Date: Sun, 7 Jun 2009 19:56:19 +0000 (UTC) From: "Simon L. Nielsen" <simon@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-vendor@freebsd.org Subject: svn commit: r193645 - in vendor-crypto/openssl/dist: . apps crypto crypto/aes crypto/aes/asm crypto/asn1 crypto/bf crypto/bio crypto/bn crypto/bn/asm crypto/buffer crypto/camellia crypto/camellia/a... Message-ID: <200906071956.n57JuJan003551@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: simon Date: Sun Jun 7 19:56:18 2009 New Revision: 193645 URL: http://svn.freebsd.org/changeset/base/193645 Log: Import OpenSSL 0.9.8k. Added: vendor-crypto/openssl/dist/apps/genpkey.c (contents, props changed) vendor-crypto/openssl/dist/apps/md4.c (contents, props changed) vendor-crypto/openssl/dist/apps/pkey.c (contents, props changed) vendor-crypto/openssl/dist/apps/pkeyparam.c (contents, props changed) vendor-crypto/openssl/dist/apps/pkeyutl.c (contents, props changed) vendor-crypto/openssl/dist/apps/ts.c (contents, props changed) vendor-crypto/openssl/dist/apps/tsget vendor-crypto/openssl/dist/crypto/aes/aes_x86core.c (contents, props changed) vendor-crypto/openssl/dist/crypto/aes/asm/aes-armv4.pl (contents, props changed) vendor-crypto/openssl/dist/crypto/aes/asm/aes-ppc.pl (contents, props changed) vendor-crypto/openssl/dist/crypto/aes/asm/aes-s390x.pl (contents, props changed) vendor-crypto/openssl/dist/crypto/aes/asm/aes-sparcv9.pl (contents, props changed) vendor-crypto/openssl/dist/crypto/asn1/ameth_lib.c (contents, props changed) vendor-crypto/openssl/dist/crypto/asn1/asn1_locl.h (contents, props changed) vendor-crypto/openssl/dist/crypto/asn1/bio_asn1.c (contents, props changed) vendor-crypto/openssl/dist/crypto/asn1/bio_ndef.c (contents, props changed) vendor-crypto/openssl/dist/crypto/asn1/x_nx509.c (contents, props changed) vendor-crypto/openssl/dist/crypto/bn/asm/alpha-mont.pl (contents, props changed) vendor-crypto/openssl/dist/crypto/bn/asm/armv4-mont.pl (contents, props changed) vendor-crypto/openssl/dist/crypto/bn/asm/mips3-mont.pl (contents, props changed) vendor-crypto/openssl/dist/crypto/bn/asm/ppc-mont.pl (contents, props changed) vendor-crypto/openssl/dist/crypto/bn/asm/ppc64-mont.pl (contents, props changed) vendor-crypto/openssl/dist/crypto/bn/asm/s390x-mont.pl (contents, props changed) vendor-crypto/openssl/dist/crypto/bn/asm/s390x.S (contents, props changed) vendor-crypto/openssl/dist/crypto/bn/asm/sparcv9-mont.pl (contents, props changed) vendor-crypto/openssl/dist/crypto/bn/asm/sparcv9a-mont.pl (contents, props changed) vendor-crypto/openssl/dist/crypto/bn/asm/via-mont.pl (contents, props changed) vendor-crypto/openssl/dist/crypto/bn/asm/x86-mont.pl (contents, props changed) vendor-crypto/openssl/dist/crypto/bn/bn_opt.c (contents, props changed) vendor-crypto/openssl/dist/crypto/bn/bn_x931p.c (contents, props changed) vendor-crypto/openssl/dist/crypto/buffer/buf_str.c (contents, props changed) vendor-crypto/openssl/dist/crypto/camellia/asm/ vendor-crypto/openssl/dist/crypto/camellia/asm/cmll-x86.pl (contents, props changed) vendor-crypto/openssl/dist/crypto/camellia/asm/cmll-x86_64.pl (contents, props changed) vendor-crypto/openssl/dist/crypto/des/des_lib.c (contents, props changed) vendor-crypto/openssl/dist/crypto/dsa/dsa_utl.c (contents, props changed) vendor-crypto/openssl/dist/crypto/dyn_lck.c (contents, props changed) vendor-crypto/openssl/dist/crypto/err/err_bio.c (contents, props changed) vendor-crypto/openssl/dist/crypto/err/err_def.c (contents, props changed) vendor-crypto/openssl/dist/crypto/err/err_str.c (contents, props changed) vendor-crypto/openssl/dist/crypto/evp/dig_eng.c (contents, props changed) vendor-crypto/openssl/dist/crypto/evp/enc_min.c (contents, props changed) vendor-crypto/openssl/dist/crypto/evp/evp_cnf.c (contents, props changed) vendor-crypto/openssl/dist/crypto/fips_err.c (contents, props changed) vendor-crypto/openssl/dist/crypto/fips_err.h (contents, props changed) vendor-crypto/openssl/dist/crypto/jpake/ vendor-crypto/openssl/dist/crypto/jpake/Makefile (contents, props changed) vendor-crypto/openssl/dist/crypto/jpake/jpake.c (contents, props changed) vendor-crypto/openssl/dist/crypto/jpake/jpake.h (contents, props changed) vendor-crypto/openssl/dist/crypto/jpake/jpake_err.c (contents, props changed) vendor-crypto/openssl/dist/crypto/jpake/jpaketest.c (contents, props changed) vendor-crypto/openssl/dist/crypto/o_init.c (contents, props changed) vendor-crypto/openssl/dist/crypto/ppccpuid.pl (contents, props changed) vendor-crypto/openssl/dist/crypto/rand/rand_eng.c (contents, props changed) vendor-crypto/openssl/dist/crypto/rc4/rc4_fblk.c (contents, props changed) vendor-crypto/openssl/dist/crypto/rsa/rsa_eng.c (contents, props changed) vendor-crypto/openssl/dist/crypto/rsa/rsa_x931g.c (contents, props changed) vendor-crypto/openssl/dist/crypto/s390xcpuid.S (contents, props changed) vendor-crypto/openssl/dist/crypto/sparcv9cap.c (contents, props changed) vendor-crypto/openssl/dist/demos/jpake/ vendor-crypto/openssl/dist/demos/jpake/Makefile (contents, props changed) vendor-crypto/openssl/dist/demos/jpake/jpakedemo.c (contents, props changed) vendor-crypto/openssl/dist/fips/ vendor-crypto/openssl/dist/fips/Makefile (contents, props changed) vendor-crypto/openssl/dist/fips/aes/ vendor-crypto/openssl/dist/fips/aes/Makefile (contents, props changed) vendor-crypto/openssl/dist/fips/aes/fips_aes_selftest.c (contents, props changed) vendor-crypto/openssl/dist/fips/aes/fips_aesavs.c (contents, props changed) vendor-crypto/openssl/dist/fips/des/ vendor-crypto/openssl/dist/fips/des/Makefile (contents, props changed) vendor-crypto/openssl/dist/fips/des/fips_des_selftest.c (contents, props changed) vendor-crypto/openssl/dist/fips/des/fips_desmovs.c (contents, props changed) vendor-crypto/openssl/dist/fips/dh/ vendor-crypto/openssl/dist/fips/dh/Makefile (contents, props changed) vendor-crypto/openssl/dist/fips/dh/dh_gen.c (contents, props changed) vendor-crypto/openssl/dist/fips/dh/fips_dh_check.c (contents, props changed) vendor-crypto/openssl/dist/fips/dh/fips_dh_gen.c (contents, props changed) vendor-crypto/openssl/dist/fips/dh/fips_dh_key.c (contents, props changed) vendor-crypto/openssl/dist/fips/dh/fips_dh_lib.c (contents, props changed) vendor-crypto/openssl/dist/fips/dsa/ vendor-crypto/openssl/dist/fips/dsa/Makefile (contents, props changed) vendor-crypto/openssl/dist/fips/dsa/fips_dsa_gen.c (contents, props changed) vendor-crypto/openssl/dist/fips/dsa/fips_dsa_key.c (contents, props changed) vendor-crypto/openssl/dist/fips/dsa/fips_dsa_lib.c (contents, props changed) vendor-crypto/openssl/dist/fips/dsa/fips_dsa_ossl.c (contents, props changed) vendor-crypto/openssl/dist/fips/dsa/fips_dsa_selftest.c (contents, props changed) vendor-crypto/openssl/dist/fips/dsa/fips_dsa_sign.c (contents, props changed) vendor-crypto/openssl/dist/fips/dsa/fips_dsatest.c (contents, props changed) vendor-crypto/openssl/dist/fips/dsa/fips_dssvs.c (contents, props changed) vendor-crypto/openssl/dist/fips/fips-nodiff.txt (contents, props changed) vendor-crypto/openssl/dist/fips/fips.c (contents, props changed) vendor-crypto/openssl/dist/fips/fips.h (contents, props changed) vendor-crypto/openssl/dist/fips/fips_canister.c (contents, props changed) vendor-crypto/openssl/dist/fips/fips_locl.h (contents, props changed) vendor-crypto/openssl/dist/fips/fips_premain.c (contents, props changed) vendor-crypto/openssl/dist/fips/fips_premain.c.sha1 vendor-crypto/openssl/dist/fips/fips_test_suite.c (contents, props changed) vendor-crypto/openssl/dist/fips/fips_utl.h (contents, props changed) vendor-crypto/openssl/dist/fips/fipsalgtest.pl (contents, props changed) vendor-crypto/openssl/dist/fips/fipsld (contents, props changed) vendor-crypto/openssl/dist/fips/fipstests.sh (contents, props changed) vendor-crypto/openssl/dist/fips/hmac/ vendor-crypto/openssl/dist/fips/hmac/Makefile (contents, props changed) vendor-crypto/openssl/dist/fips/hmac/fips_hmac.c (contents, props changed) vendor-crypto/openssl/dist/fips/hmac/fips_hmac_selftest.c (contents, props changed) vendor-crypto/openssl/dist/fips/hmac/fips_hmactest.c (contents, props changed) vendor-crypto/openssl/dist/fips/mkfipsscr.pl (contents, props changed) vendor-crypto/openssl/dist/fips/openssl_fips_fingerprint (contents, props changed) vendor-crypto/openssl/dist/fips/rand/ vendor-crypto/openssl/dist/fips/rand/Makefile (contents, props changed) vendor-crypto/openssl/dist/fips/rand/fips_rand.c (contents, props changed) vendor-crypto/openssl/dist/fips/rand/fips_rand.h (contents, props changed) vendor-crypto/openssl/dist/fips/rand/fips_rand_selftest.c (contents, props changed) vendor-crypto/openssl/dist/fips/rand/fips_randtest.c (contents, props changed) vendor-crypto/openssl/dist/fips/rand/fips_rngvs.c (contents, props changed) vendor-crypto/openssl/dist/fips/rsa/ vendor-crypto/openssl/dist/fips/rsa/Makefile (contents, props changed) vendor-crypto/openssl/dist/fips/rsa/fips_rsa_eay.c (contents, props changed) vendor-crypto/openssl/dist/fips/rsa/fips_rsa_gen.c (contents, props changed) vendor-crypto/openssl/dist/fips/rsa/fips_rsa_lib.c (contents, props changed) vendor-crypto/openssl/dist/fips/rsa/fips_rsa_selftest.c (contents, props changed) vendor-crypto/openssl/dist/fips/rsa/fips_rsa_sign.c (contents, props changed) vendor-crypto/openssl/dist/fips/rsa/fips_rsa_x931g.c (contents, props changed) vendor-crypto/openssl/dist/fips/rsa/fips_rsagtest.c (contents, props changed) vendor-crypto/openssl/dist/fips/rsa/fips_rsastest.c (contents, props changed) vendor-crypto/openssl/dist/fips/rsa/fips_rsavtest.c (contents, props changed) vendor-crypto/openssl/dist/fips/sha/ vendor-crypto/openssl/dist/fips/sha/Makefile (contents, props changed) vendor-crypto/openssl/dist/fips/sha/fips_sha1_selftest.c (contents, props changed) vendor-crypto/openssl/dist/fips/sha/fips_shatest.c (contents, props changed) vendor-crypto/openssl/dist/fips/sha/fips_standalone_sha1.c (contents, props changed) vendor-crypto/openssl/dist/test/SHAmix.r vendor-crypto/openssl/dist/test/SHAmix.x vendor-crypto/openssl/dist/test/bftest.c (contents, props changed) vendor-crypto/openssl/dist/test/bntest.c (contents, props changed) vendor-crypto/openssl/dist/test/casttest.c (contents, props changed) vendor-crypto/openssl/dist/test/destest.c (contents, props changed) vendor-crypto/openssl/dist/test/dhtest.c (contents, props changed) vendor-crypto/openssl/dist/test/dsatest.c (contents, props changed) vendor-crypto/openssl/dist/test/ecdhtest.c (contents, props changed) vendor-crypto/openssl/dist/test/ecdsatest.c (contents, props changed) vendor-crypto/openssl/dist/test/ectest.c (contents, props changed) vendor-crypto/openssl/dist/test/enginetest.c (contents, props changed) vendor-crypto/openssl/dist/test/evp_test.c (contents, props changed) vendor-crypto/openssl/dist/test/exptest.c (contents, props changed) vendor-crypto/openssl/dist/test/fips_aesavs.c (contents, props changed) vendor-crypto/openssl/dist/test/fips_desmovs.c (contents, props changed) vendor-crypto/openssl/dist/test/fips_dsatest.c (contents, props changed) vendor-crypto/openssl/dist/test/fips_dssvs.c (contents, props changed) vendor-crypto/openssl/dist/test/fips_hmactest.c (contents, props changed) vendor-crypto/openssl/dist/test/fips_randtest.c (contents, props changed) vendor-crypto/openssl/dist/test/fips_rngvs.c (contents, props changed) vendor-crypto/openssl/dist/test/fips_rsagtest.c (contents, props changed) vendor-crypto/openssl/dist/test/fips_rsastest.c (contents, props changed) vendor-crypto/openssl/dist/test/fips_rsavtest.c (contents, props changed) vendor-crypto/openssl/dist/test/fips_shatest.c (contents, props changed) vendor-crypto/openssl/dist/test/fips_test_suite.c (contents, props changed) vendor-crypto/openssl/dist/test/hmactest.c (contents, props changed) vendor-crypto/openssl/dist/test/ideatest.c (contents, props changed) vendor-crypto/openssl/dist/test/jpaketest.c (contents, props changed) vendor-crypto/openssl/dist/test/md2test.c (contents, props changed) vendor-crypto/openssl/dist/test/md4test.c (contents, props changed) vendor-crypto/openssl/dist/test/md5test.c (contents, props changed) vendor-crypto/openssl/dist/test/mdc2test.c (contents, props changed) vendor-crypto/openssl/dist/test/randtest.c (contents, props changed) vendor-crypto/openssl/dist/test/rc2test.c (contents, props changed) vendor-crypto/openssl/dist/test/rc4test.c (contents, props changed) vendor-crypto/openssl/dist/test/rc5test.c (contents, props changed) vendor-crypto/openssl/dist/test/rmdtest.c (contents, props changed) vendor-crypto/openssl/dist/test/rsa_test.c (contents, props changed) vendor-crypto/openssl/dist/test/sha1test.c (contents, props changed) vendor-crypto/openssl/dist/test/sha256t.c (contents, props changed) vendor-crypto/openssl/dist/test/sha512t.c (contents, props changed) vendor-crypto/openssl/dist/test/shatest.c (contents, props changed) vendor-crypto/openssl/dist/test/ssltest.c (contents, props changed) vendor-crypto/openssl/dist/test/testfipsssl vendor-crypto/openssl/dist/util/arx.pl (contents, props changed) vendor-crypto/openssl/dist/util/fipslink.pl (contents, props changed) vendor-crypto/openssl/dist/util/mksdef.pl (contents, props changed) Modified: vendor-crypto/openssl/dist/CHANGES vendor-crypto/openssl/dist/Configure vendor-crypto/openssl/dist/FAQ vendor-crypto/openssl/dist/Makefile vendor-crypto/openssl/dist/Makefile.org vendor-crypto/openssl/dist/Makefile.shared vendor-crypto/openssl/dist/NEWS vendor-crypto/openssl/dist/README vendor-crypto/openssl/dist/apps/Makefile vendor-crypto/openssl/dist/apps/apps.c vendor-crypto/openssl/dist/apps/apps.h vendor-crypto/openssl/dist/apps/asn1pars.c vendor-crypto/openssl/dist/apps/ca.c vendor-crypto/openssl/dist/apps/crl.c vendor-crypto/openssl/dist/apps/dgst.c vendor-crypto/openssl/dist/apps/dsa.c vendor-crypto/openssl/dist/apps/enc.c vendor-crypto/openssl/dist/apps/engine.c vendor-crypto/openssl/dist/apps/genrsa.c vendor-crypto/openssl/dist/apps/nseq.c vendor-crypto/openssl/dist/apps/ocsp.c vendor-crypto/openssl/dist/apps/openssl.c vendor-crypto/openssl/dist/apps/pkcs12.c vendor-crypto/openssl/dist/apps/pkcs8.c vendor-crypto/openssl/dist/apps/rand.c vendor-crypto/openssl/dist/apps/rsautl.c vendor-crypto/openssl/dist/apps/s_client.c vendor-crypto/openssl/dist/apps/s_server.c vendor-crypto/openssl/dist/apps/smime.c vendor-crypto/openssl/dist/apps/speed.c vendor-crypto/openssl/dist/apps/spkac.c vendor-crypto/openssl/dist/apps/verify.c vendor-crypto/openssl/dist/apps/version.c vendor-crypto/openssl/dist/apps/x509.c vendor-crypto/openssl/dist/config vendor-crypto/openssl/dist/crypto/Makefile vendor-crypto/openssl/dist/crypto/aes/Makefile vendor-crypto/openssl/dist/crypto/aes/aes.h vendor-crypto/openssl/dist/crypto/aes/aes_cbc.c vendor-crypto/openssl/dist/crypto/aes/aes_core.c vendor-crypto/openssl/dist/crypto/aes/asm/aes-586.pl vendor-crypto/openssl/dist/crypto/aes/asm/aes-x86_64.pl vendor-crypto/openssl/dist/crypto/asn1/Makefile vendor-crypto/openssl/dist/crypto/asn1/a_bytes.c vendor-crypto/openssl/dist/crypto/asn1/a_mbstr.c vendor-crypto/openssl/dist/crypto/asn1/a_sign.c vendor-crypto/openssl/dist/crypto/asn1/a_strex.c vendor-crypto/openssl/dist/crypto/asn1/a_strnid.c vendor-crypto/openssl/dist/crypto/asn1/a_verify.c vendor-crypto/openssl/dist/crypto/asn1/asn1.h vendor-crypto/openssl/dist/crypto/asn1/asn1_err.c vendor-crypto/openssl/dist/crypto/asn1/asn1_gen.c vendor-crypto/openssl/dist/crypto/asn1/asn1_par.c vendor-crypto/openssl/dist/crypto/asn1/asn1t.h vendor-crypto/openssl/dist/crypto/asn1/asn_mime.c vendor-crypto/openssl/dist/crypto/asn1/asn_moid.c vendor-crypto/openssl/dist/crypto/asn1/asn_pack.c vendor-crypto/openssl/dist/crypto/asn1/nsseq.c vendor-crypto/openssl/dist/crypto/asn1/p5_pbe.c vendor-crypto/openssl/dist/crypto/asn1/p5_pbev2.c vendor-crypto/openssl/dist/crypto/asn1/p8_pkey.c vendor-crypto/openssl/dist/crypto/asn1/t_bitst.c vendor-crypto/openssl/dist/crypto/asn1/t_crl.c vendor-crypto/openssl/dist/crypto/asn1/t_spki.c vendor-crypto/openssl/dist/crypto/asn1/t_x509.c vendor-crypto/openssl/dist/crypto/asn1/t_x509a.c vendor-crypto/openssl/dist/crypto/asn1/tasn_dec.c vendor-crypto/openssl/dist/crypto/asn1/tasn_enc.c vendor-crypto/openssl/dist/crypto/asn1/tasn_fre.c vendor-crypto/openssl/dist/crypto/asn1/tasn_new.c vendor-crypto/openssl/dist/crypto/asn1/tasn_prn.c vendor-crypto/openssl/dist/crypto/asn1/tasn_typ.c vendor-crypto/openssl/dist/crypto/asn1/tasn_utl.c vendor-crypto/openssl/dist/crypto/asn1/x_algor.c vendor-crypto/openssl/dist/crypto/asn1/x_bignum.c vendor-crypto/openssl/dist/crypto/asn1/x_exten.c vendor-crypto/openssl/dist/crypto/asn1/x_long.c vendor-crypto/openssl/dist/crypto/asn1/x_x509a.c vendor-crypto/openssl/dist/crypto/bf/Makefile vendor-crypto/openssl/dist/crypto/bf/bf_skey.c vendor-crypto/openssl/dist/crypto/bf/blowfish.h vendor-crypto/openssl/dist/crypto/bio/Makefile vendor-crypto/openssl/dist/crypto/bio/bss_bio.c vendor-crypto/openssl/dist/crypto/bio/bss_file.c vendor-crypto/openssl/dist/crypto/bio/bss_mem.c vendor-crypto/openssl/dist/crypto/bio/bss_sock.c vendor-crypto/openssl/dist/crypto/bn/Makefile vendor-crypto/openssl/dist/crypto/bn/bn.h vendor-crypto/openssl/dist/crypto/bn/bn_lib.c vendor-crypto/openssl/dist/crypto/bn/bn_nist.c vendor-crypto/openssl/dist/crypto/bn/bn_rand.c vendor-crypto/openssl/dist/crypto/bn/bn_shift.c vendor-crypto/openssl/dist/crypto/bn/bntest.c vendor-crypto/openssl/dist/crypto/buffer/Makefile vendor-crypto/openssl/dist/crypto/buffer/buffer.c vendor-crypto/openssl/dist/crypto/camellia/Makefile vendor-crypto/openssl/dist/crypto/camellia/camellia.h vendor-crypto/openssl/dist/crypto/camellia/cmll_misc.c vendor-crypto/openssl/dist/crypto/cast/Makefile vendor-crypto/openssl/dist/crypto/cast/c_skey.c vendor-crypto/openssl/dist/crypto/cast/cast.h vendor-crypto/openssl/dist/crypto/cms/Makefile vendor-crypto/openssl/dist/crypto/cms/cms_sd.c vendor-crypto/openssl/dist/crypto/cms/cms_smime.c vendor-crypto/openssl/dist/crypto/comp/Makefile vendor-crypto/openssl/dist/crypto/comp/c_zlib.c vendor-crypto/openssl/dist/crypto/conf/Makefile vendor-crypto/openssl/dist/crypto/conf/conf_mall.c vendor-crypto/openssl/dist/crypto/conf/conf_mod.c vendor-crypto/openssl/dist/crypto/conf/conf_sap.c vendor-crypto/openssl/dist/crypto/cryptlib.c vendor-crypto/openssl/dist/crypto/crypto.h vendor-crypto/openssl/dist/crypto/des/Makefile vendor-crypto/openssl/dist/crypto/des/asm/des_enc.m4 vendor-crypto/openssl/dist/crypto/des/des_enc.c vendor-crypto/openssl/dist/crypto/des/ecb_enc.c vendor-crypto/openssl/dist/crypto/des/enc_read.c vendor-crypto/openssl/dist/crypto/des/enc_writ.c vendor-crypto/openssl/dist/crypto/des/set_key.c vendor-crypto/openssl/dist/crypto/des/times/usparc.cc vendor-crypto/openssl/dist/crypto/dh/Makefile vendor-crypto/openssl/dist/crypto/dh/dh.h vendor-crypto/openssl/dist/crypto/dh/dh_asn1.c vendor-crypto/openssl/dist/crypto/dh/dh_check.c vendor-crypto/openssl/dist/crypto/dh/dh_err.c vendor-crypto/openssl/dist/crypto/dh/dh_gen.c vendor-crypto/openssl/dist/crypto/dh/dh_key.c vendor-crypto/openssl/dist/crypto/dsa/Makefile vendor-crypto/openssl/dist/crypto/dsa/dsa.h vendor-crypto/openssl/dist/crypto/dsa/dsa_asn1.c vendor-crypto/openssl/dist/crypto/dsa/dsa_err.c vendor-crypto/openssl/dist/crypto/dsa/dsa_gen.c vendor-crypto/openssl/dist/crypto/dsa/dsa_key.c vendor-crypto/openssl/dist/crypto/dsa/dsa_lib.c vendor-crypto/openssl/dist/crypto/dsa/dsa_ossl.c vendor-crypto/openssl/dist/crypto/dsa/dsa_sign.c vendor-crypto/openssl/dist/crypto/dsa/dsa_vrf.c vendor-crypto/openssl/dist/crypto/dso/Makefile vendor-crypto/openssl/dist/crypto/ec/Makefile vendor-crypto/openssl/dist/crypto/ec/ec_key.c vendor-crypto/openssl/dist/crypto/ecdh/Makefile vendor-crypto/openssl/dist/crypto/ecdsa/Makefile vendor-crypto/openssl/dist/crypto/engine/Makefile vendor-crypto/openssl/dist/crypto/engine/eng_cnf.c vendor-crypto/openssl/dist/crypto/engine/eng_padlock.c vendor-crypto/openssl/dist/crypto/engine/enginetest.c vendor-crypto/openssl/dist/crypto/err/Makefile vendor-crypto/openssl/dist/crypto/err/err.c vendor-crypto/openssl/dist/crypto/err/err.h vendor-crypto/openssl/dist/crypto/err/err_all.c vendor-crypto/openssl/dist/crypto/err/err_prn.c vendor-crypto/openssl/dist/crypto/err/openssl.ec vendor-crypto/openssl/dist/crypto/evp/Makefile vendor-crypto/openssl/dist/crypto/evp/bio_md.c vendor-crypto/openssl/dist/crypto/evp/digest.c vendor-crypto/openssl/dist/crypto/evp/e_aes.c vendor-crypto/openssl/dist/crypto/evp/e_camellia.c vendor-crypto/openssl/dist/crypto/evp/e_des.c vendor-crypto/openssl/dist/crypto/evp/e_des3.c vendor-crypto/openssl/dist/crypto/evp/e_null.c vendor-crypto/openssl/dist/crypto/evp/e_rc4.c vendor-crypto/openssl/dist/crypto/evp/evp.h vendor-crypto/openssl/dist/crypto/evp/evp_acnf.c vendor-crypto/openssl/dist/crypto/evp/evp_enc.c vendor-crypto/openssl/dist/crypto/evp/evp_err.c vendor-crypto/openssl/dist/crypto/evp/evp_lib.c vendor-crypto/openssl/dist/crypto/evp/evp_locl.h vendor-crypto/openssl/dist/crypto/evp/evp_pbe.c vendor-crypto/openssl/dist/crypto/evp/evp_pkey.c vendor-crypto/openssl/dist/crypto/evp/evp_test.c vendor-crypto/openssl/dist/crypto/evp/m_dss.c vendor-crypto/openssl/dist/crypto/evp/m_dss1.c vendor-crypto/openssl/dist/crypto/evp/m_md2.c vendor-crypto/openssl/dist/crypto/evp/m_md4.c vendor-crypto/openssl/dist/crypto/evp/m_md5.c vendor-crypto/openssl/dist/crypto/evp/m_mdc2.c vendor-crypto/openssl/dist/crypto/evp/m_sha.c vendor-crypto/openssl/dist/crypto/evp/m_sha1.c vendor-crypto/openssl/dist/crypto/evp/names.c vendor-crypto/openssl/dist/crypto/evp/p5_crpt.c vendor-crypto/openssl/dist/crypto/evp/p5_crpt2.c vendor-crypto/openssl/dist/crypto/evp/p_sign.c vendor-crypto/openssl/dist/crypto/evp/p_verify.c vendor-crypto/openssl/dist/crypto/hmac/Makefile vendor-crypto/openssl/dist/crypto/hmac/hmac.c vendor-crypto/openssl/dist/crypto/idea/Makefile vendor-crypto/openssl/dist/crypto/idea/i_skey.c vendor-crypto/openssl/dist/crypto/idea/idea.h vendor-crypto/openssl/dist/crypto/krb5/Makefile vendor-crypto/openssl/dist/crypto/lhash/Makefile vendor-crypto/openssl/dist/crypto/md2/Makefile vendor-crypto/openssl/dist/crypto/md2/md2.h vendor-crypto/openssl/dist/crypto/md2/md2_dgst.c vendor-crypto/openssl/dist/crypto/md4/Makefile vendor-crypto/openssl/dist/crypto/md4/md4.h vendor-crypto/openssl/dist/crypto/md4/md4_dgst.c vendor-crypto/openssl/dist/crypto/md5/Makefile vendor-crypto/openssl/dist/crypto/md5/md5.h vendor-crypto/openssl/dist/crypto/md5/md5_dgst.c vendor-crypto/openssl/dist/crypto/mdc2/Makefile vendor-crypto/openssl/dist/crypto/mdc2/mdc2.h vendor-crypto/openssl/dist/crypto/mdc2/mdc2dgst.c vendor-crypto/openssl/dist/crypto/mem.c vendor-crypto/openssl/dist/crypto/mem_dbg.c vendor-crypto/openssl/dist/crypto/objects/Makefile vendor-crypto/openssl/dist/crypto/objects/obj_dat.h vendor-crypto/openssl/dist/crypto/objects/obj_dat.pl vendor-crypto/openssl/dist/crypto/objects/obj_mac.h vendor-crypto/openssl/dist/crypto/objects/obj_mac.num vendor-crypto/openssl/dist/crypto/objects/objects.txt vendor-crypto/openssl/dist/crypto/ocsp/Makefile vendor-crypto/openssl/dist/crypto/ocsp/ocsp_asn.c vendor-crypto/openssl/dist/crypto/ocsp/ocsp_ht.c vendor-crypto/openssl/dist/crypto/ocsp/ocsp_srv.c vendor-crypto/openssl/dist/crypto/ocsp/ocsp_vfy.c vendor-crypto/openssl/dist/crypto/opensslconf.h vendor-crypto/openssl/dist/crypto/opensslconf.h.in vendor-crypto/openssl/dist/crypto/opensslv.h vendor-crypto/openssl/dist/crypto/ossl_typ.h vendor-crypto/openssl/dist/crypto/pem/Makefile vendor-crypto/openssl/dist/crypto/pem/pem.h vendor-crypto/openssl/dist/crypto/pem/pem_all.c vendor-crypto/openssl/dist/crypto/pem/pem_lib.c vendor-crypto/openssl/dist/crypto/pem/pem_x509.c vendor-crypto/openssl/dist/crypto/pem/pem_xaux.c vendor-crypto/openssl/dist/crypto/pkcs12/Makefile vendor-crypto/openssl/dist/crypto/pkcs12/p12_add.c vendor-crypto/openssl/dist/crypto/pkcs12/p12_asn.c vendor-crypto/openssl/dist/crypto/pkcs12/p12_attr.c vendor-crypto/openssl/dist/crypto/pkcs12/p12_crpt.c vendor-crypto/openssl/dist/crypto/pkcs12/p12_crt.c vendor-crypto/openssl/dist/crypto/pkcs12/p12_decr.c vendor-crypto/openssl/dist/crypto/pkcs12/p12_init.c vendor-crypto/openssl/dist/crypto/pkcs12/p12_key.c vendor-crypto/openssl/dist/crypto/pkcs12/p12_kiss.c vendor-crypto/openssl/dist/crypto/pkcs12/p12_mutl.c vendor-crypto/openssl/dist/crypto/pkcs12/p12_npas.c vendor-crypto/openssl/dist/crypto/pkcs12/p12_p8d.c vendor-crypto/openssl/dist/crypto/pkcs12/p12_p8e.c vendor-crypto/openssl/dist/crypto/pkcs12/p12_utl.c vendor-crypto/openssl/dist/crypto/pkcs12/pkcs12.h vendor-crypto/openssl/dist/crypto/pkcs7/Makefile vendor-crypto/openssl/dist/crypto/pkcs7/pk7_asn1.c vendor-crypto/openssl/dist/crypto/pkcs7/pk7_attr.c vendor-crypto/openssl/dist/crypto/pkcs7/pk7_mime.c vendor-crypto/openssl/dist/crypto/pkcs7/pk7_smime.c vendor-crypto/openssl/dist/crypto/pqueue/Makefile vendor-crypto/openssl/dist/crypto/pqueue/pq_compat.h vendor-crypto/openssl/dist/crypto/rand/Makefile vendor-crypto/openssl/dist/crypto/rand/md_rand.c vendor-crypto/openssl/dist/crypto/rand/rand.h vendor-crypto/openssl/dist/crypto/rand/rand_err.c vendor-crypto/openssl/dist/crypto/rand/rand_lcl.h vendor-crypto/openssl/dist/crypto/rand/rand_lib.c vendor-crypto/openssl/dist/crypto/rand/rand_unix.c vendor-crypto/openssl/dist/crypto/rand/randfile.c vendor-crypto/openssl/dist/crypto/rc2/Makefile vendor-crypto/openssl/dist/crypto/rc2/rc2.h vendor-crypto/openssl/dist/crypto/rc2/rc2_skey.c vendor-crypto/openssl/dist/crypto/rc4/Makefile vendor-crypto/openssl/dist/crypto/rc4/asm/rc4-x86_64.pl vendor-crypto/openssl/dist/crypto/rc4/rc4.h vendor-crypto/openssl/dist/crypto/rc4/rc4_skey.c vendor-crypto/openssl/dist/crypto/rc5/Makefile vendor-crypto/openssl/dist/crypto/rc5/rc5.h vendor-crypto/openssl/dist/crypto/rc5/rc5_skey.c vendor-crypto/openssl/dist/crypto/ripemd/Makefile vendor-crypto/openssl/dist/crypto/ripemd/README vendor-crypto/openssl/dist/crypto/ripemd/ripemd.h vendor-crypto/openssl/dist/crypto/ripemd/rmd_dgst.c vendor-crypto/openssl/dist/crypto/ripemd/rmd_locl.h vendor-crypto/openssl/dist/crypto/rsa/Makefile vendor-crypto/openssl/dist/crypto/rsa/rsa.h vendor-crypto/openssl/dist/crypto/rsa/rsa_asn1.c vendor-crypto/openssl/dist/crypto/rsa/rsa_eay.c vendor-crypto/openssl/dist/crypto/rsa/rsa_err.c vendor-crypto/openssl/dist/crypto/rsa/rsa_gen.c vendor-crypto/openssl/dist/crypto/rsa/rsa_lib.c vendor-crypto/openssl/dist/crypto/rsa/rsa_null.c vendor-crypto/openssl/dist/crypto/rsa/rsa_oaep.c vendor-crypto/openssl/dist/crypto/rsa/rsa_pss.c vendor-crypto/openssl/dist/crypto/rsa/rsa_sign.c vendor-crypto/openssl/dist/crypto/rsa/rsa_x931.c vendor-crypto/openssl/dist/crypto/seed/Makefile vendor-crypto/openssl/dist/crypto/sha/Makefile vendor-crypto/openssl/dist/crypto/sha/asm/sha1-ia64.pl vendor-crypto/openssl/dist/crypto/sha/sha.h vendor-crypto/openssl/dist/crypto/sha/sha1_one.c vendor-crypto/openssl/dist/crypto/sha/sha1dgst.c vendor-crypto/openssl/dist/crypto/sha/sha256.c vendor-crypto/openssl/dist/crypto/sha/sha512.c vendor-crypto/openssl/dist/crypto/sha/sha_dgst.c vendor-crypto/openssl/dist/crypto/sha/sha_locl.h vendor-crypto/openssl/dist/crypto/stack/Makefile vendor-crypto/openssl/dist/crypto/store/Makefile vendor-crypto/openssl/dist/crypto/symhacks.h vendor-crypto/openssl/dist/crypto/txt_db/Makefile vendor-crypto/openssl/dist/crypto/ui/Makefile vendor-crypto/openssl/dist/crypto/ui/ui_lib.c vendor-crypto/openssl/dist/crypto/ui/ui_openssl.c vendor-crypto/openssl/dist/crypto/x509/Makefile vendor-crypto/openssl/dist/crypto/x509/by_dir.c vendor-crypto/openssl/dist/crypto/x509/x509_cmp.c vendor-crypto/openssl/dist/crypto/x509/x509_trs.c vendor-crypto/openssl/dist/crypto/x509/x509_vpm.c vendor-crypto/openssl/dist/crypto/x509/x509cset.c vendor-crypto/openssl/dist/crypto/x509/x509spki.c vendor-crypto/openssl/dist/crypto/x509v3/Makefile vendor-crypto/openssl/dist/crypto/x509v3/ext_dat.h vendor-crypto/openssl/dist/crypto/x509v3/pcy_cache.c vendor-crypto/openssl/dist/crypto/x509v3/pcy_data.c vendor-crypto/openssl/dist/crypto/x509v3/pcy_int.h vendor-crypto/openssl/dist/crypto/x509v3/pcy_lib.c vendor-crypto/openssl/dist/crypto/x509v3/pcy_map.c vendor-crypto/openssl/dist/crypto/x509v3/pcy_node.c vendor-crypto/openssl/dist/crypto/x509v3/pcy_tree.c vendor-crypto/openssl/dist/crypto/x509v3/tabtest.c vendor-crypto/openssl/dist/crypto/x509v3/v3_addr.c vendor-crypto/openssl/dist/crypto/x509v3/v3_akey.c vendor-crypto/openssl/dist/crypto/x509v3/v3_akeya.c vendor-crypto/openssl/dist/crypto/x509v3/v3_alt.c vendor-crypto/openssl/dist/crypto/x509v3/v3_bcons.c vendor-crypto/openssl/dist/crypto/x509v3/v3_bitst.c vendor-crypto/openssl/dist/crypto/x509v3/v3_conf.c vendor-crypto/openssl/dist/crypto/x509v3/v3_cpols.c vendor-crypto/openssl/dist/crypto/x509v3/v3_crld.c vendor-crypto/openssl/dist/crypto/x509v3/v3_enum.c vendor-crypto/openssl/dist/crypto/x509v3/v3_extku.c vendor-crypto/openssl/dist/crypto/x509v3/v3_genn.c vendor-crypto/openssl/dist/crypto/x509v3/v3_ia5.c vendor-crypto/openssl/dist/crypto/x509v3/v3_info.c vendor-crypto/openssl/dist/crypto/x509v3/v3_int.c vendor-crypto/openssl/dist/crypto/x509v3/v3_lib.c vendor-crypto/openssl/dist/crypto/x509v3/v3_ncons.c vendor-crypto/openssl/dist/crypto/x509v3/v3_ocsp.c vendor-crypto/openssl/dist/crypto/x509v3/v3_pcons.c vendor-crypto/openssl/dist/crypto/x509v3/v3_pku.c vendor-crypto/openssl/dist/crypto/x509v3/v3_pmaps.c vendor-crypto/openssl/dist/crypto/x509v3/v3_prn.c vendor-crypto/openssl/dist/crypto/x509v3/v3_purp.c vendor-crypto/openssl/dist/crypto/x509v3/v3_skey.c vendor-crypto/openssl/dist/crypto/x509v3/v3_sxnet.c vendor-crypto/openssl/dist/crypto/x509v3/v3_utl.c vendor-crypto/openssl/dist/crypto/x509v3/v3conf.c vendor-crypto/openssl/dist/crypto/x509v3/v3prin.c vendor-crypto/openssl/dist/crypto/x509v3/x509v3.h vendor-crypto/openssl/dist/demos/asn1/ocsp.c vendor-crypto/openssl/dist/doc/apps/rand.pod vendor-crypto/openssl/dist/doc/apps/x509.pod vendor-crypto/openssl/dist/doc/crypto/RAND_egd.pod vendor-crypto/openssl/dist/doc/ssl/SSL_CIPHER_get_name.pod vendor-crypto/openssl/dist/doc/ssl/SSL_CTX_set_verify.pod vendor-crypto/openssl/dist/doc/ssl/SSL_SESSION_free.pod vendor-crypto/openssl/dist/doc/ssl/SSL_free.pod vendor-crypto/openssl/dist/doc/ssleay.txt vendor-crypto/openssl/dist/e_os.h vendor-crypto/openssl/dist/engines/Makefile vendor-crypto/openssl/dist/engines/e_aep.c vendor-crypto/openssl/dist/engines/e_chil.c vendor-crypto/openssl/dist/engines/e_chil_err.c vendor-crypto/openssl/dist/engines/e_chil_err.h vendor-crypto/openssl/dist/openssl.spec vendor-crypto/openssl/dist/ssl/Makefile vendor-crypto/openssl/dist/ssl/d1_enc.c vendor-crypto/openssl/dist/ssl/d1_lib.c vendor-crypto/openssl/dist/ssl/d1_pkt.c vendor-crypto/openssl/dist/ssl/kssl.c vendor-crypto/openssl/dist/ssl/s2_clnt.c vendor-crypto/openssl/dist/ssl/s2_srvr.c vendor-crypto/openssl/dist/ssl/s3_clnt.c vendor-crypto/openssl/dist/ssl/s3_pkt.c vendor-crypto/openssl/dist/ssl/s3_srvr.c vendor-crypto/openssl/dist/ssl/ssl_ciph.c vendor-crypto/openssl/dist/ssl/ssl_lib.c vendor-crypto/openssl/dist/ssl/ssl_locl.h vendor-crypto/openssl/dist/ssl/ssltest.c vendor-crypto/openssl/dist/ssl/t1_enc.c vendor-crypto/openssl/dist/test/CAss.cnf vendor-crypto/openssl/dist/test/Makefile vendor-crypto/openssl/dist/test/Uss.cnf vendor-crypto/openssl/dist/test/igetest.c vendor-crypto/openssl/dist/test/times vendor-crypto/openssl/dist/util/copy.pl vendor-crypto/openssl/dist/util/domd vendor-crypto/openssl/dist/util/libeay.num vendor-crypto/openssl/dist/util/mk1mf.pl vendor-crypto/openssl/dist/util/mkdef.pl vendor-crypto/openssl/dist/util/mkerr.pl vendor-crypto/openssl/dist/util/mkfiles.pl vendor-crypto/openssl/dist/util/mklink.pl vendor-crypto/openssl/dist/util/pl/VC-32.pl Modified: vendor-crypto/openssl/dist/CHANGES ============================================================================== --- vendor-crypto/openssl/dist/CHANGES Sun Jun 7 19:41:11 2009 (r193644) +++ vendor-crypto/openssl/dist/CHANGES Sun Jun 7 19:56:18 2009 (r193645) @@ -2,6 +2,88 @@ OpenSSL CHANGES _______________ + Changes between 0.9.8j and 0.9.8k [25 Mar 2009] + + *) Don't set val to NULL when freeing up structures, it is freed up by + underlying code. If sizeof(void *) > sizeof(long) this can result in + zeroing past the valid field. (CVE-2009-0789) + [Paolo Ganci <Paolo.Ganci@AdNovum.CH>] + + *) Fix bug where return value of CMS_SignerInfo_verify_content() was not + checked correctly. This would allow some invalid signed attributes to + appear to verify correctly. (CVE-2009-0591) + [Ivan Nestlerode <inestlerode@us.ibm.com>] + + *) Reject UniversalString and BMPString types with invalid lengths. This + prevents a crash in ASN1_STRING_print_ex() which assumes the strings have + a legal length. (CVE-2009-0590) + [Steve Henson] + + *) Set S/MIME signing as the default purpose rather than setting it + unconditionally. This allows applications to override it at the store + level. + [Steve Henson] + + *) Permit restricted recursion of ASN1 strings. This is needed in practice + to handle some structures. + [Steve Henson] + + *) Improve efficiency of mem_gets: don't search whole buffer each time + for a '\n' + [Jeremy Shapiro <jnshapir@us.ibm.com>] + + *) New -hex option for openssl rand. + [Matthieu Herrb] + + *) Print out UTF8String and NumericString when parsing ASN1. + [Steve Henson] + + *) Support NumericString type for name components. + [Steve Henson] + + *) Allow CC in the environment to override the automatically chosen + compiler. Note that nothing is done to ensure flags work with the + chosen compiler. + [Ben Laurie] + + Changes between 0.9.8i and 0.9.8j [07 Jan 2009] + + *) Properly check EVP_VerifyFinal() and similar return values + (CVE-2008-5077). + [Ben Laurie, Bodo Moeller, Google Security Team] + + *) Enable TLS extensions by default. + [Ben Laurie] + + *) Allow the CHIL engine to be loaded, whether the application is + multithreaded or not. (This does not release the developer from the + obligation to set up the dynamic locking callbacks.) + [Sander Temme <sander@temme.net>] + + *) Use correct exit code if there is an error in dgst command. + [Steve Henson; problem pointed out by Roland Dirlewanger] + + *) Tweak Configure so that you need to say "experimental-jpake" to enable + JPAKE, and need to use -DOPENSSL_EXPERIMENTAL_JPAKE in applications. + [Bodo Moeller] + + *) Add experimental JPAKE support, including demo authentication in + s_client and s_server. + [Ben Laurie] + + *) Set the comparison function in v3_addr_canonize(). + [Rob Austein <sra@hactrn.net>] + + *) Add support for XMPP STARTTLS in s_client. + [Philip Paeps <philip@freebsd.org>] + + *) Change the server-side SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG behavior + to ensure that even with this option, only ciphersuites in the + server's preference list will be accepted. (Note that the option + applies only when resuming a session, so the earlier behavior was + just about the algorithm choice for symmetric cryptography.) + [Bodo Moeller] + Changes between 0.9.8h and 0.9.8i [15 Sep 2008] *) Fix a state transitition in s3_srvr.c and d1_srvr.c @@ -34,6 +116,10 @@ [Neel Mehta, Bodo Moeller] + *) Allow engines to be "soft loaded" - i.e. optionally don't die if + the load fails. Useful for distros. + [Ben Laurie and the FreeBSD team] + *) Add support for Local Machine Keyset attribute in PKCS#12 files. [Steve Henson] @@ -52,9 +138,11 @@ This work was sponsored by Logica. [Steve Henson] - *) Allow engines to be "soft loaded" - i.e. optionally don't die if - the load fails. Useful for distros. - [Ben Laurie and the FreeBSD team] + *) Fix bug in X509_ATTRIBUTE creation: dont set attribute using + ASN1_TYPE_set1 if MBSTRING flag set. This bug would crash certain + attribute creation routines such as certifcate requests and PKCS#12 + files. + [Steve Henson] Changes between 0.9.8g and 0.9.8h [28 May 2008] Modified: vendor-crypto/openssl/dist/Configure ============================================================================== --- vendor-crypto/openssl/dist/Configure Sun Jun 7 19:41:11 2009 (r193644) +++ vendor-crypto/openssl/dist/Configure Sun Jun 7 19:56:18 2009 (r193645) @@ -6,11 +6,13 @@ eval 'exec perl -S $0 ${1+"$@"}' ## require 5.000; -use strict; +eval 'use strict;'; + +print STDERR "Warning: perl module strict not found.\n" if ($@); # see INSTALL for instructions. -my $usage="Usage: Configure [no-<cipher> ...] [enable-<cipher> ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [no-hw-xxx|no-hw] [[no-]threads] [[no-]shared] [[no-]zlib|zlib-dynamic] [enable-montasm] [no-asm] [no-dso] [no-krb5] [386] [--prefix=DIR] [--openssldir=OPENSSLDIR] [--with-xxx[=vvv]] [--test-sanity] os/compiler[:flags]\n"; +my $usage="Usage: Configure [no-<cipher> ...] [enable-<cipher> ...] [experimental-<cipher> ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [no-hw-xxx|no-hw] [[no-]threads] [[no-]shared] [[no-]zlib|zlib-dynamic] [enable-montasm] [no-asm] [no-dso] [no-krb5] [386] [--prefix=DIR] [--openssldir=OPENSSLDIR] [--with-xxx[=vvv]] [--test-sanity] os/compiler[:flags]\n"; # Options: # @@ -99,6 +101,11 @@ my $usage="Usage: Configure [no-<cipher> # SHA512_ASM sha512_block is implemented in assembler # AES_ASM ASE_[en|de]crypt is implemented in assembler +# Minimum warning options... any contributions to OpenSSL should at least get +# past these. + +my $gcc_devteam_warn = "-Wall -pedantic -DPEDANTIC -Wno-long-long -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Werror -DCRYPTO_MDEBUG_ALL -DCRYPTO_MDEBUG_ABORT -DREF_CHECK -DOPENSSL_NO_DEPRECATED"; + my $x86_gcc_des="DES_PTR DES_RISC1 DES_UNROLL"; # MD2_CHAR slags pentium pros @@ -152,15 +159,15 @@ my %table=( "debug-ben", "gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -O2 -pedantic -Wall -Wshadow -Werror -pipe::(unknown):::::bn86-elf.o co86-elf.o", "debug-ben-openbsd","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -DOPENSSL_OPENBSD_DEV_CRYPTO -DOPENSSL_NO_ASM -O2 -pedantic -Wall -Wshadow -Werror -pipe::(unknown)::::", "debug-ben-openbsd-debug","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -DOPENSSL_OPENBSD_DEV_CRYPTO -DOPENSSL_NO_ASM -g3 -O2 -pedantic -Wall -Wshadow -Werror -pipe::(unknown)::::", -"debug-ben-debug", "gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -g3 -O2 -pedantic -Wall -Wshadow -Werror -pipe::(unknown)::::::", +"debug-ben-debug", "gcc:$gcc_devteam_warn -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DDEBUG_SAFESTACK -g3 -O2 -pipe::(unknown)::::::", "debug-ben-strict", "gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DCONST_STRICT -O2 -Wall -Wshadow -Werror -Wpointer-arith -Wcast-qual -Wwrite-strings -pipe::(unknown)::::::", "debug-rse","cc:-DTERMIOS -DL_ENDIAN -pipe -O -g -ggdb3 -Wall::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}", -"debug-bodo", "gcc:-DL_ENDIAN -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBIO_PAIR_DEBUG -DPEDANTIC -g -march=i486 -pedantic -Wshadow -Wall::-D_REENTRANT:::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}", +"debug-bodo", "gcc:-DL_ENDIAN -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBIO_PAIR_DEBUG -DPEDANTIC -g -march=i486 -pedantic -Wshadow -Wall -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -Wundef -Wconversion -pipe::-D_REENTRANT:::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}", "debug-ulf", "gcc:-DTERMIOS -DL_ENDIAN -march=i486 -Wall -DBN_DEBUG -DBN_DEBUG_RAND -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -g -Wformat -Wshadow -Wmissing-prototypes -Wmissing-declarations:::CYGWIN32:::${no_asm}:win32:cygwin-shared:::.dll", -"debug-steve64", "gcc:-m64 -DL_ENDIAN -DTERMIO -DREF_CHECK -DCONF_DEBUG -DDEBUG_SAFESTACK -DCRYPTO_MDEBUG_ALL -DPEDANTIC -DOPENSSL_NO_DEPRECATED -g -pedantic -Wall -Werror -Wno-long-long -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK BF_PTR2 DES_INT DES_UNROLL:${x86_64_asm}:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"debug-steve32", "gcc:-m32 -DL_ENDIAN -DREF_CHECK -DCONF_DEBUG -DDEBUG_SAFESTACK -DCRYPTO_MDEBUG_ALL -DPEDANTIC -DOPENSSL_NO_DEPRECATED -g -pedantic -Wno-long-long -Wall -Werror -Wshadow -pipe::-D_REENTRANT::-rdynamic -ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC:-m32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"debug-steve64", "gcc:$gcc_devteam_warn -m64 -DL_ENDIAN -DTERMIO -DCONF_DEBUG -DDEBUG_SAFESTACK -g -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK BF_PTR2 DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"debug-steve32", "gcc:$gcc_devteam_warn -m32 -DL_ENDIAN -DCONF_DEBUG -DDEBUG_SAFESTACK -g -pipe::-D_REENTRANT::-rdynamic -ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC:-m32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"debug-steve-opt", "gcc:$gcc_devteam_warn -m64 -O3 -DL_ENDIAN -DTERMIO -DCONF_DEBUG -DDEBUG_SAFESTACK -g -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK BF_PTR2 DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", "debug-steve", "gcc:-DL_ENDIAN -DREF_CHECK -DCONF_DEBUG -DDEBUG_SAFESTACK -DCRYPTO_MDEBUG_ALL -DPEDANTIC -m32 -g -pedantic -Wno-long-long -Wall -Werror -Wshadow -pipe::-D_REENTRANT::-rdynamic -ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared", -"debug-steve-opt", "gcc:-DL_ENDIAN -DREF_CHECK -DCONF_DEBUG -DDEBUG_SAFESTACK -DCRYPTO_MDEBUG_ALL -DPEDANTIC -m32 -O3 -g -pedantic -Wno-long-long -Wall -Werror -Wshadow -pipe::-D_REENTRANT::-rdynamic -ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared", "debug-steve-linux-pseudo64", "gcc:-DL_ENDIAN -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DDEBUG_SAFESTACK -DCRYPTO_MDEBUG_ALL -DOPENSSL_NO_ASM -g -mcpu=i486 -Wall -Werror -Wshadow -pipe::-D_REENTRANT::-rdynamic -ldl:SIXTY_FOUR_BIT:${no_asm}:dlfcn:linux-shared", "debug-levitte-linux-elf","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_DEBUG -DBN_DEBUG_RAND -DCRYPTO_MDEBUG -DENGINE_CONF_DEBUG -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -Wundef -Wconversion -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", "debug-levitte-linux-noasm","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_DEBUG -DBN_DEBUG_RAND -DCRYPTO_MDEBUG -DENGINE_CONF_DEBUG -DOPENSSL_NO_ASM -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -Wundef -Wconversion -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", @@ -577,6 +584,11 @@ my $prefix=""; my $openssldir=""; my $exe_ext=""; my $install_prefix=""; +my $fipslibdir="/usr/local/ssl/fips-1.0/lib/"; +my $nofipscanistercheck=0; +my $fipsdso=0; +my $fipscanisterinternal="n"; +my $baseaddr="0xFB00000"; my $no_threads=0; my $threads=0; my $no_shared=0; # but "no-shared" is default @@ -600,6 +612,7 @@ my $rc2 ="crypto/rc2/rc2.h"; my $bf ="crypto/bf/bf_locl.h"; my $bn_asm ="bn_asm.o"; my $des_enc="des_enc.o fcrypt_b.o"; +my $fips_des_enc="fips_des_enc.o"; my $aes_enc="aes_core.o aes_cbc.o"; my $bf_enc ="bf_enc.o"; my $cast_enc="c_enc.o"; @@ -611,32 +624,40 @@ my $rmd160_obj=""; my $processor=""; my $default_ranlib; my $perl; +my $fips=0; # All of the following is disabled by default (RC5 was enabled before 0.9.8): -my %disabled = ( # "what" => "comment" +my %disabled = ( # "what" => "comment" [or special keyword "experimental"] "camellia" => "default", "capieng" => "default", "cms" => "default", "gmp" => "default", + "jpake" => "experimental", "mdc2" => "default", "montasm" => "default", # explicit option in 0.9.8 only (implicitly enabled in 0.9.9) "rc5" => "default", "rfc3779" => "default", "seed" => "default", "shared" => "default", - "tlsext" => "default", "zlib" => "default", "zlib-dynamic" => "default" ); +my @experimental = (); + +# This is what $depflags will look like with the above defaults +# (we need this to see if we should advise the user to run "make depend"): +my $default_depflags = " -DOPENSSL_NO_CAMELLIA -DOPENSSL_NO_CAPIENG -DOPENSSL_NO_CMS -DOPENSSL_NO_GMP -DOPENSSL_NO_JPAKE -DOPENSSL_NO_MDC2 -DOPENSSL_NO_RC5 -DOPENSSL_NO_RFC3779 -DOPENSSL_NO_SEED"; -# Additional "no-..." options will be collected in %disabled. -# To remove something from %disabled, use e.g. "enable-rc5". -# For symmetry, "disable-..." is a synonym for "no-...". -# This is what $depflags will look like with the above default: -my $default_depflags = "-DOPENSSL_NO_CAMELLIA -DOPENSSL_NO_CAPIENG -DOPENSSL_NO_CMS -DOPENSSL_NO_GMP -DOPENSSL_NO_MDC2 -DOPENSSL_NO_RC5 -DOPENSSL_NO_RFC3779 -DOPENSSL_NO_SEED -DOPENSSL_NO_TLSEXT "; +# Explicit "no-..." options will be collected in %disabled along with the defaults. +# To remove something from %disabled, use "enable-foo" (unless it's experimental). +# For symmetry, "disable-foo" is a synonym for "no-foo". + +# For features called "experimental" here, a more explicit "experimental-foo" is needed to enable. +# We will collect such requests in @experimental. +# To avoid accidental use of experimental features, applications will have to use -DOPENSSL_EXPERIMENTAL_FOO. my $no_sse2=0; @@ -645,6 +666,7 @@ my $no_sse2=0; my $flags; my $depflags; +my $openssl_experimental_defines; my $openssl_algorithm_defines; my $openssl_thread_defines; my $openssl_sys_defines=""; @@ -665,6 +687,7 @@ while($argv_unprocessed) { $flags=""; $depflags=""; + $openssl_experimental_defines=""; $openssl_algorithm_defines=""; $openssl_thread_defines=""; $openssl_sys_defines=""; @@ -690,25 +713,35 @@ PROCESS_ARGS: if (/^no-(.+)$/ || /^disable-(.+)$/) { - if ($1 eq "ssl") - { - $disabled{"ssl2"} = "option(ssl)"; - $disabled{"ssl3"} = "option(ssl)"; - } - elsif ($1 eq "tls") + if (!($disabled{$1} eq "experimental")) { - $disabled{"tls1"} = "option(tls)" - } - else - { - $disabled{$1} = "option"; + if ($1 eq "ssl") + { + $disabled{"ssl2"} = "option(ssl)"; + $disabled{"ssl3"} = "option(ssl)"; + } + elsif ($1 eq "tls") + { + $disabled{"tls1"} = "option(tls)" + } + else + { + $disabled{$1} = "option"; + } } } - elsif (/^enable-(.+)$/) + elsif (/^enable-(.+)$/ || /^experimental-(.+)$/) { - delete $disabled{$1}; + my $algo = $1; + if ($disabled{$algo} eq "experimental") + { + die "You are requesting an experimental feature; please say 'experimental-$algo' if you are sure\n" + unless (/^experimental-/); + push @experimental, $algo; + } + delete $disabled{$algo}; - $threads = 1 if ($1 eq "threads"); + $threads = 1 if ($algo eq "threads"); } elsif (/^--test-sanity$/) { @@ -739,12 +772,36 @@ PROCESS_ARGS: } elsif (/^386$/) { $processor=386; } + elsif (/^fips$/) + { + $fips=1; + } elsif (/^rsaref$/) { # No RSAref support any more since it's not needed. # The check for the option is there so scripts aren't # broken } + elsif (/^nofipscanistercheck$/) + { + $fips = 1; + $nofipscanistercheck = 1; + } + elsif (/^fipscanisterbuild$/) + { + $fips = 1; + $nofipscanistercheck = 1; + $fipslibdir=""; + $fipscanisterinternal="y"; + } + elsif (/^fipsdso$/) + { + $fips = 1; + $nofipscanistercheck = 1; + $fipslibdir=""; + $fipscanisterinternal="y"; + $fipsdso = 1; + } elsif (/^[-+]/) { if (/^-[lL](.*)$/) @@ -779,6 +836,14 @@ PROCESS_ARGS: { $withargs{"zlib-include"}="-I$1"; } + elsif (/^--with-fipslibdir=(.*)$/) + { + $fipslibdir="$1/"; + } + elsif (/^--with-baseaddr=(.*)$/) + { + $baseaddr="$1"; + } else { print STDERR $usage; @@ -886,6 +951,54 @@ print "Configuring for $target\n"; &usage if (!defined($table{$target})); +my @fields = split(/\s*:\s*/,$table{$target} . ":" x 30 , -1); +my $cc = $fields[$idx_cc]; +# Allow environment CC to override compiler... +if($ENV{CC}) { + $cc = $ENV{CC}; +} +my $cflags = $fields[$idx_cflags]; +my $unistd = $fields[$idx_unistd]; +my $thread_cflag = $fields[$idx_thread_cflag]; +my $sys_id = $fields[$idx_sys_id]; +my $lflags = $fields[$idx_lflags]; +my $bn_ops = $fields[$idx_bn_ops]; +my $cpuid_obj = $fields[$idx_cpuid_obj]; +my $bn_obj = $fields[$idx_bn_obj]; +my $des_obj = $fields[$idx_des_obj]; +my $aes_obj = $fields[$idx_aes_obj]; +my $bf_obj = $fields[$idx_bf_obj]; +my $md5_obj = $fields[$idx_md5_obj]; +my $sha1_obj = $fields[$idx_sha1_obj]; +my $cast_obj = $fields[$idx_cast_obj]; +my $rc4_obj = $fields[$idx_rc4_obj]; +my $rmd160_obj = $fields[$idx_rmd160_obj]; +my $rc5_obj = $fields[$idx_rc5_obj]; +my $dso_scheme = $fields[$idx_dso_scheme]; +my $shared_target = $fields[$idx_shared_target]; +my $shared_cflag = $fields[$idx_shared_cflag]; +my $shared_ldflag = $fields[$idx_shared_ldflag]; +my $shared_extension = $fields[$idx_shared_extension]; +my $ranlib = $fields[$idx_ranlib]; +my $arflags = $fields[$idx_arflags]; + +if ($fips) + { + delete $disabled{"shared"} if ($disabled{"shared"} eq "default"); + $disabled{"asm"}="forced" + if ($target !~ "VC\-.*" && + "$cpuid_obj:$bn_obj:$aes_obj:$des_obj:$sha1_obj" eq "::::"); + } + +foreach (sort @experimental) + { + my $ALGO; + ($ALGO = $_) =~ tr/[a-z]/[A-Z]/; + + # opensslconf.h will set OPENSSL_NO_... unless OPENSSL_EXPERIMENTAL_... is defined + $openssl_experimental_defines .= "#define OPENSSL_NO_$ALGO\n"; + $cflags .= " -DOPENSSL_EXPERIMENTAL_$ALGO"; + } foreach (sort (keys %disabled)) { @@ -936,7 +1049,7 @@ foreach (sort (keys %disabled)) push @skip, $algo; print " (skip dir)"; - $depflags .="-DOPENSSL_NO_$ALGO "; + $depflags .= " -DOPENSSL_NO_$ALGO"; } } } @@ -944,15 +1057,26 @@ foreach (sort (keys %disabled)) print "\n"; } - my $IsMK1MF=scalar grep /^$target$/,@MK1MF_Builds; $IsMK1MF=1 if ($target eq "mingw" && $^O ne "cygwin" && !is_msys()); +$no_shared = 0 if ($fipsdso && !$IsMK1MF); + $exe_ext=".exe" if ($target eq "Cygwin" || $target eq "DJGPP" || $target eq "mingw"); $exe_ext=".nlm" if ($target =~ /netware/); $exe_ext=".pm" if ($target =~ /vos/); -$openssldir="/usr/local/ssl" if ($openssldir eq "" and $prefix eq ""); +if ($openssldir eq "" and $prefix eq "") + { + if ($fips) + { + $openssldir="/usr/local/ssl/fips"; + } + else + { + $openssldir="/usr/local/ssl"; + } + } $prefix=$openssldir if $prefix eq ""; $default_ranlib= &which("ranlib") or $default_ranlib="true"; @@ -960,7 +1084,7 @@ $perl=$ENV{'PERL'} or $perl=&which("perl or $perl="perl"; chop $openssldir if $openssldir =~ /\/$/; -chop $prefix if $prefix =~ /\/$/; +chop $prefix if $prefix =~ /.\/$/; $openssldir=$prefix . "/ssl" if $openssldir eq ""; $openssldir=$prefix . "/" . $openssldir if $openssldir !~ /(^\/|^[a-zA-Z]:[\\\/])/; @@ -968,33 +1092,6 @@ $openssldir=$prefix . "/" . $openssldir print "IsMK1MF=$IsMK1MF\n"; -my @fields = split(/\s*:\s*/,$table{$target} . ":" x 30 , -1); -my $cc = $fields[$idx_cc]; -my $cflags = $fields[$idx_cflags]; -my $unistd = $fields[$idx_unistd]; -my $thread_cflag = $fields[$idx_thread_cflag]; -my $sys_id = $fields[$idx_sys_id]; -my $lflags = $fields[$idx_lflags]; -my $bn_ops = $fields[$idx_bn_ops]; -my $cpuid_obj = $fields[$idx_cpuid_obj]; -my $bn_obj = $fields[$idx_bn_obj]; -my $des_obj = $fields[$idx_des_obj]; -my $aes_obj = $fields[$idx_aes_obj]; -my $bf_obj = $fields[$idx_bf_obj]; -my $md5_obj = $fields[$idx_md5_obj]; -my $sha1_obj = $fields[$idx_sha1_obj]; -my $cast_obj = $fields[$idx_cast_obj]; -my $rc4_obj = $fields[$idx_rc4_obj]; -my $rmd160_obj = $fields[$idx_rmd160_obj]; -my $rc5_obj = $fields[$idx_rc5_obj]; -my $dso_scheme = $fields[$idx_dso_scheme]; -my $shared_target = $fields[$idx_shared_target]; -my $shared_cflag = $fields[$idx_shared_cflag]; -my $shared_ldflag = $fields[$idx_shared_ldflag]; -my $shared_extension = $fields[$idx_shared_extension]; -my $ranlib = $fields[$idx_ranlib]; -my $arflags = $fields[$idx_arflags]; - # '%' in $lflags is used to split flags to "pre-" and post-flags my ($prelflags,$postlflags)=split('%',$lflags); if (defined($postlflags)) { $lflags=$postlflags; } @@ -1128,6 +1225,8 @@ if ($no_asm) { $cpuid_obj=$bn_obj=$des_obj=$aes_obj=$bf_obj=$cast_obj=$rc4_obj=$rc5_obj=""; $sha1_obj=$md5_obj=$rmd160_obj=""; + $cflags=~s/\-D[BL]_ENDIAN// if ($fips); + $thread_cflags=~s/\-D[BL]_ENDIAN// if ($fips); } if ($montasm) { @@ -1166,7 +1265,7 @@ if ($zlib) my $shared_mark = ""; if ($shared_target eq "") { - $no_shared_warn = 1 if !$no_shared; + $no_shared_warn = 1 if !$no_shared && !$fips; $no_shared = 1; } if (!$no_shared) @@ -1255,8 +1354,14 @@ $bn_obj = $bn_asm unless $bn_obj ne ""; # bn86* is the only one implementing bn_*_part_words $cflags.=" -DOPENSSL_BN_ASM_PART_WORDS" if ($bn_obj =~ /bn86/); $cflags.=" -DOPENSSL_IA32_SSE2" if (!$no_sse2 && $bn_obj =~ /bn86/); + $cflags.=" -DOPENSSL_BN_ASM_MONT" if ($bn_obj =~ /\-mont|mo86\-/); +if ($fips) + { + $openssl_other_defines.="#define OPENSSL_FIPS\n"; + } + $des_obj=$des_enc unless ($des_obj =~ /\.o$/); $bf_obj=$bf_enc unless ($bf_obj =~ /\.o$/); $cast_obj=$cast_enc unless ($cast_obj =~ /\.o$/); @@ -1341,10 +1446,13 @@ while (<IN>) if ($sdirs) { my $dir; foreach $dir (@skip) { - s/([ ])$dir /\1/; + s/(\s)$dir\s/$1/; + s/\s$dir$//; } } $sdirs = 0 unless /\\$/; + s/fips // if (/^DIRS=/ && !$fips); + s/engines // if (/^DIRS=/ && $disabled{"engine"}); s/^VERSION=.*/VERSION=$version/; s/^MAJOR=.*/MAJOR=$major/; s/^MINOR=.*/MINOR=$minor/; @@ -1362,7 +1470,7 @@ while (<IN>) s/^CC=.*$/CC= $cc/; s/^MAKEDEPPROG=.*$/MAKEDEPPROG= $cc/ if $cc eq "gcc"; s/^CFLAG=.*$/CFLAG= $cflags/; - s/^DEPFLAG=.*$/DEPFLAG= $depflags/; + s/^DEPFLAG=.*$/DEPFLAG=$depflags/; s/^PEX_LIBS=.*$/PEX_LIBS= $prelflags/; s/^EX_LIBS=.*$/EX_LIBS= $lflags/; s/^EXE_EXT=.*$/EXE_EXT= $exe_ext/; @@ -1385,9 +1493,24 @@ while (<IN>) s/^LIBKRB5=.*/LIBKRB5=$withargs{"krb5-lib"}/; s/^LIBZLIB=.*/LIBZLIB=$withargs{"zlib-lib"}/; s/^ZLIB_INCLUDE=.*/ZLIB_INCLUDE=$withargs{"zlib-include"}/; + s/^FIPSLIBDIR=.*/FIPSLIBDIR=$fipslibdir/; + if ($fipsdso) + { + s/^FIPSCANLIB=.*/FIPSCANLIB=libfips/; + s/^SHARED_FIPS=.*/SHARED_FIPS=libfips\$(SHLIB_EXT)/; + s/^SHLIBDIRS=.*/SHLIBDIRS= crypto ssl fips/; + } + else + { + s/^FIPSCANLIB=.*/FIPSCANLIB=libcrypto/ if $fips; + s/^SHARED_FIPS=.*/SHARED_FIPS=/; + s/^SHLIBDIRS=.*/SHLIBDIRS= crypto ssl/; + } + s/^FIPSCANISTERINTERNAL=.*/FIPSCANISTERINTERNAL=$fipscanisterinternal/; + s/^BASEADDR=.*/BASEADDR=$baseaddr/; s/^SHLIB_TARGET=.*/SHLIB_TARGET=$shared_target/; s/^SHLIB_MARK=.*/SHLIB_MARK=$shared_mark/; - s/^SHARED_LIBS=.*/SHARED_LIBS=\$(SHARED_CRYPTO) \$(SHARED_SSL)/ if (!$no_shared); + s/^SHARED_LIBS=.*/SHARED_LIBS=\$(SHARED_FIPS) \$(SHARED_CRYPTO) \$(SHARED_SSL)/ if (!$no_shared); if ($shared_extension ne "" && $shared_extension =~ /^\.s([ol])\.[^\.]*$/) { my $sotmp = $1; @@ -1491,6 +1614,7 @@ print OUT "/* WARNING: Generated automat print OUT "/* OpenSSL was configured with the following options: */\n"; my $openssl_algorithm_defines_trans = $openssl_algorithm_defines; +$openssl_experimental_defines =~ s/^\s*#\s*define\s+OPENSSL_NO_(.*)/#ifndef OPENSSL_EXPERIMENTAL_$1\n# ifndef OPENSSL_NO_$1\n# define OPENSSL_NO_$1\n# endif\n#endif/mg; $openssl_algorithm_defines_trans =~ s/^\s*#\s*define\s+OPENSSL_(.*)/# if defined(OPENSSL_$1) \&\& !defined($1)\n# define $1\n# endif/mg; $openssl_algorithm_defines =~ s/^\s*#\s*define\s+(.*)/#ifndef $1\n# define $1\n#endif/mg; $openssl_algorithm_defines = " /* no ciphers excluded */\n" if $openssl_algorithm_defines eq ""; @@ -1499,8 +1623,10 @@ $openssl_sys_defines =~ s/^\s*#\s*define $openssl_other_defines =~ s/^\s*#\s*define\s+(.*)/#ifndef $1\n# define $1\n#endif/mg; print OUT $openssl_sys_defines; print OUT "#ifndef OPENSSL_DOING_MAKEDEPEND\n\n"; +print OUT $openssl_experimental_defines; +print OUT "\n"; print OUT $openssl_algorithm_defines; -print OUT "\n#endif /* OPENSSL_DOING_MAKEDEPEND */\n"; +print OUT "\n#endif /* OPENSSL_DOING_MAKEDEPEND */\n\n"; print OUT $openssl_thread_defines; print OUT $openssl_other_defines,"\n"; @@ -1682,9 +1808,16 @@ BEGIN BEGIN BLOCK "040904b0" BEGIN +#if defined(FIPS) + VALUE "Comments", "WARNING: TEST VERSION ONLY ***NOT*** FIPS 140-2 VALIDATED.\\0" +#endif // Required: VALUE "CompanyName", "The OpenSSL Project, http://www.openssl.org/\\0" +#if defined(FIPS) + VALUE "FileDescription", "TEST UNVALIDATED FIPS140-2 DLL\\0" +#else VALUE "FileDescription", "OpenSSL Shared Library\\0" +#endif VALUE "FileVersion", "$version\\0" #if defined(CRYPTO) VALUE "InternalName", "libeay32\\0" @@ -1692,12 +1825,15 @@ BEGIN #elif defined(SSL) VALUE "InternalName", "ssleay32\\0" VALUE "OriginalFilename", "ssleay32.dll\\0" +#elif defined(FIPS) + VALUE "InternalName", "libosslfips\\0" + VALUE "OriginalFilename", "libosslfips.dll\\0" #endif VALUE "ProductName", "The OpenSSL Toolkit\\0" VALUE "ProductVersion", "$version\\0" // Optional: //VALUE "Comments", "\\0" - VALUE "LegalCopyright", "Copyright © 1998-2005 The OpenSSL Project. Copyright © 1995-1998 Eric A. Young, Tim J. Hudson. All rights reserved.\\0" + VALUE "LegalCopyright", "Copyright © 1998-2007 The OpenSSL Project. Copyright © 1995-1998 Eric A. Young, Tim J. Hudson. All rights reserved.\\0" //VALUE "LegalTrademarks", "\\0" //VALUE "PrivateBuild", "\\0" //VALUE "SpecialBuild", "\\0" @@ -1734,6 +1870,21 @@ libraries on this platform, they will at (but please first make sure you have tried with a current version of OpenSSL). EOF +print <<\EOF if ($fipscanisterinternal eq "y"); + +WARNING: OpenSSL has been configured using unsupported option(s) to internally +generate a fipscanister.o object module for TESTING PURPOSES ONLY; that +compiled module is NOT FIPS 140-2 validated and CANNOT be used to replace the +OpenSSL FIPS Object Module as identified by the CMVP +(http://csrc.nist.gov/cryptval/) in any application requiring the use of FIPS +140-2 validated software. + +This is an OpenSSL 0.9.8 test version. + +See the file README.FIPS for details of how to build a test library. + +EOF + exit(0); sub usage Modified: vendor-crypto/openssl/dist/FAQ ============================================================================== --- vendor-crypto/openssl/dist/FAQ Sun Jun 7 19:41:11 2009 (r193644) +++ vendor-crypto/openssl/dist/FAQ Sun Jun 7 19:56:18 2009 (r193645) @@ -78,7 +78,7 @@ OpenSSL - Frequently Asked Questions * Which is the current version of OpenSSL? The current version is available from <URL: http://www.openssl.org>. -OpenSSL 0.9.8i was released on Sep 15th, 2008. +OpenSSL 0.9.8k was released on Mar 25th, 2009. In addition to the current stable release, you can also access daily snapshots of the OpenSSL development version at <URL: Modified: vendor-crypto/openssl/dist/Makefile ============================================================================== --- vendor-crypto/openssl/dist/Makefile Sun Jun 7 19:41:11 2009 (r193644) +++ vendor-crypto/openssl/dist/Makefile Sun Jun 7 19:56:18 2009 (r193645) @@ -4,7 +4,7 @@ ## Makefile for OpenSSL ## -VERSION=0.9.8i +VERSION=0.9.8k MAJOR=0 MINOR=9.8 SHLIB_VERSION_NUMBER=0.9.8 @@ -13,7 +13,7 @@ SHLIB_MAJOR=0 SHLIB_MINOR=9.8 SHLIB_EXT= PLATFORM=dist -OPTIONS= no-camellia no-capieng no-cms no-gmp no-krb5 no-mdc2 no-montasm no-rc5 no-rfc3779 no-seed no-shared no-tlsext no-zlib no-zlib-dynamic +OPTIONS= no-camellia no-capieng no-cms no-gmp no-jpake no-krb5 no-mdc2 no-montasm no-rc5 no-rfc3779 no-seed no-shared no-zlib no-zlib-dynamic CONFIGURE_ARGS=dist SHLIB_TARGET= @@ -61,12 +61,13 @@ OPENSSLDIR=/usr/local/ssl CC= cc CFLAG= -O -DEPFLAG= -DOPENSSL_NO_CAMELLIA -DOPENSSL_NO_CAPIENG -DOPENSSL_NO_CMS -DOPENSSL_NO_GMP -DOPENSSL_NO_MDC2 -DOPENSSL_NO_RC5 -DOPENSSL_NO_RFC3779 -DOPENSSL_NO_SEED -DOPENSSL_NO_TLSEXT +DEPFLAG= -DOPENSSL_NO_CAMELLIA -DOPENSSL_NO_CAPIENG -DOPENSSL_NO_CMS -DOPENSSL_NO_GMP -DOPENSSL_NO_JPAKE -DOPENSSL_NO_MDC2 -DOPENSSL_NO_RC5 -DOPENSSL_NO_RFC3779 -DOPENSSL_NO_SEED PEX_LIBS= EX_LIBS= EXE_EXT= ARFLAGS= AR=ar $(ARFLAGS) r +ARD=ar $(ARFLAGS) d RANLIB= /usr/bin/ranlib PERL= /usr/bin/perl TAR= tar @@ -106,6 +107,32 @@ LIBKRB5= ZLIB_INCLUDE= LIBZLIB= +# This is the location of fipscanister.o and friends. +# The FIPS module build will place it $(INSTALLTOP)/lib +# but since $(INSTALLTOP) can only take the default value +# when the module is built it will be in /usr/local/ssl/lib +# $(INSTALLTOP) for this build make be different so hard +# code the path. + +FIPSLIBDIR=/usr/local/ssl/fips-1.0/lib/ + +# This is set to "y" if fipscanister.o is compiled internally as +# opposed to coming from an external validated location. + +FIPSCANISTERINTERNAL=n + +# The location of the library which contains fipscanister.o +# normally it will be libcrypto unless fipsdso is set in which +# case it will be libfips. If not compiling in FIPS mode at all +# this is empty making it a useful test for a FIPS compile. + +FIPSCANLIB= + +# Shared library base address. Currently only used on Windows. +# + +BASEADDR=0xFB00000 + DIRS= crypto ssl engines apps test tools SHLIBDIRS= crypto ssl @@ -140,6 +167,7 @@ WDIRS= windows LIBS= libcrypto.a libssl.a SHARED_CRYPTO=libcrypto$(SHLIB_EXT) SHARED_SSL=libssl$(SHLIB_EXT) +SHARED_FIPS= SHARED_LIBS= SHARED_LIBS_LINK_EXTS= SHARED_LDFLAGS= @@ -193,6 +221,10 @@ BUILDENV= PLATFORM='${PLATFORM}' PROCESS SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' \ MD5_ASM_OBJ='${MD5_ASM_OBJ}' \ RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' \ + FIPSLIBDIR='${FIPSLIBDIR}' \ + FIPSCANLIB="$${FIPSCANLIB:-$(FIPSCANLIB)}" \ + FIPSCANISTERINTERNAL='${FIPSCANISTERINTERNAL}' \ + FIPS_EX_OBJ='${FIPS_EX_OBJ}' \ THIS=$${THIS:-$@} MAKEFILE=Makefile MAKEOVERRIDES= # MAKEOVERRIDES= effectively "equalizes" GNU-ish and SysV-ish make flavors, # which in turn eliminates ambiguities in variable treatment with -e. @@ -211,7 +243,8 @@ BUILDENV= PLATFORM='${PLATFORM}' PROCESS # subdirectories defined in $(DIRS). It requires that the target # is given through the shell variable `target'. BUILD_CMD= if [ -d "$$dir" ]; then \ - ( cd $$dir && echo "making $$target in $$dir..." && \ + ( [ $$target != all -a -z "$(FIPSCANLIB)" ] && FIPSCANLIB=/dev/null; \ + cd $$dir && echo "making $$target in $$dir..." && \ $(CLEARENV) && $(MAKE) -e $(BUILDENV) TOP=.. DIR=$$dir $$target \ ) || exit 1; \ fi @@ -224,13 +257,84 @@ BUILD_ONE_CMD=\ reflect: @[ -n "$(THIS)" ] && $(CLEARENV) && $(MAKE) $(THIS) -e $(BUILDENV) +FIPS_EX_OBJ= ../crypto/aes/aes_cfb.o \ + ../crypto/aes/aes_ecb.o \ + ../crypto/aes/aes_ofb.o \ + ../crypto/bn/bn_add.o \ + ../crypto/bn/bn_blind.o \ + ../crypto/bn/bn_ctx.o \ + ../crypto/bn/bn_div.o \ + ../crypto/bn/bn_exp2.o \ + ../crypto/bn/bn_exp.o \ + ../crypto/bn/bn_gcd.o \ + ../crypto/bn/bn_lib.o \ + ../crypto/bn/bn_mod.o \ + ../crypto/bn/bn_mont.o \ + ../crypto/bn/bn_mul.o \ + ../crypto/bn/bn_prime.o \ + ../crypto/bn/bn_rand.o \ + ../crypto/bn/bn_recp.o \ + ../crypto/bn/bn_shift.o \ + ../crypto/bn/bn_sqr.o \ + ../crypto/bn/bn_word.o \ + ../crypto/bn/bn_x931p.o \ + ../crypto/buffer/buf_str.o \ + ../crypto/cryptlib.o \ + ../crypto/des/cfb64ede.o \ + ../crypto/des/cfb64enc.o \ + ../crypto/des/cfb_enc.o \ + ../crypto/des/ecb3_enc.o \ + ../crypto/des/ecb_enc.o \ + ../crypto/des/ofb64ede.o \ + ../crypto/des/ofb64enc.o \ + ../crypto/des/fcrypt.o \ + ../crypto/des/set_key.o \ + ../crypto/dsa/dsa_utl.o \ + ../crypto/dsa/dsa_sign.o \ + ../crypto/dsa/dsa_vrf.o \ + ../crypto/err/err.o \ + ../crypto/evp/digest.o \ + ../crypto/evp/enc_min.o \ + ../crypto/evp/e_aes.o \ + ../crypto/evp/e_des3.o \ + ../crypto/evp/p_sign.o \ + ../crypto/evp/p_verify.o \ + ../crypto/mem_clr.o \ + ../crypto/mem.o \ + ../crypto/rand/md_rand.o \ + ../crypto/rand/rand_egd.o \ + ../crypto/rand/randfile.o \ + ../crypto/rand/rand_lib.o \ + ../crypto/rand/rand_os2.o \ + ../crypto/rand/rand_unix.o \ + ../crypto/rand/rand_win.o \ + ../crypto/rsa/rsa_lib.o \ + ../crypto/rsa/rsa_none.o \ + ../crypto/rsa/rsa_oaep.o \ + ../crypto/rsa/rsa_pk1.o \ + ../crypto/rsa/rsa_pss.o \ + ../crypto/rsa/rsa_ssl.o \ + ../crypto/rsa/rsa_x931.o \ + ../crypto/sha/sha1dgst.o \ + ../crypto/sha/sha256.o \ + ../crypto/sha/sha512.o \ + ../crypto/uid.o + sub_all: build_all build_all: build_libs build_apps build_tests build_tools -build_libs: build_crypto build_ssl build_engines +build_libs: build_crypto build_fips build_ssl build_shared build_engines build_crypto: - @dir=crypto; target=all; $(BUILD_ONE_CMD) + if [ -n "$(FIPSCANLIB)" ]; then \ + EXCL_OBJ='$(AES_ASM_OBJ) $(BN_ASM) $(DES_ENC) $(CPUID_OBJ) $(SHA1_ASM_OBJ) $(FIPS_EX_OBJ)' ; export EXCL_OBJ ; \ + ARX='$(PERL) $${TOP}/util/arx.pl $(AR)' ; \ + else \ + ARX='${AR}' ; \ + fi ; export ARX ; \ + dir=crypto; target=all; $(BUILD_ONE_CMD) +build_fips: + @dir=fips; target=all; [ -z "$(FIPSCANLIB)" ] || $(BUILD_ONE_CMD) build_ssl: @dir=ssl; target=all; $(BUILD_ONE_CMD) build_engines: @@ -246,9 +350,20 @@ all_testapps: build_libs build_testapps build_testapps: @dir=crypto; target=testapps; $(BUILD_ONE_CMD) -libcrypto$(SHLIB_EXT): libcrypto.a +build_shared: $(SHARED_LIBS) +libcrypto$(SHLIB_EXT): libcrypto.a $(SHARED_FIPS) @if [ "$(SHLIB_TARGET)" != "" ]; then \ - $(MAKE) SHLIBDIRS=crypto build-shared; \ + if [ "$(FIPSCANLIB)" = "libfips" ]; then \ + $(ARD) libcrypto.a fipscanister.o ; \ + $(MAKE) SHLIBDIRS='crypto' SHLIBDEPS='-lfips' build-shared; \ + $(AR) libcrypto.a fips/fipscanister.o ; \ + else \ + if [ "$(FIPSCANLIB)" = "libcrypto" ]; then \ + FIPSLD_CC=$(CC); CC=fips/fipsld; \ + export CC FIPSLD_CC; \ + fi; \ + $(MAKE) -e SHLIBDIRS='crypto' build-shared; \ + fi \ else \ echo "There's no support for shared libraries on this platform" >&2; \ exit 1; \ @@ -256,12 +371,32 @@ libcrypto$(SHLIB_EXT): libcrypto.a libssl$(SHLIB_EXT): libcrypto$(SHLIB_EXT) libssl.a @if [ "$(SHLIB_TARGET)" != "" ]; then \ - $(MAKE) SHLIBDIRS=ssl SHLIBDEPS='-lcrypto' build-shared; \ + shlibdeps=-lcrypto; \ + [ "$(FIPSCANLIB)" = "libfips" ] && shlibdeps="$$shlibdeps -lfips"; \ + $(MAKE) SHLIBDIRS=ssl SHLIBDEPS="$$shlibdeps" build-shared; \ + else \ + echo "There's no support for shared libraries on this platform" >&2 ; \ + exit 1; \ + fi + +fips/fipscanister.o: build_fips +libfips$(SHLIB_EXT): fips/fipscanister.o + @if [ "$(SHLIB_TARGET)" != "" ]; then \ + FIPSLD_CC=$(CC); CC=fips/fipsld; export CC FIPSLD_CC; \ + $(MAKE) -f Makefile.shared -e $(BUILDENV) \ + CC=$${CC} LIBNAME=fips THIS=$@ \ + LIBEXTRAS=fips/fipscanister.o \ + LIBDEPS="$(EX_LIBS)" \ + LIBVERSION=${SHLIB_MAJOR}.${SHLIB_MINOR} \ + link_o.$(SHLIB_TARGET) || { rm -f $@; exit 1; } \ else \ echo "There's no support for shared libraries on this platform" >&2; \ exit 1; \ fi +libfips.a: + dir=fips; target=all; $(BUILD_ONE_CMD) + clean-shared: @set -e; for i in $(SHLIBDIRS); do \ if [ -n "$(SHARED_LIBS_LINK_EXTS)" ]; then \ @@ -371,6 +506,9 @@ links: @$(PERL) $(TOP)/util/mkdir-p.pl include/openssl @$(PERL) $(TOP)/util/mklink.pl include/openssl $(EXHEADER) @set -e; target=links; $(RECURSIVE_BUILD_CMD) + @if [ -z "$(FIPSCANLIB)" ]; then \ + set -e; target=links; dir=fips ; $(BUILD_CMD) ; \ + fi gentests: @(cd test && echo "generating dummy tests (if needed)..." && \ Modified: vendor-crypto/openssl/dist/Makefile.org ============================================================================== --- vendor-crypto/openssl/dist/Makefile.org Sun Jun 7 19:41:11 2009 (r193644) +++ vendor-crypto/openssl/dist/Makefile.org Sun Jun 7 19:56:18 2009 (r193645) @@ -65,6 +65,7 @@ EX_LIBS= EXE_EXT= ARFLAGS= AR=ar $(ARFLAGS) r +ARD=ar $(ARFLAGS) d RANLIB= ranlib PERL= perl TAR= tar @@ -104,8 +105,34 @@ LIBKRB5= ZLIB_INCLUDE= LIBZLIB= -DIRS= crypto ssl engines apps test tools -SHLIBDIRS= crypto ssl +# This is the location of fipscanister.o and friends. +# The FIPS module build will place it $(INSTALLTOP)/lib +# but since $(INSTALLTOP) can only take the default value +# when the module is built it will be in /usr/local/ssl/lib +# $(INSTALLTOP) for this build make be different so hard +# code the path. + +FIPSLIBDIR=/usr/local/ssl/lib/ + +# This is set to "y" if fipscanister.o is compiled internally as +# opposed to coming from an external validated location. + +FIPSCANISTERINTERNAL=n + +# The location of the library which contains fipscanister.o +# normally it will be libcrypto unless fipsdso is set in which +# case it will be libfips. If not compiling in FIPS mode at all +# this is empty making it a useful test for a FIPS compile. + +FIPSCANLIB= + +# Shared library base address. Currently only used on Windows. +# + +BASEADDR= + +DIRS= crypto fips ssl engines apps test tools +SHLIBDIRS= crypto ssl fips # dirs in crypto to build SDIRS= \ @@ -115,7 +142,7 @@ SDIRS= \ bn ec rsa dsa ecdsa dh ecdh dso engine \ buffer bio stack lhash rand err \ evp asn1 pem x509 x509v3 conf txt_db pkcs7 pkcs12 comp ocsp ui krb5 \ - store cms pqueue + store cms pqueue jpake # keep in mind that the above list is adjusted by ./Configure # according to no-xxx arguments... @@ -138,6 +165,7 @@ WDIRS= windows LIBS= libcrypto.a libssl.a SHARED_CRYPTO=libcrypto$(SHLIB_EXT) SHARED_SSL=libssl$(SHLIB_EXT) +SHARED_FIPS= SHARED_LIBS= SHARED_LIBS_LINK_EXTS= SHARED_LDFLAGS= @@ -191,6 +219,10 @@ BUILDENV= PLATFORM='${PLATFORM}' PROCESS SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' \ MD5_ASM_OBJ='${MD5_ASM_OBJ}' \ RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' \ + FIPSLIBDIR='${FIPSLIBDIR}' \ + FIPSCANLIB="$${FIPSCANLIB:-$(FIPSCANLIB)}" \ + FIPSCANISTERINTERNAL='${FIPSCANISTERINTERNAL}' \ + FIPS_EX_OBJ='${FIPS_EX_OBJ}' \ THIS=$${THIS:-$@} MAKEFILE=Makefile MAKEOVERRIDES= # MAKEOVERRIDES= effectively "equalizes" GNU-ish and SysV-ish make flavors, # which in turn eliminates ambiguities in variable treatment with -e. @@ -209,7 +241,8 @@ BUILDENV= PLATFORM='${PLATFORM}' PROCESS # subdirectories defined in $(DIRS). It requires that the target # is given through the shell variable `target'. BUILD_CMD= if [ -d "$$dir" ]; then \ - ( cd $$dir && echo "making $$target in $$dir..." && \ + ( [ $$target != all -a -z "$(FIPSCANLIB)" ] && FIPSCANLIB=/dev/null; \ + cd $$dir && echo "making $$target in $$dir..." && \ $(CLEARENV) && $(MAKE) -e $(BUILDENV) TOP=.. DIR=$$dir $$target \ ) || exit 1; \ fi @@ -222,13 +255,84 @@ BUILD_ONE_CMD=\ reflect: @[ -n "$(THIS)" ] && $(CLEARENV) && $(MAKE) $(THIS) -e $(BUILDENV) *** DIFF OUTPUT TRUNCATED AT 1000 LINES ***
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200906071956.n57JuJan003551>