Prepare to release 0.9.7g.

The tag till be OpenSSL_0_9_7g.

.cvsignore

@@ -15,3 +15,6 @@ cctest.a
 libcrypto.so.*
 libssl.so.*
 libcrypto.sha1
+libcrypto.a.sha1
+*.flc
+semantic.cache

CHANGES

@@ -2,7 +2,58 @@
  OpenSSL CHANGES
  _______________
 
- Changes between 0.9.7e and 0.9.7f  [XX xxx XXXX]
+ Changes between 0.9.7f and 0.9.7g  [11 Apr 2005]
+
+  *) Fixes for newer kerberos headers. NB: the casts are needed because
+     the 'length' field is signed on one version and unsigned on another
+     with no (?) obvious way to tell the difference, without these VC++
+     complains. Also the "definition" of FAR (blank) is no longer included
+     nor is the error ENOMEM. KRB5_PRIVATE has to be set to 1 to pick up
+     some needed definitions.
+     [Steve Henson]
+
+  *) Undo Cygwin change.
+     [Ulf M<>ller]
+
+  *) Added support for proxy certificates according to RFC 3820.
+     Because they may be a security thread to unaware applications,
+     they must be explicitely allowed in run-time.  See
+     docs/HOWTO/proxy_certificates.txt for further information.
+     [Richard Levitte]
+
+ Changes between 0.9.7e and 0.9.7f  [22 Mar 2005]
+
+  *) Use (SSL_RANDOM_VALUE - 4) bytes of pseudo random data when generating
+     server and client random values. Previously
+     (SSL_RANDOM_VALUE - sizeof(time_t)) would be used which would result in
+     less random data when sizeof(time_t) > 4 (some 64 bit platforms).
+
+     This change has negligible security impact because:
+
+     1. Server and client random values still have 24 bytes of pseudo random
+        data.
+
+     2. Server and client random values are sent in the clear in the initial
+        handshake.
+
+     3. The master secret is derived using the premaster secret (48 bytes in
+        size for static RSA ciphersuites) as well as client server and random
+        values.
+
+     The OpenSSL team would like to thank the UK NISCC for bringing this issue
+     to our attention. 
+
+     [Stephen Henson, reported by UK NISCC]
+
+  *) Use Windows randomness collection on Cygwin.
+     [Ulf M<>ller]
+
+  *) Fix hang in EGD/PRNGD query when communication socket is closed
+     prematurely by EGD/PRNGD.
+     [Darren Tucker <dtucker@zip.com.au> via Lutz J<>nicke, resolves #1014]
+
+  *) Prompt for pass phrases when appropriate for PKCS12 input format.
+     [Steve Henson]
 
   *) Back-port of selected performance improvements from development
      branch, as well as improved support for PowerPC platforms.

Configure

@@ -169,9 +169,19 @@ my %table=(
 # 7_x86) /usr/ccs/bin/as fails to assemble with "Illegal mnemonic"
 # error message.
 "solaris-x86-gcc","gcc:-O3 -fomit-frame-pointer -m486 -Wall -DL_ENDIAN -DOPENSSL_NO_INLINE_ASM::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+# -shared -static-libgcc might appear controversial, but modules taken
+# from static libgcc do not have relocations and linking them into our
+# shared objects doesn't have any negative side-effects. On the contrary,
+# doing so makes it possible to use gcc shared build with Sun C. Given
+# that gcc generates faster code [thanks to inline assembler], I would
+# actually recommend to consider using gcc shared build even with vendor
+# compiler:-)
+#						<appro@fy.chalmers.se>
+"solaris64-x86_64-gcc","gcc:-m64 -O3 -Wall -DL_ENDIAN -DMD32_REG_T=int::-D_REENTRANT::-lsocket -lnsl -ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK BF_PTR2 DES_INT DES_UNROLL:asm/x86_64-gcc.o::::::asm/rc4-amd64.o:::dlfcn:solaris-shared:-fPIC:-m64 -shared -static-libgcc:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 
 #### Solaris x86 with Sun C setups
 "solaris-x86-cc","cc:-fast -O -Xa::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_UNROLL BF_PTR::::::::::dlfcn:solaris-shared:-KPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"solaris64-x86_64-cc","cc:-fast -xarch=amd64 -xstrconst -Xa -DL_ENDIAN::-D_REENTRANT::-lsocket -lnsl -ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK BF_PTR2 DES_INT DES_UNROLL::::::::::dlfcn:solaris-shared:-KPIC:-xarch=amd64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 
 #### SPARC Solaris with GNU C setups
 "solaris-sparcv7-gcc","gcc:-O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::::::::::dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
@@ -270,10 +280,10 @@ my %table=(
 "hpux64-parisc2-gcc","gcc:-O3 -DB_ENDIAN -DMD32_XARRAY::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT:asm/pa-risc2W.o:::::::::dlfcn:hpux64-shared:-fpic::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 
 # IA-64 targets
-"hpux-ia64-cc","cc:-Ae +DD32 +O3 +Olit=all -z -DB_ENDIAN::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT MD2_CHAR RC4_INDEX DES_UNROLL DES_RISC1 DES_INT:asm/ia64-cpp.o::::asm/sha1-ia64.o::asm/rc4-ia64.o:::dlfcn:hpux-shared:+Z::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"hpux-ia64-cc","cc:-Ae +DD32 +O3 +Olit=all -z -DB_ENDIAN::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT MD2_CHAR RC4_INDEX DES_UNROLL DES_RISC1 DES_INT:asm/ia64-cpp.o::::asm/sha1-ia64.o::asm/rc4-ia64.o:::dlfcn:hpux-shared:+Z::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 # Frank Geurts <frank.geurts@nl.abnamro.com> has patiently assisted with
 # with debugging of the following config.
-"hpux64-ia64-cc","cc:-Ae +DD64 +O3 +Olit=all -z -DB_ENDIAN::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX DES_UNROLL DES_RISC1 DES_INT:asm/ia64-cpp.o::::asm/sha1-ia64.o::asm/rc4-ia64.o:::dlfcn:hpux64-shared:+Z::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"hpux64-ia64-cc","cc:-Ae +DD64 +O3 +Olit=all -z -DB_ENDIAN::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX DES_UNROLL DES_RISC1 DES_INT:asm/ia64-cpp.o::::asm/sha1-ia64.o::asm/rc4-ia64.o:::dlfcn:hpux64-shared:+Z::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 
 # More attempts at unified 10.X and 11.X targets for HP C compiler.
 #
@@ -425,7 +435,9 @@ my %table=(
 "qnx6",	"cc:-DL_ENDIAN -DTERMIOS::(unknown)::-lsocket:${x86_gcc_des} ${x86_gcc_opts}:",
 
 # Linux on ARM
-"linux-elf-arm","gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+# ARM comes in both little- and big-endian flavors. The following line is
+# endian neutral, but ./config is free to throw in -D[BL]_ENDIAN...
+"linux-elf-arm","gcc:-DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 
 # SCO/Caldera targets.
 #
@@ -518,17 +530,17 @@ my %table=(
 "BC-16","bcc:::(unknown):WIN16::BN_LLONG DES_PTR RC4_INDEX SIXTEEN_BIT:::",
 
 # MinGW
-"mingw", "gcc:-DL_ENDIAN -fomit-frame-pointer -O3 -march=i486 -mno-cygwin -Wall:::MINGW32:-mno-cygwin -lwsock32 -lgdi32:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_out_asm}:win32::::.dll",
+"mingw", "gcc:-DL_ENDIAN -fomit-frame-pointer -O3 -march=i486 -mno-cygwin -Wall:::MINGW32:-lwsock32 -lgdi32:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_out_asm}:win32:cygwin-shared:-D_WINDLL:-mno-cygwin:.dll",
 
 # UWIN 
 "UWIN", "cc:-DTERMIOS -DL_ENDIAN -O -Wall:::UWIN::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::win32",
 
 # Cygwin
 "Cygwin-pre1.3", "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall::(unknown):CYGWIN32::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::win32",
-"Cygwin", "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -march=i486 -Wall:::CYGWIN32::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_out_asm}:win32:cygwin-shared:::.dll",
+"Cygwin", "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -march=i486 -Wall:::CYGWIN32::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_out_asm}:dlfcn:cygwin-shared:-D_WINDLL::.dll",
 
 # DJGPP
-"DJGPP", "gcc:-I/dev/env/WATT_ROOT/inc -DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O2 -Wall:::MSDOS:-L/dev/env/WATT_ROOT/lib -lwatt:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::",
+"DJGPP", "gcc:-I/dev/env/WATT_ROOT/inc -DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O2 -Wall -DDEVRANDOM=\"/dev/urandom\\x24\":::MSDOS:-L/dev/env/WATT_ROOT/lib -lwatt:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::",
 
 # Ultrix from Bernhard Simon <simon@zid.tuwien.ac.at>
 "ultrix-cc","cc:-std1 -O -Olimit 2500 -DL_ENDIAN::(unknown):::::::",
@@ -938,8 +950,7 @@ print "Configuring for $target\n";
 
 my $IsWindows=scalar grep /^$target$/,@WinTargets;
 
-$exe_ext=".exe" if ($target eq "Cygwin");
-$exe_ext=".exe" if ($target eq "DJGPP");
+$exe_ext=".exe" if ($target eq "Cygwin" || $target eq "DJGPP" || $target eq "mingw");
 $exe_ext=".pm" if ($target eq "vos-gcc" or $target eq "debug-vos-gcc" or $target eq "vos-vcc" or $target eq "debug-vos-vcc");
 $openssldir="/usr/local/ssl" if ($openssldir eq "" and $prefix eq "");
 $prefix=$openssldir if $prefix eq "";
@@ -1536,7 +1547,6 @@ EOF
 	} else {
 	    # No path for Perl known ...
 	    &dofile("tools/c_rehash",'/usr/local/bin/perl','^#!/', '#!%s','^my \$dir;$', 'my $dir = "' . $openssldir . '";');
-	    &dofile("apps/der_chop",'/usr/local/bin/perl','^#!/', '#!%s');
 	    &dofile("apps/CA.pl",'/usr/local/bin/perl','^#!/', '#!%s');
 	}
 	if ($depflags ne "" && !$make_depend) {

FAQ

@@ -70,7 +70,7 @@ OpenSSL  -  Frequently Asked Questions
 * Which is the current version of OpenSSL?
 
 The current version is available from <URL: http://www.openssl.org>.
-OpenSSL 0.9.7e was released on October 25, 2004.
+OpenSSL 0.9.7g was released on April 11, 2005.
 
 In addition to the current stable release, you can also access daily
 snapshots of the OpenSSL development version at <URL:
@@ -472,6 +472,10 @@ This will only compile sha_dgst.c with -O0, the rest with the optimization
 level chosen by the configuration process.  When the above is done, do the
 test and installation and you're set.
 
+3. Reconfigure the toolkit with no-sha0 option to leave out SHA0. It
+should not be used and is not used in SSL/TLS nor any other recognized
+protocol in either case.
+
 
 * Why does the OpenSSL compilation fail with "ar: command not found"?
 
@@ -788,9 +792,20 @@ that is allocated when an application starts up. Since such tables do not grow
 in size over time they are harmless.
 
 These internal tables can be freed up when an application closes using various
-functions.  Currently these include: EVP_cleanup(), ERR_remove_state(),
-ERR_free_strings(), ENGINE_cleanup(), CONF_modules_unload() and
-CRYPTO_cleanup_all_ex_data().
+functions.  Currently these include following:
+
+Thread-local cleanup functions:
+
+  ERR_remove_state()
+
+Application-global cleanup functions that are aware of usage (and therefore
+thread-safe):
+
+  ENGINE_cleanup() and CONF_modules_unload()
+
+"Brutal" (thread-unsafe) Application-global cleanup functions:
+
+  ERR_free_strings(), EVP_cleanup() and CRYPTO_cleanup_all_ex_data().
 
 
 ===============================================================================

INSTALL.DJGPP

@@ -3,32 +3,45 @@
  INSTALLATION ON THE DOS PLATFORM WITH DJGPP
  -------------------------------------------
 
- Openssl has been ported to DOS, but only with long filename support. If
- you wish to compile on native DOS with 8+3 filenames, you will have to
- tweak the installation yourself, including renaming files with illegal
- or duplicate names.
+ OpenSSL has been ported to DJGPP, a Unix look-alike 32-bit run-time
+ environment for 16-bit DOS, but only with long filename support.
+ If you wish to compile on native DOS with 8+3 filenames, you will
+ have to tweak the installation yourself, including renaming files
+ with illegal or duplicate names.
 
  You should have a full DJGPP environment installed, including the
  latest versions of DJGPP, GCC, BINUTILS, BASH, etc. This package
  requires that PERL and BC also be installed.
 
- All of these can be obtained from the usual DJGPP mirror sites, such
- as "ftp://ftp.simtel.net/pub/simtelnet/gnu/djgpp". You also need to
- have the WATT-32 networking package installed before you try to compile
- openssl. This can be obtained from "http://www.bgnett.no/~giva/".
+ All of these can be obtained from the usual DJGPP mirror sites or
+ directly at "http://www.delorie.com/pub/djgpp". For help on which
+ files to download, see the DJGPP "ZIP PICKER" page at
+ "http://www.delorie.com/djgpp/zip-picker.html". You also need to have
+ the WATT-32 networking package installed before you try to compile
+ OpenSSL. This can be obtained from "http://www.bgnett.no/~giva/".
  The Makefile assumes that the WATT-32 code is in the directory
  specified by the environment variable WATT_ROOT. If you have watt-32
  in directory "watt32" under your main DJGPP directory, specify
  WATT_ROOT="/dev/env/DJDIR/watt32".
 
- To compile openssl, start your BASH shell. Then configure for DOS by
- running "./Configure" with appropriate arguments. The basic syntax for
- DOS is:
- ./Configure no-threads --prefix=/dev/env/DJDIR DJGPP
- 
- You may run out of DPMI selectors when running in a DOS box under
- Windows. If so, just close the BASH shell, go back to Windows, and
- restart BASH. Then run "make" again.
+ To compile OpenSSL, start your BASH shell, then configure for DJGPP by
+ running "./Configure" with appropriate arguments:
 
- Building openssl under DJGPP has been tested with DJGPP 2.03,
- GCC 2.952, GCC 2.953, perl 5.005_02 and perl 5.006_01.
+	./Configure no-threads --prefix=/dev/env/DJDIR DJGPP
+ 
+ And finally fire up "make". You may run out of DPMI selectors when
+ running in a DOS box under Windows. If so, just close the BASH
+ shell, go back to Windows, and restart BASH. Then run "make" again.
+
+ RUN-TIME CAVEAT LECTOR
+ --------------
+
+ Quoting FAQ:
+
+  "Cryptographic software needs a source of unpredictable data to work
+   correctly.  Many open source operating systems provide a "randomness
+   device" (/dev/urandom or /dev/random) that serves this purpose."
+
+ As of version 0.9.7f DJGPP port checks upon /dev/urandom$ for a 3rd
+ party "randomness" DOS driver. One such driver, NOISE.SYS, can be
+ obtained from "http://www.rahul.net/dkaufman/index.html".

Makefile.org

@@ -227,7 +227,7 @@ all: Makefile sub_all openssl.pc
 
 sigs:	$(SIGS)
 libcrypto.a.sha1: libcrypto.a
-	if egrep 'define OPENSSL_FIPS' $(TOP)/include/openssl/opensslconf.h > /dev/null; then \
+	@if egrep 'define OPENSSL_FIPS' $(TOP)/include/openssl/opensslconf.h > /dev/null; then \
 		$(RANLIB) libcrypto.a; \
 		fips/sha1/fips_standalone_sha1 libcrypto.a > libcrypto.a.sha1; \
 	fi
@@ -334,11 +334,18 @@ do_cygwin-shared:
 	if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \
 		libs="$(LIBKRB5) $$libs"; \
 	fi; \
-	( set -x; ${CC}  -shared -o cyg$$i-$(SHLIB_VERSION_NUMBER).dll \
+	shlib=cyg$${i}-$(SHLIB_VERSION_NUMBER).dll; \
+	[ "$(PLATFORM)" = "mingw" ] && shlib=$${i}eay32.dll; \
+	[ -f apps/$$shlib ] && rm apps/$$shlib; \
+	[ -f test/$$shlib ] && rm test/$$shlib; \
+	base=;  [ $$i = "crypto" ] && base=-Wl,--image-base,0xFE00000; \
+	( set -x; ${CC} ${SHARED_LDFLAGS} \
+		-shared $$base -o $$shlib \
 		-Wl,-Bsymbolic \
 		-Wl,--whole-archive lib$$i.a \
 		-Wl,--out-implib,lib$$i.dll.a \
-		-Wl,--no-whole-archive $$libs ) || exit 1; \
+		-Wl,--no-whole-archive $$libs ${EX_LIBS} ) || exit 1; \
+	cp -p $$shlib apps/; cp -p $$shlib test/; \
 	libs="-l$$i $$libs"; \
 	done
 
@@ -479,8 +486,8 @@ do_irix-shared:
 		if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \
 			libs="$(LIBKRB5) $$libs"; \
 		fi; \
-		( WHOLELIB="-all lib$$i.a -notall"; \
-		  (${CC} -v 2>&1 | grep gcc) > /dev/null && WHOLELIB="-Wl,-all,lib$$i.a,-notall"; \
+		( WHOLELIB="-all lib$$i.a -none"; \
+		  (${CC} -v 2>&1 | grep gcc) > /dev/null && WHOLELIB="-Wl,-all,lib$$i.a,-none"; \
 		  set -x; ${CC} ${SHARED_LDFLAGS} \
 			-shared -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
 			-Wl,-soname,lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
@@ -505,13 +512,18 @@ do_hpux-shared:
 	if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \
 		libs="$(LIBKRB5) $$libs"; \
 	fi; \
+	if expr $(PLATFORM) : '.*ia64' > /dev/null; then \
+		shlib=lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR}; \
+	else \
+		shlib=lib$$i.sl.${SHLIB_MAJOR}.${SHLIB_MINOR}; \
+	fi; \
+	[ -f $$shlib ] && rm -f $$shlib; \
 	( set -x; /usr/ccs/bin/ld ${SHARED_LDFLAGS} \
 		+vnocompatwarnings \
 		-b -z +s \
-		-o lib$$i.sl.${SHLIB_MAJOR}.${SHLIB_MINOR} \
-		+h lib$$i.sl.${SHLIB_MAJOR}.${SHLIB_MINOR} \
+		-o $$shlib +h $$shlib \
 		-Fl lib$$i.a -ldld -lc ) || exit 1; \
-	chmod a=rx lib$$i.sl.${SHLIB_MAJOR}.${SHLIB_MINOR}; \
+	chmod a=rx $$shlib; \
 	done
 
 # This assumes that GNU utilities are *not* used
@@ -528,12 +540,17 @@ do_hpux64-shared:
 	if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \
 		libs="$(LIBKRB5) $$libs"; \
 	fi; \
+	if expr $(PLATFORM) : '.*ia64' > /dev/null; then \
+		shlib=lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR}; \
+	else \
+		shlib=lib$$i.sl.${SHLIB_MAJOR}.${SHLIB_MINOR}; \
+	fi; \
+	[ -f $$shlib ] && rm -f $$shlib; \
 	( set -x; /usr/ccs/bin/ld ${SHARED_LDFLAGS} \
 		-b -z \
-		-o lib$$i.sl.${SHLIB_MAJOR}.${SHLIB_MINOR} \
-		+h lib$$i.sl.${SHLIB_MAJOR}.${SHLIB_MINOR} \
+		-o $$shlib +h $$shlib \
 		+forceload lib$$i.a -ldl -lc ) || exit 1; \
-	chmod a=rx lib$$i.sl.${SHLIB_MAJOR}.${SHLIB_MINOR}; \
+	chmod a=rx $$shlib; \
 	done
 
 # The following method is said to work on all platforms.  Tests will
@@ -629,7 +646,7 @@ clean:	libclean
 	do \
 	if [ -d "$$i" ]; then \
 		(cd $$i && echo "making clean in $$i..." && \
-		$(MAKE) SDIRS='${SDIRS}' clean ) || exit 1; \
+		$(MAKE) EXE_EXT='${EXE_EXT}' SDIRS='${SDIRS}' clean ) || exit 1; \
 		rm -f $(LIBS); \
 	fi; \
 	done;
@@ -681,20 +698,9 @@ dclean:
 
 rehash: rehash.time
 rehash.time: certs
-	@(OPENSSL="`pwd`/apps/openssl$(EXE_EXT)"; OPENSSL_DEBUG_MEMORY=on; \
+	@(OPENSSL="`pwd`/util/opensslwrap.sh"; \
+	  OPENSSL_DEBUG_MEMORY=on; \
 	  export OPENSSL OPENSSL_DEBUG_MEMORY; \
-	  if [ -n "$(SHARED_LIBS)" ]; then \
-	    LD_LIBRARY_PATH="`pwd`:$$LD_LIBRARY_PATH"; \
-	    DYLD_LIBRARY_PATH="`pwd`:$$DYLD_LIBRARY_PATH"; \
-	    SHLIB_PATH="`pwd`:$$SHLIB_PATH"; \
-	    LIBPATH="`pwd`:$$LIBPATH"; \
-	    if [ "$(PLATFORM)" = "Cygwin" ]; then \
-	      PATH="`pwd`:$$PATH"; \
-	    fi; \
-	    LD_PRELOAD="`pwd`/libssl.so `pwd`/libcrypto.so"; \
-	    export LD_LIBRARY_PATH DYLD_LIBRARY_PATH SHLIB_PATH LIBPATH PATH; \
-	    export LD_PRELOAD; \
-	  fi; \
 	  $(PERL) tools/c_rehash certs)
 	touch rehash.time
 
@@ -703,17 +709,7 @@ test:   tests
 tests: rehash
 	@(cd test && echo "testing..." && \
 	$(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' FIPS_DES_ENC='${FIPS_DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' FIPS_SHA1_ASM_OBJ='${FIPS_SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' TESTS='${TESTS}' KRB5_INCLUDES='${KRB5_INCLUDES}' LIBKRB5='${LIBKRB5}' EXE_EXT='${EXE_EXT}' SHARED_LIBS='${SHARED_LIBS}' SHLIB_EXT='${SHLIB_EXT}' SHLIB_TARGET='${SHLIB_TARGET}' TESTS='${TESTS}' OPENSSL_DEBUG_MEMORY=on tests );
-	@if [ -n "$(SHARED_LIBS)" ]; then \
-	  LD_LIBRARY_PATH="`pwd`:$$LD_LIBRARY_PATH"; \
-	  DYLD_LIBRARY_PATH="`pwd`:$$DYLD_LIBRARY_PATH"; \
-	  SHLIB_PATH="`pwd`:$$SHLIB_PATH"; \
-	  LIBPATH="`pwd`:$$LIBPATH"; \
-	  if [ "$(PLATFORM)" = "Cygwin" ]; then PATH="`pwd`:$$PATH"; fi; \
-	  LD_PRELOAD="`pwd`/libssl.so `pwd`/libcrypto.so"; \
-	  export LD_LIBRARY_PATH DYLD_LIBRARY_PATH SHLIB_PATH LIBPATH PATH; \
-	  export LD_PRELOAD; \
-	fi; \
-	apps/openssl version -a
+	util/shlib_wrap.sh apps/openssl version -a
 
 report:
 	@$(PERL) util/selftest.pl
@@ -891,7 +887,7 @@ install_docs:
 	@pod2man="`cd util; ./pod2mantest $(PERL)`"; \
 	here="`pwd`"; \
 	filecase=; \
-	if [ "$(PLATFORM)" = "DJGPP" -o "$(PLATFORM)" = "Cygwin" ]; then \
+	if [ "$(PLATFORM)" = "DJGPP" -o "$(PLATFORM)" = "Cygwin" -o "$(PLATFORM)" = "mingw" ]; then \
 		filecase=-i; \
 	fi; \
 	for i in doc/apps/*.pod; do \

NEWS

@@ -5,6 +5,23 @@
   This file gives a brief overview of the major changes between each OpenSSL
   release. For more details please read the CHANGES file.
 
+  Major changes between OpenSSL 0.9.7f and OpenSSL 0.9.7g:
+
+      o More compilation issues fixed.
+      o Adaptation to more modern Kerberos API.
+      o Enhanced or corrected configuration for Solaris64, Mingw and Cygwin.
+      o Enhanced x86_64 assembler BIGNUM module.
+      o More constification.
+      o Added processing of proxy certificates (RFC 3820).
+
+  Major changes between OpenSSL 0.9.7e and OpenSSL 0.9.7f:
+
+      o Several compilation issues fixed.
+      o Many memory allocation failure checks added.
+      o Improved comparison of X509 Name type.
+      o Mandatory basic checks on certificates.
+      o Performance improvements.
+
   Major changes between OpenSSL 0.9.7d and OpenSSL 0.9.7e:
 
       o Fix race condition in CRL checking code.

README

@@ -1,7 +1,7 @@
 
- OpenSSL 0.9.7e 25 Oct 2004
+ OpenSSL 0.9.7g 11 April 2005
 
- Copyright (c) 1998-2004 The OpenSSL Project
+ Copyright (c) 1998-2005 The OpenSSL Project
  Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
  All rights reserved.
 

STATUS

@@ -1,10 +1,13 @@
 
   OpenSSL STATUS                           Last modified at
-  ______________                           $Date: 2004/03/17 12:01:16 $
+  ______________                           $Date: 2005/04/11 15:10:06 $
 
   DEVELOPMENT STATE
 
     o  OpenSSL 0.9.8:  Under development...
+    o  OpenSSL 0.9.7g: Released on April     11th, 2005
+    o  OpenSSL 0.9.7f: Released on March     22nd, 2005
+    o  OpenSSL 0.9.7e: Released on October   25th, 2004
     o  OpenSSL 0.9.7d: Released on March     17th, 2004
     o  OpenSSL 0.9.7c: Released on September 30th, 2003
     o  OpenSSL 0.9.7b: Released on April     10th, 2003

TABLE

@@ -92,9 +92,9 @@ $cast_obj     = asm/cx86-out.o
 $rc4_obj      = asm/rx86-out.o
 $rmd160_obj   = asm/rm86-out.o
 $rc5_obj      = asm/r586-out.o
-$dso_scheme   = win32
+$dso_scheme   = dlfcn
 $shared_target= cygwin-shared
-$shared_cflag = 
+$shared_cflag = -D_WINDLL
 $shared_ldflag = 
 $shared_extension = .dll
 $ranlib       = 
@@ -127,7 +127,7 @@ $arflags      =
 
 *** DJGPP
 $cc           = gcc
-$cflags       = -I/dev/env/WATT_ROOT/inc -DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O2 -Wall
+$cflags       = -I/dev/env/WATT_ROOT/inc -DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O2 -Wall -DDEVRANDOM="/dev/urandom\x24"
 $unistd       = 
 $thread_cflag = 
 $sys_id       = MSDOS
@@ -2346,7 +2346,7 @@ $dso_scheme   = dlfcn
 $shared_target= hpux-shared
 $shared_cflag = +Z
 $shared_ldflag = 
-$shared_extension = .sl.$(SHLIB_MAJOR).$(SHLIB_MINOR)
+$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
 $ranlib       = 
 $arflags      = 
 
@@ -2621,7 +2621,7 @@ $dso_scheme   = dlfcn
 $shared_target= hpux64-shared
 $shared_cflag = +Z
 $shared_ldflag = 
-$shared_extension = .sl.$(SHLIB_MAJOR).$(SHLIB_MINOR)
+$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
 $ranlib       = 
 $arflags      = 
 
@@ -3052,7 +3052,7 @@ $arflags      =
 
 *** linux-elf-arm
 $cc           = gcc
-$cflags       = -DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall
+$cflags       = -DTERMIO -O3 -fomit-frame-pointer -Wall
 $unistd       = 
 $thread_cflag = -D_REENTRANT
 $sys_id       = 
@@ -3556,7 +3556,7 @@ $cflags       = -DL_ENDIAN -fomit-frame-pointer -O3 -march=i486 -mno-cygwin -Wal
 $unistd       = 
 $thread_cflag = 
 $sys_id       = MINGW32
-$lflags       = -mno-cygwin -lwsock32 -lgdi32
+$lflags       = -lwsock32 -lgdi32
 $bn_ops       = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT
 $bn_obj       = asm/bn86-out.o asm/co86-out.o
 $des_obj      = asm/dx86-out.o asm/yx86-out.o
@@ -3568,9 +3568,9 @@ $rc4_obj      = asm/rx86-out.o
 $rmd160_obj   = asm/rm86-out.o
 $rc5_obj      = asm/r586-out.o
 $dso_scheme   = win32
-$shared_target= 
-$shared_cflag = 
-$shared_ldflag = 
+$shared_target= cygwin-shared
+$shared_cflag = -D_WINDLL
+$shared_ldflag = -mno-cygwin
 $shared_extension = .dll
 $ranlib       = 
 $arflags      = 
@@ -4175,6 +4175,56 @@ $shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
 $ranlib       = 
 $arflags      = 
 
+*** solaris64-x86_64-cc
+$cc           = cc
+$cflags       = -fast -xarch=amd64 -xstrconst -Xa -DL_ENDIAN
+$unistd       = 
+$thread_cflag = -D_REENTRANT
+$sys_id       = 
+$lflags       = -lsocket -lnsl -ldl
+$bn_ops       = SIXTY_FOUR_BIT_LONG RC4_CHUNK BF_PTR2 DES_INT DES_UNROLL
+$bn_obj       = 
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = 
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = dlfcn
+$shared_target= solaris-shared
+$shared_cflag = -KPIC
+$shared_ldflag = -xarch=amd64
+$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
+$ranlib       = 
+$arflags      = 
+
+*** solaris64-x86_64-gcc
+$cc           = gcc
+$cflags       = -m64 -O3 -Wall -DL_ENDIAN -DMD32_REG_T=int
+$unistd       = 
+$thread_cflag = -D_REENTRANT
+$sys_id       = 
+$lflags       = -lsocket -lnsl -ldl
+$bn_ops       = SIXTY_FOUR_BIT_LONG RC4_CHUNK BF_PTR2 DES_INT DES_UNROLL
+$bn_obj       = asm/x86_64-gcc.o
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = 
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = asm/rc4-amd64.o
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = dlfcn
+$shared_target= solaris-shared
+$shared_cflag = -fPIC
+$shared_ldflag = -m64 -shared -static-libgcc
+$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
+$ranlib       = 
+$arflags      = 
+
 *** sunos-gcc
 $cc           = gcc
 $cflags       = -O3 -mv8 -Dssize_t=int

apps/.cvsignore

@@ -4,3 +4,5 @@ der_chop
 der_chop.bak
 CA.pl
 openssl.sha1
+*.flc
+semantic.cache

apps/CA.pl.in

@@ -36,13 +36,21 @@
 # default openssl.cnf file has setup as per the following
 # demoCA ... where everything is stored
 
+my $openssl;
+if(defined $ENV{OPENSSL}) {
+	$openssl = $ENV{OPENSSL};
+} else {
+	$openssl = "openssl";
+	$ENV{OPENSSL} = $openssl;
+}
+
 $SSLEAY_CONFIG=$ENV{"SSLEAY_CONFIG"};
 $DAYS="-days 365";
-$REQ="openssl req $SSLEAY_CONFIG";
-$CA="openssl ca $SSLEAY_CONFIG";
-$VERIFY="openssl verify";
-$X509="openssl x509";
-$PKCS12="openssl pkcs12";
+$REQ="$openssl req $SSLEAY_CONFIG";
+$CA="$openssl ca $SSLEAY_CONFIG";
+$VERIFY="$openssl verify";
+$X509="$openssl x509";
+$PKCS12="$openssl pkcs12";
 
 $CATOP="./demoCA";
 $CAKEY="cakey.pem";

apps/CA.sh

@@ -30,11 +30,13 @@
 # default openssl.cnf file has setup as per the following
 # demoCA ... where everything is stored
 
+if [ -z "$OPENSSL" ]; then OPENSSL=openssl; fi
+
 DAYS="-days 365"
-REQ="openssl req $SSLEAY_CONFIG"
-CA="openssl ca $SSLEAY_CONFIG"
-VERIFY="openssl verify"
-X509="openssl x509"
+REQ="$OPENSSL req $SSLEAY_CONFIG"
+CA="$OPENSSL ca $SSLEAY_CONFIG"
+VERIFY="$OPENSSL verify"
+X509="$OPENSSL x509"
 
 CATOP=./demoCA
 CAKEY=./cakey.pem

apps/Makefile

@@ -144,28 +144,18 @@ $(DLIBCRYPTO):
 $(EXE): progs.h $(E_OBJ) $(PROGRAM).o $(DLIBCRYPTO) $(DLIBSSL)
 	$(RM) $(EXE)
 	if [ "$(SHLIB_TARGET)" = "hpux-shared" -o "$(SHLIB_TARGET)" = "darwin-shared" ] ; then \
-	  $(CC) -o $(EXE) $(CFLAGS) $(PROGRAM).o $(E_OBJ) $(PEX_LIBS) $(DLIBSSL) $(LIBKRB5) $(DLIBCRYPTO) $(EX_LIBS) ; \
+	  set -x; $${CC:-$(CC)} -o $(EXE) $(CFLAGS) $(PROGRAM).o $(E_OBJ) $(PEX_LIBS) $(DLIBSSL) $(LIBKRB5) $(DLIBCRYPTO) $(EX_LIBS) ; \
+	elif [ -z "$(SHARED_LIBS)" ]; then \
+	  set -x; $${CC:-$(CC)} -o $(EXE) $(CFLAGS) $(PROGRAM).o $(E_OBJ) $(PEX_LIBS) $(LIBSSL) $(LIBKRB5) $(LIBCRYPTO) $(EX_LIBS) ; \
 	else \
-	  LD_LIBRARY_PATH=..:$$LD_LIBRARY_PATH \
+	  set -x; LD_LIBRARY_PATH=..:$$LD_LIBRARY_PATH \
 	  $(CC) -o $(EXE) $(CFLAGS) $(PROGRAM).o $(E_OBJ) $(PEX_LIBS) $(LIBSSL) $(LIBKRB5) $(LIBCRYPTO) $(EX_LIBS) ; \
 	fi
 	if egrep 'define OPENSSL_FIPS' $(TOP)/include/openssl/opensslconf.h > /dev/null; then \
 		TOP=$(TOP) $(TOP)/fips/openssl_fips_fingerprint $(TOP)/libcrypto.a $(EXE); \
 	fi
 	-(cd ..; \
-	  OPENSSL="`pwd`/apps/$(EXE)"; export OPENSSL; \
-	  if [ -n "$(SHARED_LIBS)" ]; then \
-	    LD_LIBRARY_PATH="`pwd`:$$LD_LIBRARY_PATH"; \
-	    DYLD_LIBRARY_PATH="`pwd`:$$DYLD_LIBRARY_PATH"; \
-	    SHLIB_PATH="`pwd`:$$SHLIB_PATH"; \
-	    LIBPATH="`pwd`:$$LIBPATH"; \
-	    if [ "$(PLATFORM)" = "Cygwin" ]; then \
-	      PATH="`pwd`:$$PATH"; \
-	    fi; \
-	    LD_PRELOAD="`pwd`/libssl.so `pwd`/libcrypto.so"; \
-	    export LD_LIBRARY_PATH DYLD_LIBRARY_PATH SHLIB_PATH LIBPATH PATH; \
-	    export LD_PRELOAD; \
-	  fi; \
+	  OPENSSL="`pwd`/util/opensslwrap.sh"; export OPENSSL; \
 	  $(PERL) tools/c_rehash certs)
 
 progs.h: progs.pl

apps/apps.c

@@ -330,22 +330,6 @@ void program_name(char *in, char *out, int size)
 #endif
 #endif
 
-#ifdef OPENSSL_SYS_VMS
-int VMS_strcasecmp(const char *str1, const char *str2)
-	{
-	while (*str1 && *str2)
-		{
-		int res = toupper(*str1) - toupper(*str2);
-		if (res) return res < 0 ? -1 : 1;
-		}
-	if (*str1)
-		return 1;
-	if (*str2)
-		return -1;
-	return 0;
-	}
-#endif
-
 int chopup_args(ARGS *arg, char *buf, int *argc, char **argv[])
 	{
 	int num,len,i;
@@ -691,6 +675,51 @@ int add_oid_section(BIO *err, CONF *conf)
 	return 1;
 }
 
+static int load_pkcs12(BIO *err, BIO *in, const char *desc,
+		pem_password_cb *pem_cb,  void *cb_data,
+		EVP_PKEY **pkey, X509 **cert, STACK_OF(X509) **ca)
+	{
+ 	const char *pass;
+	char tpass[PEM_BUFSIZE];
+	int len, ret = 0;
+	PKCS12 *p12;
+	p12 = d2i_PKCS12_bio(in, NULL);
+	if (p12 == NULL)
+		{
+		BIO_printf(err, "Error loading PKCS12 file for %s\n", desc);	
+		goto die;
+		}
+	/* See if an empty password will do */
+	if (PKCS12_verify_mac(p12, "", 0) || PKCS12_verify_mac(p12, NULL, 0))
+		pass = "";
+	else
+		{
+		if (!pem_cb)
+			pem_cb = (pem_password_cb *)password_callback;
+		len = pem_cb(tpass, PEM_BUFSIZE, 0, cb_data);
+		if (len < 0) 
+			{
+			BIO_printf(err, "Passpharse callback error for %s\n",
+					desc);
+			goto die;
+			}
+		if (len < PEM_BUFSIZE)
+			tpass[len] = 0;
+		if (!PKCS12_verify_mac(p12, tpass, len))
+			{
+			BIO_printf(err,
+	"Mac verify error (wrong password?) in PKCS12 file for %s\n", desc);	
+			goto die;
+			}
+		pass = tpass;
+		}
+	ret = PKCS12_parse(p12, pass, pkey, cert, ca);
+	die:
+	if (p12)
+		PKCS12_free(p12);
+	return ret;
+	}
+
 X509 *load_cert(BIO *err, const char *file, int format,
 	const char *pass, ENGINE *e, const char *cert_descrip)
 	{
@@ -771,11 +800,9 @@ X509 *load_cert(BIO *err, const char *file, int format,
 			(pem_password_cb *)password_callback, NULL);
 	else if (format == FORMAT_PKCS12)
 		{
-		PKCS12 *p12 = d2i_PKCS12_bio(cert, NULL);
-
-		PKCS12_parse(p12, NULL, NULL, &x, NULL);
-		PKCS12_free(p12);
-		p12 = NULL;
+		if (!load_pkcs12(err, cert,cert_descrip, NULL, NULL,
+					NULL, &x, NULL))
+			goto end;
 		}
 	else	{
 		BIO_printf(err,"bad input format specified for %s\n",
@@ -854,11 +881,10 @@ EVP_PKEY *load_key(BIO *err, const char *file, int format, int maybe_stdin,
 #endif
 	else if (format == FORMAT_PKCS12)
 		{
-		PKCS12 *p12 = d2i_PKCS12_bio(key, NULL);
-
-		PKCS12_parse(p12, pass, &pkey, NULL, NULL);
-		PKCS12_free(p12);
-		p12 = NULL;
+		if (!load_pkcs12(err, key, key_descrip,
+				(pem_password_cb *)password_callback, &cb_data,
+				&pkey, NULL, NULL))
+			goto end;
 		}
 	else
 		{

apps/dgst.c

@@ -78,7 +78,7 @@ static HMAC_CTX hmac_ctx;
 
 int do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout,
 	  EVP_PKEY *key, unsigned char *sigin, int siglen, const char *title,
-	  const char *file,BIO *bmd,const char *hmac_key);
+	  const char *file,BIO *bmd,const char *hmac_key, int non_fips_allow);
 
 int MAIN(int, char **);
 
@@ -108,6 +108,7 @@ int MAIN(int argc, char **argv)
 	char *engine=NULL;
 #endif
 	char *hmac_key=NULL;
+	int non_fips_allow = 0;
 
 	apps_startup();
 
@@ -192,6 +193,8 @@ int MAIN(int argc, char **argv)
 			out_bin = 1;
 		else if (strcmp(*argv,"-d") == 0)
 			debug=1;
+		else if (strcmp(*argv,"-non-fips-allow") == 0)
+			non_fips_allow=1;
 		else if (!strcmp(*argv,"-hmac"))
 			{
 			if (--argc < 1)
@@ -342,10 +345,18 @@ int MAIN(int argc, char **argv)
 		}
 	}
 
+	if (non_fips_allow)
+		{
+		EVP_MD_CTX *md_ctx;
+		BIO_get_md_ctx(bmd,&md_ctx);
+		EVP_MD_CTX_set_flags(md_ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
+		}
+
 	/* we use md as a filter, reading from 'in' */
 	if (!BIO_set_md(bmd,md))
 		{
-		BIO_printf(bio_err, "Error setting digest %s\n", pname);
+		BIO_printf(bio_err, "Error setting digest %s\n",
+							EVP_MD_name(md));
 		ERR_print_errors(bio_err);
 		goto end;
 		}
@@ -356,7 +367,7 @@ int MAIN(int argc, char **argv)
 		{
 		BIO_set_fp(in,stdin,BIO_NOCLOSE);
 		err=do_fp(out, buf,inp,separator, out_bin, sigkey, sigbuf,
-			  siglen,"","(stdin)",bmd,hmac_key);
+			  siglen,"","(stdin)",bmd,hmac_key, non_fips_allow);
 		}
 	else
 		{
@@ -382,7 +393,7 @@ int MAIN(int argc, char **argv)
 			else
 				tmp="";
 			r=do_fp(out,buf,inp,separator,out_bin,sigkey,sigbuf,
-				siglen,tmp,argv[i],bmd,hmac_key);
+				siglen,tmp,argv[i],bmd,hmac_key,non_fips_allow);
 			if(r)
 			    err=r;
 			if(tofree)
@@ -409,7 +420,7 @@ end:
 
 int do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout,
 	  EVP_PKEY *key, unsigned char *sigin, int siglen, const char *title,
-	  const char *file,BIO *bmd,const char *hmac_key)
+	  const char *file,BIO *bmd,const char *hmac_key, int non_fips_allow)
 	{
 	unsigned int len;
 	int i;
@@ -420,7 +431,11 @@ int do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout,
 		EVP_MD *md;
 
 		BIO_get_md(bmd,&md);
-		HMAC_Init(&hmac_ctx,hmac_key,strlen(hmac_key),md);
+		HMAC_CTX_init(&hmac_ctx);
+		if (non_fips_allow)
+			HMAC_CTX_set_flags(&hmac_ctx,
+					EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
+		HMAC_Init_ex(&hmac_ctx,hmac_key,strlen(hmac_key),md, NULL);
 		BIO_get_md_ctx(bmd,&md_ctx);
 		BIO_set_md_ctx(bmd,&hmac_ctx.md_ctx);
 		}

apps/enc.c

@@ -118,6 +118,7 @@ int MAIN(int argc, char **argv)
 	int enc=1,printkey=0,i,base64=0;
 	int debug=0,olb64=0,nosalt=0;
 	const EVP_CIPHER *cipher=NULL,*c;
+	EVP_CIPHER_CTX *ctx = NULL;
 	char *inf=NULL,*outf=NULL;
 	BIO *in=NULL,*out=NULL,*b64=NULL,*benc=NULL,*rbio=NULL,*wbio=NULL;
 #define PROG_NAME_SIZE  39
@@ -126,6 +127,7 @@ int MAIN(int argc, char **argv)
 	char *engine = NULL;
 #endif
 	const EVP_MD *dgst=NULL;
+	int non_fips_allow = 0;
 
 	apps_startup();
 
@@ -260,6 +262,8 @@ int MAIN(int argc, char **argv)
 			if (--argc < 1) goto bad;
 			md= *(++argv);
 			}
+		else if (strcmp(*argv,"-non-fips-allow") == 0)
+			non_fips_allow = 1;
 		else if	((argv[0][0] == '-') &&
 			((c=EVP_get_cipherbyname(&(argv[0][1]))) != NULL))
 			{
@@ -539,13 +543,43 @@ bad:
 
 		if ((benc=BIO_new(BIO_f_cipher())) == NULL)
 			goto end;
-		BIO_set_cipher(benc,cipher,key,iv,enc);
-		if (nopad)
+
+		/* Since we may be changing parameters work on the encryption
+		 * context rather than calling BIO_set_cipher().
+		 */
+
+		BIO_get_cipher_ctx(benc, &ctx);
+		if (!EVP_CipherInit_ex(ctx, cipher, NULL, NULL, NULL, enc))
 			{
-			EVP_CIPHER_CTX *ctx;
-			BIO_get_cipher_ctx(benc, &ctx);
-			EVP_CIPHER_CTX_set_padding(ctx, 0);
+			BIO_printf(bio_err, "Error setting cipher %s\n",
+					EVP_CIPHER_name(cipher));
+			ERR_print_errors(bio_err);
+			goto end;
 			}
+
+		if (non_fips_allow)
+			EVP_CIPHER_CTX_set_flags(ctx,
+				EVP_CIPH_FLAG_NON_FIPS_ALLOW);
+
+		if (!EVP_CipherInit_ex(ctx, NULL, NULL, key, iv, enc))
+			{
+			BIO_printf(bio_err, "Error setting cipher %s\n",
+					EVP_CIPHER_name(cipher));
+			ERR_print_errors(bio_err);
+			goto end;
+			}
+
+		if (nopad)
+			EVP_CIPHER_CTX_set_padding(ctx, 0);
+
+		if (!EVP_CipherInit_ex(ctx, NULL, NULL, key, iv, enc))
+			{
+			BIO_printf(bio_err, "Error setting cipher %s\n",
+					EVP_CIPHER_name(cipher));
+			ERR_print_errors(bio_err);
+			goto end;
+			}
+
 		if (debug)
 			{
 			BIO_set_callback(benc,BIO_debug_callback);

apps/openssl-vms.cnf

@@ -258,3 +258,56 @@ basicConstraints = CA:true
 
 # issuerAltName=issuer:copy
 authorityKeyIdentifier=keyid:always,issuer:always
+
+[ proxy_cert_ext ]
+# These extensions should be added when creating a proxy certificate
+
+# This goes against PKIX guidelines but some CAs do it and some software
+# requires this to avoid interpreting an end user certificate as a CA.
+
+basicConstraints=CA:FALSE
+
+# Here are some examples of the usage of nsCertType. If it is omitted
+# the certificate can be used for anything *except* object signing.
+
+# This is OK for an SSL server.
+# nsCertType			= server
+
+# For an object signing certificate this would be used.
+# nsCertType = objsign
+
+# For normal client use this is typical
+# nsCertType = client, email
+
+# and for everything including object signing:
+# nsCertType = client, email, objsign
+
+# This is typical in keyUsage for a client certificate.
+# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+# This will be displayed in Netscape's comment listbox.
+nsComment			= "OpenSSL Generated Certificate"
+
+# PKIX recommendations harmless if included in all certificates.
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer:always
+
+# This stuff is for subjectAltName and issuerAltname.
+# Import the email address.
+# subjectAltName=email:copy
+# An alternative to produce certificates that aren't
+# deprecated according to PKIX.
+# subjectAltName=email:move
+
+# Copy subject details
+# issuerAltName=issuer:copy
+
+#nsCaRevocationUrl		= http://www.domain.dom/ca-crl.pem
+#nsBaseUrl
+#nsRevocationUrl
+#nsRenewalUrl
+#nsCaPolicyUrl
+#nsSslServerName
+
+# This really needs to be in place for it to be a proxy certificate.
+proxyCertInfo=critical,language:id-ppl-anyLanguage,pathlen:3,policy:foo

apps/openssl.c

@@ -247,7 +247,7 @@ int main(int Argc, char *Argv[])
 		if (!FIPS_mode_set(1,p)) {
 			ERR_load_crypto_strings();
 			ERR_print_errors(BIO_new_fp(stderr,BIO_NOCLOSE));
-			exit(1);
+			EXIT(1);
 		}
 		in_FIPS_mode = 1;
 		if (getenv("OPENSSL_FIPS_MD5"))

apps/openssl.cnf

@@ -258,3 +258,56 @@ basicConstraints = CA:true
 
 # issuerAltName=issuer:copy
 authorityKeyIdentifier=keyid:always,issuer:always
+
+[ proxy_cert_ext ]
+# These extensions should be added when creating a proxy certificate
+
+# This goes against PKIX guidelines but some CAs do it and some software
+# requires this to avoid interpreting an end user certificate as a CA.
+
+basicConstraints=CA:FALSE
+
+# Here are some examples of the usage of nsCertType. If it is omitted
+# the certificate can be used for anything *except* object signing.
+
+# This is OK for an SSL server.
+# nsCertType			= server
+
+# For an object signing certificate this would be used.
+# nsCertType = objsign
+
+# For normal client use this is typical
+# nsCertType = client, email
+
+# and for everything including object signing:
+# nsCertType = client, email, objsign
+
+# This is typical in keyUsage for a client certificate.
+# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+# This will be displayed in Netscape's comment listbox.
+nsComment			= "OpenSSL Generated Certificate"
+
+# PKIX recommendations harmless if included in all certificates.
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer:always
+
+# This stuff is for subjectAltName and issuerAltname.
+# Import the email address.
+# subjectAltName=email:copy
+# An alternative to produce certificates that aren't
+# deprecated according to PKIX.
+# subjectAltName=email:move
+
+# Copy subject details
+# issuerAltName=issuer:copy
+
+#nsCaRevocationUrl		= http://www.domain.dom/ca-crl.pem
+#nsBaseUrl
+#nsRevocationUrl
+#nsRenewalUrl
+#nsCaPolicyUrl
+#nsSslServerName
+
+# This really needs to be in place for it to be a proxy certificate.
+proxyCertInfo=critical,language:id-ppl-anyLanguage,pathlen:3,policy:foo

apps/pkcs12.c

@@ -109,7 +109,7 @@ int MAIN(int argc, char **argv)
     int maciter = PKCS12_DEFAULT_ITER;
     int twopass = 0;
     int keytype = 0;
-    int cert_pbe = NID_pbe_WithSHA1And40BitRC2_CBC;
+    int cert_pbe;
     int key_pbe = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;
     int ret = 1;
     int macver = 1;
@@ -126,6 +126,13 @@ int MAIN(int argc, char **argv)
 
     apps_startup();
 
+#ifdef OPENSSL_FIPS
+    if (FIPS_mode())
+	cert_pbe = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;
+    else
+#endif
+    cert_pbe = NID_pbe_WithSHA1And40BitRC2_CBC;
+
     enc = EVP_des_ede3_cbc();
     if (bio_err == NULL ) bio_err = BIO_new_fp (stderr, BIO_NOCLOSE);
 

apps/req.c

@@ -175,7 +175,7 @@ int MAIN(int argc, char **argv)
 	char *passin = NULL, *passout = NULL;
 	char *p;
 	char *subj = NULL;
-	const EVP_MD *md_alg=NULL,*digest=EVP_md5();
+	const EVP_MD *md_alg=NULL,*digest;
 	unsigned long chtype = MBSTRING_ASC;
 #ifndef MONOLITH
 	char *to_free;
@@ -197,6 +197,13 @@ int MAIN(int argc, char **argv)
 	informat=FORMAT_PEM;
 	outformat=FORMAT_PEM;
 
+#ifdef  OPENSSL_FIPS
+	if (FIPS_mode())
+		digest = EVP_sha1();
+	else
+#endif
+		digest = EVP_md5();
+
 	prog=argv[0];
 	argc--;
 	argv++;

apps/s_client.c

@@ -197,6 +197,9 @@ static void sc_usage(void)
 	BIO_printf(bio_err," -pause        - sleep(1) after each read(2) and write(2) system call\n");
 	BIO_printf(bio_err," -showcerts    - show all certificates in the chain\n");
 	BIO_printf(bio_err," -debug        - extra output\n");
+#ifdef WATT32
+	BIO_printf(bio_err," -wdebug       - WATT-32 tcp debugging\n");
+#endif
 	BIO_printf(bio_err," -msg          - Show protocol messages\n");
 	BIO_printf(bio_err," -nbio_test    - more ssl protocol testing\n");
 	BIO_printf(bio_err," -state        - print the 'ssl' states\n");
@@ -348,6 +351,10 @@ int MAIN(int argc, char **argv)
 			c_Pause=1;
 		else if	(strcmp(*argv,"-debug") == 0)
 			c_debug=1;
+#ifdef WATT32
+		else if	(strcmp(*argv,"-wdebug") == 0)
+			dbug_init();
+#endif
 		else if	(strcmp(*argv,"-msg") == 0)
 			c_msg=1;
 		else if	(strcmp(*argv,"-showcerts") == 0)
@@ -588,6 +595,8 @@ re_start:
 	if (starttls_proto == 1)
 		{
 		BIO_read(sbio,mbuf,BUFSIZZ);
+		BIO_printf(sbio,"EHLO some.host.name\r\n");
+		BIO_read(sbio,mbuf,BUFSIZZ);
 		BIO_printf(sbio,"STARTTLS\r\n");
 		BIO_read(sbio,sbuf,BUFSIZZ);
 		}

apps/s_socket.c

@@ -153,7 +153,6 @@ static int ssl_sock_init(void)
 #ifdef WATT32
 	extern int _watt_do_exit;
 	_watt_do_exit = 0;
-	dbug_init();
 	if (sock_init())
 		return (0);
 #elif defined(OPENSSL_SYS_WINDOWS)

apps/x509.c

@@ -179,7 +179,7 @@ int MAIN(int argc, char **argv)
 	X509_REQ *rq=NULL;
 	int fingerprint=0;
 	char buf[256];
-	const EVP_MD *md_alg,*digest=EVP_md5();
+	const EVP_MD *md_alg,*digest;
 	CONF *extconf = NULL;
 	char *extsect = NULL, *extfile = NULL, *passin = NULL, *passargin = NULL;
 	int need_rand = 0;
@@ -216,6 +216,13 @@ int MAIN(int argc, char **argv)
 	if (ctx == NULL) goto end;
 	X509_STORE_set_verify_cb_func(ctx,callb);
 
+#ifdef  OPENSSL_FIPS
+	if (FIPS_mode())
+		digest = EVP_sha1();
+	else
+#endif
+		digest = EVP_md5();
+
 	argc--;
 	argv++;
 	num=0;

config

@@ -337,6 +337,9 @@ case "${SYSTEM}:${RELEASE}:${VERSION}:${MACHINE}" in
 	echo "mips-sony-newsos4"; exit 0;
 	;;
 
+    MINGW*)
+	echo "${MACHINE}-whatever-mingw"; echo 0;
+	;;
     CYGWIN*)
 	case "$RELEASE" in
 	    [bB]*|1.0|1.[12].*)
@@ -442,7 +445,7 @@ if [ "$SYSTEM" = "SunOS" ]; then
   	egrep -e '^cc: .* C [0-9]\.[0-9]' | \
 	sed 's/.* C \([0-9]\)\.\([0-9]\).*/\1\2/'`
   CCVER=${CCVER:-0}
-  if [ $CCVER -gt 40 ]; then
+  if [ $MACHINE != i86pc -a $CCVER -gt 40 ]; then
     CC=cc	# overrides gcc!!!
     if [ $CCVER -eq 50 ]; then
       echo "WARNING! Detected WorkShop C 5.0. Do make sure you have"
@@ -491,29 +494,29 @@ case "$GUESSOS" in
 	OUT="irix-$CC"
 	;;
   mips3-sgi-irix)
-	CPU=`(hinv -t cpu) 2>/dev/null | head -1 | sed 's/^CPU:[^R]*R\([0-9]*\).*/\1/'`
-	CPU=${CPU:-0}
-	if [ $CPU -ge 5000 ]; then
-		options="$options -mips4"
-	else
-		options="$options -mips3"
-	fi
+	#CPU=`(hinv -t cpu) 2>/dev/null | head -1 | sed 's/^CPU:[^R]*R\([0-9]*\).*/\1/'`
+	#CPU=${CPU:-0}
+	#if [ $CPU -ge 5000 ]; then
+	#	options="$options -mips4"
+	#else
+	#	options="$options -mips3"
+	#fi
 	OUT="irix-mips3-$CC"
 	;;
   mips4-sgi-irix64)
 	echo "WARNING! If you wish to build 64-bit library, then you have to"
 	echo "         invoke './Configure irix64-mips4-$CC' *manually*."
-	if [ "$TEST" = "false" ]; then
+	if [ "$TEST" = "false" -a -t 1 ]; then
 	  echo "         You have about 5 seconds to press Ctrl-C to abort."
-	  (stty -icanon min 0 time 50; read waste) < /dev/tty
+	  (trap "stty `stty -g`" 2 0; stty -icanon min 0 time 50; read waste) <&1
 	fi
-        CPU=`(hinv -t cpu) 2>/dev/null | head -1 | sed 's/^CPU:[^R]*R\([0-9]*\).*/\1/'`
-        CPU=${CPU:-0}
-        if [ $CPU -ge 5000 ]; then
-                options="$options -mips4"
-        else
-                options="$options -mips3"
-        fi
+        #CPU=`(hinv -t cpu) 2>/dev/null | head -1 | sed 's/^CPU:[^R]*R\([0-9]*\).*/\1/'`
+        #CPU=${CPU:-0}
+        #if [ $CPU -ge 5000 ]; then
+        #        options="$options -mips4"
+        #else
+        #        options="$options -mips3"
+        #fi
 	OUT="irix-mips3-$CC"
 	;;
   alpha-*-linux2)
@@ -549,9 +552,9 @@ EOF
   ppc64-*-linux2)
 	echo "WARNING! If you wish to build 64-bit library, then you have to"
 	echo "         invoke './Configure linux-ppc64' *manually*."
-	if [ "$TEST" = "false" ]; then
+	if [ "$TEST" = "false" -a -t 1 ]; then
 	    echo "         You have about 5 seconds to press Ctrl-C to abort."
-	    (stty -icanon min 0 time 50; read waste) < /dev/tty
+	    (trap "stty `stty -g`" 2 0; stty -icanon min 0 time 50; read waste) <&1
 	fi
 	OUT="linux-ppc"
 	;;
@@ -565,9 +568,9 @@ EOF
 	echo "WARNING! If you *know* that your GNU C supports 64-bit/V9 ABI"
 	echo "         and wish to build 64-bit library, then you have to"
 	echo "         invoke './Configure linux64-sparcv9' *manually*."
-	if [ "$TEST" = "false" ]; then
+	if [ "$TEST" = "false" -a -t 1 ]; then
 	  echo "          You have about 5 seconds to press Ctrl-C to abort."
-	  (stty -icanon min 0 time 50; read waste) < /dev/tty
+	  (trap "stty `stty -g`" 2 0; stty -icanon min 0 time 50; read waste) <&1
 	fi
 	OUT="linux-sparcv9" ;;
   sparc-*-linux2)
@@ -598,7 +601,9 @@ EOF
 
 	options="$options -mschedule=$CPUSCHEDULE -march=$CPUARCH"
 	OUT="linux-parisc" ;;
-  arm*-*-linux2) OUT="linux-elf-arm" ;;
+  arm*b-*-linux2) OUT="linux-elf-arm"; options="$options -DB_ENDIAN" ;;
+  arm*l-*-linux2) OUT="linux-elf-arm"; options="$options -DL_ENDIAN" ;;
+  arm*-*-linux2)  OUT="linux-elf-arm" ;;
   s390-*-linux2) OUT="linux-s390" ;;
   s390x-*-linux?) OUT="linux-s390x" ;;
   x86_64-*-linux?) OUT="linux-x86_64" ;;
@@ -622,9 +627,9 @@ EOF
 	    if [ "$CC" = "cc" -a $CCVER -ge 50 ]; then
 		echo "WARNING! If you wish to build 64-bit library, then you have to"
 		echo "         invoke './Configure solaris64-sparcv9-cc' *manually*."
-		if [ "$TEST" = "false" ]; then
+		if [ "$TEST" = "false" -a -t 1 ]; then
 		  echo "         You have about 5 seconds to press Ctrl-C to abort."
-		  (stty -icanon min 0 time 50; read waste) < /dev/tty
+		  (trap "stty `stty -g`" 2 0; stty -icanon min 0 time 50; read waste) <&1
 		fi
 	    elif [ "$CC" = "gcc" -a "$GCC_ARCH" = "-m64" ]; then
 		# $GCC_ARCH denotes default ABI chosen by compiler driver
@@ -634,17 +639,17 @@ EOF
 		OUT="solaris64-sparcv9-gcc"
 		echo "WARNING! If you wish to build 32-bit library, then you have to"
 		echo "         invoke './Configure solaris-sparcv9-gcc' *manually*."
-		if [ "$TEST" = "false" ]; then
+		if [ "$TEST" = "false" -a -t 1 ]; then
 		  echo "         You have about 5 seconds to press Ctrl-C to abort."
-		  (stty -icanon min 0 time 50; read waste) < /dev/tty
+		  (trap "stty `stty -g`" 2 0; stty -icanon min 0 time 50; read waste) <&1
 		fi
 	    elif [ "$GCC_ARCH" = "-m32" ]; then
 		echo "NOTICE! If you *know* that your GNU C supports 64-bit/V9 ABI"
 		echo "        and wish to build 64-bit library, then you have to"
 		echo "        invoke './Configure solaris64-sparcv9-gcc' *manually*."
-		if [ "$TEST" = "false" ]; then
+		if [ "$TEST" = "false" -a -t 1 ]; then
 		  echo "         You have about 5 seconds to press Ctrl-C to abort."
-		  (stty -icanon min 0 time 50; read waste) < /dev/tty
+		  (trap "stty `stty -g`" 2 0; stty -icanon min 0 time 50; read waste) <&1
 		fi
 	    fi
 	fi
@@ -652,7 +657,14 @@ EOF
   sun4m-*-solaris2)	OUT="solaris-sparcv8-$CC" ;;
   sun4d-*-solaris2)	OUT="solaris-sparcv8-$CC" ;;
   sun4*-*-solaris2)	OUT="solaris-sparcv7-$CC" ;;
-  *86*-*-solaris2) OUT="solaris-x86-$CC" ;;
+  *86*-*-solaris2)
+	ISA64=`(isalist) 2>/dev/null | grep amd64`
+	if [ "$ISA64" != "" ]; then
+	    OUT="solaris64-x86_64-$CC"
+	else
+	    OUT="solaris-x86-$CC"
+	fi
+	;;
   *-*-sunos4) OUT="sunos-$CC" ;;
   alpha*-*-freebsd*) OUT="FreeBSD-alpha" ;;
   sparc64-*-freebsd*) OUT="FreeBSD-sparc64" ;;
@@ -720,9 +732,9 @@ EOF
 	     echo "WARNING! 64-bit ABI is the default configured ABI on HP-UXi."
 	     echo "         If you wish to build 32-bit library, the you have to"
 	     echo "         invoke './Configure hpux-ia64-cc' *manually*."
-	     if [ "$TEST" = "false" ]; then
+	     if [ "$TEST" = "false" -a -t 1 ]; then
 		echo "         You have about 5 seconds to press Ctrl-C to abort."
-		(stty -icanon min 0 time 50; read waste) < /dev/tty
+		(trap "stty `stty -g`" 2 0; stty -icanon min 0 time 50; read waste) <&1
 	     fi
 	     OUT="hpux64-ia64-cc"
 	elif [ $CPU_VERSION -ge 532 ]; then	# PA-RISC 2.x CPU
@@ -732,9 +744,9 @@ EOF
 	     if [ $KERNEL_BITS -eq 64 -a "$CC" = "cc" ]; then
 		echo "WARNING! If you wish to build 64-bit library then you have to"
 		echo "         invoke './Configure hpux64-parisc2-cc' *manually*."
-		if [ "$TEST" = "false" ]; then
+		if [ "$TEST" = "false" -a -t 1 ]; then
 		  echo "         You have about 5 seconds to press Ctrl-C to abort."
-		  (stty -icanon min 0 time 50; read waste) < /dev/tty
+		  (trap "stty `stty -g`" 2 0; stty -icanon min 0 time 50; read waste) <&1
 		fi
 	     fi
 	elif [ $CPU_VERSION -ge 528 ]; then	# PA-RISC 1.1+ CPU
@@ -760,9 +772,9 @@ EOF
 	    if [ $KERNEL_BITS -eq 64 ]; then
 		echo "WARNING! If you wish to build 64-bit kit, then you have to"
 		echo "         invoke './Configure aix64-cc' *manually*."
-		if [ "$TEST" = "false" ]; then
+		if [ "$TEST" = "false" -a -t 1 ]; then
 		    echo "         You have ~5 seconds to press Ctrl-C to abort."
-		    (/bin/stty -icanon min 0 time 50; read waste) < /dev/tty
+		    (trap "stty `stty -g`" 2 0; stty -icanon min 0 time 50; read waste) <&1
 		fi
 	    fi
 	fi

crypto/.cvsignore

@@ -2,3 +2,5 @@ lib
 buildinf.h
 opensslconf.h
 Makefile.save
+*.flc
+semantic.cache

crypto/Makefile

@@ -94,10 +94,9 @@ lib:	$(LIBOBJ)
 	@touch lib
 
 shared: buildinf.h lib subdirs
-	if [ -n "$(SHARED_LIBS)" ]; then \
-	    if ! egrep 'define OPENSSL_FIPS' $(TOP)/include/openssl/opensslconf.h > /dev/null; then \
+	@if [ -n "$(SHARED_LIBS)" ]; then \
+		egrep 'define OPENSSL_FIPS' $(TOP)/include/openssl/opensslconf.h > /dev/null || \
 		(cd ..; $(MAKE) $(SHARED_LIB)); \
-	    fi \
 	fi
 
 libs:
@@ -202,8 +201,8 @@ mem_dbg.o: ../include/openssl/err.h ../include/openssl/lhash.h
 mem_dbg.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
 mem_dbg.o: ../include/openssl/safestack.h ../include/openssl/stack.h
 mem_dbg.o: ../include/openssl/symhacks.h cryptlib.h mem_dbg.c
-o_str.o: ../include/openssl/e_os2.h ../include/openssl/opensslconf.h o_str.c
-o_str.o: o_str.h
+o_str.o: ../e_os.h ../include/openssl/e_os2.h ../include/openssl/opensslconf.h
+o_str.o: o_str.c o_str.h
 o_time.o: ../include/openssl/e_os2.h ../include/openssl/opensslconf.h o_time.c
 o_time.o: o_time.h
 tmdiff.o: ../e_os.h ../include/openssl/bio.h ../include/openssl/buffer.h

crypto/aes/.cvsignore

@@ -1,2 +1,4 @@
 lib
 Makefile.save
+*.flc
+semantic.cache

crypto/aes/aes_cbc.c

@@ -66,6 +66,7 @@ void AES_cbc_encrypt(const unsigned char *in, unsigned char *out,
 	unsigned long n;
 	unsigned long len = length;
 	unsigned char tmp[AES_BLOCK_SIZE];
+	const unsigned char *iv = ivec;
 
 	assert(in && out && key && ivec);
 	assert((AES_ENCRYPT == enc)||(AES_DECRYPT == enc));
@@ -73,22 +74,39 @@ void AES_cbc_encrypt(const unsigned char *in, unsigned char *out,
 	if (AES_ENCRYPT == enc) {
 		while (len >= AES_BLOCK_SIZE) {
 			for(n=0; n < AES_BLOCK_SIZE; ++n)
-				tmp[n] = in[n] ^ ivec[n];
-			AES_encrypt(tmp, out, key);
-			memcpy(ivec, out, AES_BLOCK_SIZE);
+				out[n] = in[n] ^ iv[n];
+			AES_encrypt(out, out, key);
+			iv = out;
 			len -= AES_BLOCK_SIZE;
 			in += AES_BLOCK_SIZE;
 			out += AES_BLOCK_SIZE;
 		}
 		if (len) {
 			for(n=0; n < len; ++n)
-				tmp[n] = in[n] ^ ivec[n];
+				out[n] = in[n] ^ iv[n];
 			for(n=len; n < AES_BLOCK_SIZE; ++n)
-				tmp[n] = ivec[n];
-			AES_encrypt(tmp, tmp, key);
-			memcpy(out, tmp, AES_BLOCK_SIZE);
-			memcpy(ivec, tmp, AES_BLOCK_SIZE);
-		}			
+				out[n] = iv[n];
+			AES_encrypt(out, out, key);
+			iv = out;
+		}
+		memcpy(ivec,iv,AES_BLOCK_SIZE);
+	} else if (in != out) {
+		while (len >= AES_BLOCK_SIZE) {
+			AES_decrypt(in, out, key);
+			for(n=0; n < AES_BLOCK_SIZE; ++n)
+				out[n] ^= iv[n];
+			iv = in;
+			len -= AES_BLOCK_SIZE;
+			in  += AES_BLOCK_SIZE;
+			out += AES_BLOCK_SIZE;
+		}
+		if (len) {
+			AES_decrypt(in,tmp,key);
+			for(n=0; n < len; ++n)
+				out[n] = tmp[n] ^ iv[n];
+			iv = in;
+		}
+		memcpy(ivec,iv,AES_BLOCK_SIZE);
 	} else {
 		while (len >= AES_BLOCK_SIZE) {
 			memcpy(tmp, in, AES_BLOCK_SIZE);
@@ -102,10 +120,12 @@ void AES_cbc_encrypt(const unsigned char *in, unsigned char *out,
 		}
 		if (len) {
 			memcpy(tmp, in, AES_BLOCK_SIZE);
-			AES_decrypt(tmp, tmp, key);
+			AES_decrypt(tmp, out, key);
 			for(n=0; n < len; ++n)
-				out[n] = tmp[n] ^ ivec[n];
+				out[n] ^= ivec[n];
+			for(n=len; n < AES_BLOCK_SIZE; ++n)
+				out[n] = tmp[n];
 			memcpy(ivec, tmp, AES_BLOCK_SIZE);
-		}			
+		}
 	}
 }

crypto/aes/aes_cfb.c

@@ -158,61 +158,35 @@ void AES_cfb128_encrypt(const unsigned char *in, unsigned char *out,
 
 /* This expects a single block of size nbits for both in and out. Note that
    it corrupts any extra bits in the last byte of out */
-/* Untested, once it is working, it will be optimised */
 void AES_cfbr_encrypt_block(const unsigned char *in,unsigned char *out,
 			    const int nbits,const AES_KEY *key,
 			    unsigned char *ivec,const int enc)
     {
-    int n;
+    int n,rem,num;
     unsigned char ovec[AES_BLOCK_SIZE*2];
 
-    assert(in && out && key && ivec);
-    if(enc)
-	{
+    if (nbits<=0 || nbits>128) return;
+
+	/* fill in the first half of the new IV with the current IV */
+	memcpy(ovec,ivec,AES_BLOCK_SIZE);
 	/* construct the new IV */
-	AES_encrypt(ivec,ovec,key);
-	/* encrypt the input */
-	for(n=0 ; n < (nbits+7)/8 ; ++n)
-	    out[n]=in[n]^ovec[n];
-	/* fill in the first half of the new IV with the current IV */
-	memcpy(ovec,ivec,AES_BLOCK_SIZE);
-	/* and put the ciphertext in the second half */
-	memcpy(ovec+AES_BLOCK_SIZE,out,(nbits+7)/8);
-	/* shift ovec left most of the bits... */
-	memmove(ovec,ovec+nbits/8,AES_BLOCK_SIZE+(nbits%8 ? 1 : 0));
-	/* now the remaining bits */
-	if(nbits%8 != 0)
+	AES_encrypt(ivec,ivec,key);
+	num = (nbits+7)/8;
+	if (enc)	/* encrypt the input */
+	    for(n=0 ; n < num ; ++n)
+		out[n] = (ovec[AES_BLOCK_SIZE+n] = in[n] ^ ivec[n]);
+	else		/* decrypt the input */
+	    for(n=0 ; n < num ; ++n)
+		out[n] = (ovec[AES_BLOCK_SIZE+n] = in[n]) ^ ivec[n];
+	/* shift ovec left... */
+	rem = nbits%8;
+	num = nbits/8;
+	if(rem==0)
+	    memcpy(ivec,ovec+num,AES_BLOCK_SIZE);
+	else
 	    for(n=0 ; n < AES_BLOCK_SIZE ; ++n)
-		{
-		ovec[n]<<=nbits%8;
-		ovec[n]|=ovec[n+1]>>(8-nbits%8);
-		}
-	/* finally, move it back into place */
-	memcpy(ivec,ovec,AES_BLOCK_SIZE);
-	}
-    else
-	{
-	/* construct the new IV in the first half of ovec */
-	AES_encrypt(ivec,ovec,key);
-	/* decrypt the input */
-	for(n=0 ; n < (nbits+7)/8 ; ++n)
-	    out[n]=in[n]^ovec[n];
-	/* fill in the first half of the new IV with the current IV */
-	memcpy(ovec,ivec,AES_BLOCK_SIZE);
-	/* append the ciphertext */
-	memcpy(ovec+AES_BLOCK_SIZE,in,(nbits+7)/8);
-	/* shift ovec left most of the bits... */
-	memmove(ovec,ovec+nbits/8,AES_BLOCK_SIZE+(nbits%8 ? 1 : 0));
-	/* now the remaining bits */
-	if(nbits%8 != 0)
-	    for(n=0 ; n < AES_BLOCK_SIZE ; ++n)
-		{
-		ovec[n]<<=nbits%8;
-		ovec[n]|=ovec[n+1]>>(8-nbits%8);
-		}
-	/* finally, move it back into place */
-	memcpy(ivec,ovec,AES_BLOCK_SIZE);
-	}
+		ivec[n] = ovec[n+num]<<rem | ovec[n+num+1]>>(8-rem);
+
     /* it is not necessary to cleanse ovec, since the IV is not secret */
     }
 

crypto/asn1/.cvsignore

@@ -1,2 +1,4 @@
 lib
 Makefile.save
+*.flc
+semantic.cache

crypto/asn1/a_print.c

@@ -60,7 +60,7 @@
 #include "cryptlib.h"
 #include <openssl/asn1.h>
 
-int ASN1_PRINTABLE_type(unsigned char *s, int len)
+int ASN1_PRINTABLE_type(const unsigned char *s, int len)
 	{
 	int c;
 	int ia5=0;

crypto/asn1/a_type.c

@@ -71,7 +71,10 @@ int ASN1_TYPE_get(ASN1_TYPE *a)
 void ASN1_TYPE_set(ASN1_TYPE *a, int type, void *value)
 	{
 	if (a->value.ptr != NULL)
-		ASN1_primitive_free((ASN1_VALUE **)&a, NULL);
+		{
+		ASN1_TYPE **tmp_a = &a;
+		ASN1_primitive_free((ASN1_VALUE **)tmp_a, NULL);
+		}
 	a->type=type;
 	a->value.ptr=value;
 	}

crypto/asn1/a_verify.c

@@ -142,6 +142,13 @@ int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a, ASN1_BIT_STRING *signat
 		goto err;
 		}
 
+	if (!EVP_VerifyInit_ex(&ctx,type, NULL))
+		{
+		ASN1err(ASN1_F_ASN1_VERIFY,ERR_R_EVP_LIB);
+		ret=0;
+		goto err;
+		}
+
 	inl = ASN1_item_i2d(asn, &buf_in, it);
 	
 	if (buf_in == NULL)
@@ -150,7 +157,6 @@ int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a, ASN1_BIT_STRING *signat
 		goto err;
 		}
 
-	EVP_VerifyInit_ex(&ctx,type, NULL);
 	EVP_VerifyUpdate(&ctx,(unsigned char *)buf_in,inl);
 
 	OPENSSL_cleanse(buf_in,(unsigned int)inl);

crypto/asn1/asn1.h

@@ -829,7 +829,7 @@ BIGNUM *ASN1_ENUMERATED_to_BN(ASN1_ENUMERATED *ai,BIGNUM *bn);
 
 /* General */
 /* given a string, return the correct type, max is the maximum length */
-int ASN1_PRINTABLE_type(unsigned char *s, int max);
+int ASN1_PRINTABLE_type(const unsigned char *s, int max);
 
 int i2d_ASN1_bytes(ASN1_STRING *a, unsigned char **pp, int tag, int xclass);
 ASN1_STRING *d2i_ASN1_bytes(ASN1_STRING **a, unsigned char **pp,

crypto/asn1/x_name.c

@@ -160,21 +160,22 @@ static int x509_name_ex_d2i(ASN1_VALUE **val, unsigned char **in, long len, cons
 					int tag, int aclass, char opt, ASN1_TLC *ctx)
 {
 	unsigned char *p = *in, *q;
-	STACK *intname = NULL;
+	STACK *intname = NULL, **intname_pp = &intname;
 	int i, j, ret;
-	X509_NAME *nm = NULL;
+	X509_NAME *nm = NULL, **nm_pp = &nm;
 	STACK_OF(X509_NAME_ENTRY) *entries;
 	X509_NAME_ENTRY *entry;
 	q = p;
 
 	/* Get internal representation of Name */
-	ret = ASN1_item_ex_d2i((ASN1_VALUE **)&intname, &p, len, ASN1_ITEM_rptr(X509_NAME_INTERNAL),
-								tag, aclass, opt, ctx);
+	ret = ASN1_item_ex_d2i((ASN1_VALUE **)intname_pp,
+			       &p, len, ASN1_ITEM_rptr(X509_NAME_INTERNAL),
+			       tag, aclass, opt, ctx);
 	
 	if(ret <= 0) return ret;
 
 	if(*val) x509_name_ex_free(val, NULL);
-	if(!x509_name_ex_new((ASN1_VALUE **)&nm, NULL)) goto err;
+	if(!x509_name_ex_new((ASN1_VALUE **)nm_pp, NULL)) goto err;
 	/* We've decoded it: now cache encoding */
 	if(!BUF_MEM_grow(nm->bytes, p - q)) goto err;
 	memcpy(nm->bytes->data, q, p - q);
@@ -218,7 +219,7 @@ static int x509_name_ex_i2d(ASN1_VALUE **val, unsigned char **out, const ASN1_IT
 
 static int x509_name_encode(X509_NAME *a)
 {
-	STACK *intname = NULL;
+	STACK *intname = NULL, **intname_pp = &intname;
 	int len;
 	unsigned char *p;
 	STACK_OF(X509_NAME_ENTRY) *entries = NULL;
@@ -236,10 +237,12 @@ static int x509_name_encode(X509_NAME *a)
 		}
 		if(!sk_X509_NAME_ENTRY_push(entries, entry)) goto memerr;
 	}
-	len = ASN1_item_ex_i2d((ASN1_VALUE **)&intname, NULL, ASN1_ITEM_rptr(X509_NAME_INTERNAL), -1, -1);
+	len = ASN1_item_ex_i2d((ASN1_VALUE **)intname_pp, NULL,
+			       ASN1_ITEM_rptr(X509_NAME_INTERNAL), -1, -1);
 	if (!BUF_MEM_grow(a->bytes,len)) goto memerr;
 	p=(unsigned char *)a->bytes->data;
-	ASN1_item_ex_i2d((ASN1_VALUE **)&intname, &p, ASN1_ITEM_rptr(X509_NAME_INTERNAL), -1, -1);
+	ASN1_item_ex_i2d((ASN1_VALUE **)intname_pp,
+			 &p, ASN1_ITEM_rptr(X509_NAME_INTERNAL), -1, -1);
 	sk_pop_free(intname, sk_internal_free);
 	a->modified = 0;
 	return len;

crypto/bf/.cvsignore

@@ -1,2 +1,4 @@
 lib
 Makefile.save
+*.flc
+semantic.cache

crypto/bf/Makefile

@@ -109,5 +109,8 @@ bf_enc.o: ../../include/openssl/blowfish.h ../../include/openssl/e_os2.h
 bf_enc.o: ../../include/openssl/opensslconf.h bf_enc.c bf_locl.h
 bf_ofb64.o: ../../include/openssl/blowfish.h ../../include/openssl/e_os2.h
 bf_ofb64.o: ../../include/openssl/opensslconf.h bf_locl.h bf_ofb64.c
-bf_skey.o: ../../include/openssl/blowfish.h ../../include/openssl/e_os2.h
-bf_skey.o: ../../include/openssl/opensslconf.h bf_locl.h bf_pi.h bf_skey.c
+bf_skey.o: ../../include/openssl/blowfish.h ../../include/openssl/crypto.h
+bf_skey.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
+bf_skey.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+bf_skey.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+bf_skey.o: bf_locl.h bf_pi.h bf_skey.c

crypto/bf/asm/.cvsignore

@@ -1,2 +1,4 @@
 bx86unix.cpp
 bx86-elf.s
+*.flc
+semantic.cache

crypto/bf/bf_skey.c

@@ -58,11 +58,12 @@
 
 #include <stdio.h>
 #include <string.h>
+#include <openssl/crypto.h>
 #include <openssl/blowfish.h>
 #include "bf_locl.h"
 #include "bf_pi.h"
 
-void BF_set_key(BF_KEY *key, int len, const unsigned char *data)
+FIPS_NON_FIPS_VCIPHER_Init(BF)
 	{
 	int i;
 	BF_LONG *p,ri,in[2];

crypto/bf/blowfish.h

@@ -104,7 +104,10 @@ typedef struct bf_key_st
 	BF_LONG S[4*256];
 	} BF_KEY;
 
- 
+
+#ifdef OPENSSL_FIPS 
+void private_BF_set_key(BF_KEY *key, int len, const unsigned char *data);
+#endif
 void BF_set_key(BF_KEY *key, int len, const unsigned char *data);
 
 void BF_encrypt(BF_LONG *data,const BF_KEY *key);

crypto/bio/.cvsignore

@@ -1,2 +1,4 @@
 lib
 Makefile.save
+*.flc
+semantic.cache

crypto/bio/bss_file.c

@@ -266,7 +266,7 @@ static long MS_CALLBACK file_ctrl(BIO *b, int cmd, long num, void *ptr)
 			ret=0;
 			break;
 			}
-#if defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_OS2)
+#if defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_OS2) || defined(OPENSSL_SYS_WIN32_CYGWIN)
 		if (!(num & BIO_FP_TEXT))
 			strcat(p,"b");
 		else

crypto/bn/.cvsignore

@@ -1,2 +1,4 @@
 lib
 Makefile.save
+*.flc
+semantic.cache

crypto/bn/Makefile

@@ -118,6 +118,7 @@ asm/ia64-cpp.o:	asm/ia64.S
 	rm -f /tmp/ia64.$$$$.s
 
 asm/x86_64-gcc.o: asm/x86_64-gcc.c
+	$(CC) $(ASFLAGS) -c -o $@ $<
 
 asm/pa-risc2W.o: asm/pa-risc2W.s
 	/usr/ccs/bin/as -o asm/pa-risc2W.o asm/pa-risc2W.s

crypto/bn/asm/.cvsignore

@@ -2,3 +2,5 @@ bn86unix.cpp
 co86unix.cpp
 bn86-elf.s
 co86-elf.s
+*.flc
+semantic.cache

crypto/bn/asm/x86_64-gcc.c

@@ -13,20 +13,42 @@
  * A. Well, that's because this code is basically a quick-n-dirty
  *    proof-of-concept hack. As you can see it's implemented with
  *    inline assembler, which means that you're bound to GCC and that
- *    there must be a room for fine-tuning.
+ *    there might be enough room for further improvement.
  *
  * Q. Why inline assembler?
- * A. x86_64 features own ABI I'm not familiar with. Which is why
- *    I decided to let the compiler take care of subroutine
- *    prologue/epilogue as well as register allocation.
+ * A. x86_64 features own ABI which I'm not familiar with. This is
+ *    why I decided to let the compiler take care of subroutine
+ *    prologue/epilogue as well as register allocation. For reference.
+ *    Win64 implements different ABI for AMD64, different from Linux.
  *
  * Q. How much faster does it get?
- * A. Unfortunately people sitting on x86_64 hardware are prohibited
- *    to disclose the performance numbers, so they (SuSE labs to be
- *    specific) wouldn't tell me. However! Very similar coding technique
- *    (reaching out for 128-bit result from 64x64-bit multiplication)
- *    results in >3 times performance improvement on MIPS and I see no
- *    reason why gain on x86_64 would be so much different:-)
+ * A. 'apps/openssl speed rsa dsa' output with no-asm:
+ *
+ *	                  sign    verify    sign/s verify/s
+ *	rsa  512 bits   0.0006s   0.0001s   1683.8  18456.2
+ *	rsa 1024 bits   0.0028s   0.0002s    356.0   6407.0
+ *	rsa 2048 bits   0.0172s   0.0005s     58.0   1957.8
+ *	rsa 4096 bits   0.1155s   0.0018s      8.7    555.6
+ *	                  sign    verify    sign/s verify/s
+ *	dsa  512 bits   0.0005s   0.0006s   2100.8   1768.3
+ *	dsa 1024 bits   0.0014s   0.0018s    692.3    559.2
+ *	dsa 2048 bits   0.0049s   0.0061s    204.7    165.0
+ *
+ *    'apps/openssl speed rsa dsa' output with this module:
+ *
+ *	                  sign    verify    sign/s verify/s
+ *	rsa  512 bits   0.0004s   0.0000s   2767.1  33297.9
+ *	rsa 1024 bits   0.0012s   0.0001s    867.4  14674.7
+ *	rsa 2048 bits   0.0061s   0.0002s    164.0   5270.0
+ *	rsa 4096 bits   0.0384s   0.0006s     26.1   1650.8
+ *	                  sign    verify    sign/s verify/s
+ *	dsa  512 bits   0.0002s   0.0003s   4442.2   3786.3
+ *	dsa 1024 bits   0.0005s   0.0007s   1835.1   1497.4
+ *	dsa 2048 bits   0.0016s   0.0020s    620.4    504.6
+ *
+ *    For the reference. IA-32 assembler implementation performs
+ *    very much like 64-bit code compiled with no-asm on the same
+ *    machine.
  */
 
 #define BN_ULONG unsigned long
@@ -151,7 +173,7 @@ BN_ULONG bn_div_words(BN_ULONG h, BN_ULONG l, BN_ULONG d)
 }
 
 BN_ULONG bn_add_words (BN_ULONG *rp, BN_ULONG *ap, BN_ULONG *bp,int n)
-{ BN_ULONG ret,i;
+{ BN_ULONG ret=0,i=0;
 
 	if (n <= 0) return 0;
 
@@ -164,7 +186,7 @@ BN_ULONG bn_add_words (BN_ULONG *rp, BN_ULONG *ap, BN_ULONG *bp,int n)
 	"	leaq	1(%2),%2	\n"
 	"	loop	1b		\n"
 	"	sbbq	%0,%0		\n"
-		: "+a"(ret),"+c"(n),"+r"(i)
+		: "=&a"(ret),"+c"(n),"=&r"(i)
 		: "r"(rp),"r"(ap),"r"(bp)
 		: "cc"
 	);
@@ -174,7 +196,7 @@ BN_ULONG bn_add_words (BN_ULONG *rp, BN_ULONG *ap, BN_ULONG *bp,int n)
 
 #ifndef SIMICS
 BN_ULONG bn_sub_words (BN_ULONG *rp, BN_ULONG *ap, BN_ULONG *bp,int n)
-{ BN_ULONG ret,i;
+{ BN_ULONG ret=0,i=0;
 
 	if (n <= 0) return 0;
 
@@ -187,7 +209,7 @@ BN_ULONG bn_sub_words (BN_ULONG *rp, BN_ULONG *ap, BN_ULONG *bp,int n)
 	"	leaq	1(%2),%2	\n"
 	"	loop	1b		\n"
 	"	sbbq	%0,%0		\n"
-		: "+a"(ret),"+c"(n),"+r"(i)
+		: "=&a"(ret),"+c"(n),"=&r"(i)
 		: "r"(rp),"r"(ap),"r"(bp)
 		: "cc"
 	);
@@ -318,7 +340,6 @@ BN_ULONG bn_sub_words(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n)
 
 void bn_mul_comba8(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b)
 	{
-	BN_ULONG bl,bh;
 	BN_ULONG t1,t2;
 	BN_ULONG c1,c2,c3;
 
@@ -423,7 +444,6 @@ void bn_mul_comba8(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b)
 
 void bn_mul_comba4(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b)
 	{
-	BN_ULONG bl,bh;
 	BN_ULONG t1,t2;
 	BN_ULONG c1,c2,c3;
 
@@ -464,7 +484,6 @@ void bn_mul_comba4(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b)
 
 void bn_sqr_comba8(BN_ULONG *r, BN_ULONG *a)
 	{
-	BN_ULONG bl,bh;
 	BN_ULONG t1,t2;
 	BN_ULONG c1,c2,c3;
 
@@ -541,7 +560,6 @@ void bn_sqr_comba8(BN_ULONG *r, BN_ULONG *a)
 
 void bn_sqr_comba4(BN_ULONG *r, BN_ULONG *a)
 	{
-	BN_ULONG bl,bh;
 	BN_ULONG t1,t2;
 	BN_ULONG c1,c2,c3;
 

crypto/buffer/.cvsignore

@@ -1,2 +1,4 @@
 lib
 Makefile.save
+*.flc
+semantic.cache

crypto/cast/.cvsignore

@@ -1,2 +1,4 @@
 lib
 Makefile.save
+*.flc
+semantic.cache

crypto/cast/Makefile

@@ -114,5 +114,7 @@ c_ofb64.o: ../../e_os.h ../../include/openssl/cast.h
 c_ofb64.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
 c_ofb64.o: c_ofb64.c cast_lcl.h
 c_skey.o: ../../e_os.h ../../include/openssl/cast.h
-c_skey.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
-c_skey.o: c_skey.c cast_lcl.h cast_s.h
+c_skey.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+c_skey.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+c_skey.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+c_skey.o: ../../include/openssl/symhacks.h c_skey.c cast_lcl.h cast_s.h

crypto/cast/asm/.cvsignore

@@ -1,2 +1,4 @@
 cx86unix.cpp
 cx86-elf.s
+*.flc
+semantic.cache

crypto/cast/c_skey.c

@@ -56,7 +56,9 @@
  * [including the GNU Public Licence.]
  */
 
+#include <openssl/crypto.h>
 #include <openssl/cast.h>
+
 #include "cast_lcl.h"
 #include "cast_s.h"
 
@@ -72,7 +74,7 @@
 #define S6 CAST_S_table6
 #define S7 CAST_S_table7
 
-void CAST_set_key(CAST_KEY *key, int len, const unsigned char *data)
+FIPS_NON_FIPS_VCIPHER_Init(CAST)
 	{
 	CAST_LONG x[16];
 	CAST_LONG z[16];

crypto/cast/cast.h

@@ -81,7 +81,10 @@ typedef struct cast_key_st
 	int short_key;	/* Use reduced rounds for short key */
 	} CAST_KEY;
 
- 
+
+#ifdef OPENSSL_FIPS 
+void private_CAST_set_key(CAST_KEY *key, int len, const unsigned char *data);
+#endif
 void CAST_set_key(CAST_KEY *key, int len, const unsigned char *data);
 void CAST_ecb_encrypt(const unsigned char *in,unsigned char *out,CAST_KEY *key,
 		      int enc);

crypto/comp/.cvsignore

@@ -1,2 +1,4 @@
 lib
 Makefile.save
+*.flc
+semantic.cache

crypto/comp/Makefile

@@ -90,6 +90,7 @@ c_rle.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h c_rle.c
 c_zlib.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
 c_zlib.o: ../../include/openssl/bn.h ../../include/openssl/comp.h
 c_zlib.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+c_zlib.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
 c_zlib.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
 c_zlib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
 c_zlib.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h

crypto/comp/c_zlib.c

@@ -3,6 +3,7 @@
 #include <string.h>
 #include <openssl/objects.h>
 #include <openssl/comp.h>
+#include <openssl/err.h>
 
 COMP_METHOD *COMP_zlib(void );
 

crypto/conf/.cvsignore

@@ -1,2 +1,4 @@
 lib
 Makefile.save
+*.flc
+semantic.cache

crypto/cryptlib.c

@@ -480,13 +480,12 @@ const char *CRYPTO_get_lock_name(int type)
 		return(sk_value(app_locks,type-CRYPTO_NUM_LOCKS));
 	}
 
-#ifdef _DLL
-#ifdef OPENSSL_SYS_WIN32
+#if defined(_WIN32) && defined(_WINDLL)
 
 /* All we really need to do is remove the 'error' state when a thread
  * detaches */
 
-BOOL WINAPI DLLEntryPoint(HINSTANCE hinstDLL, DWORD fdwReason,
+BOOL WINAPI DllMain(HINSTANCE hinstDLL, DWORD fdwReason,
 	     LPVOID lpvReserved)
 	{
 	switch(fdwReason)
@@ -505,8 +504,6 @@ BOOL WINAPI DLLEntryPoint(HINSTANCE hinstDLL, DWORD fdwReason,
 	}
 #endif
 
-#endif
-
 void OpenSSLDie(const char *file,int line,const char *assertion)
 	{
 	fprintf(stderr,

crypto/crypto-lib.com

@@ -247,7 +247,7 @@ $ LIB_X509 = "x509_def,x509_d2,x509_r2x,x509_cmp,"+ -
 $ LIB_X509V3 = "v3_bcons,v3_bitst,v3_conf,v3_extku,v3_ia5,v3_lib,"+ -
 	"v3_prn,v3_utl,v3err,v3_genn,v3_alt,v3_skey,v3_akey,v3_pku,"+ -
 	"v3_int,v3_enum,v3_sxnet,v3_cpols,v3_crld,v3_purp,v3_info,"+ -
-	"v3_ocsp,v3_akeya"
+	"v3_ocsp,v3_akeya,v3_pcia,v3_pci"
 $ LIB_CONF = "conf_err,conf_lib,conf_api,conf_def,conf_mod,conf_mall,conf_sap"
 $ LIB_TXT_DB = "txt_db"
 $ LIB_PKCS7 = "pk7_asn1,pk7_lib,pkcs7err,pk7_doit,pk7_smime,pk7_attr,"+ -

crypto/crypto.h

@@ -439,6 +439,58 @@ void OpenSSLDie(const char *file,int line,const char *assertion);
 #ifdef OPENSSL_FIPS
 int FIPS_mode(void);
 void *FIPS_rand_check(void);
+
+#define FIPS_ERROR_IGNORED(alg) OpenSSLDie(__FILE__, __LINE__, \
+		alg " previous FIPS forbidden algorithm error ignored");
+
+#define FIPS_BAD_ABORT(alg) OpenSSLDie(__FILE__, __LINE__, \
+		#alg " Algorithm forbidden in FIPS mode");
+
+#ifdef OPENSSL_FIPS_STRICT
+#define FIPS_BAD_ALGORITHM(alg) FIPS_BAD_ABORT(alg)
+#else
+#define FIPS_BAD_ALGORITHM(alg) \
+	{ \
+	FIPSerr(FIPS_F_HASH_FINAL,FIPS_R_NON_FIPS_METHOD); \
+	ERR_add_error_data(2, "Algorithm=", #alg); \
+	return 0; \
+	}
+#endif
+
+/* Low level digest API blocking macro */
+
+#define FIPS_NON_FIPS_MD_Init(alg) \
+	int alg##_Init(alg##_CTX *c) \
+		{ \
+		if (FIPS_mode()) \
+			FIPS_BAD_ALGORITHM(alg) \
+		return private_##alg##_Init(c); \
+		} \
+	int private_##alg##_Init(alg##_CTX *c)
+
+/* For ciphers the API often varies from cipher to cipher and each needs to
+ * be treated as a special case. Variable key length ciphers (Blowfish, RC4,
+ * CAST) however are very similar and can use a blocking macro.
+ */
+
+#define FIPS_NON_FIPS_VCIPHER_Init(alg) \
+	void alg##_set_key(alg##_KEY *key, int len, const unsigned char *data) \
+		{ \
+		if (FIPS_mode()) \
+			FIPS_BAD_ABORT(alg) \
+		private_##alg##_set_key(key, len, data); \
+		} \
+	void private_##alg##_set_key(alg##_KEY *key, int len, \
+					const unsigned char *data)
+
+#else
+
+#define FIPS_NON_FIPS_VCIPHER_Init(alg) \
+	void alg##_set_key(alg##_KEY *key, int len, const unsigned char *data)
+
+#define FIPS_NON_FIPS_MD_Init(alg) \
+	int alg##_Init(alg##_CTX *c) 
+
 #endif /* def OPENSSL_FIPS */
 
 /* BEGIN ERROR CODES */

crypto/des/.cvsignore

@@ -1,3 +1,5 @@
 lib
 Makefile.save
 des
+*.flc
+semantic.cache

crypto/des/asm/.cvsignore

@@ -3,3 +3,5 @@ yx86unix.cpp
 des_enc-sparc.S
 dx86-elf.s
 yx86-elf.s
+*.flc
+semantic.cache

crypto/dh/.cvsignore

@@ -1,2 +1,4 @@
 lib
 Makefile.save
+*.flc
+semantic.cache

crypto/dsa/.cvsignore

@@ -1,2 +1,4 @@
 lib
 Makefile.save
+*.flc
+semantic.cache

crypto/dso/.cvsignore

@@ -1,2 +1,4 @@
 lib
 Makefile.save
+*.flc
+semantic.cache

crypto/dso/dso_win32.c

@@ -61,7 +61,7 @@
 #include "cryptlib.h"
 #include <openssl/dso.h>
 
-#if !defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_WINCE)
+#if !defined(DSO_WIN32)
 DSO_METHOD *DSO_METHOD_win32(void)
 	{
 	return NULL;

crypto/ec/.cvsignore

@@ -1,2 +1,4 @@
 lib
 Makefile.save
+*.flc
+semantic.cache

crypto/engine/.cvsignore

@@ -1,2 +1,4 @@
 lib
 Makefile.save
+*.flc
+semantic.cache

crypto/err/.cvsignore

@@ -1,2 +1,4 @@
 lib
 Makefile.save
+*.flc
+semantic.cache

crypto/evp/.cvsignore

@@ -1,2 +1,4 @@
 lib
 Makefile.save
+*.flc
+semantic.cache

crypto/evp/Makefile

@@ -448,7 +448,7 @@ e_rc4.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
 e_rc4.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
 e_rc4.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
 e_rc4.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
-e_rc4.o: ../../include/openssl/ui_compat.h ../cryptlib.h e_rc4.c
+e_rc4.o: ../../include/openssl/ui_compat.h ../cryptlib.h e_rc4.c evp_locl.h
 e_rc5.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
 e_rc5.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
 e_rc5.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
@@ -713,7 +713,7 @@ m_md2.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
 m_md2.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
 m_md2.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
 m_md2.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-m_md2.o: ../cryptlib.h m_md2.c
+m_md2.o: ../cryptlib.h evp_locl.h m_md2.c
 m_md4.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
 m_md4.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
 m_md4.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
@@ -734,7 +734,7 @@ m_md4.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
 m_md4.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
 m_md4.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
 m_md4.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-m_md4.o: ../cryptlib.h m_md4.c
+m_md4.o: ../cryptlib.h evp_locl.h m_md4.c
 m_md5.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
 m_md5.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
 m_md5.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
@@ -755,7 +755,7 @@ m_md5.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
 m_md5.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
 m_md5.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
 m_md5.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-m_md5.o: ../cryptlib.h m_md5.c
+m_md5.o: ../cryptlib.h evp_locl.h m_md5.c
 m_mdc2.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
 m_mdc2.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
 m_mdc2.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
@@ -776,7 +776,7 @@ m_mdc2.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
 m_mdc2.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
 m_mdc2.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
 m_mdc2.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-m_mdc2.o: ../cryptlib.h m_mdc2.c
+m_mdc2.o: ../cryptlib.h evp_locl.h m_mdc2.c
 m_null.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
 m_null.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
 m_null.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
@@ -840,7 +840,7 @@ m_sha.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
 m_sha.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
 m_sha.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
 m_sha.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-m_sha.o: ../cryptlib.h m_sha.c
+m_sha.o: ../cryptlib.h evp_locl.h m_sha.c
 m_sha1.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
 m_sha1.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
 m_sha1.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h

crypto/evp/bio_md.c

@@ -192,13 +192,8 @@ static long md_ctrl(BIO *b, int cmd, long num, void *ptr)
 			ret=0;
 		break;
 	case BIO_C_GET_MD_CTX:
-		if (b->init)
-			{
-			pctx=ptr;
-			*pctx=ctx;
-			}
-		else
-			ret=0;
+		pctx=ptr;
+		*pctx=ctx;
 		break;
 	case BIO_C_SET_MD_CTX:
 		if (b->init)

crypto/evp/c_alld.c

@@ -75,7 +75,7 @@ void OpenSSL_add_all_digests(void)
 	EVP_add_digest_alias(SN_md5,"ssl2-md5");
 	EVP_add_digest_alias(SN_md5,"ssl3-md5");
 #endif
-#ifndef OPENSSL_NO_SHA
+#if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA0)
 	EVP_add_digest(EVP_sha());
 #ifndef OPENSSL_NO_DSA
 	EVP_add_digest(EVP_dss());

crypto/evp/digest.c

@@ -137,6 +137,39 @@ int EVP_DigestInit(EVP_MD_CTX *ctx, const EVP_MD *type)
 	return EVP_DigestInit_ex(ctx, type, NULL);
 	}
 
+#ifdef OPENSSL_FIPS
+
+/* The purpose of these is to trap programs that attempt to use non FIPS
+ * algorithms in FIPS mode and ignore the errors.
+ */
+
+static int bad_init(EVP_MD_CTX *ctx)
+	{ FIPS_ERROR_IGNORED("Digest init"); return 0;}
+
+static int bad_update(EVP_MD_CTX *ctx,const void *data,unsigned long count)
+	{ FIPS_ERROR_IGNORED("Digest update"); return 0;}
+
+static int bad_final(EVP_MD_CTX *ctx,unsigned char *md)
+	{ FIPS_ERROR_IGNORED("Digest Final"); return 0;}
+
+static const EVP_MD bad_md =
+	{
+	0,
+	0,
+	0,
+	0,
+	bad_init,
+	bad_update,
+	bad_final,
+	NULL,
+	NULL,
+	NULL,
+	0,
+	{0,0,0,0},
+	};
+
+#endif
+
 int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl)
 	{
 	EVP_MD_CTX_clear_flags(ctx,EVP_MD_CTX_FLAG_CLEANED);
@@ -195,6 +228,18 @@ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl)
 #endif
 	if (ctx->digest != type)
 		{
+#ifdef OPENSSL_FIPS
+		if (FIPS_mode())
+			{
+			if (!(type->flags & EVP_MD_FLAG_FIPS) 
+			 && !(ctx->flags & EVP_MD_CTX_FLAG_NON_FIPS_ALLOW))
+				{
+				EVPerr(EVP_F_EVP_DIGESTINIT, EVP_R_DISABLED_FOR_FIPS);
+				ctx->digest = &bad_md;
+				return 0;
+				}
+			}
+#endif
 		if (ctx->digest && ctx->digest->ctx_size)
 			OPENSSL_free(ctx->md_data);
 		ctx->digest=type;

crypto/evp/e_aes.c

@@ -67,32 +67,32 @@ typedef struct
 
 IMPLEMENT_BLOCK_CIPHER(aes_128, ks, AES, EVP_AES_KEY,
 		       NID_aes_128, 16, 16, 16, 128,
-		       0, aes_init_key, NULL, 
+		       EVP_CIPH_FLAG_FIPS, aes_init_key, NULL, 
 		       EVP_CIPHER_set_asn1_iv,
 		       EVP_CIPHER_get_asn1_iv,
 		       NULL)
 IMPLEMENT_BLOCK_CIPHER(aes_192, ks, AES, EVP_AES_KEY,
 		       NID_aes_192, 16, 24, 16, 128,
-		       0, aes_init_key, NULL, 
+		       EVP_CIPH_FLAG_FIPS, aes_init_key, NULL, 
 		       EVP_CIPHER_set_asn1_iv,
 		       EVP_CIPHER_get_asn1_iv,
 		       NULL)
 IMPLEMENT_BLOCK_CIPHER(aes_256, ks, AES, EVP_AES_KEY,
 		       NID_aes_256, 16, 32, 16, 128,
-		       0, aes_init_key, NULL, 
+		       EVP_CIPH_FLAG_FIPS, aes_init_key, NULL, 
 		       EVP_CIPHER_set_asn1_iv,
 		       EVP_CIPHER_get_asn1_iv,
 		       NULL)
 
-#define IMPLEMENT_AES_CFBR(ksize,cbits)	IMPLEMENT_CFBR(aes,AES,EVP_AES_KEY,ks,ksize,cbits,16)
+#define IMPLEMENT_AES_CFBR(ksize,cbits,flags)	IMPLEMENT_CFBR(aes,AES,EVP_AES_KEY,ks,ksize,cbits,16,flags)
 
-IMPLEMENT_AES_CFBR(128,1)
-IMPLEMENT_AES_CFBR(192,1)
-IMPLEMENT_AES_CFBR(256,1)
+IMPLEMENT_AES_CFBR(128,1,0)
+IMPLEMENT_AES_CFBR(192,1,0)
+IMPLEMENT_AES_CFBR(256,1,0)
 
-IMPLEMENT_AES_CFBR(128,8)
-IMPLEMENT_AES_CFBR(192,8)
-IMPLEMENT_AES_CFBR(256,8)
+IMPLEMENT_AES_CFBR(128,8,EVP_CIPH_FLAG_FIPS)
+IMPLEMENT_AES_CFBR(192,8,EVP_CIPH_FLAG_FIPS)
+IMPLEMENT_AES_CFBR(256,8,EVP_CIPH_FLAG_FIPS)
 
 static int aes_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
 		   const unsigned char *iv, int enc)

crypto/evp/e_des.c

@@ -127,16 +127,18 @@ static int des_cfb8_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
     }
 
 BLOCK_CIPHER_defs(des, DES_key_schedule, NID_des, 8, 8, 8, 64,
-			0, des_init_key, NULL,
+			EVP_CIPH_FLAG_FIPS, des_init_key, NULL,
 			EVP_CIPHER_set_asn1_iv,
 			EVP_CIPHER_get_asn1_iv,
 			NULL)
 
-BLOCK_CIPHER_def_cfb(des,DES_key_schedule,NID_des,8,8,1,0,des_init_key,NULL,
+BLOCK_CIPHER_def_cfb(des,DES_key_schedule,NID_des,8,8,1,
+		     EVP_CIPH_FLAG_FIPS,des_init_key,NULL,
 		     EVP_CIPHER_set_asn1_iv,
 		     EVP_CIPHER_get_asn1_iv,NULL)
 
-BLOCK_CIPHER_def_cfb(des,DES_key_schedule,NID_des,8,8,8,0,des_init_key,NULL,
+BLOCK_CIPHER_def_cfb(des,DES_key_schedule,NID_des,8,8,8,
+		     EVP_CIPH_FLAG_FIPS,des_init_key,NULL,
 		     EVP_CIPHER_set_asn1_iv,
 		     EVP_CIPHER_get_asn1_iv,NULL)
 

crypto/evp/e_des3.c

@@ -160,7 +160,7 @@ static int des_ede3_cfb8_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
     }
 
 BLOCK_CIPHER_defs(des_ede, DES_EDE_KEY, NID_des_ede, 8, 16, 8, 64,
-			0, des_ede_init_key, NULL, 
+			EVP_CIPH_FLAG_FIPS, des_ede_init_key, NULL, 
 			EVP_CIPHER_set_asn1_iv,
 			EVP_CIPHER_get_asn1_iv,
 			NULL)
@@ -171,18 +171,18 @@ BLOCK_CIPHER_defs(des_ede, DES_EDE_KEY, NID_des_ede, 8, 16, 8, 64,
 #define des_ede3_ecb_cipher des_ede_ecb_cipher
 
 BLOCK_CIPHER_defs(des_ede3, DES_EDE_KEY, NID_des_ede3, 8, 24, 8, 64,
-			0, des_ede3_init_key, NULL, 
+			EVP_CIPH_FLAG_FIPS, des_ede3_init_key, NULL, 
 			EVP_CIPHER_set_asn1_iv,
 			EVP_CIPHER_get_asn1_iv,
 			NULL)
 
-BLOCK_CIPHER_def_cfb(des_ede3,DES_EDE_KEY,NID_des_ede3,24,8,1,0,
-		     des_ede3_init_key,NULL,
+BLOCK_CIPHER_def_cfb(des_ede3,DES_EDE_KEY,NID_des_ede3,24,8,1,
+		     EVP_CIPH_FLAG_FIPS, des_ede3_init_key,NULL,
 		     EVP_CIPHER_set_asn1_iv,
 		     EVP_CIPHER_get_asn1_iv,NULL)
 
-BLOCK_CIPHER_def_cfb(des_ede3,DES_EDE_KEY,NID_des_ede3,24,8,8,0,
-		     des_ede3_init_key,NULL,
+BLOCK_CIPHER_def_cfb(des_ede3,DES_EDE_KEY,NID_des_ede3,24,8,8,
+		     EVP_CIPH_FLAG_FIPS, des_ede3_init_key,NULL,
 		     EVP_CIPHER_set_asn1_iv,
 		     EVP_CIPHER_get_asn1_iv,NULL)
 

crypto/evp/e_null.c

@@ -69,7 +69,7 @@ static const EVP_CIPHER n_cipher=
 	{
 	NID_undef,
 	1,0,0,
-	0,
+	EVP_CIPH_FLAG_FIPS,
 	null_init_key,
 	null_cipher,
 	NULL,

crypto/evp/e_rc4.c

@@ -62,6 +62,7 @@
 #include "cryptlib.h"
 #include <openssl/evp.h>
 #include <openssl/objects.h>
+#include "evp_locl.h"
 #include <openssl/rc4.h>
 
 /* FIXME: surely this is available elsewhere? */

crypto/evp/evp.h

@@ -117,6 +117,10 @@
 #include <openssl/aes.h>
 #endif
 
+#ifdef OPENSSL_FIPS
+#include <openssl/fips.h>
+#endif
+
 /*
 #define EVP_RC2_KEY_SIZE		16
 #define EVP_RC4_KEY_SIZE		16
@@ -290,6 +294,7 @@ struct env_md_st
 
 #define EVP_MD_FLAG_ONESHOT	0x0001 /* digest can only handle a single
 					* block */
+#define EVP_MD_FLAG_FIPS	0x0400 /* Note if suitable for use in FIPS mode */
 
 #define EVP_PKEY_NULL_method	NULL,NULL,{0,0,0,0}
 
@@ -332,6 +337,9 @@ struct env_md_ctx_st
 #define EVP_MD_CTX_FLAG_REUSE		0x0004 /* Don't free up ctx->md_data
 						* in EVP_MD_CTX_cleanup */
 
+#define EVP_MD_CTX_FLAG_NON_FIPS_ALLOW	0x0008	/* Allow use of non FIPS digest
+						 * in FIPS mode */
+
 struct evp_cipher_st
 	{
 	int nid;
@@ -373,6 +381,10 @@ struct evp_cipher_st
 #define 	EVP_CIPH_CUSTOM_KEY_LENGTH	0x80
 /* Don't use standard block padding */
 #define 	EVP_CIPH_NO_PADDING		0x100
+/* Note if suitable for use in FIPS mode */
+#define		EVP_CIPH_FLAG_FIPS		0x400
+/* Allow non FIPS cipher in FIPS mode */
+#define		EVP_CIPH_FLAG_NON_FIPS_ALLOW	0x800
 
 /* ctrl() values */
 
@@ -478,6 +490,9 @@ typedef int (EVP_PBE_KEYGEN)(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
 #define EVP_CIPHER_CTX_set_app_data(e,d) ((e)->app_data=(char *)(d))
 #define EVP_CIPHER_CTX_type(c)         EVP_CIPHER_type(EVP_CIPHER_CTX_cipher(c))
 #define EVP_CIPHER_CTX_flags(e)		((e)->cipher->flags)
+#define EVP_CIPHER_CTX_set_flags(ctx,flgs) ((ctx)->flags|=(flgs))
+#define EVP_CIPHER_CTX_clear_flags(ctx,flgs) ((ctx)->flags&=~(flgs))
+#define EVP_CIPHER_CTX_test_flags(ctx,flgs) ((ctx)->flags&(flgs))
 #define EVP_CIPHER_CTX_mode(e)		((e)->cipher->flags & EVP_CIPH_MODE)
 
 #define EVP_ENCODE_LENGTH(l)	(((l+2)/3*4)+(l/48+1)*2+80)
@@ -853,12 +868,16 @@ void ERR_load_EVP_strings(void);
 /* Function codes. */
 #define EVP_F_AES_INIT_KEY				 129
 #define EVP_F_D2I_PKEY					 100
+#define EVP_F_EVP_ADD_CIPHER				 130
+#define EVP_F_EVP_ADD_DIGEST				 131
 #define EVP_F_EVP_CIPHERINIT				 123
 #define EVP_F_EVP_CIPHER_CTX_CTRL			 124
 #define EVP_F_EVP_CIPHER_CTX_SET_KEY_LENGTH		 122
 #define EVP_F_EVP_DECRYPTFINAL				 101
 #define EVP_F_EVP_DIGESTINIT				 128
 #define EVP_F_EVP_ENCRYPTFINAL				 127
+#define EVP_F_EVP_GET_CIPHERBYNAME			 132
+#define EVP_F_EVP_GET_DIGESTBYNAME			 133
 #define EVP_F_EVP_MD_CTX_COPY				 110
 #define EVP_F_EVP_OPENINIT				 102
 #define EVP_F_EVP_PBE_ALG_ADD				 115
@@ -894,6 +913,7 @@ void ERR_load_EVP_strings(void);
 #define EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH		 138
 #define EVP_R_DECODE_ERROR				 114
 #define EVP_R_DIFFERENT_KEY_TYPES			 101
+#define EVP_R_DISABLED_FOR_FIPS				 141
 #define EVP_R_ENCODE_ERROR				 115
 #define EVP_R_EVP_PBE_CIPHERINIT_ERROR			 119
 #define EVP_R_EXPECTING_AN_RSA_KEY			 127

crypto/evp/evp_enc.c

@@ -82,6 +82,48 @@ int EVP_CipherInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
 	return EVP_CipherInit_ex(ctx,cipher,NULL,key,iv,enc);
 	}
 
+#ifdef OPENSSL_FIPS
+
+/* The purpose of these is to trap programs that attempt to use non FIPS
+ * algorithms in FIPS mode and ignore the errors.
+ */
+
+int bad_init(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+	    const unsigned char *iv, int enc)
+	{ FIPS_ERROR_IGNORED("Cipher init"); return 0;}
+
+int bad_do_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+		 const unsigned char *in, unsigned int inl)
+	{ FIPS_ERROR_IGNORED("Cipher update"); return 0;}
+
+/* NB: no cleanup because it is allowed after failed init */
+
+int bad_set_asn1(EVP_CIPHER_CTX *ctx, ASN1_TYPE *typ)
+	{ FIPS_ERROR_IGNORED("Cipher set_asn1"); return 0;}
+int bad_get_asn1(EVP_CIPHER_CTX *ctx, ASN1_TYPE *typ)
+	{ FIPS_ERROR_IGNORED("Cipher get_asn1"); return 0;}
+int bad_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr)
+	{ FIPS_ERROR_IGNORED("Cipher ctrl"); return 0;}
+
+static const EVP_CIPHER bad_cipher =
+	{
+	0,
+	0,
+	0,
+	0,
+	0,
+	bad_init,
+	bad_do_cipher,
+	NULL,
+	0,
+	bad_set_asn1,
+	bad_get_asn1,
+	bad_ctrl,
+	NULL
+	};
+
+#endif
+
 int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *impl,
 	     const unsigned char *key, const unsigned char *iv, int enc)
 	{
@@ -146,7 +188,6 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *imp
 		else
 			ctx->engine = NULL;
 #endif
-
 		ctx->cipher=cipher;
 		if (ctx->cipher->ctx_size)
 			{
@@ -210,6 +251,24 @@ skip_to_init:
 		}
 	}
 
+#ifdef OPENSSL_FIPS
+	/* After 'key' is set no further parameters changes are permissible.
+	 * So only check for non FIPS enabling at this point.
+	 */
+	if (key && FIPS_mode())
+		{
+		if (!(ctx->cipher->flags & EVP_CIPH_FLAG_FIPS)
+			& !(ctx->flags & EVP_CIPH_FLAG_NON_FIPS_ALLOW))
+			{
+			EVPerr(EVP_F_EVP_CIPHERINIT, EVP_R_DISABLED_FOR_FIPS);
+			ERR_add_error_data(2, "cipher=",
+						EVP_CIPHER_name(ctx->cipher));
+			ctx->cipher = &bad_cipher;
+			return 0;
+			}
+		}
+#endif
+
 	if(key || (ctx->cipher->flags & EVP_CIPH_ALWAYS_CALL_INIT)) {
 		if(!ctx->cipher->init(ctx,key,iv,enc)) return 0;
 	}

crypto/evp/evp_err.c

@@ -1,6 +1,6 @@
 /* crypto/evp/evp_err.c */
 /* ====================================================================
- * Copyright (c) 1999-2002 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1999-2005 The OpenSSL Project.  All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -68,12 +68,16 @@ static ERR_STRING_DATA EVP_str_functs[]=
 	{
 {ERR_PACK(0,EVP_F_AES_INIT_KEY,0),	"AES_INIT_KEY"},
 {ERR_PACK(0,EVP_F_D2I_PKEY,0),	"D2I_PKEY"},
+{ERR_PACK(0,EVP_F_EVP_ADD_CIPHER,0),	"EVP_add_cipher"},
+{ERR_PACK(0,EVP_F_EVP_ADD_DIGEST,0),	"EVP_add_digest"},
 {ERR_PACK(0,EVP_F_EVP_CIPHERINIT,0),	"EVP_CipherInit"},
 {ERR_PACK(0,EVP_F_EVP_CIPHER_CTX_CTRL,0),	"EVP_CIPHER_CTX_ctrl"},
 {ERR_PACK(0,EVP_F_EVP_CIPHER_CTX_SET_KEY_LENGTH,0),	"EVP_CIPHER_CTX_set_key_length"},
 {ERR_PACK(0,EVP_F_EVP_DECRYPTFINAL,0),	"EVP_DecryptFinal"},
 {ERR_PACK(0,EVP_F_EVP_DIGESTINIT,0),	"EVP_DigestInit"},
 {ERR_PACK(0,EVP_F_EVP_ENCRYPTFINAL,0),	"EVP_EncryptFinal"},
+{ERR_PACK(0,EVP_F_EVP_GET_CIPHERBYNAME,0),	"EVP_get_cipherbyname"},
+{ERR_PACK(0,EVP_F_EVP_GET_DIGESTBYNAME,0),	"EVP_get_digestbyname"},
 {ERR_PACK(0,EVP_F_EVP_MD_CTX_COPY,0),	"EVP_MD_CTX_copy"},
 {ERR_PACK(0,EVP_F_EVP_OPENINIT,0),	"EVP_OpenInit"},
 {ERR_PACK(0,EVP_F_EVP_PBE_ALG_ADD,0),	"EVP_PBE_alg_add"},
@@ -112,6 +116,7 @@ static ERR_STRING_DATA EVP_str_reasons[]=
 {EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH ,"data not multiple of block length"},
 {EVP_R_DECODE_ERROR                      ,"decode error"},
 {EVP_R_DIFFERENT_KEY_TYPES               ,"different key types"},
+{EVP_R_DISABLED_FOR_FIPS                 ,"disabled for fips"},
 {EVP_R_ENCODE_ERROR                      ,"encode error"},
 {EVP_R_EVP_PBE_CIPHERINIT_ERROR          ,"evp pbe cipherinit error"},
 {EVP_R_EXPECTING_AN_RSA_KEY              ,"expecting an rsa key"},

crypto/evp/evp_locl.h

@@ -226,11 +226,27 @@ const EVP_CIPHER *EVP_##cname##_ecb(void) { return &cname##_ecb; }
 
 #define EVP_C_DATA(kstruct, ctx)	((kstruct *)(ctx)->cipher_data)
 
-#define IMPLEMENT_CFBR(cipher,cprefix,kstruct,ksched,keysize,cbits,iv_len) \
+#define IMPLEMENT_CFBR(cipher,cprefix,kstruct,ksched,keysize,cbits,iv_len,flags) \
 	BLOCK_CIPHER_func_cfb(cipher##_##keysize,cprefix,cbits,kstruct,ksched) \
 	BLOCK_CIPHER_def_cfb(cipher##_##keysize,kstruct, \
 			     NID_##cipher##_##keysize, keysize/8, iv_len, cbits, \
-			     0, cipher##_init_key, NULL, \
+			     flags, cipher##_init_key, NULL, \
 			     EVP_CIPHER_set_asn1_iv, \
 			     EVP_CIPHER_get_asn1_iv, \
 			     NULL)
+
+#ifdef OPENSSL_FIPS
+#define RC2_set_key	private_RC2_set_key
+#define RC4_set_key	private_RC4_set_key
+#define CAST_set_key	private_CAST_set_key
+#define RC5_32_set_key	private_RC5_32_set_key
+#define BF_set_key	private_BF_set_key
+#define idea_set_encrypt_key private_idea_set_encrypt_key
+
+#define MD5_Init	private_MD5_Init
+#define MD4_Init	private_MD4_Init
+#define MD2_Init	private_MD2_Init
+#define MDC2_Init	private_MDC2_Init
+#define SHA_Init	private_SHA_Init
+
+#endif

crypto/evp/m_dss.c

@@ -77,7 +77,7 @@ static const EVP_MD dsa_md=
 	NID_dsaWithSHA,
 	NID_dsaWithSHA,
 	SHA_DIGEST_LENGTH,
-	0,
+	EVP_MD_FLAG_FIPS,
 	init,
 	update,
 	final,

crypto/evp/m_md2.c

@@ -60,6 +60,7 @@
 #include <stdio.h>
 #include "cryptlib.h"
 #include <openssl/evp.h>
+#include "evp_locl.h"
 #include <openssl/objects.h>
 #include <openssl/x509.h>
 #include <openssl/md2.h>

crypto/evp/m_md4.c

@@ -60,6 +60,7 @@
 #include <stdio.h>
 #include "cryptlib.h"
 #include <openssl/evp.h>
+#include "evp_locl.h"
 #include <openssl/objects.h>
 #include <openssl/x509.h>
 #include <openssl/md4.h>

crypto/evp/m_md5.c

@@ -60,6 +60,7 @@
 #include <stdio.h>
 #include "cryptlib.h"
 #include <openssl/evp.h>
+#include "evp_locl.h"
 #include <openssl/objects.h>
 #include <openssl/x509.h>
 #include <openssl/md5.h>

crypto/evp/m_mdc2.c

@@ -60,6 +60,7 @@
 #include <stdio.h>
 #include "cryptlib.h"
 #include <openssl/evp.h>
+#include "evp_locl.h"
 #include <openssl/objects.h>
 #include <openssl/x509.h>
 #include <openssl/mdc2.h>

crypto/evp/m_sha.c

@@ -56,10 +56,11 @@
  * [including the GNU Public Licence.]
  */
 
-#ifndef OPENSSL_NO_SHA
+#if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA0)
 #include <stdio.h>
 #include "cryptlib.h"
 #include <openssl/evp.h>
+#include "evp_locl.h"
 #include <openssl/objects.h>
 #include <openssl/x509.h>
 

crypto/evp/m_sha1.c

@@ -77,7 +77,7 @@ static const EVP_MD sha1_md=
 	NID_sha1,
 	NID_sha1WithRSAEncryption,
 	SHA_DIGEST_LENGTH,
-	0,
+	EVP_MD_FLAG_FIPS,
 	init,
 	update,
 	final,

crypto/evp/names.c

@@ -61,6 +61,9 @@
 #include <openssl/evp.h>
 #include <openssl/objects.h>
 #include <openssl/x509.h>
+#ifdef OPENSSL_FIPS
+#include <openssl/fips.h>
+#endif
 
 int EVP_add_cipher(const EVP_CIPHER *c)
 	{

crypto/hmac/.cvsignore

@@ -1,2 +1,4 @@
 lib
 Makefile.save
+*.flc
+semantic.cache

crypto/hmac/hmac.c

@@ -77,6 +77,15 @@ void HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len,
 
 	if (key != NULL)
 		{
+#ifdef OPENSSL_FIPS
+		if (FIPS_mode() && !(md->flags & EVP_MD_FLAG_FIPS)
+		&& (!(ctx->md_ctx.flags & EVP_MD_CTX_FLAG_NON_FIPS_ALLOW)
+		 || !(ctx->i_ctx.flags & EVP_MD_CTX_FLAG_NON_FIPS_ALLOW)
+		 || !(ctx->o_ctx.flags & EVP_MD_CTX_FLAG_NON_FIPS_ALLOW)))
+		OpenSSLDie(__FILE__,__LINE__,
+			"HMAC: digest not allowed in FIPS mode");
+#endif
+		
 		reset=1;
 		j=EVP_MD_block_size(md);
 		OPENSSL_assert(j <= sizeof ctx->key);
@@ -171,3 +180,10 @@ unsigned char *HMAC(const EVP_MD *evp_md, const void *key, int key_len,
 	return(md);
 	}
 
+void HMAC_CTX_set_flags(HMAC_CTX *ctx, unsigned long flags)
+	{
+	EVP_MD_CTX_set_flags(&ctx->i_ctx, flags);
+	EVP_MD_CTX_set_flags(&ctx->o_ctx, flags);
+	EVP_MD_CTX_set_flags(&ctx->md_ctx, flags);
+	}
+

crypto/hmac/hmac.h

@@ -98,6 +98,7 @@ unsigned char *HMAC(const EVP_MD *evp_md, const void *key, int key_len,
 		    const unsigned char *d, int n, unsigned char *md,
 		    unsigned int *md_len);
 
+void HMAC_CTX_set_flags(HMAC_CTX *ctx, unsigned long flags);
 
 #ifdef  __cplusplus
 }

crypto/idea/.cvsignore

@@ -1,2 +1,4 @@
 lib
 Makefile.save
+*.flc
+semantic.cache

crypto/idea/Makefile

@@ -85,5 +85,8 @@ i_ecb.o: ../../include/openssl/idea.h ../../include/openssl/opensslconf.h
 i_ecb.o: ../../include/openssl/opensslv.h i_ecb.c idea_lcl.h
 i_ofb64.o: ../../include/openssl/idea.h ../../include/openssl/opensslconf.h
 i_ofb64.o: i_ofb64.c idea_lcl.h
+i_skey.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 i_skey.o: ../../include/openssl/idea.h ../../include/openssl/opensslconf.h
+i_skey.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+i_skey.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
 i_skey.o: i_skey.c idea_lcl.h

crypto/idea/i_skey.c

@@ -57,10 +57,23 @@
  */
 
 #include <openssl/idea.h>
+#include <openssl/crypto.h>
 #include "idea_lcl.h"
 
 static IDEA_INT inverse(unsigned int xin);
+
+#ifdef OPENSSL_FIPS
 void idea_set_encrypt_key(const unsigned char *key, IDEA_KEY_SCHEDULE *ks)
+	{
+	if (FIPS_mode())
+		FIPS_BAD_ABORT(IDEA)
+	private_idea_set_encrypt_key(key, ks);
+	}
+void private_idea_set_encrypt_key(const unsigned char *key,
+						IDEA_KEY_SCHEDULE *ks)
+#else
+void idea_set_encrypt_key(const unsigned char *key, IDEA_KEY_SCHEDULE *ks)
+#endif
 	{
 	int i;
 	register IDEA_INT *kt,*kf,r0,r1,r2;

crypto/idea/idea.h

@@ -82,6 +82,10 @@ typedef struct idea_key_st
 const char *idea_options(void);
 void idea_ecb_encrypt(const unsigned char *in, unsigned char *out,
 	IDEA_KEY_SCHEDULE *ks);
+#ifdef OPENSSL_FIPS
+void private_idea_set_encrypt_key(const unsigned char *key,
+						IDEA_KEY_SCHEDULE *ks);
+#endif
 void idea_set_encrypt_key(const unsigned char *key, IDEA_KEY_SCHEDULE *ks);
 void idea_set_decrypt_key(IDEA_KEY_SCHEDULE *ek, IDEA_KEY_SCHEDULE *dk);
 void idea_cbc_encrypt(const unsigned char *in, unsigned char *out,

crypto/krb5/.cvsignore

@@ -1,2 +1,4 @@
 lib
 Makefile.save
+*.flc
+semantic.cache