alld.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+c_alld.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+c_alld.o: ../../include/openssl/x509_vfy.h ../cryptlib.h c_alld.c
+dig_eng.o: ../../e_os.h ../../include/openssl/asn1.h
+dig_eng.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+dig_eng.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+dig_eng.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+dig_eng.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h
+dig_eng.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+dig_eng.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+dig_eng.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+dig_eng.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+dig_eng.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+dig_eng.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+dig_eng.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+dig_eng.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+dig_eng.o: ../cryptlib.h dig_eng.c evp_locl.h
digest.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
digest.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
digest.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
digest.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
digest.o: ../../include/openssl/engine.h ../../include/openssl/err.h
-digest.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-digest.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-digest.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-digest.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
-digest.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-digest.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-digest.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-digest.o: ../cryptlib.h digest.c
+digest.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+digest.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+digest.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+digest.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+digest.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+digest.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+digest.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+digest.o: ../../include/openssl/x509_vfy.h ../cryptlib.h digest.c evp_locl.h
e_aes.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
e_aes.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h
e_aes.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-e_aes.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-e_aes.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-e_aes.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-e_aes.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
-e_aes.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h e_aes.c
-e_aes.o: evp_locl.h
+e_aes.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+e_aes.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+e_aes.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+e_aes.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+e_aes.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+e_aes.o: ../../include/openssl/symhacks.h e_aes.c evp_locl.h
e_bf.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
e_bf.o: ../../include/openssl/blowfish.h ../../include/openssl/buffer.h
e_bf.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
e_bf.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-e_bf.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-e_bf.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-e_bf.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-e_bf.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-e_bf.o: ../../include/openssl/symhacks.h ../cryptlib.h e_bf.c evp_locl.h
+e_bf.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+e_bf.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+e_bf.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+e_bf.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
+e_bf.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+e_bf.o: ../cryptlib.h e_bf.c evp_locl.h
e_camellia.o: ../../include/openssl/opensslconf.h e_camellia.c
e_cast.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
e_cast.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
e_cast.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
e_cast.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-e_cast.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-e_cast.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-e_cast.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-e_cast.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-e_cast.o: ../../include/openssl/symhacks.h ../cryptlib.h e_cast.c evp_locl.h
+e_cast.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+e_cast.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+e_cast.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+e_cast.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
+e_cast.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+e_cast.o: ../cryptlib.h e_cast.c evp_locl.h
e_des.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
e_des.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
e_des.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
e_des.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-e_des.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-e_des.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-e_des.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-e_des.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h
-e_des.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-e_des.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
-e_des.o: ../../include/openssl/ui_compat.h ../cryptlib.h e_des.c evp_locl.h
+e_des.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+e_des.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+e_des.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+e_des.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+e_des.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
+e_des.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+e_des.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+e_des.o: ../cryptlib.h e_des.c evp_locl.h
e_des3.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
e_des3.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
e_des3.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
e_des3.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-e_des3.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-e_des3.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-e_des3.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-e_des3.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h
-e_des3.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-e_des3.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
-e_des3.o: ../../include/openssl/ui_compat.h ../cryptlib.h e_des3.c evp_locl.h
+e_des3.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+e_des3.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+e_des3.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+e_des3.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+e_des3.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
+e_des3.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+e_des3.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+e_des3.o: ../cryptlib.h e_des3.c evp_locl.h
e_idea.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
e_idea.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
e_idea.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-e_idea.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
-e_idea.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-e_idea.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-e_idea.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-e_idea.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-e_idea.o: ../../include/openssl/symhacks.h ../cryptlib.h e_idea.c evp_locl.h
+e_idea.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+e_idea.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+e_idea.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+e_idea.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+e_idea.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
+e_idea.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+e_idea.o: ../cryptlib.h e_idea.c evp_locl.h
e_null.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
e_null.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
e_null.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-e_null.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-e_null.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-e_null.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-e_null.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
-e_null.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-e_null.o: ../cryptlib.h e_null.c
+e_null.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+e_null.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+e_null.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+e_null.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+e_null.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+e_null.o: ../../include/openssl/symhacks.h ../cryptlib.h e_null.c
e_old.o: e_old.c
e_rc2.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
e_rc2.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
e_rc2.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-e_rc2.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-e_rc2.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-e_rc2.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-e_rc2.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rc2.h
-e_rc2.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-e_rc2.o: ../../include/openssl/symhacks.h ../cryptlib.h e_rc2.c evp_locl.h
+e_rc2.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+e_rc2.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+e_rc2.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+e_rc2.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+e_rc2.o: ../../include/openssl/rc2.h ../../include/openssl/safestack.h
+e_rc2.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+e_rc2.o: ../cryptlib.h e_rc2.c evp_locl.h
e_rc4.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
e_rc4.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
e_rc4.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-e_rc4.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-e_rc4.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-e_rc4.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-e_rc4.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rc4.h
-e_rc4.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-e_rc4.o: ../../include/openssl/symhacks.h ../cryptlib.h e_rc4.c
+e_rc4.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+e_rc4.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+e_rc4.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+e_rc4.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+e_rc4.o: ../../include/openssl/rc4.h ../../include/openssl/safestack.h
+e_rc4.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+e_rc4.o: ../cryptlib.h e_rc4.c evp_locl.h
e_rc5.o: ../../e_os.h ../../include/openssl/bio.h
e_rc5.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
e_rc5.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
@@ -282,107 +306,141 @@ e_rc5.o: ../../include/openssl/symhacks.h ../cryptlib.h e_rc5.c
e_seed.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
e_seed.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
e_seed.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-e_seed.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-e_seed.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-e_seed.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-e_seed.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-e_seed.o: ../../include/openssl/symhacks.h e_seed.c
+e_seed.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+e_seed.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+e_seed.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+e_seed.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
+e_seed.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+e_seed.o: e_seed.c
e_xcbc_d.o: ../../e_os.h ../../include/openssl/asn1.h
e_xcbc_d.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
e_xcbc_d.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
e_xcbc_d.o: ../../include/openssl/des_old.h ../../include/openssl/e_os2.h
e_xcbc_d.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-e_xcbc_d.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-e_xcbc_d.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+e_xcbc_d.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+e_xcbc_d.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+e_xcbc_d.o: ../../include/openssl/opensslconf.h
e_xcbc_d.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
e_xcbc_d.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
e_xcbc_d.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
e_xcbc_d.o: ../../include/openssl/ui_compat.h ../cryptlib.h e_xcbc_d.c
+enc_min.o: ../../e_os.h ../../include/openssl/asn1.h
+enc_min.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+enc_min.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+enc_min.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+enc_min.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h
+enc_min.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+enc_min.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+enc_min.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+enc_min.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+enc_min.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+enc_min.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
+enc_min.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+enc_min.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+enc_min.o: ../../include/openssl/x509_vfy.h ../cryptlib.h enc_min.c evp_locl.h
encode.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
encode.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
encode.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-encode.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-encode.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-encode.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-encode.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
-encode.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-encode.o: ../cryptlib.h encode.c
+encode.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+encode.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+encode.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+encode.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+encode.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+encode.o: ../../include/openssl/symhacks.h ../cryptlib.h encode.c
evp_acnf.o: ../../e_os.h ../../include/openssl/asn1.h
evp_acnf.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
evp_acnf.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
evp_acnf.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-evp_acnf.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-evp_acnf.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-evp_acnf.o: ../../include/openssl/opensslconf.h
+evp_acnf.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+evp_acnf.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+evp_acnf.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
evp_acnf.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
evp_acnf.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
evp_acnf.o: ../../include/openssl/symhacks.h ../cryptlib.h evp_acnf.c
+evp_cnf.o: ../../e_os.h ../../include/openssl/asn1.h
+evp_cnf.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+evp_cnf.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+evp_cnf.o: ../../include/openssl/dso.h ../../include/openssl/e_os2.h
+evp_cnf.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+evp_cnf.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+evp_cnf.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+evp_cnf.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+evp_cnf.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+evp_cnf.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+evp_cnf.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+evp_cnf.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+evp_cnf.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+evp_cnf.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+evp_cnf.o: ../cryptlib.h evp_cnf.c
evp_enc.o: ../../e_os.h ../../include/openssl/asn1.h
evp_enc.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
evp_enc.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
evp_enc.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
evp_enc.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h
evp_enc.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-evp_enc.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-evp_enc.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-evp_enc.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-evp_enc.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
-evp_enc.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-evp_enc.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-evp_enc.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-evp_enc.o: ../cryptlib.h evp_enc.c evp_locl.h
+evp_enc.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+evp_enc.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+evp_enc.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+evp_enc.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+evp_enc.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
+evp_enc.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+evp_enc.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+evp_enc.o: ../../include/openssl/x509_vfy.h ../cryptlib.h evp_enc.c evp_locl.h
evp_err.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
evp_err.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
evp_err.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-evp_err.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-evp_err.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-evp_err.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-evp_err.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-evp_err.o: ../../include/openssl/symhacks.h evp_err.c
+evp_err.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+evp_err.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+evp_err.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+evp_err.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
+evp_err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+evp_err.o: evp_err.c
evp_key.o: ../../e_os.h ../../include/openssl/asn1.h
evp_key.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
evp_key.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
evp_key.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
evp_key.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-evp_key.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-evp_key.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-evp_key.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-evp_key.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
-evp_key.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-evp_key.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-evp_key.o: ../../include/openssl/ui.h ../../include/openssl/x509.h
-evp_key.o: ../../include/openssl/x509_vfy.h ../cryptlib.h evp_key.c
+evp_key.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+evp_key.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+evp_key.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+evp_key.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+evp_key.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+evp_key.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+evp_key.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+evp_key.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+evp_key.o: ../cryptlib.h evp_key.c
evp_lib.o: ../../e_os.h ../../include/openssl/asn1.h
evp_lib.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
evp_lib.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
evp_lib.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-evp_lib.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-evp_lib.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-evp_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-evp_lib.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-evp_lib.o: ../../include/openssl/symhacks.h ../cryptlib.h evp_lib.c
+evp_lib.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+evp_lib.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+evp_lib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+evp_lib.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
+evp_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+evp_lib.o: ../cryptlib.h evp_lib.c
evp_pbe.o: ../../e_os.h ../../include/openssl/asn1.h
evp_pbe.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
evp_pbe.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
evp_pbe.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
evp_pbe.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-evp_pbe.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-evp_pbe.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-evp_pbe.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-evp_pbe.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
-evp_pbe.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-evp_pbe.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-evp_pbe.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-evp_pbe.o: ../cryptlib.h evp_pbe.c
+evp_pbe.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+evp_pbe.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+evp_pbe.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+evp_pbe.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+evp_pbe.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+evp_pbe.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+evp_pbe.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+evp_pbe.o: ../../include/openssl/x509_vfy.h ../cryptlib.h evp_pbe.c
evp_pkey.o: ../../e_os.h ../../include/openssl/asn1.h
evp_pkey.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
evp_pkey.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
evp_pkey.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
evp_pkey.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
evp_pkey.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-evp_pkey.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-evp_pkey.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-evp_pkey.o: ../../include/openssl/opensslconf.h
+evp_pkey.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+evp_pkey.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+evp_pkey.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
evp_pkey.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
evp_pkey.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
evp_pkey.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
@@ -394,106 +452,110 @@ m_dss.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
m_dss.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
m_dss.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
m_dss.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-m_dss.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-m_dss.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-m_dss.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-m_dss.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
-m_dss.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-m_dss.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-m_dss.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-m_dss.o: ../cryptlib.h m_dss.c
+m_dss.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+m_dss.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+m_dss.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+m_dss.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+m_dss.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+m_dss.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+m_dss.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+m_dss.o: ../../include/openssl/x509_vfy.h ../cryptlib.h m_dss.c
m_dss1.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
m_dss1.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
m_dss1.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
m_dss1.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
m_dss1.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-m_dss1.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-m_dss1.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-m_dss1.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-m_dss1.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
-m_dss1.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-m_dss1.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-m_dss1.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-m_dss1.o: ../cryptlib.h m_dss1.c
+m_dss1.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+m_dss1.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+m_dss1.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+m_dss1.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+m_dss1.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+m_dss1.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+m_dss1.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+m_dss1.o: ../../include/openssl/x509_vfy.h ../cryptlib.h m_dss1.c
m_ecdsa.o: ../../e_os.h ../../include/openssl/asn1.h
m_ecdsa.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
m_ecdsa.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
m_ecdsa.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
m_ecdsa.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-m_ecdsa.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-m_ecdsa.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-m_ecdsa.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-m_ecdsa.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
-m_ecdsa.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-m_ecdsa.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-m_ecdsa.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-m_ecdsa.o: ../cryptlib.h m_ecdsa.c
+m_ecdsa.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+m_ecdsa.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+m_ecdsa.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+m_ecdsa.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+m_ecdsa.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+m_ecdsa.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+m_ecdsa.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+m_ecdsa.o: ../../include/openssl/x509_vfy.h ../cryptlib.h m_ecdsa.c
m_md2.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
m_md2.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
m_md2.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
m_md2.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
m_md2.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-m_md2.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
-m_md2.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-m_md2.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-m_md2.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
-m_md2.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-m_md2.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-m_md2.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-m_md2.o: ../../include/openssl/x509_vfy.h ../cryptlib.h m_md2.c
+m_md2.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+m_md2.o: ../../include/openssl/md2.h ../../include/openssl/obj_mac.h
+m_md2.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+m_md2.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+m_md2.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h
+m_md2.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+m_md2.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+m_md2.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+m_md2.o: ../cryptlib.h evp_locl.h m_md2.c
m_md4.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
m_md4.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
m_md4.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
m_md4.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
m_md4.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-m_md4.o: ../../include/openssl/lhash.h ../../include/openssl/md4.h
-m_md4.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-m_md4.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-m_md4.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
-m_md4.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-m_md4.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-m_md4.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-m_md4.o: ../../include/openssl/x509_vfy.h ../cryptlib.h m_md4.c
+m_md4.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+m_md4.o: ../../include/openssl/md4.h ../../include/openssl/obj_mac.h
+m_md4.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+m_md4.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+m_md4.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h
+m_md4.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+m_md4.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+m_md4.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+m_md4.o: ../cryptlib.h evp_locl.h m_md4.c
m_md5.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
m_md5.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
m_md5.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
m_md5.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
m_md5.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-m_md5.o: ../../include/openssl/lhash.h ../../include/openssl/md5.h
-m_md5.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-m_md5.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-m_md5.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
-m_md5.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-m_md5.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-m_md5.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-m_md5.o: ../../include/openssl/x509_vfy.h ../cryptlib.h m_md5.c
+m_md5.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+m_md5.o: ../../include/openssl/md5.h ../../include/openssl/obj_mac.h
+m_md5.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+m_md5.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+m_md5.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h
+m_md5.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+m_md5.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+m_md5.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+m_md5.o: ../cryptlib.h evp_locl.h m_md5.c
m_mdc2.o: ../../e_os.h ../../include/openssl/bio.h
m_mdc2.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
m_mdc2.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
m_mdc2.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
m_mdc2.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
m_mdc2.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-m_mdc2.o: ../../include/openssl/symhacks.h ../cryptlib.h m_mdc2.c
+m_mdc2.o: ../../include/openssl/symhacks.h ../cryptlib.h evp_locl.h m_mdc2.c
m_null.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
m_null.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
m_null.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
m_null.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
m_null.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-m_null.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-m_null.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-m_null.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-m_null.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
-m_null.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-m_null.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-m_null.o: ../../include/openssl/x509_vfy.h ../cryptlib.h m_null.c
+m_null.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+m_null.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+m_null.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+m_null.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+m_null.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+m_null.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+m_null.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+m_null.o: ../cryptlib.h m_null.c
m_ripemd.o: ../../e_os.h ../../include/openssl/asn1.h
m_ripemd.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
m_ripemd.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
m_ripemd.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
m_ripemd.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-m_ripemd.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-m_ripemd.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-m_ripemd.o: ../../include/openssl/opensslconf.h
+m_ripemd.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+m_ripemd.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+m_ripemd.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
m_ripemd.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
m_ripemd.o: ../../include/openssl/pkcs7.h ../../include/openssl/ripemd.h
m_ripemd.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
@@ -505,60 +567,62 @@ m_sha.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
m_sha.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
m_sha.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
m_sha.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-m_sha.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-m_sha.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-m_sha.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-m_sha.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h
-m_sha.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-m_sha.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-m_sha.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-m_sha.o: ../cryptlib.h m_sha.c
+m_sha.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+m_sha.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+m_sha.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+m_sha.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+m_sha.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+m_sha.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+m_sha.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+m_sha.o: ../../include/openssl/x509_vfy.h ../cryptlib.h evp_locl.h m_sha.c
m_sha1.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
m_sha1.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
m_sha1.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
m_sha1.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
m_sha1.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-m_sha1.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-m_sha1.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-m_sha1.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-m_sha1.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h
-m_sha1.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-m_sha1.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-m_sha1.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-m_sha1.o: ../cryptlib.h m_sha1.c
+m_sha1.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+m_sha1.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+m_sha1.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+m_sha1.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+m_sha1.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+m_sha1.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+m_sha1.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+m_sha1.o: ../../include/openssl/x509_vfy.h ../cryptlib.h m_sha1.c
names.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
names.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
names.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
names.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
names.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-names.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-names.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-names.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-names.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
-names.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-names.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-names.o: ../../include/openssl/x509_vfy.h ../cryptlib.h names.c
+names.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+names.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+names.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+names.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+names.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+names.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+names.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+names.o: ../cryptlib.h names.c
p5_crpt.o: ../../e_os.h ../../include/openssl/asn1.h
p5_crpt.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
p5_crpt.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
p5_crpt.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
p5_crpt.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-p5_crpt.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-p5_crpt.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-p5_crpt.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-p5_crpt.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
-p5_crpt.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-p5_crpt.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-p5_crpt.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-p5_crpt.o: ../cryptlib.h p5_crpt.c
+p5_crpt.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+p5_crpt.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+p5_crpt.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+p5_crpt.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+p5_crpt.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+p5_crpt.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+p5_crpt.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+p5_crpt.o: ../../include/openssl/x509_vfy.h ../cryptlib.h p5_crpt.c
p5_crpt2.o: ../../e_os.h ../../include/openssl/asn1.h
p5_crpt2.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
p5_crpt2.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
p5_crpt2.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
p5_crpt2.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-p5_crpt2.o: ../../include/openssl/evp.h ../../include/openssl/hmac.h
-p5_crpt2.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-p5_crpt2.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+p5_crpt2.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+p5_crpt2.o: ../../include/openssl/hmac.h ../../include/openssl/lhash.h
+p5_crpt2.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+p5_crpt2.o: ../../include/openssl/opensslconf.h
p5_crpt2.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
p5_crpt2.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
p5_crpt2.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
@@ -569,27 +633,29 @@ p_dec.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
p_dec.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
p_dec.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
p_dec.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-p_dec.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-p_dec.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-p_dec.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-p_dec.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
-p_dec.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-p_dec.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-p_dec.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-p_dec.o: ../../include/openssl/x509_vfy.h ../cryptlib.h p_dec.c
+p_dec.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+p_dec.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+p_dec.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+p_dec.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+p_dec.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h
+p_dec.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+p_dec.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+p_dec.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+p_dec.o: ../cryptlib.h p_dec.c
p_enc.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
p_enc.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
p_enc.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
p_enc.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
p_enc.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-p_enc.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-p_enc.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-p_enc.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-p_enc.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
-p_enc.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-p_enc.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-p_enc.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-p_enc.o: ../../include/openssl/x509_vfy.h ../cryptlib.h p_enc.c
+p_enc.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+p_enc.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+p_enc.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+p_enc.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+p_enc.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h
+p_enc.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+p_enc.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+p_enc.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+p_enc.o: ../cryptlib.h p_enc.c
p_lib.o: ../../e_os.h ../../include/openssl/asn1.h
p_lib.o: ../../include/openssl/asn1_mac.h ../../include/openssl/bio.h
p_lib.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
@@ -597,60 +663,63 @@ p_lib.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
p_lib.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
p_lib.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
p_lib.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-p_lib.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-p_lib.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-p_lib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-p_lib.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
-p_lib.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-p_lib.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-p_lib.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-p_lib.o: ../../include/openssl/x509_vfy.h ../cryptlib.h p_lib.c
+p_lib.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+p_lib.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+p_lib.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+p_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+p_lib.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h
+p_lib.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+p_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+p_lib.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+p_lib.o: ../cryptlib.h p_lib.c
p_open.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
p_open.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
p_open.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
p_open.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
p_open.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-p_open.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-p_open.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-p_open.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-p_open.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h
-p_open.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-p_open.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-p_open.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-p_open.o: ../cryptlib.h p_open.c
+p_open.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+p_open.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+p_open.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+p_open.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+p_open.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+p_open.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+p_open.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+p_open.o: ../../include/openssl/x509_vfy.h ../cryptlib.h p_open.c
p_seal.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
p_seal.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
p_seal.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
p_seal.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
p_seal.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-p_seal.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-p_seal.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-p_seal.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-p_seal.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
-p_seal.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-p_seal.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-p_seal.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-p_seal.o: ../../include/openssl/x509_vfy.h ../cryptlib.h p_seal.c
+p_seal.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+p_seal.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+p_seal.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+p_seal.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+p_seal.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h
+p_seal.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+p_seal.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+p_seal.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+p_seal.o: ../cryptlib.h p_seal.c
p_sign.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
p_sign.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
p_sign.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
p_sign.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
p_sign.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-p_sign.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-p_sign.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-p_sign.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-p_sign.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
-p_sign.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-p_sign.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-p_sign.o: ../../include/openssl/x509_vfy.h ../cryptlib.h p_sign.c
+p_sign.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+p_sign.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+p_sign.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+p_sign.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+p_sign.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+p_sign.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+p_sign.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+p_sign.o: ../cryptlib.h p_sign.c
p_verify.o: ../../e_os.h ../../include/openssl/asn1.h
p_verify.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
p_verify.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
p_verify.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
p_verify.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-p_verify.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-p_verify.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-p_verify.o: ../../include/openssl/opensslconf.h
+p_verify.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+p_verify.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+p_verify.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
p_verify.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
p_verify.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
p_verify.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
diff --git a/lib/libcrypto/evp/bio_md.c b/lib/libcrypto/evp/bio_md.c
index d648ac6da6b..ed5c1135fd4 100644
--- a/lib/libcrypto/evp/bio_md.c
+++ b/lib/libcrypto/evp/bio_md.c
@@ -192,13 +192,8 @@ static long md_ctrl(BIO *b, int cmd, long num, void *ptr)
ret=0;
break;
case BIO_C_GET_MD_CTX:
- if (b->init)
- {
- pctx=ptr;
- *pctx=ctx;
- }
- else
- ret=0;
+ pctx=ptr;
+ *pctx=ctx;
break;
case BIO_C_SET_MD_CTX:
if (b->init)
diff --git a/lib/libcrypto/evp/digest.c b/lib/libcrypto/evp/digest.c
index 762e6d3450d..3bc2d1295c6 100644
--- a/lib/libcrypto/evp/digest.c
+++ b/lib/libcrypto/evp/digest.c
@@ -116,6 +116,7 @@
#ifndef OPENSSL_NO_ENGINE
#include <openssl/engine.h>
#endif
+#include "evp_locl.h"
void EVP_MD_CTX_init(EVP_MD_CTX *ctx)
{
@@ -137,18 +138,77 @@ int EVP_DigestInit(EVP_MD_CTX *ctx, const EVP_MD *type)
return EVP_DigestInit_ex(ctx, type, NULL);
}
-int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl)
+#ifdef OPENSSL_FIPS
+
+/* The purpose of these is to trap programs that attempt to use non FIPS
+ * algorithms in FIPS mode and ignore the errors.
+ */
+
+static int bad_init(EVP_MD_CTX *ctx)
+ { FIPS_ERROR_IGNORED("Digest init"); return 0;}
+
+static int bad_update(EVP_MD_CTX *ctx,const void *data,size_t count)
+ { FIPS_ERROR_IGNORED("Digest update"); return 0;}
+
+static int bad_final(EVP_MD_CTX *ctx,unsigned char *md)
+ { FIPS_ERROR_IGNORED("Digest Final"); return 0;}
+
+static const EVP_MD bad_md =
{
- EVP_MD_CTX_clear_flags(ctx,EVP_MD_CTX_FLAG_CLEANED);
+ 0,
+ 0,
+ 0,
+ 0,
+ bad_init,
+ bad_update,
+ bad_final,
+ NULL,
+ NULL,
+ NULL,
+ 0,
+ {0,0,0,0},
+ };
+
+#endif
+
#ifndef OPENSSL_NO_ENGINE
- /* Whether it's nice or not, "Inits" can be used on "Final"'d contexts
- * so this context may already have an ENGINE! Try to avoid releasing
- * the previous handle, re-querying for an ENGINE, and having a
- * reinitialisation, when it may all be unecessary. */
- if (ctx->engine && ctx->digest && (!type ||
- (type && (type->type == ctx->digest->type))))
- goto skip_to_init;
- if (type)
+
+#ifdef OPENSSL_FIPS
+
+static int do_engine_null(ENGINE *impl) { return 0;}
+static int do_evp_md_engine_null(EVP_MD_CTX *ctx,
+ const EVP_MD **ptype, ENGINE *impl)
+ { return 1; }
+
+static int (*do_engine_init)(ENGINE *impl)
+ = do_engine_null;
+
+static int (*do_engine_finish)(ENGINE *impl)
+ = do_engine_null;
+
+static int (*do_evp_md_engine)
+ (EVP_MD_CTX *ctx, const EVP_MD **ptype, ENGINE *impl)
+ = do_evp_md_engine_null;
+
+void int_EVP_MD_set_engine_callbacks(
+ int (*eng_md_init)(ENGINE *impl),
+ int (*eng_md_fin)(ENGINE *impl),
+ int (*eng_md_evp)
+ (EVP_MD_CTX *ctx, const EVP_MD **ptype, ENGINE *impl))
+ {
+ do_engine_init = eng_md_init;
+ do_engine_finish = eng_md_fin;
+ do_evp_md_engine = eng_md_evp;
+ }
+
+#else
+
+#define do_engine_init ENGINE_init
+#define do_engine_finish ENGINE_finish
+
+static int do_evp_md_engine(EVP_MD_CTX *ctx, const EVP_MD **ptype, ENGINE *impl)
+ {
+ if (*ptype)
{
/* Ensure an ENGINE left lying around from last time is cleared
* (the previous check attempted to avoid this if the same
@@ -159,25 +219,25 @@ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl)
{
if (!ENGINE_init(impl))
{
- EVPerr(EVP_F_EVP_DIGESTINIT_EX,EVP_R_INITIALIZATION_ERROR);
+ EVPerr(EVP_F_DO_EVP_MD_ENGINE,EVP_R_INITIALIZATION_ERROR);
return 0;
}
}
else
/* Ask if an ENGINE is reserved for this job */
- impl = ENGINE_get_digest_engine(type->type);
+ impl = ENGINE_get_digest_engine((*ptype)->type);
if(impl)
{
/* There's an ENGINE for this job ... (apparently) */
- const EVP_MD *d = ENGINE_get_digest(impl, type->type);
+ const EVP_MD *d = ENGINE_get_digest(impl, (*ptype)->type);
if(!d)
{
/* Same comment from evp_enc.c */
- EVPerr(EVP_F_EVP_DIGESTINIT_EX,EVP_R_INITIALIZATION_ERROR);
+ EVPerr(EVP_F_DO_EVP_MD_ENGINE,EVP_R_INITIALIZATION_ERROR);
return 0;
}
/* We'll use the ENGINE's private digest definition */
- type = d;
+ *ptype = d;
/* Store the ENGINE functional reference so we know
* 'type' came from an ENGINE and we need to release
* it when done. */
@@ -189,12 +249,52 @@ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl)
else
if(!ctx->digest)
{
- EVPerr(EVP_F_EVP_DIGESTINIT_EX,EVP_R_NO_DIGEST_SET);
+ EVPerr(EVP_F_DO_EVP_MD_ENGINE,EVP_R_NO_DIGEST_SET);
return 0;
}
+ return 1;
+ }
+
+#endif
+
+#endif
+
+int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl)
+ {
+ M_EVP_MD_CTX_clear_flags(ctx,EVP_MD_CTX_FLAG_CLEANED);
+#ifdef OPENSSL_FIPS
+ if(FIPS_selftest_failed())
+ {
+ FIPSerr(FIPS_F_EVP_DIGESTINIT_EX,FIPS_R_FIPS_SELFTEST_FAILED);
+ ctx->digest = &bad_md;
+ return 0;
+ }
+#endif
+#ifndef OPENSSL_NO_ENGINE
+ /* Whether it's nice or not, "Inits" can be used on "Final"'d contexts
+ * so this context may already have an ENGINE! Try to avoid releasing
+ * the previous handle, re-querying for an ENGINE, and having a
+ * reinitialisation, when it may all be unecessary. */
+ if (ctx->engine && ctx->digest && (!type ||
+ (type && (type->type == ctx->digest->type))))
+ goto skip_to_init;
+ if (!do_evp_md_engine(ctx, &type, impl))
+ return 0;
#endif
if (ctx->digest != type)
{
+#ifdef OPENSSL_FIPS
+ if (FIPS_mode())
+ {
+ if (!(type->flags & EVP_MD_FLAG_FIPS)
+ && !(ctx->flags & EVP_MD_CTX_FLAG_NON_FIPS_ALLOW))
+ {
+ EVPerr(EVP_F_EVP_DIGESTINIT_EX, EVP_R_DISABLED_FOR_FIPS);
+ ctx->digest = &bad_md;
+ return 0;
+ }
+ }
+#endif
if (ctx->digest && ctx->digest->ctx_size)
OPENSSL_free(ctx->md_data);
ctx->digest=type;
@@ -202,7 +302,7 @@ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl)
ctx->md_data=OPENSSL_malloc(type->ctx_size);
}
#ifndef OPENSSL_NO_ENGINE
-skip_to_init:
+ skip_to_init:
#endif
return ctx->digest->init(ctx);
}
@@ -210,6 +310,9 @@ skip_to_init:
int EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *data,
size_t count)
{
+#ifdef OPENSSL_FIPS
+ FIPS_selftest_check();
+#endif
return ctx->digest->update(ctx,data,count);
}
@@ -226,6 +329,9 @@ int EVP_DigestFinal(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *size)
int EVP_DigestFinal_ex(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *size)
{
int ret;
+#ifdef OPENSSL_FIPS
+ FIPS_selftest_check();
+#endif
OPENSSL_assert(ctx->digest->md_size <= EVP_MAX_MD_SIZE);
ret=ctx->digest->final(ctx,md);
@@ -234,7 +340,7 @@ int EVP_DigestFinal_ex(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *size)
if (ctx->digest->cleanup)
{
ctx->digest->cleanup(ctx);
- EVP_MD_CTX_set_flags(ctx,EVP_MD_CTX_FLAG_CLEANED);
+ M_EVP_MD_CTX_set_flags(ctx,EVP_MD_CTX_FLAG_CLEANED);
}
memset(ctx->md_data,0,ctx->digest->ctx_size);
return ret;
@@ -256,7 +362,7 @@ int EVP_MD_CTX_copy_ex(EVP_MD_CTX *out, const EVP_MD_CTX *in)
}
#ifndef OPENSSL_NO_ENGINE
/* Make sure it's safe to copy a digest context using an ENGINE */
- if (in->engine && !ENGINE_init(in->engine))
+ if (in->engine && !do_engine_init(in->engine))
{
EVPerr(EVP_F_EVP_MD_CTX_COPY_EX,ERR_R_ENGINE_LIB);
return 0;
@@ -266,7 +372,7 @@ int EVP_MD_CTX_copy_ex(EVP_MD_CTX *out, const EVP_MD_CTX *in)
if (out->digest == in->digest)
{
tmp_buf = out->md_data;
- EVP_MD_CTX_set_flags(out,EVP_MD_CTX_FLAG_REUSE);
+ M_EVP_MD_CTX_set_flags(out,EVP_MD_CTX_FLAG_REUSE);
}
else tmp_buf = NULL;
EVP_MD_CTX_cleanup(out);
@@ -292,7 +398,7 @@ int EVP_Digest(const void *data, size_t count,
int ret;
EVP_MD_CTX_init(&ctx);
- EVP_MD_CTX_set_flags(&ctx,EVP_MD_CTX_FLAG_ONESHOT);
+ M_EVP_MD_CTX_set_flags(&ctx,EVP_MD_CTX_FLAG_ONESHOT);
ret=EVP_DigestInit_ex(&ctx, type, impl)
&& EVP_DigestUpdate(&ctx, data, count)
&& EVP_DigestFinal_ex(&ctx, md, size);
@@ -314,10 +420,10 @@ int EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx)
* because sometimes only copies of the context are ever finalised.
*/
if (ctx->digest && ctx->digest->cleanup
- && !EVP_MD_CTX_test_flags(ctx,EVP_MD_CTX_FLAG_CLEANED))
+ && !M_EVP_MD_CTX_test_flags(ctx,EVP_MD_CTX_FLAG_CLEANED))
ctx->digest->cleanup(ctx);
if (ctx->digest && ctx->digest->ctx_size && ctx->md_data
- && !EVP_MD_CTX_test_flags(ctx, EVP_MD_CTX_FLAG_REUSE))
+ && !M_EVP_MD_CTX_test_flags(ctx, EVP_MD_CTX_FLAG_REUSE))
{
OPENSSL_cleanse(ctx->md_data,ctx->digest->ctx_size);
OPENSSL_free(ctx->md_data);
@@ -326,7 +432,7 @@ int EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx)
if(ctx->engine)
/* The EVP_MD we used belongs to an ENGINE, release the
* functional reference we held for this reason. */
- ENGINE_finish(ctx->engine);
+ do_engine_finish(ctx->engine);
#endif
memset(ctx,'\0',sizeof *ctx);
diff --git a/lib/libcrypto/evp/e_aes.c b/lib/libcrypto/evp/e_aes.c
index bd6c0a3a62a..c9a5ee8d75a 100644
--- a/lib/libcrypto/evp/e_aes.c
+++ b/lib/libcrypto/evp/e_aes.c
@@ -69,32 +69,29 @@ typedef struct
IMPLEMENT_BLOCK_CIPHER(aes_128, ks, AES, EVP_AES_KEY,
NID_aes_128, 16, 16, 16, 128,
- 0, aes_init_key, NULL,
- EVP_CIPHER_set_asn1_iv,
- EVP_CIPHER_get_asn1_iv,
- NULL)
+ EVP_CIPH_FLAG_FIPS|EVP_CIPH_FLAG_DEFAULT_ASN1,
+ aes_init_key,
+ NULL, NULL, NULL, NULL)
IMPLEMENT_BLOCK_CIPHER(aes_192, ks, AES, EVP_AES_KEY,
NID_aes_192, 16, 24, 16, 128,
- 0, aes_init_key, NULL,
- EVP_CIPHER_set_asn1_iv,
- EVP_CIPHER_get_asn1_iv,
- NULL)
+ EVP_CIPH_FLAG_FIPS|EVP_CIPH_FLAG_DEFAULT_ASN1,
+ aes_init_key,
+ NULL, NULL, NULL, NULL)
IMPLEMENT_BLOCK_CIPHER(aes_256, ks, AES, EVP_AES_KEY,
NID_aes_256, 16, 32, 16, 128,
- 0, aes_init_key, NULL,
- EVP_CIPHER_set_asn1_iv,
- EVP_CIPHER_get_asn1_iv,
- NULL)
+ EVP_CIPH_FLAG_FIPS|EVP_CIPH_FLAG_DEFAULT_ASN1,
+ aes_init_key,
+ NULL, NULL, NULL, NULL)
-#define IMPLEMENT_AES_CFBR(ksize,cbits) IMPLEMENT_CFBR(aes,AES,EVP_AES_KEY,ks,ksize,cbits,16)
+#define IMPLEMENT_AES_CFBR(ksize,cbits,flags) IMPLEMENT_CFBR(aes,AES,EVP_AES_KEY,ks,ksize,cbits,16,flags)
-IMPLEMENT_AES_CFBR(128,1)
-IMPLEMENT_AES_CFBR(192,1)
-IMPLEMENT_AES_CFBR(256,1)
+IMPLEMENT_AES_CFBR(128,1,EVP_CIPH_FLAG_FIPS)
+IMPLEMENT_AES_CFBR(192,1,EVP_CIPH_FLAG_FIPS)
+IMPLEMENT_AES_CFBR(256,1,EVP_CIPH_FLAG_FIPS)
-IMPLEMENT_AES_CFBR(128,8)
-IMPLEMENT_AES_CFBR(192,8)
-IMPLEMENT_AES_CFBR(256,8)
+IMPLEMENT_AES_CFBR(128,8,EVP_CIPH_FLAG_FIPS)
+IMPLEMENT_AES_CFBR(192,8,EVP_CIPH_FLAG_FIPS)
+IMPLEMENT_AES_CFBR(256,8,EVP_CIPH_FLAG_FIPS)
static int aes_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
const unsigned char *iv, int enc)
diff --git a/lib/libcrypto/evp/e_des.c b/lib/libcrypto/evp/e_des.c
index 856323648cd..04376df2324 100644
--- a/lib/libcrypto/evp/e_des.c
+++ b/lib/libcrypto/evp/e_des.c
@@ -129,18 +129,21 @@ static int des_cfb8_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
}
BLOCK_CIPHER_defs(des, DES_key_schedule, NID_des, 8, 8, 8, 64,
- EVP_CIPH_RAND_KEY, des_init_key, NULL,
+ EVP_CIPH_RAND_KEY,
+ des_init_key, NULL,
EVP_CIPHER_set_asn1_iv,
EVP_CIPHER_get_asn1_iv,
des_ctrl)
BLOCK_CIPHER_def_cfb(des,DES_key_schedule,NID_des,8,8,1,
- EVP_CIPH_RAND_KEY, des_init_key,NULL,
+ EVP_CIPH_RAND_KEY,
+ des_init_key, NULL,
EVP_CIPHER_set_asn1_iv,
EVP_CIPHER_get_asn1_iv,des_ctrl)
BLOCK_CIPHER_def_cfb(des,DES_key_schedule,NID_des,8,8,8,
- EVP_CIPH_RAND_KEY,des_init_key,NULL,
+ EVP_CIPH_RAND_KEY,
+ des_init_key,NULL,
EVP_CIPHER_set_asn1_iv,
EVP_CIPHER_get_asn1_iv,des_ctrl)
diff --git a/lib/libcrypto/evp/e_des3.c b/lib/libcrypto/evp/e_des3.c
index ac148efab23..f910af19b11 100644
--- a/lib/libcrypto/evp/e_des3.c
+++ b/lib/libcrypto/evp/e_des3.c
@@ -111,8 +111,7 @@ static int des_ede_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
#ifdef KSSL_DEBUG
{
int i;
- char *cp;
- printf("des_ede_cbc_cipher(ctx=%lx, buflen=%d)\n", ctx, ctx->buf_len);
+ printf("des_ede_cbc_cipher(ctx=%lx, buflen=%d)\n", (unsigned long)ctx, ctx->buf_len);
printf("\t iv= ");
for(i=0;i<8;i++)
printf("%02X",ctx->iv[i]);
@@ -164,9 +163,9 @@ static int des_ede3_cfb8_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
}
BLOCK_CIPHER_defs(des_ede, DES_EDE_KEY, NID_des_ede, 8, 16, 8, 64,
- EVP_CIPH_RAND_KEY, des_ede_init_key, NULL,
- EVP_CIPHER_set_asn1_iv,
- EVP_CIPHER_get_asn1_iv,
+ EVP_CIPH_RAND_KEY|EVP_CIPH_FLAG_FIPS|EVP_CIPH_FLAG_DEFAULT_ASN1,
+ des_ede_init_key,
+ NULL, NULL, NULL,
des3_ctrl)
#define des_ede3_cfb64_cipher des_ede_cfb64_cipher
@@ -175,21 +174,21 @@ BLOCK_CIPHER_defs(des_ede, DES_EDE_KEY, NID_des_ede, 8, 16, 8, 64,
#define des_ede3_ecb_cipher des_ede_ecb_cipher
BLOCK_CIPHER_defs(des_ede3, DES_EDE_KEY, NID_des_ede3, 8, 24, 8, 64,
- EVP_CIPH_RAND_KEY, des_ede3_init_key, NULL,
- EVP_CIPHER_set_asn1_iv,
- EVP_CIPHER_get_asn1_iv,
+ EVP_CIPH_RAND_KEY|EVP_CIPH_FLAG_FIPS|EVP_CIPH_FLAG_DEFAULT_ASN1,
+ des_ede3_init_key,
+ NULL, NULL, NULL,
des3_ctrl)
BLOCK_CIPHER_def_cfb(des_ede3,DES_EDE_KEY,NID_des_ede3,24,8,1,
- EVP_CIPH_RAND_KEY, des_ede3_init_key,NULL,
- EVP_CIPHER_set_asn1_iv,
- EVP_CIPHER_get_asn1_iv,
+ EVP_CIPH_RAND_KEY|EVP_CIPH_FLAG_FIPS|EVP_CIPH_FLAG_DEFAULT_ASN1,
+ des_ede3_init_key,
+ NULL, NULL, NULL,
des3_ctrl)
BLOCK_CIPHER_def_cfb(des_ede3,DES_EDE_KEY,NID_des_ede3,24,8,8,
- EVP_CIPH_RAND_KEY, des_ede3_init_key,NULL,
- EVP_CIPHER_set_asn1_iv,
- EVP_CIPHER_get_asn1_iv,
+ EVP_CIPH_RAND_KEY|EVP_CIPH_FLAG_FIPS|EVP_CIPH_FLAG_DEFAULT_ASN1,
+ des_ede3_init_key,
+ NULL, NULL, NULL,
des3_ctrl)
static int des_ede_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
@@ -216,7 +215,7 @@ static int des_ede3_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
#ifdef KSSL_DEBUG
{
int i;
- printf("des_ede3_init_key(ctx=%lx)\n", ctx);
+ printf("des_ede3_init_key(ctx=%lx)\n", (unsigned long)ctx);
printf("\tKEY= ");
for(i=0;i<24;i++) printf("%02X",key[i]); printf("\n");
printf("\t IV= ");
diff --git a/lib/libcrypto/evp/e_null.c b/lib/libcrypto/evp/e_null.c
index 5205259f18c..0872d733e47 100644
--- a/lib/libcrypto/evp/e_null.c
+++ b/lib/libcrypto/evp/e_null.c
@@ -69,7 +69,7 @@ static const EVP_CIPHER n_cipher=
{
NID_undef,
1,0,0,
- 0,
+ EVP_CIPH_FLAG_FIPS,
null_init_key,
null_cipher,
NULL,
diff --git a/lib/libcrypto/evp/e_rc4.c b/lib/libcrypto/evp/e_rc4.c
index 67af850bea1..55baad7446d 100644
--- a/lib/libcrypto/evp/e_rc4.c
+++ b/lib/libcrypto/evp/e_rc4.c
@@ -64,6 +64,7 @@
#include <openssl/evp.h>
#include <openssl/objects.h>
#include <openssl/rc4.h>
+#include "evp_locl.h"
/* FIXME: surely this is available elsewhere? */
#define EVP_RC4_KEY_SIZE 16
diff --git a/lib/libcrypto/evp/evp.h b/lib/libcrypto/evp/evp.h
index 1aa2d6fb35b..51011f2b148 100644
--- a/lib/libcrypto/evp/evp.h
+++ b/lib/libcrypto/evp/evp.h
@@ -75,6 +75,10 @@
#include <openssl/bio.h>
#endif
+#ifdef OPENSSL_FIPS
+#include <openssl/fips.h>
+#endif
+
/*
#define EVP_RC2_KEY_SIZE 16
#define EVP_RC4_KEY_SIZE 16
@@ -250,9 +254,19 @@ typedef int evp_verify_method(int type,const unsigned char *m,
unsigned int m_length,const unsigned char *sigbuf,
unsigned int siglen, void *key);
+typedef struct
+ {
+ EVP_MD_CTX *mctx;
+ void *key;
+ } EVP_MD_SVCTX;
+
#define EVP_MD_FLAG_ONESHOT 0x0001 /* digest can only handle a single
* block */
+#define EVP_MD_FLAG_FIPS 0x0400 /* Note if suitable for use in FIPS mode */
+
+#define EVP_MD_FLAG_SVCTX 0x0800 /* pass EVP_MD_SVCTX to sign/verify */
+
#define EVP_PKEY_NULL_method NULL,NULL,{0,0,0,0}
#ifndef OPENSSL_NO_DSA
@@ -306,6 +320,15 @@ struct env_md_ctx_st
#define EVP_MD_CTX_FLAG_NON_FIPS_ALLOW 0x0008 /* Allow use of non FIPS digest
* in FIPS mode */
+#define EVP_MD_CTX_FLAG_PAD_MASK 0xF0 /* RSA mode to use */
+#define EVP_MD_CTX_FLAG_PAD_PKCS1 0x00 /* PKCS#1 v1.5 mode */
+#define EVP_MD_CTX_FLAG_PAD_X931 0x10 /* X9.31 mode */
+#define EVP_MD_CTX_FLAG_PAD_PSS 0x20 /* PSS mode */
+#define M_EVP_MD_CTX_FLAG_PSS_SALT(ctx) \
+ ((ctx->flags>>16) &0xFFFF) /* seed length */
+#define EVP_MD_CTX_FLAG_PSS_MDLEN 0xFFFF /* salt len same as digest */
+#define EVP_MD_CTX_FLAG_PSS_MREC 0xFFFE /* salt max or auto recovered */
+
struct evp_cipher_st
{
int nid;
@@ -349,6 +372,14 @@ struct evp_cipher_st
#define EVP_CIPH_NO_PADDING 0x100
/* cipher handles random key generation */
#define EVP_CIPH_RAND_KEY 0x200
+/* Note if suitable for use in FIPS mode */
+#define EVP_CIPH_FLAG_FIPS 0x400
+/* Allow non FIPS cipher in FIPS mode */
+#define EVP_CIPH_FLAG_NON_FIPS_ALLOW 0x800
+/* Allow use default ASN1 get/set iv */
+#define EVP_CIPH_FLAG_DEFAULT_ASN1 0x1000
+/* Buffer length in bits not bytes: CFB1 mode only */
+#define EVP_CIPH_FLAG_LENGTH_BITS 0x2000
/* ctrl() values */
@@ -432,6 +463,18 @@ typedef int (EVP_PBE_KEYGEN)(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
#define EVP_get_cipherbynid(a) EVP_get_cipherbyname(OBJ_nid2sn(a))
#define EVP_get_cipherbyobj(a) EVP_get_cipherbynid(OBJ_obj2nid(a))
+/* Macros to reduce FIPS dependencies: do NOT use in applications */
+#define M_EVP_MD_size(e) ((e)->md_size)
+#define M_EVP_MD_block_size(e) ((e)->block_size)
+#define M_EVP_MD_CTX_set_flags(ctx,flgs) ((ctx)->flags|=(flgs))
+#define M_EVP_MD_CTX_clear_flags(ctx,flgs) ((ctx)->flags&=~(flgs))
+#define M_EVP_MD_CTX_test_flags(ctx,flgs) ((ctx)->flags&(flgs))
+#define M_EVP_MD_type(e) ((e)->type)
+#define M_EVP_MD_CTX_type(e) M_EVP_MD_type(M_EVP_MD_CTX_md(e))
+#define M_EVP_MD_CTX_md(e) ((e)->digest)
+
+#define M_EVP_CIPHER_CTX_set_flags(ctx,flgs) ((ctx)->flags|=(flgs))
+
int EVP_MD_type(const EVP_MD *md);
#define EVP_MD_nid(e) EVP_MD_type(e)
#define EVP_MD_name(e) OBJ_nid2sn(EVP_MD_nid(e))
@@ -527,6 +570,10 @@ int EVP_BytesToKey(const EVP_CIPHER *type,const EVP_MD *md,
const unsigned char *salt, const unsigned char *data,
int datal, int count, unsigned char *key,unsigned char *iv);
+void EVP_CIPHER_CTX_set_flags(EVP_CIPHER_CTX *ctx, int flags);
+void EVP_CIPHER_CTX_clear_flags(EVP_CIPHER_CTX *ctx, int flags);
+int EVP_CIPHER_CTX_test_flags(const EVP_CIPHER_CTX *ctx,int flags);
+
int EVP_EncryptInit(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *cipher,
const unsigned char *key, const unsigned char *iv);
int EVP_EncryptInit_ex(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *cipher, ENGINE *impl,
@@ -885,6 +932,24 @@ int EVP_PBE_alg_add(int nid, const EVP_CIPHER *cipher, const EVP_MD *md,
EVP_PBE_KEYGEN *keygen);
void EVP_PBE_cleanup(void);
+#ifdef OPENSSL_FIPS
+#ifndef OPENSSL_NO_ENGINE
+void int_EVP_MD_set_engine_callbacks(
+ int (*eng_md_init)(ENGINE *impl),
+ int (*eng_md_fin)(ENGINE *impl),
+ int (*eng_md_evp)
+ (EVP_MD_CTX *ctx, const EVP_MD **ptype, ENGINE *impl));
+void int_EVP_MD_init_engine_callbacks(void);
+void int_EVP_CIPHER_set_engine_callbacks(
+ int (*eng_ciph_fin)(ENGINE *impl),
+ int (*eng_ciph_evp)
+ (EVP_CIPHER_CTX *ctx, const EVP_CIPHER **pciph, ENGINE *impl));
+void int_EVP_CIPHER_init_engine_callbacks(void);
+#endif
+#endif
+
+void EVP_add_alg_module(void);
+
/* BEGIN ERROR CODES */
/* The following lines are auto generated by the script mkerr.pl. Any changes
* made after this point may be overwritten when the script is next run.
@@ -895,16 +960,23 @@ void ERR_load_EVP_strings(void);
/* Function codes. */
#define EVP_F_AES_INIT_KEY 133
+#define EVP_F_ALG_MODULE_INIT 138
#define EVP_F_CAMELLIA_INIT_KEY 159
#define EVP_F_D2I_PKEY 100
+#define EVP_F_DO_EVP_ENC_ENGINE 140
+#define EVP_F_DO_EVP_ENC_ENGINE_FULL 141
+#define EVP_F_DO_EVP_MD_ENGINE 139
+#define EVP_F_DO_EVP_MD_ENGINE_FULL 142
#define EVP_F_DSAPKEY2PKCS8 134
#define EVP_F_DSA_PKEY2PKCS8 135
#define EVP_F_ECDSA_PKEY2PKCS8 129
#define EVP_F_ECKEY_PKEY2PKCS8 132
+#define EVP_F_EVP_CIPHERINIT 137
#define EVP_F_EVP_CIPHERINIT_EX 123
#define EVP_F_EVP_CIPHER_CTX_CTRL 124
#define EVP_F_EVP_CIPHER_CTX_SET_KEY_LENGTH 122
#define EVP_F_EVP_DECRYPTFINAL_EX 101
+#define EVP_F_EVP_DIGESTINIT 136
#define EVP_F_EVP_DIGESTINIT_EX 128
#define EVP_F_EVP_ENCRYPTFINAL_EX 127
#define EVP_F_EVP_MD_CTX_COPY_EX 110
@@ -946,15 +1018,20 @@ void ERR_load_EVP_strings(void);
#define EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH 138
#define EVP_R_DECODE_ERROR 114
#define EVP_R_DIFFERENT_KEY_TYPES 101
+#define EVP_R_DISABLED_FOR_FIPS 144
#define EVP_R_ENCODE_ERROR 115
+#define EVP_R_ERROR_LOADING_SECTION 145
+#define EVP_R_ERROR_SETTING_FIPS_MODE 146
#define EVP_R_EVP_PBE_CIPHERINIT_ERROR 119
#define EVP_R_EXPECTING_AN_RSA_KEY 127
#define EVP_R_EXPECTING_A_DH_KEY 128
#define EVP_R_EXPECTING_A_DSA_KEY 129
#define EVP_R_EXPECTING_A_ECDSA_KEY 141
#define EVP_R_EXPECTING_A_EC_KEY 142
+#define EVP_R_FIPS_MODE_NOT_SUPPORTED 147
#define EVP_R_INITIALIZATION_ERROR 134
#define EVP_R_INPUT_NOT_INITIALIZED 111
+#define EVP_R_INVALID_FIPS_MODE 148
#define EVP_R_INVALID_KEY_LENGTH 130
#define EVP_R_IV_TOO_LARGE 102
#define EVP_R_KEYGEN_FAILURE 120
@@ -966,6 +1043,7 @@ void ERR_load_EVP_strings(void);
#define EVP_R_NO_VERIFY_FUNCTION_CONFIGURED 105
#define EVP_R_PKCS8_UNKNOWN_BROKEN_TYPE 117
#define EVP_R_PUBLIC_KEY_NOT_RSA 106
+#define EVP_R_UNKNOWN_OPTION 149
#define EVP_R_UNKNOWN_PBE_ALGORITHM 121
#define EVP_R_UNSUPORTED_NUMBER_OF_ROUNDS 135
#define EVP_R_UNSUPPORTED_CIPHER 107
diff --git a/lib/libcrypto/evp/evp_acnf.c b/lib/libcrypto/evp/evp_acnf.c
index ff3e311cc52..643a1864e83 100644
--- a/lib/libcrypto/evp/evp_acnf.c
+++ b/lib/libcrypto/evp/evp_acnf.c
@@ -1,5 +1,5 @@
/* evp_acnf.c */
-/* Written by Stephen Henson (shenson@bigfoot.com) for the OpenSSL
+/* Written by Stephen Henson (steve@openssl.org) for the OpenSSL
* project 2001.
*/
/* ====================================================================
diff --git a/lib/libcrypto/evp/evp_enc.c b/lib/libcrypto/evp/evp_enc.c
index 6e582c458de..30e0ca4d9fa 100644
--- a/lib/libcrypto/evp/evp_enc.c
+++ b/lib/libcrypto/evp/evp_enc.c
@@ -66,13 +66,15 @@
#endif
#include "evp_locl.h"
-const char EVP_version[]="EVP" OPENSSL_VERSION_PTEXT;
+#ifdef OPENSSL_FIPS
+ #define M_do_cipher(ctx, out, in, inl) \
+ EVP_Cipher(ctx,out,in,inl)
+#else
+ #define M_do_cipher(ctx, out, in, inl) \
+ ctx->cipher->do_cipher(ctx,out,in,inl)
+#endif
-void EVP_CIPHER_CTX_init(EVP_CIPHER_CTX *ctx)
- {
- memset(ctx,0,sizeof(EVP_CIPHER_CTX));
- /* ctx->cipher=NULL; */
- }
+const char EVP_version[]="EVP" OPENSSL_VERSION_PTEXT;
EVP_CIPHER_CTX *EVP_CIPHER_CTX_new(void)
{
@@ -90,144 +92,6 @@ int EVP_CipherInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
return EVP_CipherInit_ex(ctx,cipher,NULL,key,iv,enc);
}
-int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *impl,
- const unsigned char *key, const unsigned char *iv, int enc)
- {
- if (enc == -1)
- enc = ctx->encrypt;
- else
- {
- if (enc)
- enc = 1;
- ctx->encrypt = enc;
- }
-#ifndef OPENSSL_NO_ENGINE
- /* Whether it's nice or not, "Inits" can be used on "Final"'d contexts
- * so this context may already have an ENGINE! Try to avoid releasing
- * the previous handle, re-querying for an ENGINE, and having a
- * reinitialisation, when it may all be unecessary. */
- if (ctx->engine && ctx->cipher && (!cipher ||
- (cipher && (cipher->nid == ctx->cipher->nid))))
- goto skip_to_init;
-#endif
- if (cipher)
- {
- /* Ensure a context left lying around from last time is cleared
- * (the previous check attempted to avoid this if the same
- * ENGINE and EVP_CIPHER could be used). */
- EVP_CIPHER_CTX_cleanup(ctx);
-
- /* Restore encrypt field: it is zeroed by cleanup */
- ctx->encrypt = enc;
-#ifndef OPENSSL_NO_ENGINE
- if(impl)
- {
- if (!ENGINE_init(impl))
- {
- EVPerr(EVP_F_EVP_CIPHERINIT_EX, EVP_R_INITIALIZATION_ERROR);
- return 0;
- }
- }
- else
- /* Ask if an ENGINE is reserved for this job */
- impl = ENGINE_get_cipher_engine(cipher->nid);
- if(impl)
- {
- /* There's an ENGINE for this job ... (apparently) */
- const EVP_CIPHER *c = ENGINE_get_cipher(impl, cipher->nid);
- if(!c)
- {
- /* One positive side-effect of US's export
- * control history, is that we should at least
- * be able to avoid using US mispellings of
- * "initialisation"? */
- EVPerr(EVP_F_EVP_CIPHERINIT_EX, EVP_R_INITIALIZATION_ERROR);
- return 0;
- }
- /* We'll use the ENGINE's private cipher definition */
- cipher = c;
- /* Store the ENGINE functional reference so we know
- * 'cipher' came from an ENGINE and we need to release
- * it when done. */
- ctx->engine = impl;
- }
- else
- ctx->engine = NULL;
-#endif
-
- ctx->cipher=cipher;
- if (ctx->cipher->ctx_size)
- {
- ctx->cipher_data=OPENSSL_malloc(ctx->cipher->ctx_size);
- if (!ctx->cipher_data)
- {
- EVPerr(EVP_F_EVP_CIPHERINIT_EX, ERR_R_MALLOC_FAILURE);
- return 0;
- }
- }
- else
- {
- ctx->cipher_data = NULL;
- }
- ctx->key_len = cipher->key_len;
- ctx->flags = 0;
- if(ctx->cipher->flags & EVP_CIPH_CTRL_INIT)
- {
- if(!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_INIT, 0, NULL))
- {
- EVPerr(EVP_F_EVP_CIPHERINIT_EX, EVP_R_INITIALIZATION_ERROR);
- return 0;
- }
- }
- }
- else if(!ctx->cipher)
- {
- EVPerr(EVP_F_EVP_CIPHERINIT_EX, EVP_R_NO_CIPHER_SET);
- return 0;
- }
-#ifndef OPENSSL_NO_ENGINE
-skip_to_init:
-#endif
- /* we assume block size is a power of 2 in *cryptUpdate */
- OPENSSL_assert(ctx->cipher->block_size == 1
- || ctx->cipher->block_size == 8
- || ctx->cipher->block_size == 16);
-
- if(!(EVP_CIPHER_CTX_flags(ctx) & EVP_CIPH_CUSTOM_IV)) {
- switch(EVP_CIPHER_CTX_mode(ctx)) {
-
- case EVP_CIPH_STREAM_CIPHER:
- case EVP_CIPH_ECB_MODE:
- break;
-
- case EVP_CIPH_CFB_MODE:
- case EVP_CIPH_OFB_MODE:
-
- ctx->num = 0;
-
- case EVP_CIPH_CBC_MODE:
-
- OPENSSL_assert(EVP_CIPHER_CTX_iv_length(ctx) <=
- (int)sizeof(ctx->iv));
- if(iv) memcpy(ctx->oiv, iv, EVP_CIPHER_CTX_iv_length(ctx));
- memcpy(ctx->iv, ctx->oiv, EVP_CIPHER_CTX_iv_length(ctx));
- break;
-
- default:
- return 0;
- break;
- }
- }
-
- if(key || (ctx->cipher->flags & EVP_CIPH_ALWAYS_CALL_INIT)) {
- if(!ctx->cipher->init(ctx,key,iv,enc)) return 0;
- }
- ctx->buf_len=0;
- ctx->final_used=0;
- ctx->block_mask=ctx->cipher->block_size-1;
- return 1;
- }
-
int EVP_CipherUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
const unsigned char *in, int inl)
{
@@ -287,7 +151,7 @@ int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
if(ctx->buf_len == 0 && (inl&(ctx->block_mask)) == 0)
{
- if(ctx->cipher->do_cipher(ctx,out,in,inl))
+ if(M_do_cipher(ctx,out,in,inl))
{
*outl=inl;
return 1;
@@ -314,7 +178,7 @@ int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
{
j=bl-i;
memcpy(&(ctx->buf[i]),in,j);
- if(!ctx->cipher->do_cipher(ctx,out,ctx->buf,bl)) return 0;
+ if(!M_do_cipher(ctx,out,ctx->buf,bl)) return 0;
inl-=j;
in+=j;
out+=bl;
@@ -327,7 +191,7 @@ int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
inl-=i;
if (inl > 0)
{
- if(!ctx->cipher->do_cipher(ctx,out,in,inl)) return 0;
+ if(!M_do_cipher(ctx,out,in,inl)) return 0;
*outl+=inl;
}
@@ -371,7 +235,7 @@ int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
n=b-bl;
for (i=bl; i<b; i++)
ctx->buf[i]=n;
- ret=ctx->cipher->do_cipher(ctx,out,ctx->buf,b);
+ ret=M_do_cipher(ctx,out,ctx->buf,b);
if(ret)
@@ -493,28 +357,6 @@ void EVP_CIPHER_CTX_free(EVP_CIPHER_CTX *ctx)
}
}
-int EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *c)
- {
- if (c->cipher != NULL)
- {
- if(c->cipher->cleanup && !c->cipher->cleanup(c))
- return 0;
- /* Cleanse cipher context data */
- if (c->cipher_data)
- OPENSSL_cleanse(c->cipher_data, c->cipher->ctx_size);
- }
- if (c->cipher_data)
- OPENSSL_free(c->cipher_data);
-#ifndef OPENSSL_NO_ENGINE
- if (c->engine)
- /* The EVP_CIPHER we used belongs to an ENGINE, release the
- * functional reference we held for this reason. */
- ENGINE_finish(c->engine);
-#endif
- memset(c,0,sizeof(EVP_CIPHER_CTX));
- return 1;
- }
-
int EVP_CIPHER_CTX_set_key_length(EVP_CIPHER_CTX *c, int keylen)
{
if(c->cipher->flags & EVP_CIPH_CUSTOM_KEY_LENGTH)
@@ -536,27 +378,6 @@ int EVP_CIPHER_CTX_set_padding(EVP_CIPHER_CTX *ctx, int pad)
return 1;
}
-int EVP_CIPHER_CTX_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr)
-{
- int ret;
- if(!ctx->cipher) {
- EVPerr(EVP_F_EVP_CIPHER_CTX_CTRL, EVP_R_NO_CIPHER_SET);
- return 0;
- }
-
- if(!ctx->cipher->ctrl) {
- EVPerr(EVP_F_EVP_CIPHER_CTX_CTRL, EVP_R_CTRL_NOT_IMPLEMENTED);
- return 0;
- }
-
- ret = ctx->cipher->ctrl(ctx, type, arg, ptr);
- if(ret == -1) {
- EVPerr(EVP_F_EVP_CIPHER_CTX_CTRL, EVP_R_CTRL_OPERATION_NOT_IMPLEMENTED);
- return 0;
- }
- return ret;
-}
-
int EVP_CIPHER_CTX_rand_key(EVP_CIPHER_CTX *ctx, unsigned char *key)
{
if (ctx->cipher->flags & EVP_CIPH_RAND_KEY)
@@ -566,3 +387,54 @@ int EVP_CIPHER_CTX_rand_key(EVP_CIPHER_CTX *ctx, unsigned char *key)
return 1;
}
+#ifndef OPENSSL_NO_ENGINE
+
+#ifdef OPENSSL_FIPS
+
+static int do_evp_enc_engine_full(EVP_CIPHER_CTX *ctx, const EVP_CIPHER **pcipher, ENGINE *impl)
+ {
+ if(impl)
+ {
+ if (!ENGINE_init(impl))
+ {
+ EVPerr(EVP_F_DO_EVP_ENC_ENGINE_FULL, EVP_R_INITIALIZATION_ERROR);
+ return 0;
+ }
+ }
+ else
+ /* Ask if an ENGINE is reserved for this job */
+ impl = ENGINE_get_cipher_engine((*pcipher)->nid);
+ if(impl)
+ {
+ /* There's an ENGINE for this job ... (apparently) */
+ const EVP_CIPHER *c = ENGINE_get_cipher(impl, (*pcipher)->nid);
+ if(!c)
+ {
+ /* One positive side-effect of US's export
+ * control history, is that we should at least
+ * be able to avoid using US mispellings of
+ * "initialisation"? */
+ EVPerr(EVP_F_DO_EVP_ENC_ENGINE_FULL, EVP_R_INITIALIZATION_ERROR);
+ return 0;
+ }
+ /* We'll use the ENGINE's private cipher definition */
+ *pcipher = c;
+ /* Store the ENGINE functional reference so we know
+ * 'cipher' came from an ENGINE and we need to release
+ * it when done. */
+ ctx->engine = impl;
+ }
+ else
+ ctx->engine = NULL;
+ return 1;
+ }
+
+void int_EVP_CIPHER_init_engine_callbacks(void)
+ {
+ int_EVP_CIPHER_set_engine_callbacks(
+ ENGINE_finish, do_evp_enc_engine_full);
+ }
+
+#endif
+
+#endif
diff --git a/lib/libcrypto/evp/evp_err.c b/lib/libcrypto/evp/evp_err.c
index e8c9e8de9ca..b5b900d4fe4 100644
--- a/lib/libcrypto/evp/evp_err.c
+++ b/lib/libcrypto/evp/evp_err.c
@@ -1,6 +1,6 @@
/* crypto/evp/evp_err.c */
/* ====================================================================
- * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved.
+ * Copyright (c) 1999-2007 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -71,16 +71,23 @@
static ERR_STRING_DATA EVP_str_functs[]=
{
{ERR_FUNC(EVP_F_AES_INIT_KEY), "AES_INIT_KEY"},
+{ERR_FUNC(EVP_F_ALG_MODULE_INIT), "ALG_MODULE_INIT"},
{ERR_FUNC(EVP_F_CAMELLIA_INIT_KEY), "CAMELLIA_INIT_KEY"},
{ERR_FUNC(EVP_F_D2I_PKEY), "D2I_PKEY"},
+{ERR_FUNC(EVP_F_DO_EVP_ENC_ENGINE), "DO_EVP_ENC_ENGINE"},
+{ERR_FUNC(EVP_F_DO_EVP_ENC_ENGINE_FULL), "DO_EVP_ENC_ENGINE_FULL"},
+{ERR_FUNC(EVP_F_DO_EVP_MD_ENGINE), "DO_EVP_MD_ENGINE"},
+{ERR_FUNC(EVP_F_DO_EVP_MD_ENGINE_FULL), "DO_EVP_MD_ENGINE_FULL"},
{ERR_FUNC(EVP_F_DSAPKEY2PKCS8), "DSAPKEY2PKCS8"},
{ERR_FUNC(EVP_F_DSA_PKEY2PKCS8), "DSA_PKEY2PKCS8"},
{ERR_FUNC(EVP_F_ECDSA_PKEY2PKCS8), "ECDSA_PKEY2PKCS8"},
{ERR_FUNC(EVP_F_ECKEY_PKEY2PKCS8), "ECKEY_PKEY2PKCS8"},
+{ERR_FUNC(EVP_F_EVP_CIPHERINIT), "EVP_CipherInit"},
{ERR_FUNC(EVP_F_EVP_CIPHERINIT_EX), "EVP_CipherInit_ex"},
{ERR_FUNC(EVP_F_EVP_CIPHER_CTX_CTRL), "EVP_CIPHER_CTX_ctrl"},
{ERR_FUNC(EVP_F_EVP_CIPHER_CTX_SET_KEY_LENGTH), "EVP_CIPHER_CTX_set_key_length"},
{ERR_FUNC(EVP_F_EVP_DECRYPTFINAL_EX), "EVP_DecryptFinal_ex"},
+{ERR_FUNC(EVP_F_EVP_DIGESTINIT), "EVP_DigestInit"},
{ERR_FUNC(EVP_F_EVP_DIGESTINIT_EX), "EVP_DigestInit_ex"},
{ERR_FUNC(EVP_F_EVP_ENCRYPTFINAL_EX), "EVP_EncryptFinal_ex"},
{ERR_FUNC(EVP_F_EVP_MD_CTX_COPY_EX), "EVP_MD_CTX_copy_ex"},
@@ -125,15 +132,20 @@ static ERR_STRING_DATA EVP_str_reasons[]=
{ERR_REASON(EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH),"data not multiple of block length"},
{ERR_REASON(EVP_R_DECODE_ERROR) ,"decode error"},
{ERR_REASON(EVP_R_DIFFERENT_KEY_TYPES) ,"different key types"},
+{ERR_REASON(EVP_R_DISABLED_FOR_FIPS) ,"disabled for fips"},
{ERR_REASON(EVP_R_ENCODE_ERROR) ,"encode error"},
+{ERR_REASON(EVP_R_ERROR_LOADING_SECTION) ,"error loading section"},
+{ERR_REASON(EVP_R_ERROR_SETTING_FIPS_MODE),"error setting fips mode"},
{ERR_REASON(EVP_R_EVP_PBE_CIPHERINIT_ERROR),"evp pbe cipherinit error"},
{ERR_REASON(EVP_R_EXPECTING_AN_RSA_KEY) ,"expecting an rsa key"},
{ERR_REASON(EVP_R_EXPECTING_A_DH_KEY) ,"expecting a dh key"},
{ERR_REASON(EVP_R_EXPECTING_A_DSA_KEY) ,"expecting a dsa key"},
{ERR_REASON(EVP_R_EXPECTING_A_ECDSA_KEY) ,"expecting a ecdsa key"},
{ERR_REASON(EVP_R_EXPECTING_A_EC_KEY) ,"expecting a ec key"},
+{ERR_REASON(EVP_R_FIPS_MODE_NOT_SUPPORTED),"fips mode not supported"},
{ERR_REASON(EVP_R_INITIALIZATION_ERROR) ,"initialization error"},
{ERR_REASON(EVP_R_INPUT_NOT_INITIALIZED) ,"input not initialized"},
+{ERR_REASON(EVP_R_INVALID_FIPS_MODE) ,"invalid fips mode"},
{ERR_REASON(EVP_R_INVALID_KEY_LENGTH) ,"invalid key length"},
{ERR_REASON(EVP_R_IV_TOO_LARGE) ,"iv too large"},
{ERR_REASON(EVP_R_KEYGEN_FAILURE) ,"keygen failure"},
@@ -145,6 +157,8 @@ static ERR_STRING_DATA EVP_str_reasons[]=
{ERR_REASON(EVP_R_NO_VERIFY_FUNCTION_CONFIGURED),"no verify function configured"},
{ERR_REASON(EVP_R_PKCS8_UNKNOWN_BROKEN_TYPE),"pkcs8 unknown broken type"},
{ERR_REASON(EVP_R_PUBLIC_KEY_NOT_RSA) ,"public key not rsa"},
+{ERR_REASON(EVP_R_SEED_KEY_SETUP_FAILED) ,"seed key setup failed"},
+{ERR_REASON(EVP_R_UNKNOWN_OPTION) ,"unknown option"},
{ERR_REASON(EVP_R_UNKNOWN_PBE_ALGORITHM) ,"unknown pbe algorithm"},
{ERR_REASON(EVP_R_UNSUPORTED_NUMBER_OF_ROUNDS),"unsuported number of rounds"},
{ERR_REASON(EVP_R_UNSUPPORTED_CIPHER) ,"unsupported cipher"},
diff --git a/lib/libcrypto/evp/evp_lib.c b/lib/libcrypto/evp/evp_lib.c
index edb28ef38ed..174cf6c5942 100644
--- a/lib/libcrypto/evp/evp_lib.c
+++ b/lib/libcrypto/evp/evp_lib.c
@@ -67,6 +67,8 @@ int EVP_CIPHER_param_to_asn1(EVP_CIPHER_CTX *c, ASN1_TYPE *type)
if (c->cipher->set_asn1_parameters != NULL)
ret=c->cipher->set_asn1_parameters(c,type);
+ else if (c->cipher->flags & EVP_CIPH_FLAG_DEFAULT_ASN1)
+ ret=EVP_CIPHER_set_asn1_iv(c, type);
else
ret=-1;
return(ret);
@@ -78,6 +80,8 @@ int EVP_CIPHER_asn1_to_param(EVP_CIPHER_CTX *c, ASN1_TYPE *type)
if (c->cipher->get_asn1_parameters != NULL)
ret=c->cipher->get_asn1_parameters(c,type);
+ else if (c->cipher->flags & EVP_CIPH_FLAG_DEFAULT_ASN1)
+ ret=EVP_CIPHER_get_asn1_iv(c, type);
else
ret=-1;
return(ret);
@@ -178,11 +182,6 @@ int EVP_CIPHER_CTX_block_size(const EVP_CIPHER_CTX *ctx)
return ctx->cipher->block_size;
}
-int EVP_Cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, unsigned int inl)
- {
- return ctx->cipher->do_cipher(ctx,out,in,inl);
- }
-
const EVP_CIPHER *EVP_CIPHER_CTX_cipher(const EVP_CIPHER_CTX *ctx)
{
return ctx->cipher;
@@ -193,11 +192,6 @@ unsigned long EVP_CIPHER_flags(const EVP_CIPHER *cipher)
return cipher->flags;
}
-unsigned long EVP_CIPHER_CTX_flags(const EVP_CIPHER_CTX *ctx)
- {
- return ctx->cipher->flags;
- }
-
void *EVP_CIPHER_CTX_get_app_data(const EVP_CIPHER_CTX *ctx)
{
return ctx->app_data;
@@ -213,11 +207,6 @@ int EVP_CIPHER_iv_length(const EVP_CIPHER *cipher)
return cipher->iv_len;
}
-int EVP_CIPHER_CTX_iv_length(const EVP_CIPHER_CTX *ctx)
- {
- return ctx->cipher->iv_len;
- }
-
int EVP_CIPHER_key_length(const EVP_CIPHER *cipher)
{
return cipher->key_len;
@@ -228,11 +217,6 @@ int EVP_CIPHER_CTX_key_length(const EVP_CIPHER_CTX *ctx)
return ctx->key_len;
}
-int EVP_CIPHER_nid(const EVP_CIPHER *cipher)
- {
- return cipher->nid;
- }
-
int EVP_CIPHER_CTX_nid(const EVP_CIPHER_CTX *ctx)
{
return ctx->cipher->nid;
@@ -277,3 +261,18 @@ int EVP_MD_CTX_test_flags(const EVP_MD_CTX *ctx, int flags)
{
return (ctx->flags & flags);
}
+
+void EVP_CIPHER_CTX_set_flags(EVP_CIPHER_CTX *ctx, int flags)
+ {
+ ctx->flags |= flags;
+ }
+
+void EVP_CIPHER_CTX_clear_flags(EVP_CIPHER_CTX *ctx, int flags)
+ {
+ ctx->flags &= ~flags;
+ }
+
+int EVP_CIPHER_CTX_test_flags(const EVP_CIPHER_CTX *ctx, int flags)
+ {
+ return (ctx->flags & flags);
+ }
diff --git a/lib/libcrypto/evp/evp_locl.h b/lib/libcrypto/evp/evp_locl.h
index 073b0adcffe..eabcc96f30d 100644
--- a/lib/libcrypto/evp/evp_locl.h
+++ b/lib/libcrypto/evp/evp_locl.h
@@ -1,5 +1,5 @@
/* evp_locl.h */
-/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project 2000.
*/
/* ====================================================================
@@ -92,7 +92,7 @@ static int cname##_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const uns
#define BLOCK_CIPHER_func_cfb(cname, cprefix, cbits, kstruct, ksched) \
static int cname##_cfb##cbits##_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, unsigned int inl) \
{\
- cprefix##_cfb##cbits##_encrypt(in, out, (long)(cbits==1?inl*8:inl), &((kstruct *)ctx->cipher_data)->ksched, ctx->iv, &ctx->num, ctx->encrypt);\
+ cprefix##_cfb##cbits##_encrypt(in, out, (long)((cbits==1) && !(ctx->flags & EVP_CIPH_FLAG_LENGTH_BITS) ?inl*8:inl), &((kstruct *)ctx->cipher_data)->ksched, ctx->iv, &ctx->num, ctx->encrypt);\
return 1;\
}
@@ -226,11 +226,27 @@ const EVP_CIPHER *EVP_##cname##_ecb(void) { return &cname##_ecb; }
#define EVP_C_DATA(kstruct, ctx) ((kstruct *)(ctx)->cipher_data)
-#define IMPLEMENT_CFBR(cipher,cprefix,kstruct,ksched,keysize,cbits,iv_len) \
+#define IMPLEMENT_CFBR(cipher,cprefix,kstruct,ksched,keysize,cbits,iv_len,fl) \
BLOCK_CIPHER_func_cfb(cipher##_##keysize,cprefix,cbits,kstruct,ksched) \
BLOCK_CIPHER_def_cfb(cipher##_##keysize,kstruct, \
NID_##cipher##_##keysize, keysize/8, iv_len, cbits, \
- 0, cipher##_init_key, NULL, \
- EVP_CIPHER_set_asn1_iv, \
- EVP_CIPHER_get_asn1_iv, \
- NULL)
+ (fl)|EVP_CIPH_FLAG_DEFAULT_ASN1, \
+ cipher##_init_key, NULL, NULL, NULL, NULL)
+
+#ifdef OPENSSL_FIPS
+#define RC2_set_key private_RC2_set_key
+#define RC4_set_key private_RC4_set_key
+#define CAST_set_key private_CAST_set_key
+#define RC5_32_set_key private_RC5_32_set_key
+#define BF_set_key private_BF_set_key
+#define Camellia_set_key private_Camellia_set_key
+#define idea_set_encrypt_key private_idea_set_encrypt_key
+
+#define MD5_Init private_MD5_Init
+#define MD4_Init private_MD4_Init
+#define MD2_Init private_MD2_Init
+#define MDC2_Init private_MDC2_Init
+#define SHA_Init private_SHA_Init
+
+#endif
+
diff --git a/lib/libcrypto/evp/evp_pbe.c b/lib/libcrypto/evp/evp_pbe.c
index c26d2de0f38..5e830be65ff 100644
--- a/lib/libcrypto/evp/evp_pbe.c
+++ b/lib/libcrypto/evp/evp_pbe.c
@@ -1,5 +1,5 @@
/* evp_pbe.c */
-/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project 1999.
*/
/* ====================================================================
diff --git a/lib/libcrypto/evp/evp_pkey.c b/lib/libcrypto/evp/evp_pkey.c
index 0147f3e02a6..10d9e9e772b 100644
--- a/lib/libcrypto/evp/evp_pkey.c
+++ b/lib/libcrypto/evp/evp_pkey.c
@@ -1,5 +1,5 @@
/* evp_pkey.c */
-/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project 1999.
*/
/* ====================================================================
diff --git a/lib/libcrypto/evp/m_dss.c b/lib/libcrypto/evp/m_dss.c
index a948c77fa49..6b0c0aa7a3f 100644
--- a/lib/libcrypto/evp/m_dss.c
+++ b/lib/libcrypto/evp/m_dss.c
@@ -81,7 +81,7 @@ static const EVP_MD dsa_md=
NID_dsaWithSHA,
NID_dsaWithSHA,
SHA_DIGEST_LENGTH,
- 0,
+ EVP_MD_FLAG_FIPS,
init,
update,
final,
diff --git a/lib/libcrypto/evp/m_dss1.c b/lib/libcrypto/evp/m_dss1.c
index c12e13972b5..da8babc147d 100644
--- a/lib/libcrypto/evp/m_dss1.c
+++ b/lib/libcrypto/evp/m_dss1.c
@@ -68,6 +68,8 @@
#include <openssl/dsa.h>
#endif
+#ifndef OPENSSL_FIPS
+
static int init(EVP_MD_CTX *ctx)
{ return SHA1_Init(ctx->md_data); }
@@ -98,3 +100,4 @@ const EVP_MD *EVP_dss1(void)
return(&dss1_md);
}
#endif
+#endif
diff --git a/lib/libcrypto/evp/m_md2.c b/lib/libcrypto/evp/m_md2.c
index 5ce849f161d..8eee6236ba2 100644
--- a/lib/libcrypto/evp/m_md2.c
+++ b/lib/libcrypto/evp/m_md2.c
@@ -58,6 +58,7 @@
#include <stdio.h>
#include "cryptlib.h"
+#include "evp_locl.h"
#ifndef OPENSSL_NO_MD2
diff --git a/lib/libcrypto/evp/m_md4.c b/lib/libcrypto/evp/m_md4.c
index 1e0b7c5b424..5cd2ab5adee 100644
--- a/lib/libcrypto/evp/m_md4.c
+++ b/lib/libcrypto/evp/m_md4.c
@@ -58,6 +58,7 @@
#include <stdio.h>
#include "cryptlib.h"
+#include "evp_locl.h"
#ifndef OPENSSL_NO_MD4
diff --git a/lib/libcrypto/evp/m_md5.c b/lib/libcrypto/evp/m_md5.c
index 63c142119eb..6455829671e 100644
--- a/lib/libcrypto/evp/m_md5.c
+++ b/lib/libcrypto/evp/m_md5.c
@@ -62,6 +62,7 @@
#ifndef OPENSSL_NO_MD5
#include <openssl/evp.h>
+#include "evp_locl.h"
#include <openssl/objects.h>
#include <openssl/x509.h>
#include <openssl/md5.h>
diff --git a/lib/libcrypto/evp/m_mdc2.c b/lib/libcrypto/evp/m_mdc2.c
index 36c4e9b1343..9f9bcf06ed2 100644
--- a/lib/libcrypto/evp/m_mdc2.c
+++ b/lib/libcrypto/evp/m_mdc2.c
@@ -58,6 +58,7 @@
#include <stdio.h>
#include "cryptlib.h"
+#include "evp_locl.h"
#ifndef OPENSSL_NO_MDC2
diff --git a/lib/libcrypto/evp/m_sha.c b/lib/libcrypto/evp/m_sha.c
index acccc8f92d8..3f30dfc579c 100644
--- a/lib/libcrypto/evp/m_sha.c
+++ b/lib/libcrypto/evp/m_sha.c
@@ -58,6 +58,7 @@
#include <stdio.h>
#include "cryptlib.h"
+#include "evp_locl.h"
#if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA0)
diff --git a/lib/libcrypto/evp/m_sha1.c b/lib/libcrypto/evp/m_sha1.c
index 4679b1c4638..471ec30be01 100644
--- a/lib/libcrypto/evp/m_sha1.c
+++ b/lib/libcrypto/evp/m_sha1.c
@@ -68,6 +68,8 @@
#include <openssl/rsa.h>
#endif
+#ifndef OPENSSL_FIPS
+
static int init(EVP_MD_CTX *ctx)
{ return SHA1_Init(ctx->md_data); }
@@ -97,7 +99,6 @@ const EVP_MD *EVP_sha1(void)
{
return(&sha1_md);
}
-#endif
#ifndef OPENSSL_NO_SHA256
static int init224(EVP_MD_CTX *ctx)
@@ -202,3 +203,7 @@ static const EVP_MD sha512_md=
const EVP_MD *EVP_sha512(void)
{ return(&sha512_md); }
#endif /* ifndef OPENSSL_NO_SHA512 */
+
+#endif
+
+#endif
diff --git a/lib/libcrypto/evp/names.c b/lib/libcrypto/evp/names.c
index 88c1e780dd7..e2e04c3570f 100644
--- a/lib/libcrypto/evp/names.c
+++ b/lib/libcrypto/evp/names.c
@@ -66,6 +66,10 @@ int EVP_add_cipher(const EVP_CIPHER *c)
{
int r;
+#ifdef OPENSSL_FIPS
+ OPENSSL_init();
+#endif
+
r=OBJ_NAME_add(OBJ_nid2sn(c->nid),OBJ_NAME_TYPE_CIPHER_METH,(const char *)c);
if (r == 0) return(0);
r=OBJ_NAME_add(OBJ_nid2ln(c->nid),OBJ_NAME_TYPE_CIPHER_METH,(const char *)c);
@@ -77,6 +81,9 @@ int EVP_add_digest(const EVP_MD *md)
int r;
const char *name;
+#ifdef OPENSSL_FIPS
+ OPENSSL_init();
+#endif
name=OBJ_nid2sn(md->type);
r=OBJ_NAME_add(name,OBJ_NAME_TYPE_MD_METH,(const char *)md);
if (r == 0) return(0);
diff --git a/lib/libcrypto/evp/p5_crpt.c b/lib/libcrypto/evp/p5_crpt.c
index 48d50014a04..2a265fdee27 100644
--- a/lib/libcrypto/evp/p5_crpt.c
+++ b/lib/libcrypto/evp/p5_crpt.c
@@ -1,5 +1,5 @@
/* p5_crpt.c */
-/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project 1999.
*/
/* ====================================================================
diff --git a/lib/libcrypto/evp/p5_crpt2.c b/lib/libcrypto/evp/p5_crpt2.c
index c969d5a2062..6bec77baf96 100644
--- a/lib/libcrypto/evp/p5_crpt2.c
+++ b/lib/libcrypto/evp/p5_crpt2.c
@@ -1,5 +1,5 @@
/* p5_crpt2.c */
-/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project 1999.
*/
/* ====================================================================
diff --git a/lib/libcrypto/evp/p_sign.c b/lib/libcrypto/evp/p_sign.c
index e4ae5906f55..bf41a0db68a 100644
--- a/lib/libcrypto/evp/p_sign.c
+++ b/lib/libcrypto/evp/p_sign.c
@@ -84,10 +84,6 @@ int EVP_SignFinal(EVP_MD_CTX *ctx, unsigned char *sigret, unsigned int *siglen,
MS_STATIC EVP_MD_CTX tmp_ctx;
*siglen=0;
- EVP_MD_CTX_init(&tmp_ctx);
- EVP_MD_CTX_copy_ex(&tmp_ctx,ctx);
- EVP_DigestFinal_ex(&tmp_ctx,&(m[0]),&m_len);
- EVP_MD_CTX_cleanup(&tmp_ctx);
for (i=0; i<4; i++)
{
v=ctx->digest->required_pkey_type[i];
@@ -108,7 +104,23 @@ int EVP_SignFinal(EVP_MD_CTX *ctx, unsigned char *sigret, unsigned int *siglen,
EVPerr(EVP_F_EVP_SIGNFINAL,EVP_R_NO_SIGN_FUNCTION_CONFIGURED);
return(0);
}
- return(ctx->digest->sign(ctx->digest->type,m,m_len,sigret,siglen,
- pkey->pkey.ptr));
+ EVP_MD_CTX_init(&tmp_ctx);
+ EVP_MD_CTX_copy_ex(&tmp_ctx,ctx);
+ if (ctx->digest->flags & EVP_MD_FLAG_SVCTX)
+ {
+ EVP_MD_SVCTX sctmp;
+ sctmp.mctx = &tmp_ctx;
+ sctmp.key = pkey->pkey.ptr;
+ i = ctx->digest->sign(ctx->digest->type,
+ NULL, -1, sigret, siglen, &sctmp);
+ }
+ else
+ {
+ EVP_DigestFinal_ex(&tmp_ctx,&(m[0]),&m_len);
+ i = ctx->digest->sign(ctx->digest->type,m,m_len,sigret,siglen,
+ pkey->pkey.ptr);
+ }
+ EVP_MD_CTX_cleanup(&tmp_ctx);
+ return i;
}
diff --git a/lib/libcrypto/evp/p_verify.c b/lib/libcrypto/evp/p_verify.c
index 21a40a375e1..2d46dffe7e1 100644
--- a/lib/libcrypto/evp/p_verify.c
+++ b/lib/libcrypto/evp/p_verify.c
@@ -85,17 +85,29 @@ int EVP_VerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sigbuf,
EVPerr(EVP_F_EVP_VERIFYFINAL,EVP_R_WRONG_PUBLIC_KEY_TYPE);
return(-1);
}
- EVP_MD_CTX_init(&tmp_ctx);
- EVP_MD_CTX_copy_ex(&tmp_ctx,ctx);
- EVP_DigestFinal_ex(&tmp_ctx,&(m[0]),&m_len);
- EVP_MD_CTX_cleanup(&tmp_ctx);
- if (ctx->digest->verify == NULL)
+ if (ctx->digest->verify == NULL)
{
EVPerr(EVP_F_EVP_VERIFYFINAL,EVP_R_NO_VERIFY_FUNCTION_CONFIGURED);
return(0);
}
- return(ctx->digest->verify(ctx->digest->type,m,m_len,
- sigbuf,siglen,pkey->pkey.ptr));
+ EVP_MD_CTX_init(&tmp_ctx);
+ EVP_MD_CTX_copy_ex(&tmp_ctx,ctx);
+ if (ctx->digest->flags & EVP_MD_FLAG_SVCTX)
+ {
+ EVP_MD_SVCTX sctmp;
+ sctmp.mctx = &tmp_ctx;
+ sctmp.key = pkey->pkey.ptr;
+ i = ctx->digest->verify(ctx->digest->type,
+ NULL, -1, sigbuf, siglen, &sctmp);
+ }
+ else
+ {
+ EVP_DigestFinal_ex(&tmp_ctx,&(m[0]),&m_len);
+ i = ctx->digest->verify(ctx->digest->type,m,m_len,
+ sigbuf,siglen,pkey->pkey.ptr);
+ }
+ EVP_MD_CTX_cleanup(&tmp_ctx);
+ return i;
}
diff --git a/lib/libcrypto/hmac/hmac.c b/lib/libcrypto/hmac/hmac.c
index 1d140f7adb4..cbc1c76a57b 100644
--- a/lib/libcrypto/hmac/hmac.c
+++ b/lib/libcrypto/hmac/hmac.c
@@ -61,6 +61,8 @@
#include "cryptlib.h"
#include <openssl/hmac.h>
+#ifndef OPENSSL_FIPS
+
void HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len,
const EVP_MD *md, ENGINE *impl)
{
@@ -178,3 +180,4 @@ void HMAC_CTX_set_flags(HMAC_CTX *ctx, unsigned long flags)
EVP_MD_CTX_set_flags(&ctx->md_ctx, flags);
}
+#endif
diff --git a/lib/libcrypto/idea/idea.h b/lib/libcrypto/idea/idea.h
index bf97a37e39b..a137d4cbce2 100644
--- a/lib/libcrypto/idea/idea.h
+++ b/lib/libcrypto/idea/idea.h
@@ -83,6 +83,9 @@ typedef struct idea_key_st
const char *idea_options(void);
void idea_ecb_encrypt(const unsigned char *in, unsigned char *out,
IDEA_KEY_SCHEDULE *ks);
+#ifdef OPENSSL_FIPS
+void private_idea_set_encrypt_key(const unsigned char *key, IDEA_KEY_SCHEDULE *ks);
+#endif
void idea_set_encrypt_key(const unsigned char *key, IDEA_KEY_SCHEDULE *ks);
void idea_set_decrypt_key(const IDEA_KEY_SCHEDULE *ek, IDEA_KEY_SCHEDULE *dk);
void idea_cbc_encrypt(const unsigned char *in, unsigned char *out,
diff --git a/lib/libcrypto/install.com b/lib/libcrypto/install.com
index 58a4fecdaa4..ffad1f97a72 100644
--- a/lib/libcrypto/install.com
+++ b/lib/libcrypto/install.com
@@ -35,12 +35,12 @@ $
$ SDIRS := ,-
OBJECTS,-
MD2,MD4,MD5,SHA,MDC2,HMAC,RIPEMD,-
- DES,RC2,RC4,RC5,IDEA,BF,CAST,CAMELLIA,SEED,-
- BN,EC,RSA,DSA,ECDSA,DH,ECDH,DSO,ENGINE,AES,-
+ DES,AES,RC2,RC4,RC5,IDEA,BF,CAST,CAMELLIA,SEED,-
+ BN,EC,RSA,DSA,ECDSA,DH,ECDH,DSO,ENGINE,-
BUFFER,BIO,STACK,LHASH,RAND,ERR,-
EVP,ASN1,PEM,X509,X509V3,CONF,TXT_DB,PKCS7,PKCS12,COMP,OCSP,-
UI,KRB5,-
- STORE,CMS,PQUEUE
+ STORE,PQUEUE,JPAKE
$ EXHEADER_ := crypto.h,tmdiff.h,opensslv.h,opensslconf.h,ebcdic.h,-
symhacks.h,ossl_typ.h
$ EXHEADER_OBJECTS := objects.h,obj_mac.h
@@ -52,6 +52,7 @@ $ EXHEADER_MDC2 := mdc2.h
$ EXHEADER_HMAC := hmac.h
$ EXHEADER_RIPEMD := ripemd.h
$ EXHEADER_DES := des.h,des_old.h
+$ EXHEADER_AES := aes.h
$ EXHEADER_RC2 := rc2.h
$ EXHEADER_RC4 := rc4.h
$ EXHEADER_RC5 := rc5.h
@@ -69,7 +70,6 @@ $ EXHEADER_DH := dh.h
$ EXHEADER_ECDH := ecdh.h
$ EXHEADER_DSO := dso.h
$ EXHEADER_ENGINE := engine.h
-$ EXHEADER_AES := aes.h
$ EXHEADER_BUFFER := buffer.h
$ EXHEADER_BIO := bio.h
$ EXHEADER_STACK := stack.h,safestack.h
@@ -92,7 +92,7 @@ $ EXHEADER_KRB5 := krb5_asn.h
$! EXHEADER_STORE := store.h,str_compat.h
$ EXHEADER_STORE := store.h
$ EXHEADER_PQUEUE := pqueue.h,pq_compat.h
-$ EXHEADER_CMS := cms.h
+$ EXHEADER_JPAKE := jpake.h
$ LIBS := LIBCRYPTO
$
$ VEXE_DIR := [-.VAX.EXE.CRYPTO]
diff --git a/lib/libcrypto/md2/md2.h b/lib/libcrypto/md2/md2.h
index a46120e7d41..d59c9f25931 100644
--- a/lib/libcrypto/md2/md2.h
+++ b/lib/libcrypto/md2/md2.h
@@ -81,6 +81,9 @@ typedef struct MD2state_st
} MD2_CTX;
const char *MD2_options(void);
+#ifdef OPENSSL_FIPS
+int private_MD2_Init(MD2_CTX *c);
+#endif
int MD2_Init(MD2_CTX *c);
int MD2_Update(MD2_CTX *c, const unsigned char *data, size_t len);
int MD2_Final(unsigned char *md, MD2_CTX *c);
diff --git a/lib/libcrypto/md2/md2_dgst.c b/lib/libcrypto/md2/md2_dgst.c
index 6f68b25c6a8..cc4eeaf7a7a 100644
--- a/lib/libcrypto/md2/md2_dgst.c
+++ b/lib/libcrypto/md2/md2_dgst.c
@@ -62,6 +62,11 @@
#include <openssl/md2.h>
#include <openssl/opensslv.h>
#include <openssl/crypto.h>
+#ifdef OPENSSL_FIPS
+#include <openssl/fips.h>
+#endif
+
+#include <openssl/err.h>
const char MD2_version[]="MD2" OPENSSL_VERSION_PTEXT;
@@ -116,7 +121,7 @@ const char *MD2_options(void)
return("md2(int)");
}
-int MD2_Init(MD2_CTX *c)
+FIPS_NON_FIPS_MD_Init(MD2)
{
c->num=0;
memset(c->state,0,sizeof c->state);
diff --git a/lib/libcrypto/md4/md4.h b/lib/libcrypto/md4/md4.h
index 5598c93a4fe..ba1fe4a6ee8 100644
--- a/lib/libcrypto/md4/md4.h
+++ b/lib/libcrypto/md4/md4.h
@@ -105,6 +105,9 @@ typedef struct MD4state_st
unsigned int num;
} MD4_CTX;
+#ifdef OPENSSL_FIPS
+int private_MD4_Init(MD4_CTX *c);
+#endif
int MD4_Init(MD4_CTX *c);
int MD4_Update(MD4_CTX *c, const void *data, size_t len);
int MD4_Final(unsigned char *md, MD4_CTX *c);
diff --git a/lib/libcrypto/md4/md4_dgst.c b/lib/libcrypto/md4/md4_dgst.c
index cfef94af39a..0f5448601d8 100644
--- a/lib/libcrypto/md4/md4_dgst.c
+++ b/lib/libcrypto/md4/md4_dgst.c
@@ -59,6 +59,11 @@
#include <stdio.h>
#include "md4_locl.h"
#include <openssl/opensslv.h>
+#include <openssl/err.h>
+#ifdef OPENSSL_FIPS
+#include <openssl/fips.h>
+#endif
+
const char MD4_version[]="MD4" OPENSSL_VERSION_PTEXT;
@@ -70,7 +75,7 @@ const char MD4_version[]="MD4" OPENSSL_VERSION_PTEXT;
#define INIT_DATA_C (unsigned long)0x98badcfeL
#define INIT_DATA_D (unsigned long)0x10325476L
-int MD4_Init(MD4_CTX *c)
+FIPS_NON_FIPS_MD_Init(MD4)
{
c->A=INIT_DATA_A;
c->B=INIT_DATA_B;
diff --git a/lib/libcrypto/md5/md5.h b/lib/libcrypto/md5/md5.h
index dbdc0e1abc7..0761f84a27b 100644
--- a/lib/libcrypto/md5/md5.h
+++ b/lib/libcrypto/md5/md5.h
@@ -105,6 +105,9 @@ typedef struct MD5state_st
unsigned int num;
} MD5_CTX;
+#ifdef OPENSSL_FIPS
+int private_MD5_Init(MD5_CTX *c);
+#endif
int MD5_Init(MD5_CTX *c);
int MD5_Update(MD5_CTX *c, const void *data, size_t len);
int MD5_Final(unsigned char *md, MD5_CTX *c);
diff --git a/lib/libcrypto/md5/md5_dgst.c b/lib/libcrypto/md5/md5_dgst.c
index b96e332ba41..47bb9020ee1 100644
--- a/lib/libcrypto/md5/md5_dgst.c
+++ b/lib/libcrypto/md5/md5_dgst.c
@@ -59,6 +59,11 @@
#include <stdio.h>
#include "md5_locl.h"
#include <openssl/opensslv.h>
+#include <openssl/err.h>
+#ifdef OPENSSL_FIPS
+#include <openssl/fips.h>
+#endif
+
const char MD5_version[]="MD5" OPENSSL_VERSION_PTEXT;
@@ -70,7 +75,7 @@ const char MD5_version[]="MD5" OPENSSL_VERSION_PTEXT;
#define INIT_DATA_C (unsigned long)0x98badcfeL
#define INIT_DATA_D (unsigned long)0x10325476L
-int MD5_Init(MD5_CTX *c)
+FIPS_NON_FIPS_MD_Init(MD5)
{
c->A=INIT_DATA_A;
c->B=INIT_DATA_B;
diff --git a/lib/libcrypto/mdc2/Makefile b/lib/libcrypto/mdc2/Makefile
index 1d064f17a62..ea25688d888 100644
--- a/lib/libcrypto/mdc2/Makefile
+++ b/lib/libcrypto/mdc2/Makefile
@@ -33,7 +33,7 @@ top:
all: lib
lib: $(LIBOBJ)
- $(AR) $(LIB) $(LIBOBJ)
+ $(ARX) $(LIB) $(LIBOBJ)
$(RANLIB) $(LIB) || echo Never mind.
@touch lib
diff --git a/lib/libcrypto/mdc2/mdc2.h b/lib/libcrypto/mdc2/mdc2.h
index 72778a52123..7e1354116ad 100644
--- a/lib/libcrypto/mdc2/mdc2.h
+++ b/lib/libcrypto/mdc2/mdc2.h
@@ -80,7 +80,9 @@ typedef struct mdc2_ctx_st
int pad_type; /* either 1 or 2, default 1 */
} MDC2_CTX;
-
+#ifdef OPENSSL_FIPS
+int private_MDC2_Init(MDC2_CTX *c);
+#endif
int MDC2_Init(MDC2_CTX *c);
int MDC2_Update(MDC2_CTX *c, const unsigned char *data, size_t len);
int MDC2_Final(unsigned char *md, MDC2_CTX *c);
diff --git a/lib/libcrypto/mem.c b/lib/libcrypto/mem.c
index 6635167228d..00ebaf0b9b5 100644
--- a/lib/libcrypto/mem.c
+++ b/lib/libcrypto/mem.c
@@ -101,7 +101,7 @@ static void (*free_locked_func)(void *) = free;
/* may be changed as long as 'allow_customize_debug' is set */
/* XXX use correct function pointer types */
-#ifdef CRYPTO_MDEBUG
+#if defined(CRYPTO_MDEBUG) && !defined(OPENSSL_FIPS)
/* use default functions from mem_dbg.c */
static void (*malloc_debug_func)(void *,int,const char *,int,int)
= CRYPTO_dbg_malloc;
@@ -110,6 +110,14 @@ static void (*realloc_debug_func)(void *,void *,int,const char *,int,int)
static void (*free_debug_func)(void *,int) = CRYPTO_dbg_free;
static void (*set_debug_options_func)(long) = CRYPTO_dbg_set_options;
static long (*get_debug_options_func)(void) = CRYPTO_dbg_get_options;
+
+static int (*push_info_func)(const char *info, const char *file, int line)
+ = CRYPTO_dbg_push_info;
+static int (*pop_info_func)(void)
+ = CRYPTO_dbg_pop_info;
+static int (*remove_all_info_func)(void)
+ = CRYPTO_dbg_remove_all_info;
+
#else
/* applications can use CRYPTO_malloc_debug_init() to select above case
* at run-time */
@@ -119,6 +127,13 @@ static void (*realloc_debug_func)(void *,void *,int,const char *,int,int)
static void (*free_debug_func)(void *,int) = NULL;
static void (*set_debug_options_func)(long) = NULL;
static long (*get_debug_options_func)(void) = NULL;
+
+
+static int (*push_info_func)(const char *info, const char *file, int line)
+ = NULL;
+static int (*pop_info_func)(void) = NULL;
+static int (*remove_all_info_func)(void) = NULL;
+
#endif
@@ -194,6 +209,15 @@ int CRYPTO_set_mem_debug_functions(void (*m)(void *,int,const char *,int,int),
return 1;
}
+void CRYPTO_set_mem_info_functions(
+ int (*push_info_fn)(const char *info, const char *file, int line),
+ int (*pop_info_fn)(void),
+ int (*remove_all_info_fn)(void))
+ {
+ push_info_func = push_info_fn;
+ pop_info_func = pop_info_fn;
+ remove_all_info_func = remove_all_info_fn;
+ }
void CRYPTO_get_mem_functions(void *(**m)(size_t), void *(**r)(void *, size_t),
void (**f)(void *))
@@ -399,3 +423,24 @@ long CRYPTO_get_mem_debug_options(void)
return get_debug_options_func();
return 0;
}
+
+int CRYPTO_push_info_(const char *info, const char *file, int line)
+ {
+ if (push_info_func)
+ return push_info_func(info, file, line);
+ return 1;
+ }
+
+int CRYPTO_pop_info(void)
+ {
+ if (pop_info_func)
+ return pop_info_func();
+ return 1;
+ }
+
+int CRYPTO_remove_all_info(void)
+ {
+ if (remove_all_info_func)
+ return remove_all_info_func();
+ return 1;
+ }
diff --git a/lib/libcrypto/mem_dbg.c b/lib/libcrypto/mem_dbg.c
index 8316485217a..dfeb0847993 100644
--- a/lib/libcrypto/mem_dbg.c
+++ b/lib/libcrypto/mem_dbg.c
@@ -330,7 +330,7 @@ static APP_INFO *pop_info(void)
return(ret);
}
-int CRYPTO_push_info_(const char *info, const char *file, int line)
+int CRYPTO_dbg_push_info(const char *info, const char *file, int line)
{
APP_INFO *ami, *amim;
int ret=0;
@@ -380,7 +380,7 @@ int CRYPTO_push_info_(const char *info, const char *file, int line)
return(ret);
}
-int CRYPTO_pop_info(void)
+int CRYPTO_dbg_pop_info(void)
{
int ret=0;
@@ -395,7 +395,7 @@ int CRYPTO_pop_info(void)
return(ret);
}
-int CRYPTO_remove_all_info(void)
+int CRYPTO_dbg_remove_all_info(void)
{
int ret=0;
@@ -793,3 +793,25 @@ void CRYPTO_mem_leaks_cb(CRYPTO_MEM_LEAK_CB *cb)
lh_doall_arg(mh, LHASH_DOALL_ARG_FN(cb_leak), &cb);
CRYPTO_w_unlock(CRYPTO_LOCK_MALLOC2);
}
+
+void CRYPTO_malloc_debug_init(void)
+ {
+ CRYPTO_set_mem_debug_functions(
+ CRYPTO_dbg_malloc,
+ CRYPTO_dbg_realloc,
+ CRYPTO_dbg_free,
+ CRYPTO_dbg_set_options,
+ CRYPTO_dbg_get_options);
+ CRYPTO_set_mem_info_functions(
+ CRYPTO_dbg_push_info,
+ CRYPTO_dbg_pop_info,
+ CRYPTO_dbg_remove_all_info);
+ }
+
+char *CRYPTO_strdup(const char *str, const char *file, int line)
+ {
+ char *ret = CRYPTO_malloc(strlen(str)+1, file, line);
+
+ strcpy(ret, str);
+ return ret;
+ }
diff --git a/lib/libcrypto/objects/obj_dat.pl b/lib/libcrypto/objects/obj_dat.pl
index 8a09a46ee65..7de2f77afda 100644
--- a/lib/libcrypto/objects/obj_dat.pl
+++ b/lib/libcrypto/objects/obj_dat.pl
@@ -2,7 +2,9 @@
# fixes bug in floating point emulation on sparc64 when
# this script produces off-by-one output on sparc64
-use integer;
+eval 'use integer;';
+
+print STDERR "Warning: perl module integer not found.\n" if ($@);
sub obj_cmp
{
diff --git a/lib/libcrypto/objects/obj_mac.num b/lib/libcrypto/objects/obj_mac.num
index 53c9cb0d6ae..e3f56bc52ca 100644
--- a/lib/libcrypto/objects/obj_mac.num
+++ b/lib/libcrypto/objects/obj_mac.num
@@ -854,3 +854,5 @@ id_GostR3411_94_with_GostR3410_2001_cc 853
id_GostR3410_2001_ParamSet_cc 854
hmac 855
LocalKeySet 856
+freshest_crl 857
+id_on_permanentIdentifier 858
diff --git a/lib/libcrypto/objects/objects.txt b/lib/libcrypto/objects/objects.txt
index e009702e553..a6a811b8e7c 100644
--- a/lib/libcrypto/objects/objects.txt
+++ b/lib/libcrypto/objects/objects.txt
@@ -557,6 +557,7 @@ id-cmc 24 : id-cmc-confirmCertAcceptance
# other names
id-on 1 : id-on-personalData
+id-on 3 : id-on-permanentIdentifier : Permanent Identifier
# personal data attributes
id-pda 1 : id-pda-dateOfBirth
@@ -726,6 +727,8 @@ id-ce 35 : authorityKeyIdentifier : X509v3 Authority Key Identifier
id-ce 36 : policyConstraints : X509v3 Policy Constraints
!Cname ext-key-usage
id-ce 37 : extendedKeyUsage : X509v3 Extended Key Usage
+!Cname freshest-crl
+id-ce 46 : freshestCRL : X509v3 Freshest CRL
!Cname inhibit-any-policy
id-ce 54 : inhibitAnyPolicy : X509v3 Inhibit Any Policy
!Cname target-information
diff --git a/lib/libcrypto/ocsp/ocsp_asn.c b/lib/libcrypto/ocsp/ocsp_asn.c
index 39b7a1c5687..bfe892ac705 100644
--- a/lib/libcrypto/ocsp/ocsp_asn.c
+++ b/lib/libcrypto/ocsp/ocsp_asn.c
@@ -1,5 +1,5 @@
/* ocsp_asn.c */
-/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project 2000.
*/
/* ====================================================================
diff --git a/lib/libcrypto/ocsp/ocsp_ht.c b/lib/libcrypto/ocsp/ocsp_ht.c
index a8e569b74a0..6abb30b2c07 100644
--- a/lib/libcrypto/ocsp/ocsp_ht.c
+++ b/lib/libcrypto/ocsp/ocsp_ht.c
@@ -1,5 +1,5 @@
/* ocsp_ht.c */
-/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project 2006.
*/
/* ====================================================================
@@ -56,11 +56,12 @@
*
*/
-#include <openssl/asn1.h>
#include <stdio.h>
#include <stdlib.h>
#include <ctype.h>
#include <string.h>
+#include "e_os.h"
+#include <openssl/asn1.h>
#include <openssl/ocsp.h>
#include <openssl/err.h>
#include <openssl/buffer.h>
diff --git a/lib/libcrypto/ocsp/ocsp_srv.c b/lib/libcrypto/ocsp/ocsp_srv.c
index fffa134e754..1c606dd0b61 100644
--- a/lib/libcrypto/ocsp/ocsp_srv.c
+++ b/lib/libcrypto/ocsp/ocsp_srv.c
@@ -1,5 +1,5 @@
/* ocsp_srv.c */
-/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project 2001.
*/
/* ====================================================================
diff --git a/lib/libcrypto/ocsp/ocsp_vfy.c b/lib/libcrypto/ocsp/ocsp_vfy.c
index 23ea41c847b..4a0c3870d83 100644
--- a/lib/libcrypto/ocsp/ocsp_vfy.c
+++ b/lib/libcrypto/ocsp/ocsp_vfy.c
@@ -1,5 +1,5 @@
/* ocsp_vfy.c */
-/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project 2000.
*/
/* ====================================================================
diff --git a/lib/libcrypto/opensslconf.h.in b/lib/libcrypto/opensslconf.h.in
index cee83acf989..1c77f03c3dc 100644
--- a/lib/libcrypto/opensslconf.h.in
+++ b/lib/libcrypto/opensslconf.h.in
@@ -1,5 +1,20 @@
/* crypto/opensslconf.h.in */
+#ifdef OPENSSL_DOING_MAKEDEPEND
+
+/* Include any symbols here that have to be explicitly set to enable a feature
+ * that should be visible to makedepend.
+ *
+ * [Our "make depend" doesn't actually look at this, we use actual build settings
+ * instead; we want to make it easy to remove subdirectories with disabled algorithms.]
+ */
+
+#ifndef OPENSSL_FIPS
+#define OPENSSL_FIPS
+#endif
+
+#endif
+
/* Generate 80386 code? */
#undef I386_ONLY
diff --git a/lib/libcrypto/opensslv.h b/lib/libcrypto/opensslv.h
index 5bdd370ac91..09687b5136a 100644
--- a/lib/libcrypto/opensslv.h
+++ b/lib/libcrypto/opensslv.h
@@ -25,11 +25,11 @@
* (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for
* major minor fix final patch/beta)
*/
-#define OPENSSL_VERSION_NUMBER 0x0090809fL
+#define OPENSSL_VERSION_NUMBER 0x009080afL
#ifdef OPENSSL_FIPS
-#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.8i-fips 15 Sep 2008"
+#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.8j-fips 07 Jan 2009"
#else
-#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.8i 15 Sep 2008"
+#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.8j 07 Jan 2009"
#endif
#define OPENSSL_VERSION_PTEXT " part of " OPENSSL_VERSION_TEXT
diff --git a/lib/libcrypto/ossl_typ.h b/lib/libcrypto/ossl_typ.h
index 734200428f6..0e7a3808803 100644
--- a/lib/libcrypto/ossl_typ.h
+++ b/lib/libcrypto/ossl_typ.h
@@ -100,6 +100,8 @@ typedef int ASN1_NULL;
#undef X509_EXTENSIONS
#undef X509_CERT_PAIR
#undef PKCS7_ISSUER_AND_SERIAL
+#undef OCSP_REQUEST
+#undef OCSP_RESPONSE
#endif
#ifdef BIGNUM
diff --git a/lib/libcrypto/pem/pem.h b/lib/libcrypto/pem/pem.h
index 670afa670ba..6f8e01544bb 100644
--- a/lib/libcrypto/pem/pem.h
+++ b/lib/libcrypto/pem/pem.h
@@ -125,6 +125,7 @@ extern "C" {
#define PEM_STRING_DSA "DSA PRIVATE KEY"
#define PEM_STRING_DSA_PUBLIC "DSA PUBLIC KEY"
#define PEM_STRING_PKCS7 "PKCS7"
+#define PEM_STRING_PKCS7_SIGNED "PKCS #7 SIGNED DATA"
#define PEM_STRING_PKCS8 "ENCRYPTED PRIVATE KEY"
#define PEM_STRING_PKCS8INF "PRIVATE KEY"
#define PEM_STRING_DHPARAMS "DH PARAMETERS"
diff --git a/lib/libcrypto/pem/pem_all.c b/lib/libcrypto/pem/pem_all.c
index 66cbc7eb82c..69dd19bf2e7 100644
--- a/lib/libcrypto/pem/pem_all.c
+++ b/lib/libcrypto/pem/pem_all.c
@@ -194,7 +194,49 @@ RSA *PEM_read_RSAPrivateKey(FILE *fp, RSA **rsa, pem_password_cb *cb,
#endif
+#ifdef OPENSSL_FIPS
+
+int PEM_write_bio_RSAPrivateKey(BIO *bp, RSA *x, const EVP_CIPHER *enc,
+ unsigned char *kstr, int klen,
+ pem_password_cb *cb, void *u)
+{
+ EVP_PKEY *k;
+ int ret;
+ k = EVP_PKEY_new();
+ if (!k)
+ return 0;
+ EVP_PKEY_set1_RSA(k, x);
+
+ ret = PEM_write_bio_PrivateKey(bp, k, enc, kstr, klen, cb, u);
+ EVP_PKEY_free(k);
+ return ret;
+}
+
+#ifndef OPENSSL_NO_FP_API
+int PEM_write_RSAPrivateKey(FILE *fp, RSA *x, const EVP_CIPHER *enc,
+ unsigned char *kstr, int klen,
+ pem_password_cb *cb, void *u)
+{
+ EVP_PKEY *k;
+ int ret;
+ k = EVP_PKEY_new();
+ if (!k)
+ return 0;
+
+ EVP_PKEY_set1_RSA(k, x);
+
+ ret = PEM_write_PrivateKey(fp, k, enc, kstr, klen, cb, u);
+ EVP_PKEY_free(k);
+ return ret;
+}
+#endif
+
+#else
+
IMPLEMENT_PEM_write_cb_const(RSAPrivateKey, RSA, PEM_STRING_RSA, RSAPrivateKey)
+
+#endif
+
IMPLEMENT_PEM_rw_const(RSAPublicKey, RSA, PEM_STRING_RSA_PUBLIC, RSAPublicKey)
IMPLEMENT_PEM_rw(RSA_PUBKEY, RSA, PEM_STRING_PUBLIC, RSA_PUBKEY)
@@ -224,7 +266,47 @@ DSA *PEM_read_bio_DSAPrivateKey(BIO *bp, DSA **dsa, pem_password_cb *cb,
return pkey_get_dsa(pktmp, dsa);
}
+#ifdef OPENSSL_FIPS
+
+int PEM_write_bio_DSAPrivateKey(BIO *bp, DSA *x, const EVP_CIPHER *enc,
+ unsigned char *kstr, int klen,
+ pem_password_cb *cb, void *u)
+{
+ EVP_PKEY *k;
+ int ret;
+ k = EVP_PKEY_new();
+ if (!k)
+ return 0;
+ EVP_PKEY_set1_DSA(k, x);
+
+ ret = PEM_write_bio_PrivateKey(bp, k, enc, kstr, klen, cb, u);
+ EVP_PKEY_free(k);
+ return ret;
+}
+
+#ifndef OPENSSL_NO_FP_API
+int PEM_write_DSAPrivateKey(FILE *fp, DSA *x, const EVP_CIPHER *enc,
+ unsigned char *kstr, int klen,
+ pem_password_cb *cb, void *u)
+{
+ EVP_PKEY *k;
+ int ret;
+ k = EVP_PKEY_new();
+ if (!k)
+ return 0;
+ EVP_PKEY_set1_DSA(k, x);
+ ret = PEM_write_PrivateKey(fp, k, enc, kstr, klen, cb, u);
+ EVP_PKEY_free(k);
+ return ret;
+}
+#endif
+
+#else
+
IMPLEMENT_PEM_write_cb_const(DSAPrivateKey, DSA, PEM_STRING_DSA, DSAPrivateKey)
+
+#endif
+
IMPLEMENT_PEM_rw(DSA_PUBKEY, DSA, PEM_STRING_PUBLIC, DSA_PUBKEY)
#ifndef OPENSSL_NO_FP_API
@@ -270,8 +352,49 @@ EC_KEY *PEM_read_bio_ECPrivateKey(BIO *bp, EC_KEY **key, pem_password_cb *cb,
IMPLEMENT_PEM_rw_const(ECPKParameters, EC_GROUP, PEM_STRING_ECPARAMETERS, ECPKParameters)
+
+
+#ifdef OPENSSL_FIPS
+
+int PEM_write_bio_ECPrivateKey(BIO *bp, EC_KEY *x, const EVP_CIPHER *enc,
+ unsigned char *kstr, int klen,
+ pem_password_cb *cb, void *u)
+{
+ EVP_PKEY *k;
+ int ret;
+ k = EVP_PKEY_new();
+ if (!k)
+ return 0;
+ EVP_PKEY_set1_EC_KEY(k, x);
+
+ ret = PEM_write_bio_PrivateKey(bp, k, enc, kstr, klen, cb, u);
+ EVP_PKEY_free(k);
+ return ret;
+}
+
+#ifndef OPENSSL_NO_FP_API
+int PEM_write_ECPrivateKey(FILE *fp, EC_KEY *x, const EVP_CIPHER *enc,
+ unsigned char *kstr, int klen,
+ pem_password_cb *cb, void *u)
+{
+ EVP_PKEY *k;
+ int ret;
+ k = EVP_PKEY_new();
+ if (!k)
+ return 0;
+ EVP_PKEY_set1_EC_KEY(k, x);
+ ret = PEM_write_PrivateKey(fp, k, enc, kstr, klen, cb, u);
+ EVP_PKEY_free(k);
+ return ret;
+}
+#endif
+
+#else
+
IMPLEMENT_PEM_write_cb(ECPrivateKey, EC_KEY, PEM_STRING_ECPRIVATEKEY, ECPrivateKey)
+#endif
+
IMPLEMENT_PEM_rw(EC_PUBKEY, EC_KEY, PEM_STRING_PUBLIC, EC_PUBKEY)
#ifndef OPENSSL_NO_FP_API
@@ -301,8 +424,59 @@ IMPLEMENT_PEM_rw_const(DHparams, DH, PEM_STRING_DHPARAMS, DHparams)
* (When reading, parameter PEM_STRING_EVP_PKEY is a wildcard for anything
* appropriate.)
*/
+
+#ifdef OPENSSL_FIPS
+
+static const char *pkey_str(EVP_PKEY *x)
+ {
+ switch (x->type)
+ {
+ case EVP_PKEY_RSA:
+ return PEM_STRING_RSA;
+
+ case EVP_PKEY_DSA:
+ return PEM_STRING_DSA;
+
+ case EVP_PKEY_EC:
+ return PEM_STRING_ECPRIVATEKEY;
+
+ default:
+ return NULL;
+ }
+ }
+
+
+int PEM_write_bio_PrivateKey(BIO *bp, EVP_PKEY *x, const EVP_CIPHER *enc,
+ unsigned char *kstr, int klen,
+ pem_password_cb *cb, void *u)
+ {
+ if (FIPS_mode())
+ return PEM_write_bio_PKCS8PrivateKey(bp, x, enc,
+ (char *)kstr, klen, cb, u);
+ else
+ return PEM_ASN1_write_bio((i2d_of_void *)i2d_PrivateKey,
+ pkey_str(x), bp,(char *)x,enc,kstr,klen,cb,u);
+ }
+
+#ifndef OPENSSL_NO_FP_API
+int PEM_write_PrivateKey(FILE *fp, EVP_PKEY *x, const EVP_CIPHER *enc,
+ unsigned char *kstr, int klen,
+ pem_password_cb *cb, void *u)
+ {
+ if (FIPS_mode())
+ return PEM_write_PKCS8PrivateKey(fp, x, enc,
+ (char *)kstr, klen, cb, u);
+ else
+ return PEM_ASN1_write((i2d_of_void *)i2d_PrivateKey,
+ pkey_str(x), fp,(char *)x,enc,kstr,klen,cb,u);
+ }
+#endif
+
+#else
IMPLEMENT_PEM_write_cb(PrivateKey, EVP_PKEY, ((x->type == EVP_PKEY_DSA)?PEM_STRING_DSA:\
(x->type == EVP_PKEY_RSA)?PEM_STRING_RSA:PEM_STRING_ECPRIVATEKEY), PrivateKey)
+#endif
+
IMPLEMENT_PEM_rw(PUBKEY, EVP_PKEY, PEM_STRING_PUBLIC, PUBKEY)
diff --git a/lib/libcrypto/pem/pem_lib.c b/lib/libcrypto/pem/pem_lib.c
index 9bae4c8850c..cbafefe416e 100644
--- a/lib/libcrypto/pem/pem_lib.c
+++ b/lib/libcrypto/pem/pem_lib.c
@@ -216,6 +216,9 @@ static int check_pem(const char *nm, const char *name)
if(!strcmp(nm, PEM_STRING_X509) &&
!strcmp(name, PEM_STRING_PKCS7)) return 1;
+ if(!strcmp(nm, PEM_STRING_PKCS7_SIGNED) &&
+ !strcmp(name, PEM_STRING_PKCS7)) return 1;
+
return 0;
}
diff --git a/lib/libcrypto/pem/pem_x509.c b/lib/libcrypto/pem/pem_x509.c
index 19f88d8d3a6..3f709f13e65 100644
--- a/lib/libcrypto/pem/pem_x509.c
+++ b/lib/libcrypto/pem/pem_x509.c
@@ -1,5 +1,5 @@
/* pem_x509.c */
-/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project 2001.
*/
/* ====================================================================
diff --git a/lib/libcrypto/pem/pem_xaux.c b/lib/libcrypto/pem/pem_xaux.c
index 63ce660cf1a..7cc74910095 100644
--- a/lib/libcrypto/pem/pem_xaux.c
+++ b/lib/libcrypto/pem/pem_xaux.c
@@ -1,5 +1,5 @@
/* pem_xaux.c */
-/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project 2001.
*/
/* ====================================================================
diff --git a/lib/libcrypto/pkcs12/p12_add.c b/lib/libcrypto/pkcs12/p12_add.c
index 41bdc005510..1f3e378f5cb 100644
--- a/lib/libcrypto/pkcs12/p12_add.c
+++ b/lib/libcrypto/pkcs12/p12_add.c
@@ -1,5 +1,5 @@
/* p12_add.c */
-/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project 1999.
*/
/* ====================================================================
diff --git a/lib/libcrypto/pkcs12/p12_asn.c b/lib/libcrypto/pkcs12/p12_asn.c
index a3739fee1a6..6e276338175 100644
--- a/lib/libcrypto/pkcs12/p12_asn.c
+++ b/lib/libcrypto/pkcs12/p12_asn.c
@@ -1,5 +1,5 @@
/* p12_asn.c */
-/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project 1999.
*/
/* ====================================================================
diff --git a/lib/libcrypto/pkcs12/p12_attr.c b/lib/libcrypto/pkcs12/p12_attr.c
index 026cf3826a7..68d6c5ad159 100644
--- a/lib/libcrypto/pkcs12/p12_attr.c
+++ b/lib/libcrypto/pkcs12/p12_attr.c
@@ -1,5 +1,5 @@
/* p12_attr.c */
-/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project 1999.
*/
/* ====================================================================
diff --git a/lib/libcrypto/pkcs12/p12_crpt.c b/lib/libcrypto/pkcs12/p12_crpt.c
index 3ad33c49d82..f8b952e27ee 100644
--- a/lib/libcrypto/pkcs12/p12_crpt.c
+++ b/lib/libcrypto/pkcs12/p12_crpt.c
@@ -1,5 +1,5 @@
/* p12_crpt.c */
-/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project 1999.
*/
/* ====================================================================
diff --git a/lib/libcrypto/pkcs12/p12_crt.c b/lib/libcrypto/pkcs12/p12_crt.c
index 9748256b6fe..e863de52cef 100644
--- a/lib/libcrypto/pkcs12/p12_crt.c
+++ b/lib/libcrypto/pkcs12/p12_crt.c
@@ -1,5 +1,5 @@
/* p12_crt.c */
-/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project.
*/
/* ====================================================================
@@ -59,6 +59,10 @@
#include <stdio.h>
#include "cryptlib.h"
#include <openssl/pkcs12.h>
+#ifdef OPENSSL_FIPS
+#include <openssl/fips.h>
+#endif
+
static int pkcs12_add_bag(STACK_OF(PKCS12_SAFEBAG) **pbags, PKCS12_SAFEBAG *bag);
@@ -90,7 +94,14 @@ PKCS12 *PKCS12_create(char *pass, char *name, EVP_PKEY *pkey, X509 *cert,
/* Set defaults */
if (!nid_cert)
+ {
+#ifdef OPENSSL_FIPS
+ if (FIPS_mode())
+ nid_cert = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;
+ else
+#endif
nid_cert = NID_pbe_WithSHA1And40BitRC2_CBC;
+ }
if (!nid_key)
nid_key = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;
if (!iter)
diff --git a/lib/libcrypto/pkcs12/p12_decr.c b/lib/libcrypto/pkcs12/p12_decr.c
index 74c961a92b8..ba77dbbe32c 100644
--- a/lib/libcrypto/pkcs12/p12_decr.c
+++ b/lib/libcrypto/pkcs12/p12_decr.c
@@ -1,5 +1,5 @@
/* p12_decr.c */
-/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project 1999.
*/
/* ====================================================================
diff --git a/lib/libcrypto/pkcs12/p12_init.c b/lib/libcrypto/pkcs12/p12_init.c
index 6bdc1326317..d4d84b056a2 100644
--- a/lib/libcrypto/pkcs12/p12_init.c
+++ b/lib/libcrypto/pkcs12/p12_init.c
@@ -1,5 +1,5 @@
/* p12_init.c */
-/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project 1999.
*/
/* ====================================================================
diff --git a/lib/libcrypto/pkcs12/p12_key.c b/lib/libcrypto/pkcs12/p12_key.c
index 18e72d0a1b8..9e57eee4a4d 100644
--- a/lib/libcrypto/pkcs12/p12_key.c
+++ b/lib/libcrypto/pkcs12/p12_key.c
@@ -1,5 +1,5 @@
/* p12_key.c */
-/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project 1999.
*/
/* ====================================================================
diff --git a/lib/libcrypto/pkcs12/p12_kiss.c b/lib/libcrypto/pkcs12/p12_kiss.c
index c2ee2cc6f3a..5c4c6ec9888 100644
--- a/lib/libcrypto/pkcs12/p12_kiss.c
+++ b/lib/libcrypto/pkcs12/p12_kiss.c
@@ -1,5 +1,5 @@
/* p12_kiss.c */
-/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project 1999.
*/
/* ====================================================================
diff --git a/lib/libcrypto/pkcs12/p12_mutl.c b/lib/libcrypto/pkcs12/p12_mutl.c
index c408cc8ab8d..70bfef6e5d1 100644
--- a/lib/libcrypto/pkcs12/p12_mutl.c
+++ b/lib/libcrypto/pkcs12/p12_mutl.c
@@ -1,5 +1,5 @@
/* p12_mutl.c */
-/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project 1999.
*/
/* ====================================================================
diff --git a/lib/libcrypto/pkcs12/p12_npas.c b/lib/libcrypto/pkcs12/p12_npas.c
index 48eacc5c49c..47e5e9c3775 100644
--- a/lib/libcrypto/pkcs12/p12_npas.c
+++ b/lib/libcrypto/pkcs12/p12_npas.c
@@ -1,5 +1,5 @@
/* p12_npas.c */
-/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project 1999.
*/
/* ====================================================================
diff --git a/lib/libcrypto/pkcs12/p12_p8d.c b/lib/libcrypto/pkcs12/p12_p8d.c
index 3c6f377933c..deba81e4a97 100644
--- a/lib/libcrypto/pkcs12/p12_p8d.c
+++ b/lib/libcrypto/pkcs12/p12_p8d.c
@@ -1,5 +1,5 @@
/* p12_p8d.c */
-/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project 2001.
*/
/* ====================================================================
diff --git a/lib/libcrypto/pkcs12/p12_p8e.c b/lib/libcrypto/pkcs12/p12_p8e.c
index 3d47956652a..bf20a77b4c7 100644
--- a/lib/libcrypto/pkcs12/p12_p8e.c
+++ b/lib/libcrypto/pkcs12/p12_p8e.c
@@ -1,5 +1,5 @@
/* p12_p8e.c */
-/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project 2001.
*/
/* ====================================================================
diff --git a/lib/libcrypto/pkcs12/p12_utl.c b/lib/libcrypto/pkcs12/p12_utl.c
index 243ec76be95..ca30ac4f6d5 100644
--- a/lib/libcrypto/pkcs12/p12_utl.c
+++ b/lib/libcrypto/pkcs12/p12_utl.c
@@ -1,5 +1,5 @@
/* p12_utl.c */
-/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project 1999.
*/
/* ====================================================================
diff --git a/lib/libcrypto/pkcs12/pkcs12.h b/lib/libcrypto/pkcs12/pkcs12.h
index a2d7e359a0f..4bee605dc0d 100644
--- a/lib/libcrypto/pkcs12/pkcs12.h
+++ b/lib/libcrypto/pkcs12/pkcs12.h
@@ -1,5 +1,5 @@
/* pkcs12.h */
-/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project 1999.
*/
/* ====================================================================
diff --git a/lib/libcrypto/pkcs7/pk7_asn1.c b/lib/libcrypto/pkcs7/pk7_asn1.c
index 77931feeb41..1f70d313867 100644
--- a/lib/libcrypto/pkcs7/pk7_asn1.c
+++ b/lib/libcrypto/pkcs7/pk7_asn1.c
@@ -1,5 +1,5 @@
/* pk7_asn.c */
-/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project 2000.
*/
/* ====================================================================
diff --git a/lib/libcrypto/pkcs7/pk7_attr.c b/lib/libcrypto/pkcs7/pk7_attr.c
index 735c8800e10..d5497171691 100644
--- a/lib/libcrypto/pkcs7/pk7_attr.c
+++ b/lib/libcrypto/pkcs7/pk7_attr.c
@@ -1,5 +1,5 @@
/* pk7_attr.c */
-/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project 2001.
*/
/* ====================================================================
diff --git a/lib/libcrypto/pkcs7/pk7_mime.c b/lib/libcrypto/pkcs7/pk7_mime.c
index 17b68992f7d..bf190360d75 100644
--- a/lib/libcrypto/pkcs7/pk7_mime.c
+++ b/lib/libcrypto/pkcs7/pk7_mime.c
@@ -1,5 +1,5 @@
/* pk7_mime.c */
-/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project.
*/
/* ====================================================================
diff --git a/lib/libcrypto/pkcs7/pk7_smime.c b/lib/libcrypto/pkcs7/pk7_smime.c
index 5c6b0fe24bc..c34db1d6fed 100644
--- a/lib/libcrypto/pkcs7/pk7_smime.c
+++ b/lib/libcrypto/pkcs7/pk7_smime.c
@@ -1,5 +1,5 @@
/* pk7_smime.c */
-/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project.
*/
/* ====================================================================
@@ -282,6 +282,7 @@ int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store,
PKCS7err(PKCS7_F_PKCS7_VERIFY,ERR_R_MALLOC_FAILURE);
goto err;
}
+ BIO_set_mem_eof_return(tmpout, 0);
} else tmpout = out;
/* We now have to 'read' from p7bio to calculate digests etc. */
diff --git a/lib/libcrypto/rand/Makefile b/lib/libcrypto/rand/Makefile
index 27694aa6649..30794305cb3 100644
--- a/lib/libcrypto/rand/Makefile
+++ b/lib/libcrypto/rand/Makefile
@@ -17,9 +17,9 @@ TEST= randtest.c
APPS=
LIB=$(TOP)/libcrypto.a
-LIBSRC=md_rand.c randfile.c rand_lib.c rand_err.c rand_egd.c \
+LIBSRC=md_rand.c randfile.c rand_lib.c rand_eng.c rand_err.c rand_egd.c \
rand_win.c rand_unix.c rand_os2.c rand_nw.c
-LIBOBJ=md_rand.o randfile.o rand_lib.o rand_err.o rand_egd.o \
+LIBOBJ=md_rand.o randfile.o rand_lib.o rand_eng.o rand_err.o rand_egd.o \
rand_win.o rand_unix.o rand_os2.o rand_nw.o
SRC= $(LIBSRC)
@@ -35,7 +35,7 @@ top:
all: lib
lib: $(LIBOBJ)
- $(AR) $(LIB) $(LIBOBJ)
+ $(ARX) $(LIB) $(LIBOBJ)
$(RANLIB) $(LIB) || echo Never mind.
@touch lib
@@ -79,17 +79,34 @@ clean:
md_rand.o: ../../e_os.h ../../include/openssl/asn1.h
md_rand.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h
md_rand.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-md_rand.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-md_rand.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-md_rand.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-md_rand.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h
-md_rand.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-md_rand.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-md_rand.o: md_rand.c rand_lcl.h
+md_rand.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+md_rand.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+md_rand.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+md_rand.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+md_rand.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
+md_rand.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+md_rand.o: ../../include/openssl/symhacks.h md_rand.c rand_lcl.h
rand_egd.o: ../../include/openssl/buffer.h ../../include/openssl/e_os2.h
rand_egd.o: ../../include/openssl/opensslconf.h
rand_egd.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h
rand_egd.o: rand_egd.c
+rand_eng.o: ../../e_os.h ../../include/openssl/asn1.h
+rand_eng.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+rand_eng.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+rand_eng.o: ../../include/openssl/des_old.h ../../include/openssl/e_os2.h
+rand_eng.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+rand_eng.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h
+rand_eng.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+rand_eng.o: ../../include/openssl/fips.h ../../include/openssl/fips_rand.h
+rand_eng.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+rand_eng.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+rand_eng.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+rand_eng.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
+rand_eng.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+rand_eng.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+rand_eng.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+rand_eng.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+rand_eng.o: ../cryptlib.h rand_eng.c rand_lcl.h
rand_err.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h
rand_err.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
rand_err.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
@@ -99,34 +116,39 @@ rand_err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
rand_err.o: rand_err.c
rand_lib.o: ../../e_os.h ../../include/openssl/asn1.h
rand_lib.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
-rand_lib.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+rand_lib.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+rand_lib.o: ../../include/openssl/des_old.h ../../include/openssl/e_os2.h
rand_lib.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
rand_lib.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h
rand_lib.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+rand_lib.o: ../../include/openssl/fips.h ../../include/openssl/fips_rand.h
rand_lib.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
rand_lib.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
rand_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
rand_lib.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
rand_lib.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
rand_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+rand_lib.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
rand_lib.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-rand_lib.o: ../cryptlib.h rand_lib.c
+rand_lib.o: ../cryptlib.h rand_lcl.h rand_lib.c
rand_nw.o: ../../e_os.h ../../include/openssl/asn1.h
rand_nw.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
rand_nw.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
rand_nw.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-rand_nw.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-rand_nw.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-rand_nw.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-rand_nw.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
-rand_nw.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-rand_nw.o: ../../include/openssl/symhacks.h ../cryptlib.h rand_lcl.h rand_nw.c
+rand_nw.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+rand_nw.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+rand_nw.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+rand_nw.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h
+rand_nw.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+rand_nw.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+rand_nw.o: ../cryptlib.h rand_lcl.h rand_nw.c
rand_os2.o: ../../e_os.h ../../include/openssl/asn1.h
rand_os2.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
rand_os2.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
rand_os2.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-rand_os2.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-rand_os2.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+rand_os2.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+rand_os2.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+rand_os2.o: ../../include/openssl/opensslconf.h
rand_os2.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
rand_os2.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
rand_os2.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
@@ -136,8 +158,8 @@ rand_unix.o: ../../e_os.h ../../include/openssl/asn1.h
rand_unix.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
rand_unix.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
rand_unix.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-rand_unix.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-rand_unix.o: ../../include/openssl/objects.h
+rand_unix.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+rand_unix.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
rand_unix.o: ../../include/openssl/opensslconf.h
rand_unix.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
rand_unix.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
@@ -148,8 +170,9 @@ rand_win.o: ../../e_os.h ../../include/openssl/asn1.h
rand_win.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
rand_win.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
rand_win.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-rand_win.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-rand_win.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+rand_win.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+rand_win.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+rand_win.o: ../../include/openssl/opensslconf.h
rand_win.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
rand_win.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
rand_win.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
diff --git a/lib/libcrypto/rand/md_rand.c b/lib/libcrypto/rand/md_rand.c
index 9783d0c23e9..0f8dd3e00fa 100644
--- a/lib/libcrypto/rand/md_rand.c
+++ b/lib/libcrypto/rand/md_rand.c
@@ -126,6 +126,10 @@
#include <openssl/crypto.h>
#include <openssl/err.h>
+#ifdef OPENSSL_FIPS
+#include <openssl/fips.h>
+#endif
+
#ifdef BN_DEBUG
# define PREDICT
@@ -332,6 +336,14 @@ static int ssleay_rand_bytes(unsigned char *buf, int num)
#endif
int do_stir_pool = 0;
+#ifdef OPENSSL_FIPS
+ if(FIPS_mode())
+ {
+ FIPSerr(FIPS_F_SSLEAY_RAND_BYTES,FIPS_R_NON_FIPS_METHOD);
+ return 0;
+ }
+#endif
+
#ifdef PREDICT
if (rand_predictable)
{
diff --git a/lib/libcrypto/rand/rand.h b/lib/libcrypto/rand/rand.h
index ac6c0217636..ea89153cba3 100644
--- a/lib/libcrypto/rand/rand.h
+++ b/lib/libcrypto/rand/rand.h
@@ -72,7 +72,7 @@ extern "C" {
#endif
#if defined(OPENSSL_FIPS)
-#define FIPS_RAND_SIZE_T size_t
+#define FIPS_RAND_SIZE_T int
#endif
/* Already defined in ossl_typ.h */
@@ -111,6 +111,15 @@ int RAND_query_egd_bytes(const char *path, unsigned char *buf, int bytes);
int RAND_egd(const char *path);
int RAND_egd_bytes(const char *path,int bytes);
int RAND_poll(void);
+#ifndef OPENSSL_NO_ENGINE
+#ifdef OPENSSL_FIPS
+void int_RAND_init_engine_callbacks(void);
+void int_RAND_set_callbacks(
+ int (*set_rand_func)(const RAND_METHOD *meth,
+ const RAND_METHOD **pmeth),
+ const RAND_METHOD *(*get_rand_func)(const RAND_METHOD **pmeth));
+#endif
+#endif
#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32)
@@ -128,11 +137,29 @@ void ERR_load_RAND_strings(void);
/* Error codes for the RAND functions. */
/* Function codes. */
+#define RAND_F_ENG_RAND_GET_RAND_METHOD 108
+#define RAND_F_FIPS_RAND 103
+#define RAND_F_FIPS_RAND_BYTES 102
+#define RAND_F_FIPS_RAND_GET_RAND_METHOD 109
+#define RAND_F_FIPS_RAND_SET_DT 106
+#define RAND_F_FIPS_SET_DT 104
+#define RAND_F_FIPS_SET_PRNG_SEED 107
+#define RAND_F_FIPS_SET_TEST_MODE 105
#define RAND_F_RAND_GET_RAND_METHOD 101
#define RAND_F_SSLEAY_RAND_BYTES 100
/* Reason codes. */
+#define RAND_R_NON_FIPS_METHOD 105
+#define RAND_R_NOT_IN_TEST_MODE 106
+#define RAND_R_NO_KEY_SET 107
+#define RAND_R_PRNG_ASKING_FOR_TOO_MUCH 101
+#define RAND_R_PRNG_ERROR 108
+#define RAND_R_PRNG_KEYED 109
+#define RAND_R_PRNG_NOT_REKEYED 102
+#define RAND_R_PRNG_NOT_RESEEDED 103
#define RAND_R_PRNG_NOT_SEEDED 100
+#define RAND_R_PRNG_SEED_MUST_NOT_MATCH_KEY 110
+#define RAND_R_PRNG_STUCK 104
#ifdef __cplusplus
}
diff --git a/lib/libcrypto/rand/rand_err.c b/lib/libcrypto/rand/rand_err.c
index 386934dcd18..829fb44d77e 100644
--- a/lib/libcrypto/rand/rand_err.c
+++ b/lib/libcrypto/rand/rand_err.c
@@ -1,6 +1,6 @@
/* crypto/rand/rand_err.c */
/* ====================================================================
- * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved.
+ * Copyright (c) 1999-2007 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -70,6 +70,14 @@
static ERR_STRING_DATA RAND_str_functs[]=
{
+{ERR_FUNC(RAND_F_ENG_RAND_GET_RAND_METHOD), "ENG_RAND_GET_RAND_METHOD"},
+{ERR_FUNC(RAND_F_FIPS_RAND), "FIPS_RAND"},
+{ERR_FUNC(RAND_F_FIPS_RAND_BYTES), "FIPS_RAND_BYTES"},
+{ERR_FUNC(RAND_F_FIPS_RAND_GET_RAND_METHOD), "FIPS_RAND_GET_RAND_METHOD"},
+{ERR_FUNC(RAND_F_FIPS_RAND_SET_DT), "FIPS_RAND_SET_DT"},
+{ERR_FUNC(RAND_F_FIPS_SET_DT), "FIPS_SET_DT"},
+{ERR_FUNC(RAND_F_FIPS_SET_PRNG_SEED), "FIPS_SET_PRNG_SEED"},
+{ERR_FUNC(RAND_F_FIPS_SET_TEST_MODE), "FIPS_SET_TEST_MODE"},
{ERR_FUNC(RAND_F_RAND_GET_RAND_METHOD), "RAND_get_rand_method"},
{ERR_FUNC(RAND_F_SSLEAY_RAND_BYTES), "SSLEAY_RAND_BYTES"},
{0,NULL}
@@ -77,7 +85,17 @@ static ERR_STRING_DATA RAND_str_functs[]=
static ERR_STRING_DATA RAND_str_reasons[]=
{
+{ERR_REASON(RAND_R_NON_FIPS_METHOD) ,"non fips method"},
+{ERR_REASON(RAND_R_NOT_IN_TEST_MODE) ,"not in test mode"},
+{ERR_REASON(RAND_R_NO_KEY_SET) ,"no key set"},
+{ERR_REASON(RAND_R_PRNG_ASKING_FOR_TOO_MUCH),"prng asking for too much"},
+{ERR_REASON(RAND_R_PRNG_ERROR) ,"prng error"},
+{ERR_REASON(RAND_R_PRNG_KEYED) ,"prng keyed"},
+{ERR_REASON(RAND_R_PRNG_NOT_REKEYED) ,"prng not rekeyed"},
+{ERR_REASON(RAND_R_PRNG_NOT_RESEEDED) ,"prng not reseeded"},
{ERR_REASON(RAND_R_PRNG_NOT_SEEDED) ,"PRNG not seeded"},
+{ERR_REASON(RAND_R_PRNG_SEED_MUST_NOT_MATCH_KEY),"prng seed must not match key"},
+{ERR_REASON(RAND_R_PRNG_STUCK) ,"prng stuck"},
{0,NULL}
};
diff --git a/lib/libcrypto/rand/rand_lcl.h b/lib/libcrypto/rand/rand_lcl.h
index 618a8ec899c..18cc9b1e4af 100644
--- a/lib/libcrypto/rand/rand_lcl.h
+++ b/lib/libcrypto/rand/rand_lcl.h
@@ -154,5 +154,16 @@
#define MD(a,b,c) EVP_Digest(a,b,c,NULL,EVP_md2(), NULL)
#endif
+#ifndef OPENSSL_NO_ENGINE
+void int_RAND_set_callbacks(
+ int (*set_rand_func)(const RAND_METHOD *meth,
+ const RAND_METHOD **pmeth),
+ const RAND_METHOD *(*get_rand_func)
+ (const RAND_METHOD **pmeth));
+int eng_RAND_set_rand_method(const RAND_METHOD *meth,
+ const RAND_METHOD **pmeth);
+const RAND_METHOD *eng_RAND_get_rand_method(const RAND_METHOD **pmeth);
+#endif
+
#endif
diff --git a/lib/libcrypto/rand/rand_lib.c b/lib/libcrypto/rand/rand_lib.c
index 513e3389859..da6b4e0e862 100644
--- a/lib/libcrypto/rand/rand_lib.c
+++ b/lib/libcrypto/rand/rand_lib.c
@@ -60,15 +60,82 @@
#include <time.h>
#include "cryptlib.h"
#include <openssl/rand.h>
+#include "rand_lcl.h"
+#ifdef OPENSSL_FIPS
+#include <openssl/fips.h>
+#include <openssl/fips_rand.h>
+#endif
+
#ifndef OPENSSL_NO_ENGINE
#include <openssl/engine.h>
#endif
+static const RAND_METHOD *default_RAND_meth = NULL;
+
+#ifdef OPENSSL_FIPS
+
+static int fips_RAND_set_rand_method(const RAND_METHOD *meth,
+ const RAND_METHOD **pmeth)
+ {
+ *pmeth = meth;
+ return 1;
+ }
+
+static const RAND_METHOD *fips_RAND_get_rand_method(const RAND_METHOD **pmeth)
+ {
+ if (!*pmeth)
+ {
+ if(FIPS_mode())
+ *pmeth=FIPS_rand_method();
+ else
+ *pmeth = RAND_SSLeay();
+ }
+
+ if(FIPS_mode()
+ && *pmeth != FIPS_rand_check())
+ {
+ RANDerr(RAND_F_FIPS_RAND_GET_RAND_METHOD,RAND_R_NON_FIPS_METHOD);
+ return 0;
+ }
+
+ return *pmeth;
+ }
+
+static int (*RAND_set_rand_method_func)(const RAND_METHOD *meth,
+ const RAND_METHOD **pmeth)
+ = fips_RAND_set_rand_method;
+static const RAND_METHOD *(*RAND_get_rand_method_func)
+ (const RAND_METHOD **pmeth)
+ = fips_RAND_get_rand_method;
+
+#ifndef OPENSSL_NO_ENGINE
+void int_RAND_set_callbacks(
+ int (*set_rand_func)(const RAND_METHOD *meth,
+ const RAND_METHOD **pmeth),
+ const RAND_METHOD *(*get_rand_func)
+ (const RAND_METHOD **pmeth))
+ {
+ RAND_set_rand_method_func = set_rand_func;
+ RAND_get_rand_method_func = get_rand_func;
+ }
+#endif
+
+int RAND_set_rand_method(const RAND_METHOD *meth)
+ {
+ return RAND_set_rand_method_func(meth, &default_RAND_meth);
+ }
+
+const RAND_METHOD *RAND_get_rand_method(void)
+ {
+ return RAND_get_rand_method_func(&default_RAND_meth);
+ }
+
+#else
+
#ifndef OPENSSL_NO_ENGINE
/* non-NULL if default_RAND_meth is ENGINE-provided */
static ENGINE *funct_ref =NULL;
#endif
-static const RAND_METHOD *default_RAND_meth = NULL;
int RAND_set_rand_method(const RAND_METHOD *meth)
{
@@ -129,6 +196,8 @@ int RAND_set_rand_engine(ENGINE *engine)
}
#endif
+#endif
+
void RAND_cleanup(void)
{
const RAND_METHOD *meth = RAND_get_rand_method();
diff --git a/lib/libcrypto/rand/randfile.c b/lib/libcrypto/rand/randfile.c
index 005cb38cb0c..f63fbc17319 100644
--- a/lib/libcrypto/rand/randfile.c
+++ b/lib/libcrypto/rand/randfile.c
@@ -81,10 +81,25 @@
# include <sys/stat.h>
#endif
+#ifdef _WIN32
+#define stat _stat
+#define chmod _chmod
+#define open _open
+#define fdopen _fdopen
+#endif
+
#undef BUFSIZE
#define BUFSIZE 1024
#define RAND_DATA 1024
+#ifdef OPENSSL_SYS_VMS
+/* This declaration is a nasty hack to get around vms' extension to fopen
+ * for passing in sharing options being disabled by our /STANDARD=ANSI89 */
+static FILE *(*const vms_fopen)(const char *, const char *, ...) =
+ (FILE *(*)(const char *, const char *, ...))fopen;
+#define VMS_OPEN_ATTRS "shr=get,put,upd,del","ctx=bin,stm","rfm=stm","rat=none","mrs=0"
+#endif
+
/* #define RFILE ".rnd" - defined in ../../e_os.h */
/* Note that these functions are intended for seed files only.
@@ -106,7 +121,11 @@ int RAND_load_file(const char *file, long bytes)
RAND_add(&sb,sizeof(sb),0.0);
if (bytes == 0) return(ret);
+#ifdef OPENSSL_SYS_VMS
+ in=vms_fopen(file,"rb",VMS_OPEN_ATTRS);
+#else
in=fopen(file,"rb");
+#endif
if (in == NULL) goto err;
#if defined(S_IFBLK) && defined(S_IFCHR)
if (sb.st_mode & (S_IFBLK | S_IFCHR)) {
@@ -167,7 +186,7 @@ int RAND_write_file(const char *file)
#endif
}
-#if defined(O_CREAT) && !defined(OPENSSL_SYS_WIN32)
+#if defined(O_CREAT) && !defined(OPENSSL_SYS_WIN32) && !defined(OPENSSL_SYS_VMS)
{
/* For some reason Win32 can't write to files created this way */
@@ -178,8 +197,34 @@ int RAND_write_file(const char *file)
out = fdopen(fd, "wb");
}
#endif
+
+#ifdef OPENSSL_SYS_VMS
+ /* VMS NOTE: Prior versions of this routine created a _new_
+ * version of the rand file for each call into this routine, then
+ * deleted all existing versions named ;-1, and finally renamed
+ * the current version as ';1'. Under concurrent usage, this
+ * resulted in an RMS race condition in rename() which could
+ * orphan files (see vms message help for RMS$_REENT). With the
+ * fopen() calls below, openssl/VMS now shares the top-level
+ * version of the rand file. Note that there may still be
+ * conditions where the top-level rand file is locked. If so, this
+ * code will then create a new version of the rand file. Without
+ * the delete and rename code, this can result in ascending file
+ * versions that stop at version 32767, and this routine will then
+ * return an error. The remedy for this is to recode the calling
+ * application to avoid concurrent use of the rand file, or
+ * synchronize usage at the application level. Also consider
+ * whether or not you NEED a persistent rand file in a concurrent
+ * use situation.
+ */
+
+ out = vms_fopen(file,"rb+",VMS_OPEN_ATTRS);
+ if (out == NULL)
+ out = vms_fopen(file,"wb",VMS_OPEN_ATTRS);
+#else
if (out == NULL)
out = fopen(file,"wb");
+#endif
if (out == NULL) goto err;
#ifndef NO_CHMOD
@@ -201,25 +246,6 @@ int RAND_write_file(const char *file)
ret+=i;
if (n <= 0) break;
}
-#ifdef OPENSSL_SYS_VMS
- /* Try to delete older versions of the file, until there aren't
- any */
- {
- char *tmpf;
-
- tmpf = OPENSSL_malloc(strlen(file) + 4); /* to add ";-1" and a nul */
- if (tmpf)
- {
- strcpy(tmpf, file);
- strcat(tmpf, ";-1");
- while(delete(tmpf) == 0)
- ;
- rename(file,";1"); /* Make sure it's version 1, or we
- will reach the limit (32767) at
- some point... */
- }
- }
-#endif /* OPENSSL_SYS_VMS */
fclose(out);
OPENSSL_cleanse(buf,BUFSIZE);
diff --git a/lib/libcrypto/rc2/rc2.h b/lib/libcrypto/rc2/rc2.h
index 34c83623172..e542ec94ffb 100644
--- a/lib/libcrypto/rc2/rc2.h
+++ b/lib/libcrypto/rc2/rc2.h
@@ -79,7 +79,9 @@ typedef struct rc2_key_st
RC2_INT data[64];
} RC2_KEY;
-
+#ifdef OPENSSL_FIPS
+void private_RC2_set_key(RC2_KEY *key, int len, const unsigned char *data,int bits);
+#endif
void RC2_set_key(RC2_KEY *key, int len, const unsigned char *data,int bits);
void RC2_ecb_encrypt(const unsigned char *in,unsigned char *out,RC2_KEY *key,
int enc);
diff --git a/lib/libcrypto/rc2/rc2_skey.c b/lib/libcrypto/rc2/rc2_skey.c
index 49536420566..4e000e5b992 100644
--- a/lib/libcrypto/rc2/rc2_skey.c
+++ b/lib/libcrypto/rc2/rc2_skey.c
@@ -57,6 +57,11 @@
*/
#include <openssl/rc2.h>
+#include <openssl/crypto.h>
+#ifdef OPENSSL_FIPS
+#include <openssl/fips.h>
+#endif
+
#include "rc2_locl.h"
static unsigned char key_table[256]={
@@ -94,8 +99,20 @@ static unsigned char key_table[256]={
* BSAFE uses the 'retarded' version. What I previously shipped is
* the same as specifying 1024 for the 'bits' parameter. Bsafe uses
* a version where the bits parameter is the same as len*8 */
+
+#ifdef OPENSSL_FIPS
void RC2_set_key(RC2_KEY *key, int len, const unsigned char *data, int bits)
{
+ if (FIPS_mode())
+ FIPS_BAD_ABORT(RC2)
+ private_RC2_set_key(key, len, data, bits);
+ }
+void private_RC2_set_key(RC2_KEY *key, int len, const unsigned char *data,
+ int bits)
+#else
+void RC2_set_key(RC2_KEY *key, int len, const unsigned char *data, int bits)
+#endif
+ {
int i,j;
unsigned char *k;
RC2_INT *ki;
diff --git a/lib/libcrypto/rc4/asm/rc4-x86_64.pl b/lib/libcrypto/rc4/asm/rc4-x86_64.pl
index 92c52f34333..3a546234955 100755
--- a/lib/libcrypto/rc4/asm/rc4-x86_64.pl
+++ b/lib/libcrypto/rc4/asm/rc4-x86_64.pl
@@ -358,6 +358,8 @@ ___
$code =~ s/#([bwd])/$1/gm;
+$code =~ s/RC4_set_key/private_RC4_set_key/g if ($ENV{FIPSCANLIB} ne "");
+
print $code;
close STDOUT;
diff --git a/lib/libcrypto/rc4/rc4.h b/lib/libcrypto/rc4/rc4.h
index 7aec04fe93a..2d8620d33b9 100644
--- a/lib/libcrypto/rc4/rc4.h
+++ b/lib/libcrypto/rc4/rc4.h
@@ -76,6 +76,9 @@ typedef struct rc4_key_st
const char *RC4_options(void);
+#ifdef OPENSSL_FIPS
+void private_RC4_set_key(RC4_KEY *key, int len, const unsigned char *data);
+#endif
void RC4_set_key(RC4_KEY *key, int len, const unsigned char *data);
void RC4(RC4_KEY *key, unsigned long len, const unsigned char *indata,
unsigned char *outdata);
diff --git a/lib/libcrypto/rc4/rc4_skey.c b/lib/libcrypto/rc4/rc4_skey.c
index 46b77ec3216..4478d1a4b3b 100644
--- a/lib/libcrypto/rc4/rc4_skey.c
+++ b/lib/libcrypto/rc4/rc4_skey.c
@@ -59,6 +59,11 @@
#include <openssl/rc4.h>
#include "rc4_locl.h"
#include <openssl/opensslv.h>
+#include <openssl/crypto.h>
+#ifdef OPENSSL_FIPS
+#include <openssl/fips.h>
+#endif
+
const char RC4_version[]="RC4" OPENSSL_VERSION_PTEXT;
@@ -85,7 +90,11 @@ const char *RC4_options(void)
* Date: Wed, 14 Sep 1994 06:35:31 GMT
*/
+#ifdef OPENSSL_FIPS
+void private_RC4_set_key(RC4_KEY *key, int len, const unsigned char *data)
+#else
void RC4_set_key(RC4_KEY *key, int len, const unsigned char *data)
+#endif
{
register RC4_INT tmp;
register int id1,id2;
@@ -127,7 +136,12 @@ void RC4_set_key(RC4_KEY *key, int len, const unsigned char *data)
*
* <appro@fy.chalmers.se>
*/
- if (OPENSSL_ia32cap_P & (1<<20)) {
+#ifdef OPENSSL_FIPS
+ unsigned long *ia32cap_ptr = OPENSSL_ia32cap_loc();
+ if (ia32cap_ptr && (*ia32cap_ptr & (1<<28))) {
+#else
+ if (OPENSSL_ia32cap_P & (1<<28)) {
+#endif
unsigned char *cp=(unsigned char *)d;
for (i=0;i<256;i++) cp[i]=i;
diff --git a/lib/libcrypto/rc5/rc5.h b/lib/libcrypto/rc5/rc5.h
index 4b3c153b503..f73a2a02a45 100644
--- a/lib/libcrypto/rc5/rc5.h
+++ b/lib/libcrypto/rc5/rc5.h
@@ -94,7 +94,10 @@ typedef struct rc5_key_st
RC5_32_INT data[2*(RC5_16_ROUNDS+1)];
} RC5_32_KEY;
-
+#ifdef OPENSSL_FIPS
+void private_RC5_32_set_key(RC5_32_KEY *key, int len, const unsigned char *data,
+ int rounds);
+#endif
void RC5_32_set_key(RC5_32_KEY *key, int len, const unsigned char *data,
int rounds);
void RC5_32_ecb_encrypt(const unsigned char *in,unsigned char *out,RC5_32_KEY *key,
diff --git a/lib/libcrypto/ripemd/ripemd.h b/lib/libcrypto/ripemd/ripemd.h
index 033a5965b58..3b6d04386d4 100644
--- a/lib/libcrypto/ripemd/ripemd.h
+++ b/lib/libcrypto/ripemd/ripemd.h
@@ -90,7 +90,9 @@ typedef struct RIPEMD160state_st
RIPEMD160_LONG data[RIPEMD160_LBLOCK];
unsigned int num;
} RIPEMD160_CTX;
-
+#ifdef OPENSSL_FIPS
+int private_RIPEMD160_Init(RIPEMD160_CTX *c);
+#endif
int RIPEMD160_Init(RIPEMD160_CTX *c);
int RIPEMD160_Update(RIPEMD160_CTX *c, const void *data, size_t len);
int RIPEMD160_Final(unsigned char *md, RIPEMD160_CTX *c);
diff --git a/lib/libcrypto/ripemd/rmd_dgst.c b/lib/libcrypto/ripemd/rmd_dgst.c
index 1f2401aa7ec..a845e17ed86 100644
--- a/lib/libcrypto/ripemd/rmd_dgst.c
+++ b/lib/libcrypto/ripemd/rmd_dgst.c
@@ -59,6 +59,11 @@
#include <stdio.h>
#include "rmd_locl.h"
#include <openssl/opensslv.h>
+#include <openssl/err.h>
+#ifdef OPENSSL_FIPS
+#include <openssl/fips.h>
+#endif
+
const char RMD160_version[]="RIPE-MD160" OPENSSL_VERSION_PTEXT;
@@ -69,7 +74,7 @@ const char RMD160_version[]="RIPE-MD160" OPENSSL_VERSION_PTEXT;
void ripemd160_block(RIPEMD160_CTX *c, unsigned long *p,size_t num);
# endif
-int RIPEMD160_Init(RIPEMD160_CTX *c)
+FIPS_NON_FIPS_MD_Init(RIPEMD160)
{
c->A=RIPEMD160_A;
c->B=RIPEMD160_B;
diff --git a/lib/libcrypto/ripemd/rmd_locl.h b/lib/libcrypto/ripemd/rmd_locl.h
index f14b346e662..ce12a8000ea 100644
--- a/lib/libcrypto/ripemd/rmd_locl.h
+++ b/lib/libcrypto/ripemd/rmd_locl.h
@@ -72,7 +72,7 @@
*/
#ifdef RMD160_ASM
# if defined(__i386) || defined(__i386__) || defined(_M_IX86) || defined(__INTEL__)
-# define ripemd160_block_data_order ripemd160_block_asm_data_order
+# define ripemd160_block_host_order ripemd160_block_asm_data_order
# endif
#endif
diff --git a/lib/libcrypto/rsa/Makefile b/lib/libcrypto/rsa/Makefile
index 8f1c611800c..7b1fd6428c9 100644
--- a/lib/libcrypto/rsa/Makefile
+++ b/lib/libcrypto/rsa/Makefile
@@ -19,10 +19,10 @@ APPS=
LIB=$(TOP)/libcrypto.a
LIBSRC= rsa_eay.c rsa_gen.c rsa_lib.c rsa_sign.c rsa_saos.c rsa_err.c \
rsa_pk1.c rsa_ssl.c rsa_none.c rsa_oaep.c rsa_chk.c rsa_null.c \
- rsa_pss.c rsa_x931.c rsa_asn1.c rsa_depr.c
+ rsa_pss.c rsa_x931.c rsa_x931g.c rsa_asn1.c rsa_depr.c rsa_eng.c
LIBOBJ= rsa_eay.o rsa_gen.o rsa_lib.o rsa_sign.o rsa_saos.o rsa_err.o \
rsa_pk1.o rsa_ssl.o rsa_none.o rsa_oaep.o rsa_chk.o rsa_null.o \
- rsa_pss.o rsa_x931.o rsa_asn1.o rsa_depr.o
+ rsa_pss.o rsa_x931.o rsa_x931g.o rsa_asn1.o rsa_depr.o rsa_eng.o
SRC= $(LIBSRC)
@@ -37,7 +37,7 @@ top:
all: lib
lib: $(LIBOBJ)
- $(AR) $(LIB) $(LIBOBJ)
+ $(ARX) $(LIB) $(LIBOBJ)
$(RANLIB) $(LIB) || echo Never mind.
@touch lib
@@ -114,6 +114,21 @@ rsa_eay.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
rsa_eay.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h
rsa_eay.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
rsa_eay.o: ../../include/openssl/symhacks.h ../cryptlib.h rsa_eay.c
+rsa_eng.o: ../../e_os.h ../../include/openssl/asn1.h
+rsa_eng.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+rsa_eng.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+rsa_eng.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+rsa_eng.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+rsa_eng.o: ../../include/openssl/engine.h ../../include/openssl/err.h
+rsa_eng.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+rsa_eng.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+rsa_eng.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+rsa_eng.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+rsa_eng.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
+rsa_eng.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+rsa_eng.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+rsa_eng.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+rsa_eng.o: ../../include/openssl/x509_vfy.h ../cryptlib.h rsa_eng.c
rsa_err.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
rsa_err.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
rsa_err.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
@@ -136,15 +151,15 @@ rsa_lib.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
rsa_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
rsa_lib.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
rsa_lib.o: ../../include/openssl/engine.h ../../include/openssl/err.h
-rsa_lib.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-rsa_lib.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-rsa_lib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-rsa_lib.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
-rsa_lib.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h
-rsa_lib.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-rsa_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-rsa_lib.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-rsa_lib.o: ../cryptlib.h rsa_lib.c
+rsa_lib.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+rsa_lib.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+rsa_lib.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+rsa_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+rsa_lib.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
+rsa_lib.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+rsa_lib.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+rsa_lib.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+rsa_lib.o: ../../include/openssl/x509_vfy.h ../cryptlib.h rsa_lib.c
rsa_none.o: ../../e_os.h ../../include/openssl/asn1.h
rsa_none.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
rsa_none.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
@@ -167,9 +182,9 @@ rsa_oaep.o: ../../e_os.h ../../include/openssl/asn1.h
rsa_oaep.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
rsa_oaep.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
rsa_oaep.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-rsa_oaep.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-rsa_oaep.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-rsa_oaep.o: ../../include/openssl/opensslconf.h
+rsa_oaep.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+rsa_oaep.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+rsa_oaep.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
rsa_oaep.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
rsa_oaep.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h
rsa_oaep.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
@@ -188,21 +203,23 @@ rsa_pss.o: ../../e_os.h ../../include/openssl/asn1.h
rsa_pss.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
rsa_pss.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
rsa_pss.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-rsa_pss.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-rsa_pss.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-rsa_pss.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-rsa_pss.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h
-rsa_pss.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-rsa_pss.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-rsa_pss.o: ../../include/openssl/symhacks.h ../cryptlib.h rsa_pss.c
+rsa_pss.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+rsa_pss.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+rsa_pss.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+rsa_pss.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+rsa_pss.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h
+rsa_pss.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+rsa_pss.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+rsa_pss.o: ../cryptlib.h rsa_pss.c
rsa_saos.o: ../../e_os.h ../../include/openssl/asn1.h
rsa_saos.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
rsa_saos.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
rsa_saos.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
rsa_saos.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
rsa_saos.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-rsa_saos.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-rsa_saos.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+rsa_saos.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+rsa_saos.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+rsa_saos.o: ../../include/openssl/opensslconf.h
rsa_saos.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
rsa_saos.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h
rsa_saos.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
@@ -215,8 +232,9 @@ rsa_sign.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
rsa_sign.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
rsa_sign.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
rsa_sign.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-rsa_sign.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-rsa_sign.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+rsa_sign.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+rsa_sign.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+rsa_sign.o: ../../include/openssl/opensslconf.h
rsa_sign.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
rsa_sign.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h
rsa_sign.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
@@ -242,3 +260,11 @@ rsa_x931.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
rsa_x931.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h
rsa_x931.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
rsa_x931.o: ../../include/openssl/symhacks.h ../cryptlib.h rsa_x931.c
+rsa_x931g.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+rsa_x931g.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h
+rsa_x931g.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+rsa_x931g.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+rsa_x931g.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+rsa_x931g.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+rsa_x931g.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+rsa_x931g.o: rsa_x931g.c
diff --git a/lib/libcrypto/rsa/rsa.h b/lib/libcrypto/rsa/rsa.h
index 3699afaaaf9..5bb932ae15f 100644
--- a/lib/libcrypto/rsa/rsa.h
+++ b/lib/libcrypto/rsa/rsa.h
@@ -74,6 +74,25 @@
#error RSA is disabled.
#endif
+/* If this flag is set the RSA method is FIPS compliant and can be used
+ * in FIPS mode. This is set in the validated module method. If an
+ * application sets this flag in its own methods it is its reposibility
+ * to ensure the result is compliant.
+ */
+
+#define RSA_FLAG_FIPS_METHOD 0x0400
+
+/* If this flag is set the operations normally disabled in FIPS mode are
+ * permitted it is then the applications responsibility to ensure that the
+ * usage is compliant.
+ */
+
+#define RSA_FLAG_NON_FIPS_ALLOW 0x0400
+
+#ifdef OPENSSL_FIPS
+#define FIPS_RSA_SIZE_T int
+#endif
+
#ifdef __cplusplus
extern "C" {
#endif
@@ -163,6 +182,8 @@ struct rsa_st
# define OPENSSL_RSA_MAX_MODULUS_BITS 16384
#endif
+#define OPENSSL_RSA_FIPS_MIN_MODULUS_BITS 1024
+
#ifndef OPENSSL_RSA_SMALL_MODULUS_BITS
# define OPENSSL_RSA_SMALL_MODULUS_BITS 3072
#endif
@@ -240,6 +261,11 @@ RSA * RSA_generate_key(int bits, unsigned long e,void
/* New version */
int RSA_generate_key_ex(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb);
+int RSA_X931_derive_ex(RSA *rsa, BIGNUM *p1, BIGNUM *p2, BIGNUM *q1, BIGNUM *q2,
+ const BIGNUM *Xp1, const BIGNUM *Xp2, const BIGNUM *Xp,
+ const BIGNUM *Xq1, const BIGNUM *Xq2, const BIGNUM *Xq,
+ const BIGNUM *e, BN_GENCB *cb);
+int RSA_X931_generate_key_ex(RSA *rsa, int bits, const BIGNUM *e, BN_GENCB *cb);
int RSA_check_key(const RSA *);
/* next 4 return -1 on error */
@@ -257,6 +283,11 @@ int RSA_up_ref(RSA *r);
int RSA_flags(const RSA *r);
+#ifdef OPENSSL_FIPS
+RSA *FIPS_rsa_new(void);
+void FIPS_rsa_free(RSA *r);
+#endif
+
void RSA_set_default_method(const RSA_METHOD *meth);
const RSA_METHOD *RSA_get_default_method(void);
const RSA_METHOD *RSA_get_method(const RSA *rsa);
@@ -370,6 +401,8 @@ void ERR_load_RSA_strings(void);
/* Error codes for the RSA functions. */
/* Function codes. */
+#define RSA_F_FIPS_RSA_SIGN 140
+#define RSA_F_FIPS_RSA_VERIFY 141
#define RSA_F_MEMORY_LOCK 100
#define RSA_F_RSA_BUILTIN_KEYGEN 129
#define RSA_F_RSA_CHECK_KEY 123
@@ -401,7 +434,11 @@ void ERR_load_RSA_strings(void);
#define RSA_F_RSA_PADDING_CHECK_X931 128
#define RSA_F_RSA_PRINT 115
#define RSA_F_RSA_PRINT_FP 116
+#define RSA_F_RSA_PRIVATE_ENCRYPT 137
+#define RSA_F_RSA_PUBLIC_DECRYPT 138
#define RSA_F_RSA_SETUP_BLINDING 136
+#define RSA_F_RSA_SET_DEFAULT_METHOD 139
+#define RSA_F_RSA_SET_METHOD 142
#define RSA_F_RSA_SIGN 117
#define RSA_F_RSA_SIGN_ASN1_OCTET_STRING 118
#define RSA_F_RSA_VERIFY 119
@@ -435,10 +472,12 @@ void ERR_load_RSA_strings(void);
#define RSA_R_KEY_SIZE_TOO_SMALL 120
#define RSA_R_LAST_OCTET_INVALID 134
#define RSA_R_MODULUS_TOO_LARGE 105
+#define RSA_R_NON_FIPS_METHOD 141
#define RSA_R_NO_PUBLIC_EXPONENT 140
#define RSA_R_NULL_BEFORE_BLOCK_MISSING 113
#define RSA_R_N_DOES_NOT_EQUAL_P_Q 127
#define RSA_R_OAEP_DECODING_ERROR 121
+#define RSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE 142
#define RSA_R_PADDING_CHECK_FAILED 114
#define RSA_R_P_NOT_PRIME 128
#define RSA_R_Q_NOT_PRIME 129
diff --git a/lib/libcrypto/rsa/rsa_asn1.c b/lib/libcrypto/rsa/rsa_asn1.c
index bbbf26d50ed..6e8a803e814 100644
--- a/lib/libcrypto/rsa/rsa_asn1.c
+++ b/lib/libcrypto/rsa/rsa_asn1.c
@@ -1,5 +1,5 @@
/* rsa_asn1.c */
-/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project 2000.
*/
/* ====================================================================
diff --git a/lib/libcrypto/rsa/rsa_eay.c b/lib/libcrypto/rsa/rsa_eay.c
index 5a6eda79617..04ec789ee9c 100644
--- a/lib/libcrypto/rsa/rsa_eay.c
+++ b/lib/libcrypto/rsa/rsa_eay.c
@@ -115,7 +115,7 @@
#include <openssl/rsa.h>
#include <openssl/rand.h>
-#ifndef RSA_NULL
+#if !defined(RSA_NULL) && !defined(OPENSSL_FIPS)
static int RSA_eay_public_encrypt(int flen, const unsigned char *from,
unsigned char *to, RSA *rsa,int padding);
diff --git a/lib/libcrypto/rsa/rsa_err.c b/lib/libcrypto/rsa/rsa_err.c
index fe3ba1b44bb..501f5ea3894 100644
--- a/lib/libcrypto/rsa/rsa_err.c
+++ b/lib/libcrypto/rsa/rsa_err.c
@@ -1,6 +1,6 @@
/* crypto/rsa/rsa_err.c */
/* ====================================================================
- * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved.
+ * Copyright (c) 1999-2007 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -70,6 +70,8 @@
static ERR_STRING_DATA RSA_str_functs[]=
{
+{ERR_FUNC(RSA_F_FIPS_RSA_SIGN), "FIPS_RSA_SIGN"},
+{ERR_FUNC(RSA_F_FIPS_RSA_VERIFY), "FIPS_RSA_VERIFY"},
{ERR_FUNC(RSA_F_MEMORY_LOCK), "MEMORY_LOCK"},
{ERR_FUNC(RSA_F_RSA_BUILTIN_KEYGEN), "RSA_BUILTIN_KEYGEN"},
{ERR_FUNC(RSA_F_RSA_CHECK_KEY), "RSA_check_key"},
@@ -101,7 +103,11 @@ static ERR_STRING_DATA RSA_str_functs[]=
{ERR_FUNC(RSA_F_RSA_PADDING_CHECK_X931), "RSA_padding_check_X931"},
{ERR_FUNC(RSA_F_RSA_PRINT), "RSA_print"},
{ERR_FUNC(RSA_F_RSA_PRINT_FP), "RSA_print_fp"},
+{ERR_FUNC(RSA_F_RSA_PRIVATE_ENCRYPT), "RSA_private_encrypt"},
+{ERR_FUNC(RSA_F_RSA_PUBLIC_DECRYPT), "RSA_public_decrypt"},
{ERR_FUNC(RSA_F_RSA_SETUP_BLINDING), "RSA_setup_blinding"},
+{ERR_FUNC(RSA_F_RSA_SET_DEFAULT_METHOD), "RSA_set_default_method"},
+{ERR_FUNC(RSA_F_RSA_SET_METHOD), "RSA_set_method"},
{ERR_FUNC(RSA_F_RSA_SIGN), "RSA_sign"},
{ERR_FUNC(RSA_F_RSA_SIGN_ASN1_OCTET_STRING), "RSA_sign_ASN1_OCTET_STRING"},
{ERR_FUNC(RSA_F_RSA_VERIFY), "RSA_verify"},
@@ -138,10 +144,12 @@ static ERR_STRING_DATA RSA_str_reasons[]=
{ERR_REASON(RSA_R_KEY_SIZE_TOO_SMALL) ,"key size too small"},
{ERR_REASON(RSA_R_LAST_OCTET_INVALID) ,"last octet invalid"},
{ERR_REASON(RSA_R_MODULUS_TOO_LARGE) ,"modulus too large"},
+{ERR_REASON(RSA_R_NON_FIPS_METHOD) ,"non fips method"},
{ERR_REASON(RSA_R_NO_PUBLIC_EXPONENT) ,"no public exponent"},
{ERR_REASON(RSA_R_NULL_BEFORE_BLOCK_MISSING),"null before block missing"},
{ERR_REASON(RSA_R_N_DOES_NOT_EQUAL_P_Q) ,"n does not equal p q"},
{ERR_REASON(RSA_R_OAEP_DECODING_ERROR) ,"oaep decoding error"},
+{ERR_REASON(RSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE),"operation not allowed in fips mode"},
{ERR_REASON(RSA_R_PADDING_CHECK_FAILED) ,"padding check failed"},
{ERR_REASON(RSA_R_P_NOT_PRIME) ,"p not prime"},
{ERR_REASON(RSA_R_Q_NOT_PRIME) ,"q not prime"},
diff --git a/lib/libcrypto/rsa/rsa_gen.c b/lib/libcrypto/rsa/rsa_gen.c
index 767f7ab682a..41278f83c68 100644
--- a/lib/libcrypto/rsa/rsa_gen.c
+++ b/lib/libcrypto/rsa/rsa_gen.c
@@ -68,6 +68,8 @@
#include <openssl/bn.h>
#include <openssl/rsa.h>
+#ifndef OPENSSL_FIPS
+
static int rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value, BN_GENCB *cb);
/* NB: this wrapper would normally be placed in rsa_lib.c and the static
@@ -217,3 +219,4 @@ err:
return ok;
}
+#endif
diff --git a/lib/libcrypto/rsa/rsa_lib.c b/lib/libcrypto/rsa/rsa_lib.c
index 104aa4c1f2d..5714841f4ca 100644
--- a/lib/libcrypto/rsa/rsa_lib.c
+++ b/lib/libcrypto/rsa/rsa_lib.c
@@ -67,215 +67,6 @@
#include <openssl/engine.h>
#endif
-const char RSA_version[]="RSA" OPENSSL_VERSION_PTEXT;
-
-static const RSA_METHOD *default_RSA_meth=NULL;
-
-RSA *RSA_new(void)
- {
- RSA *r=RSA_new_method(NULL);
-
- return r;
- }
-
-void RSA_set_default_method(const RSA_METHOD *meth)
- {
- default_RSA_meth = meth;
- }
-
-const RSA_METHOD *RSA_get_default_method(void)
- {
- if (default_RSA_meth == NULL)
- {
-#ifdef RSA_NULL
- default_RSA_meth=RSA_null_method();
-#else
-#if 0 /* was: #ifdef RSAref */
- default_RSA_meth=RSA_PKCS1_RSAref();
-#else
- default_RSA_meth=RSA_PKCS1_SSLeay();
-#endif
-#endif
- }
-
- return default_RSA_meth;
- }
-
-const RSA_METHOD *RSA_get_method(const RSA *rsa)
- {
- return rsa->meth;
- }
-
-int RSA_set_method(RSA *rsa, const RSA_METHOD *meth)
- {
- /* NB: The caller is specifically setting a method, so it's not up to us
- * to deal with which ENGINE it comes from. */
- const RSA_METHOD *mtmp;
- mtmp = rsa->meth;
- if (mtmp->finish) mtmp->finish(rsa);
-#ifndef OPENSSL_NO_ENGINE
- if (rsa->engine)
- {
- ENGINE_finish(rsa->engine);
- rsa->engine = NULL;
- }
-#endif
- rsa->meth = meth;
- if (meth->init) meth->init(rsa);
- return 1;
- }
-
-RSA *RSA_new_method(ENGINE *engine)
- {
- RSA *ret;
-
- ret=(RSA *)OPENSSL_malloc(sizeof(RSA));
- if (ret == NULL)
- {
- RSAerr(RSA_F_RSA_NEW_METHOD,ERR_R_MALLOC_FAILURE);
- return NULL;
- }
-
- ret->meth = RSA_get_default_method();
-#ifndef OPENSSL_NO_ENGINE
- if (engine)
- {
- if (!ENGINE_init(engine))
- {
- RSAerr(RSA_F_RSA_NEW_METHOD, ERR_R_ENGINE_LIB);
- OPENSSL_free(ret);
- return NULL;
- }
- ret->engine = engine;
- }
- else
- ret->engine = ENGINE_get_default_RSA();
- if(ret->engine)
- {
- ret->meth = ENGINE_get_RSA(ret->engine);
- if(!ret->meth)
- {
- RSAerr(RSA_F_RSA_NEW_METHOD,
- ERR_R_ENGINE_LIB);
- ENGINE_finish(ret->engine);
- OPENSSL_free(ret);
- return NULL;
- }
- }
-#endif
-
- ret->pad=0;
- ret->version=0;
- ret->n=NULL;
- ret->e=NULL;
- ret->d=NULL;
- ret->p=NULL;
- ret->q=NULL;
- ret->dmp1=NULL;
- ret->dmq1=NULL;
- ret->iqmp=NULL;
- ret->references=1;
- ret->_method_mod_n=NULL;
- ret->_method_mod_p=NULL;
- ret->_method_mod_q=NULL;
- ret->blinding=NULL;
- ret->mt_blinding=NULL;
- ret->bignum_data=NULL;
- ret->flags=ret->meth->flags;
- CRYPTO_new_ex_data(CRYPTO_EX_INDEX_RSA, ret, &ret->ex_data);
- if ((ret->meth->init != NULL) && !ret->meth->init(ret))
- {
-#ifndef OPENSSL_NO_ENGINE
- if (ret->engine)
- ENGINE_finish(ret->engine);
-#endif
- CRYPTO_free_ex_data(CRYPTO_EX_INDEX_RSA, ret, &ret->ex_data);
- OPENSSL_free(ret);
- ret=NULL;
- }
- return(ret);
- }
-
-void RSA_free(RSA *r)
- {
- int i;
-
- if (r == NULL) return;
-
- i=CRYPTO_add(&r->references,-1,CRYPTO_LOCK_RSA);
-#ifdef REF_PRINT
- REF_PRINT("RSA",r);
-#endif
- if (i > 0) return;
-#ifdef REF_CHECK
- if (i < 0)
- {
- fprintf(stderr,"RSA_free, bad reference count\n");
- abort();
- }
-#endif
-
- if (r->meth->finish)
- r->meth->finish(r);
-#ifndef OPENSSL_NO_ENGINE
- if (r->engine)
- ENGINE_finish(r->engine);
-#endif
-
- CRYPTO_free_ex_data(CRYPTO_EX_INDEX_RSA, r, &r->ex_data);
-
- if (r->n != NULL) BN_clear_free(r->n);
- if (r->e != NULL) BN_clear_free(r->e);
- if (r->d != NULL) BN_clear_free(r->d);
- if (r->p != NULL) BN_clear_free(r->p);
- if (r->q != NULL) BN_clear_free(r->q);
- if (r->dmp1 != NULL) BN_clear_free(r->dmp1);
- if (r->dmq1 != NULL) BN_clear_free(r->dmq1);
- if (r->iqmp != NULL) BN_clear_free(r->iqmp);
- if (r->blinding != NULL) BN_BLINDING_free(r->blinding);
- if (r->mt_blinding != NULL) BN_BLINDING_free(r->mt_blinding);
- if (r->bignum_data != NULL) OPENSSL_free_locked(r->bignum_data);
- OPENSSL_free(r);
- }
-
-int RSA_up_ref(RSA *r)
- {
- int i = CRYPTO_add(&r->references, 1, CRYPTO_LOCK_RSA);
-#ifdef REF_PRINT
- REF_PRINT("RSA",r);
-#endif
-#ifdef REF_CHECK
- if (i < 2)
- {
- fprintf(stderr, "RSA_up_ref, bad reference count\n");
- abort();
- }
-#endif
- return ((i > 1) ? 1 : 0);
- }
-
-int RSA_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
- CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func)
- {
- return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_RSA, argl, argp,
- new_func, dup_func, free_func);
- }
-
-int RSA_set_ex_data(RSA *r, int idx, void *arg)
- {
- return(CRYPTO_set_ex_data(&r->ex_data,idx,arg));
- }
-
-void *RSA_get_ex_data(const RSA *r, int idx)
- {
- return(CRYPTO_get_ex_data(&r->ex_data,idx));
- }
-
-int RSA_size(const RSA *r)
- {
- return(BN_num_bytes(r->n));
- }
-
int RSA_public_encrypt(int flen, const unsigned char *from, unsigned char *to,
RSA *rsa, int padding)
{
@@ -285,6 +76,13 @@ int RSA_public_encrypt(int flen, const unsigned char *from, unsigned char *to,
int RSA_private_encrypt(int flen, const unsigned char *from, unsigned char *to,
RSA *rsa, int padding)
{
+#ifdef OPENSSL_FIPS
+ if(FIPS_mode() && !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW))
+ {
+ RSAerr(RSA_F_RSA_PRIVATE_ENCRYPT, RSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE);
+ return 0;
+ }
+#endif
return(rsa->meth->rsa_priv_enc(flen, from, to, rsa, padding));
}
@@ -297,12 +95,19 @@ int RSA_private_decrypt(int flen, const unsigned char *from, unsigned char *to,
int RSA_public_decrypt(int flen, const unsigned char *from, unsigned char *to,
RSA *rsa, int padding)
{
+#ifdef OPENSSL_FIPS
+ if(FIPS_mode() && !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW))
+ {
+ RSAerr(RSA_F_RSA_PUBLIC_DECRYPT, RSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE);
+ return 0;
+ }
+#endif
return(rsa->meth->rsa_pub_dec(flen, from, to, rsa, padding));
}
-int RSA_flags(const RSA *r)
+int RSA_size(const RSA *r)
{
- return((r == NULL)?0:r->meth->flags);
+ return(BN_num_bytes(r->n));
}
void RSA_blinding_off(RSA *rsa)
@@ -427,48 +232,3 @@ err:
return ret;
}
-
-int RSA_memory_lock(RSA *r)
- {
- int i,j,k,off;
- char *p;
- BIGNUM *bn,**t[6],*b;
- BN_ULONG *ul;
-
- if (r->d == NULL) return(1);
- t[0]= &r->d;
- t[1]= &r->p;
- t[2]= &r->q;
- t[3]= &r->dmp1;
- t[4]= &r->dmq1;
- t[5]= &r->iqmp;
- k=sizeof(BIGNUM)*6;
- off=k/sizeof(BN_ULONG)+1;
- j=1;
- for (i=0; i<6; i++)
- j+= (*t[i])->top;
- if ((p=OPENSSL_malloc_locked((off+j)*sizeof(BN_ULONG))) == NULL)
- {
- RSAerr(RSA_F_RSA_MEMORY_LOCK,ERR_R_MALLOC_FAILURE);
- return(0);
- }
- bn=(BIGNUM *)p;
- ul=(BN_ULONG *)&(p[off]);
- for (i=0; i<6; i++)
- {
- b= *(t[i]);
- *(t[i])= &(bn[i]);
- memcpy((char *)&(bn[i]),(char *)b,sizeof(BIGNUM));
- bn[i].flags=BN_FLG_STATIC_DATA;
- bn[i].d=ul;
- memcpy((char *)ul,b->d,sizeof(BN_ULONG)*b->top);
- ul+=b->top;
- BN_clear_free(b);
- }
-
- /* I should fix this so it can still be done */
- r->flags&= ~(RSA_FLAG_CACHE_PRIVATE|RSA_FLAG_CACHE_PUBLIC);
-
- r->bignum_data=p;
- return(1);
- }
diff --git a/lib/libcrypto/rsa/rsa_null.c b/lib/libcrypto/rsa/rsa_null.c
index 491572c82bd..2f2202f142f 100644
--- a/lib/libcrypto/rsa/rsa_null.c
+++ b/lib/libcrypto/rsa/rsa_null.c
@@ -1,5 +1,5 @@
/* rsa_null.c */
-/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project 1999.
*/
/* ====================================================================
diff --git a/lib/libcrypto/rsa/rsa_oaep.c b/lib/libcrypto/rsa/rsa_oaep.c
index 3652677a998..4d30c9d2d35 100644
--- a/lib/libcrypto/rsa/rsa_oaep.c
+++ b/lib/libcrypto/rsa/rsa_oaep.c
@@ -187,7 +187,7 @@ int PKCS1_MGF1(unsigned char *mask, long len,
int mdlen;
EVP_MD_CTX_init(&c);
- mdlen = EVP_MD_size(dgst);
+ mdlen = M_EVP_MD_size(dgst);
for (i = 0; outlen < len; i++)
{
cnt[0] = (unsigned char)((i >> 24) & 255);
diff --git a/lib/libcrypto/rsa/rsa_sign.c b/lib/libcrypto/rsa/rsa_sign.c
index 71aabeea1bd..5488c06f6d8 100644
--- a/lib/libcrypto/rsa/rsa_sign.c
+++ b/lib/libcrypto/rsa/rsa_sign.c
@@ -90,6 +90,14 @@ int RSA_sign(int type, const unsigned char *m, unsigned int m_len,
i = SSL_SIG_LENGTH;
s = m;
} else {
+ /* NB: in FIPS mode block anything that isn't a TLS signature */
+#ifdef OPENSSL_FIPS
+ if(FIPS_mode() && !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW))
+ {
+ RSAerr(RSA_F_RSA_SIGN, RSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE);
+ return 0;
+ }
+#endif
sig.algor= &algor;
sig.algor->algorithm=OBJ_nid2obj(type);
if (sig.algor->algorithm == NULL)
@@ -167,10 +175,22 @@ int RSA_verify(int dtype, const unsigned char *m, unsigned int m_len,
RSAerr(RSA_F_RSA_VERIFY,ERR_R_MALLOC_FAILURE);
goto err;
}
- if((dtype == NID_md5_sha1) && (m_len != SSL_SIG_LENGTH) ) {
+ if(dtype == NID_md5_sha1)
+ {
+ if (m_len != SSL_SIG_LENGTH)
+ {
RSAerr(RSA_F_RSA_VERIFY,RSA_R_INVALID_MESSAGE_LENGTH);
goto err;
- }
+ }
+ }
+ /* NB: in FIPS mode block anything that isn't a TLS signature */
+#ifdef OPENSSL_FIPS
+ else if(FIPS_mode() && !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW))
+ {
+ RSAerr(RSA_F_RSA_VERIFY, RSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE);
+ return 0;
+ }
+#endif
i=RSA_public_decrypt((int)siglen,sigbuf,s,rsa,RSA_PKCS1_PADDING);
if (i <= 0) goto err;
diff --git a/lib/libcrypto/sha/sha.h b/lib/libcrypto/sha/sha.h
index eed44d7f946..47a2c29f662 100644
--- a/lib/libcrypto/sha/sha.h
+++ b/lib/libcrypto/sha/sha.h
@@ -106,6 +106,9 @@ typedef struct SHAstate_st
} SHA_CTX;
#ifndef OPENSSL_NO_SHA0
+#ifdef OPENSSL_FIPS
+int private_SHA_Init(SHA_CTX *c);
+#endif
int SHA_Init(SHA_CTX *c);
int SHA_Update(SHA_CTX *c, const void *data, size_t len);
int SHA_Final(unsigned char *md, SHA_CTX *c);
diff --git a/lib/libcrypto/sha/sha1_one.c b/lib/libcrypto/sha/sha1_one.c
index 7c65b60276c..4831174198e 100644
--- a/lib/libcrypto/sha/sha1_one.c
+++ b/lib/libcrypto/sha/sha1_one.c
@@ -61,7 +61,7 @@
#include <openssl/sha.h>
#include <openssl/crypto.h>
-#ifndef OPENSSL_NO_SHA1
+#if !defined(OPENSSL_NO_SHA1)
unsigned char *SHA1(const unsigned char *d, size_t n, unsigned char *md)
{
SHA_CTX c;
diff --git a/lib/libcrypto/sha/sha1dgst.c b/lib/libcrypto/sha/sha1dgst.c
index 50d1925cdeb..d31f0781a06 100644
--- a/lib/libcrypto/sha/sha1dgst.c
+++ b/lib/libcrypto/sha/sha1dgst.c
@@ -63,6 +63,10 @@
#define SHA_1
#include <openssl/opensslv.h>
+#ifdef OPENSSL_FIPS
+#include <openssl/fips.h>
+#endif
+
const char SHA1_version[]="SHA1" OPENSSL_VERSION_PTEXT;
diff --git a/lib/libcrypto/sha/sha_dgst.c b/lib/libcrypto/sha/sha_dgst.c
index 70eb56032c3..598f4d721af 100644
--- a/lib/libcrypto/sha/sha_dgst.c
+++ b/lib/libcrypto/sha/sha_dgst.c
@@ -57,6 +57,12 @@
*/
#include <openssl/opensslconf.h>
+#include <openssl/crypto.h>
+#ifdef OPENSSL_FIPS
+#include <openssl/fips.h>
+#endif
+
+#include <openssl/err.h>
#if !defined(OPENSSL_NO_SHA0) && !defined(OPENSSL_NO_SHA)
#undef SHA_1
diff --git a/lib/libcrypto/sha/sha_locl.h b/lib/libcrypto/sha/sha_locl.h
index e37e5726e33..da46ddfe794 100644
--- a/lib/libcrypto/sha/sha_locl.h
+++ b/lib/libcrypto/sha/sha_locl.h
@@ -122,8 +122,15 @@ void sha1_block_data_order (SHA_CTX *c, const void *p,size_t num);
#define INIT_DATA_h3 0x10325476UL
#define INIT_DATA_h4 0xc3d2e1f0UL
+#if defined(SHA_0) && defined(OPENSSL_FIPS)
+FIPS_NON_FIPS_MD_Init(SHA)
+#else
int HASH_INIT (SHA_CTX *c)
+#endif
{
+#if defined(SHA_1) && defined(OPENSSL_FIPS)
+ FIPS_selftest_check();
+#endif
c->h0=INIT_DATA_h0;
c->h1=INIT_DATA_h1;
c->h2=INIT_DATA_h2;
diff --git a/lib/libcrypto/symhacks.h b/lib/libcrypto/symhacks.h
index 64528ad5c2e..6cfb5fe4794 100644
--- a/lib/libcrypto/symhacks.h
+++ b/lib/libcrypto/symhacks.h
@@ -179,6 +179,11 @@
#define ENGINE_set_load_privkey_function ENGINE_set_load_privkey_fn
#undef ENGINE_get_load_privkey_function
#define ENGINE_get_load_privkey_function ENGINE_get_load_privkey_fn
+#undef ENGINE_set_load_ssl_client_cert_function
+#define ENGINE_set_load_ssl_client_cert_function \
+ ENGINE_set_ld_ssl_clnt_cert_fn
+#undef ENGINE_get_ssl_client_cert_function
+#define ENGINE_get_ssl_client_cert_function ENGINE_get_ssl_client_cert_fn
/* Hack some long OCSP names */
#undef OCSP_REQUEST_get_ext_by_critical
diff --git a/lib/libcrypto/ui/ui_openssl.c b/lib/libcrypto/ui/ui_openssl.c
index 8446673ed4b..5fbedf6ff8c 100644
--- a/lib/libcrypto/ui/ui_openssl.c
+++ b/lib/libcrypto/ui/ui_openssl.c
@@ -678,6 +678,8 @@ static int noecho_fgets(char *buf, int size, FILE *tty)
size--;
#ifdef WIN16TTY
i=_inchar();
+#elif defined(_WIN32)
+ i=_getch();
#else
i=getch();
#endif
diff --git a/lib/libcrypto/util/libeay.num b/lib/libcrypto/util/libeay.num
index 62664f3c374..0eb54ddc891 100644
--- a/lib/libcrypto/util/libeay.num
+++ b/lib/libcrypto/util/libeay.num
@@ -2804,12 +2804,12 @@ OPENSSL_cleanse 3245 EXIST::FUNCTION:
ENGINE_setup_bsd_cryptodev 3246 EXIST:__FreeBSD__:FUNCTION:ENGINE
ERR_release_err_state_table 3247 EXIST::FUNCTION:LHASH
EVP_aes_128_cfb8 3248 EXIST::FUNCTION:AES
-FIPS_corrupt_rsa 3249 NOEXIST::FUNCTION:
-FIPS_selftest_des 3250 NOEXIST::FUNCTION:
+FIPS_corrupt_rsa 3249 EXIST:OPENSSL_FIPS:FUNCTION:
+FIPS_selftest_des 3250 EXIST:OPENSSL_FIPS:FUNCTION:
EVP_aes_128_cfb1 3251 EXIST::FUNCTION:AES
EVP_aes_192_cfb8 3252 EXIST::FUNCTION:AES
-FIPS_mode_set 3253 NOEXIST::FUNCTION:
-FIPS_selftest_dsa 3254 NOEXIST::FUNCTION:
+FIPS_mode_set 3253 EXIST:OPENSSL_FIPS:FUNCTION:
+FIPS_selftest_dsa 3254 EXIST:OPENSSL_FIPS:FUNCTION:
EVP_aes_256_cfb8 3255 EXIST::FUNCTION:AES
FIPS_allow_md5 3256 NOEXIST::FUNCTION:
DES_ede3_cfb_encrypt 3257 EXIST::FUNCTION:DES
@@ -2817,44 +2817,44 @@ EVP_des_ede3_cfb8 3258 EXIST::FUNCTION:DES
FIPS_rand_seeded 3259 NOEXIST::FUNCTION:
AES_cfbr_encrypt_block 3260 EXIST::FUNCTION:AES
AES_cfb8_encrypt 3261 EXIST::FUNCTION:AES
-FIPS_rand_seed 3262 NOEXIST::FUNCTION:
-FIPS_corrupt_des 3263 NOEXIST::FUNCTION:
+FIPS_rand_seed 3262 EXIST:OPENSSL_FIPS:FUNCTION:
+FIPS_corrupt_des 3263 EXIST:OPENSSL_FIPS:FUNCTION:
EVP_aes_192_cfb1 3264 EXIST::FUNCTION:AES
-FIPS_selftest_aes 3265 NOEXIST::FUNCTION:
+FIPS_selftest_aes 3265 EXIST:OPENSSL_FIPS:FUNCTION:
FIPS_set_prng_key 3266 NOEXIST::FUNCTION:
EVP_des_cfb8 3267 EXIST::FUNCTION:DES
-FIPS_corrupt_dsa 3268 NOEXIST::FUNCTION:
+FIPS_corrupt_dsa 3268 EXIST:OPENSSL_FIPS:FUNCTION:
FIPS_test_mode 3269 NOEXIST::FUNCTION:
-FIPS_rand_method 3270 NOEXIST::FUNCTION:
+FIPS_rand_method 3270 EXIST:OPENSSL_FIPS:FUNCTION:
EVP_aes_256_cfb1 3271 EXIST::FUNCTION:AES
-ERR_load_FIPS_strings 3272 NOEXIST::FUNCTION:
-FIPS_corrupt_aes 3273 NOEXIST::FUNCTION:
-FIPS_selftest_sha1 3274 NOEXIST::FUNCTION:
-FIPS_selftest_rsa 3275 NOEXIST::FUNCTION:
-FIPS_corrupt_sha1 3276 NOEXIST::FUNCTION:
+ERR_load_FIPS_strings 3272 EXIST:OPENSSL_FIPS:FUNCTION:
+FIPS_corrupt_aes 3273 EXIST:OPENSSL_FIPS:FUNCTION:
+FIPS_selftest_sha1 3274 EXIST:OPENSSL_FIPS:FUNCTION:
+FIPS_selftest_rsa 3275 EXIST:OPENSSL_FIPS:FUNCTION:
+FIPS_corrupt_sha1 3276 EXIST:OPENSSL_FIPS:FUNCTION:
EVP_des_cfb1 3277 EXIST::FUNCTION:DES
FIPS_dsa_check 3278 NOEXIST::FUNCTION:
AES_cfb1_encrypt 3279 EXIST::FUNCTION:AES
EVP_des_ede3_cfb1 3280 EXIST::FUNCTION:DES
-FIPS_rand_check 3281 NOEXIST::FUNCTION:
+FIPS_rand_check 3281 EXIST:OPENSSL_FIPS:FUNCTION:
FIPS_md5_allowed 3282 NOEXIST::FUNCTION:
-FIPS_mode 3283 NOEXIST::FUNCTION:
-FIPS_selftest_failed 3284 NOEXIST::FUNCTION:
+FIPS_mode 3283 EXIST:OPENSSL_FIPS:FUNCTION:
+FIPS_selftest_failed 3284 EXIST:OPENSSL_FIPS:FUNCTION:
sk_is_sorted 3285 EXIST::FUNCTION:
X509_check_ca 3286 EXIST::FUNCTION:
-private_idea_set_encrypt_key 3287 NOEXIST::FUNCTION:
+private_idea_set_encrypt_key 3287 EXIST:OPENSSL_FIPS:FUNCTION:IDEA
HMAC_CTX_set_flags 3288 EXIST::FUNCTION:HMAC
-private_SHA_Init 3289 NOEXIST::FUNCTION:
-private_CAST_set_key 3290 NOEXIST::FUNCTION:
-private_RIPEMD160_Init 3291 NOEXIST::FUNCTION:
-private_RC5_32_set_key 3292 NOEXIST::FUNCTION:
-private_MD5_Init 3293 NOEXIST::FUNCTION:
-private_RC4_set_key 3294 NOEXIST::FUNCTION:
-private_MDC2_Init 3295 NOEXIST::FUNCTION:
-private_RC2_set_key 3296 NOEXIST::FUNCTION:
-private_MD4_Init 3297 NOEXIST::FUNCTION:
-private_BF_set_key 3298 NOEXIST::FUNCTION:
-private_MD2_Init 3299 NOEXIST::FUNCTION:
+private_SHA_Init 3289 EXIST:OPENSSL_FIPS:FUNCTION:SHA,SHA0
+private_CAST_set_key 3290 EXIST:OPENSSL_FIPS:FUNCTION:CAST
+private_RIPEMD160_Init 3291 EXIST:OPENSSL_FIPS:FUNCTION:RIPEMD
+private_RC5_32_set_key 3292 EXIST:OPENSSL_FIPS:FUNCTION:RC5
+private_MD5_Init 3293 EXIST:OPENSSL_FIPS:FUNCTION:MD5
+private_RC4_set_key 3294 EXIST:OPENSSL_FIPS:FUNCTION:RC4
+private_MDC2_Init 3295 EXIST:OPENSSL_FIPS:FUNCTION:MDC2
+private_RC2_set_key 3296 EXIST:OPENSSL_FIPS:FUNCTION:RC2
+private_MD4_Init 3297 EXIST:OPENSSL_FIPS:FUNCTION:MD4
+private_BF_set_key 3298 EXIST:OPENSSL_FIPS:FUNCTION:BF
+private_MD2_Init 3299 EXIST:OPENSSL_FIPS:FUNCTION:MD2
d2i_PROXY_CERT_INFO_EXTENSION 3300 EXIST::FUNCTION:
PROXY_POLICY_it 3301 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
PROXY_POLICY_it 3301 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
@@ -2868,13 +2868,13 @@ PROXY_CERT_INFO_EXTENSION_it 3307 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTI
PROXY_POLICY_free 3308 EXIST::FUNCTION:
PROXY_POLICY_new 3309 EXIST::FUNCTION:
BN_MONT_CTX_set_locked 3310 EXIST::FUNCTION:
-FIPS_selftest_rng 3311 NOEXIST::FUNCTION:
+FIPS_selftest_rng 3311 EXIST:OPENSSL_FIPS:FUNCTION:
EVP_sha384 3312 EXIST::FUNCTION:SHA,SHA512
EVP_sha512 3313 EXIST::FUNCTION:SHA,SHA512
EVP_sha224 3314 EXIST::FUNCTION:SHA,SHA256
EVP_sha256 3315 EXIST::FUNCTION:SHA,SHA256
-FIPS_selftest_hmac 3316 NOEXIST::FUNCTION:
-FIPS_corrupt_rng 3317 NOEXIST::FUNCTION:
+FIPS_selftest_hmac 3316 EXIST:OPENSSL_FIPS:FUNCTION:
+FIPS_corrupt_rng 3317 EXIST:OPENSSL_FIPS:FUNCTION:
BN_mod_exp_mont_consttime 3318 EXIST::FUNCTION:
RSA_X931_hash_id 3319 EXIST::FUNCTION:RSA
RSA_padding_check_X931 3320 EXIST::FUNCTION:RSA
@@ -2882,7 +2882,7 @@ RSA_verify_PKCS1_PSS 3321 EXIST::FUNCTION:RSA
RSA_padding_add_X931 3322 EXIST::FUNCTION:RSA
RSA_padding_add_PKCS1_PSS 3323 EXIST::FUNCTION:RSA
PKCS1_MGF1 3324 EXIST::FUNCTION:RSA
-BN_X931_generate_Xpq 3325 NOEXIST::FUNCTION:
+BN_X931_generate_Xpq 3325 EXIST::FUNCTION:
RSA_X931_generate_key 3326 NOEXIST::FUNCTION:
BN_X931_derive_prime 3327 NOEXIST::FUNCTION:
BN_X931_generate_prime 3328 NOEXIST::FUNCTION:
@@ -3652,51 +3652,75 @@ CMS_set1_eContentType 4040 EXIST::FUNCTION:CMS
CMS_ReceiptRequest_create0 4041 EXIST::FUNCTION:CMS
CMS_add1_signer 4042 EXIST::FUNCTION:CMS
CMS_RecipientInfo_set0_pkey 4043 EXIST::FUNCTION:CMS
-ENGINE_set_load_ssl_client_cert_function 4044 EXIST::FUNCTION:ENGINE
-ENGINE_get_ssl_client_cert_function 4045 EXIST::FUNCTION:ENGINE
+ENGINE_set_load_ssl_client_cert_function 4044 EXIST:!VMS:FUNCTION:ENGINE
+ENGINE_set_ld_ssl_clnt_cert_fn 4044 EXIST:VMS:FUNCTION:ENGINE
+ENGINE_get_ssl_client_cert_function 4045 EXIST:!VMS:FUNCTION:ENGINE
+ENGINE_get_ssl_client_cert_fn 4045 EXIST:VMS:FUNCTION:ENGINE
ENGINE_load_ssl_client_cert 4046 EXIST::FUNCTION:ENGINE
ENGINE_load_capi 4047 EXIST::FUNCTION:CAPIENG,ENGINE
OPENSSL_isservice 4048 EXIST::FUNCTION:
-FIPS_dsa_sig_decode 4049 NOEXIST::FUNCTION:
-EVP_CIPHER_CTX_clear_flags 4050 NOEXIST::FUNCTION:
-FIPS_rand_status 4051 NOEXIST::FUNCTION:
-FIPS_rand_set_key 4052 NOEXIST::FUNCTION:
-CRYPTO_set_mem_info_functions 4053 NOEXIST::FUNCTION:
-RSA_X931_generate_key_ex 4054 NOEXIST::FUNCTION:
-int_ERR_set_state_func 4055 NOEXIST::FUNCTION:
-int_EVP_MD_set_engine_callbacks 4056 NOEXIST::FUNCTION:
-int_CRYPTO_set_do_dynlock_callback 4057 NOEXIST::FUNCTION:
-FIPS_rng_stick 4058 NOEXIST::FUNCTION:
-EVP_CIPHER_CTX_set_flags 4059 NOEXIST::FUNCTION:
-BN_X931_generate_prime_ex 4060 NOEXIST::FUNCTION:
-FIPS_selftest_check 4061 NOEXIST::FUNCTION:
-FIPS_rand_set_dt 4062 NOEXIST::FUNCTION:
-CRYPTO_dbg_pop_info 4063 NOEXIST::FUNCTION:
-FIPS_dsa_free 4064 NOEXIST::FUNCTION:
-RSA_X931_derive_ex 4065 NOEXIST::FUNCTION:
-FIPS_rsa_new 4066 NOEXIST::FUNCTION:
-FIPS_rand_bytes 4067 NOEXIST::FUNCTION:
-fips_cipher_test 4068 NOEXIST::FUNCTION:
-EVP_CIPHER_CTX_test_flags 4069 NOEXIST::FUNCTION:
-CRYPTO_malloc_debug_init 4070 NOEXIST::FUNCTION:
-CRYPTO_dbg_push_info 4071 NOEXIST::FUNCTION:
-FIPS_corrupt_rsa_keygen 4072 NOEXIST::FUNCTION:
-FIPS_dh_new 4073 NOEXIST::FUNCTION:
-FIPS_corrupt_dsa_keygen 4074 NOEXIST::FUNCTION:
-FIPS_dh_free 4075 NOEXIST::FUNCTION:
-fips_pkey_signature_test 4076 NOEXIST::FUNCTION:
-EVP_add_alg_module 4077 NOEXIST::FUNCTION:
-int_RAND_init_engine_callbacks 4078 NOEXIST::FUNCTION:
-int_EVP_CIPHER_set_engine_callbacks 4079 NOEXIST::FUNCTION:
-int_EVP_MD_init_engine_callbacks 4080 NOEXIST::FUNCTION:
-FIPS_rand_test_mode 4081 NOEXIST::FUNCTION:
-FIPS_rand_reset 4082 NOEXIST::FUNCTION:
-FIPS_dsa_new 4083 NOEXIST::FUNCTION:
-int_RAND_set_callbacks 4084 NOEXIST::FUNCTION:
-BN_X931_derive_prime_ex 4085 NOEXIST::FUNCTION:
-int_ERR_lib_init 4086 NOEXIST::FUNCTION:
-int_EVP_CIPHER_init_engine_callbacks 4087 NOEXIST::FUNCTION:
-FIPS_rsa_free 4088 NOEXIST::FUNCTION:
-FIPS_dsa_sig_encode 4089 NOEXIST::FUNCTION:
-CRYPTO_dbg_remove_all_info 4090 NOEXIST::FUNCTION:
-OPENSSL_init 4091 NOEXIST::FUNCTION:
+FIPS_dsa_sig_decode 4049 EXIST:OPENSSL_FIPS:FUNCTION:DSA
+EVP_CIPHER_CTX_clear_flags 4050 EXIST::FUNCTION:
+FIPS_rand_status 4051 EXIST:OPENSSL_FIPS:FUNCTION:
+FIPS_rand_set_key 4052 EXIST:OPENSSL_FIPS:FUNCTION:
+CRYPTO_set_mem_info_functions 4053 EXIST::FUNCTION:
+RSA_X931_generate_key_ex 4054 EXIST::FUNCTION:RSA
+int_ERR_set_state_func 4055 EXIST:OPENSSL_FIPS:FUNCTION:
+int_EVP_MD_set_engine_callbacks 4056 EXIST:OPENSSL_FIPS:FUNCTION:ENGINE
+int_CRYPTO_set_do_dynlock_callback 4057 EXIST::FUNCTION:
+FIPS_rng_stick 4058 EXIST:OPENSSL_FIPS:FUNCTION:
+EVP_CIPHER_CTX_set_flags 4059 EXIST::FUNCTION:
+BN_X931_generate_prime_ex 4060 EXIST::FUNCTION:
+FIPS_selftest_check 4061 EXIST:OPENSSL_FIPS:FUNCTION:
+FIPS_rand_set_dt 4062 EXIST:OPENSSL_FIPS:FUNCTION:
+CRYPTO_dbg_pop_info 4063 EXIST::FUNCTION:
+FIPS_dsa_free 4064 EXIST:OPENSSL_FIPS:FUNCTION:DSA
+RSA_X931_derive_ex 4065 EXIST::FUNCTION:RSA
+FIPS_rsa_new 4066 EXIST:OPENSSL_FIPS:FUNCTION:RSA
+FIPS_rand_bytes 4067 EXIST:OPENSSL_FIPS:FUNCTION:
+fips_cipher_test 4068 EXIST:OPENSSL_FIPS:FUNCTION:
+EVP_CIPHER_CTX_test_flags 4069 EXIST::FUNCTION:
+CRYPTO_malloc_debug_init 4070 EXIST::FUNCTION:
+CRYPTO_dbg_push_info 4071 EXIST::FUNCTION:
+FIPS_corrupt_rsa_keygen 4072 EXIST:OPENSSL_FIPS:FUNCTION:
+FIPS_dh_new 4073 EXIST:OPENSSL_FIPS:FUNCTION:DH
+FIPS_corrupt_dsa_keygen 4074 EXIST:OPENSSL_FIPS:FUNCTION:
+FIPS_dh_free 4075 EXIST:OPENSSL_FIPS:FUNCTION:DH
+fips_pkey_signature_test 4076 EXIST:OPENSSL_FIPS:FUNCTION:
+EVP_add_alg_module 4077 EXIST::FUNCTION:
+int_RAND_init_engine_callbacks 4078 EXIST:OPENSSL_FIPS:FUNCTION:ENGINE
+int_EVP_CIPHER_set_engine_callbacks 4079 EXIST:OPENSSL_FIPS:FUNCTION:ENGINE
+int_EVP_MD_init_engine_callbacks 4080 EXIST:OPENSSL_FIPS:FUNCTION:ENGINE
+FIPS_rand_test_mode 4081 EXIST:OPENSSL_FIPS:FUNCTION:
+FIPS_rand_reset 4082 EXIST:OPENSSL_FIPS:FUNCTION:
+FIPS_dsa_new 4083 EXIST:OPENSSL_FIPS:FUNCTION:DSA
+int_RAND_set_callbacks 4084 EXIST:OPENSSL_FIPS:FUNCTION:ENGINE
+BN_X931_derive_prime_ex 4085 EXIST::FUNCTION:
+int_ERR_lib_init 4086 EXIST:OPENSSL_FIPS:FUNCTION:
+int_EVP_CIPHER_init_engine_callbacks 4087 EXIST:OPENSSL_FIPS:FUNCTION:ENGINE
+FIPS_rsa_free 4088 EXIST:OPENSSL_FIPS:FUNCTION:RSA
+FIPS_dsa_sig_encode 4089 EXIST:OPENSSL_FIPS:FUNCTION:DSA
+CRYPTO_dbg_remove_all_info 4090 EXIST::FUNCTION:
+OPENSSL_init 4091 EXIST::FUNCTION:
+private_Camellia_set_key 4092 EXIST:OPENSSL_FIPS:FUNCTION:CAMELLIA
+CRYPTO_strdup 4093 EXIST::FUNCTION:
+JPAKE_STEP3A_process 4094 EXIST::FUNCTION:JPAKE
+JPAKE_STEP1_release 4095 EXIST::FUNCTION:JPAKE
+JPAKE_get_shared_key 4096 EXIST::FUNCTION:JPAKE
+JPAKE_STEP3B_init 4097 EXIST::FUNCTION:JPAKE
+JPAKE_STEP1_generate 4098 EXIST::FUNCTION:JPAKE
+JPAKE_STEP1_init 4099 EXIST::FUNCTION:JPAKE
+JPAKE_STEP3B_process 4100 EXIST::FUNCTION:JPAKE
+JPAKE_STEP2_generate 4101 EXIST::FUNCTION:JPAKE
+JPAKE_CTX_new 4102 EXIST::FUNCTION:JPAKE
+JPAKE_CTX_free 4103 EXIST::FUNCTION:JPAKE
+JPAKE_STEP3B_release 4104 EXIST::FUNCTION:JPAKE
+JPAKE_STEP3A_release 4105 EXIST::FUNCTION:JPAKE
+JPAKE_STEP2_process 4106 EXIST::FUNCTION:JPAKE
+JPAKE_STEP3B_generate 4107 EXIST::FUNCTION:JPAKE
+JPAKE_STEP1_process 4108 EXIST::FUNCTION:JPAKE
+JPAKE_STEP3A_generate 4109 EXIST::FUNCTION:JPAKE
+JPAKE_STEP2_release 4110 EXIST::FUNCTION:JPAKE
+JPAKE_STEP3A_init 4111 EXIST::FUNCTION:JPAKE
+ERR_load_JPAKE_strings 4112 EXIST::FUNCTION:JPAKE
+JPAKE_STEP2_init 4113 EXIST::FUNCTION:JPAKE
diff --git a/lib/libcrypto/util/mk1mf.pl b/lib/libcrypto/util/mk1mf.pl
index 7ba804ce33a..4c16f1dc9ee 100644
--- a/lib/libcrypto/util/mk1mf.pl
+++ b/lib/libcrypto/util/mk1mf.pl
@@ -15,6 +15,18 @@ my $engines = "";
local $zlib_opt = 0; # 0 = no zlib, 1 = static, 2 = dynamic
local $zlib_lib = "";
+local $fips_canister_path = "";
+my $fips_premain_dso_exe_path = "";
+my $fips_premain_c_path = "";
+my $fips_sha1_exe_path = "";
+
+local $fipscanisterbuild = 0;
+local $fipsdso = 0;
+
+my $fipslibdir = "";
+my $baseaddr = "";
+
+my $ex_l_libs = "";
open(IN,"<Makefile") || die "unable to open Makefile!\n";
while(<IN>) {
@@ -221,6 +233,7 @@ $cflags.=" -DOPENSSL_NO_SSL2" if $no_ssl2;
$cflags.=" -DOPENSSL_NO_SSL3" if $no_ssl3;
$cflags.=" -DOPENSSL_NO_TLSEXT" if $no_tlsext;
$cflags.=" -DOPENSSL_NO_CMS" if $no_cms;
+$cflags.=" -DOPENSSL_NO_JPAKE" if $no_jpake;
$cflags.=" -DOPENSSL_NO_CAPIENG" if $no_capieng;
$cflags.=" -DOPENSSL_NO_ERR" if $no_err;
$cflags.=" -DOPENSSL_NO_KRB5" if $no_krb5;
@@ -229,7 +242,7 @@ $cflags.=" -DOPENSSL_NO_ECDSA" if $no_ecdsa;
$cflags.=" -DOPENSSL_NO_ECDH" if $no_ecdh;
$cflags.=" -DOPENSSL_NO_ENGINE" if $no_engine;
$cflags.=" -DOPENSSL_NO_HW" if $no_hw;
-
+$cflags.=" -DOPENSSL_FIPS" if $fips;
$cflags.= " -DZLIB" if $zlib_opt;
$cflags.= " -DZLIB_SHARED" if $zlib_opt == 2;
@@ -251,9 +264,9 @@ else
$ex_libs="$l_flags$ex_libs" if ($l_flags ne "");
-
%shlib_ex_cflags=("SSL" => " -DOPENSSL_BUILD_SHLIBSSL",
- "CRYPTO" => " -DOPENSSL_BUILD_SHLIBCRYPTO");
+ "CRYPTO" => " -DOPENSSL_BUILD_SHLIBCRYPTO",
+ "FIPS" => " -DOPENSSL_BUILD_SHLIBCRYPTO");
if ($msdos)
{
@@ -281,11 +294,21 @@ for (;;)
{
if ($lib ne "")
{
- $uc=$lib;
- $uc =~ s/^lib(.*)\.a/$1/;
- $uc =~ tr/a-z/A-Z/;
- $lib_nam{$uc}=$uc;
- $lib_obj{$uc}.=$libobj." ";
+ if ($fips && $dir =~ /^fips/)
+ {
+ $uc = "FIPS";
+ }
+ else
+ {
+ $uc=$lib;
+ $uc =~ s/^lib(.*)\.a/$1/;
+ $uc =~ tr/a-z/A-Z/;
+ }
+ if (($uc ne "FIPS") || $fipscanisterbuild)
+ {
+ $lib_nam{$uc}=$uc;
+ $lib_obj{$uc}.=$libobj." ";
+ }
}
last if ($val eq "FINISHED");
$lib="";
@@ -328,11 +351,130 @@ for (;;)
if ($key eq "LIBNAMES" && $dir eq "engines" && $no_static_engine)
{ $engines.=$val }
+ if ($key eq "FIPS_EX_OBJ")
+ {
+ $fips_ex_obj=&var_add("crypto",$val,0);
+ }
+
+ if ($key eq "FIPSLIBDIR")
+ {
+ $fipslibdir=$val;
+ $fipslibdir =~ s/\/$//;
+ $fipslibdir =~ s/\//$o/g;
+ }
+
+ if ($key eq "BASEADDR")
+ { $baseaddr=$val;}
+
if (!($_=<IN>))
{ $_="RELATIVE_DIRECTORY=FINISHED\n"; }
}
close(IN);
+if ($fips)
+ {
+
+ foreach (split " ", $fips_ex_obj)
+ {
+ $fips_exclude_obj{$1} = 1 if (/\/([^\/]*)$/);
+ }
+
+ $fips_exclude_obj{"cpu_win32"} = 1;
+ $fips_exclude_obj{"bn_asm"} = 1;
+ $fips_exclude_obj{"des_enc"} = 1;
+ $fips_exclude_obj{"fcrypt_b"} = 1;
+ $fips_exclude_obj{"aes_core"} = 1;
+ $fips_exclude_obj{"aes_cbc"} = 1;
+
+ my @ltmp = split " ", $lib_obj{"CRYPTO"};
+
+
+ $lib_obj{"CRYPTO"} = "";
+
+ foreach(@ltmp)
+ {
+ if (/\/([^\/]*)$/ && exists $fips_exclude_obj{$1})
+ {
+ if ($fipscanisterbuild)
+ {
+ $lib_obj{"FIPS"} .= "$_ ";
+ }
+ }
+ else
+ {
+ $lib_obj{"CRYPTO"} .= "$_ ";
+ }
+ }
+
+ }
+
+if ($fipscanisterbuild)
+ {
+ $fips_canister_path = "\$(LIB_D)${o}fipscanister.lib" if $fips_canister_path eq "";
+ $fips_premain_c_path = "\$(LIB_D)${o}fips_premain.c";
+ }
+else
+ {
+ if ($fips_canister_path eq "")
+ {
+ $fips_canister_path = "\$(FIPSLIB_D)${o}fipscanister.lib";
+ }
+
+ if ($fips_premain_c_path eq "")
+ {
+ $fips_premain_c_path = "\$(FIPSLIB_D)${o}fips_premain.c";
+ }
+ }
+
+if ($fips)
+ {
+ if ($fips_sha1_exe_path eq "")
+ {
+ $fips_sha1_exe_path =
+ "\$(BIN_D)${o}fips_standalone_sha1$exep";
+ }
+ }
+ else
+ {
+ $fips_sha1_exe_path = "";
+ }
+
+if ($fips_premain_dso_exe_path eq "")
+ {
+ $fips_premain_dso_exe_path = "\$(BIN_D)${o}fips_premain_dso$exep";
+ }
+
+# $ex_build_targets .= "\$(BIN_D)${o}\$(E_PREMAIN_DSO)$exep" if ($fips);
+
+#$ex_l_libs .= " \$(L_FIPS)" if $fipsdso;
+
+if ($fips)
+ {
+ if (!$shlib)
+ {
+ $ex_build_targets .= " \$(LIB_D)$o$crypto_compat \$(PREMAIN_DSO_EXE)";
+ $ex_l_libs .= " \$(O_FIPSCANISTER)";
+ $ex_libs_dep .= " \$(O_FIPSCANISTER)" if $fipscanisterbuild;
+ }
+ if ($fipscanisterbuild)
+ {
+ $fipslibdir = "\$(LIB_D)";
+ }
+ else
+ {
+ if ($fipslibdir eq "")
+ {
+ open (IN, "util/fipslib_path.txt") || fipslib_error();
+ $fipslibdir = <IN>;
+ chomp $fipslibdir;
+ close IN;
+ }
+ fips_check_files($fipslibdir,
+ "fipscanister.lib", "fipscanister.lib.sha1",
+ "fips_premain.c", "fips_premain.c.sha1");
+ }
+ }
+
if ($shlib)
{
$extra_install= <<"EOF";
@@ -398,6 +540,7 @@ SRC_D=$src_dir
LINK=$link
LFLAGS=$lflags
RSC=$rsc
+FIPSLINK=\$(PERL) util${o}fipslink.pl
AES_ASM_OBJ=$aes_asm_obj
AES_ASM_SRC=$aes_asm_src
@@ -441,6 +584,17 @@ MKLIB=$bin_dir$mklib
MLFLAGS=$mlflags
ASM=$bin_dir$asm
+# FIPS validated module and support file locations
+
+E_PREMAIN_DSO=fips_premain_dso
+
+FIPSLIB_D=$fipslibdir
+BASEADDR=$baseaddr
+FIPS_PREMAIN_SRC=$fips_premain_c_path
+O_FIPSCANISTER=$fips_canister_path
+FIPS_SHA1_EXE=$fips_sha1_exe_path
+PREMAIN_DSO_EXE=$fips_premain_dso_exe_path
+
######################################################
# You should not need to touch anything below this point
######################################################
@@ -448,6 +602,7 @@ ASM=$bin_dir$asm
E_EXE=openssl
SSL=$ssl
CRYPTO=$crypto
+LIBFIPS=libosslfips
# BIN_D - Binary output directory
# TEST_D - Binary test file output directory
@@ -468,12 +623,14 @@ INCL_D=\$(TMP_D)
O_SSL= \$(LIB_D)$o$plib\$(SSL)$shlibp
O_CRYPTO= \$(LIB_D)$o$plib\$(CRYPTO)$shlibp
+O_FIPS= \$(LIB_D)$o$plib\$(LIBFIPS)$shlibp
SO_SSL= $plib\$(SSL)$so_shlibp
SO_CRYPTO= $plib\$(CRYPTO)$so_shlibp
L_SSL= \$(LIB_D)$o$plib\$(SSL)$libp
L_CRYPTO= \$(LIB_D)$o$plib\$(CRYPTO)$libp
+L_FIPS= \$(LIB_D)$o$plib\$(LIBFIPS)$libp
-L_LIBS= \$(L_SSL) \$(L_CRYPTO)
+L_LIBS= \$(L_SSL) \$(L_CRYPTO) $ex_l_libs
######################################################
# Don't touch anything below this point
@@ -483,13 +640,13 @@ INC=-I\$(INC_D) -I\$(INCL_D)
APP_CFLAGS=\$(INC) \$(CFLAG) \$(APP_CFLAG)
LIB_CFLAGS=\$(INC) \$(CFLAG) \$(LIB_CFLAG)
SHLIB_CFLAGS=\$(INC) \$(CFLAG) \$(LIB_CFLAG) \$(SHLIB_CFLAG)
-LIBS_DEP=\$(O_CRYPTO) \$(O_SSL)
+LIBS_DEP=\$(O_CRYPTO) \$(O_SSL) $ex_libs_dep
#############################################
EOF
$rules=<<"EOF";
-all: banner \$(TMP_D) \$(BIN_D) \$(TEST_D) \$(LIB_D) \$(INCO_D) headers lib exe
+all: banner \$(TMP_D) \$(BIN_D) \$(TEST_D) \$(LIB_D) \$(INCO_D) headers \$(FIPS_SHA1_EXE) lib exe $ex_build_targets
banner:
$banner
@@ -604,6 +761,26 @@ $rules.=&do_compile_rule("\$(OBJ_D)",$test,"\$(APP_CFLAGS)");
$defs.=&do_defs("E_OBJ",$e_exe,"\$(OBJ_D)",$obj);
$rules.=&do_compile_rule("\$(OBJ_D)",$e_exe,'-DMONOLITH $(APP_CFLAGS)');
+# Special case rules for fips_start and fips_end fips_premain_dso
+
+if ($fips)
+ {
+ if ($fipscanisterbuild)
+ {
+ $rules.=&cc_compile_target("\$(OBJ_D)${o}fips_start$obj",
+ "fips${o}fips_canister.c",
+ "-DFIPS_START \$(SHLIB_CFLAGS)");
+ $rules.=&cc_compile_target("\$(OBJ_D)${o}fips_end$obj",
+ "fips${o}fips_canister.c", "\$(SHLIB_CFLAGS)");
+ }
+ $rules.=&cc_compile_target("\$(OBJ_D)${o}fips_standalone_sha1$obj",
+ "fips${o}sha${o}fips_standalone_sha1.c",
+ "\$(SHLIB_CFLAGS)");
+ $rules.=&cc_compile_target("\$(OBJ_D)${o}\$(E_PREMAIN_DSO)$obj",
+ "fips${o}fips_premain.c",
+ "-DFINGERPRINT_PREMAIN_DSO_LOAD \$(SHLIB_CFLAGS)");
+ }
+
foreach (values %lib_nam)
{
$lib_obj=$lib_obj{$_};
@@ -614,27 +791,41 @@ foreach (values %lib_nam)
$rules.="\$(O_SSL):\n\n";
next;
}
- if (($aes_asm_obj ne "") && ($_ eq "CRYPTO"))
- {
- $lib_obj =~ s/\s(\S*\/aes_core\S*)/ \$(AES_ASM_OBJ)/;
- $lib_obj =~ s/\s\S*\/aes_cbc\S*//;
- $rules.=&do_asm_rule($aes_asm_obj,$aes_asm_src);
- }
- if (($bn_asm_obj ne "") && ($_ eq "CRYPTO"))
- {
- $lib_obj =~ s/\s\S*\/bn_asm\S*/ \$(BN_ASM_OBJ)/;
- $rules.=&do_asm_rule($bn_asm_obj,$bn_asm_src);
- }
- if (($bnco_asm_obj ne "") && ($_ eq "CRYPTO"))
- {
- $lib_obj .= "\$(BNCO_ASM_OBJ)";
- $rules.=&do_asm_rule($bnco_asm_obj,$bnco_asm_src);
- }
- if (($des_enc_obj ne "") && ($_ eq "CRYPTO"))
+
+ if ((!$fips && ($_ eq "CRYPTO")) || ($fips && ($_ eq "FIPS")))
{
- $lib_obj =~ s/\s\S*des_enc\S*/ \$(DES_ENC_OBJ)/;
- $lib_obj =~ s/\s\S*\/fcrypt_b\S*\s*/ /;
- $rules.=&do_asm_rule($des_enc_obj,$des_enc_src);
+ if ($cpuid_asm_obj ne "")
+ {
+ $lib_obj =~ s/(\S*\/cryptlib\S*)/$1 \$(CPUID_ASM_OBJ)/;
+ $rules.=&do_asm_rule($cpuid_asm_obj,$cpuid_asm_src);
+ }
+ if ($aes_asm_obj ne "")
+ {
+ $lib_obj =~ s/\s(\S*\/aes_core\S*)/ \$(AES_ASM_OBJ)/;
+ $lib_obj =~ s/\s\S*\/aes_cbc\S*//;
+ $rules.=&do_asm_rule($aes_asm_obj,$aes_asm_src);
+ }
+ if ($sha1_asm_obj ne "")
+ {
+ $lib_obj =~ s/\s(\S*\/sha1dgst\S*)/ $1 \$(SHA1_ASM_OBJ)/;
+ $rules.=&do_asm_rule($sha1_asm_obj,$sha1_asm_src);
+ }
+ if ($bn_asm_obj ne "")
+ {
+ $lib_obj =~ s/\s\S*\/bn_asm\S*/ \$(BN_ASM_OBJ)/;
+ $rules.=&do_asm_rule($bn_asm_obj,$bn_asm_src);
+ }
+ if ($bnco_asm_obj ne "")
+ {
+ $lib_obj .= "\$(BNCO_ASM_OBJ)";
+ $rules.=&do_asm_rule($bnco_asm_obj,$bnco_asm_src);
+ }
+ if ($des_enc_obj ne "")
+ {
+ $lib_obj =~ s/\s\S*des_enc\S*/ \$(DES_ENC_OBJ)/;
+ $lib_obj =~ s/\s\S*\/fcrypt_b\S*\s*/ /;
+ $rules.=&do_asm_rule($des_enc_obj,$des_enc_src);
+ }
}
if (($bf_enc_obj ne "") && ($_ eq "CRYPTO"))
{
@@ -661,21 +852,11 @@ foreach (values %lib_nam)
$lib_obj =~ s/\s(\S*\/md5_dgst\S*)/ $1 \$(MD5_ASM_OBJ)/;
$rules.=&do_asm_rule($md5_asm_obj,$md5_asm_src);
}
- if (($sha1_asm_obj ne "") && ($_ eq "CRYPTO"))
- {
- $lib_obj =~ s/\s(\S*\/sha1dgst\S*)/ $1 \$(SHA1_ASM_OBJ)/;
- $rules.=&do_asm_rule($sha1_asm_obj,$sha1_asm_src);
- }
if (($rmd160_asm_obj ne "") && ($_ eq "CRYPTO"))
{
$lib_obj =~ s/\s(\S*\/rmd_dgst\S*)/ $1 \$(RMD160_ASM_OBJ)/;
$rules.=&do_asm_rule($rmd160_asm_obj,$rmd160_asm_src);
}
- if (($cpuid_asm_obj ne "") && ($_ eq "CRYPTO"))
- {
- $lib_obj =~ s/\s(\S*\/cversion\S*)/ $1 \$(CPUID_ASM_OBJ)/;
- $rules.=&do_asm_rule($cpuid_asm_obj,$cpuid_asm_src);
- }
$defs.=&do_defs(${_}."OBJ",$lib_obj,"\$(OBJ_D)",$obj);
$lib=($slib)?" \$(SHLIB_CFLAGS)".$shlib_ex_cflags{$_}:" \$(LIB_CFLAGS)";
$rules.=&do_compile_rule("\$(OBJ_D)",$lib_obj{$_},$lib);
@@ -690,15 +871,43 @@ if (($platform eq "VC-WIN32") || ($platform eq "VC-NT")) {
\$(OBJ_D)\\\$(SSL).res: ms\\version32.rc
\$(RSC) /fo"\$(OBJ_D)\\\$(SSL).res" /d SSL ms\\version32.rc
+\$(OBJ_D)\\\$(LIBFIPS).res: ms\\version32.rc
+ \$(RSC) /fo"\$(OBJ_D)\\\$(LIBFIPS).res" /d FIPS ms\\version32.rc
+
EOF
}
$defs.=&do_defs("T_EXE",$test,"\$(TEST_D)",$exep);
foreach (split(/\s+/,$test))
{
+ my $t_libs;
$t=&bname($_);
+ my $ltype;
+ # Check to see if test program is FIPS
+ if ($fips && /fips/)
+ {
+ # If fipsdso link to libosslfips.dll
+ # otherwise perform static link to
+ # $(O_FIPSCANISTER)
+ if ($fipsdso)
+ {
+ $t_libs = "\$(L_FIPS)";
+ $ltype = 0;
+ }
+ else
+ {
+ $t_libs = "\$(O_FIPSCANISTER)";
+ $ltype = 2;
+ }
+ }
+ else
+ {
+ $t_libs = "\$(L_LIBS)";
+ $ltype = 0;
+ }
+
$tt="\$(OBJ_D)${o}$t${obj}";
- $rules.=&do_link_rule("\$(TEST_D)$o$t$exep",$tt,"\$(LIBS_DEP)","\$(L_LIBS) \$(EX_LIBS)");
+ $rules.=&do_link_rule("\$(TEST_D)$o$t$exep",$tt,"\$(LIBS_DEP)","$t_libs \$(EX_LIBS)", $ltype);
}
$defs.=&do_defs("E_SHLIB",$engines,"\$(ENG_D)",$shlibp);
@@ -712,9 +921,69 @@ foreach (split(/\s+/,$engines))
$rules.= &do_lib_rule("\$(SSLOBJ)","\$(O_SSL)",$ssl,$shlib,"\$(SO_SSL)");
-$rules.= &do_lib_rule("\$(CRYPTOOBJ)","\$(O_CRYPTO)",$crypto,$shlib,"\$(SO_CRYPTO)");
-$rules.=&do_link_rule("\$(BIN_D)$o\$(E_EXE)$exep","\$(E_OBJ)","\$(LIBS_DEP)","\$(L_LIBS) \$(EX_LIBS)");
+if ($fips)
+ {
+ if ($shlib)
+ {
+ if ($fipsdso)
+ {
+ $rules.= &do_lib_rule("\$(CRYPTOOBJ)",
+ "\$(O_CRYPTO)", "$crypto",
+ $shlib, "", "");
+ $rules.= &do_lib_rule(
+ "\$(O_FIPSCANISTER)",
+ "\$(O_FIPS)", "\$(LIBFIPS)",
+ $shlib, "\$(SO_CRYPTO)", "\$(BASEADDR)");
+ $rules.= &do_sdef_rule();
+ }
+ else
+ {
+ $rules.= &do_lib_rule(
+ "\$(CRYPTOOBJ) \$(O_FIPSCANISTER)",
+ "\$(O_CRYPTO)", "$crypto",
+ $shlib, "\$(SO_CRYPTO)", "\$(BASEADDR)");
+ }
+ }
+ else
+ {
+ $rules.= &do_lib_rule("\$(CRYPTOOBJ)",
+ "\$(O_CRYPTO)",$crypto,$shlib,"\$(SO_CRYPTO)", "");
+ $rules.= &do_lib_rule("\$(CRYPTOOBJ) \$(FIPSOBJ)",
+ "\$(LIB_D)$o$crypto_compat",$crypto,$shlib,"\$(SO_CRYPTO)", "");
+ }
+ }
+ else
+ {
+ $rules.= &do_lib_rule("\$(CRYPTOOBJ)","\$(O_CRYPTO)",$crypto,$shlib,
+ "\$(SO_CRYPTO)");
+ }
+
+if ($fips)
+ {
+ if ($fipscanisterbuild)
+ {
+ $rules.= &do_rlink_rule("\$(O_FIPSCANISTER)",
+ "\$(OBJ_D)${o}fips_start$obj",
+ "\$(FIPSOBJ)",
+ "\$(OBJ_D)${o}fips_end$obj",
+ "\$(FIPS_SHA1_EXE)", "");
+ $rules.=&do_link_rule("\$(FIPS_SHA1_EXE)",
+ "\$(OBJ_D)${o}fips_standalone_sha1$obj \$(OBJ_D)${o}sha1dgst$obj \$(SHA1_ASM_OBJ)",
+ "","\$(EX_LIBS)", 1);
+ }
+ else
+ {
+ $rules.=&do_link_rule("\$(FIPS_SHA1_EXE)",
+ "\$(OBJ_D)${o}fips_standalone_sha1$obj \$(O_FIPSCANISTER)",
+ "","", 1);
+
+ }
+ $rules.=&do_link_rule("\$(PREMAIN_DSO_EXE)","\$(OBJ_D)${o}\$(E_PREMAIN_DSO)$obj \$(CRYPTOOBJ) \$(O_FIPSCANISTER)","","\$(EX_LIBS)", 1);
+
+ }
+
+$rules.=&do_link_rule("\$(BIN_D)$o\$(E_EXE)$exep","\$(E_OBJ)","\$(LIBS_DEP)","\$(L_LIBS) \$(EX_LIBS)", ($fips && !$shlib) ? 2 : 0);
print $defs;
@@ -752,6 +1021,8 @@ sub var_add
return("") if $no_dh && $dir =~ /\/dh/;
return("") if $no_ec && $dir =~ /\/ec/;
return("") if $no_cms && $dir =~ /\/cms/;
+ return("") if $no_jpake && $dir =~ /\/jpake/;
+ return("") if !$fips && $dir =~ /^fips/;
if ($no_des && $dir =~ /\/des/)
{
if ($val =~ /read_pwd/)
@@ -1011,6 +1282,7 @@ sub read_options
"no-hmac" => \$no_hmac,
"no-asm" => \$no_asm,
"nasm" => \$nasm,
+ "ml64" => \$ml64,
"nw-nasm" => \$nw_nasm,
"nw-mwasm" => \$nw_mwasm,
"gaswin" => \$gaswin,
@@ -1018,6 +1290,7 @@ sub read_options
"no-ssl3" => \$no_ssl3,
"no-tlsext" => \$no_tlsext,
"no-cms" => \$no_cms,
+ "no-jpake" => \$no_jpake,
"no-capieng" => \$no_capieng,
"no-err" => \$no_err,
"no-sock" => \$no_sock,
@@ -1045,6 +1318,9 @@ sub read_options
"no-shared" => 0,
"no-zlib" => 0,
"no-zlib-dynamic" => 0,
+ "fips" => \$fips,
+ "fipscanisterbuild" => [\$fips, \$fipscanisterbuild],
+ "fipsdso" => [\$fips, \$fipscanisterbuild, \$fipsdso],
);
if (exists $valid_options{$_})
@@ -1086,6 +1362,18 @@ sub read_options
{return 1;}
return 0;
}
+ # experimental-xxx is mostly like enable-xxx, but opensslconf.v
+ # will still set OPENSSL_NO_xxx unless we set OPENSSL_EXPERIMENTAL_xxx.
+ # (No need to fail if we don't know the algorithm -- this is for adventurous users only.)
+ elsif (/^experimental-/)
+ {
+ my $algo, $ALGO;
+ ($algo = $_) =~ s/^experimental-//;
+ ($ALGO = $algo) =~ tr/[a-z]/[A-Z]/;
+
+ $xcflags="-DOPENSSL_EXPERIMENTAL_$ALGO $xcflags";
+
+ }
elsif (/^--with-krb5-flavor=(.*)$/)
{
my $krb5_flavor = $1;
@@ -1109,3 +1397,31 @@ sub read_options
else { return(0); }
return(1);
}
+
+sub fipslib_error
+ {
+ print STDERR "***FIPS module directory sanity check failed***\n";
+ print STDERR "FIPS module build failed, or was deleted\n";
+ print STDERR "Please rebuild FIPS module.\n";
+ exit 1;
+ }
+
+sub fips_check_files
+ {
+ my $dir = shift @_;
+ my $ret = 1;
+ if (!-d $dir)
+ {
+ print STDERR "FIPS module directory $dir does not exist\n";
+ fipslib_error();
+ }
+ foreach (@_)
+ {
+ if (!-f "$dir${o}$_")
+ {
+ print STDERR "FIPS module file $_ does not exist!\n";
+ $ret = 0;
+ }
+ }
+ fipslib_error() if ($ret == 0);
+ }
diff --git a/lib/libcrypto/util/mkdef.pl b/lib/libcrypto/util/mkdef.pl
index 8ecfde1848a..5ae9ebb6191 100644
--- a/lib/libcrypto/util/mkdef.pl
+++ b/lib/libcrypto/util/mkdef.pl
@@ -79,7 +79,7 @@ my $OS2=0;
my $safe_stack_def = 0;
my @known_platforms = ( "__FreeBSD__", "PERL5", "NeXT",
- "EXPORT_VAR_AS_FUNCTION", "ZLIB" );
+ "EXPORT_VAR_AS_FUNCTION", "ZLIB", "OPENSSL_FIPS");
my @known_ossl_platforms = ( "VMS", "WIN16", "WIN32", "WINNT", "OS2" );
my @known_algorithms = ( "RC2", "RC4", "RC5", "IDEA", "DES", "BF",
"CAST", "MD2", "MD4", "MD5", "SHA", "SHA0", "SHA1",
@@ -102,6 +102,8 @@ my @known_algorithms = ( "RC2", "RC4", "RC5", "IDEA", "DES", "BF",
"CMS",
# CryptoAPI Engine
"CAPIENG",
+ # JPAKE
+ "JPAKE",
# Deprecated functions
"DEPRECATED" );
@@ -122,7 +124,8 @@ my $no_rsa; my $no_dsa; my $no_dh; my $no_hmac=0; my $no_aes; my $no_krb5;
my $no_ec; my $no_ecdsa; my $no_ecdh; my $no_engine; my $no_hw; my $no_camellia;
my $no_seed;
my $no_fp_api; my $no_static_engine; my $no_gmp; my $no_deprecated;
-my $no_rfc3779; my $no_tlsext; my $no_cms; my $no_capieng;
+my $no_rfc3779; my $no_tlsext; my $no_cms; my $no_capieng; my $no_jpake;
+my $fips;
foreach (@ARGV, split(/ /, $options))
@@ -144,12 +147,13 @@ foreach (@ARGV, split(/ /, $options))
}
$VMS=1 if $_ eq "VMS";
$OS2=1 if $_ eq "OS2";
+ $fips=1 if /^fips/;
+
if ($_ eq "zlib" || $_ eq "zlib-dynamic"
- || $_ eq "enable-zlib-dynamic") {
- $zlib = 1;
+ || $_ eq "enable-zlib-dynamic") {
+ $zlib = 1;
}
-
$do_ssl=1 if $_ eq "ssleay";
if ($_ eq "ssl") {
$do_ssl=1;
@@ -209,6 +213,7 @@ foreach (@ARGV, split(/ /, $options))
elsif (/^no-tlsext$/) { $no_tlsext=1; }
elsif (/^no-cms$/) { $no_cms=1; }
elsif (/^no-capieng$/) { $no_capieng=1; }
+ elsif (/^no-jpake$/) { $no_jpake=1; }
}
@@ -305,6 +310,8 @@ $crypto.=" crypto/tmdiff.h";
$crypto.=" crypto/store/store.h";
$crypto.=" crypto/pqueue/pqueue.h";
$crypto.=" crypto/cms/cms.h";
+$crypto.=" crypto/jpake/jpake.h";
+$crypto.=" fips/fips.h fips/rand/fips_rand.h";
my $symhacks="crypto/symhacks.h";
@@ -1090,6 +1097,9 @@ sub is_valid
if ($keyword eq "EXPORT_VAR_AS_FUNCTION" && ($VMSVAX || $W32 || $W16)) {
return 1;
}
+ if ($keyword eq "OPENSSL_FIPS" && $fips) {
+ return 1;
+ }
if ($keyword eq "ZLIB" && $zlib) { return 1; }
return 0;
} else {
@@ -1135,6 +1145,7 @@ sub is_valid
if ($keyword eq "TLSEXT" && $no_tlsext) { return 0; }
if ($keyword eq "CMS" && $no_cms) { return 0; }
if ($keyword eq "CAPIENG" && $no_capieng) { return 0; }
+ if ($keyword eq "JPAKE" && $no_jpake) { return 0; }
if ($keyword eq "DEPRECATED" && $no_deprecated) { return 0; }
# Nothing recognise as true
diff --git a/lib/libcrypto/util/mkerr.pl b/lib/libcrypto/util/mkerr.pl
index 53e14ab4df9..554bebb1590 100644
--- a/lib/libcrypto/util/mkerr.pl
+++ b/lib/libcrypto/util/mkerr.pl
@@ -44,7 +44,8 @@ while (@ARGV) {
}
if($recurse) {
- @source = (<crypto/*.c>, <crypto/*/*.c>, <ssl/*.c>);
+ @source = ( <crypto/*.c>, <crypto/*/*.c>, <ssl/*.c>,
+ <fips/*.c>, <fips/*/*.c>);
} else {
@source = @ARGV;
}
diff --git a/lib/libcrypto/util/mkfiles.pl b/lib/libcrypto/util/mkfiles.pl
index 1282392feae..67fb8694c88 100644
--- a/lib/libcrypto/util/mkfiles.pl
+++ b/lib/libcrypto/util/mkfiles.pl
@@ -47,6 +47,7 @@ my @dirs = (
"crypto/x509",
"crypto/x509v3",
"crypto/conf",
+"crypto/jpake",
"crypto/txt_db",
"crypto/pkcs7",
"crypto/pkcs12",
@@ -58,6 +59,15 @@ my @dirs = (
"crypto/store",
"crypto/pqueue",
"crypto/cms",
+"fips",
+"fips/aes",
+"fips/des",
+"fips/dsa",
+"fips/dh",
+"fips/hmac",
+"fips/rand",
+"fips/rsa",
+"fips/sha",
"ssl",
"apps",
"engines",
diff --git a/lib/libcrypto/util/mklink.pl b/lib/libcrypto/util/mklink.pl
index d9bc98aab87..eacc3278826 100644
--- a/lib/libcrypto/util/mklink.pl
+++ b/lib/libcrypto/util/mklink.pl
@@ -15,13 +15,21 @@
# Apart from this, this script should be able to handle even the most
# pathological cases.
-use Cwd;
+my $pwd;
+eval 'use Cwd;';
+if ($@)
+ {
+ $pwd = `pwd`;
+ }
+else
+ {
+ $pwd = getcwd();
+ }
my $from = shift;
my @files = @ARGV;
my @from_path = split(/[\\\/]/, $from);
-my $pwd = getcwd();
chomp($pwd);
my @pwd_path = split(/[\\\/]/, $pwd);
diff --git a/lib/libcrypto/util/pl/VC-32.pl b/lib/libcrypto/util/pl/VC-32.pl
index 1e254119e6a..166785db8d3 100644
--- a/lib/libcrypto/util/pl/VC-32.pl
+++ b/lib/libcrypto/util/pl/VC-32.pl
@@ -4,12 +4,26 @@
#
$ssl= "ssleay32";
-$crypto="libeay32";
+
+if ($fips && !$shlib)
+ {
+ $crypto="libeayfips32";
+ $crypto_compat = "libeaycompat32.lib";
+ }
+else
+ {
+ $crypto="libeay32";
+ }
+
+if ($fipscanisterbuild)
+ {
+ $fips_canister_path = "\$(LIB_D)\\fipscanister.lib";
+ }
$o='\\';
$cp='$(PERL) util/copy.pl';
$mkdir='$(PERL) util/mkdir-p.pl';
-$rm='del';
+$rm='del /Q';
$zlib_lib="zlib1.lib";
@@ -96,7 +110,7 @@ else # Win32
$base_cflags=' /W3 /WX /Gs0 /GF /Gy /nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DDSO_WIN32';
$base_cflags.=' -D_CRT_SECURE_NO_DEPRECATE'; # shut up VC8
$base_cflags.=' -D_CRT_NONSTDC_NO_DEPRECATE'; # shut up VC8
- my $f = $shlib?' /MD':' /MT';
+ my $f = $shlib || $fips ?' /MD':' /MT';
$lib_cflag='/Zl' if (!$shlib); # remove /DEFAULTLIBs from static lib
$opt_cflags=$f.' /Ox /O2 /Ob2';
$dbg_cflags=$f.'d /Od -DDEBUG -D_DEBUG';
@@ -165,12 +179,17 @@ if ($nasm) {
# pick newest version
$asm=($ver gt $vew?"nasm":"nasmw")." -f win32";
$afile='-o ';
+} elsif ($ml64) {
+ $asm='ml64 /c /Cp /Cx';
+ $asm.=' /Zi' if $debug;
+ $afile='/Fo';
} else {
$asm='ml /Cp /coff /c /Cx';
$asm.=" /Zi" if $debug;
$afile='/Fo';
}
+$aes_asm_obj='';
$bn_asm_obj='';
$bn_asm_src='';
$des_enc_obj='';
@@ -179,11 +198,13 @@ $bf_enc_obj='';
$bf_enc_src='';
if (!$no_asm)
+ {
+ if ($FLAVOR =~ "WIN32")
{
$aes_asm_obj='crypto\aes\asm\a_win32.obj';
$aes_asm_src='crypto\aes\asm\a_win32.asm';
- $bn_asm_obj='crypto\bn\asm\bn_win32.obj';
- $bn_asm_src='crypto\bn\asm\bn_win32.asm';
+ $bn_asm_obj='crypto\bn\asm\bn_win32.obj crypto\bn\asm\mt_win32.obj';
+ $bn_asm_src='crypto\bn\asm\bn_win32.asm crypto\bn\asm\mt_win32.asm';
$bnco_asm_obj='crypto\bn\asm\co_win32.obj';
$bnco_asm_src='crypto\bn\asm\co_win32.asm';
$des_enc_obj='crypto\des\asm\d_win32.obj crypto\des\asm\y_win32.obj';
@@ -204,12 +225,26 @@ if (!$no_asm)
$rmd160_asm_src='crypto\ripemd\asm\rm_win32.asm';
$cpuid_asm_obj='crypto\cpu_win32.obj';
$cpuid_asm_src='crypto\cpu_win32.asm';
- $cflags.=" -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DAES_ASM -DBN_ASM -DOPENSSL_BN_ASM_PART_WORDS -DMD5_ASM -DSHA1_ASM -DRMD160_ASM";
+ $cflags.=" -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DAES_ASM -DBN_ASM -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_BN_ASM_MONT -DMD5_ASM -DSHA1_ASM -DRMD160_ASM";
}
+ elsif ($FLAVOR =~ "WIN64A")
+ {
+ $aes_asm_obj='$(OBJ_D)\aes-x86_64.obj';
+ $aes_asm_src='crypto\aes\asm\aes-x86_64.asm';
+ $bn_asm_obj='$(OBJ_D)\x86_64-mont.obj $(OBJ_D)\bn_asm.obj';
+ $bn_asm_src='crypto\bn\asm\x86_64-mont.asm';
+ $sha1_asm_obj='$(OBJ_D)\sha1-x86_64.obj $(OBJ_D)\sha256-x86_64.obj $(OBJ_D)\sha512-x86_64.obj';
+ $sha1_asm_src='crypto\sha\asm\sha1-x86_64.asm crypto\sha\asm\sha256-x86_64.asm crypto\sha\asm\sha512-x86_64.asm';
+ $cpuid_asm_obj='$(OBJ_D)\cpuid-x86_64.obj';
+ $cpuid_asm_src='crypto\cpuid-x86_64.asm';
+ $cflags.=" -DOPENSSL_CPUID_OBJ -DAES_ASM -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM";
+ }
+ }
if ($shlib && $FLAVOR !~ /CE/)
{
$mlflags.=" $lflags /dll";
+# $cflags =~ s| /MD| /MT|;
$lib_cflag=" -D_WINDLL";
$out_def="out32dll";
$tmp_def="tmp32dll";
@@ -232,8 +267,8 @@ $(INCO_D)\applink.c: ms\applink.c
EXHEADER= $(EXHEADER) $(INCO_D)\applink.c
LIBS_DEP=$(LIBS_DEP) $(OBJ_D)\applink.obj
-CRYPTOOBJ=$(OBJ_D)\uplink.obj $(CRYPTOOBJ)
___
+$banner .= "CRYPTOOBJ=\$(OBJ_D)\\uplink.obj \$(CRYPTOOBJ)\n";
$banner.=<<'___' if ($FLAVOR =~ /WIN64/);
CRYPTOOBJ=ms\uptable.obj $(CRYPTOOBJ)
___
@@ -250,26 +285,56 @@ $cflags.=" /Fd$out_def";
sub do_lib_rule
{
- local($objs,$target,$name,$shlib)=@_;
+ my($objs,$target,$name,$shlib,$ign,$base_addr) = @_;
local($ret);
$taget =~ s/\//$o/g if $o ne '/';
- if ($name ne "")
+ my $base_arg;
+ if ($base_addr ne "")
+ {
+ $base_arg= " /base:$base_addr";
+ }
+ else
+ {
+ $base_arg = "";
+ }
+ if ($target =~ /O_CRYPTO/ && $fipsdso)
+ {
+ $name = "/def:ms/libeayfips.def";
+ }
+ elsif ($name ne "")
{
$name =~ tr/a-z/A-Z/;
$name = "/def:ms/${name}.def";
}
# $target="\$(LIB_D)$o$target";
- $ret.="$target: $objs\n";
+# $ret.="$target: $objs\n";
if (!$shlib)
{
# $ret.="\t\$(RM) \$(O_$Name)\n";
$ex =' ';
+ $ret.="$target: $objs\n";
$ret.="\t\$(MKLIB) $lfile$target @<<\n $objs $ex\n<<\n";
}
else
{
- local($ex)=($target =~ /O_CRYPTO/)?'':' $(L_CRYPTO)';
+ my $ex = "";
+ if ($target =~ /O_SSL/)
+ {
+ $ex .= " \$(L_CRYPTO)";
+ #$ex .= " \$(L_FIPS)" if $fipsdso;
+ }
+ my $fipstarget;
+ if ($fipsdso)
+ {
+ $fipstarget = "O_FIPS";
+ }
+ else
+ {
+ $fipstarget = "O_CRYPTO";
+ }
+
+
if ($name eq "")
{
$ex.=' bufferoverflowu.lib' if ($FLAVOR =~ /WIN64/);
@@ -290,7 +355,39 @@ sub do_lib_rule
$ex.=' bufferoverflowu.lib' if ($FLAVOR =~ /WIN64/);
}
$ex.=" $zlib_lib" if $zlib_opt == 1 && $target =~ /O_CRYPTO/;
- $ret.="\t\$(LINK) \$(MLFLAGS) $efile$target $name @<<\n \$(SHLIB_EX_OBJ) $objs $ex\n<<\n";
+
+ if ($fips && $target =~ /$fipstarget/)
+ {
+ $ex.= $mwex unless $fipscanisterbuild;
+ $ret.="$target: $objs \$(PREMAIN_DSO_EXE)";
+ if ($fipsdso)
+ {
+ $ex.=" \$(OBJ_D)\\\$(LIBFIPS).res";
+ $ret.=" \$(OBJ_D)\\\$(LIBFIPS).res";
+ $ret.=" ms/\$(LIBFIPS).def";
+ }
+ $ret.="\n\tSET FIPS_LINK=\$(LINK)\n";
+ $ret.="\tSET FIPS_CC=\$(CC)\n";
+ $ret.="\tSET FIPS_CC_ARGS=/Fo\$(OBJ_D)${o}fips_premain.obj \$(SHLIB_CFLAGS) -c\n";
+ $ret.="\tSET PREMAIN_DSO_EXE=\$(PREMAIN_DSO_EXE)\n";
+ $ret.="\tSET FIPS_SHA1_EXE=\$(FIPS_SHA1_EXE)\n";
+ $ret.="\tSET FIPS_TARGET=$target\n";
+ $ret.="\tSET FIPSLIB_D=\$(FIPSLIB_D)\n";
+ $ret.="\t\$(FIPSLINK) \$(MLFLAGS) /map $base_arg $efile$target ";
+ $ret.="$name @<<\n \$(SHLIB_EX_OBJ) $objs ";
+ $ret.="\$(OBJ_D)${o}fips_premain.obj $ex\n<<\n";
+ }
+ else
+ {
+ $ret.="$target: $objs";
+ if ($target =~ /O_CRYPTO/ && $fipsdso)
+ {
+ $ret .= " \$(O_FIPS)";
+ $ex .= " \$(L_FIPS)";
+ }
+ $ret.="\n\t\$(LINK) \$(MLFLAGS) $efile$target $name @<<\n \$(SHLIB_EX_OBJ) $objs $ex\n<<\n";
+ }
+
$ret.="\tIF EXIST \$@.manifest mt -nologo -manifest \$@.manifest -outputresource:\$@;2\n\n";
}
$ret.="\n";
@@ -299,16 +396,64 @@ sub do_lib_rule
sub do_link_rule
{
- local($target,$files,$dep_libs,$libs)=@_;
+ my($target,$files,$dep_libs,$libs,$standalone)=@_;
local($ret,$_);
-
$file =~ s/\//$o/g if $o ne '/';
$n=&bname($targer);
$ret.="$target: $files $dep_libs\n";
- $ret.="\t\$(LINK) \$(LFLAGS) $efile$target @<<\n";
- $ret.=" \$(APP_EX_OBJ) $files $libs\n<<\n";
- $ret.="\tIF EXIST \$@.manifest mt -nologo -manifest \$@.manifest -outputresource:\$@;1\n\n";
+ if ($standalone == 1)
+ {
+ $ret.=" \$(LINK) \$(LFLAGS) $efile$target @<<\n\t";
+ $ret.= "$mwex advapi32.lib " if ($files =~ /O_FIPSCANISTER/ && !$fipscanisterbuild);
+ $ret.="$files $libs\n<<\n";
+ }
+ elsif ($standalone == 2)
+ {
+ $ret.="\tSET FIPS_LINK=\$(LINK)\n";
+ $ret.="\tSET FIPS_CC=\$(CC)\n";
+ $ret.="\tSET FIPS_CC_ARGS=/Fo\$(OBJ_D)${o}fips_premain.obj \$(SHLIB_CFLAGS) -c\n";
+ $ret.="\tSET PREMAIN_DSO_EXE=\n";
+ $ret.="\tSET FIPS_TARGET=$target\n";
+ $ret.="\tSET FIPS_SHA1_EXE=\$(FIPS_SHA1_EXE)\n";
+ $ret.="\tSET FIPSLIB_D=\$(FIPSLIB_D)\n";
+ $ret.="\t\$(FIPSLINK) \$(LFLAGS) /map $efile$target @<<\n";
+ $ret.="\t\$(APP_EX_OBJ) $files \$(OBJ_D)${o}fips_premain.obj $libs\n<<\n";
+ }
+ else
+ {
+ $ret.="\t\$(LINK) \$(LFLAGS) $efile$target @<<\n";
+ $ret.="\t\$(APP_EX_OBJ) $files $libs\n<<\n";
+ }
+ $ret.="\tIF EXIST \$@.manifest mt -nologo -manifest \$@.manifest -outputresource:\$@;1\n\n";
return($ret);
}
+sub do_rlink_rule
+ {
+ local($target,$rl_start, $rl_mid, $rl_end,$dep_libs,$libs)=@_;
+ local($ret,$_);
+ my $files = "$rl_start $rl_mid $rl_end";
+
+ $file =~ s/\//$o/g if $o ne '/';
+ $n=&bname($targer);
+ $ret.="$target: $files $dep_libs \$(FIPS_SHA1_EXE)\n";
+ $ret.="\t\$(PERL) ms\\segrenam.pl \$\$a $rl_start\n";
+ $ret.="\t\$(PERL) ms\\segrenam.pl \$\$b $rl_mid\n";
+ $ret.="\t\$(PERL) ms\\segrenam.pl \$\$c $rl_end\n";
+ $ret.="\t\$(MKLIB) $lfile$target @<<\n\t$files\n<<\n";
+ $ret.="\t\$(FIPS_SHA1_EXE) $target > ${target}.sha1\n";
+ $ret.="\t\$(PERL) util${o}copy.pl -stripcr fips${o}fips_premain.c \$(LIB_D)${o}fips_premain.c\n";
+ $ret.="\t\$(CP) fips${o}fips_premain.c.sha1 \$(LIB_D)${o}fips_premain.c.sha1\n";
+ $ret.="\n";
+ return($ret);
+ }
+
+sub do_sdef_rule
+ {
+ my $ret = "ms/\$(LIBFIPS).def: \$(O_FIPSCANISTER)\n";
+ $ret.="\t\$(PERL) util/mksdef.pl \$(MLFLAGS) /out:dummy.dll /def:ms/libeay32.def @<<\n \$(O_FIPSCANISTER)\n<<\n";
+ $ret.="\n";
+ return $ret;
+ }
+
1;
diff --git a/lib/libcrypto/x509/by_dir.c b/lib/libcrypto/x509/by_dir.c
index 37f9a482069..341e0ba6a41 100644
--- a/lib/libcrypto/x509/by_dir.c
+++ b/lib/libcrypto/x509/by_dir.c
@@ -74,6 +74,10 @@
#include <openssl/lhash.h>
#include <openssl/x509.h>
+#ifdef _WIN32
+#define stat _stat
+#endif
+
typedef struct lookup_dir_st
{
BUF_MEM *buffer;
diff --git a/lib/libcrypto/x509/x509_cmp.c b/lib/libcrypto/x509/x509_cmp.c
index 0d6bc653b21..e4c682fc44e 100644
--- a/lib/libcrypto/x509/x509_cmp.c
+++ b/lib/libcrypto/x509/x509_cmp.c
@@ -322,10 +322,16 @@ unsigned long X509_NAME_hash(X509_NAME *x)
{
unsigned long ret=0;
unsigned char md[16];
+ EVP_MD_CTX md_ctx;
/* Make sure X509_NAME structure contains valid cached encoding */
i2d_X509_NAME(x,NULL);
- EVP_Digest(x->bytes->data, x->bytes->length, md, NULL, EVP_md5(), NULL);
+ EVP_MD_CTX_init(&md_ctx);
+ EVP_MD_CTX_set_flags(&md_ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
+ EVP_DigestInit_ex(&md_ctx, EVP_md5(), NULL);
+ EVP_DigestUpdate(&md_ctx, x->bytes->data, x->bytes->length);
+ EVP_DigestFinal_ex(&md_ctx,md,NULL);
+ EVP_MD_CTX_cleanup(&md_ctx);
ret=( ((unsigned long)md[0] )|((unsigned long)md[1]<<8L)|
((unsigned long)md[2]<<16L)|((unsigned long)md[3]<<24L)
diff --git a/lib/libcrypto/x509/x509_trs.c b/lib/libcrypto/x509/x509_trs.c
index 9c84a59d523..ed187005859 100644
--- a/lib/libcrypto/x509/x509_trs.c
+++ b/lib/libcrypto/x509/x509_trs.c
@@ -1,5 +1,5 @@
/* x509_trs.c */
-/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project 1999.
*/
/* ====================================================================
diff --git a/lib/libcrypto/x509/x509cset.c b/lib/libcrypto/x509/x509cset.c
index 9d1646d5c8d..7f4004b2911 100644
--- a/lib/libcrypto/x509/x509cset.c
+++ b/lib/libcrypto/x509/x509cset.c
@@ -1,5 +1,5 @@
/* crypto/x509/x509cset.c */
-/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project 2001.
*/
/* ====================================================================
diff --git a/lib/libcrypto/x509/x509spki.c b/lib/libcrypto/x509/x509spki.c
index ed868b838e3..02a203d72c6 100644
--- a/lib/libcrypto/x509/x509spki.c
+++ b/lib/libcrypto/x509/x509spki.c
@@ -1,5 +1,5 @@
/* x509spki.c */
-/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project 1999.
*/
/* ====================================================================
diff --git a/lib/libcrypto/x509v3/ext_dat.h b/lib/libcrypto/x509v3/ext_dat.h
index 5c063ac65df..3eaec46f8a6 100644
--- a/lib/libcrypto/x509v3/ext_dat.h
+++ b/lib/libcrypto/x509v3/ext_dat.h
@@ -1,5 +1,5 @@
/* ext_dat.h */
-/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project 1999.
*/
/* ====================================================================
diff --git a/lib/libcrypto/x509v3/pcy_data.c b/lib/libcrypto/x509v3/pcy_data.c
index 4711b1ee927..fb392b901f0 100644
--- a/lib/libcrypto/x509v3/pcy_data.c
+++ b/lib/libcrypto/x509v3/pcy_data.c
@@ -1,5 +1,5 @@
/* pcy_data.c */
-/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project 2004.
*/
/* ====================================================================
diff --git a/lib/libcrypto/x509v3/pcy_tree.c b/lib/libcrypto/x509v3/pcy_tree.c
index b1ce77b9afc..6c87a7f506c 100644
--- a/lib/libcrypto/x509v3/pcy_tree.c
+++ b/lib/libcrypto/x509v3/pcy_tree.c
@@ -1,5 +1,5 @@
/* pcy_tree.c */
-/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project 2004.
*/
/* ====================================================================
diff --git a/lib/libcrypto/x509v3/tabtest.c b/lib/libcrypto/x509v3/tabtest.c
index dad0d38dd53..5ed6eb68911 100644
--- a/lib/libcrypto/x509v3/tabtest.c
+++ b/lib/libcrypto/x509v3/tabtest.c
@@ -1,5 +1,5 @@
/* tabtest.c */
-/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project 1999.
*/
/* ====================================================================
diff --git a/lib/libcrypto/x509v3/v3_addr.c b/lib/libcrypto/x509v3/v3_addr.c
index c6730ab3fd2..a37f844d3c2 100644
--- a/lib/libcrypto/x509v3/v3_addr.c
+++ b/lib/libcrypto/x509v3/v3_addr.c
@@ -878,6 +878,7 @@ int v3_addr_canonize(IPAddrBlocks *addr)
v3_addr_get_afi(f)))
return 0;
}
+ (void)sk_IPAddressFamily_set_cmp_func(addr, IPAddressFamily_cmp);
sk_IPAddressFamily_sort(addr);
assert(v3_addr_is_canonical(addr));
return 1;
diff --git a/lib/libcrypto/x509v3/v3_akey.c b/lib/libcrypto/x509v3/v3_akey.c
index ac0548b7751..c6b68ee2211 100644
--- a/lib/libcrypto/x509v3/v3_akey.c
+++ b/lib/libcrypto/x509v3/v3_akey.c
@@ -1,5 +1,5 @@
/* v3_akey.c */
-/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project 1999.
*/
/* ====================================================================
diff --git a/lib/libcrypto/x509v3/v3_akeya.c b/lib/libcrypto/x509v3/v3_akeya.c
index 2aafa26ba71..2c50f7360eb 100644
--- a/lib/libcrypto/x509v3/v3_akeya.c
+++ b/lib/libcrypto/x509v3/v3_akeya.c
@@ -1,5 +1,5 @@
/* v3_akey_asn1.c */
-/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project 1999.
*/
/* ====================================================================
diff --git a/lib/libcrypto/x509v3/v3_alt.c b/lib/libcrypto/x509v3/v3_alt.c
index ac3139d1e65..75fda7f2681 100644
--- a/lib/libcrypto/x509v3/v3_alt.c
+++ b/lib/libcrypto/x509v3/v3_alt.c
@@ -1,5 +1,5 @@
/* v3_alt.c */
-/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project.
*/
/* ====================================================================
@@ -527,7 +527,8 @@ GENERAL_NAME *v2i_GENERAL_NAME_ex(GENERAL_NAME *out,
return gen;
err:
- GENERAL_NAME_free(gen);
+ if (!out)
+ GENERAL_NAME_free(gen);
return NULL;
}
diff --git a/lib/libcrypto/x509v3/v3_bcons.c b/lib/libcrypto/x509v3/v3_bcons.c
index 74b1233071c..82aa488f75c 100644
--- a/lib/libcrypto/x509v3/v3_bcons.c
+++ b/lib/libcrypto/x509v3/v3_bcons.c
@@ -1,5 +1,5 @@
/* v3_bcons.c */
-/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project 1999.
*/
/* ====================================================================
diff --git a/lib/libcrypto/x509v3/v3_bitst.c b/lib/libcrypto/x509v3/v3_bitst.c
index cf31f0816ee..058d0d4dceb 100644
--- a/lib/libcrypto/x509v3/v3_bitst.c
+++ b/lib/libcrypto/x509v3/v3_bitst.c
@@ -1,5 +1,5 @@
/* v3_bitst.c */
-/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project 1999.
*/
/* ====================================================================
diff --git a/lib/libcrypto/x509v3/v3_conf.c b/lib/libcrypto/x509v3/v3_conf.c
index 2b867305fba..11eb6b7fd5f 100644
--- a/lib/libcrypto/x509v3/v3_conf.c
+++ b/lib/libcrypto/x509v3/v3_conf.c
@@ -1,5 +1,5 @@
/* v3_conf.c */
-/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project 1999.
*/
/* ====================================================================
diff --git a/lib/libcrypto/x509v3/v3_cpols.c b/lib/libcrypto/x509v3/v3_cpols.c
index a40f490aa90..95596055ab4 100644
--- a/lib/libcrypto/x509v3/v3_cpols.c
+++ b/lib/libcrypto/x509v3/v3_cpols.c
@@ -1,5 +1,5 @@
/* v3_cpols.c */
-/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project 1999.
*/
/* ====================================================================
diff --git a/lib/libcrypto/x509v3/v3_crld.c b/lib/libcrypto/x509v3/v3_crld.c
index c6e3ebae7b2..181a8977b12 100644
--- a/lib/libcrypto/x509v3/v3_crld.c
+++ b/lib/libcrypto/x509v3/v3_crld.c
@@ -1,5 +1,5 @@
/* v3_crld.c */
-/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project 1999.
*/
/* ====================================================================
diff --git a/lib/libcrypto/x509v3/v3_enum.c b/lib/libcrypto/x509v3/v3_enum.c
index a236cb22e15..36576eaa4d1 100644
--- a/lib/libcrypto/x509v3/v3_enum.c
+++ b/lib/libcrypto/x509v3/v3_enum.c
@@ -1,5 +1,5 @@
/* v3_enum.c */
-/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project 1999.
*/
/* ====================================================================
diff --git a/lib/libcrypto/x509v3/v3_extku.c b/lib/libcrypto/x509v3/v3_extku.c
index a4efe0031e1..c0d14500ed8 100644
--- a/lib/libcrypto/x509v3/v3_extku.c
+++ b/lib/libcrypto/x509v3/v3_extku.c
@@ -1,5 +1,5 @@
/* v3_extku.c */
-/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project 1999.
*/
/* ====================================================================
diff --git a/lib/libcrypto/x509v3/v3_genn.c b/lib/libcrypto/x509v3/v3_genn.c
index 650b510980d..84b4b1c8813 100644
--- a/lib/libcrypto/x509v3/v3_genn.c
+++ b/lib/libcrypto/x509v3/v3_genn.c
@@ -1,5 +1,5 @@
/* v3_genn.c */
-/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project 1999.
*/
/* ====================================================================
diff --git a/lib/libcrypto/x509v3/v3_ia5.c b/lib/libcrypto/x509v3/v3_ia5.c
index b739ccd0361..4ff12b52b54 100644
--- a/lib/libcrypto/x509v3/v3_ia5.c
+++ b/lib/libcrypto/x509v3/v3_ia5.c
@@ -1,5 +1,5 @@
/* v3_ia5.c */
-/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project 1999.
*/
/* ====================================================================
diff --git a/lib/libcrypto/x509v3/v3_info.c b/lib/libcrypto/x509v3/v3_info.c
index e0ef69de423..e1b8699f921 100644
--- a/lib/libcrypto/x509v3/v3_info.c
+++ b/lib/libcrypto/x509v3/v3_info.c
@@ -1,5 +1,5 @@
/* v3_info.c */
-/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project 1999.
*/
/* ====================================================================
diff --git a/lib/libcrypto/x509v3/v3_int.c b/lib/libcrypto/x509v3/v3_int.c
index 9a48dc1508d..4bfd14cf46b 100644
--- a/lib/libcrypto/x509v3/v3_int.c
+++ b/lib/libcrypto/x509v3/v3_int.c
@@ -1,5 +1,5 @@
/* v3_int.c */
-/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project 1999.
*/
/* ====================================================================
diff --git a/lib/libcrypto/x509v3/v3_lib.c b/lib/libcrypto/x509v3/v3_lib.c
index f3015ea610c..df3a48f43ef 100644
--- a/lib/libcrypto/x509v3/v3_lib.c
+++ b/lib/libcrypto/x509v3/v3_lib.c
@@ -1,5 +1,5 @@
/* v3_lib.c */
-/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project 1999.
*/
/* ====================================================================
diff --git a/lib/libcrypto/x509v3/v3_ocsp.c b/lib/libcrypto/x509v3/v3_ocsp.c
index 62aac063353..e426ea930c4 100644
--- a/lib/libcrypto/x509v3/v3_ocsp.c
+++ b/lib/libcrypto/x509v3/v3_ocsp.c
@@ -1,5 +1,5 @@
/* v3_ocsp.c */
-/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project 1999.
*/
/* ====================================================================
diff --git a/lib/libcrypto/x509v3/v3_pku.c b/lib/libcrypto/x509v3/v3_pku.c
index 5c4626e89b5..076f3ff48e2 100644
--- a/lib/libcrypto/x509v3/v3_pku.c
+++ b/lib/libcrypto/x509v3/v3_pku.c
@@ -1,5 +1,5 @@
/* v3_pku.c */
-/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project 1999.
*/
/* ====================================================================
diff --git a/lib/libcrypto/x509v3/v3_prn.c b/lib/libcrypto/x509v3/v3_prn.c
index 20bd9bda190..c1bb17f105a 100644
--- a/lib/libcrypto/x509v3/v3_prn.c
+++ b/lib/libcrypto/x509v3/v3_prn.c
@@ -1,5 +1,5 @@
/* v3_prn.c */
-/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project 1999.
*/
/* ====================================================================
diff --git a/lib/libcrypto/x509v3/v3_purp.c b/lib/libcrypto/x509v3/v3_purp.c
index c54e7887c70..e18751e01cb 100644
--- a/lib/libcrypto/x509v3/v3_purp.c
+++ b/lib/libcrypto/x509v3/v3_purp.c
@@ -1,5 +1,5 @@
/* v3_purp.c */
-/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project 2001.
*/
/* ====================================================================
diff --git a/lib/libcrypto/x509v3/v3_skey.c b/lib/libcrypto/x509v3/v3_skey.c
index da0a3558f65..202c9e48965 100644
--- a/lib/libcrypto/x509v3/v3_skey.c
+++ b/lib/libcrypto/x509v3/v3_skey.c
@@ -1,5 +1,5 @@
/* v3_skey.c */
-/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project 1999.
*/
/* ====================================================================
diff --git a/lib/libcrypto/x509v3/v3_sxnet.c b/lib/libcrypto/x509v3/v3_sxnet.c
index eaea9ea01b4..2a6bf11b650 100644
--- a/lib/libcrypto/x509v3/v3_sxnet.c
+++ b/lib/libcrypto/x509v3/v3_sxnet.c
@@ -1,5 +1,5 @@
/* v3_sxnet.c */
-/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project 1999.
*/
/* ====================================================================
diff --git a/lib/libcrypto/x509v3/v3_utl.c b/lib/libcrypto/x509v3/v3_utl.c
index 57be441399f..2cb53008e37 100644
--- a/lib/libcrypto/x509v3/v3_utl.c
+++ b/lib/libcrypto/x509v3/v3_utl.c
@@ -1,5 +1,5 @@
/* v3_utl.c */
-/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project.
*/
/* ====================================================================
@@ -736,17 +736,20 @@ static int ipv6_from_asc(unsigned char *v6, const char *in)
/* Format result */
- /* Copy initial part */
- if (v6stat.zero_pos > 0)
+ if (v6stat.zero_pos >= 0)
+ {
+ /* Copy initial part */
memcpy(v6, v6stat.tmp, v6stat.zero_pos);
- /* Zero middle */
- if (v6stat.total != 16)
+ /* Zero middle */
memset(v6 + v6stat.zero_pos, 0, 16 - v6stat.total);
- /* Copy final part */
- if (v6stat.total != v6stat.zero_pos)
- memcpy(v6 + v6stat.zero_pos + 16 - v6stat.total,
- v6stat.tmp + v6stat.zero_pos,
- v6stat.total - v6stat.zero_pos);
+ /* Copy final part */
+ if (v6stat.total != v6stat.zero_pos)
+ memcpy(v6 + v6stat.zero_pos + 16 - v6stat.total,
+ v6stat.tmp + v6stat.zero_pos,
+ v6stat.total - v6stat.zero_pos);
+ }
+ else
+ memcpy(v6, v6stat.tmp, 16);
return 1;
}
diff --git a/lib/libcrypto/x509v3/v3conf.c b/lib/libcrypto/x509v3/v3conf.c
index 00cf5b4a5b2..a9e6ca35428 100644
--- a/lib/libcrypto/x509v3/v3conf.c
+++ b/lib/libcrypto/x509v3/v3conf.c
@@ -1,5 +1,5 @@
/* v3conf.c */
-/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project 1999.
*/
/* ====================================================================
diff --git a/lib/libcrypto/x509v3/v3prin.c b/lib/libcrypto/x509v3/v3prin.c
index b529814319b..d5ff268296f 100644
--- a/lib/libcrypto/x509v3/v3prin.c
+++ b/lib/libcrypto/x509v3/v3prin.c
@@ -1,5 +1,5 @@
/* v3prin.c */
-/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project 1999.
*/
/* ====================================================================
diff --git a/lib/libcrypto/x509v3/x509v3.h b/lib/libcrypto/x509v3/x509v3.h
index 5ba59f71c94..9ef83da755e 100644
--- a/lib/libcrypto/x509v3/x509v3.h
+++ b/lib/libcrypto/x509v3/x509v3.h
@@ -1,5 +1,5 @@
/* x509v3.h */
-/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project 1999.
*/
/* ====================================================================
diff --git a/lib/libssl/d1_pkt.c b/lib/libssl/d1_pkt.c
index b2765ba8019..eb56cf987ba 100644
--- a/lib/libssl/d1_pkt.c
+++ b/lib/libssl/d1_pkt.c
@@ -597,6 +597,7 @@ again:
/* check whether this is a repeat, or aged record */
if ( ! dtls1_record_replay_check(s, bitmap, &(rr->seq_num)))
{
+ rr->length = 0;
s->packet_length=0; /* dump this record */
goto again; /* get another record */
}
diff --git a/lib/libssl/s3_clnt.c b/lib/libssl/s3_clnt.c
index 9b823fddbd3..50308487aa5 100644
--- a/lib/libssl/s3_clnt.c
+++ b/lib/libssl/s3_clnt.c
@@ -972,7 +972,7 @@ int ssl3_get_server_certificate(SSL *s)
}
i=ssl_verify_cert_chain(s,sk);
- if ((s->verify_mode != SSL_VERIFY_NONE) && (!i)
+ if ((s->verify_mode != SSL_VERIFY_NONE) && (i <= 0)
#ifndef OPENSSL_NO_KRB5
&& (s->s3->tmp.new_cipher->algorithms & (SSL_MKEY_MASK|SSL_AUTH_MASK))
!= (SSL_aKRB5|SSL_kKRB5)
@@ -1006,7 +1006,7 @@ int ssl3_get_server_certificate(SSL *s)
== (SSL_aKRB5|SSL_kKRB5))? 0: 1;
#ifdef KSSL_DEBUG
- printf("pkey,x = %p, %p\n", pkey,x);
+ printf("pkey,x = %p, %p\n", (void *)pkey,(void *)x);
printf("ssl_cert_type(x,pkey) = %d\n", ssl_cert_type(x,pkey));
printf("cipher, alg, nc = %s, %lx, %d\n", s->s3->tmp.new_cipher->name,
s->s3->tmp.new_cipher->algorithms, need_cert);
@@ -1459,7 +1459,7 @@ int ssl3_get_key_exchange(SSL *s)
EVP_VerifyUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE);
EVP_VerifyUpdate(&md_ctx,&(s->s3->server_random[0]),SSL3_RANDOM_SIZE);
EVP_VerifyUpdate(&md_ctx,param,param_len);
- if (!EVP_VerifyFinal(&md_ctx,p,(int)n,pkey))
+ if (EVP_VerifyFinal(&md_ctx,p,(int)n,pkey) <= 0)
{
/* bad signature */
al=SSL_AD_DECRYPT_ERROR;
@@ -1477,7 +1477,7 @@ int ssl3_get_key_exchange(SSL *s)
EVP_VerifyUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE);
EVP_VerifyUpdate(&md_ctx,&(s->s3->server_random[0]),SSL3_RANDOM_SIZE);
EVP_VerifyUpdate(&md_ctx,param,param_len);
- if (!EVP_VerifyFinal(&md_ctx,p,(int)n,pkey))
+ if (EVP_VerifyFinal(&md_ctx,p,(int)n,pkey) <= 0)
{
/* bad signature */
al=SSL_AD_DECRYPT_ERROR;
@@ -1777,7 +1777,7 @@ int ssl3_get_cert_status(SSL *s)
goto f_err;
}
n2l3(p, resplen);
- if (resplen + 4 != n)
+ if (resplen + 4 != (unsigned long)n)
{
al = SSL_AD_DECODE_ERROR;
SSLerr(SSL_F_SSL3_GET_CERT_STATUS,SSL_R_LENGTH_MISMATCH);
diff --git a/lib/libssl/s3_pkt.c b/lib/libssl/s3_pkt.c
index 72853a2e728..9476dcddf6e 100644
--- a/lib/libssl/s3_pkt.c
+++ b/lib/libssl/s3_pkt.c
@@ -753,8 +753,15 @@ int ssl3_write_pending(SSL *s, int type, const unsigned char *buf,
s->rwstate=SSL_NOTHING;
return(s->s3->wpend_ret);
}
- else if (i <= 0)
+ else if (i <= 0) {
+ if (s->version == DTLS1_VERSION ||
+ s->version == DTLS1_BAD_VER) {
+ /* For DTLS, just drop it. That's kind of the whole
+ point in using a datagram service */
+ s->s3->wbuf.left = 0;
+ }
return(i);
+ }
s->s3->wbuf.offset+=i;
s->s3->wbuf.left-=i;
}
diff --git a/lib/libssl/s3_srvr.c b/lib/libssl/s3_srvr.c
index 398ce469d68..80b45eb86ff 100644
--- a/lib/libssl/s3_srvr.c
+++ b/lib/libssl/s3_srvr.c
@@ -902,22 +902,28 @@ int ssl3_get_client_hello(SSL *s)
break;
}
}
- if (j == 0)
- {
- if ((s->options & SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG) && (sk_SSL_CIPHER_num(ciphers) == 1))
- {
- /* Very bad for multi-threading.... */
- s->session->cipher=sk_SSL_CIPHER_value(ciphers, 0);
- }
- else
+ if (j == 0 && (s->options & SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG) && (sk_SSL_CIPHER_num(ciphers) == 1))
+ {
+ /* Special case as client bug workaround: the previously used cipher may
+ * not be in the current list, the client instead might be trying to
+ * continue using a cipher that before wasn't chosen due to server
+ * preferences. We'll have to reject the connection if the cipher is not
+ * enabled, though. */
+ c = sk_SSL_CIPHER_value(ciphers, 0);
+ if (sk_SSL_CIPHER_find(SSL_get_ciphers(s), c) >= 0)
{
- /* we need to have the cipher in the cipher
- * list if we are asked to reuse it */
- al=SSL_AD_ILLEGAL_PARAMETER;
- SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_REQUIRED_CIPHER_MISSING);
- goto f_err;
+ s->session->cipher = c;
+ j = 1;
}
}
+ if (j == 0)
+ {
+ /* we need to have the cipher in the cipher
+ * list if we are asked to reuse it */
+ al=SSL_AD_ILLEGAL_PARAMETER;
+ SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_REQUIRED_CIPHER_MISSING);
+ goto f_err;
+ }
}
/* compression */
@@ -2560,7 +2566,7 @@ int ssl3_get_client_certificate(SSL *s)
else
{
i=ssl_verify_cert_chain(s,sk);
- if (!i)
+ if (i <= 0)
{
al=ssl_verify_alarm_type(s->verify_result);
SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,SSL_R_NO_CERTIFICATE_RETURNED);
diff --git a/lib/libssl/ssl_ciph.c b/lib/libssl/ssl_ciph.c
index 514292a03ed..4116fd12f1a 100644
--- a/lib/libssl/ssl_ciph.c
+++ b/lib/libssl/ssl_ciph.c
@@ -115,7 +115,10 @@
*/
#include <stdio.h>
#include <openssl/objects.h>
+#ifndef OPENSSL_NO_COMP
#include <openssl/comp.h>
+#endif
+
#include "ssl_locl.h"
#define SSL_ENC_DES_IDX 0
diff --git a/lib/libssl/ssl_locl.h b/lib/libssl/ssl_locl.h
index 735db397132..ed4ddbbae6c 100644
--- a/lib/libssl/ssl_locl.h
+++ b/lib/libssl/ssl_locl.h
@@ -124,7 +124,9 @@
#include "e_os.h"
#include <openssl/buffer.h>
+#ifndef OPENSSL_NO_COMP
#include <openssl/comp.h>
+#endif
#include <openssl/bio.h>
#include <openssl/stack.h>
#ifndef OPENSSL_NO_RSA
@@ -500,6 +502,7 @@ typedef struct ssl3_enc_method
int (*alert_value)(int);
} SSL3_ENC_METHOD;
+#ifndef OPENSSL_NO_COMP
/* Used for holding the relevant compression methods loaded into SSL_CTX */
typedef struct ssl3_comp_st
{
@@ -507,6 +510,7 @@ typedef struct ssl3_comp_st
char *name; /* Text name used for the compression type */
COMP_METHOD *method; /* The method :-) */
} SSL3_COMP;
+#endif
extern SSL3_ENC_METHOD ssl3_undef_enc_method;
OPENSSL_EXTERN SSL_CIPHER ssl2_ciphers[];
diff --git a/lib/libssl/t1_enc.c b/lib/libssl/t1_enc.c
index 3c4dec76d75..7cb3e29a41b 100644
--- a/lib/libssl/t1_enc.c
+++ b/lib/libssl/t1_enc.c
@@ -111,10 +111,15 @@
#include <stdio.h>
#include "ssl_locl.h"
+#ifndef OPENSSL_NO_COMP
#include <openssl/comp.h>
+#endif
#include <openssl/evp.h>
#include <openssl/hmac.h>
#include <openssl/md5.h>
+#ifdef KSSL_DEBUG
+#include <openssl/des.h>
+#endif
static void tls1_P_hash(const EVP_MD *md, const unsigned char *sec,
int sec_len, unsigned char *seed, int seed_len,
@@ -251,15 +256,15 @@ int tls1_change_cipher_state(SSL *s, int which)
#ifdef KSSL_DEBUG
printf("tls1_change_cipher_state(which= %d) w/\n", which);
printf("\talg= %ld, comp= %p\n", s->s3->tmp.new_cipher->algorithms,
- comp);
- printf("\tevp_cipher == %p ==? &d_cbc_ede_cipher3\n", c);
+ (void *)comp);
+ printf("\tevp_cipher == %p ==? &d_cbc_ede_cipher3\n", (void *)c);
printf("\tevp_cipher: nid, blksz= %d, %d, keylen=%d, ivlen=%d\n",
c->nid,c->block_size,c->key_len,c->iv_len);
printf("\tkey_block: len= %d, data= ", s->s3->tmp.key_block_length);
{
- int i;
- for (i=0; i<s->s3->tmp.key_block_length; i++)
- printf("%02x", key_block[i]); printf("\n");
+ int ki;
+ for (ki=0; ki<s->s3->tmp.key_block_length; ki++)
+ printf("%02x", key_block[ki]); printf("\n");
}
#endif /* KSSL_DEBUG */
@@ -415,11 +420,13 @@ printf("which = %04X\nmac key=",which);
s->session->key_arg_length=0;
#ifdef KSSL_DEBUG
{
- int i;
+ int ki;
printf("EVP_CipherInit_ex(dd,c,key=,iv=,which)\n");
- printf("\tkey= "); for (i=0; i<c->key_len; i++) printf("%02x", key[i]);
+ printf("\tkey= ");
+ for (ki=0; ki<c->key_len; ki++) printf("%02x", key[ki]);
printf("\n");
- printf("\t iv= "); for (i=0; i<c->iv_len; i++) printf("%02x", iv[i]);
+ printf("\t iv= ");
+ for (ki=0; ki<c->iv_len; ki++) printf("%02x", iv[ki]);
printf("\n");
}
#endif /* KSSL_DEBUG */
@@ -592,10 +599,11 @@ int tls1_enc(SSL *s, int send)
{
unsigned long ui;
printf("EVP_Cipher(ds=%p,rec->data=%p,rec->input=%p,l=%ld) ==>\n",
- ds,rec->data,rec->input,l);
- printf("\tEVP_CIPHER_CTX: %d buf_len, %d key_len [%d %d], %d iv_len\n",
+ (void *)ds,rec->data,rec->input,l);
+ printf("\tEVP_CIPHER_CTX: %d buf_len, %d key_len [%ld %ld], %d iv_len\n",
ds->buf_len, ds->cipher->key_len,
- DES_KEY_SZ, DES_SCHEDULE_SZ,
+ (unsigned long)DES_KEY_SZ,
+ (unsigned long)DES_SCHEDULE_SZ,
ds->cipher->iv_len);
printf("\t\tIV: ");
for (i=0; i<ds->cipher->iv_len; i++) printf("%02X", ds->iv[i]);
@@ -620,10 +628,10 @@ int tls1_enc(SSL *s, int send)
#ifdef KSSL_DEBUG
{
- unsigned long i;
+ unsigned long ki;
printf("\trec->data=");
- for (i=0; i<l; i++)
- printf(" %02x", rec->data[i]); printf("\n");
+ for (ki=0; ki<l; i++)
+ printf(" %02x", rec->data[ki]); printf("\n");
}
#endif /* KSSL_DEBUG */
@@ -807,7 +815,7 @@ int tls1_generate_master_secret(SSL *s, unsigned char *out, unsigned char *p,
unsigned char buff[SSL_MAX_MASTER_KEY_LENGTH];
#ifdef KSSL_DEBUG
- printf ("tls1_generate_master_secret(%p,%p, %p, %d)\n", s,out, p,len);
+ printf ("tls1_generate_master_secret(%p,%p, %p, %d)\n", (void *)s,out, p,len);
#endif /* KSSL_DEBUG */
/* Setup the stuff to munge */
diff --git a/lib/libssl/test/Makefile b/lib/libssl/test/Makefile
index 3e58351cb9b..73d64440b15 100644
--- a/lib/libssl/test/Makefile
+++ b/lib/libssl/test/Makefile
@@ -5,7 +5,7 @@
DIR= test
TOP= ..
CC= cc
-INCLUDES= -I$(TOP) -I../include $(KRB5_INCLUDES)
+INCLUDES= -I$(TOP) -I../include $(KRB5_INCLUDES) -I$(TOP)/fips
CFLAG= -g
MAKEDEPEND= $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
PERL= perl
@@ -27,6 +27,7 @@ DLIBCRYPTO= ../libcrypto.a
DLIBSSL= ../libssl.a
LIBCRYPTO= -L.. -lcrypto
LIBSSL= -L.. -lssl
+LIBFIPS= -L.. -lfips
BNTEST= bntest
ECTEST= ectest
@@ -59,6 +60,18 @@ RSATEST= rsa_test
ENGINETEST= enginetest
EVPTEST= evp_test
IGETEST= igetest
+FIPS_SHATEST= fips_shatest
+FIPS_DESTEST= fips_desmovs
+FIPS_RANDTEST= fips_randtest
+FIPS_AESTEST= fips_aesavs
+FIPS_HMACTEST= fips_hmactest
+FIPS_RSAVTEST= fips_rsavtest
+FIPS_RSASTEST= fips_rsastest
+FIPS_RSAGTEST= fips_rsagtest
+FIPS_DSATEST= fips_dsatest
+FIPS_DSSVS= fips_dssvs
+FIPS_RNGVS= fips_rngvs
+FIPS_TEST_SUITE=fips_test_suite
TESTS= alltests
@@ -69,7 +82,13 @@ EXE= $(BNTEST)$(EXE_EXT) $(ECTEST)$(EXE_EXT) $(ECDSATEST)$(EXE_EXT) $(ECDHTEST)
$(MDC2TEST)$(EXE_EXT) $(RMDTEST)$(EXE_EXT) \
$(RANDTEST)$(EXE_EXT) $(DHTEST)$(EXE_EXT) $(ENGINETEST)$(EXE_EXT) \
$(BFTEST)$(EXE_EXT) $(CASTTEST)$(EXE_EXT) $(SSLTEST)$(EXE_EXT) $(EXPTEST)$(EXE_EXT) $(DSATEST)$(EXE_EXT) $(RSATEST)$(EXE_EXT) \
- $(EVPTEST)$(EXE_EXT) $(IGETEST)$(EXE_EXT)
+ $(EVPTEST)$(EXE_EXT) $(IGETEST)$(EXE_EXT) \
+ $(FIPS_SHATEST)$(EXE_EXT) $(FIPS_DESTEST)$(EXE_EXT) \
+ $(FIPS_RANDTEST)$(EXE_EXT) $(FIPS_AESTEST)$(EXE_EXT) \
+ $(FIPS_HMACTEST)$(EXE_EXT) $(FIPS_RSAVTEST)$(EXE_EXT) \
+ $(FIPS_RSASTEST)$(EXE_EXT) $(FIPS_RSAGTEST)$(EXE_EXT) \
+ $(FIPS_DSSVS)$(EXE_EXT) $(FIPS_DSATEST)$(EXE_EXT) \
+ $(FIPS_RNGVS)$(EXE_EXT) $(FIPS_TEST_SUITE)$(EXE_EXT) jpaketest$(EXE_EXT)
# $(METHTEST)$(EXE_EXT)
@@ -81,7 +100,13 @@ OBJ= $(BNTEST).o $(ECTEST).o $(ECDSATEST).o $(ECDHTEST).o $(IDEATEST).o \
$(MDC2TEST).o $(RMDTEST).o \
$(RANDTEST).o $(DHTEST).o $(ENGINETEST).o $(CASTTEST).o \
$(BFTEST).o $(SSLTEST).o $(DSATEST).o $(EXPTEST).o $(RSATEST).o \
- $(EVPTEST).o $(IGETEST).o
+ $(EVPTEST).o $(IGETEST).o \
+ $(FIPS_SHATEST).o $(FIPS_DESTEST).o $(FIPS_RANDTEST).o \
+ $(FIPS_AESTEST).o $(FIPS_HMACTEST).o $(FIPS_RSAVTEST).o \
+ $(FIPS_RSASTEST).o $(FIPS_RSAGTEST).o \
+ $(FIPS_DSSVS).o $(FIPS_DSATEST).o $(FIPS_RNGVS).o $(FIPS_TEST_SUITE).o \
+ jpaketest.o
+
SRC= $(BNTEST).c $(ECTEST).c $(ECDSATEST).c $(ECDHTEST).c $(IDEATEST).c \
$(MD2TEST).c $(MD4TEST).c $(MD5TEST).c \
$(HMACTEST).c \
@@ -89,7 +114,12 @@ SRC= $(BNTEST).c $(ECTEST).c $(ECDSATEST).c $(ECDHTEST).c $(IDEATEST).c \
$(DESTEST).c $(SHATEST).c $(SHA1TEST).c $(MDC2TEST).c $(RMDTEST).c \
$(RANDTEST).c $(DHTEST).c $(ENGINETEST).c $(CASTTEST).c \
$(BFTEST).c $(SSLTEST).c $(DSATEST).c $(EXPTEST).c $(RSATEST).c \
- $(EVPTEST).c $(IGETEST).c
+ $(EVPTEST).c $(IGETEST).c \
+ $(FIPS_SHATEST).c $(FIPS_DESTEST).c $(FIPS_RANDTEST).c \
+ $(FIPS_AESTEST).c $(FIPS_HMACTEST).c $(FIPS_RSAVTEST).c \
+ $(FIPS_RSASTEST).c $(FIPS_RSAGTEST).c \
+ $(FIPS_DSSVS).c $(FIPS_DSATEST).c $(FIPS_RNGVS).c $(FIPS_TEST_SUITE).c \
+ jpaketest.c
EXHEADER=
HEADER= $(EXHEADER)
@@ -131,7 +161,7 @@ alltests: \
test_rand test_bn test_ec test_ecdsa test_ecdh \
test_enc test_x509 test_rsa test_crl test_sid \
test_gen test_req test_pkcs7 test_verify test_dh test_dsa \
- test_ss test_ca test_engine test_evp test_ssl test_ige
+ test_ss test_ca test_engine test_evp test_ssl test_ige test_jpake
test_evp:
../util/shlib_wrap.sh ./$(EVPTEST) evptests.txt
@@ -147,6 +177,9 @@ test_sha:
../util/shlib_wrap.sh ./$(SHA1TEST)
../util/shlib_wrap.sh ./$(SHA256TEST)
../util/shlib_wrap.sh ./$(SHA512TEST)
+ if [ -n "$(FIPSCANLIB)" ]; then \
+ ../util/shlib_wrap.sh ./$(FIPS_SHATEST) < SHAmix.r | diff -w SHAmix.x - ; \
+ fi
test_mdc2:
../util/shlib_wrap.sh ./$(MDC2TEST)
@@ -183,6 +216,9 @@ test_rc5:
test_rand:
../util/shlib_wrap.sh ./$(RANDTEST)
+ if [ -n "$(FIPSCANLIB)" ]; then \
+ ../util/shlib_wrap.sh ./$(FIPS_RANDTEST); \
+ fi
test_enc:
sh ./testenc
@@ -247,6 +283,9 @@ test_dsa:
@echo "Generate a set of DSA parameters"
../util/shlib_wrap.sh ./$(DSATEST)
../util/shlib_wrap.sh ./$(DSATEST) -app2_1
+ if [ -n "$(FIPSCANLIB)" ]; then \
+ ../util/shlib_wrap.sh ./$(FIPS_DSATEST); \
+ fi
test_gen:
@echo "Generate and verify a certificate request"
@@ -266,6 +305,9 @@ test_engine:
test_ssl: keyU.ss certU.ss certCA.ss certP1.ss keyP1.ss certP2.ss keyP2.ss \
intP1.ss intP2.ss
@echo "test SSL protocol"
+ @if [ -n "$(FIPSCANLIB)" ]; then \
+ sh ./testfipsssl keyU.ss certU.ss certCA.ss; \
+ fi
../util/shlib_wrap.sh ./$(SSLTEST) -test_cipherlist
@sh ./testssl keyU.ss certU.ss certCA.ss
@sh ./testsslproxy keyP1.ss certP1.ss intP1.ss
@@ -287,6 +329,10 @@ test_ige: $(IGETEST)$(EXE_EXT)
@echo "Test IGE mode"
../util/shlib_wrap.sh ./$(IGETEST)
+test_jpake: jpaketest$(EXE_EXT)
+ @echo "Test JPAKE"
+ ../util/shlib_wrap.sh ./jpaketest
+
lint:
lint -DLINT $(INCLUDES) $(SRC)>fluff
@@ -302,7 +348,7 @@ dclean:
mv -f Makefile.new $(MAKEFILE)
clean:
- rm -f .rnd tmp.bntest tmp.bctest *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff $(EXE) *.ss *.srl log
+ rm -f .rnd tmp.bntest tmp.bctest *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff $(EXE) *.ss *.srl log dummytest
$(DLIBSSL):
(cd ..; $(MAKE) DIRS=ssl all)
@@ -314,6 +360,7 @@ BUILD_CMD=shlib_target=; if [ -n "$(SHARED_LIBS)" ]; then \
shlib_target="$(SHLIB_TARGET)"; \
fi; \
LIBRARIES="$(LIBSSL) $(LIBCRYPTO) $(LIBKRB5)"; \
+ [ "$(FIPSCANLIB)" = "libfips" ] && LIBRARIES="$$LIBRARIES -lfips"; \
$(MAKE) -f $(TOP)/Makefile.shared -e \
APPNAME=$$target$(EXE_EXT) OBJECTS="$$target.o" \
LIBDEPS="$(PEX_LIBS) $$LIBRARIES $(EX_LIBS)" \
@@ -349,6 +396,69 @@ $(SHA256TEST)$(EXE_EXT): $(SHA256TEST).o $(DLIBCRYPTO)
$(SHA512TEST)$(EXE_EXT): $(SHA512TEST).o $(DLIBCRYPTO)
@target=$(SHA512TEST); $(BUILD_CMD)
+FIPS_BUILD_CMD=shlib_target=; if [ -n "$(SHARED_LIBS)" ]; then \
+ shlib_target="$(SHLIB_TARGET)"; \
+ fi; \
+ if [ "$(FIPSCANLIB)" = "libfips" ]; then \
+ LIBRARIES="-L$(TOP) -lfips"; \
+ elif [ -n "$(FIPSCANLIB)" ]; then \
+ FIPSLD_CC=$(CC); CC=$(TOP)/fips/fipsld; export CC FIPSLD_CC; \
+ LIBRARIES="$${FIPSLIBDIR:-$(TOP)/fips/}fipscanister.o"; \
+ fi; \
+ $(MAKE) -f $(TOP)/Makefile.shared -e \
+ CC=$${CC} APPNAME=$$target$(EXE_EXT) OBJECTS="$$target.o" \
+ LIBDEPS="$(PEX_LIBS) $$LIBRARIES $(EX_LIBS)" \
+ link_app.$${shlib_target}
+
+FIPS_CRYPTO_BUILD_CMD=shlib_target=; if [ -n "$(SHARED_LIBS)" ]; then \
+ shlib_target="$(SHLIB_TARGET)"; \
+ fi; \
+ LIBRARIES="$(LIBSSL) $(LIBCRYPTO) $(LIBKRB5)"; \
+ if [ -z "$(SHARED_LIBS)" -a -n "$(FIPSCANLIB)" ] ; then \
+ FIPSLD_CC=$(CC); CC=$(TOP)/fips/fipsld; export CC FIPSLD_CC; \
+ fi; \
+ [ "$(FIPSCANLIB)" = "libfips" ] && LIBRARIES="$$LIBRARIES -lfips"; \
+ $(MAKE) -f $(TOP)/Makefile.shared -e \
+ CC=$${CC} APPNAME=$$target$(EXE_EXT) OBJECTS="$$target.o" \
+ LIBDEPS="$(PEX_LIBS) $$LIBRARIES $(EX_LIBS)" \
+ link_app.$${shlib_target}
+
+$(FIPS_SHATEST)$(EXE_EXT): $(FIPS_SHATEST).o $(DLIBCRYPTO)
+ @target=$(FIPS_SHATEST); $(FIPS_BUILD_CMD)
+
+$(FIPS_AESTEST)$(EXE_EXT): $(FIPS_AESTEST).o $(DLIBCRYPTO)
+ @target=$(FIPS_AESTEST); $(FIPS_BUILD_CMD)
+
+$(FIPS_DESTEST)$(EXE_EXT): $(FIPS_DESTEST).o $(DLIBCRYPTO)
+ @target=$(FIPS_DESTEST); $(FIPS_BUILD_CMD)
+
+$(FIPS_HMACTEST)$(EXE_EXT): $(FIPS_HMACTEST).o $(DLIBCRYPTO)
+ @target=$(FIPS_HMACTEST); $(FIPS_BUILD_CMD)
+
+$(FIPS_RANDTEST)$(EXE_EXT): $(FIPS_RANDTEST).o $(DLIBCRYPTO)
+ @target=$(FIPS_RANDTEST); $(FIPS_BUILD_CMD)
+
+$(FIPS_RSAVTEST)$(EXE_EXT): $(FIPS_RSAVTEST).o $(DLIBCRYPTO)
+ @target=$(FIPS_RSAVTEST); $(FIPS_BUILD_CMD)
+
+$(FIPS_RSASTEST)$(EXE_EXT): $(FIPS_RSASTEST).o $(DLIBCRYPTO)
+ @target=$(FIPS_RSASTEST); $(FIPS_BUILD_CMD)
+
+$(FIPS_RSAGTEST)$(EXE_EXT): $(FIPS_RSAGTEST).o $(DLIBCRYPTO)
+ @target=$(FIPS_RSAGTEST); $(FIPS_BUILD_CMD)
+
+$(FIPS_DSATEST)$(EXE_EXT): $(FIPS_DSATEST).o $(DLIBCRYPTO)
+ @target=$(FIPS_DSATEST); $(FIPS_BUILD_CMD)
+
+$(FIPS_DSSVS)$(EXE_EXT): $(FIPS_DSSVS).o $(DLIBCRYPTO)
+ @target=$(FIPS_DSSVS); $(FIPS_BUILD_CMD)
+
+$(FIPS_RNGVS)$(EXE_EXT): $(FIPS_RNGVS).o $(DLIBCRYPTO)
+ @target=$(FIPS_RNGVS); $(FIPS_BUILD_CMD)
+
+$(FIPS_TEST_SUITE)$(EXE_EXT): $(FIPS_TEST_SUITE).o $(DLIBCRYPTO)
+ @target=$(FIPS_TEST_SUITE); $(FIPS_BUILD_CMD)
+
$(RMDTEST)$(EXE_EXT): $(RMDTEST).o $(DLIBCRYPTO)
@target=$(RMDTEST); $(BUILD_CMD)
@@ -395,7 +505,7 @@ $(METHTEST)$(EXE_EXT): $(METHTEST).o $(DLIBCRYPTO)
@target=$(METHTEST); $(BUILD_CMD)
$(SSLTEST)$(EXE_EXT): $(SSLTEST).o $(DLIBSSL) $(DLIBCRYPTO)
- @target=$(SSLTEST); $(BUILD_CMD)
+ @target=$(SSLTEST); $(FIPS_CRYPTO_BUILD_CMD)
$(ENGINETEST)$(EXE_EXT): $(ENGINETEST).o $(DLIBCRYPTO)
@target=$(ENGINETEST); $(BUILD_CMD)
@@ -412,6 +522,9 @@ $(ECDHTEST)$(EXE_EXT): $(ECDHTEST).o $(DLIBCRYPTO)
$(IGETEST)$(EXE_EXT): $(IGETEST).o $(DLIBCRYPTO)
@target=$(IGETEST); $(BUILD_CMD)
+jpaketest$(EXE_EXT): jpaketest.o $(DLIBCRYPTO)
+ @target=jpaketest; $(BUILD_CMD)
+
#$(AESTEST).o: $(AESTEST).c
# $(CC) -c $(CFLAGS) -DINTERMEDIATE_VALUE_KAT -DTRACE_KAT_MCT $(AESTEST).c
@@ -435,14 +548,15 @@ bntest.o: ../include/openssl/crypto.h ../include/openssl/dh.h
bntest.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
bntest.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
bntest.o: ../include/openssl/ecdsa.h ../include/openssl/err.h
-bntest.o: ../include/openssl/evp.h ../include/openssl/lhash.h
-bntest.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-bntest.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-bntest.o: ../include/openssl/ossl_typ.h ../include/openssl/pkcs7.h
-bntest.o: ../include/openssl/rand.h ../include/openssl/rsa.h
-bntest.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-bntest.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-bntest.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h bntest.c
+bntest.o: ../include/openssl/evp.h ../include/openssl/fips.h
+bntest.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
+bntest.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+bntest.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+bntest.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
+bntest.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+bntest.o: ../include/openssl/sha.h ../include/openssl/stack.h
+bntest.o: ../include/openssl/symhacks.h ../include/openssl/x509.h
+bntest.o: ../include/openssl/x509_vfy.h bntest.c
casttest.o: ../e_os.h ../include/openssl/cast.h ../include/openssl/e_os2.h
casttest.o: ../include/openssl/opensslconf.h casttest.c
destest.o: ../include/openssl/des.h ../include/openssl/des_old.h
@@ -481,53 +595,54 @@ ecdsatest.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
ecdsatest.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
ecdsatest.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
ecdsatest.o: ../include/openssl/err.h ../include/openssl/evp.h
-ecdsatest.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
-ecdsatest.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-ecdsatest.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
-ecdsatest.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
-ecdsatest.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-ecdsatest.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-ecdsatest.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
-ecdsatest.o: ecdsatest.c
+ecdsatest.o: ../include/openssl/fips.h ../include/openssl/lhash.h
+ecdsatest.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+ecdsatest.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+ecdsatest.o: ../include/openssl/ossl_typ.h ../include/openssl/pkcs7.h
+ecdsatest.o: ../include/openssl/rand.h ../include/openssl/safestack.h
+ecdsatest.o: ../include/openssl/sha.h ../include/openssl/stack.h
+ecdsatest.o: ../include/openssl/symhacks.h ../include/openssl/x509.h
+ecdsatest.o: ../include/openssl/x509_vfy.h ecdsatest.c
ectest.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
ectest.o: ../include/openssl/bn.h ../include/openssl/buffer.h
ectest.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
ectest.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
ectest.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
ectest.o: ../include/openssl/err.h ../include/openssl/evp.h
-ectest.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
-ectest.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-ectest.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
-ectest.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
-ectest.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-ectest.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-ectest.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ectest.c
+ectest.o: ../include/openssl/fips.h ../include/openssl/lhash.h
+ectest.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+ectest.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+ectest.o: ../include/openssl/ossl_typ.h ../include/openssl/pkcs7.h
+ectest.o: ../include/openssl/rand.h ../include/openssl/safestack.h
+ectest.o: ../include/openssl/sha.h ../include/openssl/stack.h
+ectest.o: ../include/openssl/symhacks.h ../include/openssl/x509.h
+ectest.o: ../include/openssl/x509_vfy.h ectest.c
enginetest.o: ../include/openssl/asn1.h ../include/openssl/bio.h
enginetest.o: ../include/openssl/buffer.h ../include/openssl/crypto.h
enginetest.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
enginetest.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
enginetest.o: ../include/openssl/engine.h ../include/openssl/err.h
-enginetest.o: ../include/openssl/evp.h ../include/openssl/lhash.h
-enginetest.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-enginetest.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-enginetest.o: ../include/openssl/ossl_typ.h ../include/openssl/pkcs7.h
-enginetest.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-enginetest.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-enginetest.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
-enginetest.o: enginetest.c
+enginetest.o: ../include/openssl/evp.h ../include/openssl/fips.h
+enginetest.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
+enginetest.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+enginetest.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+enginetest.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h
+enginetest.o: ../include/openssl/sha.h ../include/openssl/stack.h
+enginetest.o: ../include/openssl/symhacks.h ../include/openssl/x509.h
+enginetest.o: ../include/openssl/x509_vfy.h enginetest.c
evp_test.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
evp_test.o: ../include/openssl/buffer.h ../include/openssl/conf.h
evp_test.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
evp_test.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
evp_test.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
evp_test.o: ../include/openssl/err.h ../include/openssl/evp.h
-evp_test.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
-evp_test.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-evp_test.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
-evp_test.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h
-evp_test.o: ../include/openssl/sha.h ../include/openssl/stack.h
-evp_test.o: ../include/openssl/symhacks.h ../include/openssl/x509.h
-evp_test.o: ../include/openssl/x509_vfy.h evp_test.c
+evp_test.o: ../include/openssl/fips.h ../include/openssl/lhash.h
+evp_test.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+evp_test.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+evp_test.o: ../include/openssl/ossl_typ.h ../include/openssl/pkcs7.h
+evp_test.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+evp_test.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+evp_test.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h evp_test.c
exptest.o: ../e_os.h ../include/openssl/bio.h ../include/openssl/bn.h
exptest.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
exptest.o: ../include/openssl/err.h ../include/openssl/lhash.h
@@ -535,40 +650,220 @@ exptest.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
exptest.o: ../include/openssl/ossl_typ.h ../include/openssl/rand.h
exptest.o: ../include/openssl/safestack.h ../include/openssl/stack.h
exptest.o: ../include/openssl/symhacks.h exptest.c
+fips_aesavs.o: ../e_os.h ../fips/fips_utl.h ../include/openssl/aes.h
+fips_aesavs.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+fips_aesavs.o: ../include/openssl/bn.h ../include/openssl/crypto.h
+fips_aesavs.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+fips_aesavs.o: ../include/openssl/evp.h ../include/openssl/fips.h
+fips_aesavs.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
+fips_aesavs.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+fips_aesavs.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+fips_aesavs.o: ../include/openssl/safestack.h ../include/openssl/stack.h
+fips_aesavs.o: ../include/openssl/symhacks.h fips_aesavs.c
+fips_desmovs.o: ../e_os.h ../fips/fips_utl.h ../include/openssl/asn1.h
+fips_desmovs.o: ../include/openssl/bio.h ../include/openssl/bn.h
+fips_desmovs.o: ../include/openssl/crypto.h ../include/openssl/des.h
+fips_desmovs.o: ../include/openssl/des_old.h ../include/openssl/e_os2.h
+fips_desmovs.o: ../include/openssl/err.h ../include/openssl/evp.h
+fips_desmovs.o: ../include/openssl/fips.h ../include/openssl/lhash.h
+fips_desmovs.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+fips_desmovs.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+fips_desmovs.o: ../include/openssl/ossl_typ.h ../include/openssl/safestack.h
+fips_desmovs.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+fips_desmovs.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h
+fips_desmovs.o: fips_desmovs.c
+fips_dsatest.o: ../e_os.h ../fips/fips_utl.h ../include/openssl/asn1.h
+fips_dsatest.o: ../include/openssl/bio.h ../include/openssl/bn.h
+fips_dsatest.o: ../include/openssl/buffer.h ../include/openssl/crypto.h
+fips_dsatest.o: ../include/openssl/des.h ../include/openssl/des_old.h
+fips_dsatest.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+fips_dsatest.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
+fips_dsatest.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
+fips_dsatest.o: ../include/openssl/err.h ../include/openssl/evp.h
+fips_dsatest.o: ../include/openssl/fips.h ../include/openssl/fips_rand.h
+fips_dsatest.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
+fips_dsatest.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+fips_dsatest.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+fips_dsatest.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
+fips_dsatest.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+fips_dsatest.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+fips_dsatest.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h
+fips_dsatest.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
+fips_dsatest.o: fips_dsatest.c
+fips_dssvs.o: ../fips/fips_utl.h ../include/openssl/asn1.h
+fips_dssvs.o: ../include/openssl/bio.h ../include/openssl/bn.h
+fips_dssvs.o: ../include/openssl/crypto.h ../include/openssl/dsa.h
+fips_dssvs.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+fips_dssvs.o: ../include/openssl/evp.h ../include/openssl/fips.h
+fips_dssvs.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
+fips_dssvs.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+fips_dssvs.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+fips_dssvs.o: ../include/openssl/safestack.h ../include/openssl/stack.h
+fips_dssvs.o: ../include/openssl/symhacks.h fips_dssvs.c
+fips_hmactest.o: ../fips/fips_utl.h ../include/openssl/asn1.h
+fips_hmactest.o: ../include/openssl/bio.h ../include/openssl/bn.h
+fips_hmactest.o: ../include/openssl/buffer.h ../include/openssl/conf.h
+fips_hmactest.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
+fips_hmactest.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
+fips_hmactest.o: ../include/openssl/ecdsa.h ../include/openssl/err.h
+fips_hmactest.o: ../include/openssl/evp.h ../include/openssl/fips.h
+fips_hmactest.o: ../include/openssl/hmac.h ../include/openssl/lhash.h
+fips_hmactest.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+fips_hmactest.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+fips_hmactest.o: ../include/openssl/ossl_typ.h ../include/openssl/pkcs7.h
+fips_hmactest.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+fips_hmactest.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+fips_hmactest.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
+fips_hmactest.o: ../include/openssl/x509v3.h fips_hmactest.c
+fips_randtest.o: ../e_os.h ../fips/fips_utl.h ../include/openssl/bio.h
+fips_randtest.o: ../include/openssl/bn.h ../include/openssl/crypto.h
+fips_randtest.o: ../include/openssl/des.h ../include/openssl/des_old.h
+fips_randtest.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+fips_randtest.o: ../include/openssl/fips_rand.h ../include/openssl/lhash.h
+fips_randtest.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+fips_randtest.o: ../include/openssl/ossl_typ.h ../include/openssl/rand.h
+fips_randtest.o: ../include/openssl/safestack.h ../include/openssl/stack.h
+fips_randtest.o: ../include/openssl/symhacks.h ../include/openssl/ui.h
+fips_randtest.o: ../include/openssl/ui_compat.h fips_randtest.c
+fips_rngvs.o: ../fips/fips_utl.h ../include/openssl/asn1.h
+fips_rngvs.o: ../include/openssl/bio.h ../include/openssl/bn.h
+fips_rngvs.o: ../include/openssl/buffer.h ../include/openssl/conf.h
+fips_rngvs.o: ../include/openssl/crypto.h ../include/openssl/des.h
+fips_rngvs.o: ../include/openssl/des_old.h ../include/openssl/dsa.h
+fips_rngvs.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
+fips_rngvs.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
+fips_rngvs.o: ../include/openssl/err.h ../include/openssl/evp.h
+fips_rngvs.o: ../include/openssl/fips.h ../include/openssl/fips_rand.h
+fips_rngvs.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
+fips_rngvs.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+fips_rngvs.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+fips_rngvs.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
+fips_rngvs.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+fips_rngvs.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+fips_rngvs.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h
+fips_rngvs.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
+fips_rngvs.o: ../include/openssl/x509v3.h fips_rngvs.c
+fips_rsagtest.o: ../fips/fips_utl.h ../include/openssl/asn1.h
+fips_rsagtest.o: ../include/openssl/bio.h ../include/openssl/bn.h
+fips_rsagtest.o: ../include/openssl/buffer.h ../include/openssl/conf.h
+fips_rsagtest.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
+fips_rsagtest.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
+fips_rsagtest.o: ../include/openssl/ecdsa.h ../include/openssl/err.h
+fips_rsagtest.o: ../include/openssl/evp.h ../include/openssl/fips.h
+fips_rsagtest.o: ../include/openssl/hmac.h ../include/openssl/lhash.h
+fips_rsagtest.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+fips_rsagtest.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+fips_rsagtest.o: ../include/openssl/ossl_typ.h ../include/openssl/pkcs7.h
+fips_rsagtest.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+fips_rsagtest.o: ../include/openssl/sha.h ../include/openssl/stack.h
+fips_rsagtest.o: ../include/openssl/symhacks.h ../include/openssl/x509.h
+fips_rsagtest.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h
+fips_rsagtest.o: fips_rsagtest.c
+fips_rsastest.o: ../fips/fips_utl.h ../include/openssl/asn1.h
+fips_rsastest.o: ../include/openssl/bio.h ../include/openssl/bn.h
+fips_rsastest.o: ../include/openssl/buffer.h ../include/openssl/conf.h
+fips_rsastest.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
+fips_rsastest.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
+fips_rsastest.o: ../include/openssl/ecdsa.h ../include/openssl/err.h
+fips_rsastest.o: ../include/openssl/evp.h ../include/openssl/fips.h
+fips_rsastest.o: ../include/openssl/hmac.h ../include/openssl/lhash.h
+fips_rsastest.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+fips_rsastest.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+fips_rsastest.o: ../include/openssl/ossl_typ.h ../include/openssl/pkcs7.h
+fips_rsastest.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+fips_rsastest.o: ../include/openssl/sha.h ../include/openssl/stack.h
+fips_rsastest.o: ../include/openssl/symhacks.h ../include/openssl/x509.h
+fips_rsastest.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h
+fips_rsastest.o: fips_rsastest.c
+fips_rsavtest.o: ../fips/fips_utl.h ../include/openssl/asn1.h
+fips_rsavtest.o: ../include/openssl/bio.h ../include/openssl/bn.h
+fips_rsavtest.o: ../include/openssl/buffer.h ../include/openssl/conf.h
+fips_rsavtest.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
+fips_rsavtest.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
+fips_rsavtest.o: ../include/openssl/ecdsa.h ../include/openssl/err.h
+fips_rsavtest.o: ../include/openssl/evp.h ../include/openssl/fips.h
+fips_rsavtest.o: ../include/openssl/hmac.h ../include/openssl/lhash.h
+fips_rsavtest.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+fips_rsavtest.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+fips_rsavtest.o: ../include/openssl/ossl_typ.h ../include/openssl/pkcs7.h
+fips_rsavtest.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+fips_rsavtest.o: ../include/openssl/sha.h ../include/openssl/stack.h
+fips_rsavtest.o: ../include/openssl/symhacks.h ../include/openssl/x509.h
+fips_rsavtest.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h
+fips_rsavtest.o: fips_rsavtest.c
+fips_shatest.o: ../fips/fips_utl.h ../include/openssl/asn1.h
+fips_shatest.o: ../include/openssl/bio.h ../include/openssl/bn.h
+fips_shatest.o: ../include/openssl/buffer.h ../include/openssl/conf.h
+fips_shatest.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
+fips_shatest.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
+fips_shatest.o: ../include/openssl/ecdsa.h ../include/openssl/err.h
+fips_shatest.o: ../include/openssl/evp.h ../include/openssl/fips.h
+fips_shatest.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
+fips_shatest.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+fips_shatest.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+fips_shatest.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h
+fips_shatest.o: ../include/openssl/sha.h ../include/openssl/stack.h
+fips_shatest.o: ../include/openssl/symhacks.h ../include/openssl/x509.h
+fips_shatest.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h
+fips_shatest.o: fips_shatest.c
+fips_test_suite.o: ../fips/fips_utl.h ../include/openssl/aes.h
+fips_test_suite.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+fips_test_suite.o: ../include/openssl/bn.h ../include/openssl/crypto.h
+fips_test_suite.o: ../include/openssl/des.h ../include/openssl/des_old.h
+fips_test_suite.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+fips_test_suite.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+fips_test_suite.o: ../include/openssl/evp.h ../include/openssl/fips.h
+fips_test_suite.o: ../include/openssl/hmac.h ../include/openssl/lhash.h
+fips_test_suite.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+fips_test_suite.o: ../include/openssl/opensslconf.h
+fips_test_suite.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+fips_test_suite.o: ../include/openssl/rand.h ../include/openssl/rsa.h
+fips_test_suite.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+fips_test_suite.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+fips_test_suite.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h
+fips_test_suite.o: fips_test_suite.c
hmactest.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
hmactest.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
-hmactest.o: ../include/openssl/evp.h ../include/openssl/hmac.h
-hmactest.o: ../include/openssl/md5.h ../include/openssl/obj_mac.h
-hmactest.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-hmactest.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
-hmactest.o: ../include/openssl/safestack.h ../include/openssl/stack.h
-hmactest.o: ../include/openssl/symhacks.h hmactest.c
+hmactest.o: ../include/openssl/evp.h ../include/openssl/fips.h
+hmactest.o: ../include/openssl/hmac.h ../include/openssl/md5.h
+hmactest.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+hmactest.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+hmactest.o: ../include/openssl/ossl_typ.h ../include/openssl/safestack.h
+hmactest.o: ../include/openssl/stack.h ../include/openssl/symhacks.h hmactest.c
ideatest.o: ../e_os.h ../include/openssl/e_os2.h ../include/openssl/idea.h
ideatest.o: ../include/openssl/opensslconf.h ideatest.c
igetest.o: ../include/openssl/aes.h ../include/openssl/e_os2.h
igetest.o: ../include/openssl/opensslconf.h ../include/openssl/ossl_typ.h
igetest.o: ../include/openssl/rand.h igetest.c
+jpaketest.o: ../include/openssl/buffer.h ../include/openssl/crypto.h
+jpaketest.o: ../include/openssl/e_os2.h ../include/openssl/opensslconf.h
+jpaketest.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+jpaketest.o: ../include/openssl/safestack.h ../include/openssl/stack.h
+jpaketest.o: ../include/openssl/symhacks.h jpaketest.c
md2test.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
md2test.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
-md2test.o: ../include/openssl/evp.h ../include/openssl/md2.h
-md2test.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-md2test.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-md2test.o: ../include/openssl/ossl_typ.h ../include/openssl/safestack.h
-md2test.o: ../include/openssl/stack.h ../include/openssl/symhacks.h md2test.c
+md2test.o: ../include/openssl/evp.h ../include/openssl/fips.h
+md2test.o: ../include/openssl/md2.h ../include/openssl/obj_mac.h
+md2test.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+md2test.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+md2test.o: ../include/openssl/safestack.h ../include/openssl/stack.h
+md2test.o: ../include/openssl/symhacks.h md2test.c
md4test.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
md4test.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
-md4test.o: ../include/openssl/evp.h ../include/openssl/md4.h
-md4test.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-md4test.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-md4test.o: ../include/openssl/ossl_typ.h ../include/openssl/safestack.h
-md4test.o: ../include/openssl/stack.h ../include/openssl/symhacks.h md4test.c
+md4test.o: ../include/openssl/evp.h ../include/openssl/fips.h
+md4test.o: ../include/openssl/md4.h ../include/openssl/obj_mac.h
+md4test.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+md4test.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+md4test.o: ../include/openssl/safestack.h ../include/openssl/stack.h
+md4test.o: ../include/openssl/symhacks.h md4test.c
md5test.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
md5test.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
-md5test.o: ../include/openssl/evp.h ../include/openssl/md5.h
-md5test.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-md5test.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-md5test.o: ../include/openssl/ossl_typ.h ../include/openssl/safestack.h
-md5test.o: ../include/openssl/stack.h ../include/openssl/symhacks.h md5test.c
+md5test.o: ../include/openssl/evp.h ../include/openssl/fips.h
+md5test.o: ../include/openssl/md5.h ../include/openssl/obj_mac.h
+md5test.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+md5test.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+md5test.o: ../include/openssl/safestack.h ../include/openssl/stack.h
+md5test.o: ../include/openssl/symhacks.h md5test.c
mdc2test.o: ../include/openssl/buffer.h ../include/openssl/crypto.h
mdc2test.o: ../include/openssl/e_os2.h ../include/openssl/opensslconf.h
mdc2test.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
@@ -589,11 +884,12 @@ rc5test.o: ../include/openssl/safestack.h ../include/openssl/stack.h
rc5test.o: ../include/openssl/symhacks.h rc5test.c
rmdtest.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
rmdtest.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
-rmdtest.o: ../include/openssl/evp.h ../include/openssl/obj_mac.h
-rmdtest.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-rmdtest.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
-rmdtest.o: ../include/openssl/ripemd.h ../include/openssl/safestack.h
-rmdtest.o: ../include/openssl/stack.h ../include/openssl/symhacks.h rmdtest.c
+rmdtest.o: ../include/openssl/evp.h ../include/openssl/fips.h
+rmdtest.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+rmdtest.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+rmdtest.o: ../include/openssl/ossl_typ.h ../include/openssl/ripemd.h
+rmdtest.o: ../include/openssl/safestack.h ../include/openssl/stack.h
+rmdtest.o: ../include/openssl/symhacks.h rmdtest.c
rsa_test.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
rsa_test.o: ../include/openssl/bn.h ../include/openssl/crypto.h
rsa_test.o: ../include/openssl/e_os2.h ../include/openssl/err.h
@@ -604,18 +900,20 @@ rsa_test.o: ../include/openssl/safestack.h ../include/openssl/stack.h
rsa_test.o: ../include/openssl/symhacks.h rsa_test.c
sha1test.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
sha1test.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
-sha1test.o: ../include/openssl/evp.h ../include/openssl/obj_mac.h
-sha1test.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-sha1test.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
-sha1test.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-sha1test.o: ../include/openssl/stack.h ../include/openssl/symhacks.h sha1test.c
+sha1test.o: ../include/openssl/evp.h ../include/openssl/fips.h
+sha1test.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+sha1test.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+sha1test.o: ../include/openssl/ossl_typ.h ../include/openssl/safestack.h
+sha1test.o: ../include/openssl/sha.h ../include/openssl/stack.h
+sha1test.o: ../include/openssl/symhacks.h sha1test.c
shatest.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
shatest.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
-shatest.o: ../include/openssl/evp.h ../include/openssl/obj_mac.h
-shatest.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-shatest.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
-shatest.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-shatest.o: ../include/openssl/stack.h ../include/openssl/symhacks.h shatest.c
+shatest.o: ../include/openssl/evp.h ../include/openssl/fips.h
+shatest.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+shatest.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+shatest.o: ../include/openssl/ossl_typ.h ../include/openssl/safestack.h
+shatest.o: ../include/openssl/sha.h ../include/openssl/stack.h
+shatest.o: ../include/openssl/symhacks.h shatest.c
ssltest.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
ssltest.o: ../include/openssl/bn.h ../include/openssl/buffer.h
ssltest.o: ../include/openssl/comp.h ../include/openssl/conf.h
@@ -624,17 +922,18 @@ ssltest.o: ../include/openssl/dsa.h ../include/openssl/dtls1.h
ssltest.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
ssltest.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
ssltest.o: ../include/openssl/engine.h ../include/openssl/err.h
-ssltest.o: ../include/openssl/evp.h ../include/openssl/hmac.h
-ssltest.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
-ssltest.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-ssltest.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-ssltest.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
-ssltest.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-ssltest.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h
-ssltest.o: ../include/openssl/rand.h ../include/openssl/rsa.h
-ssltest.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-ssltest.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
-ssltest.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
-ssltest.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-ssltest.o: ../include/openssl/tls1.h ../include/openssl/x509.h
-ssltest.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h ssltest.c
+ssltest.o: ../include/openssl/evp.h ../include/openssl/fips.h
+ssltest.o: ../include/openssl/hmac.h ../include/openssl/kssl.h
+ssltest.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
+ssltest.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+ssltest.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+ssltest.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+ssltest.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h
+ssltest.o: ../include/openssl/pqueue.h ../include/openssl/rand.h
+ssltest.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+ssltest.o: ../include/openssl/sha.h ../include/openssl/ssl.h
+ssltest.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+ssltest.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+ssltest.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
+ssltest.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
+ssltest.o: ../include/openssl/x509v3.h ssltest.c
diff --git a/lib/libssl/test/tests.com b/lib/libssl/test/tests.com
index 056082e7fe7..88a33d0531b 100644
--- a/lib/libssl/test/tests.com
+++ b/lib/libssl/test/tests.com
@@ -25,7 +25,7 @@ $ tests := -
test_rand,test_bn,test_ec,test_ecdsa,test_ecdh,-
test_enc,test_x509,test_rsa,test_crl,test_sid,-
test_gen,test_req,test_pkcs7,test_verify,test_dh,test_dsa,-
- test_ss,test_ca,test_engine,test_evp,test_ssl
+ test_ss,test_ca,test_engine,test_evp,test_ssl,test_ige,test_jpake
$ endif
$ tests = f$edit(tests,"COLLAPSE")
$
@@ -57,6 +57,8 @@ $ SSLTEST := ssltest
$ RSATEST := rsa_test
$ ENGINETEST := enginetest
$ EVPTEST := evp_test
+$ IGETEST := igetest
+$ JPAKETEST := jpaketest
$
$ tests_i = 0
$ loop_tests:
@@ -250,6 +252,14 @@ $ test_rd:
$ write sys$output "test Rijndael"
$ !mcr 'texe_dir''rdtest'
$ return
+$ test_ige:
+$ write sys$output "Test IGE mode"
+$ mcr 'texe_dir''igetest'
+$ return
+$ test_jpake:
+$ write sys$output "Test JPAKE"
+$ mcr 'texe_dir''jpaketest'
+$ return
$
$
$ exit: