From: Dr. Stephen Henson Date: Wed, 19 Sep 2007 00:02:49 +0000 (+0000) Subject: Include some fixes from 0.9.8-stable branch. X-Git-Tag: FIPS_098_TEST_7~4 X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=f36a8c2060e3a81747fb963f01987f70754f52a2;p=oweals%2Fopenssl.git Include some fixes from 0.9.8-stable branch. --- diff --git a/Configure b/Configure index 07d5ea8e4c..1997020984 100755 --- a/Configure +++ b/Configure @@ -1227,9 +1227,13 @@ $cpuid_obj.=" uplink.o uplink-cof.o" if ($cflags =~ /\-DOPENSSL_USE_APPLINK/); # if ($target =~ /\-icc$/) # Intel C compiler { - my($iccver)=`$cc -V 2>&1`; - if ($iccver =~ /Version ([0-9]+)\./) { $iccver=$1; } - else { $iccver=0; } + my $iccver=0; + if (open(FD,"$cc -V 2>&1 |")) + { + while() { $iccver=$1 if (/Version ([0-9]+)\./); } + close(FD); + } + if ($iccver>=8) { # Eliminate unnecessary dependency from libirc.a. This is @@ -1237,6 +1241,15 @@ if ($target =~ /\-icc$/) # Intel C compiler # apps/openssl can end up in endless loop upon startup... $cflags.=" -Dmemcpy=__builtin_memcpy -Dmemset=__builtin_memset"; } + if ($iccver>=9) + { + $cflags.=" -i-static"; + $cflags=~s/\-no_cpprt/-no-cpprt/; + } + if ($iccver>=10) + { + $cflags=~s/\-i\-static/-static-intel/; + } } # Unlike other OSes (like Solaris, Linux, Tru64, IRIX) BSD run-time diff --git a/Makefile.shared b/Makefile.shared index 004e25dfe3..3b877b851b 100644 --- a/Makefile.shared +++ b/Makefile.shared @@ -466,7 +466,7 @@ link_o.hpux: ALLSYMSFLAGS='-Wl,-Fl'; \ NOALLSYMSFLAGS=''; \ expr $(PLATFORM) : 'hpux64' > /dev/null && ALLSYMSFLAGS='-Wl,+forceload'; \ - SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -Wl,-B,symbolic,+vnocompatwarnings,-z,+s,+h,$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX"; \ + SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -Wl,-B,symbolic,+vnocompatwarnings,-z,+s,+h,$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX,+cdp,../:,+cdp,./:"; \ fi; \ rm -f $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX || :; \ $(LINK_SO_O) && chmod a=rx $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX @@ -479,7 +479,7 @@ link_a.hpux: ALLSYMSFLAGS='-Wl,-Fl'; \ NOALLSYMSFLAGS=''; \ expr $(PLATFORM) : 'hpux64' > /dev/null && ALLSYMSFLAGS='-Wl,+forceload'; \ - SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -Wl,-B,symbolic,+vnocompatwarnings,-z,+s,+h,$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX"; \ + SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -Wl,-B,symbolic,+vnocompatwarnings,-z,+s,+h,$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX,+cdp,../:,+cdp,./:"; \ fi; \ rm -f $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX || :; \ $(LINK_SO_A) && chmod a=rx $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX diff --git a/TABLE b/TABLE index f624369501..eee885a014 100644 --- a/TABLE +++ b/TABLE @@ -947,7 +947,7 @@ $arflags = *** darwin-i386-cc $cc = cc -$cflags = -O3 -fomit-frame-pointer -fno-common +$cflags = -arch i386 -O3 -fomit-frame-pointer -fno-common $unistd = $thread_cflag = -D_REENTRANT $sys_id = MACOSX @@ -967,14 +967,14 @@ $rc5_obj = $dso_scheme = dlfcn $shared_target= darwin-shared $shared_cflag = -fPIC -fno-common -$shared_ldflag = -dynamiclib +$shared_ldflag = -arch i386 -dynamiclib $shared_extension = .$(SHLIB_MAJOR).$(SHLIB_MINOR).dylib $ranlib = $arflags = *** darwin-ppc-cc $cc = cc -$cflags = -O3 -DB_ENDIAN +$cflags = -arch ppc -O3 -DB_ENDIAN $unistd = $thread_cflag = -D_REENTRANT $sys_id = MACOSX @@ -994,7 +994,61 @@ $rc5_obj = $dso_scheme = dlfcn $shared_target= darwin-shared $shared_cflag = -fPIC -fno-common -$shared_ldflag = -dynamiclib +$shared_ldflag = -arch ppc -dynamiclib +$shared_extension = .$(SHLIB_MAJOR).$(SHLIB_MINOR).dylib +$ranlib = +$arflags = + +*** darwin64-ppc-cc +$cc = cc +$cflags = -arch ppc64 -O3 -DB_ENDIAN +$unistd = +$thread_cflag = -D_REENTRANT +$sys_id = MACOSX +$lflags = -Wl,-search_paths_first% +$bn_ops = SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR +$cpuid_obj = ppccpuid_osx64.o +$bn_obj = osx_ppc64.o osx_ppc64-mont.o +$des_obj = +$aes_obj = +$bf_obj = +$md5_obj = +$sha1_obj = sha1-ppc_osx64.o sha256-ppc_osx64.o sha512-ppc_osx64.o +$cast_obj = +$rc4_obj = +$rmd160_obj = +$rc5_obj = +$dso_scheme = +$shared_target= +$shared_cflag = dlfcn +$shared_ldflag = darwin-shared +$shared_extension = -fPIC -fno-common +$ranlib = -arch ppc64 -dynamiclib +$arflags = .$(SHLIB_MAJOR).$(SHLIB_MINOR).dylib + +*** darwin64-x86_64-cc +$cc = cc +$cflags = -arch x86_64 -O3 -fomit-frame-pointer -DL_ENDIAN -DMD32_REG_T=int -Wall +$unistd = +$thread_cflag = -D_REENTRANT +$sys_id = MACOSX +$lflags = -Wl,-search_paths_first% +$bn_ops = SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK BF_PTR2 DES_INT DES_UNROLL +$cpuid_obj = +$bn_obj = +$des_obj = +$aes_obj = +$bf_obj = +$md5_obj = +$sha1_obj = +$cast_obj = +$rc4_obj = +$rmd160_obj = +$rc5_obj = +$dso_scheme = dlfcn +$shared_target= darwin-shared +$shared_cflag = -fPIC -fno-common +$shared_ldflag = -arch x86_64 -dynamiclib $shared_extension = .$(SHLIB_MAJOR).$(SHLIB_MINOR).dylib $ranlib = $arflags = diff --git a/apps/dgst.c b/apps/dgst.c index 72ff877afb..9941c1365a 100644 --- a/apps/dgst.c +++ b/apps/dgst.c @@ -256,29 +256,33 @@ ERR_load_crypto_strings(); BIO_printf(bio_err,"-engine e use engine e, possibly a hardware device.\n"); #endif - BIO_printf(bio_err,"-%3s to use the %s message digest algorithm (default)\n", + BIO_printf(bio_err,"-%-14s to use the %s message digest algorithm (default)\n", LN_md5,LN_md5); - BIO_printf(bio_err,"-%3s to use the %s message digest algorithm\n", + BIO_printf(bio_err,"-%-14s to use the %s message digest algorithm\n", LN_md4,LN_md4); - BIO_printf(bio_err,"-%3s to use the %s message digest algorithm\n", + BIO_printf(bio_err,"-%-14s to use the %s message digest algorithm\n", LN_md2,LN_md2); #ifndef OPENSSL_NO_SHA - BIO_printf(bio_err,"-%3s to use the %s message digest algorithm\n", + BIO_printf(bio_err,"-%-14s to use the %s message digest algorithm\n", LN_sha1,LN_sha1); - BIO_printf(bio_err,"-%3s to use the %s message digest algorithm\n", + BIO_printf(bio_err,"-%-14s to use the %s message digest algorithm\n", LN_sha,LN_sha); #ifndef OPENSSL_NO_SHA256 - BIO_printf(bio_err,"-%3s to use the %s message digest algorithm\n", + BIO_printf(bio_err,"-%-14s to use the %s message digest algorithm\n", + LN_sha224,LN_sha224); + BIO_printf(bio_err,"-%-14s to use the %s message digest algorithm\n", LN_sha256,LN_sha256); #endif #ifndef OPENSSL_NO_SHA512 - BIO_printf(bio_err,"-%3s to use the %s message digest algorithm\n", + BIO_printf(bio_err,"-%-14s to use the %s message digest algorithm\n", + LN_sha384,LN_sha384); + BIO_printf(bio_err,"-%-14s to use the %s message digest algorithm\n", LN_sha512,LN_sha512); #endif #endif - BIO_printf(bio_err,"-%3s to use the %s message digest algorithm\n", + BIO_printf(bio_err,"-%-14s to use the %s message digest algorithm\n", LN_mdc2,LN_mdc2); - BIO_printf(bio_err,"-%3s to use the %s message digest algorithm\n", + BIO_printf(bio_err,"-%-14s to use the %s message digest algorithm\n", LN_ripemd160,LN_ripemd160); err=1; goto end; diff --git a/crypto/aes/aes_ige.c b/crypto/aes/aes_ige.c index 8b5b36bacc..45d7096181 100644 --- a/crypto/aes/aes_ige.c +++ b/crypto/aes/aes_ige.c @@ -62,9 +62,11 @@ typedef struct { /* XXX: probably some better way to do this */ #if defined(__i386__) || defined(__x86_64__) #define UNALIGNED_MEMOPS_ARE_FAST 1 +#else +#define UNALIGNED_MEMOPS_ARE_FAST 0 #endif -#ifdef UNALIGNED_MEMOPS_ARE_FAST +#if UNALIGNED_MEMOPS_ARE_FAST #define load_block(d, s) (d) = *(const aes_block_t *)(s) #define store_block(d, s) *(aes_block_t *)(d) = (s) #else @@ -89,7 +91,8 @@ void AES_ige_encrypt(const unsigned char *in, unsigned char *out, if (AES_ENCRYPT == enc) { - if (in != out) + if (in != out && + (UNALIGNED_MEMOPS_ARE_FAST || ((size_t)in|(size_t)out|(size_t)ivec)%sizeof(long)==0)) { aes_block_t *ivp = (aes_block_t *)ivec; aes_block_t *iv2p = (aes_block_t *)(ivec + AES_BLOCK_SIZE); @@ -143,7 +146,8 @@ void AES_ige_encrypt(const unsigned char *in, unsigned char *out, } else { - if(in != out) + if (in != out && + (UNALIGNED_MEMOPS_ARE_FAST || ((size_t)in|(size_t)out|(size_t)ivec)%sizeof(long)==0)) { aes_block_t *ivp = (aes_block_t *)ivec; aes_block_t *iv2p = (aes_block_t *)(ivec + AES_BLOCK_SIZE); diff --git a/crypto/bio/b_print.c b/crypto/bio/b_print.c index 4857cfe0ce..3a87b0ec0b 100644 --- a/crypto/bio/b_print.c +++ b/crypto/bio/b_print.c @@ -79,7 +79,7 @@ #include /* To get BN_LLONG properly defined */ #include -#ifdef BN_LLONG +#if defined(BN_LLONG) || defined(SIXTY_FOUR_BIT) # ifndef HAVE_LONG_LONG # define HAVE_LONG_LONG 1 # endif @@ -117,7 +117,7 @@ #if HAVE_LONG_LONG # if defined(OPENSSL_SYS_WIN32) && !defined(__GNUC__) -# define LLONG _int64 +# define LLONG __int64 # else # define LLONG long long # endif diff --git a/crypto/bio/b_sock.c b/crypto/bio/b_sock.c index 4b3860b991..cd78de1e87 100644 --- a/crypto/bio/b_sock.c +++ b/crypto/bio/b_sock.c @@ -456,9 +456,6 @@ int BIO_sock_init(void) { int err; -#ifdef SIGINT - signal(SIGINT,(void (*)(int))BIO_sock_cleanup); -#endif wsa_init_done=1; memset(&wsa_state,0,sizeof(wsa_state)); if (WSAStartup(0x0101,&wsa_state)!=0) @@ -484,11 +481,6 @@ int BIO_sock_init(void) if (!wsa_init_done) { - -# ifdef SIGINT - signal(SIGINT,(void (*)(int))BIO_sock_cleanup); -# endif - wsa_init_done=1; wVerReq = MAKEWORD( 2, 0 ); err = WSAStartup(wVerReq,&wsaData); @@ -511,7 +503,7 @@ void BIO_sock_cleanup(void) { wsa_init_done=0; #ifndef OPENSSL_SYS_WINCE - WSACancelBlockingCall(); + WSACancelBlockingCall(); /* Winsock 1.1 specific */ #endif WSACleanup(); } diff --git a/crypto/bio/bio.h b/crypto/bio/bio.h index 2c9e8a7c80..0362bb90ca 100644 --- a/crypto/bio/bio.h +++ b/crypto/bio/bio.h @@ -129,8 +129,8 @@ extern "C" { /* dgram BIO stuff */ #define BIO_CTRL_DGRAM_CONNECT 31 /* BIO dgram special */ #define BIO_CTRL_DGRAM_SET_CONNECTED 32 /* allow for an externally - * connected socket to be - * passed in */ + * connected socket to be + * passed in */ #define BIO_CTRL_DGRAM_SET_RECV_TIMEOUT 33 /* setsockopt, essentially */ #define BIO_CTRL_DGRAM_GET_RECV_TIMEOUT 34 /* getsockopt, essentially */ #define BIO_CTRL_DGRAM_SET_SEND_TIMEOUT 35 /* setsockopt, essentially */ @@ -146,14 +146,14 @@ extern "C" { #define BIO_CTRL_DGRAM_QUERY_MTU 40 /* as kernel for current MTU */ #define BIO_CTRL_DGRAM_GET_MTU 41 /* get cached value for MTU */ #define BIO_CTRL_DGRAM_SET_MTU 42 /* set cached value for - * MTU. want to use this - * if asking the kernel - * fails */ + * MTU. want to use this + * if asking the kernel + * fails */ #define BIO_CTRL_DGRAM_MTU_EXCEEDED 43 /* check whether the MTU - * was exceed in the - * previous write - * operation */ + * was exceed in the + * previous write + * operation */ #define BIO_CTRL_DGRAM_SET_PEER 44 /* Destination for the data */ diff --git a/crypto/bn/bn_mont.c b/crypto/bn/bn_mont.c index a8ec134145..46b6eddf45 100644 --- a/crypto/bn/bn_mont.c +++ b/crypto/bn/bn_mont.c @@ -299,6 +299,8 @@ int BN_from_montgomery(BIGNUM *ret, const BIGNUM *a, BN_MONT_CTX *mont, } for (ri+=4; itop=al; diff --git a/crypto/bn/bn_prime.c b/crypto/bn/bn_prime.c index 5bab019553..7b25979dd1 100644 --- a/crypto/bn/bn_prime.c +++ b/crypto/bn/bn_prime.c @@ -377,14 +377,14 @@ static int witness(BIGNUM *w, const BIGNUM *a, const BIGNUM *a1, static int probable_prime(BIGNUM *rnd, int bits) { int i; - BN_ULONG mods[NUMPRIMES]; + prime_t mods[NUMPRIMES]; BN_ULONG delta,maxdelta; again: if (!BN_rand(rnd,bits,1,1)) return(0); /* we now have a random number 'rand' to test. */ for (i=1; i #include /* diff --git a/doc/apps/enc.pod b/doc/apps/enc.pod index c43da5b3f1..4391c93360 100644 --- a/doc/apps/enc.pod +++ b/doc/apps/enc.pod @@ -227,6 +227,14 @@ Blowfish and RC5 algorithms use a 128 bit key. rc5-ecb RC5 cipher in ECB mode rc5-ofb RC5 cipher in OFB mode + aes-[128|192|256]-cbc 128/192/256 bit AES in CBC mode + aes-[128|192|256] Alias for aes-[128|192|256]-cbc + aes-[128|192|256]-cfb 128/192/256 bit AES in 128 bit CFB mode + aes-[128|192|256]-cfb1 128/192/256 bit AES in 1 bit CFB mode + aes-[128|192|256]-cfb8 128/192/256 bit AES in 8 bit CFB mode + aes-[128|192|256]-ecb 128/192/256 bit AES in ECB mode + aes-[128|192|256]-ofb 128/192/256 bit AES in OFB mode + =head1 EXAMPLES Just base64 encode a binary file: diff --git a/doc/apps/openssl.pod b/doc/apps/openssl.pod index dc0f49ddca..964cdf0f02 100644 --- a/doc/apps/openssl.pod +++ b/doc/apps/openssl.pod @@ -227,6 +227,22 @@ SHA Digest SHA-1 Digest +=item B + +SHA-224 Digest + +=item B + +SHA-256 Digest + +=item B + +SHA-384 Digest + +=item B + +SHA-512 Digest + =back =head2 ENCODING AND CIPHER COMMANDS diff --git a/doc/apps/rsautl.pod b/doc/apps/rsautl.pod index a7c1681d98..1a498c2f62 100644 --- a/doc/apps/rsautl.pod +++ b/doc/apps/rsautl.pod @@ -152,7 +152,7 @@ The final BIT STRING contains the actual signature. It can be extracted with: The certificate public key can be extracted with: - openssl x509 -in test/testx509.pem -pubout -noout >pubkey.pem + openssl x509 -in test/testx509.pem -pubkey -noout >pubkey.pem The signature can be analysed with: diff --git a/ssl/d1_srvr.c b/ssl/d1_srvr.c index 475e6095fd..ff27b4b467 100644 --- a/ssl/d1_srvr.c +++ b/ssl/d1_srvr.c @@ -1009,6 +1009,7 @@ int dtls1_send_certificate_request(SSL *s) STACK_OF(X509_NAME) *sk=NULL; X509_NAME *name; BUF_MEM *buf; + unsigned int msg_len; if (s->state == SSL3_ST_SW_CERT_REQ_A) { @@ -1086,6 +1087,10 @@ int dtls1_send_certificate_request(SSL *s) #endif /* XDTLS: set message header ? */ + msg_len = s->init_num - DTLS1_HM_HEADER_LENGTH; + dtls1_set_message_header(s, s->init_buf->data, + SSL3_MT_CERTIFICATE_REQUEST, msg_len, 0, msg_len); + /* buffer the message to handle re-xmits */ dtls1_buffer_message(s, 0);