Prepare for 0.9.8d release

cause a denial of service.  (CVE-2006-2940)
[Steve Henson, Bodo Moeller]

Fix ASN.1 parsing of certain invalid structures that can result
in a denial of service.  (CVE-2006-2937)  [Steve Henson]

Fix buffer overflow in SSL_get_shared_ciphers() function.
(CVE-2006-3738) [Tavis Ormandy and Will Drewry, Google Security Team]

Fix SSL client code which could crash if connecting to a
malicious SSLv2 server.  (CVE-2006-4343)
[Tavis Ormandy and Will Drewry, Google Security Team]

CHANGES

@@ -2,8 +2,193 @@
  OpenSSL CHANGES
  _______________
 
+ Changes between 0.9.8c and 0.9.8d  [28 Sep 2006]
+
+  *) Introduce limits to prevent malicious keys being able to
+     cause a denial of service.  (CVE-2006-2940)
+     [Steve Henson, Bodo Moeller]
+
+  *) Fix ASN.1 parsing of certain invalid structures that can result
+     in a denial of service.  (CVE-2006-2937)  [Steve Henson]
+
+  *) Fix buffer overflow in SSL_get_shared_ciphers() function. 
+     (CVE-2006-3738) [Tavis Ormandy and Will Drewry, Google Security Team]
+
+  *) Fix SSL client code which could crash if connecting to a
+     malicious SSLv2 server.  (CVE-2006-4343)
+     [Tavis Ormandy and Will Drewry, Google Security Team]
+
+  *) Since 0.9.8b, ciphersuite strings naming explicit ciphersuites
+     match only those.  Before that, "AES256-SHA" would be interpreted
+     as a pattern and match "AES128-SHA" too (since AES128-SHA got
+     the same strength classification in 0.9.7h) as we currently only
+     have a single AES bit in the ciphersuite description bitmap.
+     That change, however, also applied to ciphersuite strings such as
+     "RC4-MD5" that intentionally matched multiple ciphersuites --
+     namely, SSL 2.0 ciphersuites in addition to the more common ones
+     from SSL 3.0/TLS 1.0.
+
+     So we change the selection algorithm again: Naming an explicit
+     ciphersuite selects this one ciphersuite, and any other similar
+     ciphersuite (same bitmap) from *other* protocol versions.
+     Thus, "RC4-MD5" again will properly select both the SSL 2.0
+     ciphersuite and the SSL 3.0/TLS 1.0 ciphersuite.
+
+     Since SSL 2.0 does not have any ciphersuites for which the
+     128/256 bit distinction would be relevant, this works for now.
+     The proper fix will be to use different bits for AES128 and
+     AES256, which would have avoided the problems from the beginning;
+     however, bits are scarce, so we can only do this in a new release
+     (not just a patchlevel) when we can change the SSL_CIPHER
+     definition to split the single 'unsigned long mask' bitmap into
+     multiple values to extend the available space.
+
+     [Bodo Moeller]
+
+ Changes between 0.9.8b and 0.9.8c  [05 Sep 2006]
+
+  *) Avoid PKCS #1 v1.5 signature attack discovered by Daniel Bleichenbacher
+     (CVE-2006-4339)  [Ben Laurie and Google Security Team]
+
+  *) Add AES IGE and biIGE modes.
+     [Ben Laurie]
+
+  *) Change the Unix randomness entropy gathering to use poll() when
+     possible instead of select(), since the latter has some
+     undesirable limitations.
+     [Darryl Miles via Richard Levitte and Bodo Moeller]
+
+  *) Disable "ECCdraft" ciphersuites more thoroughly.  Now special
+     treatment in ssl/ssl_ciph.s makes sure that these ciphersuites
+     cannot be implicitly activated as part of, e.g., the "AES" alias.
+     However, please upgrade to OpenSSL 0.9.9[-dev] for
+     non-experimental use of the ECC ciphersuites to get TLS extension
+     support, which is required for curve and point format negotiation
+     to avoid potential handshake problems.
+     [Bodo Moeller]
+
+  *) Disable rogue ciphersuites:
+
+      - SSLv2 0x08 0x00 0x80 ("RC4-64-MD5")
+      - SSLv3/TLSv1 0x00 0x61 ("EXP1024-RC2-CBC-MD5")
+      - SSLv3/TLSv1 0x00 0x60 ("EXP1024-RC4-MD5")
+
+     The latter two were purportedly from
+     draft-ietf-tls-56-bit-ciphersuites-0[01].txt, but do not really
+     appear there.
+
+     Also deactive the remaining ciphersuites from
+     draft-ietf-tls-56-bit-ciphersuites-01.txt.  These are just as
+     unofficial, and the ID has long expired.
+     [Bodo Moeller]
+
+  *) Fix RSA blinding Heisenbug (problems sometimes occured on
+     dual-core machines) and other potential thread-safety issues.
+     [Bodo Moeller]
+
+  *) Add the symmetric cipher Camellia (128-bit, 192-bit, 256-bit key
+     versions), which is now available for royalty-free use
+     (see http://info.isl.ntt.co.jp/crypt/eng/info/chiteki.html).
+     Also, add Camellia TLS ciphersuites from RFC 4132.
+
+     To minimize changes between patchlevels in the OpenSSL 0.9.8
+     series, Camellia remains excluded from compilation unless OpenSSL
+     is configured with 'enable-camellia'.
+     [NTT]
+
+  *) Disable the padding bug check when compression is in use. The padding
+     bug check assumes the first packet is of even length, this is not
+     necessarily true if compresssion is enabled and can result in false
+     positives causing handshake failure. The actual bug test is ancient
+     code so it is hoped that implementations will either have fixed it by
+     now or any which still have the bug do not support compression.
+     [Steve Henson]
+
+ Changes between 0.9.8a and 0.9.8b  [04 May 2006]
+
+  *) When applying a cipher rule check to see if string match is an explicit
+     cipher suite and only match that one cipher suite if it is.
+     [Steve Henson]
+
+  *) Link in manifests for VC++ if needed.
+     [Austin Ziegler <halostatue@gmail.com>]
+
+  *) Update support for ECC-based TLS ciphersuites according to
+     draft-ietf-tls-ecc-12.txt with proposed changes (but without
+     TLS extensions, which are supported starting with the 0.9.9
+     branch, not in the OpenSSL 0.9.8 branch).
+     [Douglas Stebila]
+
+  *) New functions EVP_CIPHER_CTX_new() and EVP_CIPHER_CTX_free() to support
+     opaque EVP_CIPHER_CTX handling.
+     [Steve Henson]
+
+  *) Fixes and enhancements to zlib compression code. We now only use
+     "zlib1.dll" and use the default __cdecl calling convention on Win32
+     to conform with the standards mentioned here:
+           http://www.zlib.net/DLL_FAQ.txt
+     Static zlib linking now works on Windows and the new --with-zlib-include
+     --with-zlib-lib options to Configure can be used to supply the location
+     of the headers and library. Gracefully handle case where zlib library
+     can't be loaded.
+     [Steve Henson]
+
+  *) Several fixes and enhancements to the OID generation code. The old code
+     sometimes allowed invalid OIDs (1.X for X >= 40 for example), couldn't
+     handle numbers larger than ULONG_MAX, truncated printing and had a
+     non standard OBJ_obj2txt() behaviour.
+     [Steve Henson]
+
+  *) Add support for building of engines under engine/ as shared libraries
+     under VC++ build system.
+     [Steve Henson]
+
+  *) Corrected the numerous bugs in the Win32 path splitter in DSO.
+     Hopefully, we will not see any false combination of paths any more.
+     [Richard Levitte]
+
+ Changes between 0.9.8 and 0.9.8a  [11 Oct 2005]
+
+  *) Remove the functionality of SSL_OP_MSIE_SSLV2_RSA_PADDING
+     (part of SSL_OP_ALL).  This option used to disable the
+     countermeasure against man-in-the-middle protocol-version
+     rollback in the SSL 2.0 server implementation, which is a bad
+     idea.  (CVE-2005-2969)
+
+     [Bodo Moeller; problem pointed out by Yutaka Oiwa (Research Center
+     for Information Security, National Institute of Advanced Industrial
+     Science and Technology [AIST], Japan)]
+
+  *) Add two function to clear and return the verify parameter flags.
+     [Steve Henson]
+
+  *) Keep cipherlists sorted in the source instead of sorting them at
+     runtime, thus removing the need for a lock.
+     [Nils Larsch]
+
+  *) Avoid some small subgroup attacks in Diffie-Hellman.
+     [Nick Mathewson and Ben Laurie]
+
+  *) Add functions for well-known primes.
+     [Nick Mathewson]
+
+  *) Extended Windows CE support.
+     [Satoshi Nakamura and Andy Polyakov]
+
+  *) Initialize SSL_METHOD structures at compile time instead of during
+     runtime, thus removing the need for a lock.
+     [Steve Henson]
+
+  *) Make PKCS7_decrypt() work even if no certificate is supplied by
+     attempting to decrypt each encrypted key in turn. Add support to
+     smime utility.
+     [Steve Henson]
+
  Changes between 0.9.7h and 0.9.8  [05 Jul 2005]
 
+  [NB: OpenSSL 0.9.7i and later 0.9.7 patch levels were released after
+  OpenSSL 0.9.8.]
+
   *) Add libcrypto.pc and libssl.pc for those who feel they need them.
      [Richard Levitte]
 
@@ -821,7 +1006,81 @@
      differing sizes.
      [Richard Levitte]
 
- Changes between 0.9.7g and 0.9.7h  [XX xxx XXXX]
+ Changes between 0.9.7k and 0.9.7l  [xx XXX xxxx]
+
+  *) Change ciphersuite string processing so that an explicit
+     ciphersuite selects this one ciphersuite (so that "AES256-SHA"
+     will no longer include "AES128-SHA"), and any other similar
+     ciphersuite (same bitmap) from *other* protocol versions (so that
+     "RC4-MD5" will still include both the SSL 2.0 ciphersuite and the
+     SSL 3.0/TLS 1.0 ciphersuite).  This is a backport combining
+     changes from 0.9.8b and 0.9.8d.
+     [Bodo Moeller]
+
+ Changes between 0.9.7j and 0.9.7k  [05 Sep 2006]
+
+  *) Avoid PKCS #1 v1.5 signature attack discovered by Daniel Bleichenbacher
+     (CVE-2006-4339)  [Ben Laurie and Google Security Team]
+
+  *) Change the Unix randomness entropy gathering to use poll() when
+     possible instead of select(), since the latter has some
+     undesirable limitations.
+     [Darryl Miles via Richard Levitte and Bodo Moeller]
+
+  *) Disable rogue ciphersuites:
+
+      - SSLv2 0x08 0x00 0x80 ("RC4-64-MD5")
+      - SSLv3/TLSv1 0x00 0x61 ("EXP1024-RC2-CBC-MD5")
+      - SSLv3/TLSv1 0x00 0x60 ("EXP1024-RC4-MD5")
+
+     The latter two were purportedly from
+     draft-ietf-tls-56-bit-ciphersuites-0[01].txt, but do not really
+     appear there.
+
+     Also deactive the remaining ciphersuites from
+     draft-ietf-tls-56-bit-ciphersuites-01.txt.  These are just as
+     unofficial, and the ID has long expired.
+     [Bodo Moeller]
+
+  *) Fix RSA blinding Heisenbug (problems sometimes occured on
+     dual-core machines) and other potential thread-safety issues.
+     [Bodo Moeller]
+
+ Changes between 0.9.7i and 0.9.7j  [04 May 2006]
+
+  *) Adapt fipsld and the build system to link against the validated FIPS
+     module in FIPS mode.
+     [Steve Henson]
+
+  *) Fixes for VC++ 2005 build under Windows.
+     [Steve Henson]
+
+  *) Add new Windows build target VC-32-GMAKE for VC++. This uses GNU make 
+     from a Windows bash shell such as MSYS. It is autodetected from the
+     "config" script when run from a VC++ environment. Modify standard VC++
+     build to use fipscanister.o from the GNU make build. 
+     [Steve Henson]
+
+ Changes between 0.9.7h and 0.9.7i  [14 Oct 2005]
+
+  *) Wrapped the definition of EVP_MAX_MD_SIZE in a #ifdef OPENSSL_FIPS.
+     The value now differs depending on if you build for FIPS or not.
+     BEWARE!  A program linked with a shared FIPSed libcrypto can't be
+     safely run with a non-FIPSed libcrypto, as it may crash because of
+     the difference induced by this change.
+     [Andy Polyakov]
+
+ Changes between 0.9.7g and 0.9.7h  [11 Oct 2005]
+
+  *) Remove the functionality of SSL_OP_MSIE_SSLV2_RSA_PADDING
+     (part of SSL_OP_ALL).  This option used to disable the
+     countermeasure against man-in-the-middle protocol-version
+     rollback in the SSL 2.0 server implementation, which is a bad
+     idea.  (CVE-2005-2969)
+
+     [Bodo Moeller; problem pointed out by Yutaka Oiwa (Research Center
+     for Information Security, National Institute of Advanced Industrial
+     Science and Technology [AIST], Japan)]
 
   *) Minimal support for X9.31 signatures and PSS padding modes. This is
      mainly for FIPS compliance and not fully integrated at this stage.
@@ -872,6 +1131,9 @@
 
  Changes between 0.9.7f and 0.9.7g  [11 Apr 2005]
 
+  [NB: OpenSSL 0.9.7h and later 0.9.7 patch levels were released after
+  OpenSSL 0.9.8.]
+
   *) Fixes for newer kerberos headers. NB: the casts are needed because
      the 'length' field is signed on one version and unsigned on another
      with no (?) obvious way to tell the difference, without these VC++
@@ -979,11 +1241,11 @@
  Changes between 0.9.7c and 0.9.7d  [17 Mar 2004]
 
   *) Fix null-pointer assignment in do_change_cipher_spec() revealed           
-     by using the Codenomicon TLS Test Tool (CAN-2004-0079)                    
+     by using the Codenomicon TLS Test Tool (CVE-2004-0079)                    
      [Joe Orton, Steve Henson]   
 
   *) Fix flaw in SSL/TLS handshaking when using Kerberos ciphersuites
-     (CAN-2004-0112)
+     (CVE-2004-0112)
      [Joe Orton, Steve Henson]   
 
   *) Make it possible to have multiple active certificates with the same
@@ -1026,9 +1288,9 @@
   *) Fix various bugs revealed by running the NISCC test suite:
 
      Stop out of bounds reads in the ASN1 code when presented with
-     invalid tags (CAN-2003-0543 and CAN-2003-0544).
+     invalid tags (CVE-2003-0543 and CVE-2003-0544).
      
-     Free up ASN1_TYPE correctly if ANY type is invalid (CAN-2003-0545).
+     Free up ASN1_TYPE correctly if ANY type is invalid (CVE-2003-0545).
 
      If verify callback ignores invalid public key errors don't try to check
      certificate signature with the NULL public key.
@@ -1113,7 +1375,7 @@
      via timing by performing a MAC computation even if incorrrect
      block cipher padding has been found.  This is a countermeasure
      against active attacks where the attacker has to distinguish
-     between bad padding and a MAC verification error. (CAN-2003-0078)
+     between bad padding and a MAC verification error. (CVE-2003-0078)
 
      [Bodo Moeller; problem pointed out by Brice Canvel (EPFL),
      Alain Hiltgen (UBS), Serge Vaudenay (EPFL), and
@@ -1330,7 +1592,7 @@
 
      Remote buffer overflow in SSL3 protocol - an attacker could
      supply an oversized master key in Kerberos-enabled versions.
-     (CAN-2002-0657)
+     (CVE-2002-0657)
      [Ben Laurie (CHATS)]
 
   *) Change the SSL kerb5 codes to match RFC 2712.
@@ -3014,7 +3276,7 @@ des-cbc           3624.96k     5258.21k     5530.91k     5624.30k     5628.26k
  Changes between 0.9.6l and 0.9.6m  [17 Mar 2004]
 
   *) Fix null-pointer assignment in do_change_cipher_spec() revealed
-     by using the Codenomicon TLS Test Tool (CAN-2004-0079)
+     by using the Codenomicon TLS Test Tool (CVE-2004-0079)
      [Joe Orton, Steve Henson]
 
  Changes between 0.9.6k and 0.9.6l  [04 Nov 2003]
@@ -3022,7 +3284,7 @@ des-cbc           3624.96k     5258.21k     5530.91k     5624.30k     5628.26k
   *) Fix additional bug revealed by the NISCC test suite:
 
      Stop bug triggering large recursion when presented with
-     certain ASN.1 tags (CAN-2003-0851)
+     certain ASN.1 tags (CVE-2003-0851)
      [Steve Henson]
 
  Changes between 0.9.6j and 0.9.6k  [30 Sep 2003]
@@ -3030,7 +3292,7 @@ des-cbc           3624.96k     5258.21k     5530.91k     5624.30k     5628.26k
   *) Fix various bugs revealed by running the NISCC test suite:
 
      Stop out of bounds reads in the ASN1 code when presented with
-     invalid tags (CAN-2003-0543 and CAN-2003-0544).
+     invalid tags (CVE-2003-0543 and CVE-2003-0544).
      
      If verify callback ignores invalid public key errors don't try to check
      certificate signature with the NULL public key.
@@ -3082,7 +3344,7 @@ des-cbc           3624.96k     5258.21k     5530.91k     5624.30k     5628.26k
      via timing by performing a MAC computation even if incorrrect
      block cipher padding has been found.  This is a countermeasure
      against active attacks where the attacker has to distinguish
-     between bad padding and a MAC verification error. (CAN-2003-0078)
+     between bad padding and a MAC verification error. (CVE-2003-0078)
 
      [Bodo Moeller; problem pointed out by Brice Canvel (EPFL),
      Alain Hiltgen (UBS), Serge Vaudenay (EPFL), and
@@ -3215,7 +3477,7 @@ des-cbc           3624.96k     5258.21k     5530.91k     5624.30k     5628.26k
   *) Add various sanity checks to asn1_get_length() to reject
      the ASN1 length bytes if they exceed sizeof(long), will appear
      negative or the content length exceeds the length of the
-     supplied buffer. (CAN-2002-0659)
+     supplied buffer. (CVE-2002-0659)
      [Steve Henson, Adi Stav <stav@mercury.co.il>, James Yonan <jim@ntlp.com>]
 
   *) Assertions for various potential buffer overflows, not known to
@@ -3223,15 +3485,15 @@ des-cbc           3624.96k     5258.21k     5530.91k     5624.30k     5628.26k
      [Ben Laurie (CHATS)]
 
   *) Various temporary buffers to hold ASCII versions of integers were
-     too small for 64 bit platforms. (CAN-2002-0655)
+     too small for 64 bit platforms. (CVE-2002-0655)
      [Matthew Byng-Maddick <mbm@aldigital.co.uk> and Ben Laurie (CHATS)>
 
   *) Remote buffer overflow in SSL3 protocol - an attacker could
-     supply an oversized session ID to a client. (CAN-2002-0656)
+     supply an oversized session ID to a client. (CVE-2002-0656)
      [Ben Laurie (CHATS)]
 
   *) Remote buffer overflow in SSL2 protocol - an attacker could
-     supply an oversized client master key. (CAN-2002-0656)
+     supply an oversized client master key. (CVE-2002-0656)
      [Ben Laurie (CHATS)]
 
  Changes between 0.9.6c and 0.9.6d  [9 May 2002]

Configure

@@ -155,17 +155,17 @@ my %table=(
 "debug-rse","cc:-DTERMIOS -DL_ENDIAN -pipe -O -g -ggdb3 -Wall::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}",
 "debug-bodo",	"gcc:-DL_ENDIAN -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBIO_PAIR_DEBUG -DPEDANTIC -g -march=i486 -pedantic -Wshadow -Wall::-D_REENTRANT:::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}",
 "debug-ulf", "gcc:-DTERMIOS -DL_ENDIAN -march=i486 -Wall -DBN_DEBUG -DBN_DEBUG_RAND -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -g -Wformat -Wshadow -Wmissing-prototypes -Wmissing-declarations:::CYGWIN32:::${no_asm}:win32:cygwin-shared:::.dll",
-"debug-steve",	"gcc:-DL_ENDIAN -DREF_CHECK -DCONF_DEBUG -DDEBUG_SAFESTACK -DCRYPTO_MDEBUG_ALL -DPEDANTIC -g -mcpu=i486 -pedantic -Wno-long-long -Wall -Werror -Wshadow -pipe::-D_REENTRANT::-rdynamic -ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared",
+"debug-steve",	"gcc:-DL_ENDIAN -DREF_CHECK -DCONF_DEBUG -DDEBUG_SAFESTACK -DCRYPTO_MDEBUG_ALL -DPEDANTIC -g -march=i486 -pedantic -Wno-long-long -Wall -Werror -Wshadow -pipe::-D_REENTRANT::-rdynamic -ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared",
 "debug-steve-linux-pseudo64",	"gcc:-DL_ENDIAN -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DDEBUG_SAFESTACK -DCRYPTO_MDEBUG_ALL -DOPENSSL_NO_ASM -g -mcpu=i486 -Wall -Werror -Wshadow -pipe::-D_REENTRANT::-rdynamic -ldl:SIXTY_FOUR_BIT:${no_asm}:dlfcn:linux-shared",
 "debug-levitte-linux-elf","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_DEBUG -DBN_DEBUG_RAND -DCRYPTO_MDEBUG -DENGINE_CONF_DEBUG -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -Wundef -Wconversion -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "debug-levitte-linux-noasm","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_DEBUG -DBN_DEBUG_RAND -DCRYPTO_MDEBUG -DENGINE_CONF_DEBUG -DOPENSSL_NO_ASM -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -Wundef -Wconversion -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "debug-levitte-linux-elf-extreme","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_DEBUG -DBN_DEBUG_RAND -DCRYPTO_MDEBUG -DENGINE_CONF_DEBUG -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -W -Wundef -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -Wundef -Wconversion -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "debug-levitte-linux-noasm-extreme","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_DEBUG -DBN_DEBUG_RAND -DCRYPTO_MDEBUG -DENGINE_CONF_DEBUG -DOPENSSL_NO_ASM -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -W -Wundef -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -Wundef -Wconversion -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "debug-geoff","gcc:-DBN_DEBUG -DBN_DEBUG_RAND -DBN_STRICT -DPURIFY -DOPENSSL_NO_DEPRECATED -DOPENSSL_NO_ASM -DOPENSSL_NO_INLINE_ASM -DL_ENDIAN -DTERMIO -DPEDANTIC -O1 -ggdb2 -Wall -Werror -Wundef -pedantic -Wshadow -Wpointer-arith -Wbad-function-cast -Wcast-align -Wsign-compare -Wmissing-prototypes -Wmissing-declarations -Wno-long-long::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"debug-linux-pentium","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -mcpu=pentium -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn",
-"debug-linux-ppro","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -mcpu=pentiumpro -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn",
-"debug-linux-elf","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -march=i486 -Wall::-D_REENTRANT::-lefence -ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"debug-linux-elf-noefence","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -march=i486 -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debug-linux-pentium","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -mcpu=pentium -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn",
+"debug-linux-ppro","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -mcpu=pentiumpro -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn",
+"debug-linux-elf","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -march=i486 -Wall::-D_REENTRANT::-lefence -ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debug-linux-elf-noefence","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -march=i486 -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "dist",		"cc:-O::(unknown)::::::",
 
 # Basic configs that should work on any (32 and less bit) box
@@ -195,7 +195,7 @@ my %table=(
  
 #### Solaris x86 with Sun C setups
 "solaris-x86-cc","cc:-fast -O -Xa::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_UNROLL BF_PTR:${no_asm}:dlfcn:solaris-shared:-KPIC:-G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"solaris64-x86_64-cc","cc:-fast -xarch=amd64 -xstrconst -Xa -DL_ENDIAN::-D_REENTRANT::-lsocket -lnsl -ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK BF_PTR2 DES_INT DES_UNROLL:${no_asm}:dlfcn:solaris-shared:-KPIC:-xarch=amd64 -G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"solaris64-x86_64-cc","cc:-fast -xarch=amd64 -xstrconst -Xa -DL_ENDIAN::-D_REENTRANT::-lsocket -lnsl -ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK BF_PTR2 DES_INT DES_UNROLL:${x86_64_asm}:dlfcn:solaris-shared:-KPIC:-xarch=amd64 -G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 
 #### SPARC Solaris with GNU C setups
 "solaris-sparcv7-gcc","gcc:-O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${no_asm}:dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
@@ -204,8 +204,8 @@ my %table=(
 "solaris-sparcv9-gcc","gcc:-m32 -mcpu=ultrasparc -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::sparcv8plus.o:des_enc-sparc.o fcrypt_b.o:::md5-sparcv8plus.o::::::dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "solaris64-sparcv9-gcc","gcc:-m64 -mcpu=ultrasparc -O3 -Wall -DB_ENDIAN::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR:::des_enc-sparc.o fcrypt_b.o:::md5-sparcv9.o::::::dlfcn:solaris-shared:-fPIC:-m64 -shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 ####
-"debug-solaris-sparcv8-gcc","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -O -g -mv8 -Wall -DB_ENDIAN::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::sparcv8.o::::::::::dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"debug-solaris-sparcv9-gcc","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -DPEDANTIC -O -g -mcpu=ultrasparc -pedantic -ansi -Wall -Wshadow -Wno-long-long -D__EXTENSIONS__ -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::sparcv8plus.o:des_enc-sparc.o fcrypt_b.o:::md5-sparcv8plus.o::::::dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debug-solaris-sparcv8-gcc","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG_ALL -O -g -mv8 -Wall -DB_ENDIAN::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::sparcv8.o::::::::::dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debug-solaris-sparcv9-gcc","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG_ALL -DPEDANTIC -O -g -mcpu=ultrasparc -pedantic -ansi -Wall -Wshadow -Wno-long-long -D__EXTENSIONS__ -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::sparcv8plus.o:des_enc-sparc.o fcrypt_b.o:::md5-sparcv8plus.o::::::dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 
 #### SPARC Solaris with Sun C setups
 # SC4.0 doesn't pass 'make test', upgrade to SC5.0 or SC4.2.
@@ -216,8 +216,8 @@ my %table=(
 "solaris-sparcv9-cc","cc:-xtarget=ultra -xarch=v8plus -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK_LL DES_PTR DES_RISC1 DES_UNROLL BF_PTR::sparcv8plus.o:des_enc-sparc.o fcrypt_b.o:::md5-sparcv8plus.o::::::dlfcn:solaris-shared:-KPIC:-G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "solaris64-sparcv9-cc","cc:-xtarget=ultra -xarch=v9 -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR:::des_enc-sparc.o fcrypt_b.o:::md5-sparcv9.o::::::dlfcn:solaris-shared:-KPIC:-xarch=v9 -G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):/usr/ccs/bin/ar rs",
 ####
-"debug-solaris-sparcv8-cc","cc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -xarch=v8 -g -O -xstrconst -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR::sparcv8.o::::::::::dlfcn:solaris-shared:-KPIC:-G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"debug-solaris-sparcv9-cc","cc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -xtarget=ultra -xarch=v8plus -g -O -xstrconst -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK_LL DES_PTR DES_RISC1 DES_UNROLL BF_PTR::sparcv8plus.o::::md5-sparcv8plus.o::::::dlfcn:solaris-shared:-KPIC:-G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", 
+"debug-solaris-sparcv8-cc","cc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG_ALL -xarch=v8 -g -O -xstrconst -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR::sparcv8.o::::::::::dlfcn:solaris-shared:-KPIC:-G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debug-solaris-sparcv9-cc","cc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG_ALL -xtarget=ultra -xarch=v8plus -g -O -xstrconst -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK_LL DES_PTR DES_RISC1 DES_UNROLL BF_PTR::sparcv8plus.o::::md5-sparcv8plus.o::::::dlfcn:solaris-shared:-KPIC:-G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", 
 
 #### SunOS configs, assuming sparc for the gcc one.
 #"sunos-cc", "cc:-O4 -DNOPROTO -DNOCONST::(unknown):SUNOS::DES_UNROLL:${no_asm}::",
@@ -285,7 +285,7 @@ my %table=(
 # with debugging of the following config.
 "hpux64-ia64-cc","cc:-Ae +DD64 +O3 +Olit=all -z -DB_ENDIAN -D_REENTRANT::::-ldl:SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX DES_UNROLL DES_RISC1 DES_INT:${ia64_asm}:dlfcn:hpux-shared:+Z:+DD64 -b:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 # GCC builds...
-"hpux-ia64-gcc","gcc:-O3 -DB_ENDIAN -D_REENTRANT::::-ldl:SIXTY_FOUR_BIT MD2_CHAR RC4_INDEX DES_UNROLL DES_RISC1 DES_INT::bn-ia64.o::aes-ia64.o:::sha256-ia64.o sha512-ia64.o::rc4-ia64.o:::dlfcn:hpux-shared:-fpic:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"hpux-ia64-gcc","gcc:-O3 -DB_ENDIAN -D_REENTRANT::::-ldl:SIXTY_FOUR_BIT MD2_CHAR RC4_INDEX DES_UNROLL DES_RISC1 DES_INT:${ia64_asm}:dlfcn:hpux-shared:-fpic:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "hpux64-ia64-gcc","gcc:-mlp64 -O3 -DB_ENDIAN -D_REENTRANT::::-ldl:SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX DES_UNROLL DES_RISC1 DES_INT:${ia64_asm}:dlfcn:hpux-shared:-fpic:-mlp64 -shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", 
 
 # Legacy HPUX 9.X configs...
@@ -305,7 +305,7 @@ my %table=(
 # For gcc, the following gave a %50 speedup on a 164 over the 'DES_INT' version
 #
 "osf1-alpha-gcc", "gcc:-O3::(unknown):::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_UNROLL DES_RISC1:${no_asm}:dlfcn:alpha-osf1-shared:::.so",
-"ofs1-alpha-cc",  "cc:-std1 -tune host -O4 -readonly_strings::(unknown):::SIXTY_FOUR_BIT_LONG RC4_CHUNK:${no_asm}:dlfcn:alpha-osf1-shared:::.so",
+"osf1-alpha-cc",  "cc:-std1 -tune host -O4 -readonly_strings::(unknown):::SIXTY_FOUR_BIT_LONG RC4_CHUNK:${no_asm}:dlfcn:alpha-osf1-shared:::.so",
 "tru64-alpha-cc", "cc:-std1 -tune host -fast -readonly_strings::-pthread:::SIXTY_FOUR_BIT_LONG RC4_CHUNK:${no_asm}:dlfcn:alpha-osf1-shared::-msym:.so",
 
 ####
@@ -404,6 +404,7 @@ my %table=(
 #### IBM's AIX.
 "aix3-cc",  "cc:-O -DB_ENDIAN -qmaxmem=16384::(unknown):AIX::BN_LLONG RC4_CHAR:::",
 "aix-gcc",  "gcc:-O -DB_ENDIAN::-D_THREAD_SAFE:AIX::BN_LLONG RC4_CHAR::aix_ppc32.o::::::::::dlfcn:",
+"aix64-gcc","gcc:-O -DB_ENDIAN::-D_THREAD_SAFE:AIX::SIXTY_FOUR_BIT_LONG RC4_CHAR::aix_ppc64.o::::::::::dlfcn::::::-X64",
 # Below targets assume AIX 5. Idea is to effectively disregard $OBJECT_MODE
 # at build time. $OBJECT_MODE is respected at ./config stage!
 "aix-cc",   "cc:-q32 -O -DB_ENDIAN -qmaxmem=16384::-qthreaded:AIX::BN_LLONG RC4_CHAR::aix_ppc32.o::::::::::dlfcn:aix-shared::-q32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)::-X 32",
@@ -476,7 +477,7 @@ my %table=(
 # Cygwin
 "Cygwin-pre1.3", "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall::(unknown):CYGWIN32::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${no_asm}:win32",
 "Cygwin", "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -march=i486 -Wall:::CYGWIN32::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_coff_asm}:dlfcn:cygwin-shared:-D_WINDLL:-shared:.dll.a",
-"debug-Cygwin", "gcc:-DTERMIOS -DL_ENDIAN -march=i486 -Wall -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -g -Wformat -Wshadow -Wmissing-prototypes -Wmissing-declarations -Werror:::CYGWIN32:::${no_asm}:dlfcn:cygwin-shared:-D_WINDLL:-shared:.dll.a",
+"debug-Cygwin", "gcc:-DTERMIOS -DL_ENDIAN -march=i486 -Wall -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -g -Wformat -Wshadow -Wmissing-prototypes -Wmissing-declarations -Werror:::CYGWIN32:::${no_asm}:dlfcn:cygwin-shared:-D_WINDLL:-shared:.dll.a",
 
 # NetWare from David Ward (dsward@novell.com) - requires MetroWerks NLM development tools
 # netware-clib => legacy CLib c-runtime support
@@ -499,9 +500,9 @@ my %table=(
 
 ##### MacOS X (a.k.a. Rhapsody or Darwin) setup
 "rhapsody-ppc-cc","cc:-O3 -DB_ENDIAN::(unknown):MACOSX_RHAPSODY::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${no_asm}::",
-"darwin-ppc-cc","cc:-O3 -DB_ENDIAN::-D_REENTRANT:MACOSX:-Wl,-search_paths_first:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::osx_ppc32.o:::::::::::darwin-shared:-fPIC -fno-common:-dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib",
-"darwin-i386-cc","cc:-O3 -fomit-frame-pointer -fno-common -DB_ENDIAN::-D_REENTRANT:MACOSX::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${no_asm}::darwin-shared:-fPIC:-dunamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib",
-"debug-darwin-ppc-cc","cc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -DB_ENDIAN -g -Wall -O::-D_REENTRANT:MACOSX::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::osx_ppc32.o:::::::::::darwin-shared:-fPIC:-dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib",
+"darwin-ppc-cc","cc:-O3 -DB_ENDIAN::-D_REENTRANT:MACOSX:-Wl,-search_paths_first:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::osx_ppc32.o::::::::::dlfcn:darwin-shared:-fPIC -fno-common:-dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib",
+"darwin-i386-cc","cc:-O3 -fomit-frame-pointer -fno-common::-D_REENTRANT:MACOSX::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${no_asm}:dlfcn:darwin-shared:-fPIC -fno-common:-dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib",
+"debug-darwin-ppc-cc","cc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -DB_ENDIAN -g -Wall -O::-D_REENTRANT:MACOSX::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::osx_ppc32.o::::::::::dlfcn:darwin-shared:-fPIC -fno-common:-dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib",
 
 ##### A/UX
 "aux3-gcc","gcc:-O2 -DTERMIO::(unknown):AUX:-lbsd:RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:::",
@@ -518,7 +519,7 @@ my %table=(
 ##### VxWorks for various targets
 "vxworks-ppc405","ccppc:-g -msoft-float -mlongcall -DCPU=PPC405 -I\$(WIND_BASE)/target/h:::VXWORKS:-r:::::",
 "vxworks-ppc750","ccppc:-ansi -nostdinc -DPPC750 -D_REENTRANT -fvolatile -fno-builtin -fno-for-scope -fsigned-char -Wall -msoft-float -mlongcall -DCPU=PPC604 -I\$(WIND_BASE)/target/h \$(DEBUG_FLAG):::VXWORKS:-r:::::",
-"vxworks-ppc750-debug","ccppc:-ansi -nostdinc -DPPC750 -D_REENTRANT -fvolatile -fno-builtin -fno-for-scope -fsigned-char -Wall -msoft-float -mlongcall -DCPU=PPC604 -I\$(WIND_BASE)/target/h -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -DDEBUG -g:::VXWORKS:-r:::::",
+"vxworks-ppc750-debug","ccppc:-ansi -nostdinc -DPPC750 -D_REENTRANT -fvolatile -fno-builtin -fno-for-scope -fsigned-char -Wall -msoft-float -mlongcall -DCPU=PPC604 -I\$(WIND_BASE)/target/h -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -DDEBUG -g:::VXWORKS:-r:::::",
 "vxworks-ppc860","ccppc:-nostdinc -msoft-float -DCPU=PPC860 -DNO_STRINGS_H -I\$(WIND_BASE)/target/h:::VXWORKS:-r:::::",
 "vxworks-mipsle","ccmips:-B\$(WIND_BASE)/host/\$(WIND_HOST_TYPE)/lib/gcc-lib/ -DL_ENDIAN -EL -Wl,-EL -mips2 -mno-branch-likely -G 0 -fno-builtin -msoft-float -DCPU=MIPS32 -DMIPSEL -DNO_STRINGS_H -I\$(WIND_BASE)/target/h:::VXWORKS:-r::${no_asm}::::::ranlibmips:",
 
@@ -599,6 +600,7 @@ my $perl;
 # All of the following is disabled by default (RC5 was enabled before 0.9.8):
 
 my %disabled = ( # "what"         => "comment"
+		 "camellia"	  => "default",
 		 "gmp"		  => "default",
                  "mdc2"           => "default",
                  "rc5"            => "default",
@@ -612,7 +614,7 @@ my %disabled = ( # "what"         => "comment"
 # For symmetry, "disable-..." is a synonym for "no-...".
 
 # This is what $depflags will look like with the above default:
-my $default_depflags = "-DOPENSSL_NO_GMP -DOPENSSL_NO_MDC2 -DOPENSSL_NO_RC5 ";
+my $default_depflags = "-DOPENSSL_NO_CAMELLIA -DOPENSSL_NO_GMP -DOPENSSL_NO_MDC2 -DOPENSSL_NO_RC5 ";
 
 
 my $no_sse2=0;
@@ -696,7 +698,7 @@ PROCESS_ARGS:
 				{
 				while (<IN>)
 					{
-					chop;
+					chomp;
 					if (/^CONFIGURE_ARGS=(.*)/)
 						{
 						$argvstring=$1;
@@ -747,6 +749,14 @@ PROCESS_ARGS:
 				{
 				$withargs{"krb5-".$1}=$2;
 				}
+			elsif (/^--with-zlib-lib=(.*)$/)
+				{
+				$withargs{"zlib-lib"}=$1;
+				}
+			elsif (/^--with-zlib-include=(.*)$/)
+				{
+				$withargs{"zlib-include"}="-I$1";
+				}
 			else
 				{
 				print STDERR $usage;
@@ -865,6 +875,8 @@ foreach (sort (keys %disabled))
 		{ $no_shared = 1; }
 	elsif (/^zlib$/)
 		{ $zlib = 0; }
+	elsif (/^static-engine$/)
+		{ }
 	elsif (/^zlib-dynamic$/)
 		{ }
 	elsif (/^symlinks$/)
@@ -907,7 +919,7 @@ foreach (sort (keys %disabled))
 
 my $IsMK1MF=scalar grep /^$target$/,@MK1MF_Builds;
 
-$IsMK1MF=1 if ($target eq "mingw" && $^O ne "cygwin");
+$IsMK1MF=1 if ($target eq "mingw" && $^O ne "cygwin" && !is_msys());
 
 $exe_ext=".exe" if ($target eq "Cygwin" || $target eq "DJGPP" || $target eq "mingw");
 $exe_ext=".pm"  if ($target =~ /vos/);
@@ -1123,13 +1135,16 @@ if (!$no_shared)
 		}
 	}
 
-if ($no_shared)
+if (!$IsMK1MF)
 	{
-	$openssl_other_defines.="#define OPENSSL_NO_DYNAMIC_ENGINE\n";
-	}
-else
-	{
-	$openssl_other_defines.="#define OPENSSL_NO_STATIC_ENGINE\n";
+	if ($no_shared)
+		{
+		$openssl_other_defines.="#define OPENSSL_NO_DYNAMIC_ENGINE\n";
+		}
+	else
+		{
+		$openssl_other_defines.="#define OPENSSL_NO_STATIC_ENGINE\n";
+		}
 	}
 
 $cpuid_obj.=" uplink.o uplink-cof.o" if ($cflags =~ /\-DOPENSSL_USE_APPLINK/);
@@ -1250,7 +1265,7 @@ print OUT "### Generated automatically from Makefile.org by Configure.\n\n";
 my $sdirs=0;
 while (<IN>)
 	{
-	chop;
+	chomp;
 	$sdirs = 1 if /^SDIRS=/;
 	if ($sdirs) {
 		my $dir;
@@ -1296,6 +1311,8 @@ while (<IN>)
 	s/^PERL=.*/PERL= $perl/;
 	s/^KRB5_INCLUDES=.*/KRB5_INCLUDES=$withargs{"krb5-include"}/;
 	s/^LIBKRB5=.*/LIBKRB5=$withargs{"krb5-lib"}/;
+	s/^LIBZLIB=.*/LIBZLIB=$withargs{"zlib-lib"}/;
+	s/^ZLIB_INCLUDE=.*/ZLIB_INCLUDE=$withargs{"zlib-include"}/;
 	s/^SHLIB_TARGET=.*/SHLIB_TARGET=$shared_target/;
 	s/^SHLIB_MARK=.*/SHLIB_MARK=$shared_mark/;
 	s/^SHARED_LIBS=.*/SHARED_LIBS=\$(SHARED_CRYPTO) \$(SHARED_SSL)/ if (!$no_shared);
@@ -1790,3 +1807,11 @@ sub test_sanity
 	print STDERR "No sanity errors detected!\n" if $errorcnt == 0;
 	return $errorcnt;
 	}
+
+# Attempt to detect MSYS environment
+
+sub is_msys
+	{
+	return 1 if (exists $ENV{"TERM"} && $ENV{"TERM"} eq "msys");
+	return 0;
+	}

FAQ

@@ -31,6 +31,7 @@ OpenSSL  -  Frequently Asked Questions
 * Why does my browser give a warning about a mismatched hostname?
 * How do I install a CA certificate into a browser?
 * Why is OpenSSL x509 DN output not conformant to RFC2253?
+* What is a "128 bit certificate"? Can I create one with OpenSSL?
 
 [BUILD] Questions about building and testing OpenSSL
 
@@ -48,6 +49,7 @@ OpenSSL  -  Frequently Asked Questions
 * Why does OpenBSD-i386 build fail on des-586.s with "Unimplemented segment type"?
 * Why does the OpenSSL test suite fail in sha512t on x86 CPU?
 * Why does compiler fail to compile sha512.c?
+* Test suite still fails, what to do?
 
 [PROG] Questions about programming with OpenSSL
 
@@ -72,7 +74,7 @@ OpenSSL  -  Frequently Asked Questions
 * Which is the current version of OpenSSL?
 
 The current version is available from <URL: http://www.openssl.org>.
-OpenSSL 0.9.8 was released on June 5th, 2005.
+OpenSSL 0.9.8d was released on September 28th, 2006.
 
 In addition to the current stable release, you can also access daily
 snapshots of the OpenSSL development version at <URL:
@@ -386,6 +388,43 @@ interface, the "-nameopt" option could be introduded. See the manual
 page of the "openssl x509" commandline tool for details. The old behaviour
 has however been left as default for the sake of compatibility.
 
+* What is a "128 bit certificate"? Can I create one with OpenSSL?
+
+The term "128 bit certificate" is a highly misleading marketing term. It does
+*not* refer to the size of the public key in the certificate! A certificate
+containing a 128 bit RSA key would have negligible security.
+
+There were various other names such as "magic certificates", "SGC
+certificates", "step up certificates" etc.
+
+You can't generally create such a certificate using OpenSSL but there is no
+need to any more. Nowadays web browsers using unrestricted strong encryption
+are generally available.
+
+When there were tight export restrictions on the export of strong encryption
+software from the US only weak encryption algorithms could be freely exported
+(initially 40 bit and then 56 bit). It was widely recognised that this was
+inadequate. A relaxation the rules allowed the use of strong encryption but
+only to an authorised server.
+
+Two slighly different techniques were developed to support this, one used by
+Netscape was called "step up", the other used by MSIE was called "Server Gated
+Cryptography" (SGC). When a browser initially connected to a server it would
+check to see if the certificate contained certain extensions and was issued by
+an authorised authority. If these test succeeded it would reconnect using
+strong encryption.
+
+Only certain (initially one) certificate authorities could issue the
+certificates and they generally cost more than ordinary certificates.
+
+Although OpenSSL can create certificates containing the appropriate extensions
+the certificate would not come from a permitted authority and so would not
+be recognized.
+
+The export laws were later changed to allow almost unrestricted use of strong
+encryption so these certificates are now obsolete.
+
+
 [BUILD] =======================================================================
 
 * Why does the linker complain about undefined symbols?
@@ -617,6 +656,18 @@ the module in question. The recommendation is to disable SHA-512 by
 adding no-sha512 to ./config [or ./Configure] command line. Another
 possible alternative might be to switch to GCC.
 
+* Test suite still fails, what to do?
+
+Another common reason for failure to complete some particular test is
+simply bad code generated by a buggy component in toolchain or deficiency
+in run-time environment. There are few cases documented in PROBLEMS file,
+consult it for possible workaround before you beat the drum. Even if you
+don't find solution or even mention there, do reserve for possibility of
+a compiler bug. Compiler bugs might appear in rather bizarre ways, they
+never make sense, and tend to emerge when you least expect them. In order
+to identify one, drop optimization level, e.g. by editing CFLAG line in
+top-level Makefile, recompile and re-run the test.
+
 [PROG] ========================================================================
 
 * Is OpenSSL thread-safe?
@@ -628,8 +679,9 @@ libraries.  If your platform is not one of these, consult the INSTALL
 file.
 
 Multi-threaded applications must provide two callback functions to
-OpenSSL.  This is described in the threads(3) manpage.
-
+OpenSSL by calling CRYPTO_set_locking_callback() and
+CRYPTO_set_id_callback().  This is described in the threads(3)
+manpage.
 
 * I've compiled a program under Windows and it crashes: why?
 
@@ -649,10 +701,10 @@ your application must link  against the same by which OpenSSL was
 built.  If you are using MS Visual C++ (Studio) this can be changed
 by:
 
-1.  Select Settings... from the Project Menu.
-2.  Select the C/C++ Tab.
-3.  Select "Code Generation from the "Category" drop down list box
-4.  Select the Appropriate library (see table below) from the "Use
+ 1. Select Settings... from the Project Menu.
+ 2. Select the C/C++ Tab.
+ 3. Select "Code Generation from the "Category" drop down list box
+ 4. Select the Appropriate library (see table below) from the "Use
     run-time library" drop down list box.  Perform this step for both
     your debug and release versions of your application (look at the
     top left of the settings panel to change between the two)
@@ -672,16 +724,19 @@ Note that debug and release libraries are NOT interchangeable.  If you
 built OpenSSL with /MD your application must use /MD and cannot use /MDd.
 
 As per 0.9.8 the above limitation is eliminated for .DLLs. OpenSSL
-.DLLs compiled with some specific run-time option [we recommend the
+.DLLs compiled with some specific run-time option [we insist on the
 default /MD] can be deployed with application compiled with different
 option or even different compiler. But there is a catch! Instead of
 re-compiling OpenSSL toolkit, as you would have to with prior versions,
 you have to compile small C snippet with compiler and/or options of
 your choice. The snippet gets installed as
 <install-root>/include/openssl/applink.c and should be either added to
-your project or simply #include-d in one [and only one] of your source
-files. Failure to do either manifests itself as fatal "no
-OPENSSL_Applink" error.
+your application project or simply #include-d in one [and only one]
+of your application source files. Failure to link this shim module
+into your application manifests itself as fatal "no OPENSSL_Applink"
+run-time error. An explicit reminder is due that in this situation
+[mixing compiler options] it is as important to add CRYPTO_malloc_init
+prior first call to OpenSSL.
 
 * How do I read or write a DER encoded buffer using the ASN1 functions?
 

INSTALL

@@ -75,7 +75,9 @@
   no-asm        Do not use assembler code.
 
   386           Use the 80386 instruction set only (the default x86 code is
-                more efficient, but requires at least a 486).
+                more efficient, but requires at least a 486). Note: Use
+                compiler flags for any other CPU specific configuration,
+                e.g. "-m32" to build x86 code on an x64 system.
 
   no-sse2	Exclude SSE2 code pathes. Normally SSE2 extention is
 		detected at run-time, but the decision whether or not the
@@ -96,7 +98,7 @@
                 The crypto/<cipher> directory can be removed after running
                 "make depend".
 
-  -Dxxx, -lxxx, -Lxxx, -fxxx, -Kxxx These system specific options will
+  -Dxxx, -lxxx, -Lxxx, -fxxx, -mxxx, -Kxxx These system specific options will
                 be passed through to the compiler to allow you to
                 define preprocessor symbols, specify additional libraries,
                 library directories or other compiler options.
@@ -328,7 +330,7 @@
  Note on support for multiple builds
  -----------------------------------
 
- OpenSSL is usually built in it's source tree.  Unfortunately, this doesn't
+ OpenSSL is usually built in its source tree.  Unfortunately, this doesn't
  support building for multiple platforms from the same source tree very well.
  It is however possible to build in a separate tree through the use of lots
  of symbolic links, which should be prepared like this:

INSTALL.W32

@@ -49,7 +49,9 @@
 
  Firstly you should run Configure:
 
- > perl Configure VC-WIN32
+ > perl Configure VC-WIN32 --prefix=c:/some/openssl/dir
+
+Where the prefix argument specifies where OpenSSL will be installed to.
 
  Next you need to build the Makefiles and optionally the assembly language
  files:
@@ -77,8 +79,12 @@
  If all is well it should compile and you will have some DLLs and executables
  in out32dll. If you want to try the tests then do:
  
- > cd out32dll
- > ..\ms\test
+ > nmake -f ms\ntdll.mak test
+
+
+To install OpenSSL to the specified location do:
+
+> nmake -f ms\ntdll.mak install
 
  Tweaks:
 
@@ -88,6 +94,12 @@
  compiled in. Note that mk1mf.pl expects the platform to be the last argument
  on the command line, so 'debug' must appear before that, as all other options.
 
+
+ By default in 0.9.8 OpenSSL will compile builtin ENGINES into the libeay32.dll
+ shared library. If you specify the "no-static-engine" option on the command
+ line to Configure the shared library build (ms\ntdll.mak) will compile the
+ engines as separate DLLs.
+
  The default Win32 environment is to leave out any Windows NT specific
  features.
 
@@ -98,6 +110,8 @@
  You can also build a static version of the library using the Makefile
  ms\nt.mak
 
+
+
  Borland C++ builder 5
  ---------------------
 
@@ -287,3 +301,21 @@
  (e.g. fopen()), and OpenSSL cannot change these; so in general you cannot
  rely on CRYPTO_malloc_init() solving your problem, and you should
  consistently use the multithreaded library.
+
+ Linking your application
+ ------------------------
+
+ If you link with static OpenSSL libraries [those built with ms/nt.mak],
+ then you're expected to additionally link your application with
+ WSOCK32.LIB, ADVAPI32.LIB, GDI32.LIB and USER32.LIB. Those developing
+ non-interactive service applications might feel concerned about linking
+ with latter two, as they are justly associated with interactive desktop,
+ which is not available to service processes. The toolkit is designed
+ to detect in which context it's currently executed, GUI, console app
+ or service, and act accordingly, namely whether or not to actually make
+ GUI calls.
+
+ If you link with OpenSSL .DLLs, then you're expected to include into
+ your application code small "shim" snippet, which provides glue between
+ OpenSSL BIO layer and your compiler run-time. Look up OPENSSL_Applink
+ reference page for further details.

INSTALL.WCE

@@ -11,8 +11,11 @@
  You also need Perl for Win32.  You will need ActiveState Perl, available
  from http://www.activestate.com/ActivePerl.
 
- Windows CE support in OpenSSL relies on wcecompat.  All Windows CE specific
- issues should be directed to www.essemer.com.au.
+ Windows CE support in OpenSSL relies on wcecompat and therefore it's
+ appropriate to check http://www.essemer.com.au/windowsce/ for updates in
+ case of compilation problems. As for the moment of this writing version
+ 1.1 is available and actually required for WCE 4.2 and newer platforms.
+ All Windows CE specific issues should be directed to www.essemer.com.au.
 
  The C Runtime Library implementation for Windows CE that is included with
  Microsoft eMbedded Visual C++ 3.0 is incomplete and in some places

LICENSE

@@ -12,7 +12,7 @@
   ---------------
 
 /* ====================================================================
- * Copyright (c) 1998-2005 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1998-2006 The OpenSSL Project.  All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions

Makefile.org

@@ -100,6 +100,10 @@ RMD160_ASM_OBJ=
 KRB5_INCLUDES=
 LIBKRB5=
 
+# Zlib stuff
+ZLIB_INCLUDE=
+LIBZLIB=
+
 DIRS=   crypto ssl engines apps test tools
 SHLIBDIRS= crypto ssl
 
@@ -107,7 +111,7 @@ SHLIBDIRS= crypto ssl
 SDIRS=  \
 	objects \
 	md2 md4 md5 sha mdc2 hmac ripemd \
-	des aes rc2 rc4 rc5 idea bf cast \
+	des aes rc2 rc4 rc5 idea bf cast camellia \
 	bn ec rsa dsa ecdsa dh ecdh dso engine \
 	buffer bio stack lhash rand err \
 	evp asn1 pem x509 x509v3 conf txt_db pkcs7 pkcs12 comp ocsp ui krb5 \
@@ -191,12 +195,29 @@ BUILDENV=	PLATFORM='${PLATFORM}' PROCESSOR='${PROCESSOR}' \
 # MAKEOVERRIDES= effectively "equalizes" GNU-ish and SysV-ish make flavors,
 # which in turn eliminates ambiguities in variable treatment with -e.
 
+# BUILD_CMD is a generic macro to build a given target in a given
+# subdirectory.  The target must be given through the shell variable
+# `target' and the subdirectory to build in must be given through `dir'.
+# This macro shouldn't be used directly, use RECURSIVE_BUILD_CMD or
+# BUILD_ONE_CMD instead.
+#
+# BUILD_ONE_CMD is a macro to build a given target in a given
+# subdirectory if that subdirectory is part of $(DIRS).  It requires
+# exactly the same shell variables as BUILD_CMD.
+#
+# RECURSIVE_BUILD_CMD is a macro to build a given target in all
+# subdirectories defined in $(DIRS).  It requires that the target
+# is given through the shell variable `target'.
 BUILD_CMD=  if [ -d "$$dir" ]; then \
 	    (	cd $$dir && echo "making $$target in $$dir..." && \
 		$(CLEARENV) && $(MAKE) -e $(BUILDENV) TOP=.. DIR=$$dir $$target \
 	    ) || exit 1; \
 	    fi
 RECURSIVE_BUILD_CMD=for dir in $(DIRS); do $(BUILD_CMD); done
+BUILD_ONE_CMD=\
+	if echo " $(DIRS) " | grep " $$dir " >/dev/null 2>/dev/null; then \
+		$(BUILD_CMD); \
+	fi
 
 reflect:
 	@[ -n "$(THIS)" ] && $(CLEARENV) && $(MAKE) $(THIS) -e $(BUILDENV)
@@ -207,21 +228,21 @@ build_all: build_libs build_apps build_tests build_tools
 build_libs: build_crypto build_ssl build_engines
 
 build_crypto:
-	@dir=crypto; target=all; $(BUILD_CMD)
+	@dir=crypto; target=all; $(BUILD_ONE_CMD)
 build_ssl:
-	@dir=ssl; target=all; $(BUILD_CMD)
+	@dir=ssl; target=all; $(BUILD_ONE_CMD)
 build_engines:
-	@dir=engines; target=all; $(BUILD_CMD)
+	@dir=engines; target=all; $(BUILD_ONE_CMD)
 build_apps:
-	@dir=apps; target=all; $(BUILD_CMD)
+	@dir=apps; target=all; $(BUILD_ONE_CMD)
 build_tests:
-	@dir=test; target=all; $(BUILD_CMD)
+	@dir=test; target=all; $(BUILD_ONE_CMD)
 build_tools:
-	@dir=tools; target=all; $(BUILD_CMD)
+	@dir=tools; target=all; $(BUILD_ONE_CMD)
 
 all_testapps: build_libs build_testapps
 build_testapps:
-	@dir=crypto; target=testapps; $(BUILD_CMD)
+	@dir=crypto; target=testapps; $(BUILD_ONE_CMD)
 
 libcrypto$(SHLIB_EXT): libcrypto.a
 	@if [ "$(SHLIB_TARGET)" != "" ]; then \
@@ -255,7 +276,7 @@ clean-shared:
 
 link-shared:
 	@ set -e; for i in ${SHLIBDIRS}; do \
-		$(MAKE) -f $(HERE)/Makefile.shared \
+		$(MAKE) -f $(HERE)/Makefile.shared -e $(BUILDENV) \
 			LIBNAME=$$i LIBVERSION=${SHLIB_MAJOR}.${SHLIB_MINOR} \
 			LIBCOMPATVERSIONS=";${SHLIB_VERSION_HISTORY}" \
 			symlink.$(SHLIB_TARGET); \

Makefile.shared

@@ -196,10 +196,14 @@ link_app.bsd:
 	fi; $(LINK_APP)
 
 # For Darwin AKA Mac OS/X (dyld)
+# link_o.darwin produces .so, because we let it use dso_dlfcn module,
+# which has .so extension hard-coded. One can argue that one should
+# develop special dso module for MacOS X. At least manual encourages
+# to use native NSModule(3) API and refers to dlfcn as termporary hack.
 link_o.darwin:
 	@ $(CALC_VERSIONS); \
 	SHLIB=lib$(LIBNAME); \
-	SHLIB_SUFFIX=.dylib; \
+	SHLIB_SUFFIX=.so; \
 	ALLSYMSFLAGS='-all_load'; \
 	NOALLSYMSFLAGS=''; \
 	SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS)"; \
@@ -223,6 +227,7 @@ link_a.darwin:
 	if [ -n "$$SHLIB_SOVER_NODOT" ]; then \
 		SHAREDFLAGS="$$SHAREDFLAGS -compatibility_version $$SHLIB_SOVER_NODOT"; \
 	fi; \
+	SHAREDFLAGS="$$SHAREDFLAGS -install_name ${INSTALLTOP}/lib/$$SHLIB${SHLIB_EXT}"; \
 	$(LINK_SO_A)
 link_app.darwin:	# is there run-path on darwin?
 	$(LINK_APP)
@@ -275,7 +280,7 @@ link_o.alpha-osf1:
 		NOALLSYMSFLAGS='-none'; \
 		SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared"; \
 		if [ -n "$$SHLIB_HIST" ]; then \
-			SHAREDFLAGS="$$SHAREDFLAGS -set_version \"$$SHLIB_HIST\""; \
+			SHAREDFLAGS="$$SHAREDFLAGS -set_version $$SHLIB_HIST"; \
 		fi; \
 	fi; \
 	$(LINK_SO_O)
@@ -296,7 +301,7 @@ link_a.alpha-osf1:
 		NOALLSYMSFLAGS='-none'; \
 		SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared"; \
 		if [ -n "$$SHLIB_HIST" ]; then \
-			SHAREDFLAGS="$$SHAREDFLAGS -set_version \"$$SHLIB_HIST\""; \
+			SHAREDFLAGS="$$SHAREDFLAGS -set_version $$SHLIB_HIST"; \
 		fi; \
 	fi; \
 	$(LINK_SO_A)
@@ -450,7 +455,7 @@ link_o.hpux:
 	@if ${DETECT_GNU_LD}; then $(DO_GNU_SO); else \
 	$(CALC_VERSIONS); \
 	SHLIB=lib$(LIBNAME).sl; \
-	expr $(PLATFORM) : '.*ia64' > /dev/null && SHLIB=lib$(LIBNAME).so; \
+	expr "$(CFLAGS)" : '.*DSO_DLFCN' > /dev/null && SHLIB=lib$(LIBNAME).so; \
 	SHLIB_SUFFIX=; \
 	ALLSYMSFLAGS='-Wl,-Fl'; \
 	NOALLSYMSFLAGS=''; \
@@ -499,7 +504,7 @@ link_a.aix:
 	SHAREDFLAGS='$(CFLAGS) $(SHARED_LDFLAGS) -G -bE:lib$(LIBNAME).exp -bM:SRE'; \
 	$(LINK_SO_A_VIA_O)
 link_app.aix:
-	LDFLAGS="$(CFLAGS) -blibpath:$(LIBRPATH)"; \
+	LDFLAGS="$(CFLAGS) -blibpath:$(LIBRPATH):$${LIBPATH:-/usr/lib:/lib}"; \
 	$(LINK_APP)
 
 link_o.reliantunix:
@@ -538,7 +543,7 @@ symlink.hpux:
 	expr $(PLATFORM) : '.*ia64' > /dev/null && SHLIB=lib$(LIBNAME).so; \
 	$(SYMLINK_SO)
 # The following lines means those specific architectures do no symlinks
-symlink.cygwin symlib.alpha-osf1 symlink.tru64 symlink.tru64-rpath:
+symlink.cygwin symlink.alpha-osf1 symlink.tru64 symlink.tru64-rpath:
 
 # Compatibility targets
 link_o.bsd-gcc-shared link_o.linux-shared link_o.gnu-shared: link_o.gnu

NEWS

@@ -5,6 +5,32 @@
   This file gives a brief overview of the major changes between each OpenSSL
   release. For more details please read the CHANGES file.
 
+  Major changes between OpenSSL 0.9.7c and OpenSSL 0.9.8d:
+
+      o Introduce limits to prevent malicious key DoS  (CVE-2006-2940)
+      o Fix security issues (CVE-2006-2937, CVE-2006-3737, CVE-2006-4343)
+      o Changes to ciphersuite selection algorithm
+
+  Major changes between OpenSSL 0.9.8b and OpenSSL 0.9.8c:
+
+      o Fix Daniel Bleichenbacher forged signature attack, CVE-2006-4339
+      o New cipher Camellia
+
+  Major changes between OpenSSL 0.9.8a and OpenSSL 0.9.8b:
+
+      o Cipher string fixes.
+      o Fixes for VC++ 2005.
+      o Updated ECC cipher suite support.
+      o New functions EVP_CIPHER_CTX_new() and EVP_CIPHER_CTX_free().
+      o Zlib compression usage fixes.
+      o Built in dynamic engine compilation support on Win32.
+      o Fixes auto dynamic engine loading in Win32.
+
+  Major changes between OpenSSL 0.9.8 and OpenSSL 0.9.8a:
+
+      o Fix potential SSL 2.0 rollback, CVE-2005-2969
+      o Extended Windows CE support
+
   Major changes between OpenSSL 0.9.7g and OpenSSL 0.9.8:
 
       o Major work on the BIGNUM library for higher efficiency and to
@@ -79,6 +105,25 @@
       o Added initial support for Win64.
       o Added alternate pkg-config files.
 
+  Major changes between OpenSSL 0.9.7j and OpenSSL 0.9.7k:
+
+      o Fix Daniel Bleichenbacher forged signature attack, CVE-2006-4339
+
+  Major changes between OpenSSL 0.9.7i and OpenSSL 0.9.7j:
+
+      o Visual C++ 2005 fixes.
+      o Update Windows build system for FIPS.
+
+  Major changes between OpenSSL 0.9.7h and OpenSSL 0.9.7i:
+
+      o Give EVP_MAX_MD_SIZE it's old value, except for a FIPS build.
+
+  Major changes between OpenSSL 0.9.7g and OpenSSL 0.9.7h:
+
+      o Fix SSL 2.0 Rollback, CVE-2005-2969
+      o Allow use of fixed-length exponent on DSA signing
+      o Default fixed-window RSA, DSA, DH private-key operations
+
   Major changes between OpenSSL 0.9.7f and OpenSSL 0.9.7g:
 
       o More compilation issues fixed.

PROBLEMS

@@ -180,3 +180,18 @@ target. Drop optimization level to +O2 when compiling 64-bit bf_skey.o.
 Unfortunately, the 'no-engines' configuration option currently doesn't
 work properly.  Use 'no-hw' and you'll will at least get no hardware
 support.  We'll see how we fix that on OpenSSL versions past 0.9.8.
+
+* 'make test' fails in BN_sqr [commonly with "error 139" denoting SIGSEGV]
+  if elder GNU binutils were deployed to link shared libcrypto.so.
+
+As subject suggests the failure is caused by a bug in elder binutils,
+either as or ld, and was observed on FreeBSD and Linux. There are two
+options. First is naturally to upgrade binutils, the second one - to
+reconfigure with additional no-sse2 [or 386] option passed to ./config.
+
+* If configured with ./config no-dso, toolkit still gets linked with -ldl,
+  which most notably poses a problem when linking with dietlibc.
+
+We don't have framework to associate -ldl with no-dso, therefore the only
+way is to edit Makefile right after ./config no-dso and remove -ldl from
+EX_LIBS line.

README

@@ -1,7 +1,7 @@
 
- OpenSSL 0.9.8 05 Jul 2005
+ OpenSSL 0.9.8d 28 Sep 2006
 
- Copyright (c) 1998-2005 The OpenSSL Project
+ Copyright (c) 1998-2006 The OpenSSL Project
  Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
  All rights reserved.
 
@@ -113,6 +113,10 @@
 
  The MDC2 algorithm is patented by IBM.
 
+ NTT and Mitsubishi have patents and pending patents on the Camellia
+ algorithm, but allow use at no charge without requiring an explicit
+ licensing agreement: http://info.isl.ntt.co.jp/crypt/eng/info/chiteki.html
+
  INSTALLATION
  ------------
 

STATUS

@@ -1,11 +1,20 @@
 
   OpenSSL STATUS                           Last modified at
-  ______________                           $Date: 2005/07/05 18:49:43 $
+  ______________                           $Date: 2006/09/28 11:32:41 $
 
   DEVELOPMENT STATE
 
     o  OpenSSL 0.9.9:  Under development...
+    o  OpenSSL 0.9.8d: Released on September 28th, 2006
+    o  OpenSSL 0.9.8c: Released on September  5th, 2006
+    o  OpenSSL 0.9.8b: Released on May        4th, 2006
+    o  OpenSSL 0.9.8a: Released on October   11th, 2005
     o  OpenSSL 0.9.8:  Released on July       5th, 2005
+    o  OpenSSL 0.9.7l: Released on September 28th, 2006
+    o  OpenSSL 0.9.7k: Released on September  5th, 2006
+    o  OpenSSL 0.9.7j: Released on May        4th, 2006
+    o  OpenSSL 0.9.7i: Released on October   14th, 2005
+    o  OpenSSL 0.9.7h: Released on October   11th, 2005
     o  OpenSSL 0.9.7g: Released on April     11th, 2005
     o  OpenSSL 0.9.7f: Released on March     22nd, 2005
     o  OpenSSL 0.9.7e: Released on October   25th, 2004

TABLE

@@ -783,6 +783,33 @@ $shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
 $ranlib       = 
 $arflags      = -X 64
 
+*** aix64-gcc
+$cc           = gcc
+$cflags       = -O -DB_ENDIAN
+$unistd       = 
+$thread_cflag = -D_THREAD_SAFE
+$sys_id       = AIX
+$lflags       = 
+$bn_ops       = SIXTY_FOUR_BIT_LONG RC4_CHAR
+$cpuid_obj    = 
+$bn_obj       = aix_ppc64.o
+$des_obj      = 
+$aes_obj      = 
+$bf_obj       = 
+$md5_obj      = 
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = dlfcn
+$shared_target= 
+$shared_cflag = 
+$shared_ldflag = 
+$shared_extension = 
+$ranlib       = 
+$arflags      = -X64
+
 *** aux3-gcc
 $cc           = gcc
 $cflags       = -O2 -DTERMIO
@@ -920,7 +947,7 @@ $arflags      =
 
 *** darwin-i386-cc
 $cc           = cc
-$cflags       = -O3 -fomit-frame-pointer -fno-common -DB_ENDIAN
+$cflags       = -O3 -fomit-frame-pointer -fno-common
 $unistd       = 
 $thread_cflag = -D_REENTRANT
 $sys_id       = MACOSX
@@ -937,10 +964,10 @@ $cast_obj     =
 $rc4_obj      = 
 $rmd160_obj   = 
 $rc5_obj      = 
-$dso_scheme   = 
+$dso_scheme   = dlfcn
 $shared_target= darwin-shared
-$shared_cflag = -fPIC
-$shared_ldflag = -dunamiclib
+$shared_cflag = -fPIC -fno-common
+$shared_ldflag = -dynamiclib
 $shared_extension = .$(SHLIB_MAJOR).$(SHLIB_MINOR).dylib
 $ranlib       = 
 $arflags      = 
@@ -964,7 +991,7 @@ $cast_obj     =
 $rc4_obj      = 
 $rmd160_obj   = 
 $rc5_obj      = 
-$dso_scheme   = 
+$dso_scheme   = dlfcn
 $shared_target= darwin-shared
 $shared_cflag = -fPIC -fno-common
 $shared_ldflag = -dynamiclib
@@ -1028,7 +1055,7 @@ $arflags      =
 
 *** debug-Cygwin
 $cc           = gcc
-$cflags       = -DTERMIOS -DL_ENDIAN -march=i486 -Wall -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -g -Wformat -Wshadow -Wmissing-prototypes -Wmissing-declarations -Werror
+$cflags       = -DTERMIOS -DL_ENDIAN -march=i486 -Wall -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -g -Wformat -Wshadow -Wmissing-prototypes -Wmissing-declarations -Werror
 $unistd       = 
 $thread_cflag = 
 $sys_id       = CYGWIN32
@@ -1234,9 +1261,9 @@ $cast_obj     =
 $rc4_obj      = 
 $rmd160_obj   = 
 $rc5_obj      = 
-$dso_scheme   = 
+$dso_scheme   = dlfcn
 $shared_target= darwin-shared
-$shared_cflag = -fPIC
+$shared_cflag = -fPIC -fno-common
 $shared_ldflag = -dynamiclib
 $shared_extension = .$(SHLIB_MAJOR).$(SHLIB_MINOR).dylib
 $ranlib       = 
@@ -1379,7 +1406,7 @@ $arflags      =
 
 *** debug-linux-elf
 $cc           = gcc
-$cflags       = -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -march=i486 -Wall
+$cflags       = -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -march=i486 -Wall
 $unistd       = 
 $thread_cflag = -D_REENTRANT
 $sys_id       = 
@@ -1406,7 +1433,7 @@ $arflags      =
 
 *** debug-linux-elf-noefence
 $cc           = gcc
-$cflags       = -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -march=i486 -Wall
+$cflags       = -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -march=i486 -Wall
 $unistd       = 
 $thread_cflag = -D_REENTRANT
 $sys_id       = 
@@ -1433,7 +1460,7 @@ $arflags      =
 
 *** debug-linux-pentium
 $cc           = gcc
-$cflags       = -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -mcpu=pentium -Wall
+$cflags       = -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -mcpu=pentium -Wall
 $unistd       = 
 $thread_cflag = -D_REENTRANT
 $sys_id       = 
@@ -1460,7 +1487,7 @@ $arflags      =
 
 *** debug-linux-ppro
 $cc           = gcc
-$cflags       = -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -mcpu=pentiumpro -Wall
+$cflags       = -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -mcpu=pentiumpro -Wall
 $unistd       = 
 $thread_cflag = -D_REENTRANT
 $sys_id       = 
@@ -1514,7 +1541,7 @@ $arflags      =
 
 *** debug-solaris-sparcv8-cc
 $cc           = cc
-$cflags       = -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -xarch=v8 -g -O -xstrconst -Xa -DB_ENDIAN -DBN_DIV2W
+$cflags       = -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG_ALL -xarch=v8 -g -O -xstrconst -Xa -DB_ENDIAN -DBN_DIV2W
 $unistd       = 
 $thread_cflag = -D_REENTRANT
 $sys_id       = 
@@ -1541,7 +1568,7 @@ $arflags      =
 
 *** debug-solaris-sparcv8-gcc
 $cc           = gcc
-$cflags       = -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -O -g -mv8 -Wall -DB_ENDIAN
+$cflags       = -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG_ALL -O -g -mv8 -Wall -DB_ENDIAN
 $unistd       = 
 $thread_cflag = -D_REENTRANT
 $sys_id       = 
@@ -1568,7 +1595,7 @@ $arflags      =
 
 *** debug-solaris-sparcv9-cc
 $cc           = cc
-$cflags       = -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -xtarget=ultra -xarch=v8plus -g -O -xstrconst -Xa -DB_ENDIAN -DBN_DIV2W
+$cflags       = -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG_ALL -xtarget=ultra -xarch=v8plus -g -O -xstrconst -Xa -DB_ENDIAN -DBN_DIV2W
 $unistd       = 
 $thread_cflag = -D_REENTRANT
 $sys_id       = ULTRASPARC
@@ -1595,7 +1622,7 @@ $arflags      =
 
 *** debug-solaris-sparcv9-gcc
 $cc           = gcc
-$cflags       = -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -DPEDANTIC -O -g -mcpu=ultrasparc -pedantic -ansi -Wall -Wshadow -Wno-long-long -D__EXTENSIONS__ -DB_ENDIAN -DBN_DIV2W
+$cflags       = -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG_ALL -DPEDANTIC -O -g -mcpu=ultrasparc -pedantic -ansi -Wall -Wshadow -Wno-long-long -D__EXTENSIONS__ -DB_ENDIAN -DBN_DIV2W
 $unistd       = 
 $thread_cflag = -D_REENTRANT
 $sys_id       = ULTRASPARC
@@ -1622,7 +1649,7 @@ $arflags      =
 
 *** debug-steve
 $cc           = gcc
-$cflags       = -DL_ENDIAN -DREF_CHECK -DCONF_DEBUG -DDEBUG_SAFESTACK -DCRYPTO_MDEBUG_ALL -DPEDANTIC -g -mcpu=i486 -pedantic -Wno-long-long -Wall -Werror -Wshadow -pipe
+$cflags       = -DL_ENDIAN -DREF_CHECK -DCONF_DEBUG -DDEBUG_SAFESTACK -DCRYPTO_MDEBUG_ALL -DPEDANTIC -g -march=i486 -pedantic -Wno-long-long -Wall -Werror -Wshadow -pipe
 $unistd       = 
 $thread_cflag = -D_REENTRANT
 $sys_id       = 
@@ -1955,10 +1982,10 @@ $bn_ops       = SIXTY_FOUR_BIT MD2_CHAR RC4_INDEX DES_UNROLL DES_RISC1 DES_INT
 $cpuid_obj    = 
 $bn_obj       = bn-ia64.o
 $des_obj      = 
-$aes_obj      = aes-ia64.o
+$aes_obj      = aes_core.o aes_cbc.o aes-ia64.o
 $bf_obj       = 
 $md5_obj      = 
-$sha1_obj     = sha256-ia64.o sha512-ia64.o
+$sha1_obj     = sha1-ia64.o sha256-ia64.o sha512-ia64.o
 $cast_obj     = 
 $rc4_obj      = rc4-ia64.o
 $rmd160_obj   = 
@@ -3159,7 +3186,7 @@ $shared_extension =
 $ranlib       = 
 $arflags      = 
 
-*** ofs1-alpha-cc
+*** osf1-alpha-cc
 $cc           = cc
 $cflags       = -std1 -tune host -O4 -readonly_strings
 $unistd       = 
@@ -3653,15 +3680,15 @@ $thread_cflag = -D_REENTRANT
 $sys_id       = 
 $lflags       = -lsocket -lnsl -ldl
 $bn_ops       = SIXTY_FOUR_BIT_LONG RC4_CHUNK BF_PTR2 DES_INT DES_UNROLL
-$cpuid_obj    = 
-$bn_obj       = 
+$cpuid_obj    = x86_64cpuid.o
+$bn_obj       = x86_64-gcc.o
 $des_obj      = 
 $aes_obj      = 
 $bf_obj       = 
-$md5_obj      = 
+$md5_obj      = md5-x86_64.o
 $sha1_obj     = 
 $cast_obj     = 
-$rc4_obj      = 
+$rc4_obj      = rc4-x86_64.o
 $rmd160_obj   = 
 $rc5_obj      = 
 $dso_scheme   = dlfcn
@@ -4052,7 +4079,7 @@ $arflags      =
 
 *** vxworks-ppc750-debug
 $cc           = ccppc
-$cflags       = -ansi -nostdinc -DPPC750 -D_REENTRANT -fvolatile -fno-builtin -fno-for-scope -fsigned-char -Wall -msoft-float -mlongcall -DCPU=PPC604 -I$(WIND_BASE)/target/h -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -DDEBUG -g
+$cflags       = -ansi -nostdinc -DPPC750 -D_REENTRANT -fvolatile -fno-builtin -fno-for-scope -fsigned-char -Wall -msoft-float -mlongcall -DCPU=PPC604 -I$(WIND_BASE)/target/h -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -DDEBUG -g
 $unistd       = 
 $thread_cflag = 
 $sys_id       = VXWORKS

apps/CA.pl.in

@@ -94,6 +94,9 @@ foreach (@ARGV) {
 		mkdir "${CATOP}/private", $DIRMODE;
 		open OUT, ">${CATOP}/index.txt";
 		close OUT;
+		open OUT, ">${CATOP}/crlnumber";
+		print OUT "01\n";
+		close OUT;
 	    }
 	    if ( ! -f "${CATOP}/private/$CAKEY" ) {
 		print "CA certificate filename (or enter to create)\n";
@@ -113,6 +116,7 @@ foreach (@ARGV) {
 		    system ("$CA -create_serial " .
 			"-out ${CATOP}/$CACERT $CADAYS -batch " . 
 			"-keyfile ${CATOP}/private/$CAKEY -selfsign " .
+			"-extensions v3_ca " .
 			"-infiles ${CATOP}/$CAREQ ");
 		    $RET=$?;
 		}

apps/apps.c

@@ -125,7 +125,9 @@
 #ifndef OPENSSL_NO_ENGINE
 #include <openssl/engine.h>
 #endif
+#ifndef OPENSSL_NO_RSA
 #include <openssl/rsa.h>
+#endif
 #include <openssl/bn.h>
 
 #define NON_MAIN

apps/ca.c

@@ -969,7 +969,6 @@ bad:
 			if (verbose) BIO_printf(bio_err,
 				"Done. %d entries marked as expired\n",i); 
 	      		}
-			goto err;
 	  	}
 
  	/*****************************************************************/

apps/dh.c

@@ -57,6 +57,7 @@
  * [including the GNU Public Licence.]
  */
 
+#include <openssl/opensslconf.h>	/* for OPENSSL_NO_DH */
 #ifndef OPENSSL_NO_DH
 #include <stdio.h>
 #include <stdlib.h>

apps/dhparam.c

@@ -109,6 +109,7 @@
  *
  */
 
+#include <openssl/opensslconf.h>	/* for OPENSSL_NO_DH */
 #ifndef OPENSSL_NO_DH
 #include <stdio.h>
 #include <stdlib.h>

apps/dsa.c

@@ -56,6 +56,7 @@
  * [including the GNU Public Licence.]
  */
 
+#include <openssl/opensslconf.h>	/* for OPENSSL_NO_DSA */
 #ifndef OPENSSL_NO_DSA
 #include <stdio.h>
 #include <stdlib.h>
@@ -83,6 +84,9 @@
  * -aes128	- encrypt output if PEM format
  * -aes192	- encrypt output if PEM format
  * -aes256	- encrypt output if PEM format
+ * -camellia128 - encrypt output if PEM format
+ * -camellia192 - encrypt output if PEM format
+ * -camellia256 - encrypt output if PEM format
  * -text	- print a text version
  * -modulus	- print the DSA public key
  */
@@ -210,6 +214,10 @@ bad:
 #ifndef OPENSSL_NO_AES
 		BIO_printf(bio_err," -aes128, -aes192, -aes256\n");
 		BIO_printf(bio_err,"                 encrypt PEM output with cbc aes\n");
+#endif
+#ifndef OPENSSL_NO_CAMELLIA
+		BIO_printf(bio_err," -camellia128, -camellia192, -camellia256\n");
+		BIO_printf(bio_err,"                 encrypt PEM output with cbc camellia\n");
 #endif
 		BIO_printf(bio_err," -text           print the key in text\n");
 		BIO_printf(bio_err," -noout          don't print key out\n");

apps/dsaparam.c

@@ -56,6 +56,7 @@
  * [including the GNU Public Licence.]
  */
 
+#include <openssl/opensslconf.h>	/* for OPENSSL_NO_DSA */
 /* Until the key-gen callbacks are modified to use newer prototypes, we allow
  * deprecated functions for openssl-internal code */
 #ifdef OPENSSL_NO_DEPRECATED

apps/enc.c

@@ -340,7 +340,7 @@ bad:
 			}
 
 		/* It must be large enough for a base64 encoded line */
-		if (n < 80) n=80;
+		if (base64 && n < 80) n=80;
 
 		bsize=(int)n;
 		if (verbose) BIO_printf(bio_err,"bufsize=%d\n",bsize);
@@ -370,7 +370,11 @@ bad:
 		}
 
 	if (inf == NULL)
+	        {
+		if (bufsize != NULL)
+			setvbuf(stdin, (char *)NULL, _IONBF, 0);
 		BIO_set_fp(in,stdin,BIO_NOCLOSE);
+	        }
 	else
 		{
 		if (BIO_read_filename(in,inf) <= 0)
@@ -421,6 +425,8 @@ bad:
 	if (outf == NULL)
 		{
 		BIO_set_fp(out,stdout,BIO_NOCLOSE);
+		if (bufsize != NULL)
+			setvbuf(stdout, (char *)NULL, _IONBF, 0);
 #ifdef OPENSSL_SYS_VMS
 		{
 		BIO *tmpbio = BIO_new(BIO_f_linebuffer());

apps/gendh.c

@@ -57,6 +57,7 @@
  * [including the GNU Public Licence.]
  */
 
+#include <openssl/opensslconf.h>
 /* Until the key-gen callbacks are modified to use newer prototypes, we allow
  * deprecated functions for openssl-internal code */
 #ifdef OPENSSL_NO_DEPRECATED

apps/gendsa.c

@@ -56,6 +56,7 @@
  * [including the GNU Public Licence.]
  */
 
+#include <openssl/opensslconf.h>	/* for OPENSSL_NO_DSA */
 #ifndef OPENSSL_NO_DSA
 #include <stdio.h>
 #include <string.h>
@@ -146,6 +147,14 @@ int MAIN(int argc, char **argv)
 			enc=EVP_aes_192_cbc();
 		else if (strcmp(*argv,"-aes256") == 0)
 			enc=EVP_aes_256_cbc();
+#endif
+#ifndef OPENSSL_NO_CAMELLIA
+		else if (strcmp(*argv,"-camellia128") == 0)
+			enc=EVP_camellia_128_cbc();
+		else if (strcmp(*argv,"-camellia192") == 0)
+			enc=EVP_camellia_192_cbc();
+		else if (strcmp(*argv,"-camellia256") == 0)
+			enc=EVP_camellia_256_cbc();
 #endif
 		else if (**argv != '-' && dsaparams == NULL)
 			{
@@ -173,6 +182,10 @@ bad:
 		BIO_printf(bio_err," -aes128, -aes192, -aes256\n");
 		BIO_printf(bio_err,"                 encrypt PEM output with cbc aes\n");
 #endif
+#ifndef OPENSSL_NO_CAMELLIA
+		BIO_printf(bio_err," -camellia128, -camellia192, -camellia256\n");
+		BIO_printf(bio_err,"                 encrypt PEM output with cbc camellia\n");
+#endif
 #ifndef OPENSSL_NO_ENGINE
 		BIO_printf(bio_err," -engine e - use engine e, possibly a hardware device.\n");
 #endif

apps/genrsa.c

@@ -56,6 +56,7 @@
  * [including the GNU Public Licence.]
  */
 
+#include <openssl/opensslconf.h>
 /* Until the key-gen callbacks are modified to use newer prototypes, we allow
  * deprecated functions for openssl-internal code */
 #ifdef OPENSSL_NO_DEPRECATED
@@ -166,6 +167,14 @@ int MAIN(int argc, char **argv)
 			enc=EVP_aes_192_cbc();
 		else if (strcmp(*argv,"-aes256") == 0)
 			enc=EVP_aes_256_cbc();
+#endif
+#ifndef OPENSSL_NO_CAMELLIA
+		else if (strcmp(*argv,"-camellia128") == 0)
+			enc=EVP_camellia_128_cbc();
+		else if (strcmp(*argv,"-camellia192") == 0)
+			enc=EVP_camellia_192_cbc();
+		else if (strcmp(*argv,"-camellia256") == 0)
+			enc=EVP_camellia_256_cbc();
 #endif
 		else if (strcmp(*argv,"-passout") == 0)
 			{
@@ -189,6 +198,10 @@ bad:
 #ifndef OPENSSL_NO_AES
 		BIO_printf(bio_err," -aes128, -aes192, -aes256\n");
 		BIO_printf(bio_err,"                 encrypt PEM output with cbc aes\n");
+#endif
+#ifndef OPENSSL_NO_CAMELLIA
+		BIO_printf(bio_err," -camellia128, -camellia192, -camellia256\n");
+		BIO_printf(bio_err,"                 encrypt PEM output with cbc camellia\n");
 #endif
 		BIO_printf(bio_err," -out file       output the key to 'file\n");
 		BIO_printf(bio_err," -passout arg    output file pass phrase source\n");

apps/openssl-vms.cnf

@@ -188,7 +188,7 @@ nsComment			= "OpenSSL Generated Certificate"
 
 # PKIX recommendations harmless if included in all certificates.
 subjectKeyIdentifier=hash
-authorityKeyIdentifier=keyid,issuer:always
+authorityKeyIdentifier=keyid,issuer
 
 # This stuff is for subjectAltName and issuerAltname.
 # Import the email address.

apps/openssl.c

@@ -56,7 +56,7 @@
  * [including the GNU Public Licence.]
  */
 /* ====================================================================
- * Copyright (c) 1998-2001 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1998-2006 The OpenSSL Project.  All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -445,7 +445,11 @@ static int do_cmd(LHASH *prog, int argc, char *argv[])
 		for (fp=functions; fp->name != NULL; fp++)
 			{
 			nl=0;
+#ifdef OPENSSL_NO_CAMELLIA
 			if (((i++) % 5) == 0)
+#else
+			if (((i++) % 4) == 0)
+#endif
 				{
 				BIO_printf(bio_err,"\n");
 				nl=1;
@@ -466,7 +470,11 @@ static int do_cmd(LHASH *prog, int argc, char *argv[])
 					BIO_printf(bio_err,"\nCipher commands (see the `enc' command for more details)\n");
 					}
 				}
+#ifdef OPENSSL_NO_CAMELLIA
 			BIO_printf(bio_err,"%-15s",fp->name);
+#else
+			BIO_printf(bio_err,"%-18s",fp->name);
+#endif
 			}
 		BIO_printf(bio_err,"\n\n");
 		ret=0;

apps/openssl.cnf

@@ -188,7 +188,7 @@ nsComment			= "OpenSSL Generated Certificate"
 
 # PKIX recommendations harmless if included in all certificates.
 subjectKeyIdentifier=hash
-authorityKeyIdentifier=keyid,issuer:always
+authorityKeyIdentifier=keyid,issuer
 
 # This stuff is for subjectAltName and issuerAltname.
 # Import the email address.

apps/pkcs12.c

@@ -3,7 +3,7 @@
  * project.
  */
 /* ====================================================================
- * Copyright (c) 1999-2002 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1999-2006 The OpenSSL Project.  All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -161,6 +161,11 @@ int MAIN(int argc, char **argv)
 		else if (!strcmp(*args,"-aes128")) enc=EVP_aes_128_cbc();
 		else if (!strcmp(*args,"-aes192")) enc=EVP_aes_192_cbc();
 		else if (!strcmp(*args,"-aes256")) enc=EVP_aes_256_cbc();
+#endif
+#ifndef OPENSSL_NO_CAMELLIA
+		else if (!strcmp(*args,"-camellia128")) enc=EVP_camellia_128_cbc();
+		else if (!strcmp(*args,"-camellia192")) enc=EVP_camellia_192_cbc();
+		else if (!strcmp(*args,"-camellia256")) enc=EVP_camellia_256_cbc();
 #endif
 		else if (!strcmp (*args, "-noiter")) iter = 1;
 		else if (!strcmp (*args, "-maciter"))
@@ -175,7 +180,8 @@ int MAIN(int argc, char **argv)
 				args++;
 				if (!strcmp(*args, "NONE"))
 					cert_pbe = -1;
-				cert_pbe=OBJ_txt2nid(*args);
+				else
+					cert_pbe=OBJ_txt2nid(*args);
 				if(cert_pbe == NID_undef) {
 					BIO_printf(bio_err,
 						 "Unknown PBE algorithm %s\n", *args);
@@ -303,6 +309,10 @@ int MAIN(int argc, char **argv)
 #ifndef OPENSSL_NO_AES
 	BIO_printf (bio_err, "-aes128, -aes192, -aes256\n");
 	BIO_printf (bio_err, "              encrypt PEM output with cbc aes\n");
+#endif
+#ifndef OPENSSL_NO_CAMELLIA
+	BIO_printf (bio_err, "-camellia128, -camellia192, -camellia256\n");
+	BIO_printf (bio_err, "              encrypt PEM output with cbc camellia\n");
 #endif
 	BIO_printf (bio_err, "-nodes        don't encrypt private keys\n");
 	BIO_printf (bio_err, "-noiter       don't use encryption iteration\n");
@@ -825,12 +835,14 @@ int alg_print (BIO *x, X509_ALGOR *alg)
 	PBEPARAM *pbe;
 	const unsigned char *p;
 	p = alg->parameter->value.sequence->data;
-	pbe = d2i_PBEPARAM (NULL, &p, alg->parameter->value.sequence->length);
+	pbe = d2i_PBEPARAM(NULL, &p, alg->parameter->value.sequence->length);
+	if (!pbe)
+		return 1;
 	BIO_printf (bio_err, "%s, Iteration %ld\n", 
 		OBJ_nid2ln(OBJ_obj2nid(alg->algorithm)),
 		ASN1_INTEGER_get(pbe->iter));
 	PBEPARAM_free (pbe);
-	return 0;
+	return 1;
 }
 
 /* Load all certificates from a given file */

apps/prime.c

@@ -115,7 +115,7 @@ int MAIN(int argc, char **argv)
 
     BN_print(bio_out,bn);
     BIO_printf(bio_out," is %sprime\n",
-	       BN_is_prime(bn,checks,NULL,NULL,NULL) ? "" : "not ");
+	       BN_is_prime_ex(bn,checks,NULL,NULL) ? "" : "not ");
 
     BN_free(bn);
     BIO_free_all(bio_out);

apps/progs.h

@@ -165,6 +165,24 @@ FUNCTION functions[] = {
 #endif
 #ifndef OPENSSL_NO_AES
 	{FUNC_TYPE_CIPHER,"aes-256-ecb",enc_main},
+#endif
+#ifndef OPENSSL_NO_CAMELLIA
+	{FUNC_TYPE_CIPHER,"camellia-128-cbc",enc_main},
+#endif
+#ifndef OPENSSL_NO_CAMELLIA
+	{FUNC_TYPE_CIPHER,"camellia-128-ecb",enc_main},
+#endif
+#ifndef OPENSSL_NO_CAMELLIA
+	{FUNC_TYPE_CIPHER,"camellia-192-cbc",enc_main},
+#endif
+#ifndef OPENSSL_NO_CAMELLIA
+	{FUNC_TYPE_CIPHER,"camellia-192-ecb",enc_main},
+#endif
+#ifndef OPENSSL_NO_CAMELLIA
+	{FUNC_TYPE_CIPHER,"camellia-256-cbc",enc_main},
+#endif
+#ifndef OPENSSL_NO_CAMELLIA
+	{FUNC_TYPE_CIPHER,"camellia-256-ecb",enc_main},
 #endif
 	{FUNC_TYPE_CIPHER,"base64",enc_main},
 #ifndef OPENSSL_NO_DES

apps/progs.pl

@@ -57,6 +57,9 @@ foreach (
 	"aes-128-cbc", "aes-128-ecb",
 	"aes-192-cbc", "aes-192-ecb",
 	"aes-256-cbc", "aes-256-ecb",
+	"camellia-128-cbc", "camellia-128-ecb",
+	"camellia-192-cbc", "camellia-192-ecb",
+	"camellia-256-cbc", "camellia-256-ecb",
 	"base64",
 	"des", "des3", "desx", "idea", "rc4", "rc4-40",
 	"rc2", "bf", "cast", "rc5",
@@ -75,6 +78,7 @@ foreach (
 	$t=sprintf("\t{FUNC_TYPE_CIPHER,\"%s\",enc_main},\n",$_);
 	if    ($_ =~ /des/)  { $t="#ifndef OPENSSL_NO_DES\n${t}#endif\n"; }
 	elsif ($_ =~ /aes/)  { $t="#ifndef OPENSSL_NO_AES\n${t}#endif\n"; }
+	elsif ($_ =~ /camellia/)  { $t="#ifndef OPENSSL_NO_CAMELLIA\n${t}#endif\n"; }
 	elsif ($_ =~ /idea/) { $t="#ifndef OPENSSL_NO_IDEA\n${t}#endif\n"; }
 	elsif ($_ =~ /rc4/)  { $t="#ifndef OPENSSL_NO_RC4\n${t}#endif\n"; }
 	elsif ($_ =~ /rc2/)  { $t="#ifndef OPENSSL_NO_RC2\n${t}#endif\n"; }

apps/req.c

@@ -79,6 +79,13 @@
 #include <openssl/x509v3.h>
 #include <openssl/objects.h>
 #include <openssl/pem.h>
+#include <openssl/bn.h>
+#ifndef OPENSSL_NO_RSA
+#include <openssl/rsa.h>
+#endif
+#ifndef OPENSSL_NO_DSA
+#include <openssl/dsa.h>
+#endif
 
 #define SECTION		"req"
 
@@ -724,7 +731,9 @@ bad:
 
 	if (newreq && (pkey == NULL))
 		{
+#ifndef OPENSSL_NO_RSA
 		BN_GENCB cb;
+#endif
 		char *randfile = NCONF_get_string(req_conf,SECTION,"RANDFILE");
 		if (randfile == NULL)
 			ERR_clear_error();

apps/rsa.c

@@ -56,6 +56,7 @@
  * [including the GNU Public Licence.]
  */
 
+#include <openssl/opensslconf.h>
 #ifndef OPENSSL_NO_RSA
 #include <stdio.h>
 #include <stdlib.h>
@@ -83,6 +84,9 @@
  * -aes128	- encrypt output if PEM format
  * -aes192	- encrypt output if PEM format
  * -aes256	- encrypt output if PEM format
+ * -camellia128 - encrypt output if PEM format
+ * -camellia192 - encrypt output if PEM format
+ * -camellia256 - encrypt output if PEM format
  * -text	- print a text version
  * -modulus	- print the RSA key modulus
  * -check	- verify key consistency
@@ -210,6 +214,10 @@ bad:
 #ifndef OPENSSL_NO_AES
 		BIO_printf(bio_err," -aes128, -aes192, -aes256\n");
 		BIO_printf(bio_err,"                 encrypt PEM output with cbc aes\n");
+#endif
+#ifndef OPENSSL_NO_CAMELLIA
+		BIO_printf(bio_err," -camellia128, -camellia192, -camellia256\n");
+		BIO_printf(bio_err,"                 encrypt PEM output with cbc camellia\n");
 #endif
 		BIO_printf(bio_err," -text           print the key in text\n");
 		BIO_printf(bio_err," -noout          don't print key out\n");

apps/rsautl.c

@@ -56,6 +56,7 @@
  *
  */
 
+#include <openssl/opensslconf.h>
 #ifndef OPENSSL_NO_RSA
 
 #include "apps.h"

apps/s_client.c

@@ -188,7 +188,7 @@ static void sc_usage(void)
 	BIO_printf(bio_err," -port port     - use -connect instead\n");
 	BIO_printf(bio_err," -connect host:port - who to connect to (default is %s:%s)\n",SSL_HOST_NAME,PORT_STR);
 
-	BIO_printf(bio_err," -verify arg   - turn on peer certificate verification\n");
+	BIO_printf(bio_err," -verify depth - turn on peer certificate verification\n");
 	BIO_printf(bio_err," -cert arg     - certificate file to use, PEM format assumed\n");
 	BIO_printf(bio_err," -certform arg - certificate format (PEM or DER) PEM default\n");
 	BIO_printf(bio_err," -key arg      - Private key file to use, in cert file if\n");
@@ -1096,7 +1096,9 @@ static void print_stuff(BIO *bio, SSL *s, int full)
 	SSL_CIPHER *c;
 	X509_NAME *xn;
 	int j,i;
+#ifndef OPENSSL_NO_COMP
 	const COMP_METHOD *comp, *expansion;
+#endif
 
 	if (full)
 		{
@@ -1199,12 +1201,14 @@ static void print_stuff(BIO *bio, SSL *s, int full)
 							 EVP_PKEY_bits(pktmp));
 		EVP_PKEY_free(pktmp);
 	}
+#ifndef OPENSSL_NO_COMP
 	comp=SSL_get_current_compression(s);
 	expansion=SSL_get_current_expansion(s);
 	BIO_printf(bio,"Compression: %s\n",
 		comp ? SSL_COMP_get_name(comp) : "NONE");
 	BIO_printf(bio,"Expansion: %s\n",
 		expansion ? SSL_COMP_get_name(expansion) : "NONE");
+#endif
 	SSL_SESSION_print(bio,SSL_get_session(s));
 	BIO_printf(bio,"---\n");
 	if (peer != NULL)

apps/s_server.c

@@ -153,6 +153,12 @@ typedef unsigned int u_int;
 #include <openssl/x509.h>
 #include <openssl/ssl.h>
 #include <openssl/rand.h>
+#ifndef OPENSSL_NO_DH
+#include <openssl/dh.h>
+#endif
+#ifndef OPENSSL_NO_RSA
+#include <openssl/rsa.h>
+#endif
 #include "s_apps.h"
 #include "timeouts.h"
 
@@ -530,7 +536,9 @@ int MAIN(int argc, char *argv[])
 	char *CApath=NULL,*CAfile=NULL;
 	unsigned char *context = NULL;
 	char *dhfile = NULL;
+#ifndef OPENSSL_NO_ECDH
 	char *named_curve = NULL;
+#endif
 	int badop=0,bugs=0;
 	int ret=1;
 	int off=0;
@@ -824,21 +832,24 @@ bad:
 	if (s_key_file == NULL)
 		s_key_file = s_cert_file;
 
-	s_key = load_key(bio_err, s_key_file, s_key_format, 0, pass, e,
-		       "server certificate private key file");
-	if (!s_key)
+	if (nocert == 0)
 		{
-		ERR_print_errors(bio_err);
-		goto end;
-		}
+		s_key = load_key(bio_err, s_key_file, s_key_format, 0, pass, e,
+		       "server certificate private key file");
+		if (!s_key)
+			{
+			ERR_print_errors(bio_err);
+			goto end;
+			}
 
-	s_cert = load_cert(bio_err,s_cert_file,s_cert_format,
+		s_cert = load_cert(bio_err,s_cert_file,s_cert_format,
 			NULL, e, "server certificate file");
 
-	if (!s_cert)
-		{
-		ERR_print_errors(bio_err);
-		goto end;
+		if (!s_cert)
+			{
+			ERR_print_errors(bio_err);
+			goto end;
+			}
 		}
 
 	if (s_dcert_file)

apps/smime.c

@@ -160,6 +160,14 @@ int MAIN(int argc, char **argv)
 				cipher = EVP_aes_192_cbc();
 		else if (!strcmp(*args,"-aes256"))
 				cipher = EVP_aes_256_cbc();
+#endif
+#ifndef OPENSSL_NO_CAMELLIA
+		else if (!strcmp(*args,"-camellia128"))
+				cipher = EVP_camellia_128_cbc();
+		else if (!strcmp(*args,"-camellia192"))
+				cipher = EVP_camellia_192_cbc();
+		else if (!strcmp(*args,"-camellia256"))
+				cipher = EVP_camellia_256_cbc();
 #endif
 		else if (!strcmp (*args, "-text")) 
 				flags |= PKCS7_TEXT;
@@ -384,9 +392,9 @@ int MAIN(int argc, char **argv)
 		}
 	else if (operation == SMIME_DECRYPT)
 		{
-		if (!recipfile)
+		if (!recipfile && !keyfile)
 			{
-			BIO_printf(bio_err, "No recipient certificate and key specified\n");
+			BIO_printf(bio_err, "No recipient certificate or key specified\n");
 			badarg = 1;
 			}
 		}
@@ -423,6 +431,10 @@ int MAIN(int argc, char **argv)
 #ifndef OPENSSL_NO_AES
 		BIO_printf (bio_err, "-aes128, -aes192, -aes256\n");
 		BIO_printf (bio_err, "               encrypt PEM output with cbc aes\n");
+#endif
+#ifndef OPENSSL_NO_CAMELLIA
+		BIO_printf (bio_err, "-camellia128, -camellia192, -camellia256\n");
+		BIO_printf (bio_err, "               encrypt PEM output with cbc camellia\n");
 #endif
 		BIO_printf (bio_err, "-nointern      don't search certificates in message for signer\n");
 		BIO_printf (bio_err, "-nosigs        don't verify message signature\n");
@@ -638,12 +650,6 @@ int MAIN(int argc, char **argv)
 		if ((flags & PKCS7_DETACHED) && (outformat == FORMAT_SMIME))
 			flags |= PKCS7_STREAM;
 		p7 = PKCS7_sign(signer, key, other, in, flags);
-		/* Don't need to rewind for partial signing */
-		if (!(flags & PKCS7_STREAM) && (BIO_reset(in) != 0))
-			{
-			BIO_printf(bio_err, "Can't rewind input file\n");
-			goto end;
-			}
 		}
 	else
 		{

apps/speed.c

@@ -164,6 +164,9 @@
 #ifndef OPENSSL_NO_AES
 #include <openssl/aes.h>
 #endif
+#ifndef OPENSSL_NO_CAMELLIA
+#include <openssl/camellia.h>
+#endif
 #ifndef OPENSSL_NO_MD2
 #include <openssl/md2.h>
 #endif
@@ -269,7 +272,7 @@ static void print_result(int alg,int run_no,int count,double time_used);
 static int do_multi(int multi);
 #endif
 
-#define ALGOR_NUM	21
+#define ALGOR_NUM	24
 #define SIZE_NUM	5
 #define RSA_NUM		4
 #define DSA_NUM		3
@@ -281,14 +284,24 @@ static const char *names[ALGOR_NUM]={
   "md2","mdc2","md4","md5","hmac(md5)","sha1","rmd160","rc4",
   "des cbc","des ede3","idea cbc",
   "rc2 cbc","rc5-32/12 cbc","blowfish cbc","cast cbc",
-  "aes-128 cbc","aes-192 cbc","aes-256 cbc","evp","sha256","sha512"};
+  "aes-128 cbc","aes-192 cbc","aes-256 cbc",
+  "camellia-128 cbc","camellia-192 cbc","camellia-256 cbc",
+  "evp","sha256","sha512"};
 static double results[ALGOR_NUM][SIZE_NUM];
 static int lengths[SIZE_NUM]={16,64,256,1024,8*1024};
 static double rsa_results[RSA_NUM][2];
 static double dsa_results[DSA_NUM][2];
+#ifndef OPENSSL_NO_ECDSA
 static double ecdsa_results[EC_NUM][2];
+#endif
+#ifndef OPENSSL_NO_ECDH
 static double ecdh_results[EC_NUM][1];
+#endif
 
+#if defined(OPENSSL_NO_DSA) && !(defined(OPENSSL_NO_ECDSA) && defined(OPENSSL_NO_ECDH))
+static const char rnd_seed[] = "string to make the random number generator think it has entropy";
+static int rnd_fake = 0;
+#endif
 
 #ifdef SIGALRM
 #if defined(__STDC__) || defined(sgi) || defined(_AIX)
@@ -448,6 +461,7 @@ static double Time_F(int s)
 #endif /* if defined(OPENSSL_SYS_NETWARE) */
 
 
+#ifndef OPENSSL_NO_ECDH
 static const int KDF1_SHA1_len = 20;
 static void *KDF1_SHA1(const void *in, size_t inlen, void *out, size_t *outlen)
 	{
@@ -459,8 +473,9 @@ static void *KDF1_SHA1(const void *in, size_t inlen, void *out, size_t *outlen)
 	return SHA1(in, inlen, out);
 #else
 	return NULL;
-#endif
+#endif	/* OPENSSL_NO_SHA */
 	}
+#endif	/* OPENSSL_NO_ECDH */
 
 
 int MAIN(int, char **);
@@ -538,6 +553,17 @@ int MAIN(int argc, char **argv)
 		 0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12,0x34,
 		 0x78,0x9a,0xbc,0xde,0xf0,0x12,0x34,0x56};
 #endif
+#ifndef OPENSSL_NO_CAMELLIA
+	static const unsigned char ckey24[24]=
+		{0x12,0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0,
+		 0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12,
+		 0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12,0x34};
+	static const unsigned char ckey32[32]=
+		{0x12,0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0,
+		 0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12,
+		 0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12,0x34,
+		 0x78,0x9a,0xbc,0xde,0xf0,0x12,0x34,0x56};
+#endif
 #ifndef OPENSSL_NO_AES
 #define MAX_BLOCK_SIZE 128
 #else
@@ -557,6 +583,9 @@ int MAIN(int argc, char **argv)
 #ifndef OPENSSL_NO_AES
 	AES_KEY aes_ks1, aes_ks2, aes_ks3;
 #endif
+#ifndef OPENSSL_NO_CAMELLIA
+	CAMELLIA_KEY camellia_ks1, camellia_ks2, camellia_ks3;
+#endif
 #define	D_MD2		0
 #define	D_MDC2		1
 #define	D_MD4		2
@@ -575,9 +604,12 @@ int MAIN(int argc, char **argv)
 #define D_CBC_128_AES	15
 #define D_CBC_192_AES	16
 #define D_CBC_256_AES	17
-#define D_EVP		18
-#define D_SHA256	19
-#define D_SHA512	20
+#define D_CBC_128_CML   18 
+#define D_CBC_192_CML   19
+#define D_CBC_256_CML   20 
+#define D_EVP		21
+#define D_SHA256	22	
+#define D_SHA512	23
 	double d=0.0;
 	long c[ALGOR_NUM][SIZE_NUM];
 #define	R_DSA_512	0
@@ -695,8 +727,12 @@ int MAIN(int argc, char **argv)
 
 	int rsa_doit[RSA_NUM];
 	int dsa_doit[DSA_NUM];
+#ifndef OPENSSL_NO_ECDSA
 	int ecdsa_doit[EC_NUM];
+#endif
+#ifndef OPENSSL_NO_ECDH
         int ecdh_doit[EC_NUM];
+#endif
 	int doit[ALGOR_NUM];
 	int pr_header=0;
 	const EVP_CIPHER *evp_cipher=NULL;
@@ -916,6 +952,12 @@ int MAIN(int argc, char **argv)
 		else	if (strcmp(*argv,"aes-256-cbc") == 0) doit[D_CBC_256_AES]=1;
 		else
 #endif
+#ifndef OPENSSL_NO_CAMELLIA
+			if (strcmp(*argv,"camellia-128-cbc") == 0) doit[D_CBC_128_CML]=1;
+		else    if (strcmp(*argv,"camellia-192-cbc") == 0) doit[D_CBC_192_CML]=1;
+		else    if (strcmp(*argv,"camellia-256-cbc") == 0) doit[D_CBC_256_CML]=1;
+		else
+#endif
 #ifndef OPENSSL_NO_RSA
 #if 0 /* was: #ifdef RSAref */
 			if (strcmp(*argv,"rsaref") == 0) 
@@ -986,6 +1028,15 @@ int MAIN(int argc, char **argv)
 			}
 		else
 #endif
+#ifndef OPENSSL_NO_CAMELLIA
+			if (strcmp(*argv,"camellia") == 0)
+			{
+			doit[D_CBC_128_CML]=1;
+			doit[D_CBC_192_CML]=1;
+			doit[D_CBC_256_CML]=1;
+			}
+		else
+#endif
 #ifndef OPENSSL_NO_RSA
 			if (strcmp(*argv,"rsa") == 0)
 			{
@@ -1112,6 +1163,10 @@ int MAIN(int argc, char **argv)
 #ifndef OPENSSL_NO_AES
 			BIO_printf(bio_err,"aes-128-cbc aes-192-cbc aes-256-cbc ");
 #endif
+#ifndef OPENSSL_NO_CAMELLIA
+			BIO_printf(bio_err,"\n");
+			BIO_printf(bio_err,"camellia-128-cbc camellia-192-cbc camellia-256-cbc ");
+#endif
 #ifndef OPENSSL_NO_RC4
 			BIO_printf(bio_err,"rc4");
 #endif
@@ -1149,6 +1204,9 @@ int MAIN(int argc, char **argv)
 #ifndef OPENSSL_NO_AES
 			BIO_printf(bio_err,"aes      ");
 #endif
+#ifndef OPENSSL_NO_CAMELLIA
+			BIO_printf(bio_err,"camellia ");
+#endif
 #ifndef OPENSSL_NO_RSA
 			BIO_printf(bio_err,"rsa      ");
 #endif
@@ -1157,7 +1215,8 @@ int MAIN(int argc, char **argv)
 #endif
 #if !defined(OPENSSL_NO_IDEA) || !defined(OPENSSL_NO_RC2) || \
     !defined(OPENSSL_NO_DES) || !defined(OPENSSL_NO_RSA) || \
-    !defined(OPENSSL_NO_BF) || !defined(OPENSSL_NO_AES)
+    !defined(OPENSSL_NO_BF) || !defined(OPENSSL_NO_AES) || \
+    !defined(OPENSSL_NO_CAMELLIA) 
 			BIO_printf(bio_err,"\n");
 #endif
 
@@ -1251,6 +1310,11 @@ int MAIN(int argc, char **argv)
 	AES_set_encrypt_key(key24,192,&aes_ks2);
 	AES_set_encrypt_key(key32,256,&aes_ks3);
 #endif
+#ifndef OPENSSL_NO_CAMELLIA
+	Camellia_set_key(key16,128,&camellia_ks1);
+	Camellia_set_key(ckey24,192,&camellia_ks2);
+	Camellia_set_key(ckey32,256,&camellia_ks3);
+#endif
 #ifndef OPENSSL_NO_IDEA
 	idea_set_encrypt_key(key16,&idea_ks);
 #endif
@@ -1304,6 +1368,9 @@ int MAIN(int argc, char **argv)
 	c[D_CBC_128_AES][0]=count;
 	c[D_CBC_192_AES][0]=count;
 	c[D_CBC_256_AES][0]=count;
+	c[D_CBC_128_CML][0]=count;
+	c[D_CBC_192_CML][0]=count;
+	c[D_CBC_256_CML][0]=count;
 	c[D_SHA256][0]=count;
 	c[D_SHA512][0]=count;
 
@@ -1336,6 +1403,9 @@ int MAIN(int argc, char **argv)
 		c[D_CBC_128_AES][i]=c[D_CBC_128_AES][i-1]*l0/l1;
 		c[D_CBC_192_AES][i]=c[D_CBC_192_AES][i-1]*l0/l1;
 		c[D_CBC_256_AES][i]=c[D_CBC_256_AES][i-1]*l0/l1;
+ 		c[D_CBC_128_CML][i]=c[D_CBC_128_CML][i-1]*l0/l1;
+		c[D_CBC_192_CML][i]=c[D_CBC_192_CML][i-1]*l0/l1;
+		c[D_CBC_256_CML][i]=c[D_CBC_256_CML][i-1]*l0/l1;
 		}
 #ifndef OPENSSL_NO_RSA
 	rsa_c[R_RSA_512][0]=count/2000;
@@ -1729,6 +1799,51 @@ int MAIN(int argc, char **argv)
 			}
 		}
 
+#endif
+#ifndef OPENSSL_NO_CAMELLIA
+	if (doit[D_CBC_128_CML])
+		{
+		for (j=0; j<SIZE_NUM; j++)
+			{
+			print_message(names[D_CBC_128_CML],c[D_CBC_128_CML][j],lengths[j]);
+			Time_F(START);
+			for (count=0,run=1; COND(c[D_CBC_128_CML][j]); count++)
+				Camellia_cbc_encrypt(buf,buf,
+				        (unsigned long)lengths[j],&camellia_ks1,
+				        iv,CAMELLIA_ENCRYPT);
+			d=Time_F(STOP);
+			print_result(D_CBC_128_CML,j,count,d);
+			}
+		}
+	if (doit[D_CBC_192_CML])
+		{
+		for (j=0; j<SIZE_NUM; j++)
+			{
+			print_message(names[D_CBC_192_CML],c[D_CBC_192_CML][j],lengths[j]);
+			Time_F(START);
+			for (count=0,run=1; COND(c[D_CBC_192_CML][j]); count++)
+				Camellia_cbc_encrypt(buf,buf,
+				        (unsigned long)lengths[j],&camellia_ks2,
+				        iv,CAMELLIA_ENCRYPT);
+			d=Time_F(STOP);
+			print_result(D_CBC_192_CML,j,count,d);
+			}
+		}
+	if (doit[D_CBC_256_CML])
+		{
+		for (j=0; j<SIZE_NUM; j++)
+			{
+			print_message(names[D_CBC_256_CML],c[D_CBC_256_CML][j],lengths[j]);
+			Time_F(START);
+			for (count=0,run=1; COND(c[D_CBC_256_CML][j]); count++)
+				Camellia_cbc_encrypt(buf,buf,
+				        (unsigned long)lengths[j],&camellia_ks3,
+				        iv,CAMELLIA_ENCRYPT);
+			d=Time_F(STOP);
+			print_result(D_CBC_256_CML,j,count,d);
+			}
+		}
+
 #endif
 #ifndef OPENSSL_NO_IDEA
 	if (doit[D_CBC_IDEA])
@@ -2508,6 +2623,7 @@ static void print_result(int alg,int run_no,int count,double time_used)
 	results[alg][run_no]=((double)count)/time_used*lengths[run_no];
 	}
 
+#ifdef HAVE_FORK
 static char *sstrsep(char **string, const char *delim)
     {
     char isdelim[256];
@@ -2539,7 +2655,6 @@ static char *sstrsep(char **string, const char *delim)
     return token;
     }
 
-#ifdef HAVE_FORK
 static int do_multi(int multi)
 	{
 	int n;

apps/x509.c

@@ -73,8 +73,12 @@
 #include <openssl/x509v3.h>
 #include <openssl/objects.h>
 #include <openssl/pem.h>
+#ifndef OPENSSL_NO_RSA
 #include <openssl/rsa.h>
+#endif
+#ifndef OPENSSL_NO_DSA
 #include <openssl/dsa.h>
+#endif
 
 #undef PROG
 #define PROG x509_main

config

@@ -406,7 +406,7 @@ if [ "$GCCVER" != "" ]; then
   CC=gcc
   # then strip off whatever prefix egcs prepends the number with...
   # Hopefully, this will work for any future prefixes as well.
-  GCCVER=`echo $GCCVER | sed 's/^[a-zA-Z]*\-//'`
+  GCCVER=`echo $GCCVER | LC_ALL=C sed 's/^[a-zA-Z]*\-//'`
   # Since gcc 3.1 gcc --version behaviour has changed.  gcc -dumpversion
   # does give us what we want though, so we use that.  We just just the
   # major and minor version numbers.
@@ -451,8 +451,6 @@ if [ "$SYSTEM" = "SunOS" ]; then
       echo "         patch #107357-01 or later applied."
       sleep 5
     fi
-  elif [ "$CC" = "cc" -a $CCVER -gt 0 ]; then
-    CC=sc3
   fi
 fi
 
@@ -719,9 +717,9 @@ case "$GUESSOS" in
 		fi
 	     fi
 	elif [ $CPU_VERSION -ge 528 ]; then	# PA-RISC 1.1+ CPU
-	     OUT="hpux-parisc-${CC}
+	     OUT="hpux-parisc-${CC}"
 	elif [ $CPU_VERSION -ge 523 ]; then	# PA-RISC 1.0 CPU
-	     OUT="hpux-parisc-${CC}
+	     OUT="hpux-parisc-${CC}"
 	else					# Motorola(?) CPU
 	     OUT="hpux-$CC"
 	fi
@@ -747,6 +745,11 @@ case "$GUESSOS" in
 		fi
 	    fi
 	fi
+	if (lsattr -E -O -l proc0 | grep -i powerpc) >/dev/null 2>&1; then
+	    :	# this applies even to Power3 and later, as they return PowerPC_POWER[345]
+	else
+	    options="$options no-asm"
+	fi
 	;;
   # these are all covered by the catchall below
   # *-dgux) OUT="dgux" ;;
@@ -791,7 +794,7 @@ case "$GUESSOS" in
   i386-*) options="$options 386" ;;
 esac
 
-for i in bf cast des dh dsa ec hmac idea md2 md5 mdc2 rc2 rc4 rc5 aes ripemd rsa sha
+for i in aes bf camellia cast des dh dsa ec hmac idea md2 md5 mdc2 rc2 rc4 rc5 ripemd rsa sha
 do
   if [ ! -d crypto/$i ]
   then

crypto/Makefile

@@ -1,5 +1,5 @@
 #
-# SSLeay/crypto/Makefile
+# OpenSSL/crypto/Makefile
 #
 
 DIR=		crypto
@@ -94,10 +94,12 @@ links:
 	@$(PERL) $(TOP)/util/mklink.pl ../apps $(APPS)
 	@target=links; $(RECURSIVE_MAKE)
 
-lib:	$(LIBOBJ)
+# lib: and $(LIB): are splitted to avoid end-less loop
+lib:	$(LIB)
+	@touch lib
+$(LIB):	$(LIBOBJ)
 	$(AR) $(LIB) $(LIBOBJ)
 	$(RANLIB) $(LIB) || echo Never mind.
-	@touch lib
 
 shared: buildinf.h lib subdirs
 	if [ -n "$(SHARED_LIBS)" ]; then \

crypto/aes/Makefile

@@ -23,8 +23,10 @@ TEST=
 APPS=
 
 LIB=$(TOP)/libcrypto.a
-LIBSRC=aes_core.c aes_misc.c aes_ecb.c aes_cbc.c aes_cfb.c aes_ofb.c aes_ctr.c
-LIBOBJ=aes_misc.o aes_ecb.o aes_cfb.o aes_ofb.o aes_ctr.o $(AES_ASM_OBJ)
+LIBSRC=aes_core.c aes_misc.c aes_ecb.c aes_cbc.c aes_cfb.c aes_ofb.c \
+       aes_ctr.c aes_ige.c
+LIBOBJ=aes_misc.o aes_ecb.o aes_cfb.o aes_ofb.o aes_ctr.o aes_ige.o \
+       $(AES_ASM_OBJ)
 
 SRC= $(LIBSRC)
 

crypto/aes/aes.h

@@ -119,6 +119,17 @@ void AES_ctr128_encrypt(const unsigned char *in, unsigned char *out,
 	unsigned char ecount_buf[AES_BLOCK_SIZE],
 	unsigned int *num);
 
+/* For IGE, see also http://www.links.org/files/openssl-ige.pdf */
+/* NB: the IV is _two_ blocks long */
+void AES_ige_encrypt(const unsigned char *in, unsigned char *out,
+		     const unsigned long length, const AES_KEY *key,
+		     unsigned char *ivec, const int enc);
+/* NB: the IV is _four_ blocks long */
+void AES_bi_ige_encrypt(const unsigned char *in, unsigned char *out,
+			const unsigned long length, const AES_KEY *key,
+			const AES_KEY *key2, const unsigned char *ivec,
+			const int enc);
+
 
 #ifdef  __cplusplus
 }

crypto/aes/aes_core.c

@@ -44,22 +44,14 @@ Te0[x] = S [x].[02, 01, 01, 03];
 Te1[x] = S [x].[03, 02, 01, 01];
 Te2[x] = S [x].[01, 03, 02, 01];
 Te3[x] = S [x].[01, 01, 03, 02];
-Te4[x] = S [x].[01, 01, 01, 01];
 
 Td0[x] = Si[x].[0e, 09, 0d, 0b];
 Td1[x] = Si[x].[0b, 0e, 09, 0d];
 Td2[x] = Si[x].[0d, 0b, 0e, 09];
 Td3[x] = Si[x].[09, 0d, 0b, 0e];
-Td4[x] = Si[x].[01, 01, 01, 01];
+Td4[x] = Si[x].[01];
 */
 
-#ifdef AES_ASM
-extern const u32 AES_Te[5][256];
-#define Te0 AES_Te[0]
-#define Te1 AES_Te[1]
-#define Te2 AES_Te[2]
-#define Te3 AES_Te[3]
-#else
 static const u32 Te0[256] = {
     0xc66363a5U, 0xf87c7c84U, 0xee777799U, 0xf67b7b8dU,
     0xfff2f20dU, 0xd66b6bbdU, 0xde6f6fb1U, 0x91c5c554U,
@@ -324,81 +316,7 @@ static const u32 Te3[256] = {
     0x4141c382U, 0x9999b029U, 0x2d2d775aU, 0x0f0f111eU,
     0xb0b0cb7bU, 0x5454fca8U, 0xbbbbd66dU, 0x16163a2cU,
 };
-#endif
-static const u32 Te4[256] = {
-    0x63636363U, 0x7c7c7c7cU, 0x77777777U, 0x7b7b7b7bU,
-    0xf2f2f2f2U, 0x6b6b6b6bU, 0x6f6f6f6fU, 0xc5c5c5c5U,
-    0x30303030U, 0x01010101U, 0x67676767U, 0x2b2b2b2bU,
-    0xfefefefeU, 0xd7d7d7d7U, 0xababababU, 0x76767676U,
-    0xcacacacaU, 0x82828282U, 0xc9c9c9c9U, 0x7d7d7d7dU,
-    0xfafafafaU, 0x59595959U, 0x47474747U, 0xf0f0f0f0U,
-    0xadadadadU, 0xd4d4d4d4U, 0xa2a2a2a2U, 0xafafafafU,
-    0x9c9c9c9cU, 0xa4a4a4a4U, 0x72727272U, 0xc0c0c0c0U,
-    0xb7b7b7b7U, 0xfdfdfdfdU, 0x93939393U, 0x26262626U,
-    0x36363636U, 0x3f3f3f3fU, 0xf7f7f7f7U, 0xccccccccU,
-    0x34343434U, 0xa5a5a5a5U, 0xe5e5e5e5U, 0xf1f1f1f1U,
-    0x71717171U, 0xd8d8d8d8U, 0x31313131U, 0x15151515U,
-    0x04040404U, 0xc7c7c7c7U, 0x23232323U, 0xc3c3c3c3U,
-    0x18181818U, 0x96969696U, 0x05050505U, 0x9a9a9a9aU,
-    0x07070707U, 0x12121212U, 0x80808080U, 0xe2e2e2e2U,
-    0xebebebebU, 0x27272727U, 0xb2b2b2b2U, 0x75757575U,
-    0x09090909U, 0x83838383U, 0x2c2c2c2cU, 0x1a1a1a1aU,
-    0x1b1b1b1bU, 0x6e6e6e6eU, 0x5a5a5a5aU, 0xa0a0a0a0U,
-    0x52525252U, 0x3b3b3b3bU, 0xd6d6d6d6U, 0xb3b3b3b3U,
-    0x29292929U, 0xe3e3e3e3U, 0x2f2f2f2fU, 0x84848484U,
-    0x53535353U, 0xd1d1d1d1U, 0x00000000U, 0xededededU,
-    0x20202020U, 0xfcfcfcfcU, 0xb1b1b1b1U, 0x5b5b5b5bU,
-    0x6a6a6a6aU, 0xcbcbcbcbU, 0xbebebebeU, 0x39393939U,
-    0x4a4a4a4aU, 0x4c4c4c4cU, 0x58585858U, 0xcfcfcfcfU,
-    0xd0d0d0d0U, 0xefefefefU, 0xaaaaaaaaU, 0xfbfbfbfbU,
-    0x43434343U, 0x4d4d4d4dU, 0x33333333U, 0x85858585U,
-    0x45454545U, 0xf9f9f9f9U, 0x02020202U, 0x7f7f7f7fU,
-    0x50505050U, 0x3c3c3c3cU, 0x9f9f9f9fU, 0xa8a8a8a8U,
-    0x51515151U, 0xa3a3a3a3U, 0x40404040U, 0x8f8f8f8fU,
-    0x92929292U, 0x9d9d9d9dU, 0x38383838U, 0xf5f5f5f5U,
-    0xbcbcbcbcU, 0xb6b6b6b6U, 0xdadadadaU, 0x21212121U,
-    0x10101010U, 0xffffffffU, 0xf3f3f3f3U, 0xd2d2d2d2U,
-    0xcdcdcdcdU, 0x0c0c0c0cU, 0x13131313U, 0xececececU,
-    0x5f5f5f5fU, 0x97979797U, 0x44444444U, 0x17171717U,
-    0xc4c4c4c4U, 0xa7a7a7a7U, 0x7e7e7e7eU, 0x3d3d3d3dU,
-    0x64646464U, 0x5d5d5d5dU, 0x19191919U, 0x73737373U,
-    0x60606060U, 0x81818181U, 0x4f4f4f4fU, 0xdcdcdcdcU,
-    0x22222222U, 0x2a2a2a2aU, 0x90909090U, 0x88888888U,
-    0x46464646U, 0xeeeeeeeeU, 0xb8b8b8b8U, 0x14141414U,
-    0xdedededeU, 0x5e5e5e5eU, 0x0b0b0b0bU, 0xdbdbdbdbU,
-    0xe0e0e0e0U, 0x32323232U, 0x3a3a3a3aU, 0x0a0a0a0aU,
-    0x49494949U, 0x06060606U, 0x24242424U, 0x5c5c5c5cU,
-    0xc2c2c2c2U, 0xd3d3d3d3U, 0xacacacacU, 0x62626262U,
-    0x91919191U, 0x95959595U, 0xe4e4e4e4U, 0x79797979U,
-    0xe7e7e7e7U, 0xc8c8c8c8U, 0x37373737U, 0x6d6d6d6dU,
-    0x8d8d8d8dU, 0xd5d5d5d5U, 0x4e4e4e4eU, 0xa9a9a9a9U,
-    0x6c6c6c6cU, 0x56565656U, 0xf4f4f4f4U, 0xeaeaeaeaU,
-    0x65656565U, 0x7a7a7a7aU, 0xaeaeaeaeU, 0x08080808U,
-    0xbabababaU, 0x78787878U, 0x25252525U, 0x2e2e2e2eU,
-    0x1c1c1c1cU, 0xa6a6a6a6U, 0xb4b4b4b4U, 0xc6c6c6c6U,
-    0xe8e8e8e8U, 0xddddddddU, 0x74747474U, 0x1f1f1f1fU,
-    0x4b4b4b4bU, 0xbdbdbdbdU, 0x8b8b8b8bU, 0x8a8a8a8aU,
-    0x70707070U, 0x3e3e3e3eU, 0xb5b5b5b5U, 0x66666666U,
-    0x48484848U, 0x03030303U, 0xf6f6f6f6U, 0x0e0e0e0eU,
-    0x61616161U, 0x35353535U, 0x57575757U, 0xb9b9b9b9U,
-    0x86868686U, 0xc1c1c1c1U, 0x1d1d1d1dU, 0x9e9e9e9eU,
-    0xe1e1e1e1U, 0xf8f8f8f8U, 0x98989898U, 0x11111111U,
-    0x69696969U, 0xd9d9d9d9U, 0x8e8e8e8eU, 0x94949494U,
-    0x9b9b9b9bU, 0x1e1e1e1eU, 0x87878787U, 0xe9e9e9e9U,
-    0xcecececeU, 0x55555555U, 0x28282828U, 0xdfdfdfdfU,
-    0x8c8c8c8cU, 0xa1a1a1a1U, 0x89898989U, 0x0d0d0d0dU,
-    0xbfbfbfbfU, 0xe6e6e6e6U, 0x42424242U, 0x68686868U,
-    0x41414141U, 0x99999999U, 0x2d2d2d2dU, 0x0f0f0f0fU,
-    0xb0b0b0b0U, 0x54545454U, 0xbbbbbbbbU, 0x16161616U,
-};
 
-#ifdef AES_ASM
-extern const u32 AES_Td[5][256];
-#define Td0 AES_Td[0]
-#define Td1 AES_Td[1]
-#define Td2 AES_Td[2]
-#define Td3 AES_Td[3]
-#else
 static const u32 Td0[256] = {
     0x51f4a750U, 0x7e416553U, 0x1a17a4c3U, 0x3a275e96U,
     0x3bab6bcbU, 0x1f9d45f1U, 0xacfa58abU, 0x4be30393U,
@@ -663,72 +581,39 @@ static const u32 Td3[256] = {
     0xa8017139U, 0x0cb3de08U, 0xb4e49cd8U, 0x56c19064U,
     0xcb84617bU, 0x32b670d5U, 0x6c5c7448U, 0xb85742d0U,
 };
-#endif
-static const u32 Td4[256] = {
-    0x52525252U, 0x09090909U, 0x6a6a6a6aU, 0xd5d5d5d5U,
-    0x30303030U, 0x36363636U, 0xa5a5a5a5U, 0x38383838U,
-    0xbfbfbfbfU, 0x40404040U, 0xa3a3a3a3U, 0x9e9e9e9eU,
-    0x81818181U, 0xf3f3f3f3U, 0xd7d7d7d7U, 0xfbfbfbfbU,
-    0x7c7c7c7cU, 0xe3e3e3e3U, 0x39393939U, 0x82828282U,
-    0x9b9b9b9bU, 0x2f2f2f2fU, 0xffffffffU, 0x87878787U,
-    0x34343434U, 0x8e8e8e8eU, 0x43434343U, 0x44444444U,
-    0xc4c4c4c4U, 0xdedededeU, 0xe9e9e9e9U, 0xcbcbcbcbU,
-    0x54545454U, 0x7b7b7b7bU, 0x94949494U, 0x32323232U,
-    0xa6a6a6a6U, 0xc2c2c2c2U, 0x23232323U, 0x3d3d3d3dU,
-    0xeeeeeeeeU, 0x4c4c4c4cU, 0x95959595U, 0x0b0b0b0bU,
-    0x42424242U, 0xfafafafaU, 0xc3c3c3c3U, 0x4e4e4e4eU,
-    0x08080808U, 0x2e2e2e2eU, 0xa1a1a1a1U, 0x66666666U,
-    0x28282828U, 0xd9d9d9d9U, 0x24242424U, 0xb2b2b2b2U,
-    0x76767676U, 0x5b5b5b5bU, 0xa2a2a2a2U, 0x49494949U,
-    0x6d6d6d6dU, 0x8b8b8b8bU, 0xd1d1d1d1U, 0x25252525U,
-    0x72727272U, 0xf8f8f8f8U, 0xf6f6f6f6U, 0x64646464U,
-    0x86868686U, 0x68686868U, 0x98989898U, 0x16161616U,
-    0xd4d4d4d4U, 0xa4a4a4a4U, 0x5c5c5c5cU, 0xccccccccU,
-    0x5d5d5d5dU, 0x65656565U, 0xb6b6b6b6U, 0x92929292U,
-    0x6c6c6c6cU, 0x70707070U, 0x48484848U, 0x50505050U,
-    0xfdfdfdfdU, 0xededededU, 0xb9b9b9b9U, 0xdadadadaU,
-    0x5e5e5e5eU, 0x15151515U, 0x46464646U, 0x57575757U,
-    0xa7a7a7a7U, 0x8d8d8d8dU, 0x9d9d9d9dU, 0x84848484U,
-    0x90909090U, 0xd8d8d8d8U, 0xababababU, 0x00000000U,
-    0x8c8c8c8cU, 0xbcbcbcbcU, 0xd3d3d3d3U, 0x0a0a0a0aU,
-    0xf7f7f7f7U, 0xe4e4e4e4U, 0x58585858U, 0x05050505U,
-    0xb8b8b8b8U, 0xb3b3b3b3U, 0x45454545U, 0x06060606U,
-    0xd0d0d0d0U, 0x2c2c2c2cU, 0x1e1e1e1eU, 0x8f8f8f8fU,
-    0xcacacacaU, 0x3f3f3f3fU, 0x0f0f0f0fU, 0x02020202U,
-    0xc1c1c1c1U, 0xafafafafU, 0xbdbdbdbdU, 0x03030303U,
-    0x01010101U, 0x13131313U, 0x8a8a8a8aU, 0x6b6b6b6bU,
-    0x3a3a3a3aU, 0x91919191U, 0x11111111U, 0x41414141U,
-    0x4f4f4f4fU, 0x67676767U, 0xdcdcdcdcU, 0xeaeaeaeaU,
-    0x97979797U, 0xf2f2f2f2U, 0xcfcfcfcfU, 0xcecececeU,
-    0xf0f0f0f0U, 0xb4b4b4b4U, 0xe6e6e6e6U, 0x73737373U,
-    0x96969696U, 0xacacacacU, 0x74747474U, 0x22222222U,
-    0xe7e7e7e7U, 0xadadadadU, 0x35353535U, 0x85858585U,
-    0xe2e2e2e2U, 0xf9f9f9f9U, 0x37373737U, 0xe8e8e8e8U,
-    0x1c1c1c1cU, 0x75757575U, 0xdfdfdfdfU, 0x6e6e6e6eU,
-    0x47474747U, 0xf1f1f1f1U, 0x1a1a1a1aU, 0x71717171U,
-    0x1d1d1d1dU, 0x29292929U, 0xc5c5c5c5U, 0x89898989U,
-    0x6f6f6f6fU, 0xb7b7b7b7U, 0x62626262U, 0x0e0e0e0eU,
-    0xaaaaaaaaU, 0x18181818U, 0xbebebebeU, 0x1b1b1b1bU,
-    0xfcfcfcfcU, 0x56565656U, 0x3e3e3e3eU, 0x4b4b4b4bU,
-    0xc6c6c6c6U, 0xd2d2d2d2U, 0x79797979U, 0x20202020U,
-    0x9a9a9a9aU, 0xdbdbdbdbU, 0xc0c0c0c0U, 0xfefefefeU,
-    0x78787878U, 0xcdcdcdcdU, 0x5a5a5a5aU, 0xf4f4f4f4U,
-    0x1f1f1f1fU, 0xddddddddU, 0xa8a8a8a8U, 0x33333333U,
-    0x88888888U, 0x07070707U, 0xc7c7c7c7U, 0x31313131U,
-    0xb1b1b1b1U, 0x12121212U, 0x10101010U, 0x59595959U,
-    0x27272727U, 0x80808080U, 0xececececU, 0x5f5f5f5fU,
-    0x60606060U, 0x51515151U, 0x7f7f7f7fU, 0xa9a9a9a9U,
-    0x19191919U, 0xb5b5b5b5U, 0x4a4a4a4aU, 0x0d0d0d0dU,
-    0x2d2d2d2dU, 0xe5e5e5e5U, 0x7a7a7a7aU, 0x9f9f9f9fU,
-    0x93939393U, 0xc9c9c9c9U, 0x9c9c9c9cU, 0xefefefefU,
-    0xa0a0a0a0U, 0xe0e0e0e0U, 0x3b3b3b3bU, 0x4d4d4d4dU,
-    0xaeaeaeaeU, 0x2a2a2a2aU, 0xf5f5f5f5U, 0xb0b0b0b0U,
-    0xc8c8c8c8U, 0xebebebebU, 0xbbbbbbbbU, 0x3c3c3c3cU,
-    0x83838383U, 0x53535353U, 0x99999999U, 0x61616161U,
-    0x17171717U, 0x2b2b2b2bU, 0x04040404U, 0x7e7e7e7eU,
-    0xbabababaU, 0x77777777U, 0xd6d6d6d6U, 0x26262626U,
-    0xe1e1e1e1U, 0x69696969U, 0x14141414U, 0x63636363U,
-    0x55555555U, 0x21212121U, 0x0c0c0c0cU, 0x7d7d7d7dU,
+static const u8 Td4[256] = {
+    0x52U, 0x09U, 0x6aU, 0xd5U, 0x30U, 0x36U, 0xa5U, 0x38U,
+    0xbfU, 0x40U, 0xa3U, 0x9eU, 0x81U, 0xf3U, 0xd7U, 0xfbU,
+    0x7cU, 0xe3U, 0x39U, 0x82U, 0x9bU, 0x2fU, 0xffU, 0x87U,
+    0x34U, 0x8eU, 0x43U, 0x44U, 0xc4U, 0xdeU, 0xe9U, 0xcbU,
+    0x54U, 0x7bU, 0x94U, 0x32U, 0xa6U, 0xc2U, 0x23U, 0x3dU,
+    0xeeU, 0x4cU, 0x95U, 0x0bU, 0x42U, 0xfaU, 0xc3U, 0x4eU,
+    0x08U, 0x2eU, 0xa1U, 0x66U, 0x28U, 0xd9U, 0x24U, 0xb2U,
+    0x76U, 0x5bU, 0xa2U, 0x49U, 0x6dU, 0x8bU, 0xd1U, 0x25U,
+    0x72U, 0xf8U, 0xf6U, 0x64U, 0x86U, 0x68U, 0x98U, 0x16U,
+    0xd4U, 0xa4U, 0x5cU, 0xccU, 0x5dU, 0x65U, 0xb6U, 0x92U,
+    0x6cU, 0x70U, 0x48U, 0x50U, 0xfdU, 0xedU, 0xb9U, 0xdaU,
+    0x5eU, 0x15U, 0x46U, 0x57U, 0xa7U, 0x8dU, 0x9dU, 0x84U,
+    0x90U, 0xd8U, 0xabU, 0x00U, 0x8cU, 0xbcU, 0xd3U, 0x0aU,
+    0xf7U, 0xe4U, 0x58U, 0x05U, 0xb8U, 0xb3U, 0x45U, 0x06U,
+    0xd0U, 0x2cU, 0x1eU, 0x8fU, 0xcaU, 0x3fU, 0x0fU, 0x02U,
+    0xc1U, 0xafU, 0xbdU, 0x03U, 0x01U, 0x13U, 0x8aU, 0x6bU,
+    0x3aU, 0x91U, 0x11U, 0x41U, 0x4fU, 0x67U, 0xdcU, 0xeaU,
+    0x97U, 0xf2U, 0xcfU, 0xceU, 0xf0U, 0xb4U, 0xe6U, 0x73U,
+    0x96U, 0xacU, 0x74U, 0x22U, 0xe7U, 0xadU, 0x35U, 0x85U,
+    0xe2U, 0xf9U, 0x37U, 0xe8U, 0x1cU, 0x75U, 0xdfU, 0x6eU,
+    0x47U, 0xf1U, 0x1aU, 0x71U, 0x1dU, 0x29U, 0xc5U, 0x89U,
+    0x6fU, 0xb7U, 0x62U, 0x0eU, 0xaaU, 0x18U, 0xbeU, 0x1bU,
+    0xfcU, 0x56U, 0x3eU, 0x4bU, 0xc6U, 0xd2U, 0x79U, 0x20U,
+    0x9aU, 0xdbU, 0xc0U, 0xfeU, 0x78U, 0xcdU, 0x5aU, 0xf4U,
+    0x1fU, 0xddU, 0xa8U, 0x33U, 0x88U, 0x07U, 0xc7U, 0x31U,
+    0xb1U, 0x12U, 0x10U, 0x59U, 0x27U, 0x80U, 0xecU, 0x5fU,
+    0x60U, 0x51U, 0x7fU, 0xa9U, 0x19U, 0xb5U, 0x4aU, 0x0dU,
+    0x2dU, 0xe5U, 0x7aU, 0x9fU, 0x93U, 0xc9U, 0x9cU, 0xefU,
+    0xa0U, 0xe0U, 0x3bU, 0x4dU, 0xaeU, 0x2aU, 0xf5U, 0xb0U,
+    0xc8U, 0xebU, 0xbbU, 0x3cU, 0x83U, 0x53U, 0x99U, 0x61U,
+    0x17U, 0x2bU, 0x04U, 0x7eU, 0xbaU, 0x77U, 0xd6U, 0x26U,
+    0xe1U, 0x69U, 0x14U, 0x63U, 0x55U, 0x21U, 0x0cU, 0x7dU,
 };
 static const u32 rcon[] = {
 	0x01000000, 0x02000000, 0x04000000, 0x08000000,
@@ -768,10 +653,10 @@ int AES_set_encrypt_key(const unsigned char *userKey, const int bits,
 		while (1) {
 			temp  = rk[3];
 			rk[4] = rk[0] ^
-				(Te4[(temp >> 16) & 0xff] & 0xff000000) ^
-				(Te4[(temp >>  8) & 0xff] & 0x00ff0000) ^
-				(Te4[(temp      ) & 0xff] & 0x0000ff00) ^
-				(Te4[(temp >> 24)       ] & 0x000000ff) ^
+				(Te2[(temp >> 16) & 0xff] & 0xff000000) ^
+				(Te3[(temp >>  8) & 0xff] & 0x00ff0000) ^
+				(Te0[(temp      ) & 0xff] & 0x0000ff00) ^
+				(Te1[(temp >> 24)       ] & 0x000000ff) ^
 				rcon[i];
 			rk[5] = rk[1] ^ rk[4];
 			rk[6] = rk[2] ^ rk[5];
@@ -788,10 +673,10 @@ int AES_set_encrypt_key(const unsigned char *userKey, const int bits,
 		while (1) {
 			temp = rk[ 5];
 			rk[ 6] = rk[ 0] ^
-				(Te4[(temp >> 16) & 0xff] & 0xff000000) ^
-				(Te4[(temp >>  8) & 0xff] & 0x00ff0000) ^
-				(Te4[(temp      ) & 0xff] & 0x0000ff00) ^
-				(Te4[(temp >> 24)       ] & 0x000000ff) ^
+				(Te2[(temp >> 16) & 0xff] & 0xff000000) ^
+				(Te3[(temp >>  8) & 0xff] & 0x00ff0000) ^
+				(Te0[(temp      ) & 0xff] & 0x0000ff00) ^
+				(Te1[(temp >> 24)       ] & 0x000000ff) ^
 				rcon[i];
 			rk[ 7] = rk[ 1] ^ rk[ 6];
 			rk[ 8] = rk[ 2] ^ rk[ 7];
@@ -810,10 +695,10 @@ int AES_set_encrypt_key(const unsigned char *userKey, const int bits,
 		while (1) {
 			temp = rk[ 7];
 			rk[ 8] = rk[ 0] ^
-				(Te4[(temp >> 16) & 0xff] & 0xff000000) ^
-				(Te4[(temp >>  8) & 0xff] & 0x00ff0000) ^
-				(Te4[(temp      ) & 0xff] & 0x0000ff00) ^
-				(Te4[(temp >> 24)       ] & 0x000000ff) ^
+				(Te2[(temp >> 16) & 0xff] & 0xff000000) ^
+				(Te3[(temp >>  8) & 0xff] & 0x00ff0000) ^
+				(Te0[(temp      ) & 0xff] & 0x0000ff00) ^
+				(Te1[(temp >> 24)       ] & 0x000000ff) ^
 				rcon[i];
 			rk[ 9] = rk[ 1] ^ rk[ 8];
 			rk[10] = rk[ 2] ^ rk[ 9];
@@ -823,10 +708,10 @@ int AES_set_encrypt_key(const unsigned char *userKey, const int bits,
 			}
 			temp = rk[11];
 			rk[12] = rk[ 4] ^
-				(Te4[(temp >> 24)       ] & 0xff000000) ^
-				(Te4[(temp >> 16) & 0xff] & 0x00ff0000) ^
-				(Te4[(temp >>  8) & 0xff] & 0x0000ff00) ^
-				(Te4[(temp      ) & 0xff] & 0x000000ff);
+				(Te2[(temp >> 24)       ] & 0xff000000) ^
+				(Te3[(temp >> 16) & 0xff] & 0x00ff0000) ^
+				(Te0[(temp >>  8) & 0xff] & 0x0000ff00) ^
+				(Te1[(temp      ) & 0xff] & 0x000000ff);
 			rk[13] = rk[ 5] ^ rk[12];
 			rk[14] = rk[ 6] ^ rk[13];
 			rk[15] = rk[ 7] ^ rk[14];
@@ -865,25 +750,25 @@ int AES_set_decrypt_key(const unsigned char *userKey, const int bits,
 	for (i = 1; i < (key->rounds); i++) {
 		rk += 4;
 		rk[0] =
-			Td0[Te4[(rk[0] >> 24)       ] & 0xff] ^
-			Td1[Te4[(rk[0] >> 16) & 0xff] & 0xff] ^
-			Td2[Te4[(rk[0] >>  8) & 0xff] & 0xff] ^
-			Td3[Te4[(rk[0]      ) & 0xff] & 0xff];
+			Td0[Te1[(rk[0] >> 24)       ] & 0xff] ^
+			Td1[Te1[(rk[0] >> 16) & 0xff] & 0xff] ^
+			Td2[Te1[(rk[0] >>  8) & 0xff] & 0xff] ^
+			Td3[Te1[(rk[0]      ) & 0xff] & 0xff];
 		rk[1] =
-			Td0[Te4[(rk[1] >> 24)       ] & 0xff] ^
-			Td1[Te4[(rk[1] >> 16) & 0xff] & 0xff] ^
-			Td2[Te4[(rk[1] >>  8) & 0xff] & 0xff] ^
-			Td3[Te4[(rk[1]      ) & 0xff] & 0xff];
+			Td0[Te1[(rk[1] >> 24)       ] & 0xff] ^
+			Td1[Te1[(rk[1] >> 16) & 0xff] & 0xff] ^
+			Td2[Te1[(rk[1] >>  8) & 0xff] & 0xff] ^
+			Td3[Te1[(rk[1]      ) & 0xff] & 0xff];
 		rk[2] =
-			Td0[Te4[(rk[2] >> 24)       ] & 0xff] ^
-			Td1[Te4[(rk[2] >> 16) & 0xff] & 0xff] ^
-			Td2[Te4[(rk[2] >>  8) & 0xff] & 0xff] ^
-			Td3[Te4[(rk[2]      ) & 0xff] & 0xff];
+			Td0[Te1[(rk[2] >> 24)       ] & 0xff] ^
+			Td1[Te1[(rk[2] >> 16) & 0xff] & 0xff] ^
+			Td2[Te1[(rk[2] >>  8) & 0xff] & 0xff] ^
+			Td3[Te1[(rk[2]      ) & 0xff] & 0xff];
 		rk[3] =
-			Td0[Te4[(rk[3] >> 24)       ] & 0xff] ^
-			Td1[Te4[(rk[3] >> 16) & 0xff] & 0xff] ^
-			Td2[Te4[(rk[3] >>  8) & 0xff] & 0xff] ^
-			Td3[Te4[(rk[3]      ) & 0xff] & 0xff];
+			Td0[Te1[(rk[3] >> 24)       ] & 0xff] ^
+			Td1[Te1[(rk[3] >> 16) & 0xff] & 0xff] ^
+			Td2[Te1[(rk[3] >>  8) & 0xff] & 0xff] ^
+			Td3[Te1[(rk[3]      ) & 0xff] & 0xff];
 	}
 	return 0;
 }
@@ -1051,31 +936,31 @@ void AES_encrypt(const unsigned char *in, unsigned char *out,
 	 * map cipher state to byte array block:
 	 */
 	s0 =
-		(Te4[(t0 >> 24)       ] & 0xff000000) ^
-		(Te4[(t1 >> 16) & 0xff] & 0x00ff0000) ^
-		(Te4[(t2 >>  8) & 0xff] & 0x0000ff00) ^
-		(Te4[(t3      ) & 0xff] & 0x000000ff) ^
+		(Te2[(t0 >> 24)       ] & 0xff000000) ^
+		(Te3[(t1 >> 16) & 0xff] & 0x00ff0000) ^
+		(Te0[(t2 >>  8) & 0xff] & 0x0000ff00) ^
+		(Te1[(t3      ) & 0xff] & 0x000000ff) ^
 		rk[0];
 	PUTU32(out     , s0);
 	s1 =
-		(Te4[(t1 >> 24)       ] & 0xff000000) ^
-		(Te4[(t2 >> 16) & 0xff] & 0x00ff0000) ^
-		(Te4[(t3 >>  8) & 0xff] & 0x0000ff00) ^
-		(Te4[(t0      ) & 0xff] & 0x000000ff) ^
+		(Te2[(t1 >> 24)       ] & 0xff000000) ^
+		(Te3[(t2 >> 16) & 0xff] & 0x00ff0000) ^
+		(Te0[(t3 >>  8) & 0xff] & 0x0000ff00) ^
+		(Te1[(t0      ) & 0xff] & 0x000000ff) ^
 		rk[1];
 	PUTU32(out +  4, s1);
 	s2 =
-		(Te4[(t2 >> 24)       ] & 0xff000000) ^
-		(Te4[(t3 >> 16) & 0xff] & 0x00ff0000) ^
-		(Te4[(t0 >>  8) & 0xff] & 0x0000ff00) ^
-		(Te4[(t1      ) & 0xff] & 0x000000ff) ^
+		(Te2[(t2 >> 24)       ] & 0xff000000) ^
+		(Te3[(t3 >> 16) & 0xff] & 0x00ff0000) ^
+		(Te0[(t0 >>  8) & 0xff] & 0x0000ff00) ^
+		(Te1[(t1      ) & 0xff] & 0x000000ff) ^
 		rk[2];
 	PUTU32(out +  8, s2);
 	s3 =
-		(Te4[(t3 >> 24)       ] & 0xff000000) ^
-		(Te4[(t0 >> 16) & 0xff] & 0x00ff0000) ^
-		(Te4[(t1 >>  8) & 0xff] & 0x0000ff00) ^
-		(Te4[(t2      ) & 0xff] & 0x000000ff) ^
+		(Te2[(t3 >> 24)       ] & 0xff000000) ^
+		(Te3[(t0 >> 16) & 0xff] & 0x00ff0000) ^
+		(Te0[(t1 >>  8) & 0xff] & 0x0000ff00) ^
+		(Te1[(t2      ) & 0xff] & 0x000000ff) ^
 		rk[3];
 	PUTU32(out + 12, s3);
 }
@@ -1242,31 +1127,31 @@ void AES_decrypt(const unsigned char *in, unsigned char *out,
 	 * map cipher state to byte array block:
 	 */
    	s0 =
-   		(Td4[(t0 >> 24)       ] & 0xff000000) ^
-   		(Td4[(t3 >> 16) & 0xff] & 0x00ff0000) ^
-   		(Td4[(t2 >>  8) & 0xff] & 0x0000ff00) ^
-   		(Td4[(t1      ) & 0xff] & 0x000000ff) ^
+   		(Td4[(t0 >> 24)       ] << 24) ^
+   		(Td4[(t3 >> 16) & 0xff] << 16) ^
+   		(Td4[(t2 >>  8) & 0xff] <<  8) ^
+   		(Td4[(t1      ) & 0xff])       ^
    		rk[0];
 	PUTU32(out     , s0);
    	s1 =
-   		(Td4[(t1 >> 24)       ] & 0xff000000) ^
-   		(Td4[(t0 >> 16) & 0xff] & 0x00ff0000) ^
-   		(Td4[(t3 >>  8) & 0xff] & 0x0000ff00) ^
-   		(Td4[(t2      ) & 0xff] & 0x000000ff) ^
+   		(Td4[(t1 >> 24)       ] << 24) ^
+   		(Td4[(t0 >> 16) & 0xff] << 16) ^
+   		(Td4[(t3 >>  8) & 0xff] <<  8) ^
+   		(Td4[(t2      ) & 0xff])       ^
    		rk[1];
 	PUTU32(out +  4, s1);
    	s2 =
-   		(Td4[(t2 >> 24)       ] & 0xff000000) ^
-   		(Td4[(t1 >> 16) & 0xff] & 0x00ff0000) ^
-   		(Td4[(t0 >>  8) & 0xff] & 0x0000ff00) ^
-   		(Td4[(t3      ) & 0xff] & 0x000000ff) ^
+   		(Td4[(t2 >> 24)       ] << 24) ^
+   		(Td4[(t1 >> 16) & 0xff] << 16) ^
+   		(Td4[(t0 >>  8) & 0xff] <<  8) ^
+   		(Td4[(t3      ) & 0xff])       ^
    		rk[2];
 	PUTU32(out +  8, s2);
    	s3 =
-   		(Td4[(t3 >> 24)       ] & 0xff000000) ^
-   		(Td4[(t2 >> 16) & 0xff] & 0x00ff0000) ^
-   		(Td4[(t1 >>  8) & 0xff] & 0x0000ff00) ^
-   		(Td4[(t0      ) & 0xff] & 0x000000ff) ^
+   		(Td4[(t3 >> 24)       ] << 24) ^
+   		(Td4[(t2 >> 16) & 0xff] << 16) ^
+   		(Td4[(t1 >>  8) & 0xff] <<  8) ^
+   		(Td4[(t0      ) & 0xff])       ^
    		rk[3];
 	PUTU32(out + 12, s3);
 }

crypto/aes/aes_ige.c

@@ -0,0 +1,283 @@
+/* crypto/aes/aes_ige.c -*- mode:C; c-file-style: "eay" -*- */
+/* ====================================================================
+ * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ */
+
+#include "cryptlib.h"
+
+#include <openssl/aes.h>
+#include "aes_locl.h"
+
+/*
+static void hexdump(FILE *f,const char *title,const unsigned char *s,int l)
+    {
+    int n=0;
+
+    fprintf(f,"%s",title);
+    for( ; n < l ; ++n)
+		{
+		if((n%16) == 0)
+			fprintf(f,"\n%04x",n);
+		fprintf(f," %02x",s[n]);
+		}
+    fprintf(f,"\n");
+    }
+*/
+
+/* N.B. The IV for this mode is _twice_ the block size */
+
+void AES_ige_encrypt(const unsigned char *in, unsigned char *out,
+					 const unsigned long length, const AES_KEY *key,
+					 unsigned char *ivec, const int enc)
+	{
+	unsigned long n;
+	unsigned long len = length;
+	unsigned char tmp[AES_BLOCK_SIZE];
+	unsigned char tmp2[AES_BLOCK_SIZE];
+	unsigned char prev[AES_BLOCK_SIZE];
+	const unsigned char *iv = ivec;
+	const unsigned char *iv2 = ivec + AES_BLOCK_SIZE;
+
+	OPENSSL_assert(in && out && key && ivec);
+	OPENSSL_assert((AES_ENCRYPT == enc)||(AES_DECRYPT == enc));
+	OPENSSL_assert((length%AES_BLOCK_SIZE) == 0);
+
+	if (AES_ENCRYPT == enc)
+		{
+		/* XXX: Do a separate case for when in != out (strictly should
+		   check for overlap, too) */
+		while (len >= AES_BLOCK_SIZE)
+			{
+			/*			hexdump(stdout, "in", in, AES_BLOCK_SIZE); */
+			/*			hexdump(stdout, "iv", iv, AES_BLOCK_SIZE); */
+			for(n=0 ; n < AES_BLOCK_SIZE ; ++n)
+				out[n] = in[n] ^ iv[n];
+			/*			hexdump(stdout, "in ^ iv", out, AES_BLOCK_SIZE); */
+			AES_encrypt(out, out, key);
+			/*			hexdump(stdout,"enc", out, AES_BLOCK_SIZE); */
+			/*			hexdump(stdout,"iv2", iv2, AES_BLOCK_SIZE); */
+			for(n=0 ; n < AES_BLOCK_SIZE ; ++n)
+				out[n] ^= iv2[n];
+			/*			hexdump(stdout,"out", out, AES_BLOCK_SIZE); */
+			iv = out;
+			memcpy(prev, in, AES_BLOCK_SIZE);
+			iv2 = prev;
+			len -= AES_BLOCK_SIZE;
+			in += AES_BLOCK_SIZE;
+			out += AES_BLOCK_SIZE;
+			}
+		memcpy(ivec, iv, AES_BLOCK_SIZE);
+		memcpy(ivec + AES_BLOCK_SIZE, iv2, AES_BLOCK_SIZE);
+		}
+	else
+		{
+		while (len >= AES_BLOCK_SIZE)
+			{
+			memcpy(tmp, in, AES_BLOCK_SIZE);
+			memcpy(tmp2, in, AES_BLOCK_SIZE);
+			/*			hexdump(stdout, "in", in, AES_BLOCK_SIZE); */
+			/*			hexdump(stdout, "iv2", iv2, AES_BLOCK_SIZE); */
+			for(n=0 ; n < AES_BLOCK_SIZE ; ++n)
+				tmp[n] ^= iv2[n];
+			/*			hexdump(stdout, "in ^ iv2", tmp, AES_BLOCK_SIZE); */
+			AES_decrypt(tmp, out, key);
+			/*			hexdump(stdout, "dec", out, AES_BLOCK_SIZE); */
+			/*			hexdump(stdout, "iv", ivec, AES_BLOCK_SIZE); */
+			for(n=0 ; n < AES_BLOCK_SIZE ; ++n)
+				out[n] ^= ivec[n];
+			/*			hexdump(stdout, "out", out, AES_BLOCK_SIZE); */
+			memcpy(ivec, tmp2, AES_BLOCK_SIZE);
+			iv2 = out;
+			len -= AES_BLOCK_SIZE;
+			in += AES_BLOCK_SIZE;
+			out += AES_BLOCK_SIZE;
+			}
+		memcpy(ivec + AES_BLOCK_SIZE, iv2, AES_BLOCK_SIZE);
+		}
+	}
+
+/*
+ * Note that its effectively impossible to do biIGE in anything other
+ * than a single pass, so no provision is made for chaining.
+ */
+
+/* N.B. The IV for this mode is _four times_ the block size */
+
+void AES_bi_ige_encrypt(const unsigned char *in, unsigned char *out,
+						const unsigned long length, const AES_KEY *key,
+						const AES_KEY *key2, const unsigned char *ivec,
+						const int enc)
+	{
+	unsigned long n;
+	unsigned long len = length;
+	unsigned char tmp[AES_BLOCK_SIZE];
+	unsigned char tmp2[AES_BLOCK_SIZE];
+	unsigned char tmp3[AES_BLOCK_SIZE];
+	unsigned char prev[AES_BLOCK_SIZE];
+	const unsigned char *iv;
+	const unsigned char *iv2;
+
+	OPENSSL_assert(in && out && key && ivec);
+	OPENSSL_assert((AES_ENCRYPT == enc)||(AES_DECRYPT == enc));
+	OPENSSL_assert((length%AES_BLOCK_SIZE) == 0);
+
+	if (AES_ENCRYPT == enc)
+		{
+		/* XXX: Do a separate case for when in != out (strictly should
+		   check for overlap, too) */
+
+		/* First the forward pass */ 
+		iv = ivec;
+		iv2 = ivec + AES_BLOCK_SIZE;
+		while (len >= AES_BLOCK_SIZE)
+			{
+			/*			hexdump(stdout, "in", in, AES_BLOCK_SIZE); */
+			/*			hexdump(stdout, "iv", iv, AES_BLOCK_SIZE); */
+			for(n=0 ; n < AES_BLOCK_SIZE ; ++n)
+				out[n] = in[n] ^ iv[n];
+			/*			hexdump(stdout, "in ^ iv", out, AES_BLOCK_SIZE); */
+			AES_encrypt(out, out, key);
+			/*			hexdump(stdout,"enc", out, AES_BLOCK_SIZE); */
+			/*			hexdump(stdout,"iv2", iv2, AES_BLOCK_SIZE); */
+			for(n=0 ; n < AES_BLOCK_SIZE ; ++n)
+				out[n] ^= iv2[n];
+			/*			hexdump(stdout,"out", out, AES_BLOCK_SIZE); */
+			iv = out;
+			memcpy(prev, in, AES_BLOCK_SIZE);
+			iv2 = prev;
+			len -= AES_BLOCK_SIZE;
+			in += AES_BLOCK_SIZE;
+			out += AES_BLOCK_SIZE;
+			}
+
+		/* And now backwards */
+		iv = ivec + AES_BLOCK_SIZE*2;
+		iv2 = ivec + AES_BLOCK_SIZE*3;
+		len = length;
+		while(len >= AES_BLOCK_SIZE)
+			{
+			out -= AES_BLOCK_SIZE;
+			/*			hexdump(stdout, "intermediate", out, AES_BLOCK_SIZE); */
+			/*			hexdump(stdout, "iv", iv, AES_BLOCK_SIZE); */
+			/* XXX: reduce copies by alternating between buffers */
+			memcpy(tmp, out, AES_BLOCK_SIZE);
+			for(n=0 ; n < AES_BLOCK_SIZE ; ++n)
+				out[n] ^= iv[n];
+			/*			hexdump(stdout, "out ^ iv", out, AES_BLOCK_SIZE); */
+			AES_encrypt(out, out, key);
+			/*			hexdump(stdout,"enc", out, AES_BLOCK_SIZE); */
+			/*			hexdump(stdout,"iv2", iv2, AES_BLOCK_SIZE); */
+			for(n=0 ; n < AES_BLOCK_SIZE ; ++n)
+				out[n] ^= iv2[n];
+			/*			hexdump(stdout,"out", out, AES_BLOCK_SIZE); */
+			iv = out;
+			memcpy(prev, tmp, AES_BLOCK_SIZE);
+			iv2 = prev;
+			len -= AES_BLOCK_SIZE;
+			}
+		}
+	else
+		{
+		/* First backwards */
+		iv = ivec + AES_BLOCK_SIZE*2;
+		iv2 = ivec + AES_BLOCK_SIZE*3;
+		in += length;
+		out += length;
+		while (len >= AES_BLOCK_SIZE)
+			{
+			in -= AES_BLOCK_SIZE;
+			out -= AES_BLOCK_SIZE;
+			memcpy(tmp, in, AES_BLOCK_SIZE);
+			memcpy(tmp2, in, AES_BLOCK_SIZE);
+			/*			hexdump(stdout, "in", in, AES_BLOCK_SIZE); */
+			/*			hexdump(stdout, "iv2", iv2, AES_BLOCK_SIZE); */
+			for(n=0 ; n < AES_BLOCK_SIZE ; ++n)
+				tmp[n] ^= iv2[n];
+			/*			hexdump(stdout, "in ^ iv2", tmp, AES_BLOCK_SIZE); */
+			AES_decrypt(tmp, out, key);
+			/*			hexdump(stdout, "dec", out, AES_BLOCK_SIZE); */
+			/*			hexdump(stdout, "iv", iv, AES_BLOCK_SIZE); */
+			for(n=0 ; n < AES_BLOCK_SIZE ; ++n)
+				out[n] ^= iv[n];
+			/*			hexdump(stdout, "out", out, AES_BLOCK_SIZE); */
+			memcpy(tmp3, tmp2, AES_BLOCK_SIZE);
+			iv = tmp3;
+			iv2 = out;
+			len -= AES_BLOCK_SIZE;
+			}
+
+		/* And now forwards */
+		iv = ivec;
+		iv2 = ivec + AES_BLOCK_SIZE;
+		len = length;
+		while (len >= AES_BLOCK_SIZE)
+			{
+			memcpy(tmp, out, AES_BLOCK_SIZE);
+			memcpy(tmp2, out, AES_BLOCK_SIZE);
+			/*			hexdump(stdout, "intermediate", out, AES_BLOCK_SIZE); */
+			/*			hexdump(stdout, "iv2", iv2, AES_BLOCK_SIZE); */
+			for(n=0 ; n < AES_BLOCK_SIZE ; ++n)
+				tmp[n] ^= iv2[n];
+			/*			hexdump(stdout, "out ^ iv2", tmp, AES_BLOCK_SIZE); */
+			AES_decrypt(tmp, out, key);
+			/*			hexdump(stdout, "dec", out, AES_BLOCK_SIZE); */
+			/*			hexdump(stdout, "iv", ivec, AES_BLOCK_SIZE); */
+			for(n=0 ; n < AES_BLOCK_SIZE ; ++n)
+				out[n] ^= iv[n];
+			/*			hexdump(stdout, "out", out, AES_BLOCK_SIZE); */
+			memcpy(tmp3, tmp2, AES_BLOCK_SIZE);
+			iv = tmp3;
+			iv2 = out;
+			len -= AES_BLOCK_SIZE;
+			in += AES_BLOCK_SIZE;
+			out += AES_BLOCK_SIZE;
+			}
+
+		}
+	}

crypto/aes/aes_locl.h

@@ -62,7 +62,7 @@
 #include <stdlib.h>
 #include <string.h>
 
-#if defined(_MSC_VER) && !defined(_M_IA64) && !defined(OPENSSL_SYS_WINCE)
+#if defined(_MSC_VER) && (defined(_M_IX86) || defined(_M_AMD64) || defined(_M_X64))
 # define SWAP(x) (_lrotl(x, 8) & 0x00ff00ff | _lrotr(x, 8) & 0xff00ff00)
 # define GETU32(p) SWAP(*((u32 *)(p)))
 # define PUTU32(ct, st) { *((u32 *)(ct)) = SWAP((st)); }

crypto/aes/asm/aes-586.pl

@@ -6,7 +6,7 @@
 # forms are granted according to the OpenSSL license.
 # ====================================================================
 #
-# Version 3.4.
+# Version 3.6.
 #
 # You might fail to appreciate this module performance from the first
 # try. If compared to "vanilla" linux-ia32-icc target, i.e. considered
@@ -66,6 +66,13 @@
 # stack. This unfortunately has rather strong impact on small block CBC
 # performance, ~2x deterioration on 16-byte block if compared to 3.3.
 #
+# Version 3.5 checks if there is L1 cache aliasing between user-supplied
+# key schedule and S-boxes and abstains from copying the former if
+# there is no. This allows end-user to consciously retain small block
+# performance by aligning key schedule in specific manner.
+#
+# Version 3.6 compresses Td4 to 256 bytes and prefetches it in ECB.
+#
 # Current ECB performance numbers for 128-bit key in CPU cycles per
 # processed byte [measure commonly used by AES benchmarkers] are:
 #
@@ -505,28 +512,27 @@ sub declast()
 	if($i==3)   {	&mov	($key,&DWP(12,"esp"));		}
 	else        {	&mov	($out,$s[0]);			}
 			&and	($out,0xFF);
-			&mov	($out,&DWP(2048,$td,$out,4));
-			&and	($out,0x000000ff);
+			&movz	($out,&DWP(2048,$td,$out,1));
 
 	if ($i==3)  {	$tmp=$s[1];				}
 			&movz	($tmp,&HB($s[1]));
-			&mov	($tmp,&DWP(2048,$td,$tmp,4));
-			&and	($tmp,0x0000ff00);
+			&movz	($tmp,&DWP(2048,$td,$tmp,1));
+			&shl	($tmp,8);
 			&xor	($out,$tmp);
 
 	if ($i==3)  {	$tmp=$s[2]; &mov ($s[1],$acc);		}
 	else        {	mov	($tmp,$s[2]);			}
 			&shr	($tmp,16);
 			&and	($tmp,0xFF);
-			&mov	($tmp,&DWP(2048,$td,$tmp,4));
-			&and	($tmp,0x00ff0000);
+			&movz	($tmp,&DWP(2048,$td,$tmp,1));
+			&shl	($tmp,16);
 			&xor	($out,$tmp);
 
 	if ($i==3)  {	$tmp=$s[3]; &mov ($s[2],&DWP(8,"esp"));	}
 	else        {	&mov	($tmp,$s[3]);			}
 			&shr	($tmp,24);
-			&mov	($tmp,&DWP(2048,$td,$tmp,4));
-			&and	($tmp,0xff000000);
+			&movz	($tmp,&DWP(2048,$td,$tmp,1));
+			&shl	($tmp,24);
 			&xor	($out,$tmp);
 	if ($i<2)   {	&mov	(&DWP(4+4*$i,"esp"),$out);	}
 	if ($i==3)  {	&mov	($s[3],&DWP(4,"esp"));		}
@@ -687,70 +693,38 @@ sub declast()
 	&_data_word(0x7101a839, 0xdeb30c08, 0x9ce4b4d8, 0x90c15664);
 	&_data_word(0x6184cb7b, 0x70b632d5, 0x745c6c48, 0x4257b8d0);
 #Td4:
-	&data_word(0x52525252, 0x09090909, 0x6a6a6a6a, 0xd5d5d5d5);
-	&data_word(0x30303030, 0x36363636, 0xa5a5a5a5, 0x38383838);
-	&data_word(0xbfbfbfbf, 0x40404040, 0xa3a3a3a3, 0x9e9e9e9e);
-	&data_word(0x81818181, 0xf3f3f3f3, 0xd7d7d7d7, 0xfbfbfbfb);
-	&data_word(0x7c7c7c7c, 0xe3e3e3e3, 0x39393939, 0x82828282);
-	&data_word(0x9b9b9b9b, 0x2f2f2f2f, 0xffffffff, 0x87878787);
-	&data_word(0x34343434, 0x8e8e8e8e, 0x43434343, 0x44444444);
-	&data_word(0xc4c4c4c4, 0xdededede, 0xe9e9e9e9, 0xcbcbcbcb);
-	&data_word(0x54545454, 0x7b7b7b7b, 0x94949494, 0x32323232);
-	&data_word(0xa6a6a6a6, 0xc2c2c2c2, 0x23232323, 0x3d3d3d3d);
-	&data_word(0xeeeeeeee, 0x4c4c4c4c, 0x95959595, 0x0b0b0b0b);
-	&data_word(0x42424242, 0xfafafafa, 0xc3c3c3c3, 0x4e4e4e4e);
-	&data_word(0x08080808, 0x2e2e2e2e, 0xa1a1a1a1, 0x66666666);
-	&data_word(0x28282828, 0xd9d9d9d9, 0x24242424, 0xb2b2b2b2);
-	&data_word(0x76767676, 0x5b5b5b5b, 0xa2a2a2a2, 0x49494949);
-	&data_word(0x6d6d6d6d, 0x8b8b8b8b, 0xd1d1d1d1, 0x25252525);
-	&data_word(0x72727272, 0xf8f8f8f8, 0xf6f6f6f6, 0x64646464);
-	&data_word(0x86868686, 0x68686868, 0x98989898, 0x16161616);
-	&data_word(0xd4d4d4d4, 0xa4a4a4a4, 0x5c5c5c5c, 0xcccccccc);
-	&data_word(0x5d5d5d5d, 0x65656565, 0xb6b6b6b6, 0x92929292);
-	&data_word(0x6c6c6c6c, 0x70707070, 0x48484848, 0x50505050);
-	&data_word(0xfdfdfdfd, 0xedededed, 0xb9b9b9b9, 0xdadadada);
-	&data_word(0x5e5e5e5e, 0x15151515, 0x46464646, 0x57575757);
-	&data_word(0xa7a7a7a7, 0x8d8d8d8d, 0x9d9d9d9d, 0x84848484);
-	&data_word(0x90909090, 0xd8d8d8d8, 0xabababab, 0x00000000);
-	&data_word(0x8c8c8c8c, 0xbcbcbcbc, 0xd3d3d3d3, 0x0a0a0a0a);
-	&data_word(0xf7f7f7f7, 0xe4e4e4e4, 0x58585858, 0x05050505);
-	&data_word(0xb8b8b8b8, 0xb3b3b3b3, 0x45454545, 0x06060606);
-	&data_word(0xd0d0d0d0, 0x2c2c2c2c, 0x1e1e1e1e, 0x8f8f8f8f);
-	&data_word(0xcacacaca, 0x3f3f3f3f, 0x0f0f0f0f, 0x02020202);
-	&data_word(0xc1c1c1c1, 0xafafafaf, 0xbdbdbdbd, 0x03030303);
-	&data_word(0x01010101, 0x13131313, 0x8a8a8a8a, 0x6b6b6b6b);
-	&data_word(0x3a3a3a3a, 0x91919191, 0x11111111, 0x41414141);
-	&data_word(0x4f4f4f4f, 0x67676767, 0xdcdcdcdc, 0xeaeaeaea);
-	&data_word(0x97979797, 0xf2f2f2f2, 0xcfcfcfcf, 0xcececece);
-	&data_word(0xf0f0f0f0, 0xb4b4b4b4, 0xe6e6e6e6, 0x73737373);
-	&data_word(0x96969696, 0xacacacac, 0x74747474, 0x22222222);
-	&data_word(0xe7e7e7e7, 0xadadadad, 0x35353535, 0x85858585);
-	&data_word(0xe2e2e2e2, 0xf9f9f9f9, 0x37373737, 0xe8e8e8e8);
-	&data_word(0x1c1c1c1c, 0x75757575, 0xdfdfdfdf, 0x6e6e6e6e);
-	&data_word(0x47474747, 0xf1f1f1f1, 0x1a1a1a1a, 0x71717171);
-	&data_word(0x1d1d1d1d, 0x29292929, 0xc5c5c5c5, 0x89898989);
-	&data_word(0x6f6f6f6f, 0xb7b7b7b7, 0x62626262, 0x0e0e0e0e);
-	&data_word(0xaaaaaaaa, 0x18181818, 0xbebebebe, 0x1b1b1b1b);
-	&data_word(0xfcfcfcfc, 0x56565656, 0x3e3e3e3e, 0x4b4b4b4b);
-	&data_word(0xc6c6c6c6, 0xd2d2d2d2, 0x79797979, 0x20202020);
-	&data_word(0x9a9a9a9a, 0xdbdbdbdb, 0xc0c0c0c0, 0xfefefefe);
-	&data_word(0x78787878, 0xcdcdcdcd, 0x5a5a5a5a, 0xf4f4f4f4);
-	&data_word(0x1f1f1f1f, 0xdddddddd, 0xa8a8a8a8, 0x33333333);
-	&data_word(0x88888888, 0x07070707, 0xc7c7c7c7, 0x31313131);
-	&data_word(0xb1b1b1b1, 0x12121212, 0x10101010, 0x59595959);
-	&data_word(0x27272727, 0x80808080, 0xecececec, 0x5f5f5f5f);
-	&data_word(0x60606060, 0x51515151, 0x7f7f7f7f, 0xa9a9a9a9);
-	&data_word(0x19191919, 0xb5b5b5b5, 0x4a4a4a4a, 0x0d0d0d0d);
-	&data_word(0x2d2d2d2d, 0xe5e5e5e5, 0x7a7a7a7a, 0x9f9f9f9f);
-	&data_word(0x93939393, 0xc9c9c9c9, 0x9c9c9c9c, 0xefefefef);
-	&data_word(0xa0a0a0a0, 0xe0e0e0e0, 0x3b3b3b3b, 0x4d4d4d4d);
-	&data_word(0xaeaeaeae, 0x2a2a2a2a, 0xf5f5f5f5, 0xb0b0b0b0);
-	&data_word(0xc8c8c8c8, 0xebebebeb, 0xbbbbbbbb, 0x3c3c3c3c);
-	&data_word(0x83838383, 0x53535353, 0x99999999, 0x61616161);
-	&data_word(0x17171717, 0x2b2b2b2b, 0x04040404, 0x7e7e7e7e);
-	&data_word(0xbabababa, 0x77777777, 0xd6d6d6d6, 0x26262626);
-	&data_word(0xe1e1e1e1, 0x69696969, 0x14141414, 0x63636363);
-	&data_word(0x55555555, 0x21212121, 0x0c0c0c0c, 0x7d7d7d7d);
+	&data_byte(0x52, 0x09, 0x6a, 0xd5, 0x30, 0x36, 0xa5, 0x38);
+	&data_byte(0xbf, 0x40, 0xa3, 0x9e, 0x81, 0xf3, 0xd7, 0xfb);
+	&data_byte(0x7c, 0xe3, 0x39, 0x82, 0x9b, 0x2f, 0xff, 0x87);
+	&data_byte(0x34, 0x8e, 0x43, 0x44, 0xc4, 0xde, 0xe9, 0xcb);
+	&data_byte(0x54, 0x7b, 0x94, 0x32, 0xa6, 0xc2, 0x23, 0x3d);
+	&data_byte(0xee, 0x4c, 0x95, 0x0b, 0x42, 0xfa, 0xc3, 0x4e);
+	&data_byte(0x08, 0x2e, 0xa1, 0x66, 0x28, 0xd9, 0x24, 0xb2);
+	&data_byte(0x76, 0x5b, 0xa2, 0x49, 0x6d, 0x8b, 0xd1, 0x25);
+	&data_byte(0x72, 0xf8, 0xf6, 0x64, 0x86, 0x68, 0x98, 0x16);
+	&data_byte(0xd4, 0xa4, 0x5c, 0xcc, 0x5d, 0x65, 0xb6, 0x92);
+	&data_byte(0x6c, 0x70, 0x48, 0x50, 0xfd, 0xed, 0xb9, 0xda);
+	&data_byte(0x5e, 0x15, 0x46, 0x57, 0xa7, 0x8d, 0x9d, 0x84);
+	&data_byte(0x90, 0xd8, 0xab, 0x00, 0x8c, 0xbc, 0xd3, 0x0a);
+	&data_byte(0xf7, 0xe4, 0x58, 0x05, 0xb8, 0xb3, 0x45, 0x06);
+	&data_byte(0xd0, 0x2c, 0x1e, 0x8f, 0xca, 0x3f, 0x0f, 0x02);
+	&data_byte(0xc1, 0xaf, 0xbd, 0x03, 0x01, 0x13, 0x8a, 0x6b);
+	&data_byte(0x3a, 0x91, 0x11, 0x41, 0x4f, 0x67, 0xdc, 0xea);
+	&data_byte(0x97, 0xf2, 0xcf, 0xce, 0xf0, 0xb4, 0xe6, 0x73);
+	&data_byte(0x96, 0xac, 0x74, 0x22, 0xe7, 0xad, 0x35, 0x85);
+	&data_byte(0xe2, 0xf9, 0x37, 0xe8, 0x1c, 0x75, 0xdf, 0x6e);
+	&data_byte(0x47, 0xf1, 0x1a, 0x71, 0x1d, 0x29, 0xc5, 0x89);
+	&data_byte(0x6f, 0xb7, 0x62, 0x0e, 0xaa, 0x18, 0xbe, 0x1b);
+	&data_byte(0xfc, 0x56, 0x3e, 0x4b, 0xc6, 0xd2, 0x79, 0x20);
+	&data_byte(0x9a, 0xdb, 0xc0, 0xfe, 0x78, 0xcd, 0x5a, 0xf4);
+	&data_byte(0x1f, 0xdd, 0xa8, 0x33, 0x88, 0x07, 0xc7, 0x31);
+	&data_byte(0xb1, 0x12, 0x10, 0x59, 0x27, 0x80, 0xec, 0x5f);
+	&data_byte(0x60, 0x51, 0x7f, 0xa9, 0x19, 0xb5, 0x4a, 0x0d);
+	&data_byte(0x2d, 0xe5, 0x7a, 0x9f, 0x93, 0xc9, 0x9c, 0xef);
+	&data_byte(0xa0, 0xe0, 0x3b, 0x4d, 0xae, 0x2a, 0xf5, 0xb0);
+	&data_byte(0xc8, 0xeb, 0xbb, 0x3c, 0x83, 0x53, 0x99, 0x61);
+	&data_byte(0x17, 0x2b, 0x04, 0x7e, 0xba, 0x77, 0xd6, 0x26);
+	&data_byte(0xe1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0c, 0x7d);
 &function_end_B("_x86_AES_decrypt");
 
 # void AES_decrypt (const void *inp,void *out,const AES_KEY *key);
@@ -770,6 +744,18 @@ sub declast()
 	&blindpop("ebp");
 	&lea    ("ebp",&DWP(&label("AES_Td")."-".&label("pic_point"),"ebp"));
 
+	# prefetch Td4
+	&lea	("ebp",&DWP(2048+128,"ebp"));
+	&mov	($s0,&DWP(0-128,"ebp"));
+	&mov	($s1,&DWP(32-128,"ebp"));
+	&mov	($s2,&DWP(64-128,"ebp"));
+	&mov	($s3,&DWP(96-128,"ebp"));
+	&mov	($s0,&DWP(128-128,"ebp"));
+	&mov	($s1,&DWP(160-128,"ebp"));
+	&mov	($s2,&DWP(192-128,"ebp"));
+	&mov	($s3,&DWP(224-128,"ebp"));
+	&lea	("ebp",&DWP(-2048-128,"ebp"));
+
 	&mov	($s0,&DWP(0,$acc));		# load input data
 	&mov	($s1,&DWP(4,$acc));
 	&mov	($s2,&DWP(8,$acc));
@@ -805,6 +791,7 @@ my $_ivp=&DWP(36,"esp");	#copy of wparam(4)
 my $_tmp=&DWP(40,"esp");	#volatile variable
 my $ivec=&DWP(44,"esp");	#ivec[16]
 my $aes_key=&DWP(60,"esp");	#copy of aes_key
+my $mark=&DWP(60+240,"esp");	#copy of aes_key->rounds
 
 &public_label("AES_Te");
 &public_label("AES_Td");
@@ -865,18 +852,27 @@ my $aes_key=&DWP(60,"esp");	#copy of aes_key
 	&mov	($_key,$s3);		# save copy of key
 	&mov	($_ivp,$acc);		# save copy of ivp
 
+	&mov	($mark,0);		# copy of aes_key->rounds = 0;
 	if ($compromise) {
 		&cmp	($s2,$compromise);
 		&jb	(&label("skip_ecopy"));
 	}
-	# copy key schedule to stack
-	&mov	("ecx",244/4);
+	# do we copy key schedule to stack?
+	&mov	($s1 eq "ebx" ? $s1 : "",$s3);
+	&mov	($s2 eq "ecx" ? $s2 : "",244/4);
+	&sub	($s1,"ebp");
 	&mov	("esi",$s3);
+	&and	($s1,0xfff);
 	&lea	("edi",$aes_key);
-	&mov	($_key,"edi");
+	&cmp	($s1,2048);
+	&jb	(&label("do_ecopy"));
+	&cmp	($s1,4096-244);
+	&jb	(&label("skip_ecopy"));
 	&align	(4);
-	&data_word(0xF689A5F3);	# rep movsd
-	&set_label("skip_ecopy") if ($compromise);
+	&set_label("do_ecopy");
+		&mov	($_key,"edi");
+		&data_word(0xA5F3F689);	# rep movsd
+	&set_label("skip_ecopy");
 
 	&mov	($acc,$s0);
 	&mov	($key,16);
@@ -942,18 +938,16 @@ my $aes_key=&DWP(60,"esp");	#copy of aes_key
 	&mov	(&DWP(8,$acc),$s2);
 	&mov	(&DWP(12,$acc),$s3);
 
+	&cmp	($mark,0);		# was the key schedule copied?
 	&mov	("edi",$_key);
 	&mov	("esp",$_esp);
-	if ($compromise) {
-		&cmp	(&wparam(2),$compromise);
-		&jb	(&label("skip_ezero"));
-	}
+	&je	(&label("skip_ezero"));
 	# zero copy of key schedule
 	&mov	("ecx",240/4);
 	&xor	("eax","eax");
 	&align	(4);
-	&data_word(0xF689ABF3);	# rep stosd
-	&set_label("skip_ezero") if ($compromise);
+	&data_word(0xABF3F689);	# rep stosd
+	&set_label("skip_ezero")
 	&popf	();
     &set_label("enc_out");
 	&function_end_A();
@@ -968,7 +962,7 @@ my $aes_key=&DWP(60,"esp");	#copy of aes_key
 	&cmp	($key,$acc);			# compare with inp
 	&je	(&label("enc_in_place"));
 	&align	(4);
-	&data_word(0xF689A4F3);	# rep movsb	# copy input
+	&data_word(0xA4F3F689);	# rep movsb	# copy input
 	&jmp	(&label("enc_skip_in_place"));
     &set_label("enc_in_place");
 	&lea	($key,&DWP(0,$key,$s2));
@@ -976,7 +970,7 @@ my $aes_key=&DWP(60,"esp");	#copy of aes_key
 	&mov	($s2,$s1);
 	&xor	($s0,$s0);
 	&align	(4);
-	&data_word(0xF689AAF3);	# rep stosb	# zero tail
+	&data_word(0xAAF3F689);	# rep stosb	# zero tail
 	&pop	($key);				# pop ivp
 
 	&mov	($acc,$_out);			# output as input
@@ -996,10 +990,10 @@ my $aes_key=&DWP(60,"esp");	#copy of aes_key
 
 	# ... and make sure it doesn't alias with AES_Td modulo 4096
 	&mov	($s0,"ebp");
-	&lea	($s1,&DWP(3072,"ebp"));
+	&lea	($s1,&DWP(2048+256,"ebp"));
 	&mov	($s3,$key);
 	&and	($s0,0xfff);		# s = %ebp&0xfff
-	&and	($s1,0xfff);		# e = (%ebp+3072)&0xfff
+	&and	($s1,0xfff);		# e = (%ebp+2048+256)&0xfff
 	&and	($s3,0xfff);		# p = %esp&0xfff
 
 	&cmp	($s3,$s1);		# if (p>=e) %esp =- (p-e);
@@ -1030,21 +1024,30 @@ my $aes_key=&DWP(60,"esp");	#copy of aes_key
 	&mov	($_key,$s3);		# save copy of key
 	&mov	($_ivp,$acc);		# save copy of ivp
 
+	&mov	($mark,0);		# copy of aes_key->rounds = 0;
 	if ($compromise) {
 		&cmp	($s2,$compromise);
 		&jb	(&label("skip_dcopy"));
 	}
-	# copy key schedule to stack
-	&mov	("ecx",244/4);
+	# do we copy key schedule to stack?
+	&mov	($s1 eq "ebx" ? $s1 : "",$s3);
+	&mov	($s2 eq "ecx" ? $s2 : "",244/4);
+	&sub	($s1,"ebp");
 	&mov	("esi",$s3);
+	&and	($s1,0xfff);
 	&lea	("edi",$aes_key);
-	&mov	($_key,"edi");
+	&cmp	($s1,2048+256);
+	&jb	(&label("do_dcopy"));
+	&cmp	($s1,4096-244);
+	&jb	(&label("skip_dcopy"));
 	&align	(4);
-	&data_word(0xF689A5F3);	# rep movsd
-	&set_label("skip_dcopy") if ($compromise);
+	&set_label("do_dcopy");
+		&mov	($_key,"edi");
+		&data_word(0xA5F3F689);	# rep movsd
+	&set_label("skip_dcopy");
 
 	&mov	($acc,$s0);
-	&mov	($key,24);
+	&mov	($key,18);
 	&align	(4);
 	&set_label("prefetch_td");
 		&mov	($s0,&DWP(0,"ebp"));
@@ -1054,7 +1057,7 @@ my $aes_key=&DWP(60,"esp");	#copy of aes_key
 		&lea	("ebp",&DWP(128,"ebp"));
 		&dec	($key);
 	&jnz	(&label("prefetch_td"));
-	&sub	("ebp",3072);
+	&sub	("ebp",2048+256);
 
 	&cmp	($acc,$_out);
 	&je	(&label("dec_in_place"));	# in-place processing...
@@ -1121,7 +1124,7 @@ my $aes_key=&DWP(60,"esp");	#copy of aes_key
 	&lea	($s2 eq "ecx" ? $s2 : "",&DWP(16,$acc));
 	&mov	($acc eq "esi" ? $acc : "",$key);
 	&mov	($key eq "edi" ? $key : "",$_out);	# load out
-	&data_word(0xF689A4F3);	# rep movsb		# copy output
+	&data_word(0xA4F3F689);	# rep movsb		# copy output
 	&mov	($key,$_inp);				# use inp as temp ivp
 	&jmp	(&label("dec_end"));
 
@@ -1188,22 +1191,20 @@ my $aes_key=&DWP(60,"esp");	#copy of aes_key
 	&lea	($key,&DWP(0,$key,$s2));
 	&lea	($acc,&DWP(16,$acc,$s2));
 	&neg	($s2 eq "ecx" ? $s2 : "");
-	&data_word(0xF689A4F3);	# rep movsb	# restore tail
+	&data_word(0xA4F3F689);	# rep movsb	# restore tail
 
     &align	(4);
     &set_label("dec_out");
+    &cmp	($mark,0);		# was the key schedule copied?
     &mov	("edi",$_key);
     &mov	("esp",$_esp);
-    if ($compromise) {
-	&cmp	(&wparam(2),$compromise);
-	&jb	(&label("skip_dzero"));
-    }
+    &je		(&label("skip_dzero"));
     # zero copy of key schedule
     &mov	("ecx",240/4);
     &xor	("eax","eax");
     &align	(4);
-    &data_word(0xF689ABF3);	# rep stosd
-    &set_label("skip_dzero") if ($compromise);
+    &data_word(0xABF3F689);	# rep stosd
+    &set_label("skip_dzero")
     &popf	();
 &function_end("AES_cbc_encrypt");
 }

crypto/asn1/Makefile

@@ -1,5 +1,5 @@
 #
-# SSLeay/crypto/asn1/Makefile
+# OpenSSL/crypto/asn1/Makefile
 #
 
 DIR=	asn1
@@ -630,13 +630,15 @@ tasn_dec.o: ../../include/openssl/opensslconf.h
 tasn_dec.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 tasn_dec.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
 tasn_dec.o: ../../include/openssl/symhacks.h tasn_dec.c
-tasn_enc.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
-tasn_enc.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h
-tasn_enc.o: ../../include/openssl/e_os2.h ../../include/openssl/obj_mac.h
+tasn_enc.o: ../../e_os.h ../../include/openssl/asn1.h
+tasn_enc.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
+tasn_enc.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+tasn_enc.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+tasn_enc.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
 tasn_enc.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
 tasn_enc.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 tasn_enc.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-tasn_enc.o: ../../include/openssl/symhacks.h tasn_enc.c
+tasn_enc.o: ../../include/openssl/symhacks.h ../cryptlib.h tasn_enc.c
 tasn_fre.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
 tasn_fre.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h
 tasn_fre.o: ../../include/openssl/e_os2.h ../../include/openssl/obj_mac.h

crypto/asn1/a_bitstr.c

@@ -183,9 +183,11 @@ int ASN1_BIT_STRING_set_bit(ASN1_BIT_STRING *a, int n, int value)
 	iv= ~v;
 	if (!value) v=0;
 
+	if (a == NULL)
+		return 0;
+
 	a->flags&= ~(ASN1_STRING_FLAG_BITS_LEFT|0x07); /* clear, set on write */
 
-	if (a == NULL) return(0);
 	if ((a->length < (w+1)) || (a->data == NULL))
 		{
 		if (!value) return(1); /* Don't need to set */

crypto/asn1/a_object.c

@@ -57,6 +57,7 @@
  */
 
 #include <stdio.h>
+#include <limits.h>
 #include "cryptlib.h"
 #include <openssl/buffer.h>
 #include <openssl/asn1.h>
@@ -83,10 +84,12 @@ int i2d_ASN1_OBJECT(ASN1_OBJECT *a, unsigned char **pp)
 
 int a2d_ASN1_OBJECT(unsigned char *out, int olen, const char *buf, int num)
 	{
-	int i,first,len=0,c;
-	char tmp[24];
+	int i,first,len=0,c, use_bn;
+	char ftmp[24], *tmp = ftmp;
+	int tmpsize = sizeof ftmp;
 	const char *p;
 	unsigned long l;
+	BIGNUM *bl = NULL;
 
 	if (num == 0)
 		return(0);
@@ -98,7 +101,7 @@ int a2d_ASN1_OBJECT(unsigned char *out, int olen, const char *buf, int num)
 	num--;
 	if ((c >= '0') && (c <= '2'))
 		{
-		first=(c-'0')*40;
+		first= c-'0';
 		}
 	else
 		{
@@ -122,6 +125,7 @@ int a2d_ASN1_OBJECT(unsigned char *out, int olen, const char *buf, int num)
 			goto err;
 			}
 		l=0;
+		use_bn = 0;
 		for (;;)
 			{
 			if (num <= 0) break;
@@ -134,7 +138,22 @@ int a2d_ASN1_OBJECT(unsigned char *out, int olen, const char *buf, int num)
 				ASN1err(ASN1_F_A2D_ASN1_OBJECT,ASN1_R_INVALID_DIGIT);
 				goto err;
 				}
-			l=l*10L+(long)(c-'0');
+			if (!use_bn && l > (ULONG_MAX / 10L))
+				{
+				use_bn = 1;
+				if (!bl)
+					bl = BN_new();
+				if (!bl || !BN_set_word(bl, l))
+					goto err;
+				}
+			if (use_bn)
+				{
+				if (!BN_mul_word(bl, 10L)
+					|| !BN_add_word(bl, c-'0'))
+					goto err;
+				}
+			else
+				l=l*10L+(long)(c-'0');
 			}
 		if (len == 0)
 			{
@@ -143,14 +162,42 @@ int a2d_ASN1_OBJECT(unsigned char *out, int olen, const char *buf, int num)
 				ASN1err(ASN1_F_A2D_ASN1_OBJECT,ASN1_R_SECOND_NUMBER_TOO_LARGE);
 				goto err;
 				}
-			l+=(long)first;
+			if (use_bn)
+				{
+				if (!BN_add_word(bl, first * 40))
+					goto err;
+				}
+			else
+				l+=(long)first*40;
 			}
 		i=0;
-		for (;;)
+		if (use_bn)
 			{
-			tmp[i++]=(unsigned char)l&0x7f;
-			l>>=7L;
-			if (l == 0L) break;
+			int blsize;
+			blsize = BN_num_bits(bl);
+			blsize = (blsize + 6)/7;
+			if (blsize > tmpsize)
+				{
+				if (tmp != ftmp)
+					OPENSSL_free(tmp);
+				tmpsize = blsize + 32;
+				tmp = OPENSSL_malloc(tmpsize);
+				if (!tmp)
+					goto err;
+				}
+			while(blsize--)
+				tmp[i++] = (unsigned char)BN_div_word(bl, 0x80L);
+			}
+		else
+			{
+					
+			for (;;)
+				{
+				tmp[i++]=(unsigned char)l&0x7f;
+				l>>=7L;
+				if (l == 0L) break;
+				}
+
 			}
 		if (out != NULL)
 			{
@@ -166,8 +213,16 @@ int a2d_ASN1_OBJECT(unsigned char *out, int olen, const char *buf, int num)
 		else
 			len+=i;
 		}
+	if (tmp != ftmp)
+		OPENSSL_free(tmp);
+	if (bl)
+		BN_free(bl);
 	return(len);
 err:
+	if (tmp != ftmp)
+		OPENSSL_free(tmp);
+	if (bl)
+		BN_free(bl);
 	return(0);
 	}
 
@@ -178,14 +233,24 @@ int i2t_ASN1_OBJECT(char *buf, int buf_len, ASN1_OBJECT *a)
 
 int i2a_ASN1_OBJECT(BIO *bp, ASN1_OBJECT *a)
 	{
-	char buf[80];
+	char buf[80], *p = buf;
 	int i;
 
 	if ((a == NULL) || (a->data == NULL))
 		return(BIO_write(bp,"NULL",4));
 	i=i2t_ASN1_OBJECT(buf,sizeof buf,a);
-	if (i > (int)sizeof(buf)) i=sizeof buf;
-	BIO_write(bp,buf,i);
+	if (i > (int)(sizeof(buf) - 1))
+		{
+		p = OPENSSL_malloc(i + 1);
+		if (!p)
+			return -1;
+		i2t_ASN1_OBJECT(p,i + 1,a);
+		}
+	if (i <= 0)
+		return BIO_write(bp, "<INVALID>", 9);
+	BIO_write(bp,p,i);
+	if (p != buf)
+		OPENSSL_free(p);
 	return(i);
 	}
 

crypto/asn1/a_strex.c

@@ -194,6 +194,8 @@ static int do_buf(unsigned char *buf, int buflen,
 			if(i < 0) return -1;	/* Invalid UTF8String */
 			p += i;
 			break;
+			default:
+			return -1;	/* invalid width */
 		}
 		if (p == q) orflags = CHARTYPE_LAST_ESC_2253;
 		if(type & BUF_TYPE_CONVUTF8) {
@@ -223,7 +225,7 @@ static int do_buf(unsigned char *buf, int buflen,
 
 static int do_hex_dump(char_io *io_ch, void *arg, unsigned char *buf, int buflen)
 {
-	const static char hexdig[] = "0123456789ABCDEF";
+	static const char hexdig[] = "0123456789ABCDEF";
 	unsigned char *p, *q;
 	char hextmp[2];
 	if(arg) {
@@ -279,7 +281,7 @@ static int do_dump(unsigned long lflags, char_io *io_ch, void *arg, ASN1_STRING
  * otherwise it is the number of bytes per character
  */
 
-const static signed char tag2nbyte[] = {
+static const signed char tag2nbyte[] = {
 	-1, -1, -1, -1, -1,	/* 0-4 */
 	-1, -1, -1, -1, -1,	/* 5-9 */
 	-1, -1, 0, -1,		/* 10-13 */
@@ -356,12 +358,13 @@ static int do_print_ex(char_io *io_ch, void *arg, unsigned long lflags, ASN1_STR
 	}
 
 	len = do_buf(str->data, str->length, type, flags, &quotes, io_ch, NULL);
-	if(outlen < 0) return -1;
+	if(len < 0) return -1;
 	outlen += len;
 	if(quotes) outlen += 2;
 	if(!arg) return outlen;
 	if(quotes && !io_ch(arg, "\"", 1)) return -1;
-	do_buf(str->data, str->length, type, flags, NULL, io_ch, arg);
+	if(do_buf(str->data, str->length, type, flags, NULL, io_ch, arg) < 0)
+		return -1;
 	if(quotes && !io_ch(arg, "\"", 1)) return -1;
 	return outlen;
 }

crypto/asn1/asn1.h

@@ -149,6 +149,7 @@ extern "C" {
 #define B_ASN1_UTF8STRING	0x2000
 #define B_ASN1_UTCTIME		0x4000
 #define B_ASN1_GENERALIZEDTIME	0x8000
+#define B_ASN1_SEQUENCE		0x10000
 
 /* For use with ASN1_mbstring_copy() */
 #define MBSTRING_FLAG		0x1000
@@ -594,6 +595,7 @@ typedef struct BIT_STRING_BITNAME_st {
 			B_ASN1_UNIVERSALSTRING|\
 			B_ASN1_BMPSTRING|\
 			B_ASN1_UTF8STRING|\
+			B_ASN1_SEQUENCE|\
 			B_ASN1_UNKNOWN
 
 #define B_ASN1_DIRECTORYSTRING \
@@ -1045,7 +1047,7 @@ void ERR_load_ASN1_strings(void);
 #define ASN1_F_ASN1_I2D_FP				 117
 #define ASN1_F_ASN1_INTEGER_SET				 118
 #define ASN1_F_ASN1_INTEGER_TO_BN			 119
-#define ASN1_F_ASN1_ITEM_D2I_FP				 190
+#define ASN1_F_ASN1_ITEM_D2I_FP				 206
 #define ASN1_F_ASN1_ITEM_DUP				 191
 #define ASN1_F_ASN1_ITEM_EX_COMBINE_NEW			 121
 #define ASN1_F_ASN1_ITEM_EX_D2I				 120
@@ -1058,6 +1060,7 @@ void ERR_load_ASN1_strings(void);
 #define ASN1_F_ASN1_MBSTRING_NCOPY			 122
 #define ASN1_F_ASN1_OBJECT_NEW				 123
 #define ASN1_F_ASN1_PACK_STRING				 124
+#define ASN1_F_ASN1_PCTX_NEW				 205
 #define ASN1_F_ASN1_PKCS5_PBE_SET			 125
 #define ASN1_F_ASN1_SEQ_PACK				 126
 #define ASN1_F_ASN1_SEQ_UNPACK				 127

crypto/asn1/asn1_err.c

@@ -111,6 +111,7 @@ static ERR_STRING_DATA ASN1_str_functs[]=
 {ERR_FUNC(ASN1_F_ASN1_MBSTRING_NCOPY),	"ASN1_mbstring_ncopy"},
 {ERR_FUNC(ASN1_F_ASN1_OBJECT_NEW),	"ASN1_OBJECT_new"},
 {ERR_FUNC(ASN1_F_ASN1_PACK_STRING),	"ASN1_pack_string"},
+{ERR_FUNC(ASN1_F_ASN1_PCTX_NEW),	"ASN1_PCTX_NEW"},
 {ERR_FUNC(ASN1_F_ASN1_PKCS5_PBE_SET),	"ASN1_PKCS5_PBE_SET"},
 {ERR_FUNC(ASN1_F_ASN1_SEQ_PACK),	"ASN1_seq_pack"},
 {ERR_FUNC(ASN1_F_ASN1_SEQ_UNPACK),	"ASN1_seq_unpack"},
@@ -122,7 +123,7 @@ static ERR_STRING_DATA ASN1_str_functs[]=
 {ERR_FUNC(ASN1_F_ASN1_TEMPLATE_EX_D2I),	"ASN1_TEMPLATE_EX_D2I"},
 {ERR_FUNC(ASN1_F_ASN1_TEMPLATE_NEW),	"ASN1_TEMPLATE_NEW"},
 {ERR_FUNC(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I),	"ASN1_TEMPLATE_NOEXP_D2I"},
-{ERR_FUNC(ASN1_F_ASN1_TIME_SET),	"ASN1_TIME_set"},
+{ERR_FUNC(ASN1_F_ASN1_TIME_SET),	"ASN1_TIME_SET"},
 {ERR_FUNC(ASN1_F_ASN1_TYPE_GET_INT_OCTETSTRING),	"ASN1_TYPE_get_int_octetstring"},
 {ERR_FUNC(ASN1_F_ASN1_TYPE_GET_OCTETSTRING),	"ASN1_TYPE_get_octetstring"},
 {ERR_FUNC(ASN1_F_ASN1_UNPACK_STRING),	"ASN1_unpack_string"},
@@ -167,10 +168,10 @@ static ERR_STRING_DATA ASN1_str_functs[]=
 {ERR_FUNC(ASN1_F_OID_MODULE_INIT),	"OID_MODULE_INIT"},
 {ERR_FUNC(ASN1_F_PARSE_TAGGING),	"PARSE_TAGGING"},
 {ERR_FUNC(ASN1_F_PKCS5_PBE2_SET),	"PKCS5_pbe2_set"},
-{ERR_FUNC(ASN1_F_PKCS5_PBE_SET),	"PKCS5_pbe_set"},
+{ERR_FUNC(ASN1_F_PKCS5_PBE_SET),	"PKCS5_PBE_SET"},
 {ERR_FUNC(ASN1_F_X509_CINF_NEW),	"X509_CINF_NEW"},
-{ERR_FUNC(ASN1_F_X509_CRL_ADD0_REVOKED),	"X509_CRL_add0_revoked"},
-{ERR_FUNC(ASN1_F_X509_INFO_NEW),	"X509_INFO_new"},
+{ERR_FUNC(ASN1_F_X509_CRL_ADD0_REVOKED),	"X509_CRL_ADD0_REVOKED"},
+{ERR_FUNC(ASN1_F_X509_INFO_NEW),	"X509_INFO_NEW"},
 {ERR_FUNC(ASN1_F_X509_NAME_ENCODE),	"X509_NAME_ENCODE"},
 {ERR_FUNC(ASN1_F_X509_NAME_EX_D2I),	"X509_NAME_EX_D2I"},
 {ERR_FUNC(ASN1_F_X509_NAME_EX_NEW),	"X509_NAME_EX_NEW"},

crypto/asn1/asn1_gen.c

@@ -658,6 +658,8 @@ static ASN1_TYPE *asn1_str2type(const char *str, int format, int utype)
 			ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_NOT_ASCII_FORMAT);
 			goto bad_form;
 			}
+		vtmp.name = NULL;
+		vtmp.section = NULL;
 		vtmp.value = (char *)str;
 		if (!X509V3_get_value_bool(&vtmp, &atmp->value.boolean))
 			{

crypto/asn1/asn1_par.c

@@ -88,7 +88,10 @@ static int asn1_print_info(BIO *bp, int tag, int xclass, int constructed,
 		BIO_snprintf(str,sizeof str,"cont [ %d ]",tag);
 	else if ((xclass & V_ASN1_APPLICATION) == V_ASN1_APPLICATION)
 		BIO_snprintf(str,sizeof str,"appl [ %d ]",tag);
-	else p = ASN1_tag2str(tag);
+	else if (tag > 30)
+		BIO_snprintf(str,sizeof str,"<ASN1 %d>",tag);
+	else
+		p = ASN1_tag2str(tag);
 
 	if (p2 != NULL)
 		{
@@ -419,7 +422,7 @@ end:
 
 const char *ASN1_tag2str(int tag)
 {
-	const static char *tag2str[] = {
+	static const char *tag2str[] = {
 	 "EOC", "BOOLEAN", "INTEGER", "BIT STRING", "OCTET STRING", /* 0-4 */
 	 "NULL", "OBJECT", "OBJECT DESCRIPTOR", "EXTERNAL", "REAL", /* 5-9 */
 	 "ENUMERATED", "<ASN1 11>", "UTF8STRING", "<ASN1 13>", 	    /* 10-13 */

crypto/asn1/t_pkey.c

@@ -81,8 +81,10 @@
 
 static int print(BIO *fp,const char *str, const BIGNUM *num,
 		unsigned char *buf,int off);
+#ifndef OPENSSL_NO_EC
 static int print_bin(BIO *fp, const char *str, const unsigned char *num,
 		size_t len, int off);
+#endif
 #ifndef OPENSSL_NO_RSA
 #ifndef OPENSSL_NO_FP_API
 int RSA_print_fp(FILE *fp, const RSA *x, int off)
@@ -107,7 +109,7 @@ int RSA_print(BIO *bp, const RSA *x, int off)
 	char str[128];
 	const char *s;
 	unsigned char *m=NULL;
-	int ret=0;
+	int ret=0, mod_len = 0;
 	size_t buf_len=0, i;
 
 	if (x->n)
@@ -141,27 +143,37 @@ int RSA_print(BIO *bp, const RSA *x, int off)
 		goto err;
 		}
 
+	if (x->n != NULL)
+		mod_len = BN_num_bits(x->n);
+
 	if (x->d != NULL)
 		{
 		if(!BIO_indent(bp,off,128))
 		   goto err;
-		if (BIO_printf(bp,"Private-Key: (%d bit)\n",BN_num_bits(x->n))
+		if (BIO_printf(bp,"Private-Key: (%d bit)\n", mod_len)
 			<= 0) goto err;
 		}
 
 	if (x->d == NULL)
-		BIO_snprintf(str,sizeof str,"Modulus (%d bit):",BN_num_bits(x->n));
+		BIO_snprintf(str,sizeof str,"Modulus (%d bit):", mod_len);
 	else
 		BUF_strlcpy(str,"modulus:",sizeof str);
 	if (!print(bp,str,x->n,m,off)) goto err;
 	s=(x->d == NULL)?"Exponent:":"publicExponent:";
-	if (!print(bp,s,x->e,m,off)) goto err;
-	if (!print(bp,"privateExponent:",x->d,m,off)) goto err;
-	if (!print(bp,"prime1:",x->p,m,off)) goto err;
-	if (!print(bp,"prime2:",x->q,m,off)) goto err;
-	if (!print(bp,"exponent1:",x->dmp1,m,off)) goto err;
-	if (!print(bp,"exponent2:",x->dmq1,m,off)) goto err;
-	if (!print(bp,"coefficient:",x->iqmp,m,off)) goto err;
+	if ((x->e != NULL) && !print(bp,s,x->e,m,off))
+		goto err;
+	if ((x->d != NULL) && !print(bp,"privateExponent:",x->d,m,off))
+		goto err;
+	if ((x->p != NULL) && !print(bp,"prime1:",x->p,m,off))
+		goto err;
+	if ((x->q != NULL) && !print(bp,"prime2:",x->q,m,off))
+		goto err;
+	if ((x->dmp1 != NULL) && !print(bp,"exponent1:",x->dmp1,m,off))
+		goto err;
+	if ((x->dmq1 != NULL) && !print(bp,"exponent2:",x->dmq1,m,off))
+		goto err;
+	if ((x->iqmp != NULL) && !print(bp,"coefficient:",x->iqmp,m,off))
+		goto err;
 	ret=1;
 err:
 	if (m != NULL) OPENSSL_free(m);
@@ -196,6 +208,11 @@ int DSA_print(BIO *bp, const DSA *x, int off)
 
 	if (x->p)
 		buf_len = (size_t)BN_num_bytes(x->p);
+	else
+		{
+		DSAerr(DSA_F_DSA_PRINT,DSA_R_MISSING_PARAMETERS);
+		goto err;
+		}
 	if (x->q)
 		if (buf_len < (i = (size_t)BN_num_bytes(x->q)))
 			buf_len = i;
@@ -601,6 +618,7 @@ static int print(BIO *bp, const char *number, const BIGNUM *num, unsigned char *
 	return(1);
 	}
 
+#ifndef OPENSSL_NO_EC
 static int print_bin(BIO *fp, const char *name, const unsigned char *buf,
 		size_t len, int off)
 	{
@@ -638,6 +656,7 @@ static int print_bin(BIO *fp, const char *name, const unsigned char *buf,
 
 	return 1;
 	}
+#endif
 
 #ifndef OPENSSL_NO_DH
 #ifndef OPENSSL_NO_FP_API
@@ -666,6 +685,11 @@ int DHparams_print(BIO *bp, const DH *x)
 
 	if (x->p)
 		buf_len = (size_t)BN_num_bytes(x->p);
+	else
+		{
+		reason = ERR_R_PASSED_NULL_PARAMETER;
+		goto err;
+		}
 	if (x->g)
 		if (buf_len < (i = (size_t)BN_num_bytes(x->g)))
 			buf_len = i;
@@ -719,11 +743,16 @@ int DSAparams_print_fp(FILE *fp, const DSA *x)
 int DSAparams_print(BIO *bp, const DSA *x)
 	{
 	unsigned char *m=NULL;
-	int reason=ERR_R_BUF_LIB,ret=0;
+	int ret=0;
 	size_t buf_len=0,i;
 
 	if (x->p)
 		buf_len = (size_t)BN_num_bytes(x->p);
+	else
+		{
+		DSAerr(DSA_F_DSAPARAMS_PRINT,DSA_R_MISSING_PARAMETERS);
+		goto err;
+		}
 	if (x->q)
 		if (buf_len < (i = (size_t)BN_num_bytes(x->q)))
 			buf_len = i;
@@ -733,7 +762,7 @@ int DSAparams_print(BIO *bp, const DSA *x)
 	m=(unsigned char *)OPENSSL_malloc(buf_len+10);
 	if (m == NULL)
 		{
-		reason=ERR_R_MALLOC_FAILURE;
+		DSAerr(DSA_F_DSAPARAMS_PRINT,ERR_R_MALLOC_FAILURE);
 		goto err;
 		}
 
@@ -741,12 +770,11 @@ int DSAparams_print(BIO *bp, const DSA *x)
 		BN_num_bits(x->p)) <= 0)
 		goto err;
 	if (!print(bp,"p:",x->p,m,4)) goto err;
-	if (!print(bp,"q:",x->q,m,4)) goto err;
-	if (!print(bp,"g:",x->g,m,4)) goto err;
+	if ((x->q != NULL) && !print(bp,"q:",x->q,m,4)) goto err;
+	if ((x->g != NULL) && !print(bp,"g:",x->g,m,4)) goto err;
 	ret=1;
 err:
 	if (m != NULL) OPENSSL_free(m);
-	DSAerr(DSA_F_DSAPARAMS_PRINT,reason);
 	return(ret);
 	}
 

crypto/asn1/t_req.c

@@ -63,8 +63,12 @@
 #include <openssl/objects.h>
 #include <openssl/x509.h>
 #include <openssl/x509v3.h>
+#ifndef OPENSSL_NO_RSA
 #include <openssl/rsa.h>
+#endif
+#ifndef OPENSSL_NO_DSA
 #include <openssl/dsa.h>
+#endif
 
 #ifndef OPENSSL_NO_FP_API
 int X509_REQ_print_fp(FILE *fp, X509_REQ *x)

crypto/asn1/t_spki.c

@@ -60,8 +60,12 @@
 #include "cryptlib.h"
 #include <openssl/x509.h>
 #include <openssl/asn1.h>
+#ifndef OPENSSL_NO_RSA
 #include <openssl/rsa.h>
+#endif
+#ifndef OPENSSL_NO_DSA
 #include <openssl/dsa.h>
+#endif
 #include <openssl/bn.h>
 
 /* Print out an SPKI */

crypto/asn1/tasn_dec.c

@@ -98,7 +98,7 @@ static unsigned long tag2bit[32] = {
 B_ASN1_OCTET_STRING,	0,	0,		B_ASN1_UNKNOWN,/* tags  4- 7 */
 B_ASN1_UNKNOWN,	B_ASN1_UNKNOWN,	B_ASN1_UNKNOWN,	B_ASN1_UNKNOWN,/* tags  8-11 */
 B_ASN1_UTF8STRING,B_ASN1_UNKNOWN,B_ASN1_UNKNOWN,B_ASN1_UNKNOWN,/* tags 12-15 */
-0,	0,	B_ASN1_NUMERICSTRING,B_ASN1_PRINTABLESTRING,   /* tags 16-19 */
+B_ASN1_SEQUENCE,0,B_ASN1_NUMERICSTRING,B_ASN1_PRINTABLESTRING, /* tags 16-19 */
 B_ASN1_T61STRING,B_ASN1_VIDEOTEXSTRING,B_ASN1_IA5STRING,       /* tags 20-22 */
 B_ASN1_UTCTIME, B_ASN1_GENERALIZEDTIME,			       /* tags 23-24 */	
 B_ASN1_GRAPHICSTRING,B_ASN1_ISO64STRING,B_ASN1_GENERALSTRING,  /* tags 25-27 */
@@ -158,7 +158,7 @@ int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len,
 	const ASN1_EXTERN_FUNCS *ef;
 	const ASN1_AUX *aux = it->funcs;
 	ASN1_aux_cb *asn1_cb;
-	const unsigned char *p, *q;
+	const unsigned char *p = NULL, *q;
 	unsigned char *wp=NULL;	/* BIG FAT WARNING!  BREAKS CONST WHERE USED */
 	unsigned char imphack = 0, oclass;
 	char seq_eoc, seq_nolen, cst, isopt;
@@ -283,6 +283,12 @@ int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len,
 			{
 			wp = *(unsigned char **)in;
 			imphack = *wp;
+			if (p == NULL)
+				{
+				ASN1err(ASN1_F_ASN1_ITEM_EX_D2I,
+					ERR_R_NESTED_ASN1_ERROR);
+				goto err;
+				}
 			*wp = (unsigned char)((*p & V_ASN1_CONSTRUCTED)
 								| it->utype);
 			}
@@ -826,6 +832,7 @@ static int asn1_d2i_ex_primitive(ASN1_VALUE **pval,
 		}
 	else if (ret == -1)
 		return -1;
+        ret = 0;
 	/* SEQUENCE, SET and "OTHER" are left in encoded form */
 	if ((utype == V_ASN1_SEQUENCE)
 		|| (utype == V_ASN1_SET) || (utype == V_ASN1_OTHER))
@@ -872,7 +879,10 @@ static int asn1_d2i_ex_primitive(ASN1_VALUE **pval,
 		 * for UNIVERSAL class and ignore the tag.
 		 */
 		if (!asn1_collect(&buf, &p, plen, inf, -1, V_ASN1_UNIVERSAL))
+			{
+			free_cont = 1;
 			goto err;
+			}
 		len = buf.length;
 		/* Append a final null to string */
 		if (!BUF_MEM_grow_clean(&buf, len + 1))
@@ -924,6 +934,8 @@ int asn1_ex_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len,
 		if (!*pval)
 			{
 			typ = ASN1_TYPE_new();
+			if (typ == NULL)
+				goto err;
 			*pval = (ASN1_VALUE *)typ;
 			}
 		else
@@ -1167,7 +1179,7 @@ static int asn1_collect(BUF_MEM *buf, const unsigned char **in, long len,
 			return 0;
 #endif
 			}
-		else if (!collect_data(buf, &p, plen))
+		else if (plen && !collect_data(buf, &p, plen))
 			return 0;
 		len -= p - q;
 		}

crypto/asn1/tasn_enc.c

@@ -59,6 +59,7 @@
 
 #include <stddef.h>
 #include <string.h>
+#include "cryptlib.h"
 #include <openssl/asn1.h>
 #include <openssl/asn1t.h>
 #include <openssl/objects.h>
@@ -617,11 +618,14 @@ int asn1_ex_i2c(ASN1_VALUE **pval, unsigned char *cout, int *putype,
 		tbool = (ASN1_BOOLEAN *)pval;
 		if (*tbool == -1)
 			return -1;
-		/* Default handling if value == size field then omit */
-		if (*tbool && (it->size > 0))
-			return -1;
-		if (!*tbool && !it->size)
-			return -1;
+		if (it->utype != V_ASN1_ANY)
+			{
+			/* Default handling if value == size field then omit */
+			if (*tbool && (it->size > 0))
+				return -1;
+			if (!*tbool && !it->size)
+				return -1;
+			}
 		c = (unsigned char)*tbool;
 		cont = &c;
 		len = 1;

crypto/asn1/tasn_new.c

@@ -326,11 +326,13 @@ int ASN1_primitive_new(ASN1_VALUE **pval, const ASN1_ITEM *it)
 	{
 	ASN1_TYPE *typ;
 	int utype;
-	const ASN1_PRIMITIVE_FUNCS *pf;
-	pf = it->funcs;
 
-	if (pf && pf->prim_new)
-		return pf->prim_new(pval, it);
+	if (it && it->funcs)
+		{
+		const ASN1_PRIMITIVE_FUNCS *pf = it->funcs;
+		if (pf->prim_new)
+			return pf->prim_new(pval, it);
+		}
 
 	if (!it || (it->itype == ASN1_ITYPE_MSTRING))
 		utype = -1;
@@ -374,10 +376,9 @@ int ASN1_primitive_new(ASN1_VALUE **pval, const ASN1_ITEM *it)
 void asn1_primitive_clear(ASN1_VALUE **pval, const ASN1_ITEM *it)
 	{
 	int utype;
-	const ASN1_PRIMITIVE_FUNCS *pf;
-	pf = it->funcs;
-	if (pf)
+	if (it && it->funcs)
 		{
+		const ASN1_PRIMITIVE_FUNCS *pf = it->funcs;
 		if (pf->prim_clear)
 			pf->prim_clear(pval, it);
 		else 

crypto/asn1/x_pubkey.c

@@ -60,8 +60,12 @@
 #include "cryptlib.h"
 #include <openssl/asn1t.h>
 #include <openssl/x509.h>
+#ifndef OPENSSL_NO_RSA
 #include <openssl/rsa.h>
+#endif
+#ifndef OPENSSL_NO_DSA
 #include <openssl/dsa.h>
+#endif
 
 /* Minor tweak to operation: free up EVP_PKEY */
 static int pubkey_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it)

crypto/asn1/x_req.c

@@ -102,7 +102,7 @@ ASN1_SEQUENCE_enc(X509_REQ_INFO, enc, rinf_cb) = {
 
 IMPLEMENT_ASN1_FUNCTIONS(X509_REQ_INFO)
 
-ASN1_SEQUENCE_ref(X509_REQ, 0, CRYPTO_LOCK_X509_INFO) = {
+ASN1_SEQUENCE_ref(X509_REQ, 0, CRYPTO_LOCK_X509_REQ) = {
 	ASN1_SIMPLE(X509_REQ, req_info, X509_REQ_INFO),
 	ASN1_SIMPLE(X509_REQ, sig_alg, X509_ALGOR),
 	ASN1_SIMPLE(X509_REQ, signature, ASN1_BIT_STRING)

crypto/bf/Makefile

@@ -1,5 +1,5 @@
 #
-# SSLeay/crypto/blowfish/Makefile
+# OpenSSL/crypto/blowfish/Makefile
 #
 
 DIR=	bf
@@ -62,7 +62,10 @@ links:
 	@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
 	@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
 
-install:
+# We need to use force because 'install' matches 'INSTALL' on case
+# insensitive systems
+FRC.install:
+install: FRC.install
 	@[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
 	@headerlist="$(EXHEADER)"; for i in $$headerlist ; \
 	do  \

crypto/bf/bf_enc.c

@@ -73,7 +73,7 @@ void BF_encrypt(BF_LONG *data, const BF_KEY *key)
 	{
 #ifndef BF_PTR2
 	register BF_LONG l,r;
-    const register BF_LONG *p,*s;
+	register const BF_LONG *p,*s;
 
 	p=key->P;
 	s= &(key->S[0]);
@@ -150,7 +150,7 @@ void BF_decrypt(BF_LONG *data, const BF_KEY *key)
 	{
 #ifndef BF_PTR2
 	register BF_LONG l,r;
-    const register BF_LONG *p,*s;
+	register const BF_LONG *p,*s;
 
 	p=key->P;
 	s= &(key->S[0]);

crypto/bio/Makefile

@@ -1,5 +1,5 @@
 #
-# SSLeay/crypto/bio/Makefile
+# OpenSSL/crypto/bio/Makefile
 #
 
 DIR=	bio

crypto/bio/bio.h

@@ -676,17 +676,20 @@ void BIO_copy_next_retry(BIO *b);
 
 /*long BIO_ghbn_ctrl(int cmd,int iarg,char *parg);*/
 
-#ifndef __GNUC__
-#define __attribute__(x)
+#ifdef __GNUC__
+#  define __bio_h__attr__ __attribute__
+#else
+#  define __bio_h__attr__(x)
 #endif
 int BIO_printf(BIO *bio, const char *format, ...)
-	__attribute__((__format__(__printf__,2,3)));
+	__bio_h__attr__((__format__(__printf__,2,3)));
 int BIO_vprintf(BIO *bio, const char *format, va_list args)
-	__attribute__((__format__(__printf__,2,0)));
+	__bio_h__attr__((__format__(__printf__,2,0)));
 int BIO_snprintf(char *buf, size_t n, const char *format, ...)
-	__attribute__((__format__(__printf__,3,4)));
+	__bio_h__attr__((__format__(__printf__,3,4)));
 int BIO_vsnprintf(char *buf, size_t n, const char *format, va_list args)
-	__attribute__((__format__(__printf__,3,0)));
+	__bio_h__attr__((__format__(__printf__,3,0)));
+#undef __bio_h__attr__
 
 /* BEGIN ERROR CODES */
 /* The following lines are auto generated by the script mkerr.pl. Any changes

crypto/bio/bss_conn.c

@@ -469,7 +469,7 @@ static long conn_ctrl(BIO *b, int cmd, long num, void *ptr)
 		break;
 	case BIO_C_DO_STATE_MACHINE:
 		/* use this one to start the connection */
-		if (!(data->state != BIO_CONN_S_OK))
+		if (data->state != BIO_CONN_S_OK)
 			ret=(long)conn_state(b,data);
 		else
 			ret=1;

crypto/bio/bss_file.c

@@ -128,7 +128,10 @@ BIO *BIO_new_file(const char *filename, const char *mode)
 		return(NULL);
 		}
 	if ((ret=BIO_new(BIO_s_file_internal())) == NULL)
+		{
+		fclose(file);
 		return(NULL);
+		}
 
 	BIO_clear_flags(ret,BIO_FLAGS_UPLINK); /* we did fopen -> we disengage UPLINK */
 	BIO_set_fp(ret,file,BIO_CLOSE);
@@ -396,7 +399,10 @@ static int MS_CALLBACK file_gets(BIO *bp, char *buf, int size)
 	int ret=0;
 
 	buf[0]='\0';
-	fgets(buf,size,(FILE *)bp->ptr);
+	if (bp->flags&BIO_FLAGS_UPLINK)
+		UP_fgets(buf,size,bp->ptr);
+	else
+		fgets(buf,size,(FILE *)bp->ptr);
 	if (buf[0] != '\0')
 		ret=strlen(buf);
 	return(ret);

crypto/bn/Makefile

@@ -1,5 +1,5 @@
 #
-# SSLeay/crypto/bn/Makefile
+# OpenSSL/crypto/bn/Makefile
 #
 
 DIR=	bn
@@ -28,13 +28,13 @@ LIBSRC=	bn_add.c bn_div.c bn_exp.c bn_lib.c bn_ctx.c bn_mul.c bn_mod.c \
 	bn_print.c bn_rand.c bn_shift.c bn_word.c bn_blind.c \
 	bn_kron.c bn_sqrt.c bn_gcd.c bn_prime.c bn_err.c bn_sqr.c bn_asm.c \
 	bn_recp.c bn_mont.c bn_mpi.c bn_exp2.c bn_gf2m.c bn_nist.c \
-	bn_depr.c
+	bn_depr.c bn_const.c
 
 LIBOBJ=	bn_add.o bn_div.o bn_exp.o bn_lib.o bn_ctx.o bn_mul.o bn_mod.o \
 	bn_print.o bn_rand.o bn_shift.o bn_word.o bn_blind.o \
 	bn_kron.o bn_sqrt.o bn_gcd.o bn_prime.o bn_err.o bn_sqr.o $(BN_ASM) \
 	bn_recp.o bn_mont.o bn_mpi.o bn_exp2.o bn_gf2m.o bn_nist.o \
-	bn_depr.o
+	bn_depr.o bn_const.o
 
 SRC= $(LIBSRC)
 
@@ -175,6 +175,8 @@ bn_blind.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
 bn_blind.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 bn_blind.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
 bn_blind.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_blind.c bn_lcl.h
+bn_const.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
+bn_const.o: ../../include/openssl/ossl_typ.h bn.h bn_const.c
 bn_ctx.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
 bn_ctx.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 bn_ctx.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h

crypto/bn/asm/sparcv8plus.S

@@ -162,10 +162,14 @@
  * BN_ULONG w;
  */
 bn_mul_add_words:
+	sra	%o2,%g0,%o2	! signx %o2
 	brgz,a	%o2,.L_bn_mul_add_words_proceed
 	lduw	[%o1],%g2
 	retl
 	clr	%o0
+	nop
+	nop
+	nop
 
 .L_bn_mul_add_words_proceed:
 	srl	%o3,%g0,%o3	! clruw	%o3
@@ -260,10 +264,14 @@ bn_mul_add_words:
  * BN_ULONG w;
  */
 bn_mul_words:
+	sra	%o2,%g0,%o2	! signx %o2
 	brgz,a	%o2,.L_bn_mul_words_proceeed
 	lduw	[%o1],%g2
 	retl
 	clr	%o0
+	nop
+	nop
+	nop
 
 .L_bn_mul_words_proceeed:
 	srl	%o3,%g0,%o3	! clruw	%o3
@@ -344,10 +352,14 @@ bn_mul_words:
  * int n;
  */
 bn_sqr_words:
+	sra	%o2,%g0,%o2	! signx %o2
 	brgz,a	%o2,.L_bn_sqr_words_proceeed
 	lduw	[%o1],%g2
 	retl
 	clr	%o0
+	nop
+	nop
+	nop
 
 .L_bn_sqr_words_proceeed:
 	andcc	%o2,-4,%g0
@@ -445,6 +457,7 @@ bn_div_words:
  * int n;
  */
 bn_add_words:
+	sra	%o3,%g0,%o3	! signx %o3
 	brgz,a	%o3,.L_bn_add_words_proceed
 	lduw	[%o1],%o4
 	retl
@@ -454,7 +467,6 @@ bn_add_words:
 	andcc	%o3,-4,%g0
 	bz,pn	%icc,.L_bn_add_words_tail
 	addcc	%g0,0,%g0	! clear carry flag
-	nop
 
 .L_bn_add_words_loop:		! wow! 32 aligned!
 	dec	4,%o3
@@ -523,6 +535,7 @@ bn_add_words:
  * int n;
  */
 bn_sub_words:
+	sra	%o3,%g0,%o3	! signx %o3
 	brgz,a	%o3,.L_bn_sub_words_proceed
 	lduw	[%o1],%o4
 	retl
@@ -532,7 +545,6 @@ bn_sub_words:
 	andcc	%o3,-4,%g0
 	bz,pn	%icc,.L_bn_sub_words_tail
 	addcc	%g0,0,%g0	! clear carry flag
-	nop
 
 .L_bn_sub_words_loop:		! wow! 32 aligned!
 	dec	4,%o3

crypto/bn/asm/x86_64-gcc.c

@@ -1,3 +1,6 @@
+#ifdef __SUNPRO_C
+# include "../bn_asm.c"	/* kind of dirty hack for Sun Studio */
+#else
 /*
  * x86_64 BIGNUM accelerator version 0.1, December 2002.
  *
@@ -591,3 +594,4 @@ void bn_sqr_comba4(BN_ULONG *r, BN_ULONG *a)
 	r[6]=c1;
 	r[7]=c2;
 	}
+#endif

crypto/bn/bn.h

@@ -412,9 +412,15 @@ int	BN_uadd(BIGNUM *r, const BIGNUM *a, const BIGNUM *b);
 int	BN_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b);
 int	BN_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx);
 int	BN_sqr(BIGNUM *r, const BIGNUM *a,BN_CTX *ctx);
-/* BN_set_negative(): sets sign of a bignum */
+/** BN_set_negative sets sign of a BIGNUM
+ * \param  b  pointer to the BIGNUM object
+ * \param  n  0 if the BIGNUM b should be positive and a value != 0 otherwise 
+ */
 void	BN_set_negative(BIGNUM *b, int n);
-/* BN_get_negative():  returns 1 if the bignum is < 0 and 0 otherwise */
+/** BN_is_negative returns 1 if the BIGNUM is negative
+ * \param  a  pointer to the BIGNUM object
+ * \return 1 if a < 0 and 0 otherwise
+ */
 #define BN_is_negative(a) ((a)->neg != 0)
 
 int	BN_div(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, const BIGNUM *d,
@@ -699,9 +705,11 @@ int RAND_pseudo_bytes(unsigned char *buf,int num);
 #define bn_check_top(a) \
 	do { \
 		const BIGNUM *_bnum2 = (a); \
-		assert((_bnum2->top == 0) || \
+		if (_bnum2 != NULL) { \
+			assert((_bnum2->top == 0) || \
 				(_bnum2->d[_bnum2->top - 1] != 0)); \
-		bn_pollute(_bnum2); \
+			bn_pollute(_bnum2); \
+		} \
 	} while(0)
 
 #define bn_fix_top(a)		bn_check_top(a)
@@ -732,6 +740,18 @@ BN_ULONG bn_div_words(BN_ULONG h, BN_ULONG l, BN_ULONG d);
 BN_ULONG bn_add_words(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,int num);
 BN_ULONG bn_sub_words(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,int num);
 
+/* Primes from RFC 2409 */
+BIGNUM *get_rfc2409_prime_768(BIGNUM *bn);
+BIGNUM *get_rfc2409_prime_1024(BIGNUM *bn);
+
+/* Primes from RFC 3526 */
+BIGNUM *get_rfc3526_prime_1536(BIGNUM *bn);
+BIGNUM *get_rfc3526_prime_2048(BIGNUM *bn);
+BIGNUM *get_rfc3526_prime_3072(BIGNUM *bn);
+BIGNUM *get_rfc3526_prime_4096(BIGNUM *bn);
+BIGNUM *get_rfc3526_prime_6144(BIGNUM *bn);
+BIGNUM *get_rfc3526_prime_8192(BIGNUM *bn);
+
 int BN_bntest_rand(BIGNUM *rnd, int bits, int top,int bottom);
 
 /* BEGIN ERROR CODES */

crypto/bn/bn_asm.c

@@ -459,6 +459,34 @@ BN_ULONG bn_sub_words(BN_ULONG *r, const BN_ULONG *a, const BN_ULONG *b, int n)
 #define sqr_add_c2(a,i,j,c0,c1,c2) \
 	mul_add_c2((a)[i],(a)[j],c0,c1,c2)
 
+#elif defined(BN_UMULT_LOHI)
+
+#define mul_add_c(a,b,c0,c1,c2)	{	\
+	BN_ULONG ta=(a),tb=(b);		\
+	BN_UMULT_LOHI(t1,t2,ta,tb);	\
+	c0 += t1; t2 += (c0<t1)?1:0;	\
+	c1 += t2; c2 += (c1<t2)?1:0;	\
+	}
+
+#define mul_add_c2(a,b,c0,c1,c2) {	\
+	BN_ULONG ta=(a),tb=(b),t0;	\
+	BN_UMULT_LOHI(t0,t1,ta,tb);	\
+	t2 = t1+t1; c2 += (t2<t1)?1:0;	\
+	t1 = t0+t0; t2 += (t1<t0)?1:0;	\
+	c0 += t1; t2 += (c0<t1)?1:0;	\
+	c1 += t2; c2 += (c1<t2)?1:0;	\
+	}
+
+#define sqr_add_c(a,i,c0,c1,c2)	{	\
+	BN_ULONG ta=(a)[i];		\
+	BN_UMULT_LOHI(t1,t2,ta,ta);	\
+	c0 += t1; t2 += (c0<t1)?1:0;	\
+	c1 += t2; c2 += (c1<t2)?1:0;	\
+	}
+
+#define sqr_add_c2(a,i,j,c0,c1,c2)	\
+	mul_add_c2((a)[i],(a)[j],c0,c1,c2)
+
 #elif defined(BN_UMULT_HIGH)
 
 #define mul_add_c(a,b,c0,c1,c2)	{	\

crypto/bn/bn_const.c

@@ -0,0 +1,402 @@
+/* crypto/bn/knownprimes.c */
+/* Insert boilerplate */
+
+#include "bn.h"
+
+/* "First Oakley Default Group" from RFC2409, section 6.1.
+ *
+ * The prime is: 2^768 - 2 ^704 - 1 + 2^64 * { [2^638 pi] + 149686 }
+ *
+ * RFC2409 specifies a generator of 2.
+ * RFC2412 specifies a generator of of 22.
+ */
+
+BIGNUM *get_rfc2409_prime_768(BIGNUM *bn)
+	{
+	static const unsigned char RFC2409_PRIME_768[]={
+		0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xC9,0x0F,0xDA,0xA2,
+		0x21,0x68,0xC2,0x34,0xC4,0xC6,0x62,0x8B,0x80,0xDC,0x1C,0xD1,
+		0x29,0x02,0x4E,0x08,0x8A,0x67,0xCC,0x74,0x02,0x0B,0xBE,0xA6,
+		0x3B,0x13,0x9B,0x22,0x51,0x4A,0x08,0x79,0x8E,0x34,0x04,0xDD,
+		0xEF,0x95,0x19,0xB3,0xCD,0x3A,0x43,0x1B,0x30,0x2B,0x0A,0x6D,
+		0xF2,0x5F,0x14,0x37,0x4F,0xE1,0x35,0x6D,0x6D,0x51,0xC2,0x45,
+		0xE4,0x85,0xB5,0x76,0x62,0x5E,0x7E,0xC6,0xF4,0x4C,0x42,0xE9,
+		0xA6,0x3A,0x36,0x20,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
+		};
+	return BN_bin2bn(RFC2409_PRIME_768,sizeof(RFC2409_PRIME_768),bn);
+	}
+
+/* "Second Oakley Default Group" from RFC2409, section 6.2.
+ *
+ * The prime is: 2^1024 - 2^960 - 1 + 2^64 * { [2^894 pi] + 129093 }.
+ *
+ * RFC2409 specifies a generator of 2.
+ * RFC2412 specifies a generator of 22.
+ */
+
+BIGNUM *get_rfc2409_prime_1024(BIGNUM *bn)
+	{
+	static const unsigned char RFC2409_PRIME_1024[]={
+		0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xC9,0x0F,0xDA,0xA2,
+		0x21,0x68,0xC2,0x34,0xC4,0xC6,0x62,0x8B,0x80,0xDC,0x1C,0xD1,
+		0x29,0x02,0x4E,0x08,0x8A,0x67,0xCC,0x74,0x02,0x0B,0xBE,0xA6,
+		0x3B,0x13,0x9B,0x22,0x51,0x4A,0x08,0x79,0x8E,0x34,0x04,0xDD,
+		0xEF,0x95,0x19,0xB3,0xCD,0x3A,0x43,0x1B,0x30,0x2B,0x0A,0x6D,
+		0xF2,0x5F,0x14,0x37,0x4F,0xE1,0x35,0x6D,0x6D,0x51,0xC2,0x45,
+		0xE4,0x85,0xB5,0x76,0x62,0x5E,0x7E,0xC6,0xF4,0x4C,0x42,0xE9,
+		0xA6,0x37,0xED,0x6B,0x0B,0xFF,0x5C,0xB6,0xF4,0x06,0xB7,0xED,
+		0xEE,0x38,0x6B,0xFB,0x5A,0x89,0x9F,0xA5,0xAE,0x9F,0x24,0x11,
+		0x7C,0x4B,0x1F,0xE6,0x49,0x28,0x66,0x51,0xEC,0xE6,0x53,0x81,
+		0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
+		};
+	return BN_bin2bn(RFC2409_PRIME_1024,sizeof(RFC2409_PRIME_1024),bn);
+	}
+
+/* "1536-bit MODP Group" from RFC3526, Section 2.
+ *
+ * The prime is: 2^1536 - 2^1472 - 1 + 2^64 * { [2^1406 pi] + 741804 }
+ *
+ * RFC3526 specifies a generator of 2.
+ * RFC2312 specifies a generator of 22.
+ */
+
+BIGNUM *get_rfc3526_prime_1536(BIGNUM *bn)
+	{
+	static const unsigned char RFC3526_PRIME_1536[]={
+		0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xC9,0x0F,0xDA,0xA2,
+		0x21,0x68,0xC2,0x34,0xC4,0xC6,0x62,0x8B,0x80,0xDC,0x1C,0xD1,
+		0x29,0x02,0x4E,0x08,0x8A,0x67,0xCC,0x74,0x02,0x0B,0xBE,0xA6,
+		0x3B,0x13,0x9B,0x22,0x51,0x4A,0x08,0x79,0x8E,0x34,0x04,0xDD,
+		0xEF,0x95,0x19,0xB3,0xCD,0x3A,0x43,0x1B,0x30,0x2B,0x0A,0x6D,
+		0xF2,0x5F,0x14,0x37,0x4F,0xE1,0x35,0x6D,0x6D,0x51,0xC2,0x45,
+		0xE4,0x85,0xB5,0x76,0x62,0x5E,0x7E,0xC6,0xF4,0x4C,0x42,0xE9,
+		0xA6,0x37,0xED,0x6B,0x0B,0xFF,0x5C,0xB6,0xF4,0x06,0xB7,0xED,
+		0xEE,0x38,0x6B,0xFB,0x5A,0x89,0x9F,0xA5,0xAE,0x9F,0x24,0x11,
+		0x7C,0x4B,0x1F,0xE6,0x49,0x28,0x66,0x51,0xEC,0xE4,0x5B,0x3D,
+		0xC2,0x00,0x7C,0xB8,0xA1,0x63,0xBF,0x05,0x98,0xDA,0x48,0x36,
+		0x1C,0x55,0xD3,0x9A,0x69,0x16,0x3F,0xA8,0xFD,0x24,0xCF,0x5F,
+		0x83,0x65,0x5D,0x23,0xDC,0xA3,0xAD,0x96,0x1C,0x62,0xF3,0x56,
+		0x20,0x85,0x52,0xBB,0x9E,0xD5,0x29,0x07,0x70,0x96,0x96,0x6D,
+		0x67,0x0C,0x35,0x4E,0x4A,0xBC,0x98,0x04,0xF1,0x74,0x6C,0x08,
+		0xCA,0x23,0x73,0x27,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
+		};
+	return BN_bin2bn(RFC3526_PRIME_1536,sizeof(RFC3526_PRIME_1536),bn);
+	}
+
+/* "2048-bit MODP Group" from RFC3526, Section 3.
+ *
+ * The prime is: 2^2048 - 2^1984 - 1 + 2^64 * { [2^1918 pi] + 124476 }
+ *
+ * RFC3526 specifies a generator of 2.
+ */
+
+BIGNUM *get_rfc3526_prime_2048(BIGNUM *bn)
+	{
+	static const unsigned char RFC3526_PRIME_2048[]={
+		0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xC9,0x0F,0xDA,0xA2,
+		0x21,0x68,0xC2,0x34,0xC4,0xC6,0x62,0x8B,0x80,0xDC,0x1C,0xD1,
+		0x29,0x02,0x4E,0x08,0x8A,0x67,0xCC,0x74,0x02,0x0B,0xBE,0xA6,
+		0x3B,0x13,0x9B,0x22,0x51,0x4A,0x08,0x79,0x8E,0x34,0x04,0xDD,
+		0xEF,0x95,0x19,0xB3,0xCD,0x3A,0x43,0x1B,0x30,0x2B,0x0A,0x6D,
+		0xF2,0x5F,0x14,0x37,0x4F,0xE1,0x35,0x6D,0x6D,0x51,0xC2,0x45,
+		0xE4,0x85,0xB5,0x76,0x62,0x5E,0x7E,0xC6,0xF4,0x4C,0x42,0xE9,
+		0xA6,0x37,0xED,0x6B,0x0B,0xFF,0x5C,0xB6,0xF4,0x06,0xB7,0xED,
+		0xEE,0x38,0x6B,0xFB,0x5A,0x89,0x9F,0xA5,0xAE,0x9F,0x24,0x11,
+		0x7C,0x4B,0x1F,0xE6,0x49,0x28,0x66,0x51,0xEC,0xE4,0x5B,0x3D,
+		0xC2,0x00,0x7C,0xB8,0xA1,0x63,0xBF,0x05,0x98,0xDA,0x48,0x36,
+		0x1C,0x55,0xD3,0x9A,0x69,0x16,0x3F,0xA8,0xFD,0x24,0xCF,0x5F,
+		0x83,0x65,0x5D,0x23,0xDC,0xA3,0xAD,0x96,0x1C,0x62,0xF3,0x56,
+		0x20,0x85,0x52,0xBB,0x9E,0xD5,0x29,0x07,0x70,0x96,0x96,0x6D,
+		0x67,0x0C,0x35,0x4E,0x4A,0xBC,0x98,0x04,0xF1,0x74,0x6C,0x08,
+		0xCA,0x18,0x21,0x7C,0x32,0x90,0x5E,0x46,0x2E,0x36,0xCE,0x3B,
+		0xE3,0x9E,0x77,0x2C,0x18,0x0E,0x86,0x03,0x9B,0x27,0x83,0xA2,
+		0xEC,0x07,0xA2,0x8F,0xB5,0xC5,0x5D,0xF0,0x6F,0x4C,0x52,0xC9,
+		0xDE,0x2B,0xCB,0xF6,0x95,0x58,0x17,0x18,0x39,0x95,0x49,0x7C,
+		0xEA,0x95,0x6A,0xE5,0x15,0xD2,0x26,0x18,0x98,0xFA,0x05,0x10,
+		0x15,0x72,0x8E,0x5A,0x8A,0xAC,0xAA,0x68,0xFF,0xFF,0xFF,0xFF,
+		0xFF,0xFF,0xFF,0xFF,
+		};
+	return BN_bin2bn(RFC3526_PRIME_2048,sizeof(RFC3526_PRIME_2048),bn);
+	}
+
+/* "3072-bit MODP Group" from RFC3526, Section 4.
+ *
+ * The prime is: 2^3072 - 2^3008 - 1 + 2^64 * { [2^2942 pi] + 1690314 }
+ *
+ * RFC3526 specifies a generator of 2.
+ */
+
+BIGNUM *get_rfc3526_prime_3072(BIGNUM *bn)
+	{
+	static const unsigned char RFC3526_PRIME_3072[]={
+		0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xC9,0x0F,0xDA,0xA2,
+		0x21,0x68,0xC2,0x34,0xC4,0xC6,0x62,0x8B,0x80,0xDC,0x1C,0xD1,
+		0x29,0x02,0x4E,0x08,0x8A,0x67,0xCC,0x74,0x02,0x0B,0xBE,0xA6,
+		0x3B,0x13,0x9B,0x22,0x51,0x4A,0x08,0x79,0x8E,0x34,0x04,0xDD,
+		0xEF,0x95,0x19,0xB3,0xCD,0x3A,0x43,0x1B,0x30,0x2B,0x0A,0x6D,
+		0xF2,0x5F,0x14,0x37,0x4F,0xE1,0x35,0x6D,0x6D,0x51,0xC2,0x45,
+		0xE4,0x85,0xB5,0x76,0x62,0x5E,0x7E,0xC6,0xF4,0x4C,0x42,0xE9,
+		0xA6,0x37,0xED,0x6B,0x0B,0xFF,0x5C,0xB6,0xF4,0x06,0xB7,0xED,
+		0xEE,0x38,0x6B,0xFB,0x5A,0x89,0x9F,0xA5,0xAE,0x9F,0x24,0x11,
+		0x7C,0x4B,0x1F,0xE6,0x49,0x28,0x66,0x51,0xEC,0xE4,0x5B,0x3D,
+		0xC2,0x00,0x7C,0xB8,0xA1,0x63,0xBF,0x05,0x98,0xDA,0x48,0x36,
+		0x1C,0x55,0xD3,0x9A,0x69,0x16,0x3F,0xA8,0xFD,0x24,0xCF,0x5F,
+		0x83,0x65,0x5D,0x23,0xDC,0xA3,0xAD,0x96,0x1C,0x62,0xF3,0x56,
+		0x20,0x85,0x52,0xBB,0x9E,0xD5,0x29,0x07,0x70,0x96,0x96,0x6D,
+		0x67,0x0C,0x35,0x4E,0x4A,0xBC,0x98,0x04,0xF1,0x74,0x6C,0x08,
+		0xCA,0x18,0x21,0x7C,0x32,0x90,0x5E,0x46,0x2E,0x36,0xCE,0x3B,
+		0xE3,0x9E,0x77,0x2C,0x18,0x0E,0x86,0x03,0x9B,0x27,0x83,0xA2,
+		0xEC,0x07,0xA2,0x8F,0xB5,0xC5,0x5D,0xF0,0x6F,0x4C,0x52,0xC9,
+		0xDE,0x2B,0xCB,0xF6,0x95,0x58,0x17,0x18,0x39,0x95,0x49,0x7C,
+		0xEA,0x95,0x6A,0xE5,0x15,0xD2,0x26,0x18,0x98,0xFA,0x05,0x10,
+		0x15,0x72,0x8E,0x5A,0x8A,0xAA,0xC4,0x2D,0xAD,0x33,0x17,0x0D,
+		0x04,0x50,0x7A,0x33,0xA8,0x55,0x21,0xAB,0xDF,0x1C,0xBA,0x64,
+		0xEC,0xFB,0x85,0x04,0x58,0xDB,0xEF,0x0A,0x8A,0xEA,0x71,0x57,
+		0x5D,0x06,0x0C,0x7D,0xB3,0x97,0x0F,0x85,0xA6,0xE1,0xE4,0xC7,
+		0xAB,0xF5,0xAE,0x8C,0xDB,0x09,0x33,0xD7,0x1E,0x8C,0x94,0xE0,
+		0x4A,0x25,0x61,0x9D,0xCE,0xE3,0xD2,0x26,0x1A,0xD2,0xEE,0x6B,
+		0xF1,0x2F,0xFA,0x06,0xD9,0x8A,0x08,0x64,0xD8,0x76,0x02,0x73,
+		0x3E,0xC8,0x6A,0x64,0x52,0x1F,0x2B,0x18,0x17,0x7B,0x20,0x0C,
+		0xBB,0xE1,0x17,0x57,0x7A,0x61,0x5D,0x6C,0x77,0x09,0x88,0xC0,
+		0xBA,0xD9,0x46,0xE2,0x08,0xE2,0x4F,0xA0,0x74,0xE5,0xAB,0x31,
+		0x43,0xDB,0x5B,0xFC,0xE0,0xFD,0x10,0x8E,0x4B,0x82,0xD1,0x20,
+		0xA9,0x3A,0xD2,0xCA,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
+		};
+	return BN_bin2bn(RFC3526_PRIME_3072,sizeof(RFC3526_PRIME_3072),bn);
+	}
+
+/* "4096-bit MODP Group" from RFC3526, Section 5.
+ *
+ * The prime is: 2^4096 - 2^4032 - 1 + 2^64 * { [2^3966 pi] + 240904 }
+ *
+ * RFC3526 specifies a generator of 2.
+ */
+
+BIGNUM *get_rfc3526_prime_4096(BIGNUM *bn)
+	{
+	static const unsigned char RFC3526_PRIME_4096[]={
+		0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xC9,0x0F,0xDA,0xA2,
+		0x21,0x68,0xC2,0x34,0xC4,0xC6,0x62,0x8B,0x80,0xDC,0x1C,0xD1,
+		0x29,0x02,0x4E,0x08,0x8A,0x67,0xCC,0x74,0x02,0x0B,0xBE,0xA6,
+		0x3B,0x13,0x9B,0x22,0x51,0x4A,0x08,0x79,0x8E,0x34,0x04,0xDD,
+		0xEF,0x95,0x19,0xB3,0xCD,0x3A,0x43,0x1B,0x30,0x2B,0x0A,0x6D,
+		0xF2,0x5F,0x14,0x37,0x4F,0xE1,0x35,0x6D,0x6D,0x51,0xC2,0x45,
+		0xE4,0x85,0xB5,0x76,0x62,0x5E,0x7E,0xC6,0xF4,0x4C,0x42,0xE9,
+		0xA6,0x37,0xED,0x6B,0x0B,0xFF,0x5C,0xB6,0xF4,0x06,0xB7,0xED,
+		0xEE,0x38,0x6B,0xFB,0x5A,0x89,0x9F,0xA5,0xAE,0x9F,0x24,0x11,
+		0x7C,0x4B,0x1F,0xE6,0x49,0x28,0x66,0x51,0xEC,0xE4,0x5B,0x3D,
+		0xC2,0x00,0x7C,0xB8,0xA1,0x63,0xBF,0x05,0x98,0xDA,0x48,0x36,
+		0x1C,0x55,0xD3,0x9A,0x69,0x16,0x3F,0xA8,0xFD,0x24,0xCF,0x5F,
+		0x83,0x65,0x5D,0x23,0xDC,0xA3,0xAD,0x96,0x1C,0x62,0xF3,0x56,
+		0x20,0x85,0x52,0xBB,0x9E,0xD5,0x29,0x07,0x70,0x96,0x96,0x6D,
+		0x67,0x0C,0x35,0x4E,0x4A,0xBC,0x98,0x04,0xF1,0x74,0x6C,0x08,
+		0xCA,0x18,0x21,0x7C,0x32,0x90,0x5E,0x46,0x2E,0x36,0xCE,0x3B,
+		0xE3,0x9E,0x77,0x2C,0x18,0x0E,0x86,0x03,0x9B,0x27,0x83,0xA2,
+		0xEC,0x07,0xA2,0x8F,0xB5,0xC5,0x5D,0xF0,0x6F,0x4C,0x52,0xC9,
+		0xDE,0x2B,0xCB,0xF6,0x95,0x58,0x17,0x18,0x39,0x95,0x49,0x7C,
+		0xEA,0x95,0x6A,0xE5,0x15,0xD2,0x26,0x18,0x98,0xFA,0x05,0x10,
+		0x15,0x72,0x8E,0x5A,0x8A,0xAA,0xC4,0x2D,0xAD,0x33,0x17,0x0D,
+		0x04,0x50,0x7A,0x33,0xA8,0x55,0x21,0xAB,0xDF,0x1C,0xBA,0x64,
+		0xEC,0xFB,0x85,0x04,0x58,0xDB,0xEF,0x0A,0x8A,0xEA,0x71,0x57,
+		0x5D,0x06,0x0C,0x7D,0xB3,0x97,0x0F,0x85,0xA6,0xE1,0xE4,0xC7,
+		0xAB,0xF5,0xAE,0x8C,0xDB,0x09,0x33,0xD7,0x1E,0x8C,0x94,0xE0,
+		0x4A,0x25,0x61,0x9D,0xCE,0xE3,0xD2,0x26,0x1A,0xD2,0xEE,0x6B,
+		0xF1,0x2F,0xFA,0x06,0xD9,0x8A,0x08,0x64,0xD8,0x76,0x02,0x73,
+		0x3E,0xC8,0x6A,0x64,0x52,0x1F,0x2B,0x18,0x17,0x7B,0x20,0x0C,
+		0xBB,0xE1,0x17,0x57,0x7A,0x61,0x5D,0x6C,0x77,0x09,0x88,0xC0,
+		0xBA,0xD9,0x46,0xE2,0x08,0xE2,0x4F,0xA0,0x74,0xE5,0xAB,0x31,
+		0x43,0xDB,0x5B,0xFC,0xE0,0xFD,0x10,0x8E,0x4B,0x82,0xD1,0x20,
+		0xA9,0x21,0x08,0x01,0x1A,0x72,0x3C,0x12,0xA7,0x87,0xE6,0xD7,
+		0x88,0x71,0x9A,0x10,0xBD,0xBA,0x5B,0x26,0x99,0xC3,0x27,0x18,
+		0x6A,0xF4,0xE2,0x3C,0x1A,0x94,0x68,0x34,0xB6,0x15,0x0B,0xDA,
+		0x25,0x83,0xE9,0xCA,0x2A,0xD4,0x4C,0xE8,0xDB,0xBB,0xC2,0xDB,
+		0x04,0xDE,0x8E,0xF9,0x2E,0x8E,0xFC,0x14,0x1F,0xBE,0xCA,0xA6,
+		0x28,0x7C,0x59,0x47,0x4E,0x6B,0xC0,0x5D,0x99,0xB2,0x96,0x4F,
+		0xA0,0x90,0xC3,0xA2,0x23,0x3B,0xA1,0x86,0x51,0x5B,0xE7,0xED,
+		0x1F,0x61,0x29,0x70,0xCE,0xE2,0xD7,0xAF,0xB8,0x1B,0xDD,0x76,
+		0x21,0x70,0x48,0x1C,0xD0,0x06,0x91,0x27,0xD5,0xB0,0x5A,0xA9,
+		0x93,0xB4,0xEA,0x98,0x8D,0x8F,0xDD,0xC1,0x86,0xFF,0xB7,0xDC,
+		0x90,0xA6,0xC0,0x8F,0x4D,0xF4,0x35,0xC9,0x34,0x06,0x31,0x99,
+		0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
+		};
+	return BN_bin2bn(RFC3526_PRIME_4096,sizeof(RFC3526_PRIME_4096),bn);
+	}
+
+/* "6144-bit MODP Group" from RFC3526, Section 6.
+ *
+ * The prime is: 2^6144 - 2^6080 - 1 + 2^64 * { [2^6014 pi] + 929484 }
+ *
+ * RFC3526 specifies a generator of 2.
+ */
+
+BIGNUM *get_rfc3526_prime_6144(BIGNUM *bn)
+	{
+	static const unsigned char RFC3526_PRIME_6144[]={
+		0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xC9,0x0F,0xDA,0xA2,
+		0x21,0x68,0xC2,0x34,0xC4,0xC6,0x62,0x8B,0x80,0xDC,0x1C,0xD1,
+		0x29,0x02,0x4E,0x08,0x8A,0x67,0xCC,0x74,0x02,0x0B,0xBE,0xA6,
+		0x3B,0x13,0x9B,0x22,0x51,0x4A,0x08,0x79,0x8E,0x34,0x04,0xDD,
+		0xEF,0x95,0x19,0xB3,0xCD,0x3A,0x43,0x1B,0x30,0x2B,0x0A,0x6D,
+		0xF2,0x5F,0x14,0x37,0x4F,0xE1,0x35,0x6D,0x6D,0x51,0xC2,0x45,
+		0xE4,0x85,0xB5,0x76,0x62,0x5E,0x7E,0xC6,0xF4,0x4C,0x42,0xE9,
+		0xA6,0x37,0xED,0x6B,0x0B,0xFF,0x5C,0xB6,0xF4,0x06,0xB7,0xED,
+		0xEE,0x38,0x6B,0xFB,0x5A,0x89,0x9F,0xA5,0xAE,0x9F,0x24,0x11,
+		0x7C,0x4B,0x1F,0xE6,0x49,0x28,0x66,0x51,0xEC,0xE4,0x5B,0x3D,
+		0xC2,0x00,0x7C,0xB8,0xA1,0x63,0xBF,0x05,0x98,0xDA,0x48,0x36,
+		0x1C,0x55,0xD3,0x9A,0x69,0x16,0x3F,0xA8,0xFD,0x24,0xCF,0x5F,
+		0x83,0x65,0x5D,0x23,0xDC,0xA3,0xAD,0x96,0x1C,0x62,0xF3,0x56,
+		0x20,0x85,0x52,0xBB,0x9E,0xD5,0x29,0x07,0x70,0x96,0x96,0x6D,
+		0x67,0x0C,0x35,0x4E,0x4A,0xBC,0x98,0x04,0xF1,0x74,0x6C,0x08,
+		0xCA,0x18,0x21,0x7C,0x32,0x90,0x5E,0x46,0x2E,0x36,0xCE,0x3B,
+		0xE3,0x9E,0x77,0x2C,0x18,0x0E,0x86,0x03,0x9B,0x27,0x83,0xA2,
+		0xEC,0x07,0xA2,0x8F,0xB5,0xC5,0x5D,0xF0,0x6F,0x4C,0x52,0xC9,
+		0xDE,0x2B,0xCB,0xF6,0x95,0x58,0x17,0x18,0x39,0x95,0x49,0x7C,
+		0xEA,0x95,0x6A,0xE5,0x15,0xD2,0x26,0x18,0x98,0xFA,0x05,0x10,
+		0x15,0x72,0x8E,0x5A,0x8A,0xAA,0xC4,0x2D,0xAD,0x33,0x17,0x0D,
+		0x04,0x50,0x7A,0x33,0xA8,0x55,0x21,0xAB,0xDF,0x1C,0xBA,0x64,
+		0xEC,0xFB,0x85,0x04,0x58,0xDB,0xEF,0x0A,0x8A,0xEA,0x71,0x57,
+		0x5D,0x06,0x0C,0x7D,0xB3,0x97,0x0F,0x85,0xA6,0xE1,0xE4,0xC7,
+		0xAB,0xF5,0xAE,0x8C,0xDB,0x09,0x33,0xD7,0x1E,0x8C,0x94,0xE0,
+		0x4A,0x25,0x61,0x9D,0xCE,0xE3,0xD2,0x26,0x1A,0xD2,0xEE,0x6B,
+		0xF1,0x2F,0xFA,0x06,0xD9,0x8A,0x08,0x64,0xD8,0x76,0x02,0x73,
+		0x3E,0xC8,0x6A,0x64,0x52,0x1F,0x2B,0x18,0x17,0x7B,0x20,0x0C,
+		0xBB,0xE1,0x17,0x57,0x7A,0x61,0x5D,0x6C,0x77,0x09,0x88,0xC0,
+		0xBA,0xD9,0x46,0xE2,0x08,0xE2,0x4F,0xA0,0x74,0xE5,0xAB,0x31,
+		0x43,0xDB,0x5B,0xFC,0xE0,0xFD,0x10,0x8E,0x4B,0x82,0xD1,0x20,
+		0xA9,0x21,0x08,0x01,0x1A,0x72,0x3C,0x12,0xA7,0x87,0xE6,0xD7,
+		0x88,0x71,0x9A,0x10,0xBD,0xBA,0x5B,0x26,0x99,0xC3,0x27,0x18,
+		0x6A,0xF4,0xE2,0x3C,0x1A,0x94,0x68,0x34,0xB6,0x15,0x0B,0xDA,
+		0x25,0x83,0xE9,0xCA,0x2A,0xD4,0x4C,0xE8,0xDB,0xBB,0xC2,0xDB,
+		0x04,0xDE,0x8E,0xF9,0x2E,0x8E,0xFC,0x14,0x1F,0xBE,0xCA,0xA6,
+		0x28,0x7C,0x59,0x47,0x4E,0x6B,0xC0,0x5D,0x99,0xB2,0x96,0x4F,
+		0xA0,0x90,0xC3,0xA2,0x23,0x3B,0xA1,0x86,0x51,0x5B,0xE7,0xED,
+		0x1F,0x61,0x29,0x70,0xCE,0xE2,0xD7,0xAF,0xB8,0x1B,0xDD,0x76,
+		0x21,0x70,0x48,0x1C,0xD0,0x06,0x91,0x27,0xD5,0xB0,0x5A,0xA9,
+		0x93,0xB4,0xEA,0x98,0x8D,0x8F,0xDD,0xC1,0x86,0xFF,0xB7,0xDC,
+		0x90,0xA6,0xC0,0x8F,0x4D,0xF4,0x35,0xC9,0x34,0x02,0x84,0x92,
+		0x36,0xC3,0xFA,0xB4,0xD2,0x7C,0x70,0x26,0xC1,0xD4,0xDC,0xB2,
+		0x60,0x26,0x46,0xDE,0xC9,0x75,0x1E,0x76,0x3D,0xBA,0x37,0xBD,
+		0xF8,0xFF,0x94,0x06,0xAD,0x9E,0x53,0x0E,0xE5,0xDB,0x38,0x2F,
+		0x41,0x30,0x01,0xAE,0xB0,0x6A,0x53,0xED,0x90,0x27,0xD8,0x31,
+		0x17,0x97,0x27,0xB0,0x86,0x5A,0x89,0x18,0xDA,0x3E,0xDB,0xEB,
+		0xCF,0x9B,0x14,0xED,0x44,0xCE,0x6C,0xBA,0xCE,0xD4,0xBB,0x1B,
+		0xDB,0x7F,0x14,0x47,0xE6,0xCC,0x25,0x4B,0x33,0x20,0x51,0x51,
+		0x2B,0xD7,0xAF,0x42,0x6F,0xB8,0xF4,0x01,0x37,0x8C,0xD2,0xBF,
+		0x59,0x83,0xCA,0x01,0xC6,0x4B,0x92,0xEC,0xF0,0x32,0xEA,0x15,
+		0xD1,0x72,0x1D,0x03,0xF4,0x82,0xD7,0xCE,0x6E,0x74,0xFE,0xF6,
+		0xD5,0x5E,0x70,0x2F,0x46,0x98,0x0C,0x82,0xB5,0xA8,0x40,0x31,
+		0x90,0x0B,0x1C,0x9E,0x59,0xE7,0xC9,0x7F,0xBE,0xC7,0xE8,0xF3,
+		0x23,0xA9,0x7A,0x7E,0x36,0xCC,0x88,0xBE,0x0F,0x1D,0x45,0xB7,
+		0xFF,0x58,0x5A,0xC5,0x4B,0xD4,0x07,0xB2,0x2B,0x41,0x54,0xAA,
+		0xCC,0x8F,0x6D,0x7E,0xBF,0x48,0xE1,0xD8,0x14,0xCC,0x5E,0xD2,
+		0x0F,0x80,0x37,0xE0,0xA7,0x97,0x15,0xEE,0xF2,0x9B,0xE3,0x28,
+		0x06,0xA1,0xD5,0x8B,0xB7,0xC5,0xDA,0x76,0xF5,0x50,0xAA,0x3D,
+		0x8A,0x1F,0xBF,0xF0,0xEB,0x19,0xCC,0xB1,0xA3,0x13,0xD5,0x5C,
+		0xDA,0x56,0xC9,0xEC,0x2E,0xF2,0x96,0x32,0x38,0x7F,0xE8,0xD7,
+		0x6E,0x3C,0x04,0x68,0x04,0x3E,0x8F,0x66,0x3F,0x48,0x60,0xEE,
+		0x12,0xBF,0x2D,0x5B,0x0B,0x74,0x74,0xD6,0xE6,0x94,0xF9,0x1E,
+		0x6D,0xCC,0x40,0x24,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
+		};
+	return BN_bin2bn(RFC3526_PRIME_6144,sizeof(RFC3526_PRIME_6144),bn);
+	}
+
+/* "8192-bit MODP Group" from RFC3526, Section 7.
+ *
+ * The prime is: 2^8192 - 2^8128 - 1 + 2^64 * { [2^8062 pi] + 4743158 }
+ *
+ * RFC3526 specifies a generator of 2.
+ */
+
+BIGNUM *get_rfc3526_prime_8192(BIGNUM *bn)
+	{
+	static const unsigned char RFC3526_PRIME_8192[]={
+		0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xC9,0x0F,0xDA,0xA2,
+		0x21,0x68,0xC2,0x34,0xC4,0xC6,0x62,0x8B,0x80,0xDC,0x1C,0xD1,
+		0x29,0x02,0x4E,0x08,0x8A,0x67,0xCC,0x74,0x02,0x0B,0xBE,0xA6,
+		0x3B,0x13,0x9B,0x22,0x51,0x4A,0x08,0x79,0x8E,0x34,0x04,0xDD,
+		0xEF,0x95,0x19,0xB3,0xCD,0x3A,0x43,0x1B,0x30,0x2B,0x0A,0x6D,
+		0xF2,0x5F,0x14,0x37,0x4F,0xE1,0x35,0x6D,0x6D,0x51,0xC2,0x45,
+		0xE4,0x85,0xB5,0x76,0x62,0x5E,0x7E,0xC6,0xF4,0x4C,0x42,0xE9,
+		0xA6,0x37,0xED,0x6B,0x0B,0xFF,0x5C,0xB6,0xF4,0x06,0xB7,0xED,
+		0xEE,0x38,0x6B,0xFB,0x5A,0x89,0x9F,0xA5,0xAE,0x9F,0x24,0x11,
+		0x7C,0x4B,0x1F,0xE6,0x49,0x28,0x66,0x51,0xEC,0xE4,0x5B,0x3D,
+		0xC2,0x00,0x7C,0xB8,0xA1,0x63,0xBF,0x05,0x98,0xDA,0x48,0x36,
+		0x1C,0x55,0xD3,0x9A,0x69,0x16,0x3F,0xA8,0xFD,0x24,0xCF,0x5F,
+		0x83,0x65,0x5D,0x23,0xDC,0xA3,0xAD,0x96,0x1C,0x62,0xF3,0x56,
+		0x20,0x85,0x52,0xBB,0x9E,0xD5,0x29,0x07,0x70,0x96,0x96,0x6D,
+		0x67,0x0C,0x35,0x4E,0x4A,0xBC,0x98,0x04,0xF1,0x74,0x6C,0x08,
+		0xCA,0x18,0x21,0x7C,0x32,0x90,0x5E,0x46,0x2E,0x36,0xCE,0x3B,
+		0xE3,0x9E,0x77,0x2C,0x18,0x0E,0x86,0x03,0x9B,0x27,0x83,0xA2,
+		0xEC,0x07,0xA2,0x8F,0xB5,0xC5,0x5D,0xF0,0x6F,0x4C,0x52,0xC9,
+		0xDE,0x2B,0xCB,0xF6,0x95,0x58,0x17,0x18,0x39,0x95,0x49,0x7C,
+		0xEA,0x95,0x6A,0xE5,0x15,0xD2,0x26,0x18,0x98,0xFA,0x05,0x10,
+		0x15,0x72,0x8E,0x5A,0x8A,0xAA,0xC4,0x2D,0xAD,0x33,0x17,0x0D,
+		0x04,0x50,0x7A,0x33,0xA8,0x55,0x21,0xAB,0xDF,0x1C,0xBA,0x64,
+		0xEC,0xFB,0x85,0x04,0x58,0xDB,0xEF,0x0A,0x8A,0xEA,0x71,0x57,
+		0x5D,0x06,0x0C,0x7D,0xB3,0x97,0x0F,0x85,0xA6,0xE1,0xE4,0xC7,
+		0xAB,0xF5,0xAE,0x8C,0xDB,0x09,0x33,0xD7,0x1E,0x8C,0x94,0xE0,
+		0x4A,0x25,0x61,0x9D,0xCE,0xE3,0xD2,0x26,0x1A,0xD2,0xEE,0x6B,
+		0xF1,0x2F,0xFA,0x06,0xD9,0x8A,0x08,0x64,0xD8,0x76,0x02,0x73,
+		0x3E,0xC8,0x6A,0x64,0x52,0x1F,0x2B,0x18,0x17,0x7B,0x20,0x0C,
+		0xBB,0xE1,0x17,0x57,0x7A,0x61,0x5D,0x6C,0x77,0x09,0x88,0xC0,
+		0xBA,0xD9,0x46,0xE2,0x08,0xE2,0x4F,0xA0,0x74,0xE5,0xAB,0x31,
+		0x43,0xDB,0x5B,0xFC,0xE0,0xFD,0x10,0x8E,0x4B,0x82,0xD1,0x20,
+		0xA9,0x21,0x08,0x01,0x1A,0x72,0x3C,0x12,0xA7,0x87,0xE6,0xD7,
+		0x88,0x71,0x9A,0x10,0xBD,0xBA,0x5B,0x26,0x99,0xC3,0x27,0x18,
+		0x6A,0xF4,0xE2,0x3C,0x1A,0x94,0x68,0x34,0xB6,0x15,0x0B,0xDA,
+		0x25,0x83,0xE9,0xCA,0x2A,0xD4,0x4C,0xE8,0xDB,0xBB,0xC2,0xDB,
+		0x04,0xDE,0x8E,0xF9,0x2E,0x8E,0xFC,0x14,0x1F,0xBE,0xCA,0xA6,
+		0x28,0x7C,0x59,0x47,0x4E,0x6B,0xC0,0x5D,0x99,0xB2,0x96,0x4F,
+		0xA0,0x90,0xC3,0xA2,0x23,0x3B,0xA1,0x86,0x51,0x5B,0xE7,0xED,
+		0x1F,0x61,0x29,0x70,0xCE,0xE2,0xD7,0xAF,0xB8,0x1B,0xDD,0x76,
+		0x21,0x70,0x48,0x1C,0xD0,0x06,0x91,0x27,0xD5,0xB0,0x5A,0xA9,
+		0x93,0xB4,0xEA,0x98,0x8D,0x8F,0xDD,0xC1,0x86,0xFF,0xB7,0xDC,
+		0x90,0xA6,0xC0,0x8F,0x4D,0xF4,0x35,0xC9,0x34,0x02,0x84,0x92,
+		0x36,0xC3,0xFA,0xB4,0xD2,0x7C,0x70,0x26,0xC1,0xD4,0xDC,0xB2,
+		0x60,0x26,0x46,0xDE,0xC9,0x75,0x1E,0x76,0x3D,0xBA,0x37,0xBD,
+		0xF8,0xFF,0x94,0x06,0xAD,0x9E,0x53,0x0E,0xE5,0xDB,0x38,0x2F,
+		0x41,0x30,0x01,0xAE,0xB0,0x6A,0x53,0xED,0x90,0x27,0xD8,0x31,
+		0x17,0x97,0x27,0xB0,0x86,0x5A,0x89,0x18,0xDA,0x3E,0xDB,0xEB,
+		0xCF,0x9B,0x14,0xED,0x44,0xCE,0x6C,0xBA,0xCE,0xD4,0xBB,0x1B,
+		0xDB,0x7F,0x14,0x47,0xE6,0xCC,0x25,0x4B,0x33,0x20,0x51,0x51,
+		0x2B,0xD7,0xAF,0x42,0x6F,0xB8,0xF4,0x01,0x37,0x8C,0xD2,0xBF,
+		0x59,0x83,0xCA,0x01,0xC6,0x4B,0x92,0xEC,0xF0,0x32,0xEA,0x15,
+		0xD1,0x72,0x1D,0x03,0xF4,0x82,0xD7,0xCE,0x6E,0x74,0xFE,0xF6,
+		0xD5,0x5E,0x70,0x2F,0x46,0x98,0x0C,0x82,0xB5,0xA8,0x40,0x31,
+		0x90,0x0B,0x1C,0x9E,0x59,0xE7,0xC9,0x7F,0xBE,0xC7,0xE8,0xF3,
+		0x23,0xA9,0x7A,0x7E,0x36,0xCC,0x88,0xBE,0x0F,0x1D,0x45,0xB7,
+		0xFF,0x58,0x5A,0xC5,0x4B,0xD4,0x07,0xB2,0x2B,0x41,0x54,0xAA,
+		0xCC,0x8F,0x6D,0x7E,0xBF,0x48,0xE1,0xD8,0x14,0xCC,0x5E,0xD2,
+		0x0F,0x80,0x37,0xE0,0xA7,0x97,0x15,0xEE,0xF2,0x9B,0xE3,0x28,
+		0x06,0xA1,0xD5,0x8B,0xB7,0xC5,0xDA,0x76,0xF5,0x50,0xAA,0x3D,
+		0x8A,0x1F,0xBF,0xF0,0xEB,0x19,0xCC,0xB1,0xA3,0x13,0xD5,0x5C,
+		0xDA,0x56,0xC9,0xEC,0x2E,0xF2,0x96,0x32,0x38,0x7F,0xE8,0xD7,
+		0x6E,0x3C,0x04,0x68,0x04,0x3E,0x8F,0x66,0x3F,0x48,0x60,0xEE,
+		0x12,0xBF,0x2D,0x5B,0x0B,0x74,0x74,0xD6,0xE6,0x94,0xF9,0x1E,
+		0x6D,0xBE,0x11,0x59,0x74,0xA3,0x92,0x6F,0x12,0xFE,0xE5,0xE4,
+		0x38,0x77,0x7C,0xB6,0xA9,0x32,0xDF,0x8C,0xD8,0xBE,0xC4,0xD0,
+		0x73,0xB9,0x31,0xBA,0x3B,0xC8,0x32,0xB6,0x8D,0x9D,0xD3,0x00,
+		0x74,0x1F,0xA7,0xBF,0x8A,0xFC,0x47,0xED,0x25,0x76,0xF6,0x93,
+		0x6B,0xA4,0x24,0x66,0x3A,0xAB,0x63,0x9C,0x5A,0xE4,0xF5,0x68,
+		0x34,0x23,0xB4,0x74,0x2B,0xF1,0xC9,0x78,0x23,0x8F,0x16,0xCB,
+		0xE3,0x9D,0x65,0x2D,0xE3,0xFD,0xB8,0xBE,0xFC,0x84,0x8A,0xD9,
+		0x22,0x22,0x2E,0x04,0xA4,0x03,0x7C,0x07,0x13,0xEB,0x57,0xA8,
+		0x1A,0x23,0xF0,0xC7,0x34,0x73,0xFC,0x64,0x6C,0xEA,0x30,0x6B,
+		0x4B,0xCB,0xC8,0x86,0x2F,0x83,0x85,0xDD,0xFA,0x9D,0x4B,0x7F,
+		0xA2,0xC0,0x87,0xE8,0x79,0x68,0x33,0x03,0xED,0x5B,0xDD,0x3A,
+		0x06,0x2B,0x3C,0xF5,0xB3,0xA2,0x78,0xA6,0x6D,0x2A,0x13,0xF8,
+		0x3F,0x44,0xF8,0x2D,0xDF,0x31,0x0E,0xE0,0x74,0xAB,0x6A,0x36,
+		0x45,0x97,0xE8,0x99,0xA0,0x25,0x5D,0xC1,0x64,0xF3,0x1C,0xC5,
+		0x08,0x46,0x85,0x1D,0xF9,0xAB,0x48,0x19,0x5D,0xED,0x7E,0xA1,
+		0xB1,0xD5,0x10,0xBD,0x7E,0xE7,0x4D,0x73,0xFA,0xF3,0x6B,0xC3,
+		0x1E,0xCF,0xA2,0x68,0x35,0x90,0x46,0xF4,0xEB,0x87,0x9F,0x92,
+		0x40,0x09,0x43,0x8B,0x48,0x1C,0x6C,0xD7,0x88,0x9A,0x00,0x2E,
+		0xD5,0xEE,0x38,0x2B,0xC9,0x19,0x0D,0xA6,0xFC,0x02,0x6E,0x47,
+		0x95,0x58,0xE4,0x47,0x56,0x77,0xE9,0xAA,0x9E,0x30,0x50,0xE2,
+		0x76,0x56,0x94,0xDF,0xC8,0x1F,0x56,0xE8,0x80,0xB9,0x6E,0x71,
+		0x60,0xC9,0x80,0xDD,0x98,0xED,0xD3,0xDF,0xFF,0xFF,0xFF,0xFF,
+		0xFF,0xFF,0xFF,0xFF,
+		};
+	return BN_bin2bn(RFC3526_PRIME_8192,sizeof(RFC3526_PRIME_8192),bn);
+	}
+

crypto/bn/bn_div.c

@@ -185,10 +185,8 @@ int BN_div(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num, const BIGNUM *divisor,
 	BN_ULONG d0,d1;
 	int num_n,div_n;
 
-	if (dv)
-		bn_check_top(dv);
-	if (rm)
-		bn_check_top(rm);
+	bn_check_top(dv);
+	bn_check_top(rm);
 	bn_check_top(num);
 	bn_check_top(divisor);
 
@@ -394,8 +392,7 @@ X) -> 0x%08X\n",
 	BN_CTX_end(ctx);
 	return(1);
 err:
-	if (rm)
-		bn_check_top(rm);
+	bn_check_top(rm);
 	BN_CTX_end(ctx);
 	return(0);
 	}

crypto/bn/bn_gcd.c

@@ -488,7 +488,6 @@ BIGNUM *BN_mod_inverse(BIGNUM *in,
 err:
 	if ((ret == NULL) && (in == NULL)) BN_free(R);
 	BN_CTX_end(ctx);
-	if (ret)
-		bn_check_top(ret);
+	bn_check_top(ret);
 	return(ret);
 	}

crypto/bn/bn_gf2m.c

@@ -1080,7 +1080,8 @@ int BN_GF2m_arr2poly(const unsigned int p[], BIGNUM *a)
 	BN_zero(a);
 	for (i = 0; p[i] != 0; i++)
 		{
-		BN_set_bit(a, p[i]);
+		if (BN_set_bit(a, p[i]) == 0)
+			return 0;
 		}
 	BN_set_bit(a, 0);
 	bn_check_top(a);

crypto/bn/bn_lcl.h

@@ -270,6 +270,15 @@ extern "C" {
 		: "a"(a),"g"(b)		\
 		: "cc");
 #  endif
+# elif (defined(_M_AMD64) || defined(_M_X64)) && defined(SIXTY_FOUR_BIT)
+#  if defined(_MSC_VER) && _MSC_VER>=1400
+    unsigned __int64 __umulh	(unsigned __int64 a,unsigned __int64 b);
+    unsigned __int64 _umul128	(unsigned __int64 a,unsigned __int64 b,
+				 unsigned __int64 *h);
+#   pragma intrinsic(__umulh,_umul128)
+#   define BN_UMULT_HIGH(a,b)		__umulh((a),(b))
+#   define BN_UMULT_LOHI(low,high,a,b)	((low)=_umul128((a),(b),&(high)))
+#  endif
 # endif		/* cpu */
 #endif		/* OPENSSL_NO_ASM */
 
@@ -313,6 +322,33 @@ extern "C" {
 	(r1)=Hw(t); \
 	}
 
+#elif defined(BN_UMULT_LOHI)
+#define mul_add(r,a,w,c) {		\
+	BN_ULONG high,low,ret,tmp=(a);	\
+	ret =  (r);			\
+	BN_UMULT_LOHI(low,high,w,tmp);	\
+	ret += (c);			\
+	(c) =  (ret<(c))?1:0;		\
+	(c) += high;			\
+	ret += low;			\
+	(c) += (ret<low)?1:0;		\
+	(r) =  ret;			\
+	}
+
+#define mul(r,a,w,c)	{		\
+	BN_ULONG high,low,ret,ta=(a);	\
+	BN_UMULT_LOHI(low,high,w,ta);	\
+	ret =  low + (c);		\
+	(c) =  high;			\
+	(c) += (ret<low)?1:0;		\
+	(r) =  ret;			\
+	}
+
+#define sqr(r0,r1,a)	{		\
+	BN_ULONG tmp=(a);		\
+	BN_UMULT_LOHI(r0,r1,tmp,tmp);	\
+	}
+
 #elif defined(BN_UMULT_HIGH)
 #define mul_add(r,a,w,c) {		\
 	BN_ULONG high,low,ret,tmp=(a);	\

crypto/bn/bn_mont.c

@@ -55,6 +55,59 @@
  * copied and put under another distribution licence
  * [including the GNU Public Licence.]
  */
+/* ====================================================================
+ * Copyright (c) 1998-2006 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
 
 /*
  * Details about Montgomery multiplication algorithms can be found at
@@ -292,7 +345,7 @@ int BN_MONT_CTX_set(BN_MONT_CTX *mont, const BIGNUM *mod, BN_CTX *ctx)
 		buf[0]=mod->d[0]; /* tmod = N mod word size */
 		buf[1]=0;
 		tmod.d=buf;
-		tmod.top=1;
+		tmod.top = buf[0] != 0 ? 1 : 0;
 		tmod.dmax=2;
 		tmod.neg=0;
 							/* Ri = R^-1 mod N*/
@@ -353,18 +406,32 @@ BN_MONT_CTX *BN_MONT_CTX_copy(BN_MONT_CTX *to, BN_MONT_CTX *from)
 BN_MONT_CTX *BN_MONT_CTX_set_locked(BN_MONT_CTX **pmont, int lock,
 					const BIGNUM *mod, BN_CTX *ctx)
 	{
-	if (*pmont)
-		return *pmont;
-	CRYPTO_w_lock(lock);
+	int got_write_lock = 0;
+	BN_MONT_CTX *ret;
+
+	CRYPTO_r_lock(lock);
 	if (!*pmont)
 		{
-		*pmont = BN_MONT_CTX_new();
-		if (*pmont && !BN_MONT_CTX_set(*pmont, mod, ctx))
+		CRYPTO_r_unlock(lock);
+		CRYPTO_w_lock(lock);
+		got_write_lock = 1;
+
+		if (!*pmont)
 			{
-			BN_MONT_CTX_free(*pmont);
-			*pmont = NULL;
+			ret = BN_MONT_CTX_new();
+			if (ret && !BN_MONT_CTX_set(ret, mod, ctx))
+				BN_MONT_CTX_free(ret);
+			else
+				*pmont = ret;
 			}
 		}
-	CRYPTO_w_unlock(lock);
-	return *pmont;
+	
+	ret = *pmont;
+	
+	if (got_write_lock)
+		CRYPTO_w_unlock(lock);
+	else
+		CRYPTO_r_unlock(lock);
+		
+	return ret;
 	}

crypto/bn/bn_prime.c

@@ -258,7 +258,8 @@ int BN_is_prime_fasttest_ex(const BIGNUM *a, int checks, BN_CTX *ctx_passed,
 
 	/* first look for small factors */
 	if (!BN_is_odd(a))
-		return 0;
+		/* a is even => a is prime if and only if a == 2 */
+		return BN_is_word(a, 2);
 	if (do_trial_division)
 		{
 		for (i = 1; i < NUMPRIMES; i++)
@@ -377,13 +378,14 @@ static int probable_prime(BIGNUM *rnd, int bits)
 	{
 	int i;
 	BN_ULONG mods[NUMPRIMES];
-	BN_ULONG delta,d;
+	BN_ULONG delta,maxdelta;
 
 again:
 	if (!BN_rand(rnd,bits,1,1)) return(0);
 	/* we now have a random number 'rand' to test. */
 	for (i=1; i<NUMPRIMES; i++)
 		mods[i]=BN_mod_word(rnd,(BN_ULONG)primes[i]);
+	maxdelta=BN_MASK2 - primes[NUMPRIMES-1];
 	delta=0;
 	loop: for (i=1; i<NUMPRIMES; i++)
 		{
@@ -391,12 +393,8 @@ again:
 		 * that gcd(rnd-1,primes) == 1 (except for 2) */
 		if (((mods[i]+delta)%primes[i]) <= 1)
 			{
-			d=delta;
 			delta+=2;
-			/* perhaps need to check for overflow of
-			 * delta (but delta can be up to 2^32)
-			 * 21-May-98 eay - added overflow check */
-			if (delta < d) goto again;
+			if (delta > maxdelta) goto again;
 			goto loop;
 			}
 		}

crypto/bn/bn_recp.c

@@ -204,8 +204,8 @@ int BN_div_recp(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m,
 	ret=1;
 err:
 	BN_CTX_end(ctx);
-	if(dv) bn_check_top(dv);
-	if(rem) bn_check_top(rem);
+	bn_check_top(dv);
+	bn_check_top(rem);
 	return(ret);
 	} 
 

crypto/bn/bn_sqr.c

@@ -148,8 +148,8 @@ int BN_sqr(BIGNUM *r, const BIGNUM *a, BN_CTX *ctx)
 	if (rr != r) BN_copy(r,rr);
 	ret = 1;
  err:
-	if(rr) bn_check_top(rr);
-	if(tmp) bn_check_top(tmp);
+	bn_check_top(rr);
+	bn_check_top(tmp);
 	BN_CTX_end(ctx);
 	return(ret);
 	}

crypto/bn/bn_sqrt.c

@@ -83,7 +83,8 @@ BIGNUM *BN_mod_sqrt(BIGNUM *in, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx)
 				goto end;
 			if (!BN_set_word(ret, BN_is_bit_set(a, 0)))
 				{
-				BN_free(ret);
+				if (ret != in)
+					BN_free(ret);
 				return NULL;
 				}
 			bn_check_top(ret);
@@ -102,7 +103,8 @@ BIGNUM *BN_mod_sqrt(BIGNUM *in, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx)
 			goto end;
 		if (!BN_set_word(ret, BN_is_one(a)))
 			{
-			BN_free(ret);
+			if (ret != in)
+				BN_free(ret);
 			return NULL;
 			}
 		bn_check_top(ret);

crypto/bn/bn_word.c

@@ -69,6 +69,9 @@ BN_ULONG BN_mod_word(const BIGNUM *a, BN_ULONG w)
 #endif
 	int i;
 
+	if (w == 0)
+		return (BN_ULONG)-1;
+
 	bn_check_top(a);
 	w&=BN_MASK2;
 	for (i=a->top-1; i>=0; i--)
@@ -94,7 +97,7 @@ BN_ULONG BN_div_word(BIGNUM *a, BN_ULONG w)
 
 	if (!w)
 		/* actually this an error (division by zero) */
-		return 0;
+		return (BN_ULONG)-1;
 	if (a->top == 0)
 		return 0;
 
@@ -102,7 +105,7 @@ BN_ULONG BN_div_word(BIGNUM *a, BN_ULONG w)
 	j = BN_BITS2 - BN_num_bits_word(w);
 	w <<= j;
 	if (!BN_lshift(a, a, j))
-		return 0;
+		return (BN_ULONG)-1;
 
 	for (i=a->top-1; i>=0; i--)
 		{
@@ -175,7 +178,13 @@ int BN_sub_word(BIGNUM *a, BN_ULONG w)
 	/* degenerate case: w is zero */
 	if (!w) return 1;
 	/* degenerate case: a is zero */
-	if(BN_is_zero(a)) return BN_set_word(a,w);
+	if(BN_is_zero(a))
+		{
+		i = BN_set_word(a,w);
+		if (i != 0)
+			BN_set_negative(a, 1);
+		return i;
+		}
 	/* handle 'a' when negative */
 	if (a->neg)
 		{

crypto/buffer/Makefile

@@ -1,5 +1,5 @@
 #
-# SSLeay/crypto/buffer/Makefile
+# OpenSSL/crypto/buffer/Makefile
 #
 
 DIR=	buffer

crypto/camellia/Makefile

@@ -0,0 +1,103 @@
+#
+# crypto/camellia/Makefile
+#
+
+DIR= camellia
+TOP=	../..
+CC=	cc
+CPP=	$(CC) -E
+INCLUDES=
+CFLAG=-g
+MAKEFILE=	Makefile
+AR=		ar r
+
+CAMELLIA_ASM_OBJ=
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+ASFLAGS= $(INCLUDES) $(ASFLAG)
+AFLAGS= $(ASFLAGS)
+
+GENERAL=Makefile
+#TEST=camelliatest.c
+APPS=
+
+LIB=$(TOP)/libcrypto.a
+LIBSRC=camellia.c cmll_misc.c cmll_ecb.c cmll_cbc.c cmll_ofb.c \
+	   cmll_cfb.c cmll_ctr.c 
+
+LIBOBJ= camellia.o cmll_misc.o cmll_ecb.o cmll_cbc.o cmll_ofb.o \
+		cmll_cfb.o cmll_ctr.o $(CAMELLIA_ASM_OBJ)
+
+SRC= $(LIBSRC)
+
+EXHEADER= camellia.h
+HEADER= cmll_locl.h $(EXHEADER)
+
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+
+top:
+	(cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+
+all:	lib
+
+lib:	$(LIBOBJ)
+	$(AR) $(LIB) $(LIBOBJ)
+	$(RANLIB) $(LIB) || echo Never mind.
+	@touch lib
+
+$(LIBOBJ): $(LIBSRC)
+
+
+files:
+	$(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
+
+links:
+	@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+	@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+	@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+
+install:
+	@[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
+	@headerlist="$(EXHEADER)"; for i in $$headerlist ; \
+	do  \
+	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+	done;
+
+tags:
+	ctags $(SRC)
+
+tests:
+
+lint:
+	lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+	@[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile...
+	$(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+
+dclean:
+	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+	mv -f Makefile.new $(MAKEFILE)
+
+clean:
+	rm -f *.s *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+
+camellia.o: ../../include/openssl/opensslconf.h camellia.c camellia.h
+camellia.o: cmll_locl.h
+cmll_cbc.o: ../../include/openssl/camellia.h
+cmll_cbc.o: ../../include/openssl/opensslconf.h cmll_cbc.c cmll_locl.h
+cmll_cfb.o: ../../e_os.h ../../include/openssl/camellia.h
+cmll_cfb.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
+cmll_cfb.o: cmll_cfb.c cmll_locl.h
+cmll_ctr.o: ../../include/openssl/camellia.h
+cmll_ctr.o: ../../include/openssl/opensslconf.h cmll_ctr.c cmll_locl.h
+cmll_ecb.o: ../../include/openssl/camellia.h
+cmll_ecb.o: ../../include/openssl/opensslconf.h cmll_ecb.c cmll_locl.h
+cmll_misc.o: ../../include/openssl/camellia.h
+cmll_misc.o: ../../include/openssl/opensslconf.h
+cmll_misc.o: ../../include/openssl/opensslv.h cmll_locl.h cmll_misc.c
+cmll_ofb.o: ../../include/openssl/camellia.h
+cmll_ofb.o: ../../include/openssl/opensslconf.h cmll_locl.h cmll_ofb.c

crypto/camellia/camellia.h

@@ -0,0 +1,129 @@
+/* crypto/camellia/camellia.h -*- mode:C; c-file-style: "eay" -*- */
+/* ====================================================================
+ * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ */
+
+#ifndef HEADER_CAMELLIA_H
+#define HEADER_CAMELLIA_H
+
+#include <openssl/opensslconf.h>
+
+#ifdef OPENSSL_NO_CAMELLIA
+#error CAMELLIA is disabled.
+#endif
+
+#define CAMELLIA_ENCRYPT	1
+#define CAMELLIA_DECRYPT	0
+
+/* Because array size can't be a const in C, the following two are macros.
+   Both sizes are in bytes. */
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+/* This should be a hidden type, but EVP requires that the size be known */
+
+#define CAMELLIA_BLOCK_SIZE 16
+#define CAMELLIA_TABLE_BYTE_LEN 272
+#define CAMELLIA_TABLE_WORD_LEN (CAMELLIA_TABLE_BYTE_LEN / 4)
+
+ /* to match with WORD */
+typedef unsigned int KEY_TABLE_TYPE[CAMELLIA_TABLE_WORD_LEN];
+
+struct camellia_key_st 
+	{
+	KEY_TABLE_TYPE rd_key;
+	int bitLength;
+	void (*enc)(const unsigned int *subkey, unsigned int *io);
+	void (*dec)(const unsigned int *subkey, unsigned int *io);
+	};
+
+typedef struct camellia_key_st CAMELLIA_KEY;
+
+int Camellia_set_key(const unsigned char *userKey, const int bits,
+	CAMELLIA_KEY *key);
+
+void Camellia_encrypt(const unsigned char *in, unsigned char *out,
+	const CAMELLIA_KEY *key);
+void Camellia_decrypt(const unsigned char *in, unsigned char *out,
+	const CAMELLIA_KEY *key);
+
+void Camellia_ecb_encrypt(const unsigned char *in, unsigned char *out,
+	const CAMELLIA_KEY *key, const int enc);
+void Camellia_cbc_encrypt(const unsigned char *in, unsigned char *out,
+	const unsigned long length, const CAMELLIA_KEY *key,
+	unsigned char *ivec, const int enc);
+void Camellia_cfb128_encrypt(const unsigned char *in, unsigned char *out,
+	const unsigned long length, const CAMELLIA_KEY *key,
+	unsigned char *ivec, int *num, const int enc);
+void Camellia_cfb1_encrypt(const unsigned char *in, unsigned char *out,
+	const unsigned long length, const CAMELLIA_KEY *key,
+	unsigned char *ivec, int *num, const int enc);
+void Camellia_cfb8_encrypt(const unsigned char *in, unsigned char *out,
+	const unsigned long length, const CAMELLIA_KEY *key,
+	unsigned char *ivec, int *num, const int enc);
+void Camellia_cfbr_encrypt_block(const unsigned char *in,unsigned char *out,
+	const int nbits,const CAMELLIA_KEY *key,
+	unsigned char *ivec,const int enc);
+void Camellia_ofb128_encrypt(const unsigned char *in, unsigned char *out,
+	const unsigned long length, const CAMELLIA_KEY *key,
+	unsigned char *ivec, int *num);
+void Camellia_ctr128_encrypt(const unsigned char *in, unsigned char *out,
+	const unsigned long length, const CAMELLIA_KEY *key,
+	unsigned char ivec[CAMELLIA_BLOCK_SIZE],
+	unsigned char ecount_buf[CAMELLIA_BLOCK_SIZE],
+	unsigned int *num);
+
+#ifdef  __cplusplus
+}
+#endif
+
+#endif /* !HEADER_Camellia_H */
+

crypto/camellia/cmll_cbc.c

@@ -0,0 +1,234 @@
+/* crypto/camellia/camellia_cbc.c -*- mode:C; c-file-style: "eay" -*- */
+/* ====================================================================
+ * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ */
+
+#ifndef CAMELLIA_DEBUG
+# ifndef NDEBUG
+#  define NDEBUG
+# endif
+#endif
+#include <assert.h>
+#include <stdio.h>
+#include <string.h>
+
+#include <openssl/camellia.h>
+#include "cmll_locl.h"
+
+void Camellia_cbc_encrypt(const unsigned char *in, unsigned char *out,
+		     const unsigned long length, const CAMELLIA_KEY *key,
+		     unsigned char *ivec, const int enc) {
+
+	unsigned long n;
+	unsigned long len = length;
+	unsigned char tmp[CAMELLIA_BLOCK_SIZE];
+	const unsigned char *iv = ivec;
+	uint32_t t32[UNITSIZE];
+
+
+	assert(in && out && key && ivec);
+	assert((CAMELLIA_ENCRYPT == enc)||(CAMELLIA_DECRYPT == enc));
+
+	if(((size_t)in) % ALIGN == 0
+		&& ((size_t)out) % ALIGN == 0
+		&& ((size_t)ivec) % ALIGN == 0)
+		{
+		if (CAMELLIA_ENCRYPT == enc)
+			{
+			while (len >= CAMELLIA_BLOCK_SIZE)
+				{
+				XOR4WORD2((uint32_t *)out,
+					(uint32_t *)in, (uint32_t *)iv);
+				key->enc(key->rd_key, (uint32_t *)out);
+				iv = out;
+				len -= CAMELLIA_BLOCK_SIZE;
+				in += CAMELLIA_BLOCK_SIZE;
+				out += CAMELLIA_BLOCK_SIZE;
+				}
+			if (len)
+				{
+				for(n=0; n < len; ++n)
+					out[n] = in[n] ^ iv[n];
+				for(n=len; n < CAMELLIA_BLOCK_SIZE; ++n)
+					out[n] = iv[n];
+				key->enc(key->rd_key, (uint32_t *)out);
+				iv = out;
+				}
+			memcpy(ivec,iv,CAMELLIA_BLOCK_SIZE);
+			}
+		else if (in != out)
+			{
+			while (len >= CAMELLIA_BLOCK_SIZE)
+				{
+				memcpy(out,in,CAMELLIA_BLOCK_SIZE);
+				key->dec(key->rd_key,(uint32_t *)out);
+				XOR4WORD((uint32_t *)out, (uint32_t *)iv);
+				iv = in;
+				len -= CAMELLIA_BLOCK_SIZE;
+				in  += CAMELLIA_BLOCK_SIZE;
+				out += CAMELLIA_BLOCK_SIZE;
+				}
+			if (len)
+				{
+				memcpy(tmp, in, CAMELLIA_BLOCK_SIZE);
+				key->dec(key->rd_key, (uint32_t *)tmp);
+				for(n=0; n < len; ++n)
+					out[n] = tmp[n] ^ iv[n];
+				iv = in;
+				}
+			memcpy(ivec,iv,CAMELLIA_BLOCK_SIZE);
+			}
+		else /* in == out */
+			{
+			while (len >= CAMELLIA_BLOCK_SIZE)
+				{
+				memcpy(tmp, in, CAMELLIA_BLOCK_SIZE);
+				key->dec(key->rd_key, (uint32_t *)out);
+				XOR4WORD((uint32_t *)out, (uint32_t *)ivec);
+				memcpy(ivec, tmp, CAMELLIA_BLOCK_SIZE);
+				len -= CAMELLIA_BLOCK_SIZE;
+				in += CAMELLIA_BLOCK_SIZE;
+				out += CAMELLIA_BLOCK_SIZE;
+				}
+			if (len)
+				{
+				memcpy(tmp, in, CAMELLIA_BLOCK_SIZE);
+				key->dec(key->rd_key,(uint32_t *)out);
+				for(n=0; n < len; ++n)
+					out[n] ^= ivec[n];
+				for(n=len; n < CAMELLIA_BLOCK_SIZE; ++n)
+					out[n] = tmp[n];
+				memcpy(ivec, tmp, CAMELLIA_BLOCK_SIZE);
+				}
+			}
+		}
+	else /* no aligned */
+		{
+		if (CAMELLIA_ENCRYPT == enc)
+			{
+			while (len >= CAMELLIA_BLOCK_SIZE)
+				{
+				for(n=0; n < CAMELLIA_BLOCK_SIZE; ++n)
+					out[n] = in[n] ^ iv[n];
+				memcpy(t32, out, CAMELLIA_BLOCK_SIZE);
+				key->enc(key->rd_key, t32);
+				memcpy(out, t32, CAMELLIA_BLOCK_SIZE);
+				iv = out;
+				len -= CAMELLIA_BLOCK_SIZE;
+				in += CAMELLIA_BLOCK_SIZE;
+				out += CAMELLIA_BLOCK_SIZE;
+				}
+			if (len)
+				{
+				for(n=0; n < len; ++n)
+					out[n] = in[n] ^ iv[n];
+				for(n=len; n < CAMELLIA_BLOCK_SIZE; ++n)
+					out[n] = iv[n];
+				key->enc(key->rd_key, (uint32_t *)out);
+				iv = out;
+				}
+			memcpy(ivec,iv,CAMELLIA_BLOCK_SIZE);
+			}
+		else if (in != out)
+			{
+			while (len >= CAMELLIA_BLOCK_SIZE)
+				{
+				memcpy(t32,in,CAMELLIA_BLOCK_SIZE);
+				key->dec(key->rd_key,t32);
+				memcpy(out,t32,CAMELLIA_BLOCK_SIZE);
+				for(n=0; n < CAMELLIA_BLOCK_SIZE; ++n)
+					out[n] ^= iv[n];
+				iv = in;
+				len -= CAMELLIA_BLOCK_SIZE;
+				in  += CAMELLIA_BLOCK_SIZE;
+				out += CAMELLIA_BLOCK_SIZE;
+				}
+			if (len)
+				{
+				memcpy(tmp, in, CAMELLIA_BLOCK_SIZE);
+				memcpy(t32, in, CAMELLIA_BLOCK_SIZE);
+				key->dec(key->rd_key, t32);
+				memcpy(out, t32, CAMELLIA_BLOCK_SIZE);
+				for(n=0; n < len; ++n)
+					out[n] = tmp[n] ^ iv[n];
+				iv = in;
+				}
+			memcpy(ivec,iv,CAMELLIA_BLOCK_SIZE);
+			}
+		else
+			{
+			while (len >= CAMELLIA_BLOCK_SIZE)
+				{
+				memcpy(tmp, in, CAMELLIA_BLOCK_SIZE);
+				memcpy(t32, in, CAMELLIA_BLOCK_SIZE);
+				key->dec(key->rd_key, t32);
+				memcpy(out, t32, CAMELLIA_BLOCK_SIZE);
+				for(n=0; n < CAMELLIA_BLOCK_SIZE; ++n)
+					out[n] ^= ivec[n];
+				memcpy(ivec, tmp, CAMELLIA_BLOCK_SIZE);
+				len -= CAMELLIA_BLOCK_SIZE;
+				in += CAMELLIA_BLOCK_SIZE;
+				out += CAMELLIA_BLOCK_SIZE;
+				}
+			if (len)
+				{
+				memcpy(tmp, in, CAMELLIA_BLOCK_SIZE);
+				memcpy(t32, in, CAMELLIA_BLOCK_SIZE);
+				key->dec(key->rd_key,t32);
+				memcpy(out, t32, CAMELLIA_BLOCK_SIZE);
+				for(n=0; n < len; ++n)
+					out[n] ^= ivec[n];
+				for(n=len; n < CAMELLIA_BLOCK_SIZE; ++n)
+					out[n] = tmp[n];
+				memcpy(ivec, tmp, CAMELLIA_BLOCK_SIZE);
+				}
+			}
+		}
+}
+

crypto/camellia/cmll_cfb.c

@@ -0,0 +1,235 @@
+/* crypto/camellia/camellia_cfb.c -*- mode:C; c-file-style: "eay" -*- */
+/* ====================================================================
+ * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#ifndef CAMELLIA_DEBUG
+# ifndef NDEBUG
+#  define NDEBUG
+# endif
+#endif
+#include <assert.h>
+#include <string.h>
+
+#include <openssl/camellia.h>
+#include "cmll_locl.h"
+#include "e_os.h"
+
+
+/* The input and output encrypted as though 128bit cfb mode is being
+ * used.  The extra state information to record how much of the
+ * 128bit block we have used is contained in *num;
+ */
+
+void Camellia_cfb128_encrypt(const unsigned char *in, unsigned char *out,
+	const unsigned long length, const CAMELLIA_KEY *key,
+	unsigned char *ivec, int *num, const int enc)
+	{
+
+	unsigned int n;
+	unsigned long l = length;
+	unsigned char c;
+
+	assert(in && out && key && ivec && num);
+
+	n = *num;
+
+	if (enc) 
+		{
+		while (l--) 
+			{
+			if (n == 0) 
+				{
+				Camellia_encrypt(ivec, ivec, key);
+				}
+			ivec[n] = *(out++) = *(in++) ^ ivec[n];
+			n = (n+1) % CAMELLIA_BLOCK_SIZE;
+			}
+		} 
+	else 
+		{
+		while (l--) 
+			{
+			if (n == 0) 
+				{
+				Camellia_encrypt(ivec, ivec, key);
+				}
+			c = *(in);
+			*(out++) = *(in++) ^ ivec[n];
+			ivec[n] = c;
+			n = (n+1) % CAMELLIA_BLOCK_SIZE;
+			}
+		}
+
+	*num=n;
+	}
+
+/* This expects a single block of size nbits for both in and out. Note that
+   it corrupts any extra bits in the last byte of out */
+void Camellia_cfbr_encrypt_block(const unsigned char *in,unsigned char *out,
+	const int nbits,const CAMELLIA_KEY *key,
+	unsigned char *ivec,const int enc)
+	{
+	int n,rem,num;
+	unsigned char ovec[CAMELLIA_BLOCK_SIZE*2];
+
+	if (nbits<=0 || nbits>128) return;
+
+	/* fill in the first half of the new IV with the current IV */
+	memcpy(ovec,ivec,CAMELLIA_BLOCK_SIZE);
+	/* construct the new IV */
+	Camellia_encrypt(ivec,ivec,key);
+	num = (nbits+7)/8;
+	if (enc)	/* encrypt the input */
+		for(n=0 ; n < num ; ++n)
+			out[n] = (ovec[CAMELLIA_BLOCK_SIZE+n] = in[n] ^ ivec[n]);
+	else		/* decrypt the input */
+		for(n=0 ; n < num ; ++n)
+			out[n] = (ovec[CAMELLIA_BLOCK_SIZE+n] = in[n]) ^ ivec[n];
+	/* shift ovec left... */
+	rem = nbits%8;
+	num = nbits/8;
+	if(rem==0)
+		memcpy(ivec,ovec+num,CAMELLIA_BLOCK_SIZE);
+	else
+		for(n=0 ; n < CAMELLIA_BLOCK_SIZE ; ++n)
+			ivec[n] = ovec[n+num]<<rem | ovec[n+num+1]>>(8-rem);
+
+	/* it is not necessary to cleanse ovec, since the IV is not secret */
+	}
+
+/* N.B. This expects the input to be packed, MS bit first */
+void Camellia_cfb1_encrypt(const unsigned char *in, unsigned char *out,
+	const unsigned long length, const CAMELLIA_KEY *key,
+	unsigned char *ivec, int *num, const int enc)
+	{
+	unsigned int n;
+	unsigned char c[1],d[1];
+
+	assert(in && out && key && ivec && num);
+	assert(*num == 0);
+
+	memset(out,0,(length+7)/8);
+	for(n=0 ; n < length ; ++n)
+		{
+		c[0]=(in[n/8]&(1 << (7-n%8))) ? 0x80 : 0;
+		Camellia_cfbr_encrypt_block(c,d,1,key,ivec,enc);
+		out[n/8]=(out[n/8]&~(1 << (7-n%8)))|((d[0]&0x80) >> (n%8));
+		}
+	}
+
+void Camellia_cfb8_encrypt(const unsigned char *in, unsigned char *out,
+	const unsigned long length, const CAMELLIA_KEY *key,
+	unsigned char *ivec, int *num, const int enc)
+	{
+	unsigned int n;
+
+	assert(in && out && key && ivec && num);
+	assert(*num == 0);
+
+	for(n=0 ; n < length ; ++n)
+		Camellia_cfbr_encrypt_block(&in[n],&out[n],8,key,ivec,enc);
+	}
+

crypto/camellia/cmll_ctr.c

@@ -0,0 +1,143 @@
+/* crypto/camellia/camellia_ctr.c -*- mode:C; c-file-style: "eay" -*- */
+/* ====================================================================
+ * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ */
+
+#ifndef CAMELLIA_DEBUG
+# ifndef NDEBUG
+#  define NDEBUG
+# endif
+#endif
+#include <assert.h>
+
+#include <openssl/camellia.h>
+#include "cmll_locl.h"
+
+/* NOTE: the IV/counter CTR mode is big-endian.  The rest of the Camellia code
+ * is endian-neutral. */
+/* increment counter (128-bit int) by 1 */
+static void Camellia_ctr128_inc(unsigned char *counter) 
+	{
+	unsigned long c;
+
+	/* Grab bottom dword of counter and increment */
+	c = GETU32(counter + 12);
+	c++;	c &= 0xFFFFFFFF;
+	PUTU32(counter + 12, c);
+
+	/* if no overflow, we're done */
+	if (c)
+		return;
+
+	/* Grab 1st dword of counter and increment */
+	c = GETU32(counter +  8);
+	c++;	c &= 0xFFFFFFFF;
+	PUTU32(counter +  8, c);
+
+	/* if no overflow, we're done */
+	if (c)
+		return;
+
+	/* Grab 2nd dword of counter and increment */
+	c = GETU32(counter +  4);
+	c++;	c &= 0xFFFFFFFF;
+	PUTU32(counter +  4, c);
+
+	/* if no overflow, we're done */
+	if (c)
+		return;
+
+	/* Grab top dword of counter and increment */
+	c = GETU32(counter +  0);
+	c++;	c &= 0xFFFFFFFF;
+	PUTU32(counter +  0, c);
+	}
+
+/* The input encrypted as though 128bit counter mode is being
+ * used.  The extra state information to record how much of the
+ * 128bit block we have used is contained in *num, and the
+ * encrypted counter is kept in ecount_buf.  Both *num and
+ * ecount_buf must be initialised with zeros before the first
+ * call to Camellia_ctr128_encrypt().
+ *
+ * This algorithm assumes that the counter is in the x lower bits
+ * of the IV (ivec), and that the application has full control over
+ * overflow and the rest of the IV.  This implementation takes NO
+ * responsability for checking that the counter doesn't overflow
+ * into the rest of the IV when incremented.
+ */
+void Camellia_ctr128_encrypt(const unsigned char *in, unsigned char *out,
+	const unsigned long length, const CAMELLIA_KEY *key,
+	unsigned char ivec[CAMELLIA_BLOCK_SIZE],
+	unsigned char ecount_buf[CAMELLIA_BLOCK_SIZE],
+	unsigned int *num) 
+	{
+
+	unsigned int n;
+	unsigned long l=length;
+
+	assert(in && out && key && counter && num);
+	assert(*num < CAMELLIA_BLOCK_SIZE);
+
+	n = *num;
+
+	while (l--) 
+		{
+		if (n == 0) 
+			{
+			Camellia_encrypt(ivec, ecount_buf, key);
+			Camellia_ctr128_inc(ivec);
+			}
+		*(out++) = *(in++) ^ ecount_buf[n];
+		n = (n+1) % CAMELLIA_BLOCK_SIZE;
+		}
+
+	*num=n;
+	}
+

crypto/camellia/cmll_ecb.c

@@ -0,0 +1,74 @@
+/* crypto/camellia/camellia_ecb.c -*- mode:C; c-file-style: "eay" -*- */
+/* ====================================================================
+ * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ */
+
+#ifndef CAMELLIA_DEBUG
+# ifndef NDEBUG
+#  define NDEBUG
+# endif
+#endif
+#include <assert.h>
+
+#include <openssl/camellia.h>
+#include "cmll_locl.h"
+
+void Camellia_ecb_encrypt(const unsigned char *in, unsigned char *out,
+	const CAMELLIA_KEY *key, const int enc) 
+	{
+
+	assert(in && out && key);
+	assert((CAMELLIA_ENCRYPT == enc)||(CAMELLIA_DECRYPT == enc));
+
+	if (CAMELLIA_ENCRYPT == enc)
+		Camellia_encrypt(in, out, key);
+	else
+		Camellia_decrypt(in, out, key);
+	}
+

crypto/camellia/cmll_locl.h

@@ -0,0 +1,178 @@
+/* crypto/camellia/camellia_locl.h -*- mode:C; c-file-style: "eay" -*- */
+/* ====================================================================
+ * Copyright 2006 NTT (Nippon Telegraph and Telephone Corporation) . 
+ * ALL RIGHTS RESERVED.
+ *
+ * Intellectual Property information for Camellia:
+ *     http://info.isl.ntt.co.jp/crypt/eng/info/chiteki.html
+ *
+ * News Release for Announcement of Camellia open source:
+ *     http://www.ntt.co.jp/news/news06e/0604/060413a.html
+ *
+ * The Camellia Code included herein is developed by
+ * NTT (Nippon Telegraph and Telephone Corporation), and is contributed
+ * to the OpenSSL project.
+ *
+ * The Camellia Code is licensed pursuant to the OpenSSL open source
+ * license provided below.
+ */
+/* ====================================================================
+ * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ */
+
+#ifndef HEADER_CAMELLIA_LOCL_H
+#define HEADER_CAMELLIA_LOCL_H
+
+#include "openssl/e_os2.h"
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#if defined(_MSC_VER)
+typedef unsigned char uint8_t;
+typedef unsigned int uint32_t;
+typedef unsigned __int64 uint64_t;
+#else
+#include <inttypes.h>
+#endif
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#define ALIGN 4
+#define UNITSIZE 4
+
+#if defined(_MSC_VER) && (defined(_M_IX86) || defined(_M_AMD64) || defined(_M_X64))
+# define SWAP(x) ( _lrotl(x, 8) & 0x00ff00ff | _lrotr(x, 8) & 0xff00ff00 )
+# define GETU32(p) SWAP(*((uint32_t *)(p)))
+# define PUTU32(ct, st) { *((uint32_t *)(ct)) = SWAP((st)); }
+# define CAMELLIA_SWAP4(x) (x = ( _lrotl(x, 8) & 0x00ff00ff | _lrotr(x, 8) & 0xff00ff00) )
+
+
+#else /* not windows */
+# define GETU32(pt) (((uint32_t)(pt)[0] << 24) \
+	^ ((uint32_t)(pt)[1] << 16) \
+	^ ((uint32_t)(pt)[2] <<  8) \
+	^ ((uint32_t)(pt)[3]))
+
+# define PUTU32(ct, st) { (ct)[0] = (uint8_t)((st) >> 24); \
+	(ct)[1] = (uint8_t)((st) >> 16); \
+	(ct)[2] = (uint8_t)((st) >>  8); \
+	(ct)[3] = (uint8_t)(st); }
+
+#ifdef L_ENDIAN
+#if (defined (__GNUC__) && !defined(i386))
+#define CAMELLIA_SWAP4(x) \
+  do{\
+    asm("bswap %1" : "+r" (x));\
+  }while(0)
+#else /* not gcc */
+#define CAMELLIA_SWAP4(x) \
+   do{\
+     x = ((uint32_t)x << 16) + ((uint32_t)x >> 16);\
+     x = (((uint32_t)x & 0xff00ff) << 8) + (((uint32_t)x >> 8) & 0xff00ff);\
+   } while(0)
+#endif /* not gcc */
+#else /* big endian */
+#define CAMELLIA_SWAP4(x)
+#endif /* L_ENDIAN */
+#endif
+
+#define COPY4WORD(dst, src)	 \
+	     do			 \
+		     {		 \
+		     (dst)[0]=(src)[0];		\
+		     (dst)[1]=(src)[1];		\
+		     (dst)[2]=(src)[2];		\
+		     (dst)[3]=(src)[3];		\
+		     }while(0)
+
+#define SWAP4WORD(word)				\
+   do						\
+	   {					\
+	   CAMELLIA_SWAP4((word)[0]);			\
+	   CAMELLIA_SWAP4((word)[1]);			\
+	   CAMELLIA_SWAP4((word)[2]);			\
+	   CAMELLIA_SWAP4((word)[3]);			\
+	   }while(0)
+
+#define XOR4WORD(a, b)/* a = a ^ b */		\
+   do						\
+	{					\
+	(a)[0]^=(b)[0];				\
+	(a)[1]^=(b)[1];				\
+	(a)[2]^=(b)[2];				\
+	(a)[3]^=(b)[3];				\
+	}while(0)
+
+#define XOR4WORD2(a, b, c)/* a = b ^ c */	\
+   do						\
+	{					\
+	(a)[0]=(b)[0]^(c)[0];			\
+	(a)[1]=(b)[1]^(c)[1];				\
+	(a)[2]=(b)[2]^(c)[2];				\
+	(a)[3]=(b)[3]^(c)[3];				\
+	}while(0)
+
+
+void camellia_setup128(const unsigned char *key, uint32_t *subkey);
+void camellia_setup192(const unsigned char *key, uint32_t *subkey);
+void camellia_setup256(const unsigned char *key, uint32_t *subkey);
+
+void camellia_encrypt128(const uint32_t *subkey, uint32_t *io);
+void camellia_decrypt128(const uint32_t *subkey, uint32_t *io);
+void camellia_encrypt256(const uint32_t *subkey, uint32_t *io);
+void camellia_decrypt256(const uint32_t *subkey, uint32_t *io);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* #ifndef HEADER_CAMELLIA_LOCL_H */
+

crypto/camellia/cmll_misc.c

@@ -0,0 +1,110 @@
+/* crypto/camellia/camellia_misc.c -*- mode:C; c-file-style: "eay" -*- */
+/* ====================================================================
+ * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ */
+ 
+#include <openssl/opensslv.h>
+#include <openssl/camellia.h>
+#include "cmll_locl.h"
+
+const char *CAMELLIA_version="CAMELLIA" OPENSSL_VERSION_PTEXT;
+
+int Camellia_set_key(const unsigned char *userKey, const int bits,
+	CAMELLIA_KEY *key)
+	{
+	if (!userKey || !key)
+		{
+		return -1;
+		}
+	
+	switch(bits)
+		{
+	case 128:
+		camellia_setup128(userKey, (unsigned int *)key->rd_key);
+		key->enc = camellia_encrypt128;
+		key->dec = camellia_decrypt128;
+		break;
+	case 192:
+		camellia_setup192(userKey, (unsigned int *)key->rd_key);
+		key->enc = camellia_encrypt256;
+		key->dec = camellia_decrypt256;
+		break;
+	case 256:
+		camellia_setup256(userKey, (unsigned int *)key->rd_key);
+		key->enc = camellia_encrypt256;
+		key->dec = camellia_decrypt256;
+		break;
+	default:
+		return -2;
+		}
+	
+	key->bitLength = bits;
+	return 0;
+	}
+
+void Camellia_encrypt(const unsigned char *in, unsigned char *out,
+	const CAMELLIA_KEY *key)
+	{
+	uint32_t tmp[UNITSIZE];
+
+	memcpy(tmp, in, CAMELLIA_BLOCK_SIZE);
+	key->enc(key->rd_key, tmp);
+	memcpy(out, tmp, CAMELLIA_BLOCK_SIZE);
+	}
+
+void Camellia_decrypt(const unsigned char *in, unsigned char *out,
+	const CAMELLIA_KEY *key)
+	{
+	uint32_t tmp[UNITSIZE];
+
+	memcpy(tmp, in, CAMELLIA_BLOCK_SIZE);
+	key->dec(key->rd_key, tmp);
+	memcpy(out, tmp, CAMELLIA_BLOCK_SIZE);
+	}
+

crypto/camellia/cmll_ofb.c

@@ -0,0 +1,141 @@
+/* crypto/camellia/camellia_ofb.c -*- mode:C; c-file-style: "eay" -*- */
+/* ====================================================================
+ * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#ifndef CAMELLIA_DEBUG
+# ifndef NDEBUG
+#  define NDEBUG
+# endif
+#endif
+#include <assert.h>
+#include <openssl/camellia.h>
+#include "cmll_locl.h"
+
+/* The input and output encrypted as though 128bit ofb mode is being
+ * used.  The extra state information to record how much of the
+ * 128bit block we have used is contained in *num;
+ */
+void Camellia_ofb128_encrypt(const unsigned char *in, unsigned char *out,
+	const unsigned long length, const CAMELLIA_KEY *key,
+	unsigned char *ivec, int *num) {
+
+	unsigned int n;
+	unsigned long l=length;
+
+	assert(in && out && key && ivec && num);
+
+	n = *num;
+
+	while (l--) {
+		if (n == 0) {
+			Camellia_encrypt(ivec, ivec, key);
+		}
+		*(out++) = *(in++) ^ ivec[n];
+		n = (n+1) % CAMELLIA_BLOCK_SIZE;
+	}
+
+	*num=n;
+}

crypto/cast/Makefile

@@ -1,5 +1,5 @@
 #
-# SSLeay/crypto/cast/Makefile
+# OpenSSL/crypto/cast/Makefile
 #
 
 DIR=	cast

crypto/comp/Makefile

@@ -1,5 +1,5 @@
 #
-# SSLeay/crypto/comp/Makefile
+# OpenSSL/crypto/comp/Makefile
 #
 
 DIR=	comp

crypto/comp/c_zlib.c

@@ -67,46 +67,25 @@ static COMP_METHOD zlib_stateful_method={
  * When OpenSSL is built on Windows, we do not want to require that
  * the ZLIB.DLL be available in order for the OpenSSL DLLs to
  * work.  Therefore, all ZLIB routines are loaded at run time
- * and we do not link to a .LIB file.
+ * and we do not link to a .LIB file when ZLIB_SHARED is set.
  */
 #if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32)
 # include <windows.h>
-
-# define Z_CALLCONV _stdcall
-# ifndef ZLIB_SHARED
-#  define ZLIB_SHARED
-# endif
-#else
-# define Z_CALLCONV
 #endif /* !(OPENSSL_SYS_WINDOWS || OPENSSL_SYS_WIN32) */
 
 #ifdef ZLIB_SHARED
 #include <openssl/dso.h>
 
-/* Prototypes for built in stubs */
-#if 0
-static int stub_compress(Bytef *dest,uLongf *destLen,
-	const Bytef *source, uLong sourceLen);
-#endif
-static int stub_inflateEnd(z_streamp strm);
-static int stub_inflate(z_streamp strm, int flush);
-static int stub_inflateInit_(z_streamp strm, const char * version,
-	int stream_size);
-static int stub_deflateEnd(z_streamp strm);
-static int stub_deflate(z_streamp strm, int flush);
-static int stub_deflateInit_(z_streamp strm, int level,
-	const char * version, int stream_size);
-
 /* Function pointers */
-typedef int (Z_CALLCONV *compress_ft)(Bytef *dest,uLongf *destLen,
+typedef int (*compress_ft)(Bytef *dest,uLongf *destLen,
 	const Bytef *source, uLong sourceLen);
-typedef int (Z_CALLCONV *inflateEnd_ft)(z_streamp strm);
-typedef int (Z_CALLCONV *inflate_ft)(z_streamp strm, int flush);
-typedef int (Z_CALLCONV *inflateInit__ft)(z_streamp strm,
+typedef int (*inflateEnd_ft)(z_streamp strm);
+typedef int (*inflate_ft)(z_streamp strm, int flush);
+typedef int (*inflateInit__ft)(z_streamp strm,
 	const char * version, int stream_size);
-typedef int (Z_CALLCONV *deflateEnd_ft)(z_streamp strm);
-typedef int (Z_CALLCONV *deflate_ft)(z_streamp strm, int flush);
-typedef int (Z_CALLCONV *deflateInit__ft)(z_streamp strm, int level,
+typedef int (*deflateEnd_ft)(z_streamp strm);
+typedef int (*deflate_ft)(z_streamp strm, int flush);
+typedef int (*deflateInit__ft)(z_streamp strm, int level,
 	const char * version, int stream_size);
 static compress_ft	p_compress=NULL;
 static inflateEnd_ft	p_inflateEnd=NULL;
@@ -119,13 +98,13 @@ static deflateInit__ft	p_deflateInit_=NULL;
 static int zlib_loaded = 0;     /* only attempt to init func pts once */
 static DSO *zlib_dso = NULL;
 
-#define compress                stub_compress
-#define inflateEnd              stub_inflateEnd
-#define inflate                 stub_inflate
-#define inflateInit_            stub_inflateInit_
-#define deflateEnd              stub_deflateEnd
-#define deflate                 stub_deflate
-#define deflateInit_            stub_deflateInit_
+#define compress                p_compress
+#define inflateEnd              p_inflateEnd
+#define inflate                 p_inflate
+#define inflateInit_            p_inflateInit_
+#define deflateEnd              p_deflateEnd
+#define deflate                 p_deflate
+#define deflateInit_            p_deflateInit_
 #endif /* ZLIB_SHARED */
 
 struct zlib_state
@@ -361,16 +340,6 @@ COMP_METHOD *COMP_zlib(void)
 		{
 #if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32)
 		zlib_dso = DSO_load(NULL, "ZLIB1", NULL, 0);
-		if (!zlib_dso)
-			{
-			zlib_dso = DSO_load(NULL, "ZLIB", NULL, 0);
-			if (zlib_dso)
-				{
-				/* Clear the errors from the first failed
-				   DSO_load() */
-				ERR_clear_error();
-				}
-			}
 #else
 		zlib_dso = DSO_load(NULL, "z", NULL, 0);
 #endif
@@ -397,84 +366,22 @@ COMP_METHOD *COMP_zlib(void)
 			p_deflateInit_
 				= (deflateInit__ft) DSO_bind_func(zlib_dso,
 					"deflateInit_");
-			zlib_loaded++;
+
+			if (p_compress && p_inflateEnd && p_inflate
+				&& p_inflateInit_ && p_deflateEnd
+				&& p_deflate && p_deflateInit_)
+				zlib_loaded++;
 			}
 		}
 
 #endif
+#ifdef ZLIB_SHARED
+	if (zlib_loaded)
+#endif
 #if defined(ZLIB) || defined(ZLIB_SHARED)
-	meth = &zlib_stateful_method;
+		meth = &zlib_stateful_method;
 #endif
 
 	return(meth);
 	}
 
-#ifdef ZLIB_SHARED
-#if 0
-/* Stubs for each function to be dynamicly loaded */
-static int 
-stub_compress(Bytef *dest,uLongf *destLen,const Bytef *source, uLong sourceLen)
-	{
-	if (p_compress)
-		return(p_compress(dest,destLen,source,sourceLen));
-	else
-		return(Z_MEM_ERROR);
-	}
-#endif
-
-static int
-stub_inflateEnd(z_streamp strm)
-	{
-	if ( p_inflateEnd )
-		return(p_inflateEnd(strm));
-	else
-		return(Z_MEM_ERROR);
-	}
-
-static int
-stub_inflate(z_streamp strm, int flush)
-	{
-	if ( p_inflate )
-		return(p_inflate(strm,flush));
-	else
-		return(Z_MEM_ERROR);
-	}
-
-static int
-stub_inflateInit_(z_streamp strm, const char * version, int stream_size)
-	{
-	if ( p_inflateInit_ )
-		return(p_inflateInit_(strm,version,stream_size));
-	else
-		return(Z_MEM_ERROR);
-	}
-
-static int
-stub_deflateEnd(z_streamp strm)
-	{
-	if ( p_deflateEnd )
-		return(p_deflateEnd(strm));
-	else
-		return(Z_MEM_ERROR);
-	}
-
-static int
-stub_deflate(z_streamp strm, int flush)
-	{
-	if ( p_deflate )
-		return(p_deflate(strm,flush));
-	else
-		return(Z_MEM_ERROR);
-	}
-
-static int
-stub_deflateInit_(z_streamp strm, int level,
-	const char * version, int stream_size)
-	{
-	if ( p_deflateInit_ )
-		return(p_deflateInit_(strm,level,version,stream_size));
-	else
-		return(Z_MEM_ERROR);
-	}
-
-#endif /* ZLIB_SHARED */