prepare for release

Submitted by: Stefan Birrer <stefan.birrer@adnovum.ch>
Reviewed by: steve

Correct SKM_ASN1_SET_OF_d2i macro.

ACKNOWLEDGMENTS

@@ -0,0 +1,25 @@
+The OpenSSL project depends on volunteer efforts and financial support from
+the end user community. That support comes in the form of donations and paid
+sponsorships, software support contracts, paid consulting services
+and commissioned software development.
+
+Since all these activities support the continued development and improvement
+of OpenSSL we consider all these clients and customers as sponsors of the
+OpenSSL project.
+
+We would like to identify and thank the following such sponsors for their past
+or current significant support of the OpenSSL project:
+
+Very significant support:
+
+	OpenGear: www.opengear.com
+
+Significant support:
+
+	PSW Group: www.psw.net
+
+Please note that we ask permission to identify sponsors and that some sponsors
+we consider eligible for inclusion here have requested to remain anonymous.
+
+Additional sponsorship or financial support is always welcome: for more
+information please contact the OpenSSL Software Foundation.

CHANGES

@@ -2,9 +2,28 @@
  OpenSSL CHANGES
  _______________
 
- Changes between 1.0.0a and 1.0.0b  [xx XXX xxxx]
+ Changes between 1.0.0b and 1.0.0c  [2 Dec 2010]
 
-  *)
+  *) Disable code workaround for ancient and obsolete Netscape browsers
+     and servers: an attacker can use it in a ciphersuite downgrade attack.
+     Thanks to Martin Rex for discovering this bug. CVE-2010-4180
+     [Steve Henson]
+
+  *) Fixed J-PAKE implementation error, originally discovered by
+     Sebastien Martini, further info and confirmation from Stefan
+     Arentz and Feng Hao. Note that this fix is a security fix. CVE-2010-4252
+     [Ben Laurie]
+
+ Changes between 1.0.0a and 1.0.0b  [16 Nov 2010]
+
+  *) Fix extension code to avoid race conditions which can result in a buffer
+     overrun vulnerability: resumed sessions must not be modified as they can
+     be shared by multiple threads. CVE-2010-3864
+     [Steve Henson]
+
+  *) Fix WIN32 build system to correctly link an ENGINE directory into
+     a DLL. 
+     [Steve Henson]
 
  Changes between 1.0.0 and 1.0.0a  [01 Jun 2010]
 
@@ -853,7 +872,34 @@
   *) Change 'Configure' script to enable Camellia by default.
      [NTT]
   
- Changes between 0.9.8n and 0.9.8o [xx XXX xxxx]
+ Changes between 0.9.8o and 0.9.8p [xx XXX xxxx]
+
+  *) Fix extension code to avoid race conditions which can result in a buffer
+     overrun vulnerability: resumed sessions must not be modified as they can
+     be shared by multiple threads. CVE-2010-3864
+
+  *) Fix for double free bug in ssl/s3_clnt.c CVE-2010-2939
+     [Steve Henson]
+
+  *) Don't reencode certificate when calculating signature: cache and use
+     the original encoding instead. This makes signature verification of
+     some broken encodings work correctly.
+     [Steve Henson]
+
+  *) ec2_GF2m_simple_mul bugfix: compute correct result if the output EC_POINT
+     is also one of the inputs.
+     [Emilia K<>sper <emilia.kasper@esat.kuleuven.be> (Google)]
+
+  *) Don't repeatedly append PBE algorithms to table if they already exist.
+     Sort table on each new add. This effectively makes the table read only
+     after all algorithms are added and subsequent calls to PKCS12_pbe_add
+     etc are non-op.
+     [Steve Henson]
+
+ Changes between 0.9.8n and 0.9.8o [01 Jun 2010]
+
+  [NB: OpenSSL 0.9.8o and later 0.9.8 patch levels were released after
+  OpenSSL 1.0.0.]
 
   *) Correct a typo in the CMS ASN1 module which can result in invalid memory
      access or freeing data twice (CVE-2010-0742)
@@ -864,6 +910,12 @@
      SSL_library_init and not OpenSSL_add_all_algorithms() will fail.
      [Steve Henson]
 
+  *) VMS fixes: 
+     Reduce copying into .apps and .test in makevms.com
+     Don't try to use blank CA certificate in CA.com
+     Allow use of C files from original directories in maketests.com
+     [Steven M. Schweda" <sms@antinode.info>]
+
  Changes between 0.9.8m and 0.9.8n [24 Mar 2010]
 
   *) When rejecting SSL/TLS records due to an incorrect version number, never
@@ -872,8 +924,8 @@
      - OpenSSL 0.9.8f if 'short' is longer than 16 bits,
      the previous behavior could result in a read attempt at NULL when
      receiving specific incorrect SSL/TLS records once record payload
-     protection is active.  (CVE-2010-####)
-     [Bodo Moeller, Adam Langley]
+     protection is active.  (CVE-2010-0740)
+     [Bodo Moeller, Adam Langley <agl@chromium.org>]
 
   *) Fix for CVE-2010-0433 where some kerberos enabled versions of OpenSSL 
      could be crashed if the relevant tables were not present (e.g. chrooted).

Configure

@@ -492,6 +492,8 @@ my %table=(
 # Win64 targets, WIN64I denotes IA-64 and WIN64A - AMD64
 "VC-WIN64I","cl:-W3 -Gs0 -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DUNICODE -D_UNICODE -D_CRT_SECURE_NO_DEPRECATE:::WIN64I::SIXTY_FOUR_BIT RC4_CHUNK_LL DES_INT EXPORT_VAR_AS_FN:ia64cpuid.o:ia64.o::aes_core.o aes_cbc.o aes-ia64.o::md5-ia64.o:sha1-ia64.o sha256-ia64.o sha512-ia64.o:::::::ias:win32",
 "VC-WIN64A","cl:-W3 -Gs0 -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DUNICODE -D_UNICODE -D_CRT_SECURE_NO_DEPRECATE:::WIN64A::SIXTY_FOUR_BIT RC4_CHUNK_LL DES_INT EXPORT_VAR_AS_FN:x86_64cpuid.o:bn_asm.o x86_64-mont.o::aes-x86_64.o::md5-x86_64.o:sha1-x86_64.o sha256-x86_64.o sha512-x86_64.o::rc4-x86_64.o:::wp-x86_64.o:cmll-x86_64.o cmll_misc.o:auto:win32",
+"debug-VC-WIN64I","cl:-W3 -Gs0 -Gy -Zi -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DUNICODE -D_UNICODE -D_CRT_SECURE_NO_DEPRECATE:::WIN64I::SIXTY_FOUR_BIT RC4_CHUNK_LL DES_INT EXPORT_VAR_AS_FN:ia64cpuid.o:ia64.o::aes_core.o aes_cbc.o aes-ia64.o::md5-ia64.o:sha1-ia64.o sha256-ia64.o sha512-ia64.o:::::::ias:win32",
+"debug-VC-WIN64A","cl:-W3 -Gs0 -Gy -Zi -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DUNICODE -D_UNICODE -D_CRT_SECURE_NO_DEPRECATE:::WIN64A::SIXTY_FOUR_BIT RC4_CHUNK_LL DES_INT EXPORT_VAR_AS_FN:x86_64cpuid.o:bn_asm.o x86_64-mont.o::aes-x86_64.o::md5-x86_64.o:sha1-x86_64.o sha256-x86_64.o sha512-x86_64.o::rc4-x86_64.o:::wp-x86_64.o:cmll-x86_64.o cmll_misc.o:auto:win32",
 # x86 Win32 target defaults to ANSI API, if you want UNICODE, complement
 # 'perl Configure VC-WIN32' with '-DUNICODE -D_UNICODE'
 "VC-WIN32","cl:-W3 -WX -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE:::WIN32::BN_LLONG RC4_INDEX EXPORT_VAR_AS_FN ${x86_gcc_opts}:${x86_asm}:win32n:win32",
@@ -583,6 +585,7 @@ my %table=(
 );
 
 my @MK1MF_Builds=qw(VC-WIN64I VC-WIN64A
+		    debug-VC-WIN64I debug-VC-WIN64A
 		    VC-NT VC-CE VC-WIN32 debug-VC-WIN32
 		    BC-32 
 		    netware-clib netware-clib-bsdsock
@@ -1093,6 +1096,12 @@ my $ar = $ENV{'AR'} || "ar";
 my $arflags = $fields[$idx_arflags];
 my $multilib = $fields[$idx_multilib];
 
+# if $prefix/lib$multilib is not an existing directory, then
+# assume that it's not searched by linker automatically, in
+# which case adding $multilib suffix causes more grief than
+# we're ready to tolerate, so don't...
+$multilib="" if !-d "$prefix/lib$multilib";
+
 $libdir="lib$multilib" if $libdir eq "";
 
 $cflags = "$cflags$exp_cflags";
@@ -1102,6 +1111,12 @@ my ($prelflags,$postlflags)=split('%',$lflags);
 if (defined($postlflags))	{ $lflags=$postlflags;	}
 else				{ $lflags=$prelflags; undef $prelflags;	}
 
+if ($target =~ /^mingw/ && `$cc --target-help 2>&1` !~ m/\-mno\-cygwin/m)
+	{
+	$cflags =~ s/\-mno\-cygwin\s*//;
+	$shared_ldflag =~ s/\-mno\-cygwin\s*//;
+	}
+
 my $no_shared_warn=0;
 my $no_user_cflags=0;
 

FAQ

@@ -52,6 +52,9 @@ OpenSSL  -  Frequently Asked Questions
 * Why does the OpenSSL test suite fail in sha512t on x86 CPU?
 * Why does compiler fail to compile sha512.c?
 * Test suite still fails, what to do?
+* I think I've found a bug, what should I do?
+* I'm SURE I've found a bug, how do I report it?
+* I've found a security issue, how do I report it?
 
 [PROG] Questions about programming with OpenSSL
 
@@ -79,7 +82,7 @@ OpenSSL  -  Frequently Asked Questions
 * Which is the current version of OpenSSL?
 
 The current version is available from <URL: http://www.openssl.org>.
-OpenSSL 1.0.0a was released on Jun 1st, 2010.
+OpenSSL 1.0.0c was released on Dec 2nd, 2010.
 
 In addition to the current stable release, you can also access daily
 snapshots of the OpenSSL development version at <URL:
@@ -131,7 +134,7 @@ OpenSSL.  Information on the OpenSSL mailing lists is available from
 * Where can I get a compiled version of OpenSSL?
 
 You can finder pointers to binary distributions in
-http://www.openssl.org/related/binaries.html .
+<URL: http://www.openssl.org/related/binaries.html> .
 
 Some applications that use OpenSSL are distributed in binary form.
 When using such an application, you don't need to install OpenSSL
@@ -463,7 +466,7 @@ administrators.
 Other projects do have other policies so you can for example extract the CA
 bundle used by Mozilla and/or modssl as described in this article:
 
-  http://www.mail-archive.com/modssl-users@modssl.org/msg16980.html
+  <URL: http://www.mail-archive.com/modssl-users@modssl.org/msg16980.html>
 
 
 [BUILD] =======================================================================
@@ -505,7 +508,7 @@ when you run the test suite (using "make test").  The message returned is
 "bc: 1 not implemented".
 
 The best way to deal with this is to find another implementation of bc
-and compile/install it.  GNU bc (see http://www.gnu.org/software/software.html
+and compile/install it.  GNU bc (see <URL: http://www.gnu.org/software/software.html>
 for download instructions) can be safely used, for example.
 
 
@@ -516,7 +519,7 @@ that the OpenSSL bntest throws at it.  This gets triggered when you run the
 test suite (using "make test").  The message returned is "bc: stack empty".
 
 The best way to deal with this is to find another implementation of bc
-and compile/install it.  GNU bc (see http://www.gnu.org/software/software.html
+and compile/install it.  GNU bc (see <URL: http://www.gnu.org/software/software.html>
 for download instructions) can be safely used, for example.
 
 
@@ -709,6 +712,46 @@ never make sense, and tend to emerge when you least expect them. In order
 to identify one, drop optimization level, e.g. by editing CFLAG line in
 top-level Makefile, recompile and re-run the test.
 
+* I think I've found a bug, what should I do?
+
+If you are a new user then it is quite likely you haven't found a bug and
+something is happening you aren't familiar with. Check this FAQ, the associated
+documentation and the mailing lists for similar queries. If you are still
+unsure whether it is a bug or not submit a query to the openssl-users mailing
+list.
+
+
+* I'm SURE I've found a bug, how do I report it?
+
+Bug reports with no security implications should be sent to the request
+tracker. This can be done by mailing the report to <rt@openssl.org> (or its
+alias <openssl-bugs@openssl.org>), please note that messages sent to the
+request tracker also appear in the public openssl-dev mailing list.
+
+The report should be in plain text. Any patches should be sent as
+plain text attachments because some mailers corrupt patches sent inline.
+If your issue affects multiple versions of OpenSSL check any patches apply
+cleanly and, if possible include patches to each affected version.
+
+The report should be given a meaningful subject line briefly summarising the
+issue. Just "bug in OpenSSL" or "bug in OpenSSL 0.9.8n" is not very helpful.
+
+By sending reports to the request tracker the bug can then be given a priority
+and assigned to the appropriate maintainer. The history of discussions can be
+accessed and if the issue has been addressed or a reason why not. If patches
+are only sent to openssl-dev they can be mislaid if a team member has to
+wade through months of old messages to review the discussion.
+
+See also <URL: http://www.openssl.org/support/rt.html>
+
+
+* I've found a security issue, how do I report it?
+
+If you think your bug has security implications then please send it to
+openssl-security@openssl.org if you don't get a prompt reply at least 
+acknowledging receipt then resend or mail it directly to one of the
+more active team members (e.g. Steve).
+
 [PROG] ========================================================================
 
 * Is OpenSSL thread-safe?

INSTALL.W32

@@ -185,6 +185,15 @@
    required. Run the installers and do whatever magic they say it takes
    to start MSYS bash shell with GNU tools on its PATH.
 
+   N.B. Since source tar-ball can contain symbolic links, it's essential
+   that you use accompanying MSYS tar to unpack the source. It will
+   either handle them in one way or another or fail to extract them,
+   which does the trick too. Latter means that you may safely ignore all
+   "cannot create symlink" messages, as they will be "re-created" at
+   configure stage by copying corresponding files. Alternative programs
+   were observed to create empty files instead, which results in build
+   failure.
+
  * Compile OpenSSL:
 
    $ ./config
@@ -297,7 +306,18 @@
  desktop, which is not available to service processes. The toolkit is
  designed to detect in which context it's currently executed, GUI,
  console app or service, and act accordingly, namely whether or not to
- actually make GUI calls.
+ actually make GUI calls. Additionally those who wish to
+ /DELAYLOAD:GDI32.DLL and /DELAYLOAD:USER32.DLL and actually keep them
+ off service process should consider implementing and exporting from
+ .exe image in question own _OPENSSL_isservice not relying on USER32.DLL.
+ E.g., on Windows Vista and later you could:
+
+	__declspec(dllexport) __cdecl BOOL _OPENSSL_isservice(void)
+	{   DWORD sess;
+	    if (ProcessIdToSessionId(GetCurrentProcessId(),&sess))
+	        return sess==0;
+	    return FALSE;
+	}
 
  If you link with OpenSSL .DLLs, then you're expected to include into
  your application code small "shim" snippet, which provides glue between

Makefile.shared

@@ -135,7 +135,7 @@ LINK_SO_A_VIA_O=	\
   ALL=$$ALLSYMSFLAGS; ALLSYMSFLAGS=; NOALLSYMSFLAGS=; \
   ( $(SET_X); \
     ld $(LDFLAGS) -r -o lib$(LIBNAME).o $$ALL lib$(LIBNAME).a $(LIBEXTRAS) ); \
-  $(LINK_SO) && rm -f $(LIBNAME).o
+  $(LINK_SO) && rm -f lib$(LIBNAME).o
 
 LINK_SO_A_UNPACKED=	\
   UNPACKDIR=link_tmp.$$$$; rm -rf $$UNPACKDIR; mkdir $$UNPACKDIR; \
@@ -207,17 +207,29 @@ link_app.bsd:
 	fi; $(LINK_APP)
 
 # For Darwin AKA Mac OS/X (dyld)
-# link_o.darwin produces .so, because we let it use dso_dlfcn module,
-# which has .so extension hard-coded. One can argue that one should
-# develop special dso module for MacOS X. At least manual encourages
-# to use native NSModule(3) API and refers to dlfcn as termporary hack.
+# Originally link_o.darwin produced .so, because it was hard-coded
+# in dso_dlfcn module. At later point dso_dlfcn switched to .dylib
+# extension in order to allow for run-time linking with vendor-
+# supplied shared libraries such as libz, so that link_o.darwin had
+# to be harmonized with it. This caused minor controversy, because
+# it was believed that dlopen can't be used to dynamically load
+# .dylib-s, only so called bundle modules (ones linked with -bundle
+# flag). The belief seems to be originating from pre-10.4 release,
+# where dlfcn functionality was emulated by dlcompat add-on. In
+# 10.4 dlopen was rewritten as native part of dyld and is documented
+# to be capable of loading both dynamic libraries and bundles. In
+# order to provide compatibility with pre-10.4 dlopen, modules are
+# linked with -bundle flag, which makes .dylib extension misleading.
+# It works, because dlopen is [and always was] extension-agnostic.
+# Alternative to this heuristic approach is to develop specific
+# MacOS X dso module relying on whichever "native" dyld interface.
 link_o.darwin:
 	@ $(CALC_VERSIONS); \
 	SHLIB=lib$(LIBNAME); \
-	SHLIB_SUFFIX=.so; \
+	SHLIB_SUFFIX=.dylib; \
 	ALLSYMSFLAGS='-all_load'; \
 	NOALLSYMSFLAGS=''; \
-	SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS)"; \
+	SHAREDFLAGS="$(CFLAGS) `echo $(SHARED_LDFLAGS) | sed s/dynamiclib/bundle/`"; \
 	if [ -n "$(LIBVERSION)" ]; then \
 		SHAREDFLAGS="$$SHAREDFLAGS -current_version $(LIBVERSION)"; \
 	fi; \

NEWS

@@ -5,6 +5,20 @@
   This file gives a brief overview of the major changes between each OpenSSL
   release. For more details please read the CHANGES file.
 
+  Major changes between OpenSSL 1.0.0b and OpenSSL 1.0.0c:
+
+      o Fix for security issue CVE-2010-4180
+      o Fix for CVE-2010-4252
+      o Fix mishandling of absent EC point format extension.
+      o Fix various platform compilation issues.
+      o Corrected fix for security issue CVE-2010-3864.
+
+  Major changes between OpenSSL 1.0.0a and OpenSSL 1.0.0b:
+
+      o Fix for security issue CVE-2010-3864.
+      o Fix for CVE-2010-2939
+      o Fix WIN32 build system for GOST ENGINE.
+
   Major changes between OpenSSL 1.0.0 and OpenSSL 1.0.0a:
 
       o Fix for security issue CVE-2010-1633.

PROBLEMS

@@ -36,7 +36,9 @@ may differ on your machine.
 
 
 As long as Apple doesn't fix the problem with ld, this problem building
-OpenSSL will remain as is.
+OpenSSL will remain as is. Well, the problem was addressed in 0.9.8f by
+passing -Wl,-search_paths_first, but it's unknown if the flag was
+supported from the initial MacOS X release.
 
 
 * Parallell make leads to errors

README

@@ -1,5 +1,5 @@
 
- OpenSSL 1.0.0b-dev
+ OpenSSL 1.0.0c 2 Dec 2010
 
  Copyright (c) 1998-2010 The OpenSSL Project
  Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson

STATUS

@@ -1,10 +1,12 @@
 
   OpenSSL STATUS                           Last modified at
-  ______________                           $Date: 2010/06/01 13:31:36 $
+  ______________                           $Date: 2010/12/02 18:29:03 $
 
   DEVELOPMENT STATE
 
     o  OpenSSL 1.1.0:  Under development...
+    o  OpenSSL 1.0.0c: Released on December   2nd, 2010
+    o  OpenSSL 1.0.0b: Released on November  16th, 2010
     o  OpenSSL 1.0.0a: Released on June      1st,  2010
     o  OpenSSL 1.0.0:  Released on March     29th, 2010
     o  OpenSSL 0.9.8n: Released on March     24th, 2010

TABLE

@@ -1426,6 +1426,68 @@ $ranlib       =
 $arflags      = 
 $multilib     = 
 
+*** debug-VC-WIN64A
+$cc           = cl
+$cflags       = -W3 -Gs0 -Gy -Zi -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DUNICODE -D_UNICODE -D_CRT_SECURE_NO_DEPRECATE
+$unistd       = 
+$thread_cflag = 
+$sys_id       = WIN64A
+$lflags       = 
+$bn_ops       = SIXTY_FOUR_BIT RC4_CHUNK_LL DES_INT EXPORT_VAR_AS_FN
+$cpuid_obj    = x86_64cpuid.o
+$bn_obj       = bn_asm.o x86_64-mont.o
+$des_obj      = 
+$aes_obj      = aes-x86_64.o
+$bf_obj       = 
+$md5_obj      = md5-x86_64.o
+$sha1_obj     = sha1-x86_64.o sha256-x86_64.o sha512-x86_64.o
+$cast_obj     = 
+$rc4_obj      = rc4-x86_64.o
+$rmd160_obj   = 
+$rc5_obj      = 
+$wp_obj       = wp-x86_64.o
+$cmll_obj     = cmll-x86_64.o cmll_misc.o
+$perlasm_scheme = auto
+$dso_scheme   = win32
+$shared_target= 
+$shared_cflag = 
+$shared_ldflag = 
+$shared_extension = 
+$ranlib       = 
+$arflags      = 
+$multilib     = 
+
+*** debug-VC-WIN64I
+$cc           = cl
+$cflags       = -W3 -Gs0 -Gy -Zi -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DUNICODE -D_UNICODE -D_CRT_SECURE_NO_DEPRECATE
+$unistd       = 
+$thread_cflag = 
+$sys_id       = WIN64I
+$lflags       = 
+$bn_ops       = SIXTY_FOUR_BIT RC4_CHUNK_LL DES_INT EXPORT_VAR_AS_FN
+$cpuid_obj    = ia64cpuid.o
+$bn_obj       = ia64.o
+$des_obj      = 
+$aes_obj      = aes_core.o aes_cbc.o aes-ia64.o
+$bf_obj       = 
+$md5_obj      = md5-ia64.o
+$sha1_obj     = sha1-ia64.o sha256-ia64.o sha512-ia64.o
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$wp_obj       = 
+$cmll_obj     = 
+$perlasm_scheme = ias
+$dso_scheme   = win32
+$shared_target= 
+$shared_cflag = 
+$shared_ldflag = 
+$shared_extension = 
+$ranlib       = 
+$arflags      = 
+$multilib     = 
+
 *** debug-ben
 $cc           = gcc
 $cflags       = -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -DDEBUG_UNUSED -O2 -pedantic -Wall -Wshadow -Werror -pipe

apps/apps.c

@@ -257,6 +257,8 @@ int args_from_file(char *file, int *argc, char **argv[])
 
 int str2fmt(char *s)
 	{
+	if (s == NULL)
+		return FORMAT_UNDEF;
 	if 	((*s == 'D') || (*s == 'd'))
 		return(FORMAT_ASN1);
 	else if ((*s == 'T') || (*s == 't'))

apps/pkeyutl.c

@@ -119,17 +119,17 @@ int MAIN(int argc, char **argv)
 		if (!strcmp(*argv,"-in"))
 			{
 			if (--argc < 1) badarg = 1;
-                        infile= *(++argv);
+                        else infile= *(++argv);
 			}
 		else if (!strcmp(*argv,"-out"))
 			{
 			if (--argc < 1) badarg = 1;
-			outfile= *(++argv);
+			else outfile= *(++argv);
 			}
 		else if (!strcmp(*argv,"-sigfile"))
 			{
 			if (--argc < 1) badarg = 1;
-			sigfile= *(++argv);
+			else sigfile= *(++argv);
 			}
 		else if(!strcmp(*argv, "-inkey"))
 			{
@@ -159,17 +159,17 @@ int MAIN(int argc, char **argv)
 		else if (!strcmp(*argv,"-passin"))
 			{
 			if (--argc < 1) badarg = 1;
-			passargin= *(++argv);
+			else passargin= *(++argv);
 			}
 		else if (strcmp(*argv,"-peerform") == 0)
 			{
 			if (--argc < 1) badarg = 1;
-			peerform=str2fmt(*(++argv));
+			else peerform=str2fmt(*(++argv));
 			}
 		else if (strcmp(*argv,"-keyform") == 0)
 			{
 			if (--argc < 1) badarg = 1;
-			keyform=str2fmt(*(++argv));
+			else keyform=str2fmt(*(++argv));
 			}
 #ifndef OPENSSL_NO_ENGINE
 		else if(!strcmp(*argv, "-engine"))

apps/s_socket.c

@@ -406,6 +406,7 @@ redoit:
 	if (ret == INVALID_SOCKET)
 		{
 #if defined(OPENSSL_SYS_WINDOWS) || (defined(OPENSSL_SYS_NETWARE) && !defined(NETWARE_BSDSOCK))
+		int i;
 		i=WSAGetLastError();
 		BIO_printf(bio_err,"accept error %d\n",i);
 #else

apps/speed.c

@@ -1230,7 +1230,8 @@ int MAIN(int argc, char **argv)
 		count*=2;
 		Time_F(START);
 		for (it=count; it; it--)
-			DES_ecb_encrypt(buf_as_des_cblock,buf_as_des_cblock,
+			DES_ecb_encrypt((DES_cblock *)buf,
+				(DES_cblock *)buf,
 				&sch,DES_ENCRYPT);
 		d=Time_F(STOP);
 		} while (d <3);

crypto/Makefile

@@ -74,7 +74,9 @@ x86_64cpuid.s: x86_64cpuid.pl
 	$(PERL) x86_64cpuid.pl $(PERLASM_SCHEME) > $@
 ia64cpuid.s: ia64cpuid.S
 	$(CC) $(CFLAGS) -E ia64cpuid.S > $@
-ppccpuid.s:		ppccpuid.pl;	$(PERL) ppccpuid.pl $(PERLASM_SCHEME) $@
+ppccpuid.s:	ppccpuid.pl;	$(PERL) ppccpuid.pl $(PERLASM_SCHEME) $@
+alphacpuid.s:	alphacpuid.pl
+	$(PERL) $< | $(CC) -E - | tee $@ > /dev/null
 
 testapps:
 	[ -z "$(THIS)" ] || (	if echo $(SDIRS) | fgrep ' des '; \

crypto/aes/aes_wrap.c

@@ -85,9 +85,9 @@ int AES_wrap_key(AES_KEY *key, const unsigned char *iv,
 			A[7] ^= (unsigned char)(t & 0xff);
 			if (t > 0xff)	
 				{
-				A[6] ^= (unsigned char)((t & 0xff) >> 8);
-				A[5] ^= (unsigned char)((t & 0xff) >> 16);
-				A[4] ^= (unsigned char)((t & 0xff) >> 24);
+				A[6] ^= (unsigned char)((t >> 8) & 0xff);
+				A[5] ^= (unsigned char)((t >> 16) & 0xff);
+				A[4] ^= (unsigned char)((t >> 24) & 0xff);
 				}
 			memcpy(R, B + 8, 8);
 			}
@@ -119,9 +119,9 @@ int AES_unwrap_key(AES_KEY *key, const unsigned char *iv,
 			A[7] ^= (unsigned char)(t & 0xff);
 			if (t > 0xff)	
 				{
-				A[6] ^= (unsigned char)((t & 0xff) >> 8);
-				A[5] ^= (unsigned char)((t & 0xff) >> 16);
-				A[4] ^= (unsigned char)((t & 0xff) >> 24);
+				A[6] ^= (unsigned char)((t >> 8) & 0xff);
+				A[5] ^= (unsigned char)((t >> 16) & 0xff);
+				A[4] ^= (unsigned char)((t >> 24) & 0xff);
 				}
 			memcpy(B + 8, R, 8);
 			AES_decrypt(B, B, key);

crypto/aes/asm/aes-armv4.pl

@@ -16,12 +16,20 @@
 # allows to merge logical or arithmetic operation with shift or rotate
 # in one instruction and emit combined result every cycle. The module
 # is endian-neutral. The performance is ~42 cycles/byte for 128-bit
-# key.
+# key [on single-issue Xscale PXA250 core].
 
 # May 2007.
 #
 # AES_set_[en|de]crypt_key is added.
 
+# July 2010.
+#
+# Rescheduling for dual-issue pipeline resulted in 12% improvement on
+# Cortex A8 core and ~25 cycles per byte processed with 128-bit key.
+
+while (($output=shift) && ($output!~/^\w[\w\-]*\.\w+$/)) {}
+open STDOUT,">$output";
+
 $s0="r0";
 $s1="r1";
 $s2="r2";
@@ -164,24 +172,24 @@ AES_encrypt:
 	ldrb	$t2,[$rounds,#1]
 	ldrb	$t3,[$rounds,#0]
 	orr	$s0,$s0,$t1,lsl#8
-	orr	$s0,$s0,$t2,lsl#16
-	orr	$s0,$s0,$t3,lsl#24
 	ldrb	$s1,[$rounds,#7]
+	orr	$s0,$s0,$t2,lsl#16
 	ldrb	$t1,[$rounds,#6]
+	orr	$s0,$s0,$t3,lsl#24
 	ldrb	$t2,[$rounds,#5]
 	ldrb	$t3,[$rounds,#4]
 	orr	$s1,$s1,$t1,lsl#8
-	orr	$s1,$s1,$t2,lsl#16
-	orr	$s1,$s1,$t3,lsl#24
 	ldrb	$s2,[$rounds,#11]
+	orr	$s1,$s1,$t2,lsl#16
 	ldrb	$t1,[$rounds,#10]
+	orr	$s1,$s1,$t3,lsl#24
 	ldrb	$t2,[$rounds,#9]
 	ldrb	$t3,[$rounds,#8]
 	orr	$s2,$s2,$t1,lsl#8
-	orr	$s2,$s2,$t2,lsl#16
-	orr	$s2,$s2,$t3,lsl#24
 	ldrb	$s3,[$rounds,#15]
+	orr	$s2,$s2,$t2,lsl#16
 	ldrb	$t1,[$rounds,#14]
+	orr	$s2,$s2,$t3,lsl#24
 	ldrb	$t2,[$rounds,#13]
 	ldrb	$t3,[$rounds,#12]
 	orr	$s3,$s3,$t1,lsl#8
@@ -196,24 +204,24 @@ AES_encrypt:
 	mov	$t3,$s0,lsr#8
 	strb	$t1,[$rounds,#0]
 	strb	$t2,[$rounds,#1]
-	strb	$t3,[$rounds,#2]
-	strb	$s0,[$rounds,#3]
 	mov	$t1,$s1,lsr#24
+	strb	$t3,[$rounds,#2]
 	mov	$t2,$s1,lsr#16
+	strb	$s0,[$rounds,#3]
 	mov	$t3,$s1,lsr#8
 	strb	$t1,[$rounds,#4]
 	strb	$t2,[$rounds,#5]
-	strb	$t3,[$rounds,#6]
-	strb	$s1,[$rounds,#7]
 	mov	$t1,$s2,lsr#24
+	strb	$t3,[$rounds,#6]
 	mov	$t2,$s2,lsr#16
+	strb	$s1,[$rounds,#7]
 	mov	$t3,$s2,lsr#8
 	strb	$t1,[$rounds,#8]
 	strb	$t2,[$rounds,#9]
-	strb	$t3,[$rounds,#10]
-	strb	$s2,[$rounds,#11]
 	mov	$t1,$s3,lsr#24
+	strb	$t3,[$rounds,#10]
 	mov	$t2,$s3,lsr#16
+	strb	$s2,[$rounds,#11]
 	mov	$t3,$s3,lsr#8
 	strb	$t1,[$rounds,#12]
 	strb	$t2,[$rounds,#13]
@@ -230,141 +238,137 @@ AES_encrypt:
 .align	2
 _armv4_AES_encrypt:
 	str	lr,[sp,#-4]!		@ push lr
-	ldr	$t1,[$key],#16
-	ldr	$t2,[$key,#-12]
-	ldr	$t3,[$key,#-8]
-	ldr	$i1,[$key,#-4]
-	ldr	$rounds,[$key,#240-16]
+	ldmia	$key!,{$t1-$i1}
 	eor	$s0,$s0,$t1
+	ldr	$rounds,[$key,#240-16]
 	eor	$s1,$s1,$t2
 	eor	$s2,$s2,$t3
 	eor	$s3,$s3,$i1
 	sub	$rounds,$rounds,#1
 	mov	lr,#255
 
-.Lenc_loop:
+	and	$i1,lr,$s0
 	and	$i2,lr,$s0,lsr#8
 	and	$i3,lr,$s0,lsr#16
-	and	$i1,lr,$s0
 	mov	$s0,$s0,lsr#24
+.Lenc_loop:
 	ldr	$t1,[$tbl,$i1,lsl#2]	@ Te3[s0>>0]
-	ldr	$s0,[$tbl,$s0,lsl#2]	@ Te0[s0>>24]
-	ldr	$t2,[$tbl,$i2,lsl#2]	@ Te2[s0>>8]
-	ldr	$t3,[$tbl,$i3,lsl#2]	@ Te1[s0>>16]
-
 	and	$i1,lr,$s1,lsr#16	@ i0
+	ldr	$t2,[$tbl,$i2,lsl#2]	@ Te2[s0>>8]
 	and	$i2,lr,$s1
+	ldr	$t3,[$tbl,$i3,lsl#2]	@ Te1[s0>>16]
 	and	$i3,lr,$s1,lsr#8
+	ldr	$s0,[$tbl,$s0,lsl#2]	@ Te0[s0>>24]
 	mov	$s1,$s1,lsr#24
+
 	ldr	$i1,[$tbl,$i1,lsl#2]	@ Te1[s1>>16]
-	ldr	$s1,[$tbl,$s1,lsl#2]	@ Te0[s1>>24]
 	ldr	$i2,[$tbl,$i2,lsl#2]	@ Te3[s1>>0]
 	ldr	$i3,[$tbl,$i3,lsl#2]	@ Te2[s1>>8]
 	eor	$s0,$s0,$i1,ror#8
-	eor	$s1,$s1,$t1,ror#24
-	eor	$t2,$t2,$i2,ror#8
-	eor	$t3,$t3,$i3,ror#8
-
+	ldr	$s1,[$tbl,$s1,lsl#2]	@ Te0[s1>>24]
 	and	$i1,lr,$s2,lsr#8	@ i0
+	eor	$t2,$t2,$i2,ror#8
 	and	$i2,lr,$s2,lsr#16	@ i1
+	eor	$t3,$t3,$i3,ror#8
 	and	$i3,lr,$s2
-	mov	$s2,$s2,lsr#24
+	eor	$s1,$s1,$t1,ror#24
 	ldr	$i1,[$tbl,$i1,lsl#2]	@ Te2[s2>>8]
+	mov	$s2,$s2,lsr#24
+
 	ldr	$i2,[$tbl,$i2,lsl#2]	@ Te1[s2>>16]
-	ldr	$s2,[$tbl,$s2,lsl#2]	@ Te0[s2>>24]
 	ldr	$i3,[$tbl,$i3,lsl#2]	@ Te3[s2>>0]
 	eor	$s0,$s0,$i1,ror#16
-	eor	$s1,$s1,$i2,ror#8
-	eor	$s2,$s2,$t2,ror#16
-	eor	$t3,$t3,$i3,ror#16
-
+	ldr	$s2,[$tbl,$s2,lsl#2]	@ Te0[s2>>24]
 	and	$i1,lr,$s3		@ i0
+	eor	$s1,$s1,$i2,ror#8
 	and	$i2,lr,$s3,lsr#8	@ i1
+	eor	$t3,$t3,$i3,ror#16
 	and	$i3,lr,$s3,lsr#16	@ i2
-	mov	$s3,$s3,lsr#24
+	eor	$s2,$s2,$t2,ror#16
 	ldr	$i1,[$tbl,$i1,lsl#2]	@ Te3[s3>>0]
+	mov	$s3,$s3,lsr#24
+
 	ldr	$i2,[$tbl,$i2,lsl#2]	@ Te2[s3>>8]
 	ldr	$i3,[$tbl,$i3,lsl#2]	@ Te1[s3>>16]
-	ldr	$s3,[$tbl,$s3,lsl#2]	@ Te0[s3>>24]
 	eor	$s0,$s0,$i1,ror#24
+	ldr	$s3,[$tbl,$s3,lsl#2]	@ Te0[s3>>24]
 	eor	$s1,$s1,$i2,ror#16
+	ldr	$i1,[$key],#16
 	eor	$s2,$s2,$i3,ror#8
+	ldr	$t1,[$key,#-12]
 	eor	$s3,$s3,$t3,ror#8
 
-	ldr	$t1,[$key],#16
-	ldr	$t2,[$key,#-12]
-	ldr	$t3,[$key,#-8]
-	ldr	$i1,[$key,#-4]
-	eor	$s0,$s0,$t1
-	eor	$s1,$s1,$t2
-	eor	$s2,$s2,$t3
-	eor	$s3,$s3,$i1
+	ldr	$t2,[$key,#-8]
+	eor	$s0,$s0,$i1
+	ldr	$t3,[$key,#-4]
+	and	$i1,lr,$s0
+	eor	$s1,$s1,$t1
+	and	$i2,lr,$s0,lsr#8
+	eor	$s2,$s2,$t2
+	and	$i3,lr,$s0,lsr#16
+	eor	$s3,$s3,$t3
+	mov	$s0,$s0,lsr#24
 
 	subs	$rounds,$rounds,#1
 	bne	.Lenc_loop
 
 	add	$tbl,$tbl,#2
 
-	and	$i1,lr,$s0
-	and	$i2,lr,$s0,lsr#8
-	and	$i3,lr,$s0,lsr#16
-	mov	$s0,$s0,lsr#24
 	ldrb	$t1,[$tbl,$i1,lsl#2]	@ Te4[s0>>0]
-	ldrb	$s0,[$tbl,$s0,lsl#2]	@ Te4[s0>>24]
-	ldrb	$t2,[$tbl,$i2,lsl#2]	@ Te4[s0>>8]
-	ldrb	$t3,[$tbl,$i3,lsl#2]	@ Te4[s0>>16]
-
 	and	$i1,lr,$s1,lsr#16	@ i0
+	ldrb	$t2,[$tbl,$i2,lsl#2]	@ Te4[s0>>8]
 	and	$i2,lr,$s1
+	ldrb	$t3,[$tbl,$i3,lsl#2]	@ Te4[s0>>16]
 	and	$i3,lr,$s1,lsr#8
+	ldrb	$s0,[$tbl,$s0,lsl#2]	@ Te4[s0>>24]
 	mov	$s1,$s1,lsr#24
+
 	ldrb	$i1,[$tbl,$i1,lsl#2]	@ Te4[s1>>16]
-	ldrb	$s1,[$tbl,$s1,lsl#2]	@ Te4[s1>>24]
 	ldrb	$i2,[$tbl,$i2,lsl#2]	@ Te4[s1>>0]
 	ldrb	$i3,[$tbl,$i3,lsl#2]	@ Te4[s1>>8]
 	eor	$s0,$i1,$s0,lsl#8
-	eor	$s1,$t1,$s1,lsl#24
-	eor	$t2,$i2,$t2,lsl#8
-	eor	$t3,$i3,$t3,lsl#8
-
+	ldrb	$s1,[$tbl,$s1,lsl#2]	@ Te4[s1>>24]
 	and	$i1,lr,$s2,lsr#8	@ i0
+	eor	$t2,$i2,$t2,lsl#8
 	and	$i2,lr,$s2,lsr#16	@ i1
+	eor	$t3,$i3,$t3,lsl#8
 	and	$i3,lr,$s2
-	mov	$s2,$s2,lsr#24
+	eor	$s1,$t1,$s1,lsl#24
 	ldrb	$i1,[$tbl,$i1,lsl#2]	@ Te4[s2>>8]
+	mov	$s2,$s2,lsr#24
+
 	ldrb	$i2,[$tbl,$i2,lsl#2]	@ Te4[s2>>16]
-	ldrb	$s2,[$tbl,$s2,lsl#2]	@ Te4[s2>>24]
 	ldrb	$i3,[$tbl,$i3,lsl#2]	@ Te4[s2>>0]
 	eor	$s0,$i1,$s0,lsl#8
-	eor	$s1,$s1,$i2,lsl#16
-	eor	$s2,$t2,$s2,lsl#24
-	eor	$t3,$i3,$t3,lsl#8
-
+	ldrb	$s2,[$tbl,$s2,lsl#2]	@ Te4[s2>>24]
 	and	$i1,lr,$s3		@ i0
+	eor	$s1,$s1,$i2,lsl#16
 	and	$i2,lr,$s3,lsr#8	@ i1
+	eor	$t3,$i3,$t3,lsl#8
 	and	$i3,lr,$s3,lsr#16	@ i2
-	mov	$s3,$s3,lsr#24
+	eor	$s2,$t2,$s2,lsl#24
 	ldrb	$i1,[$tbl,$i1,lsl#2]	@ Te4[s3>>0]
+	mov	$s3,$s3,lsr#24
+
 	ldrb	$i2,[$tbl,$i2,lsl#2]	@ Te4[s3>>8]
 	ldrb	$i3,[$tbl,$i3,lsl#2]	@ Te4[s3>>16]
-	ldrb	$s3,[$tbl,$s3,lsl#2]	@ Te4[s3>>24]
 	eor	$s0,$i1,$s0,lsl#8
+	ldrb	$s3,[$tbl,$s3,lsl#2]	@ Te4[s3>>24]
+	ldr	$i1,[$key,#0]
 	eor	$s1,$s1,$i2,lsl#8
+	ldr	$t1,[$key,#4]
 	eor	$s2,$s2,$i3,lsl#16
+	ldr	$t2,[$key,#8]
 	eor	$s3,$t3,$s3,lsl#24
+	ldr	$t3,[$key,#12]
 
-	ldr	lr,[sp],#4		@ pop lr
-	ldr	$t1,[$key,#0]
-	ldr	$t2,[$key,#4]
-	ldr	$t3,[$key,#8]
-	ldr	$i1,[$key,#12]
-	eor	$s0,$s0,$t1
-	eor	$s1,$s1,$t2
-	eor	$s2,$s2,$t3
-	eor	$s3,$s3,$i1
+	eor	$s0,$s0,$i1
+	eor	$s1,$s1,$t1
+	eor	$s2,$s2,$t2
+	eor	$s3,$s3,$t3
 
 	sub	$tbl,$tbl,#2
-	mov	pc,lr			@ return
+	ldr	pc,[sp],#4		@ pop and return
 .size	_armv4_AES_encrypt,.-_armv4_AES_encrypt
 
 .global AES_set_encrypt_key
@@ -399,31 +403,31 @@ AES_set_encrypt_key:
 	ldrb	$t2,[$rounds,#1]
 	ldrb	$t3,[$rounds,#0]
 	orr	$s0,$s0,$t1,lsl#8
-	orr	$s0,$s0,$t2,lsl#16
-	orr	$s0,$s0,$t3,lsl#24
 	ldrb	$s1,[$rounds,#7]
+	orr	$s0,$s0,$t2,lsl#16
 	ldrb	$t1,[$rounds,#6]
+	orr	$s0,$s0,$t3,lsl#24
 	ldrb	$t2,[$rounds,#5]
 	ldrb	$t3,[$rounds,#4]
 	orr	$s1,$s1,$t1,lsl#8
-	orr	$s1,$s1,$t2,lsl#16
-	orr	$s1,$s1,$t3,lsl#24
 	ldrb	$s2,[$rounds,#11]
+	orr	$s1,$s1,$t2,lsl#16
 	ldrb	$t1,[$rounds,#10]
+	orr	$s1,$s1,$t3,lsl#24
 	ldrb	$t2,[$rounds,#9]
 	ldrb	$t3,[$rounds,#8]
 	orr	$s2,$s2,$t1,lsl#8
-	orr	$s2,$s2,$t2,lsl#16
-	orr	$s2,$s2,$t3,lsl#24
 	ldrb	$s3,[$rounds,#15]
+	orr	$s2,$s2,$t2,lsl#16
 	ldrb	$t1,[$rounds,#14]
+	orr	$s2,$s2,$t3,lsl#24
 	ldrb	$t2,[$rounds,#13]
 	ldrb	$t3,[$rounds,#12]
 	orr	$s3,$s3,$t1,lsl#8
-	orr	$s3,$s3,$t2,lsl#16
-	orr	$s3,$s3,$t3,lsl#24
 	str	$s0,[$key],#16
+	orr	$s3,$s3,$t2,lsl#16
 	str	$s1,[$key,#-12]
+	orr	$s3,$s3,$t3,lsl#24
 	str	$s2,[$key,#-8]
 	str	$s3,[$key,#-4]
 
@@ -437,27 +441,26 @@ AES_set_encrypt_key:
 .L128_loop:
 	and	$t2,lr,$s3,lsr#24
 	and	$i1,lr,$s3,lsr#16
-	and	$i2,lr,$s3,lsr#8
-	and	$i3,lr,$s3
 	ldrb	$t2,[$tbl,$t2]
+	and	$i2,lr,$s3,lsr#8
 	ldrb	$i1,[$tbl,$i1]
+	and	$i3,lr,$s3
 	ldrb	$i2,[$tbl,$i2]
-	ldrb	$i3,[$tbl,$i3]
-	ldr	$t1,[$t3],#4			@ rcon[i++]
 	orr	$t2,$t2,$i1,lsl#24
+	ldrb	$i3,[$tbl,$i3]
 	orr	$t2,$t2,$i2,lsl#16
+	ldr	$t1,[$t3],#4			@ rcon[i++]
 	orr	$t2,$t2,$i3,lsl#8
 	eor	$t2,$t2,$t1
 	eor	$s0,$s0,$t2			@ rk[4]=rk[0]^...
 	eor	$s1,$s1,$s0			@ rk[5]=rk[1]^rk[4]
-	eor	$s2,$s2,$s1			@ rk[6]=rk[2]^rk[5]
-	eor	$s3,$s3,$s2			@ rk[7]=rk[3]^rk[6]
 	str	$s0,[$key],#16
+	eor	$s2,$s2,$s1			@ rk[6]=rk[2]^rk[5]
 	str	$s1,[$key,#-12]
+	eor	$s3,$s3,$s2			@ rk[7]=rk[3]^rk[6]
 	str	$s2,[$key,#-8]
-	str	$s3,[$key,#-4]
-
 	subs	$rounds,$rounds,#1
+	str	$s3,[$key,#-4]
 	bne	.L128_loop
 	sub	r2,$key,#176
 	b	.Ldone
@@ -468,16 +471,16 @@ AES_set_encrypt_key:
 	ldrb	$t2,[$rounds,#17]
 	ldrb	$t3,[$rounds,#16]
 	orr	$i2,$i2,$t1,lsl#8
-	orr	$i2,$i2,$t2,lsl#16
-	orr	$i2,$i2,$t3,lsl#24
 	ldrb	$i3,[$rounds,#23]
+	orr	$i2,$i2,$t2,lsl#16
 	ldrb	$t1,[$rounds,#22]
+	orr	$i2,$i2,$t3,lsl#24
 	ldrb	$t2,[$rounds,#21]
 	ldrb	$t3,[$rounds,#20]
 	orr	$i3,$i3,$t1,lsl#8
 	orr	$i3,$i3,$t2,lsl#16
-	orr	$i3,$i3,$t3,lsl#24
 	str	$i2,[$key],#8
+	orr	$i3,$i3,$t3,lsl#24
 	str	$i3,[$key,#-4]
 
 	teq	lr,#192
@@ -491,27 +494,26 @@ AES_set_encrypt_key:
 .L192_loop:
 	and	$t2,lr,$i3,lsr#24
 	and	$i1,lr,$i3,lsr#16
-	and	$i2,lr,$i3,lsr#8
-	and	$i3,lr,$i3
 	ldrb	$t2,[$tbl,$t2]
+	and	$i2,lr,$i3,lsr#8
 	ldrb	$i1,[$tbl,$i1]
+	and	$i3,lr,$i3
 	ldrb	$i2,[$tbl,$i2]
-	ldrb	$i3,[$tbl,$i3]
-	ldr	$t1,[$t3],#4			@ rcon[i++]
 	orr	$t2,$t2,$i1,lsl#24
+	ldrb	$i3,[$tbl,$i3]
 	orr	$t2,$t2,$i2,lsl#16
+	ldr	$t1,[$t3],#4			@ rcon[i++]
 	orr	$t2,$t2,$i3,lsl#8
 	eor	$i3,$t2,$t1
 	eor	$s0,$s0,$i3			@ rk[6]=rk[0]^...
 	eor	$s1,$s1,$s0			@ rk[7]=rk[1]^rk[6]
-	eor	$s2,$s2,$s1			@ rk[8]=rk[2]^rk[7]
-	eor	$s3,$s3,$s2			@ rk[9]=rk[3]^rk[8]
 	str	$s0,[$key],#24
+	eor	$s2,$s2,$s1			@ rk[8]=rk[2]^rk[7]
 	str	$s1,[$key,#-20]
+	eor	$s3,$s3,$s2			@ rk[9]=rk[3]^rk[8]
 	str	$s2,[$key,#-16]
-	str	$s3,[$key,#-12]
-
 	subs	$rounds,$rounds,#1
+	str	$s3,[$key,#-12]
 	subeq	r2,$key,#216
 	beq	.Ldone
 
@@ -529,16 +531,16 @@ AES_set_encrypt_key:
 	ldrb	$t2,[$rounds,#25]
 	ldrb	$t3,[$rounds,#24]
 	orr	$i2,$i2,$t1,lsl#8
-	orr	$i2,$i2,$t2,lsl#16
-	orr	$i2,$i2,$t3,lsl#24
 	ldrb	$i3,[$rounds,#31]
+	orr	$i2,$i2,$t2,lsl#16
 	ldrb	$t1,[$rounds,#30]
+	orr	$i2,$i2,$t3,lsl#24
 	ldrb	$t2,[$rounds,#29]
 	ldrb	$t3,[$rounds,#28]
 	orr	$i3,$i3,$t1,lsl#8
 	orr	$i3,$i3,$t2,lsl#16
-	orr	$i3,$i3,$t3,lsl#24
 	str	$i2,[$key],#8
+	orr	$i3,$i3,$t3,lsl#24
 	str	$i3,[$key,#-4]
 
 	mov	$rounds,#14
@@ -550,52 +552,51 @@ AES_set_encrypt_key:
 .L256_loop:
 	and	$t2,lr,$i3,lsr#24
 	and	$i1,lr,$i3,lsr#16
-	and	$i2,lr,$i3,lsr#8
-	and	$i3,lr,$i3
 	ldrb	$t2,[$tbl,$t2]
+	and	$i2,lr,$i3,lsr#8
 	ldrb	$i1,[$tbl,$i1]
+	and	$i3,lr,$i3
 	ldrb	$i2,[$tbl,$i2]
-	ldrb	$i3,[$tbl,$i3]
-	ldr	$t1,[$t3],#4			@ rcon[i++]
 	orr	$t2,$t2,$i1,lsl#24
+	ldrb	$i3,[$tbl,$i3]
 	orr	$t2,$t2,$i2,lsl#16
+	ldr	$t1,[$t3],#4			@ rcon[i++]
 	orr	$t2,$t2,$i3,lsl#8
 	eor	$i3,$t2,$t1
 	eor	$s0,$s0,$i3			@ rk[8]=rk[0]^...
 	eor	$s1,$s1,$s0			@ rk[9]=rk[1]^rk[8]
-	eor	$s2,$s2,$s1			@ rk[10]=rk[2]^rk[9]
-	eor	$s3,$s3,$s2			@ rk[11]=rk[3]^rk[10]
 	str	$s0,[$key],#32
+	eor	$s2,$s2,$s1			@ rk[10]=rk[2]^rk[9]
 	str	$s1,[$key,#-28]
+	eor	$s3,$s3,$s2			@ rk[11]=rk[3]^rk[10]
 	str	$s2,[$key,#-24]
-	str	$s3,[$key,#-20]
-
 	subs	$rounds,$rounds,#1
+	str	$s3,[$key,#-20]
 	subeq	r2,$key,#256
 	beq	.Ldone
 
 	and	$t2,lr,$s3
 	and	$i1,lr,$s3,lsr#8
-	and	$i2,lr,$s3,lsr#16
-	and	$i3,lr,$s3,lsr#24
 	ldrb	$t2,[$tbl,$t2]
+	and	$i2,lr,$s3,lsr#16
 	ldrb	$i1,[$tbl,$i1]
+	and	$i3,lr,$s3,lsr#24
 	ldrb	$i2,[$tbl,$i2]
-	ldrb	$i3,[$tbl,$i3]
 	orr	$t2,$t2,$i1,lsl#8
+	ldrb	$i3,[$tbl,$i3]
 	orr	$t2,$t2,$i2,lsl#16
+	ldr	$t1,[$key,#-48]
 	orr	$t2,$t2,$i3,lsl#24
 
-	ldr	$t1,[$key,#-48]
 	ldr	$i1,[$key,#-44]
 	ldr	$i2,[$key,#-40]
-	ldr	$i3,[$key,#-36]
 	eor	$t1,$t1,$t2			@ rk[12]=rk[4]^...
+	ldr	$i3,[$key,#-36]
 	eor	$i1,$i1,$t1			@ rk[13]=rk[5]^rk[12]
-	eor	$i2,$i2,$i1			@ rk[14]=rk[6]^rk[13]
-	eor	$i3,$i3,$i2			@ rk[15]=rk[7]^rk[14]
 	str	$t1,[$key,#-16]
+	eor	$i2,$i2,$i1			@ rk[14]=rk[6]^rk[13]
 	str	$i1,[$key,#-12]
+	eor	$i3,$i3,$i2			@ rk[15]=rk[7]^rk[14]
 	str	$i2,[$key,#-8]
 	str	$i3,[$key,#-4]
 	b	.L256_loop
@@ -816,24 +817,24 @@ AES_decrypt:
 	ldrb	$t2,[$rounds,#1]
 	ldrb	$t3,[$rounds,#0]
 	orr	$s0,$s0,$t1,lsl#8
-	orr	$s0,$s0,$t2,lsl#16
-	orr	$s0,$s0,$t3,lsl#24
 	ldrb	$s1,[$rounds,#7]
+	orr	$s0,$s0,$t2,lsl#16
 	ldrb	$t1,[$rounds,#6]
+	orr	$s0,$s0,$t3,lsl#24
 	ldrb	$t2,[$rounds,#5]
 	ldrb	$t3,[$rounds,#4]
 	orr	$s1,$s1,$t1,lsl#8
-	orr	$s1,$s1,$t2,lsl#16
-	orr	$s1,$s1,$t3,lsl#24
 	ldrb	$s2,[$rounds,#11]
+	orr	$s1,$s1,$t2,lsl#16
 	ldrb	$t1,[$rounds,#10]
+	orr	$s1,$s1,$t3,lsl#24
 	ldrb	$t2,[$rounds,#9]
 	ldrb	$t3,[$rounds,#8]
 	orr	$s2,$s2,$t1,lsl#8
-	orr	$s2,$s2,$t2,lsl#16
-	orr	$s2,$s2,$t3,lsl#24
 	ldrb	$s3,[$rounds,#15]
+	orr	$s2,$s2,$t2,lsl#16
 	ldrb	$t1,[$rounds,#14]
+	orr	$s2,$s2,$t3,lsl#24
 	ldrb	$t2,[$rounds,#13]
 	ldrb	$t3,[$rounds,#12]
 	orr	$s3,$s3,$t1,lsl#8
@@ -848,24 +849,24 @@ AES_decrypt:
 	mov	$t3,$s0,lsr#8
 	strb	$t1,[$rounds,#0]
 	strb	$t2,[$rounds,#1]
-	strb	$t3,[$rounds,#2]
-	strb	$s0,[$rounds,#3]
 	mov	$t1,$s1,lsr#24
+	strb	$t3,[$rounds,#2]
 	mov	$t2,$s1,lsr#16
+	strb	$s0,[$rounds,#3]
 	mov	$t3,$s1,lsr#8
 	strb	$t1,[$rounds,#4]
 	strb	$t2,[$rounds,#5]
-	strb	$t3,[$rounds,#6]
-	strb	$s1,[$rounds,#7]
 	mov	$t1,$s2,lsr#24
+	strb	$t3,[$rounds,#6]
 	mov	$t2,$s2,lsr#16
+	strb	$s1,[$rounds,#7]
 	mov	$t3,$s2,lsr#8
 	strb	$t1,[$rounds,#8]
 	strb	$t2,[$rounds,#9]
-	strb	$t3,[$rounds,#10]
-	strb	$s2,[$rounds,#11]
 	mov	$t1,$s3,lsr#24
+	strb	$t3,[$rounds,#10]
 	mov	$t2,$s3,lsr#16
+	strb	$s2,[$rounds,#11]
 	mov	$t3,$s3,lsr#8
 	strb	$t1,[$rounds,#12]
 	strb	$t2,[$rounds,#13]
@@ -882,146 +883,143 @@ AES_decrypt:
 .align	2
 _armv4_AES_decrypt:
 	str	lr,[sp,#-4]!		@ push lr
-	ldr	$t1,[$key],#16
-	ldr	$t2,[$key,#-12]
-	ldr	$t3,[$key,#-8]
-	ldr	$i1,[$key,#-4]
-	ldr	$rounds,[$key,#240-16]
+	ldmia	$key!,{$t1-$i1}
 	eor	$s0,$s0,$t1
+	ldr	$rounds,[$key,#240-16]
 	eor	$s1,$s1,$t2
 	eor	$s2,$s2,$t3
 	eor	$s3,$s3,$i1
 	sub	$rounds,$rounds,#1
 	mov	lr,#255
 
-.Ldec_loop:
 	and	$i1,lr,$s0,lsr#16
 	and	$i2,lr,$s0,lsr#8
 	and	$i3,lr,$s0
 	mov	$s0,$s0,lsr#24
+.Ldec_loop:
 	ldr	$t1,[$tbl,$i1,lsl#2]	@ Td1[s0>>16]
-	ldr	$s0,[$tbl,$s0,lsl#2]	@ Td0[s0>>24]
-	ldr	$t2,[$tbl,$i2,lsl#2]	@ Td2[s0>>8]
-	ldr	$t3,[$tbl,$i3,lsl#2]	@ Td3[s0>>0]
-
 	and	$i1,lr,$s1		@ i0
+	ldr	$t2,[$tbl,$i2,lsl#2]	@ Td2[s0>>8]
 	and	$i2,lr,$s1,lsr#16
+	ldr	$t3,[$tbl,$i3,lsl#2]	@ Td3[s0>>0]
 	and	$i3,lr,$s1,lsr#8
+	ldr	$s0,[$tbl,$s0,lsl#2]	@ Td0[s0>>24]
 	mov	$s1,$s1,lsr#24
+
 	ldr	$i1,[$tbl,$i1,lsl#2]	@ Td3[s1>>0]
-	ldr	$s1,[$tbl,$s1,lsl#2]	@ Td0[s1>>24]
 	ldr	$i2,[$tbl,$i2,lsl#2]	@ Td1[s1>>16]
 	ldr	$i3,[$tbl,$i3,lsl#2]	@ Td2[s1>>8]
 	eor	$s0,$s0,$i1,ror#24
-	eor	$s1,$s1,$t1,ror#8
-	eor	$t2,$i2,$t2,ror#8
-	eor	$t3,$i3,$t3,ror#8
-
+	ldr	$s1,[$tbl,$s1,lsl#2]	@ Td0[s1>>24]
 	and	$i1,lr,$s2,lsr#8	@ i0
+	eor	$t2,$i2,$t2,ror#8
 	and	$i2,lr,$s2		@ i1
+	eor	$t3,$i3,$t3,ror#8
 	and	$i3,lr,$s2,lsr#16
-	mov	$s2,$s2,lsr#24
+	eor	$s1,$s1,$t1,ror#8
 	ldr	$i1,[$tbl,$i1,lsl#2]	@ Td2[s2>>8]
+	mov	$s2,$s2,lsr#24
+
 	ldr	$i2,[$tbl,$i2,lsl#2]	@ Td3[s2>>0]
-	ldr	$s2,[$tbl,$s2,lsl#2]	@ Td0[s2>>24]
 	ldr	$i3,[$tbl,$i3,lsl#2]	@ Td1[s2>>16]
 	eor	$s0,$s0,$i1,ror#16
-	eor	$s1,$s1,$i2,ror#24
-	eor	$s2,$s2,$t2,ror#8
-	eor	$t3,$i3,$t3,ror#8
-
+	ldr	$s2,[$tbl,$s2,lsl#2]	@ Td0[s2>>24]
 	and	$i1,lr,$s3,lsr#16	@ i0
+	eor	$s1,$s1,$i2,ror#24
 	and	$i2,lr,$s3,lsr#8	@ i1
+	eor	$t3,$i3,$t3,ror#8
 	and	$i3,lr,$s3		@ i2
-	mov	$s3,$s3,lsr#24
+	eor	$s2,$s2,$t2,ror#8
 	ldr	$i1,[$tbl,$i1,lsl#2]	@ Td1[s3>>16]
+	mov	$s3,$s3,lsr#24
+
 	ldr	$i2,[$tbl,$i2,lsl#2]	@ Td2[s3>>8]
 	ldr	$i3,[$tbl,$i3,lsl#2]	@ Td3[s3>>0]
-	ldr	$s3,[$tbl,$s3,lsl#2]	@ Td0[s3>>24]
 	eor	$s0,$s0,$i1,ror#8
+	ldr	$s3,[$tbl,$s3,lsl#2]	@ Td0[s3>>24]
 	eor	$s1,$s1,$i2,ror#16
 	eor	$s2,$s2,$i3,ror#24
+	ldr	$i1,[$key],#16
 	eor	$s3,$s3,$t3,ror#8
 
-	ldr	$t1,[$key],#16
-	ldr	$t2,[$key,#-12]
-	ldr	$t3,[$key,#-8]
-	ldr	$i1,[$key,#-4]
-	eor	$s0,$s0,$t1
-	eor	$s1,$s1,$t2
-	eor	$s2,$s2,$t3
-	eor	$s3,$s3,$i1
+	ldr	$t1,[$key,#-12]
+	ldr	$t2,[$key,#-8]
+	eor	$s0,$s0,$i1
+	ldr	$t3,[$key,#-4]
+	and	$i1,lr,$s0,lsr#16
+	eor	$s1,$s1,$t1
+	and	$i2,lr,$s0,lsr#8
+	eor	$s2,$s2,$t2
+	and	$i3,lr,$s0
+	eor	$s3,$s3,$t3
+	mov	$s0,$s0,lsr#24
 
 	subs	$rounds,$rounds,#1
 	bne	.Ldec_loop
 
 	add	$tbl,$tbl,#1024
 
-	ldr	$t1,[$tbl,#0]		@ prefetch Td4
-	ldr	$t2,[$tbl,#32]
-	ldr	$t3,[$tbl,#64]
-	ldr	$i1,[$tbl,#96]
-	ldr	$i2,[$tbl,#128]
-	ldr	$i3,[$tbl,#160]
-	ldr	$t1,[$tbl,#192]
-	ldr	$t2,[$tbl,#224]
+	ldr	$t2,[$tbl,#0]		@ prefetch Td4
+	ldr	$t3,[$tbl,#32]
+	ldr	$t1,[$tbl,#64]
+	ldr	$t2,[$tbl,#96]
+	ldr	$t3,[$tbl,#128]
+	ldr	$t1,[$tbl,#160]
+	ldr	$t2,[$tbl,#192]
+	ldr	$t3,[$tbl,#224]
 
-	and	$i1,lr,$s0,lsr#16
-	and	$i2,lr,$s0,lsr#8
-	and	$i3,lr,$s0
-	ldrb	$s0,[$tbl,$s0,lsr#24]	@ Td4[s0>>24]
+	ldrb	$s0,[$tbl,$s0]		@ Td4[s0>>24]
 	ldrb	$t1,[$tbl,$i1]		@ Td4[s0>>16]
-	ldrb	$t2,[$tbl,$i2]		@ Td4[s0>>8]
-	ldrb	$t3,[$tbl,$i3]		@ Td4[s0>>0]
-
 	and	$i1,lr,$s1		@ i0
+	ldrb	$t2,[$tbl,$i2]		@ Td4[s0>>8]
 	and	$i2,lr,$s1,lsr#16
+	ldrb	$t3,[$tbl,$i3]		@ Td4[s0>>0]
 	and	$i3,lr,$s1,lsr#8
+
 	ldrb	$i1,[$tbl,$i1]		@ Td4[s1>>0]
 	ldrb	$s1,[$tbl,$s1,lsr#24]	@ Td4[s1>>24]
 	ldrb	$i2,[$tbl,$i2]		@ Td4[s1>>16]
-	ldrb	$i3,[$tbl,$i3]		@ Td4[s1>>8]
 	eor	$s0,$i1,$s0,lsl#24
+	ldrb	$i3,[$tbl,$i3]		@ Td4[s1>>8]
 	eor	$s1,$t1,$s1,lsl#8
-	eor	$t2,$t2,$i2,lsl#8
-	eor	$t3,$t3,$i3,lsl#8
-
 	and	$i1,lr,$s2,lsr#8	@ i0
+	eor	$t2,$t2,$i2,lsl#8
 	and	$i2,lr,$s2		@ i1
-	and	$i3,lr,$s2,lsr#16
+	eor	$t3,$t3,$i3,lsl#8
 	ldrb	$i1,[$tbl,$i1]		@ Td4[s2>>8]
+	and	$i3,lr,$s2,lsr#16
+
 	ldrb	$i2,[$tbl,$i2]		@ Td4[s2>>0]
 	ldrb	$s2,[$tbl,$s2,lsr#24]	@ Td4[s2>>24]
-	ldrb	$i3,[$tbl,$i3]		@ Td4[s2>>16]
 	eor	$s0,$s0,$i1,lsl#8
+	ldrb	$i3,[$tbl,$i3]		@ Td4[s2>>16]
 	eor	$s1,$i2,$s1,lsl#16
-	eor	$s2,$t2,$s2,lsl#16
-	eor	$t3,$t3,$i3,lsl#16
-
 	and	$i1,lr,$s3,lsr#16	@ i0
+	eor	$s2,$t2,$s2,lsl#16
 	and	$i2,lr,$s3,lsr#8	@ i1
-	and	$i3,lr,$s3		@ i2
+	eor	$t3,$t3,$i3,lsl#16
 	ldrb	$i1,[$tbl,$i1]		@ Td4[s3>>16]
+	and	$i3,lr,$s3		@ i2
+
 	ldrb	$i2,[$tbl,$i2]		@ Td4[s3>>8]
 	ldrb	$i3,[$tbl,$i3]		@ Td4[s3>>0]
 	ldrb	$s3,[$tbl,$s3,lsr#24]	@ Td4[s3>>24]
 	eor	$s0,$s0,$i1,lsl#16
+	ldr	$i1,[$key,#0]
 	eor	$s1,$s1,$i2,lsl#8
+	ldr	$t1,[$key,#4]
 	eor	$s2,$i3,$s2,lsl#8
+	ldr	$t2,[$key,#8]
 	eor	$s3,$t3,$s3,lsl#24
+	ldr	$t3,[$key,#12]
 
-	ldr	lr,[sp],#4		@ pop lr
-	ldr	$t1,[$key,#0]
-	ldr	$t2,[$key,#4]
-	ldr	$t3,[$key,#8]
-	ldr	$i1,[$key,#12]
-	eor	$s0,$s0,$t1
-	eor	$s1,$s1,$t2
-	eor	$s2,$s2,$t3
-	eor	$s3,$s3,$i1
+	eor	$s0,$s0,$i1
+	eor	$s1,$s1,$t1
+	eor	$s2,$s2,$t2
+	eor	$s3,$s3,$t3
 
 	sub	$tbl,$tbl,#1024
-	mov	pc,lr			@ return
+	ldr	pc,[sp],#4		@ pop and return
 .size	_armv4_AES_decrypt,.-_armv4_AES_decrypt
 .asciz	"AES for ARMv4, CRYPTOGAMS by <appro\@openssl.org>"
 .align	2
@@ -1029,3 +1027,4 @@ ___
 
 $code =~ s/\bbx\s+lr\b/.word\t0xe12fff1e/gm;	# make it possible to compile with -march=armv4
 print $code;
+close STDOUT;	# enforce flush

crypto/alphacpuid.pl

@@ -1,3 +1,5 @@
+#!/usr/bin/env perl
+print <<'___';
 .text
 
 .set	noat
@@ -68,9 +70,9 @@ OPENSSL_wipe_cpu:
 OPENSSL_atomic_add:
 	.frame	$30,0,$26
 	.prologue 0
-1:	ldl_l	$0,($16)
+1:	ldl_l	$0,0($16)
 	addl	$0,$17,$1
-	stl_c	$1,($16)
+	stl_c	$1,0($16)
 	beq	$1,1b
 	addl	$0,$17,$0
 	ret	($26)
@@ -123,3 +125,4 @@ OPENSSL_cleanse:
 	br	.Little
 .Ldone: ret	($26)
 .end	OPENSSL_cleanse
+___

crypto/asn1/x_x509.c

@@ -63,7 +63,7 @@
 #include <openssl/x509.h>
 #include <openssl/x509v3.h>
 
-ASN1_SEQUENCE(X509_CINF) = {
+ASN1_SEQUENCE_enc(X509_CINF, enc, 0) = {
 	ASN1_EXP_OPT(X509_CINF, version, ASN1_INTEGER, 0),
 	ASN1_SIMPLE(X509_CINF, serialNumber, ASN1_INTEGER),
 	ASN1_SIMPLE(X509_CINF, signature, X509_ALGOR),
@@ -74,7 +74,7 @@ ASN1_SEQUENCE(X509_CINF) = {
 	ASN1_IMP_OPT(X509_CINF, issuerUID, ASN1_BIT_STRING, 1),
 	ASN1_IMP_OPT(X509_CINF, subjectUID, ASN1_BIT_STRING, 2),
 	ASN1_EXP_SEQUENCE_OF_OPT(X509_CINF, extensions, X509_EXTENSION, 3)
-} ASN1_SEQUENCE_END(X509_CINF)
+} ASN1_SEQUENCE_END_enc(X509_CINF, X509_CINF)
 
 IMPLEMENT_ASN1_FUNCTIONS(X509_CINF)
 /* X509 top level structure needs a bit of customisation */

crypto/bn/asm/alpha-mont.pl

@@ -41,8 +41,12 @@ $j="s4";
 $m1="s5";
 
 $code=<<___;
+#indef __linux__
+#include <asm/regdef.h>
+#else
 #include <asm.h>
 #include <regdef.h>
+#endif
 
 .text
 
@@ -76,7 +80,7 @@ bn_mul_mont:
 	ldq	$aj,8($ap)
 	subq	sp,AT,sp
 	ldq	$bi,0($bp)	# bp[0]
-	mov	-4096,AT
+	lda	AT,-4096(zero)	# mov	-4096,AT
 	ldq	$n0,0($n0)
 	and	sp,AT,sp
 
@@ -106,9 +110,9 @@ bn_mul_mont:
 .align	4
 .L1st:
 	.set	noreorder
-	ldq	$aj,($aj)
+	ldq	$aj,0($aj)
 	addl	$j,1,$j
-	ldq	$nj,($nj)
+	ldq	$nj,0($nj)
 	lda	$tp,8($tp)
 
 	addq	$alo,$hi0,$lo0
@@ -159,12 +163,12 @@ bn_mul_mont:
 .align	4
 .Louter:
 	s8addq	$i,$bp,$bi
-	ldq	$hi0,($ap)
+	ldq	$hi0,0($ap)
 	ldq	$aj,8($ap)
-	ldq	$bi,($bi)
-	ldq	$hi1,($np)
+	ldq	$bi,0($bi)
+	ldq	$hi1,0($np)
 	ldq	$nj,8($np)
-	ldq	$tj,(sp)
+	ldq	$tj,0(sp)
 
 	mulq	$hi0,$bi,$lo0
 	umulh	$hi0,$bi,$hi0
@@ -195,10 +199,10 @@ bn_mul_mont:
 	.set	noreorder
 	ldq	$tj,8($tp)	#L0
 	nop			#U1
-	ldq	$aj,($aj)	#L1
+	ldq	$aj,0($aj)	#L1
 	s8addq	$j,$np,$nj	#U0
 
-	ldq	$nj,($nj)	#L0
+	ldq	$nj,0($nj)	#L0
 	nop			#U1
 	addq	$alo,$hi0,$lo0	#L1
 	lda	$tp,8($tp)
@@ -247,7 +251,7 @@ bn_mul_mont:
 	addq	$hi1,v0,$hi1
 
 	addq	$hi1,$hi0,$lo1
-	stq	$j,($tp)
+	stq	$j,0($tp)
 	cmpult	$lo1,$hi0,$hi1
 	addq	$lo1,$tj,$lo1
 	cmpult	$lo1,$tj,AT
@@ -265,8 +269,8 @@ bn_mul_mont:
 	mov	0,$hi0		# clear borrow bit
 
 .align	4
-.Lsub:	ldq	$lo0,($tp)
-	ldq	$lo1,($np)
+.Lsub:	ldq	$lo0,0($tp)
+	ldq	$lo1,0($np)
 	lda	$tp,8($tp)
 	lda	$np,8($np)
 	subq	$lo0,$lo1,$lo1	# tp[i]-np[i]
@@ -274,7 +278,7 @@ bn_mul_mont:
 	subq	$lo1,$hi0,$lo0
 	cmpult	$lo1,$lo0,$hi0
 	or	$hi0,AT,$hi0
-	stq	$lo0,($rp)
+	stq	$lo0,0($rp)
 	cmpult	$tp,$tj,v0
 	lda	$rp,8($rp)
 	bne	v0,.Lsub
@@ -288,7 +292,7 @@ bn_mul_mont:
 	bis	$bp,$ap,$ap	# ap=borrow?tp:rp
 
 .align	4
-.Lcopy:	ldq	$aj,($ap)	# copy or in-place refresh
+.Lcopy:	ldq	$aj,0($ap)	# copy or in-place refresh
 	lda	$tp,8($tp)
 	lda	$rp,8($rp)
 	lda	$ap,8($ap)
@@ -309,8 +313,8 @@ bn_mul_mont:
 	lda	sp,48(sp)
 	ret	(ra)
 .end	bn_mul_mont
-.rdata
-.asciiz	"Montgomery Multiplication for Alpha, CRYPTOGAMS by <appro\@openssl.org>"
+.ascii	"Montgomery Multiplication for Alpha, CRYPTOGAMS by <appro\@openssl.org>"
+.align	2
 ___
 
 print $code;

crypto/bn/asm/s390x.S

@@ -1,4 +1,4 @@
-.ident "s390x.S, version 1.0"
+.ident "s390x.S, version 1.1"
 // ====================================================================
 // Written by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL
 // project.
@@ -24,67 +24,67 @@ bn_mul_add_words:
 	bler	%r14		// if (len<=0) return 0;
 
 	stmg	%r6,%r10,48(%r15)
+	lghi	%r10,3
 	lghi	%r8,0		// carry = 0
-	srag	%r10,%r4,2	// cnt=len/4
-	jz	.Loop1_madd
+	nr	%r10,%r4	// len%4
+	sra	%r4,2		// cnt=len/4
+	jz	.Loop1_madd	// carry is incidentally cleared if branch taken
+	algr	zero,zero	// clear carry
 
 .Loop4_madd:
 	lg	%r7,0(%r2,%r3)	// ap[i]
 	mlgr	%r6,%r5		// *=w
-	algr	%r7,%r8		// +=carry
+	alcgr	%r7,%r8		// +=carry
 	alcgr	%r6,zero
 	alg	%r7,0(%r2,%r1)	// +=rp[i]
-	alcgr	%r6,zero
 	stg	%r7,0(%r2,%r1)	// rp[i]=
 
 	lg	%r9,8(%r2,%r3)
 	mlgr	%r8,%r5
-	algr	%r9,%r6
+	alcgr	%r9,%r6
 	alcgr	%r8,zero
 	alg	%r9,8(%r2,%r1)
-	alcgr	%r8,zero
 	stg	%r9,8(%r2,%r1)
 
 	lg	%r7,16(%r2,%r3)
 	mlgr	%r6,%r5
-	algr	%r7,%r8
+	alcgr	%r7,%r8
 	alcgr	%r6,zero
 	alg	%r7,16(%r2,%r1)
-	alcgr	%r6,zero
 	stg	%r7,16(%r2,%r1)
 
 	lg	%r9,24(%r2,%r3)
 	mlgr	%r8,%r5
-	algr	%r9,%r6
+	alcgr	%r9,%r6
 	alcgr	%r8,zero
 	alg	%r9,24(%r2,%r1)
-	alcgr	%r8,zero
 	stg	%r9,24(%r2,%r1)
 
 	la	%r2,32(%r2)	// i+=4
-	brct	%r10,.Loop4_madd
+	brct	%r4,.Loop4_madd
 
-	lghi	%r10,3
-	nr	%r4,%r10	// cnt=len%4
-	jz	.Lend_madd
+	la	%r10,1(%r10)		// see if len%4 is zero ...
+	brct	%r10,.Loop1_madd	// without touching condition code:-)
+
+.Lend_madd:
+	alcgr	%r8,zero	// collect carry bit
+	lgr	%r2,%r8
+	lmg	%r6,%r10,48(%r15)
+	br	%r14
 
 .Loop1_madd:
 	lg	%r7,0(%r2,%r3)	// ap[i]
 	mlgr	%r6,%r5		// *=w
-	algr	%r7,%r8		// +=carry
+	alcgr	%r7,%r8		// +=carry
 	alcgr	%r6,zero
 	alg	%r7,0(%r2,%r1)	// +=rp[i]
-	alcgr	%r6,zero
 	stg	%r7,0(%r2,%r1)	// rp[i]=
 
 	lgr	%r8,%r6
 	la	%r2,8(%r2)	// i++
-	brct	%r4,.Loop1_madd
+	brct	%r10,.Loop1_madd
 
-.Lend_madd:
-	lgr	%r2,%r8
-	lmg	%r6,%r10,48(%r15)
-	br	%r14
+	j	.Lend_madd
 .size	bn_mul_add_words,.-bn_mul_add_words
 
 // BN_ULONG bn_mul_words(BN_ULONG *r2,BN_ULONG *r3,int r4,BN_ULONG r5);
@@ -99,57 +99,57 @@ bn_mul_words:
 	bler	%r14		// if (len<=0) return 0;
 
 	stmg	%r6,%r10,48(%r15)
+	lghi	%r10,3
 	lghi	%r8,0		// carry = 0
-	srag	%r10,%r4,2	// cnt=len/4
-	jz	.Loop1_mul
+	nr	%r10,%r4	// len%4
+	sra	%r4,2		// cnt=len/4
+	jz	.Loop1_mul	// carry is incidentally cleared if branch taken
+	algr	zero,zero	// clear carry
 
 .Loop4_mul:
 	lg	%r7,0(%r2,%r3)	// ap[i]
 	mlgr	%r6,%r5		// *=w
-	algr	%r7,%r8		// +=carry
-	alcgr	%r6,zero
+	alcgr	%r7,%r8		// +=carry
 	stg	%r7,0(%r2,%r1)	// rp[i]=
 
 	lg	%r9,8(%r2,%r3)
 	mlgr	%r8,%r5
-	algr	%r9,%r6
-	alcgr	%r8,zero
+	alcgr	%r9,%r6
 	stg	%r9,8(%r2,%r1)
 
 	lg	%r7,16(%r2,%r3)
 	mlgr	%r6,%r5
-	algr	%r7,%r8
-	alcgr	%r6,zero
+	alcgr	%r7,%r8
 	stg	%r7,16(%r2,%r1)
 
 	lg	%r9,24(%r2,%r3)
 	mlgr	%r8,%r5
-	algr	%r9,%r6
-	alcgr	%r8,zero
+	alcgr	%r9,%r6
 	stg	%r9,24(%r2,%r1)
 
 	la	%r2,32(%r2)	// i+=4
-	brct	%r10,.Loop4_mul
+	brct	%r4,.Loop4_mul
 
-	lghi	%r10,3
-	nr	%r4,%r10	// cnt=len%4
-	jz	.Lend_mul
+	la	%r10,1(%r10)		// see if len%4 is zero ...
+	brct	%r10,.Loop1_mul		// without touching condition code:-)
+
+.Lend_mul:
+	alcgr	%r8,zero	// collect carry bit
+	lgr	%r2,%r8
+	lmg	%r6,%r10,48(%r15)
+	br	%r14
 
 .Loop1_mul:
 	lg	%r7,0(%r2,%r3)	// ap[i]
 	mlgr	%r6,%r5		// *=w
-	algr	%r7,%r8		// +=carry
-	alcgr	%r6,zero
+	alcgr	%r7,%r8		// +=carry
 	stg	%r7,0(%r2,%r1)	// rp[i]=
 
 	lgr	%r8,%r6
 	la	%r2,8(%r2)	// i++
-	brct	%r4,.Loop1_mul
+	brct	%r10,.Loop1_mul
 
-.Lend_mul:
-	lgr	%r2,%r8
-	lmg	%r6,%r10,48(%r15)
-	br	%r14
+	j	.Lend_mul
 .size	bn_mul_words,.-bn_mul_words
 
 // void bn_sqr_words(BN_ULONG *r2,BN_ULONG *r2,int r4)

crypto/bn/bn_exp2.c

@@ -301,7 +301,8 @@ int BN_mod_exp2_mont(BIGNUM *rr, const BIGNUM *a1, const BIGNUM *p1,
 			r_is_one = 0;
 			}
 		}
-	BN_from_montgomery(rr,r,mont,ctx);
+	if (!BN_from_montgomery(rr,r,mont,ctx))
+		goto err;
 	ret=1;
 err:
 	if ((in_mont == NULL) && (mont != NULL)) BN_MONT_CTX_free(mont);

crypto/cryptlib.c

@@ -743,6 +743,16 @@ BOOL WINAPI DllMain(HINSTANCE hinstDLL, DWORD fdwReason,
 #if defined(_WIN32) && !defined(__CYGWIN__)
 #include <tchar.h>
 #include <signal.h>
+#ifdef __WATCOMC__
+#if defined(_UNICODE) || defined(__UNICODE__)
+#define _vsntprintf _vsnwprintf
+#else
+#define _vsntprintf _vsnprintf
+#endif
+#endif
+#ifdef _MSC_VER
+#define alloca _alloca
+#endif
 
 #if defined(_WIN32_WINNT) && _WIN32_WINNT>=0x0333
 int OPENSSL_isservice(void)
@@ -773,11 +783,7 @@ int OPENSSL_isservice(void)
 
     if (len>512) return -1;		/* paranoia */
     len++,len&=~1;			/* paranoia */
-#ifdef _MSC_VER
-    name=(WCHAR *)_alloca(len+sizeof(WCHAR));
-#else
     name=(WCHAR *)alloca(len+sizeof(WCHAR));
-#endif
     if (!GetUserObjectInformationW (h,UOI_NAME,name,len,&len))
 	return -1;
 
@@ -822,11 +828,7 @@ void OPENSSL_showfatal (const char *fmta,...)
       size_t len_0=strlen(fmta)+1,i;
       WCHAR *fmtw;
 
-#ifdef _MSC_VER
-	fmtw = (WCHAR *)_alloca (len_0*sizeof(WCHAR));
-#else
-	fmtw = (WCHAR *)alloca (len_0*sizeof(WCHAR));
-#endif
+	fmtw = (WCHAR *)alloca(len_0*sizeof(WCHAR));
 	if (fmtw == NULL) { fmt=(const TCHAR *)L"no stack?"; break; }
 
 #ifndef OPENSSL_NO_MULTIBYTE

crypto/crypto-lib.com

@@ -193,7 +193,7 @@ $ LIB_CAST = "c_skey,c_ecb,c_enc,c_cfb64,c_ofb64"
 $ LIB_CAMELLIA = "camellia,cmll_misc,cmll_ecb,cmll_cbc,cmll_ofb,"+ -
 	"cmll_cfb,cmll_ctr"
 $ LIB_SEED = "seed,seed_ecb,seed_cbc,seed_cfb,seed_ofb"
-$ LIB_MODES = "cbc128,ctr128,cfb128,ofb128"
+$ LIB_MODES = "cbc128,ctr128,cfb128,ofb128,cts128"
 $ LIB_BN_ASM = "[.asm]vms.mar,vms-helper"
 $ IF F$TRNLNM("OPENSSL_NO_ASM") .OR. ARCH .NES. "VAX" THEN -
      LIB_BN_ASM = "bn_asm"
@@ -1036,7 +1036,7 @@ $     IF ARCH.EQS."VAX" .AND. F$TRNLNM("DECC$CC_DEFAULT").NES."/DECC" -
 	 THEN CC = "CC/DECC"
 $     CC = CC + "/''CC_OPTIMIZE'/''DEBUGGER'/STANDARD=ANSI89" + -
            "/NOLIST/PREFIX=ALL" + -
-	   "/INCLUDE=(SYS$DISK:[],SYS$DISK:[._''ARCH'],SYS$DISK:[-],SYS$DISK:[.ENGINE.VENDOR_DEFNS],SYS$DISK:[.EVP],SYS$DISK:[.ASN1])" + -
+	   "/INCLUDE=(SYS$DISK:[._''ARCH'],SYS$DISK:[],SYS$DISK:[-],SYS$DISK:[.ENGINE.VENDOR_DEFNS],SYS$DISK:[.EVP],SYS$DISK:[.ASN1])" + -
 	   CCEXTRAFLAGS
 $!
 $!    Define The Linker Options File Name.
@@ -1070,7 +1070,7 @@ $	EXIT
 $     ENDIF
 $     IF F$TRNLNM("DECC$CC_DEFAULT").EQS."/DECC" THEN CC = "CC/VAXC"
 $     CC = CC + "/''CC_OPTIMIZE'/''DEBUGGER'/NOLIST" + -
-	   "/INCLUDE=(SYS$DISK:[],SYS$DISK:[._''ARCH'],SYS$DISK:[-],SYS$DISK:[.ENGINE.VENDOR_DEFNS],SYS$DISK:[.EVP],SYS$DISK:[.ASN1])" + -
+	   "/INCLUDE=(SYS$DISK:[._''ARCH'],SYS$DISK:[],SYS$DISK:[-],SYS$DISK:[.ENGINE.VENDOR_DEFNS],SYS$DISK:[.EVP],SYS$DISK:[.ASN1])" + -
 	   CCEXTRAFLAGS
 $     CCDEFS = """VAXC""," + CCDEFS
 $!
@@ -1102,7 +1102,7 @@ $!
 $!    Use GNU C...
 $!
 $     CC = "GCC/NOCASE_HACK/''GCC_OPTIMIZE'/''DEBUGGER'/NOLIST" + -
-	   "/INCLUDE=(SYS$DISK:[],SYS$DISK:[._''ARCH'],SYS$DISK:[-],SYS$DISK:[.ENGINE.VENDOR_DEFNS],SYS$DISK:[.EVP],SYS$DISK:[.ASN1])" + -
+	   "/INCLUDE=(SYS$DISK:[._''ARCH'],SYS$DISK:[],SYS$DISK:[-],SYS$DISK:[.ENGINE.VENDOR_DEFNS],SYS$DISK:[.EVP],SYS$DISK:[.ASN1])" + -
 	   CCEXTRAFLAGS
 $!
 $!    Define The Linker Options File Name.

crypto/dsa/dsa_ossl.c

@@ -185,7 +185,7 @@ static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
 	if (!BN_mod_mul(&xr,dsa->priv_key,r,dsa->q,ctx)) goto err;/* s = xr */
 	if (!BN_add(s, &xr, &m)) goto err;		/* s = m + xr */
 	if (BN_cmp(s,dsa->q) > 0)
-		BN_sub(s,s,dsa->q);
+		if (!BN_sub(s,s,dsa->q)) goto err;
 	if (!BN_mod_mul(s,s,kinv,dsa->q,ctx)) goto err;
 
 	ret=DSA_SIG_new();

crypto/ec/ec2_mult.c

@@ -319,6 +319,7 @@ int ec_GF2m_simple_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar,
 	int ret = 0;
 	size_t i;
 	EC_POINT *p=NULL;
+	EC_POINT *acc = NULL;
 
 	if (ctx == NULL)
 		{
@@ -338,15 +339,16 @@ int ec_GF2m_simple_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar,
 		}
 
 	if ((p = EC_POINT_new(group)) == NULL) goto err;
+	if ((acc = EC_POINT_new(group)) == NULL) goto err;
 
-	if (!EC_POINT_set_to_infinity(group, r)) goto err;
+	if (!EC_POINT_set_to_infinity(group, acc)) goto err;
 
 	if (scalar)
 		{
 		if (!ec_GF2m_montgomery_point_multiply(group, p, scalar, group->generator, ctx)) goto err;
-		if (BN_is_negative(scalar)) 
+		if (BN_is_negative(scalar))
 			if (!group->meth->invert(group, p, ctx)) goto err;
-		if (!group->meth->add(group, r, r, p, ctx)) goto err;
+		if (!group->meth->add(group, acc, acc, p, ctx)) goto err;
 		}
 
 	for (i = 0; i < num; i++)
@@ -354,13 +356,16 @@ int ec_GF2m_simple_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar,
 		if (!ec_GF2m_montgomery_point_multiply(group, p, scalars[i], points[i], ctx)) goto err;
 		if (BN_is_negative(scalars[i]))
 			if (!group->meth->invert(group, p, ctx)) goto err;
-		if (!group->meth->add(group, r, r, p, ctx)) goto err;
+		if (!group->meth->add(group, acc, acc, p, ctx)) goto err;
 		}
 
+	if (!EC_POINT_copy(r, acc)) goto err;
+
 	ret = 1;
 
   err:
 	if (p) EC_POINT_free(p);
+	if (acc) EC_POINT_free(acc);
 	if (new_ctx != NULL)
 		BN_CTX_free(new_ctx);
 	return ret;

crypto/ec/ec_mult.c

@@ -169,11 +169,13 @@ static void ec_pre_comp_clear_free(void *pre_)
 		EC_POINT **p;
 
 		for (p = pre->points; *p != NULL; p++)
+			{
 			EC_POINT_clear_free(*p);
-		OPENSSL_cleanse(pre->points, sizeof pre->points);
+			OPENSSL_cleanse(p, sizeof *p);
+			}
 		OPENSSL_free(pre->points);
 		}
-	OPENSSL_cleanse(pre, sizeof pre);
+	OPENSSL_cleanse(pre, sizeof *pre);
 	OPENSSL_free(pre);
 	}
 

crypto/evp/evp_enc.c

@@ -204,6 +204,7 @@ skip_to_init:
 			case EVP_CIPH_OFB_MODE:
 
 			ctx->num = 0;
+			/* fall-through */
 
 			case EVP_CIPH_CBC_MODE:
 

crypto/evp/m_sigver.c

@@ -137,7 +137,7 @@ int EVP_DigestSignFinal(EVP_MD_CTX *ctx, unsigned char *sigret, size_t *siglen)
 		sctx = 0;
 	if (sigret)
 		{
-		MS_STATIC EVP_MD_CTX tmp_ctx;
+		EVP_MD_CTX tmp_ctx;
 		unsigned char md[EVP_MAX_MD_SIZE];
 		unsigned int mdlen;
 		EVP_MD_CTX_init(&tmp_ctx);
@@ -173,7 +173,7 @@ int EVP_DigestSignFinal(EVP_MD_CTX *ctx, unsigned char *sigret, size_t *siglen)
 
 int EVP_DigestVerifyFinal(EVP_MD_CTX *ctx, unsigned char *sig, size_t siglen)
 	{
-	MS_STATIC EVP_MD_CTX tmp_ctx;
+	EVP_MD_CTX tmp_ctx;
 	unsigned char md[EVP_MAX_MD_SIZE];
 	int r;
 	unsigned int mdlen;

crypto/evp/p_lib.c

@@ -411,7 +411,10 @@ void EVP_PKEY_free(EVP_PKEY *x)
 static void EVP_PKEY_free_it(EVP_PKEY *x)
 	{
 	if (x->ameth && x->ameth->pkey_free)
+		{
 		x->ameth->pkey_free(x);
+		x->pkey.ptr = NULL;
+		}
 #ifndef OPENSSL_NO_ENGINE
 	if (x->engine)
 		{

crypto/evp/p_sign.c

@@ -81,7 +81,7 @@ int EVP_SignFinal(EVP_MD_CTX *ctx, unsigned char *sigret, unsigned int *siglen,
 	unsigned char m[EVP_MAX_MD_SIZE];
 	unsigned int m_len;
 	int i,ok=0,v;
-	MS_STATIC EVP_MD_CTX tmp_ctx;
+	EVP_MD_CTX tmp_ctx;
 
 	*siglen=0;
 	EVP_MD_CTX_init(&tmp_ctx);

crypto/evp/p_verify.c

@@ -68,7 +68,7 @@ int EVP_VerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sigbuf,
 	unsigned char m[EVP_MAX_MD_SIZE];
 	unsigned int m_len;
 	int i,ok=0,v;
-	MS_STATIC EVP_MD_CTX tmp_ctx;
+	EVP_MD_CTX tmp_ctx;
 
 	EVP_MD_CTX_init(&tmp_ctx);
 	EVP_MD_CTX_copy_ex(&tmp_ctx,ctx);     

crypto/evp/pmeth_lib.c

@@ -134,6 +134,8 @@ static EVP_PKEY_CTX *int_ctx_new(EVP_PKEY *pkey, ENGINE *e, int id)
 		id = pkey->ameth->pkey_id;
 		}
 #ifndef OPENSSL_NO_ENGINE
+	if (pkey && pkey->engine)
+		e = pkey->engine;
 	/* Try to find an ENGINE which implements this method */
 	if (e)
 		{

crypto/install.com

@@ -120,12 +120,7 @@ $	IF D .EQS. ""
 $	THEN
 $	  COPY 'tmp' WRK_SSLINCLUDE: /LOG
 $	ELSE
-$	  IF D .EQS. "_''ARCH'"
-$	  THEN
-$	    COPY [-.'ARCH'.CRYPTO]'tmp' WRK_SSLINCLUDE: /LOG
-$	  ELSE
-$	    COPY [.'D']'tmp' WRK_SSLINCLUDE: /LOG
-$	  ENDIF
+$	  COPY [.'D']'tmp' WRK_SSLINCLUDE: /LOG
 $	ENDIF
 $	SET FILE/PROT=WORLD:RE WRK_SSLINCLUDE:'tmp'
 $	GOTO LOOP_SDIRS

crypto/jpake/jpake.c

@@ -282,8 +282,37 @@ int JPAKE_STEP1_generate(JPAKE_STEP1 *send, JPAKE_CTX *ctx)
     return 1;
     }
 
+/* g^x is a legal value */
+static int is_legal(const BIGNUM *gx, const JPAKE_CTX *ctx)
+    {
+    BIGNUM *t;
+    int res;
+    
+    if(BN_is_negative(gx) || BN_is_zero(gx) || BN_cmp(gx, ctx->p.p) >= 0)
+	return 0;
+
+    t = BN_new();
+    BN_mod_exp(t, gx, ctx->p.q, ctx->p.p, ctx->ctx);
+    res = BN_is_one(t);
+    BN_free(t);
+
+    return res;
+    }
+
 int JPAKE_STEP1_process(JPAKE_CTX *ctx, const JPAKE_STEP1 *received)
     {
+    if(!is_legal(received->p1.gx, ctx))
+	{
+	JPAKEerr(JPAKE_F_JPAKE_STEP1_PROCESS, JPAKE_R_G_TO_THE_X3_IS_NOT_LEGAL);
+	return 0;
+	}
+
+    if(!is_legal(received->p2.gx, ctx))
+	{
+	JPAKEerr(JPAKE_F_JPAKE_STEP1_PROCESS, JPAKE_R_G_TO_THE_X4_IS_NOT_LEGAL);
+	return 0;
+	}
+
    /* verify their ZKP(xc) */
     if(!verify_zkp(&received->p1, ctx->p.g, ctx))
 	{

crypto/jpake/jpake.h

@@ -115,6 +115,8 @@ void ERR_load_JPAKE_strings(void);
 #define JPAKE_F_VERIFY_ZKP				 100
 
 /* Reason codes. */
+#define JPAKE_R_G_TO_THE_X3_IS_NOT_LEGAL		 108
+#define JPAKE_R_G_TO_THE_X4_IS_NOT_LEGAL		 109
 #define JPAKE_R_G_TO_THE_X4_IS_ONE			 105
 #define JPAKE_R_HASH_OF_HASH_OF_KEY_MISMATCH		 106
 #define JPAKE_R_HASH_OF_KEY_MISMATCH			 107

crypto/jpake/jpake_err.c

@@ -1,6 +1,6 @@
 /* crypto/jpake/jpake_err.c */
 /* ====================================================================
- * Copyright (c) 1999-2008 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1999-2010 The OpenSSL Project.  All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -80,6 +80,8 @@ static ERR_STRING_DATA JPAKE_str_functs[]=
 
 static ERR_STRING_DATA JPAKE_str_reasons[]=
 	{
+{ERR_REASON(JPAKE_R_G_TO_THE_X3_IS_NOT_LEGAL),"g to the x3 is not legal"},
+{ERR_REASON(JPAKE_R_G_TO_THE_X4_IS_NOT_LEGAL),"g to the x4 is not legal"},
 {ERR_REASON(JPAKE_R_G_TO_THE_X4_IS_ONE)  ,"g to the x4 is one"},
 {ERR_REASON(JPAKE_R_HASH_OF_HASH_OF_KEY_MISMATCH),"hash of hash of key mismatch"},
 {ERR_REASON(JPAKE_R_HASH_OF_KEY_MISMATCH),"hash of key mismatch"},

crypto/md32_common.h

@@ -165,7 +165,7 @@
 				asm (			\
 				"roll %1,%0"		\
 				: "=r"(ret)		\
-				: "I"(n), "0"(a)	\
+				: "I"(n), "0"((unsigned int)(a))	\
 				: "cc");		\
 			   ret;				\
 			})
@@ -383,6 +383,7 @@ int HASH_FINAL (unsigned char *md, HASH_CTX *c)
 	}
 
 #ifndef MD32_REG_T
+#if defined(__alpha) || defined(__sparcv9) || defined(__mips)
 #define MD32_REG_T long
 /*
  * This comment was originaly written for MD5, which is why it
@@ -400,9 +401,15 @@ int HASH_FINAL (unsigned char *md, HASH_CTX *c)
  * Well, to be honest it should say that this *prevents* 
  * performance degradation.
  *				<appro@fy.chalmers.se>
- * Apparently there're LP64 compilers that generate better
- * code if A-D are declared int. Most notably GCC-x86_64
- * generates better code.
+ */
+#else
+/*
+ * Above is not absolute and there are LP64 compilers that
+ * generate better code if MD32_REG_T is defined int. The above
+ * pre-processor condition reflects the circumstances under which
+ * the conclusion was made and is subject to further extension.
  *				<appro@fy.chalmers.se>
  */
+#define MD32_REG_T int
+#endif
 #endif

crypto/ocsp/ocsp_ht.c

@@ -397,11 +397,12 @@ int OCSP_sendreq_nbio(OCSP_RESPONSE **presp, OCSP_REQ_CTX *rctx)
 
 
 		case OHS_ASN1_HEADER:
-		/* Now reading ASN1 header: can read at least 6 bytes which
-		 * is more than enough for any valid ASN1 SEQUENCE header
+		/* Now reading ASN1 header: can read at least 2 bytes which
+		 * is enough for ASN1 SEQUENCE header and either length field
+		 * or at least the length of the length field.
 		 */
 		n = BIO_get_mem_data(rctx->mem, &p);
-		if (n < 6)
+		if (n < 2)
 			goto next_io;
 
 		/* Check it is an ASN1 SEQUENCE */
@@ -414,6 +415,11 @@ int OCSP_sendreq_nbio(OCSP_RESPONSE **presp, OCSP_REQ_CTX *rctx)
 		/* Check out length field */
 		if (*p & 0x80)
 			{
+			/* If MSB set on initial length octet we can now
+			 * always read 6 octets: make sure we have them.
+			 */
+			if (n < 6)
+				goto next_io;
 			n = *p & 0x7F;
 			/* Not NDEF or excessive length */
 			if (!n || (n > 4))

crypto/opensslv.h

@@ -25,11 +25,11 @@
  * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for
  *  major minor fix final patch/beta)
  */
-#define OPENSSL_VERSION_NUMBER	0x10000020
+#define OPENSSL_VERSION_NUMBER	0x1000003f
 #ifdef OPENSSL_FIPS
-#define OPENSSL_VERSION_TEXT	"OpenSSL 1.0.0b-fips-dev xx XXX xxxx"
+#define OPENSSL_VERSION_TEXT	"OpenSSL 1.0.0c-fips 2 Dec 2010"
 #else
-#define OPENSSL_VERSION_TEXT	"OpenSSL 1.0.0b-dev x XXX xxxx"
+#define OPENSSL_VERSION_TEXT	"OpenSSL 1.0.0c 2 Dec 2010"
 #endif
 #define OPENSSL_VERSION_PTEXT	" part of " OPENSSL_VERSION_TEXT
 

crypto/perlasm/x86_64-xlate.pl

@@ -167,7 +167,7 @@ my %globals;
 	    } elsif ($self->{op} =~ /^(pop|push)f/) {
 		$self->{op} .= $self->{sz};
 	    } elsif ($self->{op} eq "call" && $current_segment eq ".CRT\$XCU") {
-		$self->{op} = "ALIGN\t8\n\tDQ";
+		$self->{op} = "\tDQ";
 	    } 
 	    $self->{op};
 	}
@@ -545,6 +545,8 @@ my %globals;
 					if ($line=~/\.([px])data/) {
 					    $v.=" rdata align=";
 					    $v.=$1 eq "p"? 4 : 8;
+					} elsif ($line=~/\.CRT\$/i) {
+					    $v.=" rdata align=8";
 					}
 				    } else {
 					$v="$current_segment\tENDS\n" if ($current_segment);
@@ -552,6 +554,8 @@ my %globals;
 					if ($line=~/\.([px])data/) {
 					    $v.=" READONLY";
 					    $v.=" ALIGN(".($1 eq "p" ? 4 : 8).")" if ($masm>=$masmref);
+					} elsif ($line=~/\.CRT\$/i) {
+					    $v.=" READONLY DWORD";
 					}
 				    }
 				    $current_segment = $line;

crypto/pkcs12/p12_key.c

@@ -107,6 +107,7 @@ int PKCS12_key_gen_uni(unsigned char *pass, int passlen, unsigned char *salt,
 	unsigned char *B, *D, *I, *p, *Ai;
 	int Slen, Plen, Ilen, Ijlen;
 	int i, j, u, v;
+	int ret = 0;
 	BIGNUM *Ij, *Bpl1;	/* These hold Ij and B + 1 */
 	EVP_MD_CTX ctx;
 #ifdef  DEBUG_KEYGEN
@@ -144,10 +145,8 @@ int PKCS12_key_gen_uni(unsigned char *pass, int passlen, unsigned char *salt,
 	I = OPENSSL_malloc (Ilen);
 	Ij = BN_new();
 	Bpl1 = BN_new();
-	if (!D || !Ai || !B || !I || !Ij || !Bpl1) {
-		PKCS12err(PKCS12_F_PKCS12_KEY_GEN_UNI,ERR_R_MALLOC_FAILURE);
-		return 0;
-	}
+	if (!D || !Ai || !B || !I || !Ij || !Bpl1)
+		goto err;
 	for (i = 0; i < v; i++) D[i] = id;
 	p = I;
 	for (i = 0; i < Slen; i++) *p++ = salt[i % saltlen];
@@ -164,28 +163,22 @@ int PKCS12_key_gen_uni(unsigned char *pass, int passlen, unsigned char *salt,
 		}
 		memcpy (out, Ai, min (n, u));
 		if (u >= n) {
-			OPENSSL_free (Ai);
-			OPENSSL_free (B);
-			OPENSSL_free (D);
-			OPENSSL_free (I);
-			BN_free (Ij);
-			BN_free (Bpl1);
-			EVP_MD_CTX_cleanup(&ctx);
 #ifdef DEBUG_KEYGEN
 			fprintf(stderr, "Output KEY (length %d)\n", tmpn);
 			h__dump(tmpout, tmpn);
 #endif
-			return 1;	
+			ret = 1;
+			goto end;
 		}
 		n -= u;
 		out += u;
 		for (j = 0; j < v; j++) B[j] = Ai[j % u];
 		/* Work out B + 1 first then can use B as tmp space */
-		BN_bin2bn (B, v, Bpl1);
-		BN_add_word (Bpl1, 1);
+		if (!BN_bin2bn (B, v, Bpl1)) goto err;
+		if (!BN_add_word (Bpl1, 1)) goto err;
 		for (j = 0; j < Ilen ; j+=v) {
-			BN_bin2bn (I + j, v, Ij);
-			BN_add (Ij, Ij, Bpl1);
+			if (!BN_bin2bn (I + j, v, Ij)) goto err;
+			if (!BN_add (Ij, Ij, Bpl1)) goto err;
 			BN_bn2bin (Ij, B);
 			Ijlen = BN_num_bytes (Ij);
 			/* If more than 2^(v*8) - 1 cut off MSB */
@@ -201,6 +194,19 @@ int PKCS12_key_gen_uni(unsigned char *pass, int passlen, unsigned char *salt,
 			} else BN_bn2bin (Ij, I + j);
 		}
 	}
+
+err:
+	PKCS12err(PKCS12_F_PKCS12_KEY_GEN_UNI,ERR_R_MALLOC_FAILURE);
+
+end:
+	OPENSSL_free (Ai);
+	OPENSSL_free (B);
+	OPENSSL_free (D);
+	OPENSSL_free (I);
+	BN_free (Ij);
+	BN_free (Bpl1);
+	EVP_MD_CTX_cleanup(&ctx);
+	return ret;
 }
 #ifdef DEBUG_KEYGEN
 void h__dump (unsigned char *p, int len)

crypto/rand/rand_nw.c

@@ -160,8 +160,8 @@ int RAND_poll(void)
          rdtsc
          mov tsc, eax        
       }
-#else
-      asm volatile("rdtsc":"=A" (tsc));
+#elif defined(__GNUC__) && __GNUC__>=2 && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM)
+      asm volatile("rdtsc":"=a"(tsc)::"edx");
 #endif
 
       RAND_add(&tsc, sizeof(tsc), 1);

crypto/rand/randfile.c

@@ -310,7 +310,7 @@ const char *RAND_file_name(char *buf, size_t size)
 	 * to something hopefully decent if that isn't available. 
 	 */
 
-	if (!ok)
+	if (!buf[0])
 		if (BUF_strlcpy(buf,"/dev/arandom",size) >= size) {
 			return(NULL);
 		}	

crypto/rc5/rc5_locl.h

@@ -154,14 +154,14 @@
 #  define ROTATE_l32(a,n)	({ register unsigned int ret;	\
 					asm ("roll %%cl,%0"	\
 						: "=r"(ret)	\
-						: "c"(n),"0"(a)	\
+						: "c"(n),"0"((unsigned int)(a))	\
 						: "cc");	\
 					ret;			\
 				})
 #  define ROTATE_r32(a,n)	({ register unsigned int ret;	\
 					asm ("rorl %%cl,%0"	\
 						: "=r"(ret)	\
-						: "c"(n),"0"(a)	\
+						: "c"(n),"0"((unsigned int)(a))	\
 						: "cc");	\
 					ret;			\
 				})

crypto/rsa/rsa_eay.c

@@ -675,7 +675,7 @@ static int RSA_eay_public_decrypt(int flen, const unsigned char *from,
 		rsa->_method_mod_n)) goto err;
 
 	if ((padding == RSA_X931_PADDING) && ((ret->d[0] & 0xf) != 12))
-		BN_sub(ret, rsa->n, ret);
+		if (!BN_sub(ret, rsa->n, ret)) goto err;
 
 	p=buf;
 	i=BN_bn2bin(ret,p);

crypto/sha/asm/sha1-armv4-large.pl

@@ -37,9 +37,18 @@
 #	modes are limited. As result it takes more instructions to do
 #	the same job in Thumb, therefore the code is never twice as
 #	small and always slower.
-# [***]	which is also ~35% better than compiler generated code.
+# [***]	which is also ~35% better than compiler generated code. Dual-
+#	issue Cortex A8 core was measured to process input block in
+#	~990 cycles.
 
-$output=shift;
+# August 2010.
+#
+# Rescheduling for dual-issue pipeline resulted in 13% improvement on
+# Cortex A8 core and in absolute terms ~870 cycles per input block
+# [or 13.6 cycles per byte].
+
+
+while (($output=shift) && ($output!~/^\w[\w\-]*\.\w+$/)) {}
 open STDOUT,">$output";
 
 $ctx="r0";
@@ -58,43 +67,22 @@ $t3="r12";
 $Xi="r14";
 @V=($a,$b,$c,$d,$e);
 
-# One can optimize this for aligned access on big-endian architecture,
-# but code's endian neutrality makes it too pretty:-)
-sub Xload {
-my ($a,$b,$c,$d,$e)=@_;
-$code.=<<___;
-	ldrb	$t0,[$inp],#4
-	ldrb	$t1,[$inp,#-3]
-	ldrb	$t2,[$inp,#-2]
-	ldrb	$t3,[$inp,#-1]
-	add	$e,$K,$e,ror#2			@ E+=K_00_19
-	orr	$t0,$t1,$t0,lsl#8
-	add	$e,$e,$a,ror#27			@ E+=ROR(A,27)
-	orr	$t0,$t2,$t0,lsl#8
-	eor	$t1,$c,$d			@ F_xx_xx
-	orr	$t0,$t3,$t0,lsl#8
-	add	$e,$e,$t0			@ E+=X[i]
-	str	$t0,[$Xi,#-4]!
-___
-}
 sub Xupdate {
-my ($a,$b,$c,$d,$e,$flag)=@_;
+my ($a,$b,$c,$d,$e,$opt1,$opt2)=@_;
 $code.=<<___;
 	ldr	$t0,[$Xi,#15*4]
 	ldr	$t1,[$Xi,#13*4]
 	ldr	$t2,[$Xi,#7*4]
-	ldr	$t3,[$Xi,#2*4]
 	add	$e,$K,$e,ror#2			@ E+=K_xx_xx
+	ldr	$t3,[$Xi,#2*4]
 	eor	$t0,$t0,$t1
-	eor	$t0,$t0,$t2
-	eor	$t0,$t0,$t3
-	add	$e,$e,$a,ror#27			@ E+=ROR(A,27)
-___
-$code.=<<___ if (!defined($flag));
-	eor	$t1,$c,$d			@ F_xx_xx, but not in 40_59
-___
-$code.=<<___;
+	eor	$t2,$t2,$t3
+	eor	$t1,$c,$d			@ F_xx_xx
 	mov	$t0,$t0,ror#31
+	add	$e,$e,$a,ror#27			@ E+=ROR(A,27)
+	eor	$t0,$t0,$t2,ror#31
+	$opt1					@ F_xx_xx
+	$opt2					@ F_xx_xx
 	add	$e,$e,$t0			@ E+=X[i]
 	str	$t0,[$Xi,#-4]!
 ___
@@ -102,19 +90,29 @@ ___
 
 sub BODY_00_15 {
 my ($a,$b,$c,$d,$e)=@_;
-	&Xload(@_);
 $code.=<<___;
+	ldrb	$t0,[$inp],#4
+	ldrb	$t1,[$inp,#-1]
+	ldrb	$t2,[$inp,#-2]
+	add	$e,$K,$e,ror#2			@ E+=K_00_19
+	ldrb	$t3,[$inp,#-3]
+	add	$e,$e,$a,ror#27			@ E+=ROR(A,27)
+	orr	$t0,$t1,$t0,lsl#24
+	eor	$t1,$c,$d			@ F_xx_xx
+	orr	$t0,$t0,$t2,lsl#8
+	orr	$t0,$t0,$t3,lsl#16
 	and	$t1,$b,$t1,ror#2
+	add	$e,$e,$t0			@ E+=X[i]
 	eor	$t1,$t1,$d,ror#2		@ F_00_19(B,C,D)
+	str	$t0,[$Xi,#-4]!
 	add	$e,$e,$t1			@ E+=F_00_19(B,C,D)
 ___
 }
 
 sub BODY_16_19 {
 my ($a,$b,$c,$d,$e)=@_;
-	&Xupdate(@_);
+	&Xupdate(@_,"and $t1,$b,$t1,ror#2");
 $code.=<<___;
-	and	$t1,$b,$t1,ror#2
 	eor	$t1,$t1,$d,ror#2		@ F_00_19(B,C,D)
 	add	$e,$e,$t1			@ E+=F_00_19(B,C,D)
 ___
@@ -122,22 +120,18 @@ ___
 
 sub BODY_20_39 {
 my ($a,$b,$c,$d,$e)=@_;
-	&Xupdate(@_);
+	&Xupdate(@_,"eor $t1,$b,$t1,ror#2");
 $code.=<<___;
-	eor	$t1,$b,$t1,ror#2		@ F_20_39(B,C,D)
 	add	$e,$e,$t1			@ E+=F_20_39(B,C,D)
 ___
 }
 
 sub BODY_40_59 {
 my ($a,$b,$c,$d,$e)=@_;
-	&Xupdate(@_,1);
+	&Xupdate(@_,"and $t1,$b,$t1,ror#2","and $t2,$c,$d");
 $code.=<<___;
-	and	$t1,$b,$c,ror#2
-	orr	$t2,$b,$c,ror#2
-	and	$t2,$t2,$d,ror#2
-	orr	$t1,$t1,$t2			@ F_40_59(B,C,D)
 	add	$e,$e,$t1			@ E+=F_40_59(B,C,D)
+	add	$e,$e,$t2,ror#2
 ___
 }
 

crypto/sha/asm/sha1-sparcv9.pl

@@ -276,6 +276,7 @@ $code.=<<___;
 .type	sha1_block_data_order,#function
 .size	sha1_block_data_order,(.-sha1_block_data_order)
 .asciz	"SHA1 block transform for SPARCv9, CRYPTOGAMS by <appro\@openssl.org>"
+.align	4
 ___
 
 $code =~ s/\`([^\`]*)\`/eval $1/gem;

crypto/sha/asm/sha1-sparcv9a.pl

@@ -539,6 +539,7 @@ $code.=<<___;
 .type	sha1_block_data_order,#function
 .size	sha1_block_data_order,(.-sha1_block_data_order)
 .asciz	"SHA1 block transform for SPARCv9a, CRYPTOGAMS by <appro\@openssl.org>"
+.align	4
 ___
 
 # Purpose of these subroutines is to explicitly encode VIS instructions,

crypto/sha/asm/sha256-armv4.pl

@@ -11,9 +11,14 @@
 
 # Performance is ~2x better than gcc 3.4 generated code and in "abso-
 # lute" terms is ~2250 cycles per 64-byte block or ~35 cycles per
-# byte.
+# byte [on single-issue Xscale PXA250 core].
 
-$output=shift;
+# July 2010.
+#
+# Rescheduling for dual-issue pipeline resulted in 22% improvement on
+# Cortex A8 core and ~20 cycles per processed byte.
+
+while (($output=shift) && ($output!~/^\w[\w\-]*\.\w+$/)) {}
 open STDOUT,">$output";
 
 $ctx="r0";	$t0="r0";
@@ -52,27 +57,27 @@ $code.=<<___ if ($i<16);
 ___
 $code.=<<___;
 	ldr	$t2,[$Ktbl],#4			@ *K256++
-	str	$T1,[sp,#`$i%16`*4]
 	mov	$t0,$e,ror#$Sigma1[0]
+	str	$T1,[sp,#`$i%16`*4]
 	eor	$t0,$t0,$e,ror#$Sigma1[1]
-	eor	$t0,$t0,$e,ror#$Sigma1[2]	@ Sigma1(e)
-	add	$T1,$T1,$t0
 	eor	$t1,$f,$g
+	eor	$t0,$t0,$e,ror#$Sigma1[2]	@ Sigma1(e)
 	and	$t1,$t1,$e
+	add	$T1,$T1,$t0
 	eor	$t1,$t1,$g			@ Ch(e,f,g)
-	add	$T1,$T1,$t1
 	add	$T1,$T1,$h
-	add	$T1,$T1,$t2
 	mov	$h,$a,ror#$Sigma0[0]
+	add	$T1,$T1,$t1
 	eor	$h,$h,$a,ror#$Sigma0[1]
+	add	$T1,$T1,$t2
 	eor	$h,$h,$a,ror#$Sigma0[2]		@ Sigma0(a)
 	orr	$t0,$a,$b
-	and	$t0,$t0,$c
 	and	$t1,$a,$b
-	orr	$t0,$t0,$t1			@ Maj(a,b,c)
-	add	$h,$h,$t0
-	add	$d,$d,$T1
+	and	$t0,$t0,$c
 	add	$h,$h,$T1
+	orr	$t0,$t0,$t1			@ Maj(a,b,c)
+	add	$d,$d,$T1
+	add	$h,$h,$t0
 ___
 }
 
@@ -80,19 +85,19 @@ sub BODY_16_XX {
 my ($i,$a,$b,$c,$d,$e,$f,$g,$h) = @_;
 
 $code.=<<___;
-	ldr	$t1,[sp,#`($i+1)%16`*4]	@ $i
+	ldr	$t1,[sp,#`($i+1)%16`*4]		@ $i
 	ldr	$t2,[sp,#`($i+14)%16`*4]
 	ldr	$T1,[sp,#`($i+0)%16`*4]
-	ldr	$inp,[sp,#`($i+9)%16`*4]
 	mov	$t0,$t1,ror#$sigma0[0]
+	ldr	$inp,[sp,#`($i+9)%16`*4]
 	eor	$t0,$t0,$t1,ror#$sigma0[1]
 	eor	$t0,$t0,$t1,lsr#$sigma0[2]	@ sigma0(X[i+1])
 	mov	$t1,$t2,ror#$sigma1[0]
-	eor	$t1,$t1,$t2,ror#$sigma1[1]
-	eor	$t1,$t1,$t2,lsr#$sigma1[2]	@ sigma1(X[i+14])
 	add	$T1,$T1,$t0
-	add	$T1,$T1,$t1
+	eor	$t1,$t1,$t2,ror#$sigma1[1]
 	add	$T1,$T1,$inp
+	eor	$t1,$t1,$t2,lsr#$sigma1[2]	@ sigma1(X[i+14])
+	add	$T1,$T1,$t1
 ___
 	&BODY_00_15(@_);
 }

crypto/sha/asm/sha512-armv4.pl

@@ -10,7 +10,13 @@
 # SHA512 block procedure for ARMv4. September 2007.
 
 # This code is ~4.5 (four and a half) times faster than code generated
-# by gcc 3.4 and it spends ~72 clock cycles per byte. 
+# by gcc 3.4 and it spends ~72 clock cycles per byte [on single-issue
+# Xscale PXA250 core].
+#
+# July 2010.
+#
+# Rescheduling for dual-issue pipeline resulted in 6% improvement on
+# Cortex A8 core and ~40 cycles per processed byte.
 
 # Byte order [in]dependence. =========================================
 #
@@ -22,7 +28,7 @@ $hi=0;
 $lo=4;
 # ====================================================================
 
-$output=shift;
+while (($output=shift) && ($output!~/^\w[\w\-]*\.\w+$/)) {}
 open STDOUT,">$output";
 
 $ctx="r0";
@@ -73,33 +79,31 @@ $code.=<<___;
 	eor	$t0,$t0,$Elo,lsl#23
 	eor	$t1,$t1,$Ehi,lsl#23	@ Sigma1(e)
 	adds	$Tlo,$Tlo,$t0
-	adc	$Thi,$Thi,$t1		@ T += Sigma1(e)
-	adds	$Tlo,$Tlo,$t2
-	adc	$Thi,$Thi,$t3		@ T += h
-
 	ldr	$t0,[sp,#$Foff+0]	@ f.lo
+	adc	$Thi,$Thi,$t1		@ T += Sigma1(e)
 	ldr	$t1,[sp,#$Foff+4]	@ f.hi
+	adds	$Tlo,$Tlo,$t2
 	ldr	$t2,[sp,#$Goff+0]	@ g.lo
+	adc	$Thi,$Thi,$t3		@ T += h
 	ldr	$t3,[sp,#$Goff+4]	@ g.hi
+
+	eor	$t0,$t0,$t2
 	str	$Elo,[sp,#$Eoff+0]
-	str	$Ehi,[sp,#$Eoff+4]
-	str	$Alo,[sp,#$Aoff+0]
-	str	$Ahi,[sp,#$Aoff+4]
-
-	eor	$t0,$t0,$t2
 	eor	$t1,$t1,$t3
+	str	$Ehi,[sp,#$Eoff+4]
 	and	$t0,$t0,$Elo
+	str	$Alo,[sp,#$Aoff+0]
 	and	$t1,$t1,$Ehi
+	str	$Ahi,[sp,#$Aoff+4]
 	eor	$t0,$t0,$t2
-	eor	$t1,$t1,$t3		@ Ch(e,f,g)
-
 	ldr	$t2,[$Ktbl,#4]		@ K[i].lo
+	eor	$t1,$t1,$t3		@ Ch(e,f,g)
 	ldr	$t3,[$Ktbl,#0]		@ K[i].hi
-	ldr	$Elo,[sp,#$Doff+0]	@ d.lo
-	ldr	$Ehi,[sp,#$Doff+4]	@ d.hi
 
 	adds	$Tlo,$Tlo,$t0
+	ldr	$Elo,[sp,#$Doff+0]	@ d.lo
 	adc	$Thi,$Thi,$t1		@ T += Ch(e,f,g)
+	ldr	$Ehi,[sp,#$Doff+4]	@ d.hi
 	adds	$Tlo,$Tlo,$t2
 	adc	$Thi,$Thi,$t3		@ T += K[i]
 	adds	$Elo,$Elo,$Tlo

crypto/sha/asm/sha512-sparcv9.pl

@@ -586,6 +586,7 @@ $code.=<<___;
 .type	sha${label}_block_data_order,#function
 .size	sha${label}_block_data_order,(.-sha${label}_block_data_order)
 .asciz	"SHA${label} block transform for SPARCv9, CRYPTOGAMS by <appro\@openssl.org>"
+.align	4
 ___
 
 $code =~ s/\`([^\`]*)\`/eval $1/gem;

crypto/sparccpuid.S

@@ -225,13 +225,95 @@ _sparcv9_rdtick:
 	xor	%o0,%o0,%o0
 	.word	0x91410000	!rd	%tick,%o0
 	retl
-	.word	0x93323020	!srlx	%o2,32,%o1
+	.word	0x93323020	!srlx	%o0,32,%o1
 .notick:
 	retl
 	xor	%o1,%o1,%o1
 .type	_sparcv9_rdtick,#function
 .size	_sparcv9_rdtick,.-_sparcv9_rdtick
 
+.global	_sparcv9_vis1_probe
+.align	8
+_sparcv9_vis1_probe:
+	.word	0x81b00d80	!fxor	%f0,%f0,%f0
+	add	%sp,BIAS+2,%o1
+	retl
+	.word	0xc19a5a40	!ldda	[%o1]ASI_FP16_P,%f0
+.type	_sparcv9_vis1_probe,#function
+.size	_sparcv9_vis1_probe,.-_sparcv9_vis1_probe
+
+! Probe and instrument VIS1 instruction. Output is number of cycles it
+! takes to execute rdtick and pair of VIS1 instructions. US-Tx VIS unit
+! is slow (documented to be 6 cycles on T2) and the core is in-order
+! single-issue, it should be possible to distinguish Tx reliably...
+! Observed return values are:
+!
+!	UltraSPARC IIe		7
+!	UltraSPARC III		7
+!	UltraSPARC T1		24
+!
+! Numbers for T2 and SPARC64 V-VII are more than welcomed.
+!
+! It would be possible to detect specifically US-T1 by instrumenting
+! fmul8ulx16, which is emulated on T1 and as such accounts for quite
+! a lot of %tick-s, couple of thousand on Linux...
+.global	_sparcv9_vis1_instrument
+.align	8
+_sparcv9_vis1_instrument:
+	.word	0x91410000	!rd	%tick,%o0
+	.word	0x81b00d80	!fxor	%f0,%f0,%f0
+	.word	0x85b08d82	!fxor	%f2,%f2,%f2
+	.word	0x93410000	!rd	%tick,%o1
+	.word	0x81b00d80	!fxor	%f0,%f0,%f0
+	.word	0x85b08d82	!fxor	%f2,%f2,%f2
+	.word	0x95410000	!rd	%tick,%o2
+	.word	0x81b00d80	!fxor	%f0,%f0,%f0
+	.word	0x85b08d82	!fxor	%f2,%f2,%f2
+	.word	0x97410000	!rd	%tick,%o3
+	.word	0x81b00d80	!fxor	%f0,%f0,%f0
+	.word	0x85b08d82	!fxor	%f2,%f2,%f2
+	.word	0x99410000	!rd	%tick,%o4
+
+	! calculate intervals
+	sub	%o1,%o0,%o0
+	sub	%o2,%o1,%o1
+	sub	%o3,%o2,%o2
+	sub	%o4,%o3,%o3
+
+	! find minumum value
+	cmp	%o0,%o1
+	.word	0x38680002	!bgu,a	%xcc,.+8
+	mov	%o1,%o0
+	cmp	%o0,%o2
+	.word	0x38680002	!bgu,a	%xcc,.+8
+	mov	%o2,%o0
+	cmp	%o0,%o3
+	.word	0x38680002	!bgu,a	%xcc,.+8
+	mov	%o3,%o0
+
+	retl
+	nop
+.type	_sparcv9_vis1_instrument,#function
+.size	_sparcv9_vis1_instrument,.-_sparcv9_vis1_instrument
+
+.global	_sparcv9_vis2_probe
+.align	8
+_sparcv9_vis2_probe:
+	retl
+	.word	0x81b00980	!bshuffle	%f0,%f0,%f0
+.type	_sparcv9_vis2_probe,#function
+.size	_sparcv9_vis2_probe,.-_sparcv9_vis2_probe
+
+.global	_sparcv9_fmadd_probe
+.align	8
+_sparcv9_fmadd_probe:
+	.word	0x81b00d80	!fxor	%f0,%f0,%f0
+	.word	0x85b08d82	!fxor	%f2,%f2,%f2
+	retl
+	.word	0x81b80440	!fmaddd	%f0,%f0,%f2,%f0
+.type	_sparcv9_fmadd_probe,#function
+.size	_sparcv9_fmadd_probe,.-_sparcv9_fmadd_probe
+
 .global	OPENSSL_cleanse
 .align	32
 OPENSSL_cleanse:

crypto/sparcv9cap.c

@@ -1,6 +1,8 @@
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
+#include <setjmp.h>
+#include <signal.h>
 #include <sys/time.h>
 #include <openssl/bn.h>
 
@@ -9,6 +11,7 @@
 #define SPARCV9_VIS1		(1<<2)
 #define SPARCV9_VIS2		(1<<3)	/* reserved */
 #define SPARCV9_FMADD		(1<<4)	/* reserved for SPARC64 V */
+
 static int OPENSSL_sparcv9cap_P=SPARCV9_TICK_PRIVILEGED;
 
 int bn_mul_mont(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp, const BN_ULONG *np,const BN_ULONG *n0, int num)
@@ -23,10 +26,14 @@ int bn_mul_mont(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp, const BN_U
 		return bn_mul_mont_int(rp,ap,bp,np,n0,num);
 	}
 
+unsigned long	_sparcv9_rdtick(void);
+void		_sparcv9_vis1_probe(void);
+unsigned long	_sparcv9_vis1_instrument(void);
+void		_sparcv9_vis2_probe(void);
+void		_sparcv9_fmadd_probe(void);
+
 unsigned long OPENSSL_rdtsc(void)
 	{
-	unsigned long _sparcv9_rdtick(void);
-
 	if (OPENSSL_sparcv9cap_P&SPARCV9_TICK_PRIVILEGED)
 #if defined(__sun) && defined(__SVR4)
 		return gethrtime();
@@ -37,8 +44,11 @@ unsigned long OPENSSL_rdtsc(void)
 		return _sparcv9_rdtick();
 	}
 
-#if defined(__sun) && defined(__SVR4)
-
+#if 0 && defined(__sun) && defined(__SVR4)
+/* This code path is disabled, because of incompatibility of
+ * libdevinfo.so.1 and libmalloc.so.1 (see below for details)
+ */
+#include <malloc.h>
 #include <dlfcn.h>
 #include <libdevinfo.h>
 #include <sys/systeminfo.h>
@@ -110,7 +120,21 @@ void OPENSSL_cpuid_setup(void)
 			return;
 			}
 		}
-
+#ifdef M_KEEP
+	/*
+	 * Solaris libdevinfo.so.1 is effectively incomatible with
+	 * libmalloc.so.1. Specifically, if application is linked with
+	 * -lmalloc, it crashes upon startup with SIGSEGV in
+	 * free(3LIBMALLOC) called by di_fini. Prior call to
+	 * mallopt(M_KEEP,0) somehow helps... But not always...
+	 */
+	if ((h = dlopen(NULL,RTLD_LAZY)))
+		{
+		union { void *p; int (*f)(int,int); } sym;
+		if ((sym.p = dlsym(h,"mallopt"))) (*sym.f)(M_KEEP,0);
+		dlclose(h);
+		}
+#endif
 	if ((h = dlopen("libdevinfo.so.1",RTLD_LAZY))) do
 		{
 		di_init_t	di_init;
@@ -137,9 +161,19 @@ void OPENSSL_cpuid_setup(void)
 
 #else
 
+static sigjmp_buf common_jmp;
+static void common_handler(int sig) { siglongjmp(common_jmp,sig); }
+
 void OPENSSL_cpuid_setup(void)
 	{
 	char *e;
+	struct sigaction	common_act,ill_oact,bus_oact;
+	sigset_t		all_masked,oset;
+	int			sig;
+	static int trigger=0;
+
+	if (trigger) return;
+	trigger=1;
  
 	if ((e=getenv("OPENSSL_sparcv9cap")))
 		{
@@ -147,8 +181,57 @@ void OPENSSL_cpuid_setup(void)
 		return;
 		}
 
-	/* For now we assume that the rest supports UltraSPARC-I* only */
-	OPENSSL_sparcv9cap_P |= SPARCV9_PREFER_FPU|SPARCV9_VIS1;
+	/* Initial value, fits UltraSPARC-I&II... */
+	OPENSSL_sparcv9cap_P = SPARCV9_PREFER_FPU|SPARCV9_TICK_PRIVILEGED;
+
+	sigfillset(&all_masked);
+	sigdelset(&all_masked,SIGILL);
+	sigdelset(&all_masked,SIGTRAP);
+#ifdef SIGEMT
+	sigdelset(&all_masked,SIGEMT);
+#endif
+	sigdelset(&all_masked,SIGFPE);
+	sigdelset(&all_masked,SIGBUS);
+	sigdelset(&all_masked,SIGSEGV);
+	sigprocmask(SIG_SETMASK,&all_masked,&oset);
+
+	memset(&common_act,0,sizeof(common_act));
+	common_act.sa_handler = common_handler;
+	common_act.sa_mask    = all_masked;
+
+	sigaction(SIGILL,&common_act,&ill_oact);
+	sigaction(SIGBUS,&common_act,&bus_oact);/* T1 fails 16-bit ldda [on Linux] */
+
+	if (sigsetjmp(common_jmp,1) == 0)
+		{
+		_sparcv9_rdtick();
+		OPENSSL_sparcv9cap_P &= ~SPARCV9_TICK_PRIVILEGED;
+		}
+
+	if (sigsetjmp(common_jmp,1) == 0)
+		{
+		_sparcv9_vis1_probe();
+		OPENSSL_sparcv9cap_P |= SPARCV9_VIS1;
+		/* detect UltraSPARC-Tx, see sparccpud.S for details... */
+		if (_sparcv9_vis1_instrument() >= 12)
+			OPENSSL_sparcv9cap_P &= ~(SPARCV9_VIS1|SPARCV9_PREFER_FPU);
+		else
+			{
+			_sparcv9_vis2_probe();
+			OPENSSL_sparcv9cap_P |= SPARCV9_VIS2;
+			}
+		}
+
+	if (sigsetjmp(common_jmp,1) == 0)
+		{
+		_sparcv9_fmadd_probe();
+		OPENSSL_sparcv9cap_P |= SPARCV9_FMADD;
+		}
+
+	sigaction(SIGBUS,&bus_oact,NULL);
+	sigaction(SIGILL,&ill_oact,NULL);
+
+	sigprocmask(SIG_SETMASK,&oset,NULL);
 	}
 
 #endif

crypto/stack/safestack.h

@@ -179,7 +179,8 @@ DECLARE_SPECIAL_STACK_OF(OPENSSL_BLOCK, void)
 	sk_is_sorted(CHECKED_STACK_OF(type, st))
 
 #define	SKM_ASN1_SET_OF_d2i(type, st, pp, length, d2i_func, free_func, ex_tag, ex_class) \
-  (STACK_OF(type) *)d2i_ASN1_SET((STACK_OF(OPENSSL_BLOCK) **)CHECKED_STACK_OF(type, st), \
+  (STACK_OF(type) *)d2i_ASN1_SET( \
+				(STACK_OF(OPENSSL_BLOCK) **)CHECKED_PTR_OF(STACK_OF(type)*, st), \
 				pp, length, \
 				CHECKED_D2I_OF(type, d2i_func), \
 				CHECKED_SK_FREE_FUNC(type, free_func), \
@@ -2030,6 +2031,31 @@ DECLARE_SPECIAL_STACK_OF(OPENSSL_BLOCK, void)
 #define sk_void_sort(st) SKM_sk_sort(void, (st))
 #define sk_void_is_sorted(st) SKM_sk_is_sorted(void, (st))
 
+#define sk_OPENSSL_STRING_new(cmp) ((STACK_OF(OPENSSL_STRING) *)sk_new(CHECKED_SK_CMP_FUNC(char, cmp)))
+#define sk_OPENSSL_STRING_new_null() ((STACK_OF(OPENSSL_STRING) *)sk_new_null())
+#define sk_OPENSSL_STRING_push(st, val) sk_push(CHECKED_PTR_OF(STACK_OF(OPENSSL_STRING), st), CHECKED_PTR_OF(char, val))
+#define sk_OPENSSL_STRING_find(st, val) sk_find(CHECKED_PTR_OF(STACK_OF(OPENSSL_STRING), st), CHECKED_PTR_OF(char, val))
+#define sk_OPENSSL_STRING_value(st, i) ((OPENSSL_STRING)sk_value(CHECKED_PTR_OF(STACK_OF(OPENSSL_STRING), st), i))
+#define sk_OPENSSL_STRING_num(st) SKM_sk_num(OPENSSL_STRING, st)
+#define sk_OPENSSL_STRING_pop_free(st, free_func) sk_pop_free(CHECKED_PTR_OF(STACK_OF(OPENSSL_STRING), st), CHECKED_SK_FREE_FUNC2(OPENSSL_STRING, free_func))
+#define sk_OPENSSL_STRING_insert(st, val, i) sk_insert(CHECKED_PTR_OF(STACK_OF(OPENSSL_STRING), st), CHECKED_PTR_OF(char, val), i)
+#define sk_OPENSSL_STRING_free(st) SKM_sk_free(OPENSSL_STRING, st)
+#define sk_OPENSSL_STRING_set(st, i, val) sk_set((_STACK *)CHECKED_PTR_OF(STACK_OF(OPENSSL_STRING), st), i, CHECKED_PTR_OF(char, val))
+#define sk_OPENSSL_STRING_zero(st) SKM_sk_zero(OPENSSL_STRING, (st))
+#define sk_OPENSSL_STRING_unshift(st, val) sk_unshift((_STACK *)CHECKED_PTR_OF(STACK_OF(OPENSSL_STRING), st), CHECKED_PTR_OF(char, val))
+#define sk_OPENSSL_STRING_find_ex(st, val) sk_find_ex((_STACK *)CHECKED_CONST_PTR_OF(STACK_OF(OPENSSL_STRING), st), CHECKED_CONST_PTR_OF(char, val))
+#define sk_OPENSSL_STRING_delete(st, i) SKM_sk_delete(OPENSSL_STRING, (st), (i))
+#define sk_OPENSSL_STRING_delete_ptr(st, ptr) (OPENSSL_STRING *)sk_delete_ptr((_STACK *)CHECKED_PTR_OF(STACK_OF(OPENSSL_STRING), st), CHECKED_PTR_OF(char, ptr))
+#define sk_OPENSSL_STRING_set_cmp_func(st, cmp)  \
+	((int (*)(const char * const *,const char * const *)) \
+	sk_set_cmp_func((_STACK *)CHECKED_PTR_OF(STACK_OF(OPENSSL_STRING), st), CHECKED_SK_CMP_FUNC(char, cmp)))
+#define sk_OPENSSL_STRING_dup(st) SKM_sk_dup(OPENSSL_STRING, st)
+#define sk_OPENSSL_STRING_shift(st) SKM_sk_shift(OPENSSL_STRING, (st))
+#define sk_OPENSSL_STRING_pop(st) (char *)sk_pop((_STACK *)CHECKED_PTR_OF(STACK_OF(OPENSSL_STRING), st))
+#define sk_OPENSSL_STRING_sort(st) SKM_sk_sort(OPENSSL_STRING, (st))
+#define sk_OPENSSL_STRING_is_sorted(st) SKM_sk_is_sorted(OPENSSL_STRING, (st))
+
+
 #define sk_OPENSSL_BLOCK_new(cmp) ((STACK_OF(OPENSSL_BLOCK) *)sk_new(CHECKED_SK_CMP_FUNC(void, cmp)))
 #define sk_OPENSSL_BLOCK_new_null() ((STACK_OF(OPENSSL_BLOCK) *)sk_new_null())
 #define sk_OPENSSL_BLOCK_push(st, val) sk_push(CHECKED_PTR_OF(STACK_OF(OPENSSL_BLOCK), st), CHECKED_PTR_OF(void, val))
@@ -2080,31 +2106,6 @@ DECLARE_SPECIAL_STACK_OF(OPENSSL_BLOCK, void)
 #define sk_OPENSSL_PSTRING_is_sorted(st) SKM_sk_is_sorted(OPENSSL_PSTRING, (st))
 
 
-#define sk_OPENSSL_STRING_new(cmp) ((STACK_OF(OPENSSL_STRING) *)sk_new(CHECKED_SK_CMP_FUNC(char, cmp)))
-#define sk_OPENSSL_STRING_new_null() ((STACK_OF(OPENSSL_STRING) *)sk_new_null())
-#define sk_OPENSSL_STRING_push(st, val) sk_push(CHECKED_PTR_OF(STACK_OF(OPENSSL_STRING), st), CHECKED_PTR_OF(char, val))
-#define sk_OPENSSL_STRING_find(st, val) sk_find(CHECKED_PTR_OF(STACK_OF(OPENSSL_STRING), st), CHECKED_PTR_OF(char, val))
-#define sk_OPENSSL_STRING_value(st, i) ((OPENSSL_STRING)sk_value(CHECKED_PTR_OF(STACK_OF(OPENSSL_STRING), st), i))
-#define sk_OPENSSL_STRING_num(st) SKM_sk_num(OPENSSL_STRING, st)
-#define sk_OPENSSL_STRING_pop_free(st, free_func) sk_pop_free(CHECKED_PTR_OF(STACK_OF(OPENSSL_STRING), st), CHECKED_SK_FREE_FUNC2(OPENSSL_STRING, free_func))
-#define sk_OPENSSL_STRING_insert(st, val, i) sk_insert(CHECKED_PTR_OF(STACK_OF(OPENSSL_STRING), st), CHECKED_PTR_OF(char, val), i)
-#define sk_OPENSSL_STRING_free(st) SKM_sk_free(OPENSSL_STRING, st)
-#define sk_OPENSSL_STRING_set(st, i, val) sk_set((_STACK *)CHECKED_PTR_OF(STACK_OF(OPENSSL_STRING), st), i, CHECKED_PTR_OF(char, val))
-#define sk_OPENSSL_STRING_zero(st) SKM_sk_zero(OPENSSL_STRING, (st))
-#define sk_OPENSSL_STRING_unshift(st, val) sk_unshift((_STACK *)CHECKED_PTR_OF(STACK_OF(OPENSSL_STRING), st), CHECKED_PTR_OF(char, val))
-#define sk_OPENSSL_STRING_find_ex(st, val) sk_find_ex((_STACK *)CHECKED_CONST_PTR_OF(STACK_OF(OPENSSL_STRING), st), CHECKED_CONST_PTR_OF(char, val))
-#define sk_OPENSSL_STRING_delete(st, i) SKM_sk_delete(OPENSSL_STRING, (st), (i))
-#define sk_OPENSSL_STRING_delete_ptr(st, ptr) (OPENSSL_STRING *)sk_delete_ptr((_STACK *)CHECKED_PTR_OF(STACK_OF(OPENSSL_STRING), st), CHECKED_PTR_OF(char, ptr))
-#define sk_OPENSSL_STRING_set_cmp_func(st, cmp)  \
-	((int (*)(const char * const *,const char * const *)) \
-	sk_set_cmp_func((_STACK *)CHECKED_PTR_OF(STACK_OF(OPENSSL_STRING), st), CHECKED_SK_CMP_FUNC(char, cmp)))
-#define sk_OPENSSL_STRING_dup(st) SKM_sk_dup(OPENSSL_STRING, st)
-#define sk_OPENSSL_STRING_shift(st) SKM_sk_shift(OPENSSL_STRING, (st))
-#define sk_OPENSSL_STRING_pop(st) (char *)sk_pop((_STACK *)CHECKED_PTR_OF(STACK_OF(OPENSSL_STRING), st))
-#define sk_OPENSSL_STRING_sort(st) SKM_sk_sort(OPENSSL_STRING, (st))
-#define sk_OPENSSL_STRING_is_sorted(st) SKM_sk_is_sorted(OPENSSL_STRING, (st))
-
-
 #define d2i_ASN1_SET_OF_ACCESS_DESCRIPTION(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \
 	SKM_ASN1_SET_OF_d2i(ACCESS_DESCRIPTION, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) 
 #define i2d_ASN1_SET_OF_ACCESS_DESCRIPTION(st, pp, i2d_func, ex_tag, ex_class, is_set) \

crypto/x509/x509.h

@@ -258,6 +258,7 @@ typedef struct x509_cinf_st
 	ASN1_BIT_STRING *issuerUID;		/* [ 1 ] optional in v2 */
 	ASN1_BIT_STRING *subjectUID;		/* [ 2 ] optional in v2 */
 	STACK_OF(X509_EXTENSION) *extensions;	/* [ 3 ] optional in v3 */
+	ASN1_ENCODING enc;
 	} X509_CINF;
 
 /* This stuff is certificate "auxiliary info"

crypto/x509/x509_vfy.c

@@ -2034,7 +2034,7 @@ int X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store, X509 *x509,
 	if (store)
 		ret = X509_VERIFY_PARAM_inherit(ctx->param, store->param);
 	else
-		ctx->param->flags |= X509_VP_FLAG_DEFAULT|X509_VP_FLAG_ONCE;
+		ctx->param->inh_flags |= X509_VP_FLAG_DEFAULT|X509_VP_FLAG_ONCE;
 
 	if (store)
 		{

crypto/x509/x_all.c

@@ -90,6 +90,7 @@ int NETSCAPE_SPKI_verify(NETSCAPE_SPKI *a, EVP_PKEY *r)
 
 int X509_sign(X509 *x, EVP_PKEY *pkey, const EVP_MD *md)
 	{
+	x->cert_info->enc.modified = 1;
 	return(ASN1_item_sign(ASN1_ITEM_rptr(X509_CINF), x->cert_info->signature,
 		x->sig_alg, x->signature, x->cert_info,pkey,md));
 	}

crypto/x509v3/v3_ncons.c

@@ -189,7 +189,6 @@ static int do_i2r_name_constraints(const X509V3_EXT_METHOD *method,
 			print_nc_ipadd(bp, tree->base->d.ip);
 		else
 			GENERAL_NAME_print(bp, tree->base);
-		tree = sk_GENERAL_SUBTREE_value(trees, i);
 		BIO_puts(bp, "\n");
 		}
 	return 1;

doc/apps/smime.pod

@@ -343,7 +343,7 @@ Create a cleartext signed message:
  openssl smime -sign -in message.txt -text -out mail.msg \
 	-signer mycert.pem
 
-Create an opaque signed message
+Create an opaque signed message:
 
  openssl smime -sign -in message.txt -text -out mail.msg -nodetach \
 	-signer mycert.pem
@@ -397,11 +397,11 @@ it with:
  -----BEGIN PKCS7-----
  -----END PKCS7-----
 
-and using the command, 
+and using the command: 
 
  openssl smime -verify -inform PEM -in signature.pem -content content.txt
 
-alternatively you can base64 decode the signature and use
+Alternatively you can base64 decode the signature and use:
 
  openssl smime -verify -inform DER -in signature.der -content content.txt
 
@@ -427,7 +427,7 @@ Ideally a database should be maintained of a certificates for each email
 address.
 
 The code doesn't currently take note of the permitted symmetric encryption
-algorithms as supplied in the SMIMECapabilities signed attribute. this means the
+algorithms as supplied in the SMIMECapabilities signed attribute. This means the
 user has to manually include the correct encryption algorithm. It should store
 the list of permitted ciphers in a database and only use those.
 

doc/crypto/EVP_PKEY_verify.pod

@@ -69,7 +69,7 @@ Verify signature using PKCS#1 and SHA256 digest:
 	/* Error */
 
  /* Perform operation */
- ret = EVP_PKEY_verify(ctx, md, mdlen, sig, siglen);
+ ret = EVP_PKEY_verify(ctx, sig, siglen, md, mdlen);
 
  /* ret == 1 indicates success, 0 verify failure and < 0 for some
   * other error.

doc/crypto/EVP_PKEY_verifyrecover.pod

@@ -74,7 +74,7 @@ Recover digest originally signed using PKCS#1 and SHA256 digest:
 	/* Error */
 
  /* Determine buffer length */
- if (EVP_PKEY_verifyrecover(ctx, rout, &routlen, sig, siglen) <= 0)
+ if (EVP_PKEY_verifyrecover(ctx, NULL, &routlen, sig, siglen) <= 0)
 	/* Error */
 
  rout = OPENSSL_malloc(routlen);

doc/ssl/SSL_CTX_set_options.pod

@@ -78,18 +78,7 @@ this breaks this server so 16 bytes is the way to go.
 
 =item SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG
 
-ssl3.netscape.com:443, first a connection is established with RC4-MD5.
-If it is then resumed, we end up using DES-CBC3-SHA.  It should be
-RC4-MD5 according to 7.6.1.3, 'cipher_suite'.
-
-Netscape-Enterprise/2.01 (https://merchant.netscape.com) has this bug.
-It only really shows up when connecting via SSLv2/v3 then reconnecting
-via SSLv3. The cipher list changes....
-
-NEW INFORMATION.  Try connecting with a cipher list of just
-DES-CBC-SHA:RC4-MD5.  For some weird reason, each new connection uses
-RC4-MD5, but a re-connect tries to use DES-CBC-SHA.  So netscape, when
-doing a re-connect, always takes the first cipher in the cipher list.
+As of OpenSSL 0.9.8q and 1.0.0c, this option has no effect.
 
 =item SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG
 

engines/Makefile

@@ -114,7 +114,7 @@ install:
 			  if [ "$(PLATFORM)" != "Cygwin" ]; then \
 				case "$(CFLAGS)" in \
 				*DSO_BEOS*)	sfx=".so";;	\
-				*DSO_DLFCN*)	sfx=".so";;	\
+				*DSO_DLFCN*)	sfx=`expr "$(SHLIB_EXT)" : '.*\(\.[a-z][a-z]*\)' \| ".so"`;;	\
 				*DSO_DL*)	sfx=".sl";;	\
 				*DSO_WIN32*)	sfx="eay32.dll"; pfx=;;	\
 				*)		sfx=".bad";;	\

engines/ccgost/Makefile

@@ -48,7 +48,7 @@ install:
 		if [ "$(PLATFORM)" != "Cygwin" ]; then \
 			case "$(CFLAGS)" in \
 			*DSO_BEOS*) sfx=".so";; \
-			*DSO_DLFCN*) sfx=".so";; \
+			*DSO_DLFCN*) sfx=`expr "$(SHLIB_EXT)" : '.*\(\.[a-z][a-z]*\)' \| ".so"`;; \
 			*DSO_DL*) sfx=".sl";; \
 			*DSO_WIN32*) sfx="eay32.dll"; pfx=;; \
 			*) sfx=".bad";; \

engines/e_aep.c

@@ -68,6 +68,8 @@ typedef int pid_t;
 #if defined(OPENSSL_SYS_NETWARE) && defined(NETWARE_CLIB)
 #define getpid GetThreadID
 extern int GetThreadID(void);
+#elif defined(_WIN32) && !defined(__WATCOMC__)
+#define getpid _getpid
 #endif
 
 #include <openssl/crypto.h>
@@ -867,13 +869,7 @@ static AEP_RV aep_get_connection(AEP_CONNECTION_HNDL_PTR phConnection)
 
 	CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
 
-#ifdef NETWARE_CLIB
-	curr_pid = GetThreadID();
-#elif defined(_WIN32)
-	curr_pid = _getpid();
-#else
 	curr_pid = getpid();
-#endif
 
 	/*Check if this is the first time this is being called from the current
 	  process*/

engines/e_capi.c

@@ -76,10 +76,16 @@
  * CertGetCertificateContextProperty. CERT_KEY_PROV_INFO_PROP_ID is
  * one of possible values you can pass to function in question. By
  * checking if it's defined we can see if wincrypt.h and accompanying
- * crypt32.lib are in shape. Yes, it's rather "weak" test and if
- * compilation fails, then re-configure with -DOPENSSL_NO_CAPIENG.
+ * crypt32.lib are in shape. The native MingW32 headers up to and
+ * including __W32API_VERSION 3.14 lack of struct DSSPUBKEY and the
+ * defines CERT_STORE_PROV_SYSTEM_A and CERT_STORE_READONLY_FLAG,
+ * so we check for these too and avoid compiling.
+ * Yes, it's rather "weak" test and if compilation fails,
+ * then re-configure with -DOPENSSL_NO_CAPIENG.
  */
-#ifdef CERT_KEY_PROV_INFO_PROP_ID
+#if defined(CERT_KEY_PROV_INFO_PROP_ID) && \
+    defined(CERT_STORE_PROV_SYSTEM_A) && \
+    defined(CERT_STORE_READONLY_FLAG)
 # define __COMPILE_CAPIENG
 #endif /* CERT_KEY_PROV_INFO_PROP_ID */
 #endif /* OPENSSL_NO_CAPIENG */

makevms.com

@@ -581,7 +581,7 @@ $ TIME = F$TIME()
 $!
 $! Write The [.CRYPTO._xxx]BUILDINF.H File.
 $!
-$ WRITE H_FILE "#define CFLAGS """" /* Not filled in for now */"
+$! WRITE H_FILE "#define CFLAGS """" /* Not filled in for now */"
 $ WRITE H_FILE "#define PLATFORM ""VMS ''ARCH' ''VMS_VERSION'"""
 $ WRITE H_FILE "#define DATE ""''TIME'"" "
 $!
@@ -593,6 +593,11 @@ $! Purge The [.CRYPTO._xxx]BUILDINF.H File.
 $!
 $ PURGE SYS$DISK:[.CRYPTO._'ARCH']BUILDINF.H
 $!
+$! Delete [.CRYPTO]BUILDINF.H File, as there might be some residue from Unix.
+$!
+$ IF F$SEARCH("[.CRYPTO]BUILDINF.H") .NES. "" THEN -
+     DELETE SYS$DISK:[.CRYPTO]BUILDINF.H;*
+$!
 $! That's All, Time To RETURN.
 $!
 $ RETURN

openssl.spec

@@ -2,7 +2,7 @@
 %define libmaj 1
 %define libmin 0
 %define librel 0
-%define librev b
+%define librev c
 Release: 1
 
 %define openssldir /var/ssl

ssl/s3_clnt.c

@@ -866,8 +866,11 @@ int ssl3_get_server_hello(SSL *s)
 		s->session->cipher_id = s->session->cipher->id;
 	if (s->hit && (s->session->cipher_id != c->id))
 		{
+/* Workaround is now obsolete */
+#if 0
 		if (!(s->options &
 			SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG))
+#endif
 			{
 			al=SSL_AD_ILLEGAL_PARAMETER;
 			SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED);
@@ -1508,6 +1511,7 @@ int ssl3_get_key_exchange(SSL *s)
 		s->session->sess_cert->peer_ecdh_tmp=ecdh;
 		ecdh=NULL;
 		BN_CTX_free(bn_ctx);
+		bn_ctx = NULL;
 		EC_POINT_free(srvr_ecpoint);
 		srvr_ecpoint = NULL;
 		}

ssl/s3_srvr.c

@@ -985,6 +985,10 @@ int ssl3_get_client_hello(SSL *s)
 				break;
 				}
 			}
+/* Disabled because it can be used in a ciphersuite downgrade
+ * attack: CVE-2010-4180.
+ */
+#if 0
 		if (j == 0 && (s->options & SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG) && (sk_SSL_CIPHER_num(ciphers) == 1))
 			{
 			/* Special case as client bug workaround: the previously used cipher may
@@ -999,6 +1003,7 @@ int ssl3_get_client_hello(SSL *s)
 				j = 1;
 				}
 			}
+#endif
 		if (j == 0)
 			{
 			/* we need to have the cipher in the cipher
@@ -2579,12 +2584,19 @@ int ssl3_get_client_key_exchange(SSL *s)
 			{
 			int ret = 0;
 			EVP_PKEY_CTX *pkey_ctx;
-			EVP_PKEY *client_pub_pkey = NULL;
+			EVP_PKEY *client_pub_pkey = NULL, *pk = NULL;
 			unsigned char premaster_secret[32], *start;
-			size_t outlen=32, inlen;			
+			size_t outlen=32, inlen;
+			unsigned long alg_a;
 
 			/* Get our certificate private key*/
-			pkey_ctx = EVP_PKEY_CTX_new(s->cert->key->privatekey,NULL);	
+			alg_a = s->s3->tmp.new_cipher->algorithm_auth;
+			if (alg_a & SSL_aGOST94)
+				pk = s->cert->pkeys[SSL_PKEY_GOST94].privatekey;
+			else if (alg_a & SSL_aGOST01)
+				pk = s->cert->pkeys[SSL_PKEY_GOST01].privatekey;
+
+			pkey_ctx = EVP_PKEY_CTX_new(pk,NULL);
 			EVP_PKEY_decrypt_init(pkey_ctx);
 			/* If client certificate is present and is of the same type, maybe
 			 * use it for key exchange.  Don't mind errors from

ssl/t1_lib.c

@@ -714,14 +714,23 @@ int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, in
 				switch (servname_type)
 					{
 				case TLSEXT_NAMETYPE_host_name:
-					if (s->session->tlsext_hostname == NULL)
+					if (!s->hit)
 						{
-						if (len > TLSEXT_MAXLEN_host_name || 
-							((s->session->tlsext_hostname = OPENSSL_malloc(len+1)) == NULL))
+						if(s->session->tlsext_hostname)
+							{
+							*al = SSL_AD_DECODE_ERROR;
+							return 0;
+							}
+						if (len > TLSEXT_MAXLEN_host_name)
 							{
 							*al = TLS1_AD_UNRECOGNIZED_NAME;
 							return 0;
 							}
+						if ((s->session->tlsext_hostname = OPENSSL_malloc(len+1)) == NULL)
+							{
+							*al = TLS1_AD_INTERNAL_ERROR;
+							return 0;
+							}
 						memcpy(s->session->tlsext_hostname, sdata, len);
 						s->session->tlsext_hostname[len]='\0';
 						if (strlen(s->session->tlsext_hostname) != len) {
@@ -734,7 +743,8 @@ int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, in
 
 						}
 					else 
-						s->servername_done = strlen(s->session->tlsext_hostname) == len 
+						s->servername_done = s->session->tlsext_hostname
+							&& strlen(s->session->tlsext_hostname) == len 
 							&& strncmp(s->session->tlsext_hostname, (char *)sdata, len) == 0;
 					
 					break;
@@ -765,15 +775,22 @@ int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, in
 				*al = TLS1_AD_DECODE_ERROR;
 				return 0;
 				}
-			s->session->tlsext_ecpointformatlist_length = 0;
-			if (s->session->tlsext_ecpointformatlist != NULL) OPENSSL_free(s->session->tlsext_ecpointformatlist);
-			if ((s->session->tlsext_ecpointformatlist = OPENSSL_malloc(ecpointformatlist_length)) == NULL)
+			if (!s->hit)
 				{
-				*al = TLS1_AD_INTERNAL_ERROR;
-				return 0;
+				if(s->session->tlsext_ecpointformatlist)
+					{
+					OPENSSL_free(s->session->tlsext_ecpointformatlist);
+					s->session->tlsext_ecpointformatlist = NULL;
+					}
+				s->session->tlsext_ecpointformatlist_length = 0;
+				if ((s->session->tlsext_ecpointformatlist = OPENSSL_malloc(ecpointformatlist_length)) == NULL)
+					{
+					*al = TLS1_AD_INTERNAL_ERROR;
+					return 0;
+					}
+				s->session->tlsext_ecpointformatlist_length = ecpointformatlist_length;
+				memcpy(s->session->tlsext_ecpointformatlist, sdata, ecpointformatlist_length);
 				}
-			s->session->tlsext_ecpointformatlist_length = ecpointformatlist_length;
-			memcpy(s->session->tlsext_ecpointformatlist, sdata, ecpointformatlist_length);
 #if 0
 			fprintf(stderr,"ssl_parse_clienthello_tlsext s->session->tlsext_ecpointformatlist (length=%i) ", s->session->tlsext_ecpointformatlist_length);
 			sdata = s->session->tlsext_ecpointformatlist;
@@ -794,15 +811,22 @@ int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, in
 				*al = TLS1_AD_DECODE_ERROR;
 				return 0;
 				}
-			s->session->tlsext_ellipticcurvelist_length = 0;
-			if (s->session->tlsext_ellipticcurvelist != NULL) OPENSSL_free(s->session->tlsext_ellipticcurvelist);
-			if ((s->session->tlsext_ellipticcurvelist = OPENSSL_malloc(ellipticcurvelist_length)) == NULL)
+			if (!s->hit)
 				{
-				*al = TLS1_AD_INTERNAL_ERROR;
-				return 0;
+				if(s->session->tlsext_ellipticcurvelist)
+					{
+					*al = TLS1_AD_DECODE_ERROR;
+					return 0;
+					}
+				s->session->tlsext_ellipticcurvelist_length = 0;
+				if ((s->session->tlsext_ellipticcurvelist = OPENSSL_malloc(ellipticcurvelist_length)) == NULL)
+					{
+					*al = TLS1_AD_INTERNAL_ERROR;
+					return 0;
+					}
+				s->session->tlsext_ellipticcurvelist_length = ellipticcurvelist_length;
+				memcpy(s->session->tlsext_ellipticcurvelist, sdata, ellipticcurvelist_length);
 				}
-			s->session->tlsext_ellipticcurvelist_length = ellipticcurvelist_length;
-			memcpy(s->session->tlsext_ellipticcurvelist, sdata, ellipticcurvelist_length);
 #if 0
 			fprintf(stderr,"ssl_parse_clienthello_tlsext s->session->tlsext_ellipticcurvelist (length=%i) ", s->session->tlsext_ellipticcurvelist_length);
 			sdata = s->session->tlsext_ellipticcurvelist;
@@ -1428,23 +1452,20 @@ int ssl_check_serverhello_tlsext(SSL *s)
 	int al = SSL_AD_UNRECOGNIZED_NAME;
 
 #ifndef OPENSSL_NO_EC
-	/* If we are client and using an elliptic curve cryptography cipher suite, then server
-	 * must return a an EC point formats lists containing uncompressed.
+	/* If we are client and using an elliptic curve cryptography cipher
+	 * suite, then if server returns an EC point formats lists extension
+	 * it must contain uncompressed.
 	 */
 	unsigned long alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
 	unsigned long alg_a = s->s3->tmp.new_cipher->algorithm_auth;
 	if ((s->tlsext_ecpointformatlist != NULL) && (s->tlsext_ecpointformatlist_length > 0) && 
+	    (s->session->tlsext_ecpointformatlist != NULL) && (s->session->tlsext_ecpointformatlist_length > 0) && 
 	    ((alg_k & (SSL_kEECDH|SSL_kECDHr|SSL_kECDHe)) || (alg_a & SSL_aECDSA)))
 		{
 		/* we are using an ECC cipher */
 		size_t i;
 		unsigned char *list;
 		int found_uncompressed = 0;
-		if ((s->session->tlsext_ecpointformatlist == NULL) || (s->session->tlsext_ecpointformatlist_length == 0))
-			{
-			SSLerr(SSL_F_SSL_CHECK_SERVERHELLO_TLSEXT,SSL_R_TLS_INVALID_ECPOINTFORMAT_LIST);
-			return -1;
-			}
 		list = s->session->tlsext_ecpointformatlist;
 		for (i = 0; i < s->session->tlsext_ecpointformatlist_length; i++)
 			{

test/bctest.com

@@ -0,0 +1,152 @@
+$!
+$! Check operation of "bc".
+$!
+$! 2010-04-05 SMS.  New.  Based (loosely) on "bctest".
+$!
+$!
+$ tmp_file_name = "tmp.bctest"
+$ failure = ""
+$!
+$! Basic command test.
+$!
+$ on warning then goto bc_fail
+$ bc
+$ on error then exit
+$!
+$! Test for SunOS 5.[78] bc bug.
+$!
+$ if (failure .eqs. "")
+$ then
+$!
+$     define /user_mode sys$output 'tmp_file_name'
+$     bc
+obase=16
+ibase=16
+a=AD88C418F31B3FC712D0425001D522B3AE9134FF3A98C13C1FCC1682211195406C1A6C66C6A\
+CEEC1A0EC16950233F77F1C2F2363D56DD71A36C57E0B2511FC4BA8F22D261FE2E9356D99AF57\
+10F3817C0E05BF79C423C3F66FDF321BE8D3F18F625D91B670931C1EF25F28E489BDA1C5422D1\
+C3F6F7A1AD21585746ECC4F10A14A778AF56F08898E965E9909E965E0CB6F85B514150C644759\
+3BE731877B16EA07B552088FF2EA728AC5E0FF3A23EB939304519AB8B60F2C33D6BA0945B66F0\
+4FC3CADF855448B24A9D7640BCF473E
+b=DCE91E7D120B983EA9A104B5A96D634DD644C37657B1C7860B45E6838999B3DCE5A555583C6\
+9209E41F413422954175A06E67FFEF6746DD652F0F48AEFECC3D8CAC13523BDAAD3F5AF4212BD\
+8B3CD64126E1A82E190228020C05B91C8B141F1110086FC2A4C6ED631EBA129D04BB9A19FC53D\
+3ED0E2017D60A68775B75481449
+(a/b)*b + (a%b) - a
+$     status = $status
+$     output_expected = "0"
+$     gosub check_output
+$     if (output .ne. 1)
+$     then
+$         failure = "SunOStest"
+$     else
+$         delete 'f$parse( tmp_file_name)'
+$     endif
+$ endif
+$!
+$! Test for SCO bc bug.
+$!
+$ if (failure .eqs. "")
+$ then
+$!
+$     define /user_mode sys$output 'tmp_file_name'
+$     bc
+obase=16
+ibase=16
+-FFDD63BA1A4648F0D804F8A1C66C53F0D2110590E8A3907EC73B4AEC6F15AC177F176F2274D2\
+9DC8022EA0D7DD3ABE9746D2D46DD3EA5B5F6F69DF12877E0AC5E7F5ADFACEE54573F5D256A06\
+11B5D2BC24947724E22AE4EC3FB0C39D9B4694A01AFE5E43B4D99FB9812A0E4A5773D8B254117\
+1239157EC6E3D8D50199 * -FFDD63BA1A4648F0D804F8A1C66C53F0D2110590E8A3907EC73B4\
+AEC6F15AC177F176F2274D29DC8022EA0D7DD3ABE9746D2D46DD3EA5B5F6F69DF12877E0AC5E7\
+F5ADFACEE54573F5D256A0611B5D2BC24947724E22AE4EC3FB0C39D9B4694A01AFE5E43B4D99F\
+B9812A0E4A5773D8B2541171239157EC6E3D8D50199 - FFBACC221682DA464B6D7F123482522\
+02EDAEDCA38C3B69E9B7BBCD6165A9CD8716C4903417F23C09A85B851961F92C217258CEEB866\
+85EFCC5DD131853A02C07A873B8E2AF2E40C6D5ED598CD0E8F35AD49F3C3A17FDB7653E4E2DC4\
+A8D23CC34686EE4AD01F7407A7CD74429AC6D36DBF0CB6A3E302D0E5BDFCD048A3B90C1BE5AA8\
+E16C3D5884F9136B43FF7BB443764153D4AEC176C681B078F4CC53D6EB6AB76285537DDEE7C18\
+8C72441B52EDBDDBC77E02D34E513F2AABF92F44109CAFE8242BD0ECBAC5604A94B02EA44D43C\
+04E9476E6FBC48043916BFA1485C6093603600273C9C33F13114D78064AE42F3DC466C7DA543D\
+89C8D71
+AD534AFBED2FA39EE9F40E20FCF9E2C861024DB98DDCBA1CD118C49CA55EEBC20D6BA51B2271C\
+928B693D6A73F67FEB1B4571448588B46194617D25D910C6A9A130CC963155CF34079CB218A44\
+8A1F57E276D92A33386DDCA3D241DB78C8974ABD71DD05B0FA555709C9910D745185E6FE108E3\
+37F1907D0C56F8BFBF52B9704 % -E557905B56B13441574CAFCE2BD257A750B1A8B2C88D0E36\
+E18EF7C38DAC80D3948E17ED63AFF3B3467866E3B89D09A81B3D16B52F6A3C7134D3C6F5123E9\
+F617E3145BBFBE9AFD0D6E437EA4FF6F04BC67C4F1458B4F0F47B64 - 1C2BBBB19B74E86FD32\
+9E8DB6A8C3B1B9986D57ED5419C2E855F7D5469E35E76334BB42F4C43E3F3A31B9697C171DAC4\
+D97935A7E1A14AD209D6CF811F55C6DB83AA9E6DFECFCD6669DED7171EE22A40C6181615CAF3F\
+5296964
+$     status = $status
+$     output_expected = "0\0"
+$     gosub check_output
+$     if (output .ne. 1)
+$     then
+$         failure = "SCOtest"
+$     else
+$         delete 'f$parse( tmp_file_name)'
+$     endif
+$ endif
+$!
+$! Test for working 'print' command.
+$!
+$ if (failure .eqs. "")
+$ then
+$!
+$     define /user_mode sys$output 'tmp_file_name'
+$     bc
+print "OK"
+$     status = $status
+$     output_expected = "OK"
+$     gosub check_output
+$     if (output .ne. 1)
+$     then
+$         failure = "printtest"
+$     else
+$         delete 'f$parse( tmp_file_name)'
+$     endif
+$ endif
+$!
+$ if (failure .nes. "")
+$ then
+$     write sys$output -
+       "No working bc found.  Consider installing GNU bc."
+$     exit %X00030000 ! %DCL-W-NORMAL
+$ endif
+$!
+$ exit
+$!
+$!
+$! Complete "bc" command failure.
+$!
+$ bc_fail:
+$ write sys$output -
+   "No ""bc"" program/symbol found.  Consider installing GNU bc."
+$ exit %X00030000 ! %DCL-W-NORMAL
+$!
+$!
+$! Output check subroutine.
+$!
+$ check_output:
+$     eof = 0
+$     line_nr = 0
+$     open /read tmp_file 'tmp_file_name'
+$     c_o_loop:
+$         read /error = error_read tmp_file line
+$         goto ok_read
+$         error_read:
+$         eof = 1
+$         ok_read:
+$         line_expected = f$element( line_nr, "\", output_expected)
+$         line_nr = line_nr+ 1
+$     if ((line_expected .nes. "\") .and. (.not. eof) .and. -
+       (line_expected .eqs. line)) then goto c_o_loop
+$!
+$     if ((line_expected .eqs. "\") .and. eof)
+$     then
+$         output = 1
+$     else
+$         output = 0
+$     endif
+$     close tmp_file
+$ return
+$!

test/bntest.com

@@ -0,0 +1,69 @@
+$!
+$! Analyze bntest output file.
+$!
+$! Exit status = 1 (success) if all tests passed,
+$!               0 (warning) if any test failed.
+$!
+$! 2010-04-05 SMS.  New.  Based (loosely) on perl code in bntest-vms.sh.
+$!
+$!                  Expect data like:
+$!                        test test_name1
+$!                        0
+$!                        [...]
+$!                        test test_name2
+$!                        0
+$!                        [...]
+$!                        [...]
+$!
+$!                  Some tests have no following "0" lines.
+$!
+$ result_file_name = f$edit( p1, "TRIM")
+$ if (result_file_name .eqs. "")
+$ then
+$     result_file_name = "bntest-vms.out"
+$ endif
+$!
+$ fail = 0
+$ passed = 0
+$ tests = 0
+$!
+$ on control_c then goto tidy
+$ on error then goto tidy
+$!
+$ open /read result_file 'result_file_name'
+$!
+$ read_loop:
+$     read /end = read_loop_end /error = tidy result_file line
+$     t1 = f$element( 0, " ", line)
+$     if (t1 .eqs. "test")
+$     then
+$         passed = passed+ 1
+$         tests = tests+ 1
+$         fail = 1
+$         t2 = f$extract( 5, 1000, line)
+$         write sys$output "verify ''t2'"
+$     else
+$         if (t1 .nes. "0")
+$         then
+$             write sys$output "Failed! bc: ''line'"
+$             passed = passed- fail
+$             fail = 0
+$         endif
+$     endif
+$ goto read_loop
+$ read_loop_end:
+$ write sys$output "''passed'/''tests' tests passed"
+$!
+$ tidy:
+$ if f$trnlnm( "result_file", "LNM$PROCESS_TABLE", , "SUPERVISOR", , "CONFINE")
+$ then
+$     close result_file
+$ endif
+$!
+$ if ((tests .gt. 0) .and. (tests .eq. passed))
+$ then
+$    exit 1
+$ else
+$    exit 0
+$ endif
+$!

test/cms-test.pl

@@ -54,9 +54,13 @@
 # OpenSSL PKCS#7 and CMS implementations.
 
 my $ossl_path;
-my $redir = " 2>cms.err 1>cms.out";
+my $redir = " 2> cms.err > cms.out";
+# Make VMS work
+if ( $^O eq "VMS" && -f "$ENV{EXE_DIR}openssl.exe" ) {
+    $ossl_path = "pipe mcr $ENV{EXE_DIR}openssl.exe";
+}
 # Make MSYS work
-if ( $^O eq "MSWin32" && -f "../apps/openssl.exe" ) {
+elsif ( $^O eq "MSWin32" && -f "../apps/openssl.exe" ) {
     $ossl_path = "cmd /c ..\\apps\\openssl";
 }
 elsif ( -f "../apps/openssl$ENV{EXE_EXT}" ) {
@@ -84,79 +88,79 @@ my @smime_pkcs7_tests = (
 
     [
         "signed content DER format, RSA key",
-        "-sign -in smcont.txt -outform DER -nodetach"
+        "-sign -in smcont.txt -outform \"DER\" -nodetach"
           . " -certfile $smdir/smroot.pem"
           . " -signer $smdir/smrsa1.pem -out test.cms",
-        "-verify -in test.cms -inform DER "
-          . " -CAfile $smdir/smroot.pem -out smtst.txt"
+        "-verify -in test.cms -inform \"DER\" "
+          . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt"
     ],
 
     [
         "signed detached content DER format, RSA key",
-        "-sign -in smcont.txt -outform DER"
+        "-sign -in smcont.txt -outform \"DER\""
           . " -signer $smdir/smrsa1.pem -out test.cms",
-        "-verify -in test.cms -inform DER "
-          . " -CAfile $smdir/smroot.pem -out smtst.txt -content smcont.txt"
+        "-verify -in test.cms -inform \"DER\" "
+          . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt -content smcont.txt"
     ],
 
     [
         "signed content test streaming BER format, RSA",
-        "-sign -in smcont.txt -outform DER -nodetach"
+        "-sign -in smcont.txt -outform \"DER\" -nodetach"
           . " -stream -signer $smdir/smrsa1.pem -out test.cms",
-        "-verify -in test.cms -inform DER "
-          . " -CAfile $smdir/smroot.pem -out smtst.txt"
+        "-verify -in test.cms -inform \"DER\" "
+          . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt"
     ],
 
     [
         "signed content DER format, DSA key",
-        "-sign -in smcont.txt -outform DER -nodetach"
+        "-sign -in smcont.txt -outform \"DER\" -nodetach"
           . " -signer $smdir/smdsa1.pem -out test.cms",
-        "-verify -in test.cms -inform DER "
-          . " -CAfile $smdir/smroot.pem -out smtst.txt"
+        "-verify -in test.cms -inform \"DER\" "
+          . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt"
     ],
 
     [
         "signed detached content DER format, DSA key",
-        "-sign -in smcont.txt -outform DER"
+        "-sign -in smcont.txt -outform \"DER\""
           . " -signer $smdir/smdsa1.pem -out test.cms",
-        "-verify -in test.cms -inform DER "
-          . " -CAfile $smdir/smroot.pem -out smtst.txt -content smcont.txt"
+        "-verify -in test.cms -inform \"DER\" "
+          . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt -content smcont.txt"
     ],
 
     [
         "signed detached content DER format, add RSA signer",
-        "-resign -inform DER -in test.cms -outform DER"
+        "-resign -inform \"DER\" -in test.cms -outform \"DER\""
           . " -signer $smdir/smrsa1.pem -out test2.cms",
-        "-verify -in test2.cms -inform DER "
-          . " -CAfile $smdir/smroot.pem -out smtst.txt -content smcont.txt"
+        "-verify -in test2.cms -inform \"DER\" "
+          . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt -content smcont.txt"
     ],
 
     [
         "signed content test streaming BER format, DSA key",
-        "-sign -in smcont.txt -outform DER -nodetach"
+        "-sign -in smcont.txt -outform \"DER\" -nodetach"
           . " -stream -signer $smdir/smdsa1.pem -out test.cms",
-        "-verify -in test.cms -inform DER "
-          . " -CAfile $smdir/smroot.pem -out smtst.txt"
+        "-verify -in test.cms -inform \"DER\" "
+          . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt"
     ],
 
     [
         "signed content test streaming BER format, 2 DSA and 2 RSA keys",
-        "-sign -in smcont.txt -outform DER -nodetach"
+        "-sign -in smcont.txt -outform \"DER\" -nodetach"
           . " -signer $smdir/smrsa1.pem -signer $smdir/smrsa2.pem"
           . " -signer $smdir/smdsa1.pem -signer $smdir/smdsa2.pem"
           . " -stream -out test.cms",
-        "-verify -in test.cms -inform DER "
-          . " -CAfile $smdir/smroot.pem -out smtst.txt"
+        "-verify -in test.cms -inform \"DER\" "
+          . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt"
     ],
 
     [
 "signed content test streaming BER format, 2 DSA and 2 RSA keys, no attributes",
-        "-sign -in smcont.txt -outform DER -noattr -nodetach"
+        "-sign -in smcont.txt -outform \"DER\" -noattr -nodetach"
           . " -signer $smdir/smrsa1.pem -signer $smdir/smrsa2.pem"
           . " -signer $smdir/smdsa1.pem -signer $smdir/smdsa2.pem"
           . " -stream -out test.cms",
-        "-verify -in test.cms -inform DER "
-          . " -CAfile $smdir/smroot.pem -out smtst.txt"
+        "-verify -in test.cms -inform \"DER\" "
+          . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt"
     ],
 
     [
@@ -165,7 +169,7 @@ my @smime_pkcs7_tests = (
           . " -signer $smdir/smrsa1.pem -signer $smdir/smrsa2.pem"
           . " -signer $smdir/smdsa1.pem -signer $smdir/smdsa2.pem"
           . " -stream -out test.cms",
-        "-verify -in test.cms " . " -CAfile $smdir/smroot.pem -out smtst.txt"
+        "-verify -in test.cms " . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt"
     ],
 
     [
@@ -174,7 +178,7 @@ my @smime_pkcs7_tests = (
           . " -signer $smdir/smrsa1.pem -signer $smdir/smrsa2.pem"
           . " -signer $smdir/smdsa1.pem -signer $smdir/smdsa2.pem"
           . " -stream -out test.cms",
-        "-verify -in test.cms " . " -CAfile $smdir/smroot.pem -out smtst.txt"
+        "-verify -in test.cms " . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt"
     ],
 
     [
@@ -215,12 +219,12 @@ my @smime_cms_tests = (
 
     [
         "signed content test streaming BER format, 2 DSA and 2 RSA keys, keyid",
-        "-sign -in smcont.txt -outform DER -nodetach -keyid"
+        "-sign -in smcont.txt -outform \"DER\" -nodetach -keyid"
           . " -signer $smdir/smrsa1.pem -signer $smdir/smrsa2.pem"
           . " -signer $smdir/smdsa1.pem -signer $smdir/smdsa2.pem"
           . " -stream -out test.cms",
-        "-verify -in test.cms -inform DER "
-          . " -CAfile $smdir/smroot.pem -out smtst.txt"
+        "-verify -in test.cms -inform \"DER\" "
+          . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt"
     ],
 
     [
@@ -230,7 +234,7 @@ my @smime_cms_tests = (
           . " -signer $smdir/smdsa1.pem -signer $smdir/smdsa2.pem"
           . " -stream -out test.cms",
         "-verify -in test.cms -inform PEM "
-          . " -CAfile $smdir/smroot.pem -out smtst.txt"
+          . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt"
     ],
 
     [
@@ -239,7 +243,7 @@ my @smime_cms_tests = (
           . " -receipt_request_to test\@openssl.org -receipt_request_all"
           . " -out test.cms",
         "-verify -in test.cms "
-          . " -CAfile $smdir/smroot.pem -out smtst.txt"
+          . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt"
     ],
 
     [
@@ -248,7 +252,7 @@ my @smime_cms_tests = (
           . " -signer $smdir/smrsa2.pem"
           . " -out test2.cms",
         "-verify_receipt test2.cms -in test.cms"
-          . " -CAfile $smdir/smroot.pem"
+          . " \"-CAfile\" $smdir/smroot.pem"
     ],
 
     [
@@ -289,38 +293,38 @@ my @smime_cms_tests = (
 
     [
         "encrypted content test streaming PEM format, 128 bit RC2 key",
-        "-EncryptedData_encrypt -in smcont.txt -outform PEM"
+        "\"-EncryptedData_encrypt\" -in smcont.txt -outform PEM"
           . " -rc2 -secretkey 000102030405060708090A0B0C0D0E0F"
           . " -stream -out test.cms",
-        "-EncryptedData_decrypt -in test.cms -inform PEM "
+        "\"-EncryptedData_decrypt\" -in test.cms -inform PEM "
           . " -secretkey 000102030405060708090A0B0C0D0E0F -out smtst.txt"
     ],
 
     [
         "encrypted content test streaming PEM format, 40 bit RC2 key",
-        "-EncryptedData_encrypt -in smcont.txt -outform PEM"
+        "\"-EncryptedData_encrypt\" -in smcont.txt -outform PEM"
           . " -rc2 -secretkey 0001020304"
           . " -stream -out test.cms",
-        "-EncryptedData_decrypt -in test.cms -inform PEM "
+        "\"-EncryptedData_decrypt\" -in test.cms -inform PEM "
           . " -secretkey 0001020304 -out smtst.txt"
     ],
 
     [
         "encrypted content test streaming PEM format, triple DES key",
-        "-EncryptedData_encrypt -in smcont.txt -outform PEM"
+        "\"-EncryptedData_encrypt\" -in smcont.txt -outform PEM"
           . " -des3 -secretkey 000102030405060708090A0B0C0D0E0F1011121314151617"
           . " -stream -out test.cms",
-        "-EncryptedData_decrypt -in test.cms -inform PEM "
+        "\"-EncryptedData_decrypt\" -in test.cms -inform PEM "
           . " -secretkey 000102030405060708090A0B0C0D0E0F1011121314151617"
           . " -out smtst.txt"
     ],
 
     [
         "encrypted content test streaming PEM format, 128 bit AES key",
-        "-EncryptedData_encrypt -in smcont.txt -outform PEM"
+        "\"-EncryptedData_encrypt\" -in smcont.txt -outform PEM"
           . " -aes128 -secretkey 000102030405060708090A0B0C0D0E0F"
           . " -stream -out test.cms",
-        "-EncryptedData_decrypt -in test.cms -inform PEM "
+        "\"-EncryptedData_decrypt\" -in test.cms -inform PEM "
           . " -secretkey 000102030405060708090A0B0C0D0E0F -out smtst.txt"
     ],
 

test/maketests.com

@@ -105,7 +105,7 @@ $ TEST_FILES = "BNTEST,ECTEST,ECDSATEST,ECDHTEST,IDEATEST,"+ -
 	       "MDC2TEST,RMDTEST,"+ -
 	       "RANDTEST,DHTEST,ENGINETEST,"+ -
 	       "BFTEST,CASTTEST,SSLTEST,EXPTEST,DSATEST,RSA_TEST,"+ -
-	       "EVP_TEST,JPAKETEST"
+	       "EVP_TEST,IGETEST,JPAKETEST,ASN1TEST"
 $! Should we add MTTEST,PQ_TEST,LH_TEST,DIVTEST,TABTEST as well?
 $!
 $! Additional directory information.
@@ -139,8 +139,9 @@ $ T_D_EXPTEST    := [-.crypto.bn]
 $ T_D_DSATEST    := [-.crypto.dsa]
 $ T_D_RSA_TEST   := [-.crypto.rsa]
 $ T_D_EVP_TEST   := [-.crypto.evp]
-$ T_D_JPAKETEST  := [-.crypto.jpake]
 $ T_D_IGETEST    := [-.test]
+$ T_D_JPAKETEST  := [-.crypto.jpake]
+$ T_D_ASN1TEST   := [-.test]
 $!
 $ TCPIP_PROGRAMS = ",,"
 $ IF COMPILER .EQS. "VAXC" THEN -

test/tests.com

@@ -12,11 +12,16 @@ $	if __arch .eqs. "" then __arch := UNK
 $	texe_dir := sys$disk:[-.'__arch'.exe.test]
 $	exe_dir := sys$disk:[-.'__arch'.exe.apps]
 $
-$	sslroot = f$parse("sys$disk:[-.apps];",,,,"syntax_only") - "].;"+ ".]"
-$	define /translation_attributes = concealed sslroot 'sslroot'
-$
 $	set default '__here'
 $
+$       ROOT = F$PARSE("sys$disk:[-]A.;0",,,,"SYNTAX_ONLY,NO_CONCEAL") - "A.;0"
+$       ROOT_DEV = F$PARSE(ROOT,,,"DEVICE","SYNTAX_ONLY")
+$       ROOT_DIR = F$PARSE(ROOT,,,"DIRECTORY","SYNTAX_ONLY") -
+                   - ".][000000" - "[000000." - "][" - "[" - "]"
+$       ROOT = ROOT_DEV + "[" + ROOT_DIR
+$       DEFINE/NOLOG SSLROOT 'ROOT'.APPS.] /TRANS=CONC
+$	openssl_conf := sslroot:[000000]openssl-vms.cnf
+$
 $	on control_y then goto exit
 $	on error then goto exit
 $
@@ -70,17 +75,19 @@ $	ENGINETEST :=	enginetest
 $	EVPTEST :=	evp_test
 $	IGETEST :=	igetest
 $	JPAKETEST :=	jpaketest
+$	ASN1TEST :=	asn1test
 $
 $	tests_i = 0
 $ loop_tests:
 $	tests_e = f$element(tests_i,",",tests)
 $	tests_i = tests_i + 1
 $	if tests_e .eqs. "," then goto exit
+$	write sys$output "---> ''tests_e'"
 $	gosub 'tests_e'
 $	goto loop_tests
 $
 $ test_evp:
-$	mcr 'texe_dir''evptest' evptests.txt
+$	mcr 'texe_dir''evptest' 'ROOT'.CRYPTO.EVP]evptests.txt
 $	return
 $ test_des:
 $	mcr 'texe_dir''destest'
@@ -173,27 +180,57 @@ $	@tpkcs7d.com
 $	deassign sys$error
 $	return
 $ test_bn:
-$	write sys$output "starting big number library test, could take a while..."
-$	create bntest-vms.fdl
+$	write sys$output -
+	      "starting big number library test, could take a while..."
+$	set noon
+$	define sys$error nl:
+$	define sys$output nl:
+$	@ bctest.com
+$	status = $status
+$	deassign sys$error
+$	deassign sys$output
+$	on control_y then goto exit
+$	on error then goto exit
+$	if (status)
+$	then
+$	    create /fdl = sys$input bntest-vms.tmp
 FILE
 	ORGANIZATION	sequential
 RECORD
 	FORMAT		stream_lf
-$	create/fdl=bntest-vms.fdl bntest-vms.sh
-$	open/append foo bntest-vms.sh
-$	type/output=foo: sys$input:
+$	    define /user_mode sys$output bntest-vms.tmp
+$	    mcr 'texe_dir''bntest'
+$	    define /user_mode sys$input bntest-vms.tmp
+$	    define /user_mode sys$output bntest-vms.out
+$	    bc
+$	    @ bntest.com bntest-vms.out
+$	    status = $status
+$	    if (status)
+$	    then
+$		delete bntest-vms.out;*
+$		delete bntest-vms.tmp;*
+$	    endif
+$	else
+$	    create /fdl = sys$input bntest-vms.sh
+FILE
+	ORGANIZATION	sequential
+RECORD
+	FORMAT		stream_lf
+$	    open /append bntest_file bntest-vms.sh
+$	    type /output = bntest_file sys$input:
 << __FOO__ sh -c "`sh ./bctest`" | perl -e '$i=0; while (<STDIN>) {if (/^test (.*)/) {print STDERR "\nverify $1";} elsif (!/^0$/) {die "\nFailed! bc: $_";} else {print STDERR "."; $i++;}} print STDERR "\n$i tests passed\n"'
-$	define/user sys$output bntest-vms.tmp
-$	mcr 'texe_dir''bntest'
-$	copy bntest-vms.tmp foo:
-$	delete bntest-vms.tmp;*
-$	type/output=foo: sys$input:
+$	    define/user sys$output bntest-vms.tmp
+$	    mcr 'texe_dir''bntest'
+$	    copy bntest-vms.tmp bntest_file
+$	    delete bntest-vms.tmp;*
+$	    type /output = bntest_file sys$input:
 __FOO__
-$	close foo
-$	write sys$output "-- copy the [.test]bntest-vms.sh and [.test]bctest files to a Unix system and"
-$	write sys$output "-- run bntest-vms.sh through sh or bash to verify that the bignum operations"
-$	write sys$output "-- went well."
-$	write sys$output ""
+$	    close bntest_file
+$	    write sys$output "-- copy the [.test]bntest-vms.sh and [.test]bctest files to a Unix system and"
+$	    write sys$output "-- run bntest-vms.sh through sh or bash to verify that the bignum operations"
+$	    write sys$output "-- went well."
+$	    write sys$output ""
+$	endif
 $	write sys$output "test a^b%c implementations"
 $	mcr 'texe_dir''exptest'
 $	return
@@ -289,11 +326,14 @@ $	mcr 'texe_dir''jpaketest'
 $	return
 $ test_cms:
 $	write sys$output "CMS consistency test"
+$	! The following makes perl include the DCL symbol table in the env.
+$	define/user perl_env_tables clisym_local,lnm$file_dev,ctrl_env
 $	perl CMS-TEST.PL
 $	return
 $
 $
 $ exit:
+$	mcr 'exe_dir'openssl version -a
 $	set default '__save_default'
 $	deassign sslroot
 $	exit

test/testssl.com

@@ -21,10 +21,10 @@ $	    cert=p2
 $	endif
 $	ssltest := mcr 'texe_dir'ssltest -key 'key' -cert 'cert' -c_key 'key' -c_cert 'cert'
 $
+$	set noon
 $	define/user sys$output testssl-x509-output.
 $	define/user sys$error nla0:
 $	mcr 'exe_dir'openssl x509 -in 'cert' -text -noout
-$	set noon
 $	define/user sys$error nla0:
 $	search/output=nla0: testssl-x509-output. "DSA Public Key"/exact
 $	if $severity .eq. 1
@@ -33,7 +33,6 @@ $	    dsa_cert := YES
 $	else
 $	    dsa_cert := NO
 $	endif
-$	set on
 $	delete testssl-x509-output.;*
 $
 $	if p3 .eqs. ""
@@ -161,14 +160,12 @@ $	if $severity .ne. 1 then goto exit3
 $
 $!###########################################################################
 $
-$	set noon
 $	define/user sys$output nla0:
 $	mcr 'exe_dir'openssl no-rsa
 $	no_rsa=$SEVERITY
 $	define/user sys$output nla0:
 $	mcr 'exe_dir'openssl no-dh
 $	no_dh=$SEVERITY
-$	set on
 $
 $	if no_dh
 $	then
@@ -203,4 +200,5 @@ $ exit3:
 $	RET = 3
 $ exit:
 $	if p3 .eqs. "" then delete certs.tmp;*
+$	set on
 $	exit 'RET'

test/testtsa.com

@@ -167,6 +167,8 @@ $	endsubroutine
 $
 $	! Main body ----------------------------------------------------------
 $
+$	set noon
+$
 $	write sys$output "Setting up TSA test directory..."
 $	call setup_dir
 $
@@ -245,4 +247,6 @@ $
 $	write sys$output "Cleaning up..."
 $	call clean_up_dir
 $
+$	set on
+$
 $	exit

util/cygwin.sh

@@ -8,7 +8,7 @@
 #set -x
 
 CONFIG_OPTIONS="--prefix=/usr shared zlib no-idea no-rc5"
-INSTALL_PREFIX=/tmp/install
+INSTALL_PREFIX=/tmp/install/INSTALL
 
 VERSION=
 SUBVERSION=$1
@@ -124,8 +124,12 @@ strip usr/bin/*.exe usr/bin/*.dll usr/lib/engines/*.so
 chmod u-w usr/lib/engines/*.so
 
 # Runtime package
-find etc usr/bin usr/lib/engines usr/share/doc usr/ssl/certs \
-     usr/ssl/man/man[157] usr/ssl/misc usr/ssl/openssl.cnf usr/ssl/private \
+tar cjf libopenssl${VERSION//[!0-9]/}-${VERSION}-${SUBVERSION}.tar.bz2 \
+     usr/bin/cyg*dll
+# Base package
+find etc usr/bin/openssl.exe usr/bin/c_rehash usr/lib/engines usr/share/doc \
+     usr/ssl/certs usr/ssl/man/man[157] usr/ssl/misc usr/ssl/openssl.cnf \
+     usr/ssl/private \
      -empty -o \! -type d |
 tar cjfT openssl-${VERSION}-${SUBVERSION}.tar.bz2 -
 # Development package
@@ -135,6 +139,7 @@ tar cjfT openssl-devel-${VERSION}-${SUBVERSION}.tar.bz2 -
 
 ls -l openssl-${VERSION}-${SUBVERSION}.tar.bz2
 ls -l openssl-devel-${VERSION}-${SUBVERSION}.tar.bz2
+ls -l libopenssl${VERSION//[!0-9]/}-${VERSION}-${SUBVERSION}.tar.bz2
 
 cleanup
 

util/libeay.num

@@ -4178,3 +4178,14 @@ UI_method_get_prompt_constructr         4550	EXIST:VMS:FUNCTION:
 UI_method_set_prompt_constructor        4551	EXIST:!VMS:FUNCTION:
 UI_method_set_prompt_constructr         4551	EXIST:VMS:FUNCTION:
 EVP_read_pw_string_min                  4552	EXIST::FUNCTION:
+CRYPTO_cts128_encrypt                   4553	EXIST::FUNCTION:
+CRYPTO_cts128_decrypt_block             4554	EXIST::FUNCTION:
+CRYPTO_cfb128_1_encrypt                 4555	EXIST::FUNCTION:
+CRYPTO_cbc128_encrypt                   4556	EXIST::FUNCTION:
+CRYPTO_ctr128_encrypt                   4557	EXIST::FUNCTION:
+CRYPTO_ofb128_encrypt                   4558	EXIST::FUNCTION:
+CRYPTO_cts128_decrypt                   4559	EXIST::FUNCTION:
+CRYPTO_cts128_encrypt_block             4560	EXIST::FUNCTION:
+CRYPTO_cbc128_decrypt                   4561	EXIST::FUNCTION:
+CRYPTO_cfb128_encrypt                   4562	EXIST::FUNCTION:
+CRYPTO_cfb128_8_encrypt                 4563	EXIST::FUNCTION:

util/mk1mf.pl

@@ -13,6 +13,7 @@ $banner="\t\@echo Building OpenSSL";
 
 my $no_static_engine = 1;
 my $engines = "";
+my $otherlibs = "";
 local $zlib_opt = 0;	# 0 = no zlib, 1 = static, 2 = dynamic
 local $zlib_lib = "";
 local $perl_asm = 0;	# 1 to autobuild asm files from perl scripts
@@ -266,6 +267,7 @@ $cflags.=" -DOPENSSL_NO_KRB5" if $no_krb5;
 $cflags.=" -DOPENSSL_NO_EC"   if $no_ec;
 $cflags.=" -DOPENSSL_NO_ECDSA" if $no_ecdsa;
 $cflags.=" -DOPENSSL_NO_ECDH" if $no_ecdh;
+$cflags.=" -DOPENSSL_NO_GOST" if $no_gost;
 $cflags.=" -DOPENSSL_NO_ENGINE"   if $no_engine;
 $cflags.=" -DOPENSSL_NO_HW"   if $no_hw;
 $cflags.=" -DOPENSSL_NO_JPAKE"    if $no_jpake;
@@ -356,6 +358,12 @@ for (;;)
 		$lib=$val;
 		$lib =~ s/^.*\/([^\/]+)$/$1/;
 		}
+	if ($key eq "LIBNAME" && $no_static_engine)
+		{
+		$lib=$val;
+		$lib =~ s/^.*\/([^\/]+)$/$1/;
+		$otherlibs .= " $lib";
+		}
 
 	if ($key eq "EXHEADER")
 		{ $exheader.=&var_add($dir,$val, 1); }
@@ -658,7 +666,7 @@ foreach (split(/\s+/,$test))
 	$rules.=&do_link_rule("\$(TEST_D)$o$t$exep",$tt,"\$(LIBS_DEP)","\$(L_LIBS) \$(EX_LIBS)");
 	}
 
-$defs.=&do_defs("E_SHLIB",$engines,"\$(ENG_D)",$shlibp);
+$defs.=&do_defs("E_SHLIB",$engines . $otherlibs,"\$(ENG_D)",$shlibp);
 
 foreach (split(/\s+/,$engines))
 	{
@@ -671,6 +679,14 @@ foreach (split(/\s+/,$engines))
 $rules.= &do_lib_rule("\$(SSLOBJ)","\$(O_SSL)",$ssl,$shlib,"\$(SO_SSL)");
 $rules.= &do_lib_rule("\$(CRYPTOOBJ)","\$(O_CRYPTO)",$crypto,$shlib,"\$(SO_CRYPTO)");
 
+foreach (split(/\s+/,$otherlibs))
+	{
+	my $uc = $_;
+	$uc =~ tr /a-z/A-Z/;	
+	$rules.= &do_lib_rule("\$(${uc}OBJ)","\$(ENG_D)$o$_$shlibp", "", $shlib, "");
+
+	}
+
 $rules.=&do_link_rule("\$(BIN_D)$o\$(E_EXE)$exep","\$(E_OBJ)","\$(LIBS_DEP)","\$(L_LIBS) \$(EX_LIBS)");
 
 print $defs;
@@ -708,6 +724,7 @@ sub var_add
 	return("") if $no_dsa  && $dir =~ /\/dsa/;
 	return("") if $no_dh   && $dir =~ /\/dh/;
 	return("") if $no_ec   && $dir =~ /\/ec/;
+	return("") if $no_gost   && $dir =~ /\/ccgost/;
 	return("") if $no_cms  && $dir =~ /\/cms/;
 	return("") if $no_jpake  && $dir =~ /\/jpake/;
 	if ($no_des && $dir =~ /\/des/)
@@ -1047,6 +1064,7 @@ sub read_options
 		"no-ec" => \$no_ec,
 		"no-ecdsa" => \$no_ecdsa,
 		"no-ecdh" => \$no_ecdh,
+		"no-gost" => \$no_gost,
 		"no-engine" => \$no_engine,
 		"no-hw" => \$no_hw,
 		"just-ssl" =>

util/mkdef.pl

@@ -316,6 +316,7 @@ $crypto.=" crypto/krb5/krb5_asn.h";
 $crypto.=" crypto/pqueue/pqueue.h";
 $crypto.=" crypto/cms/cms.h";
 $crypto.=" crypto/jpake/jpake.h";
+$crypto.=" crypto/modes/modes.h";
 
 my $symhacks="crypto/symhacks.h";
 

util/pl/VC-32.pl

@@ -195,7 +195,7 @@ if ($FLAVOR =~ /WIN64A/) {
 	my $ver=`nasm -v 2>NUL`;
 	my $vew=`nasmw -v 2>NUL`;
 	# pick newest version
-	$asm=($ver gt $vew?"nasm":"nasmw")." -f win32";
+	$asm=($ver ge $vew?"nasm":"nasmw")." -f win32";
 	$asmtype="win32n";
 	$afile='-o ';
 } else {