[openssl-commits] [openssl] master update

Andy Polyakov

unread,

Jan 27, 2015, 6:21:22 AM1/27/15

to

The branch master has been updated
via 2863d5f3cd96d66cadeef19b8b4111de55ce78de (commit)
from 3d0cf918078fecee8b040807a2603e41937092f6 (commit)

- Log -----------------------------------------------------------------
commit 2863d5f3cd96d66cadeef19b8b4111de55ce78de
Author: Andy Polyakov <ap...@openssl.org>
Date: Fri Jan 23 18:02:44 2015 +0100

des/asm/des_enc.m4: strip #ifdef OPENSSL_SYS_ULTRASPARC as part of
pre-processor controls cleanup. It doesn't mean that it no longer
works on UltraSPARC, only that it doesn't utilize sparcv9-specific
features like branch prediction hints and load in little-endian byte
order anymore. This "costs" ~3% in EDE3 performance regression on
UltraSPARC.

Reviewed-by: Rich Salz <rs...@openssl.org>
Reviewed-by: Tim Hudson <t...@openssl.org>

-----------------------------------------------------------------------

Summary of changes:
crypto/des/asm/des_enc.m4 | 117 ---------------------------------------------
1 file changed, 117 deletions(-)

diff --git a/crypto/des/asm/des_enc.m4 b/crypto/des/asm/des_enc.m4
index e732ba6..6ae17fd 100644
--- a/crypto/des/asm/des_enc.m4
+++ b/crypto/des/asm/des_enc.m4
@@ -67,9 +67,6 @@
# define STPTR stx
# define ARG0 128
# define ARGSZ 8
-# ifndef OPENSSL_SYS_ULTRASPARC
-# define OPENSSL_SYS_ULTRASPARC
-# endif
#else
# define FRAME -96
# define BIAS 0
@@ -429,11 +426,7 @@ $4:
xor $2, local1, $2 ! 1 finished

xor $2, local2, $2 ! 3 finished
-#ifdef OPENSSL_SYS_ULTRASPARC
- bne,pt %icc, $4
-#else
bne $4
-#endif
and local4, 252, local1 ! sbox 1 next round

! two rounds more:
@@ -791,18 +784,6 @@ define(load_little_endian, {

! first in memory to rightmost in register

-#ifdef OPENSSL_SYS_ULTRASPARC
- andcc $1, 3, global0
- bne,pn %icc, $5
- nop
-
- lda [$1] 0x88, $2
- add $1, 4, $4
-
- ba,pt %icc, $5a
- lda [$4] 0x88, $3
-#endif
-
$5:
ldub [$1+3], $2

@@ -854,19 +835,6 @@ define(load_little_endian_inc, {

! first in memory to rightmost in register

-#ifdef OPENSSL_SYS_ULTRASPARC
- andcc $1, 3, global0
- bne,pn %icc, $5
- nop
-
- lda [$1] 0x88, $2
- add $1, 4, $1
-
- lda [$1] 0x88, $3
- ba,pt %icc, $5a
- add $1, 4, $1
-#endif
-
$5:
ldub [$1+3], $2

@@ -989,18 +957,6 @@ define(store_little_endian, {

! rightmost in register to first in memory

-#ifdef OPENSSL_SYS_ULTRASPARC
- andcc $1, 3, global0
- bne,pn %icc, $5
- nop
-
- sta $2, [$1] 0x88
- add $1, 4, $4
-
- ba,pt %icc, $5a
- sta $3, [$4] 0x88
-#endif
-
$5:
and $2, 255, $4
stub $4, [$1+0]
@@ -1195,11 +1151,7 @@ DES_encrypt1:
ld [in0], in5 ! left
cmp in2, 0 ! enc

-#ifdef OPENSSL_SYS_ULTRASPARC
- be,pn %icc, .encrypt.dec ! enc/dec
-#else
be .encrypt.dec
-#endif
ld [in0+4], out5 ! right

! parameter 6 1/2 for include encryption/decryption
@@ -1287,11 +1239,7 @@ DES_encrypt2:

! we use our own stackframe

-#ifdef OPENSSL_SYS_ULTRASPARC
- be,pn %icc, .encrypt2.dec ! decryption
-#else
be .encrypt2.dec
-#endif
STPTR in0, [%sp+BIAS+ARG0+0*ARGSZ]

ld [in3], out0 ! key 7531 first round
@@ -1467,11 +1415,7 @@ DES_ncbc_encrypt:

cmp in5, 0 ! enc

-#ifdef OPENSSL_SYS_ULTRASPARC
- be,pn %icc, .ncbc.dec
-#else
be .ncbc.dec
-#endif
STPTR in4, IVEC

! addr left right temp label
@@ -1479,11 +1423,7 @@ DES_ncbc_encrypt:

addcc in2, -8, in2 ! bytes missing when first block done

-#ifdef OPENSSL_SYS_ULTRASPARC
- bl,pn %icc, .ncbc.enc.seven.or.less
-#else
bl .ncbc.enc.seven.or.less
-#endif
mov in3, in4 ! schedule

.ncbc.enc.next.block:
@@ -1507,11 +1447,7 @@ DES_ncbc_encrypt:

rounds_macro(in5, out5, 1, .ncbc.enc.1, in3, in4) ! include encryption ks in3

-#ifdef OPENSSL_SYS_ULTRASPARC
- bl,pn %icc, .ncbc.enc.next.block_fp
-#else
bl .ncbc.enc.next.block_fp
-#endif
add in0, 8, in0 ! input address

! If 8 or more bytes are to be encrypted after this block,
@@ -1552,22 +1488,14 @@ DES_ncbc_encrypt:

addcc in2, -8, in2 ! bytes missing when next block done

-#ifdef OPENSSL_SYS_ULTRASPARC
- bpos,pt %icc, .ncbc.enc.next.block ! also jumps if 0
-#else
bpos .ncbc.enc.next.block
-#endif
add in1, 8, in1

.ncbc.enc.seven.or.less:

cmp in2, -8

-#ifdef OPENSSL_SYS_ULTRASPARC
- ble,pt %icc, .ncbc.enc.finish
-#else
ble .ncbc.enc.finish
-#endif
nop

add in2, 8, local1 ! bytes to load
@@ -1594,11 +1522,7 @@ DES_ncbc_encrypt:
add in3, 120, in3

LDPTR IVEC, local7 ! ivec
-#ifdef OPENSSL_SYS_ULTRASPARC
- ble,pn %icc, .ncbc.dec.finish
-#else
ble .ncbc.dec.finish
-#endif
mov in3, in4 ! schedule

STPTR in1, OUTPUT
@@ -1622,11 +1546,7 @@ DES_ncbc_encrypt:
! in2 is compared to 8 in the rounds

xor out5, in0, out4 ! iv xor
-#ifdef OPENSSL_SYS_ULTRASPARC
- bl,pn %icc, .ncbc.dec.seven.or.less
-#else
bl .ncbc.dec.seven.or.less
-#endif
xor in5, in1, global4 ! iv xor

! Load ivec next block now, since input and output address might be the same.
@@ -1639,11 +1559,7 @@ DES_ncbc_encrypt:
add local7, 8, local7
addcc in2, -8, in2

-#ifdef OPENSSL_SYS_ULTRASPARC
- bg,pt %icc, .ncbc.dec.next.block
-#else
bg .ncbc.dec.next.block
-#endif
STPTR local7, OUTPUT

@@ -1694,11 +1610,6 @@ DES_ede3_cbc_encrypt:
LDPTR [%fp+BIAS+ARG0+6*ARGSZ], local4 ! ivec
cmp local3, 0 ! enc

-#ifdef OPENSSL_SYS_ULTRASPARC
- be,pn %icc, .ede3.dec
-#else
- be .ede3.dec
-#endif
STPTR in4, KS2

STPTR in5, KS3
@@ -1707,11 +1618,7 @@ DES_ede3_cbc_encrypt:

addcc in2, -8, in2 ! bytes missing after next block

-#ifdef OPENSSL_SYS_ULTRASPARC
- bl,pn %icc, .ede3.enc.seven.or.less
-#else
bl .ede3.enc.seven.or.less
-#endif
STPTR in3, KS1

.ede3.enc.next.block:
@@ -1741,11 +1648,7 @@ DES_ede3_cbc_encrypt:
call .des_enc ! ks3 in3 compares in2 to 8
nop

-#ifdef OPENSSL_SYS_ULTRASPARC
- bl,pn %icc, .ede3.enc.next.block_fp
-#else
bl .ede3.enc.next.block_fp
-#endif
add in0, 8, in0

! If 8 or more bytes are to be encrypted after this block,
@@ -1787,22 +1690,14 @@ DES_ede3_cbc_encrypt:

addcc in2, -8, in2 ! bytes missing when next block done

-#ifdef OPENSSL_SYS_ULTRASPARC
- bpos,pt %icc, .ede3.enc.next.block
-#else
bpos .ede3.enc.next.block
-#endif
add in1, 8, in1

.ede3.enc.seven.or.less:

cmp in2, -8

-#ifdef OPENSSL_SYS_ULTRASPARC
- ble,pt %icc, .ede3.enc.finish
-#else
ble .ede3.enc.finish
-#endif
nop

add in2, 8, local1 ! bytes to load
@@ -1830,11 +1725,7 @@ DES_ede3_cbc_encrypt:
STPTR in3, KS1
cmp in2, 0

-#ifdef OPENSSL_SYS_ULTRASPARC
- ble %icc, .ede3.dec.finish
-#else
ble .ede3.dec.finish
-#endif
STPTR in5, KS3

LDPTR [%fp+BIAS+ARG0+6*ARGSZ], local7 ! iv
@@ -1863,11 +1754,7 @@ DES_ede3_cbc_encrypt:
! in2 is compared to 8 in the rounds

xor out5, in0, out4
-#ifdef OPENSSL_SYS_ULTRASPARC
- bl,pn %icc, .ede3.dec.seven.or.less
-#else
bl .ede3.dec.seven.or.less
-#endif
xor in5, in1, global4

load_little_endian_inc(local5, in0, in1, local3, .LLE10) ! iv next block
@@ -1878,11 +1765,7 @@ DES_ede3_cbc_encrypt:
addcc in2, -8, in2
add local7, 8, local7

-#ifdef OPENSSL_SYS_ULTRASPARC
- bg,pt %icc, .ede3.dec.next.block
-#else
bg .ede3.dec.next.block
-#endif
STPTR local7, OUTPUT

.ede3.dec.store.iv:
_____
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

Andy Polyakov

unread,

Jan 27, 2015, 6:25:13 AM1/27/15

to

The branch master has been updated

via 2a4af9478d0be41ea8c782c3c7adda00f7e20fbb (commit)
from 2863d5f3cd96d66cadeef19b8b4111de55ce78de (commit)

- Log -----------------------------------------------------------------
commit 2a4af9478d0be41ea8c782c3c7adda00f7e20fbb
Author: Andy Polyakov <ap...@openssl.org>
Date: Sat Jan 24 16:46:54 2015 +0100

Configure: addendum to OPENSSL_NO_[RMD160|RIPEMD] harmonization.

Reviewed-by: Rich Salz <rs...@openssl.org>

-----------------------------------------------------------------------

Summary of changes:
Configure | 4 ++++
1 file changed, 4 insertions(+)

diff --git a/Configure b/Configure
index c726478..ca48b52 100755
--- a/Configure
+++ b/Configure
@@ -1083,6 +1083,8 @@ foreach (sort (keys %disabled))
}
else
{
+ ($ALGO,$algo) = ("RMD160","rmd160") if ($algo eq "ripemd");
+
$openssl_algorithm_defines .= "#define OPENSSL_NO_$ALGO\n";
print " OPENSSL_NO_$ALGO";

@@ -1093,6 +1095,8 @@ foreach (sort (keys %disabled))
push @skip, $algo;
# fix-up crypto/directory name(s)
@skip[$#skip]="whrlpool" if $algo eq "whirlpool";
+ @skip[$#skip]="ripemd" if $algo eq "rmd160";
+
print " (skip dir)";

$depflags .= " -DOPENSSL_NO_$ALGO";

Matt Caswell

unread,

Jan 27, 2015, 9:43:00 AM1/27/15

to

The branch master has been updated

via 8507474564f3f743f5daa3468ca97a9b707b3583 (commit)
via f4002412518703d07fee321d4c88ee0bbe1694fe (commit)
via 8dd4ad0ff5d1d07ec4b6dd5d5104131269a472aa (commit)
from 2a4af9478d0be41ea8c782c3c7adda00f7e20fbb (commit)

- Log -----------------------------------------------------------------
commit 8507474564f3f743f5daa3468ca97a9b707b3583
Author: Matt Caswell <ma...@openssl.org>
Date: Mon Jan 26 23:28:31 2015 +0000

Provide documentation for all SSL(_CTX)?_(get|set)(_default)?_read_ahead
functions.

Reviewed-by: Andy Polyakov <ap...@openssl.org>

commit f4002412518703d07fee321d4c88ee0bbe1694fe
Author: Matt Caswell <ma...@openssl.org>
Date: Mon Jan 26 16:46:49 2015 +0000

Remove explicit setting of read_ahead for DTLS. It never makes sense not to
use read_ahead with DTLS because it doesn't work. Therefore read_ahead needs
to be the default.

Reviewed-by: Andy Polyakov <ap...@openssl.org>

commit 8dd4ad0ff5d1d07ec4b6dd5d5104131269a472aa
Author: Matt Caswell <ma...@openssl.org>
Date: Mon Jan 26 16:47:36 2015 +0000

Make DTLS always act as if read_ahead is set. The actual value of read_ahead
is ignored for DTLS.

RT#3657

Reviewed-by: Andy Polyakov <ap...@openssl.org>

-----------------------------------------------------------------------

Summary of changes:
apps/s_client.c | 6 -----
apps/s_server.c | 12 ---------
doc/ssl/SSL_CTX_set_read_ahead.pod | 51 ++++++++++++++++++++++++++++++++++++
doc/ssl/SSL_pending.pod | 8 +++---
doc/ssl/ssl.pod | 7 +++++
ssl/s3_pkt.c | 3 ++-
6 files changed, 65 insertions(+), 22 deletions(-)
create mode 100644 doc/ssl/SSL_CTX_set_read_ahead.pod

diff --git a/apps/s_client.c b/apps/s_client.c
index e30857f..0c4e6bd 100644
--- a/apps/s_client.c
+++ b/apps/s_client.c
@@ -1299,12 +1299,6 @@ int MAIN(int argc, char **argv)
#endif
if (exc)
ssl_ctx_set_excert(ctx, exc);
- /*
- * DTLS: partial reads end up discarding unread UDP bytes :-( Setting
- * read ahead solves this problem.
- */
- if (socket_type == SOCK_DGRAM)
- SSL_CTX_set_read_ahead(ctx, 1);

#if !defined(OPENSSL_NO_TLSEXT)
# if !defined(OPENSSL_NO_NEXTPROTONEG)
diff --git a/apps/s_server.c b/apps/s_server.c
index 4dae4d5..e07df85 100644
--- a/apps/s_server.c
+++ b/apps/s_server.c
@@ -1722,12 +1722,6 @@ int MAIN(int argc, char *argv[])
SSL_CTX_set_options(ctx, SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG);
if (exc)
ssl_ctx_set_excert(ctx, exc);
- /*
- * DTLS: partial reads end up discarding unread UDP bytes :-( Setting
- * read ahead solves this problem.
- */
- if (socket_type == SOCK_DGRAM)
- SSL_CTX_set_read_ahead(ctx, 1);

if (state)
SSL_CTX_set_info_callback(ctx, apps_ssl_info_callback);
@@ -1806,12 +1800,6 @@ int MAIN(int argc, char *argv[])
SSL_CTX_set_options(ctx2, SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG);
if (exc)
ssl_ctx_set_excert(ctx2, exc);
- /*
- * DTLS: partial reads end up discarding unread UDP bytes :-(
- * Setting read ahead solves this problem.
- */
- if (socket_type == SOCK_DGRAM)
- SSL_CTX_set_read_ahead(ctx2, 1);

if (state)
SSL_CTX_set_info_callback(ctx2, apps_ssl_info_callback);
diff --git a/doc/ssl/SSL_CTX_set_read_ahead.pod b/doc/ssl/SSL_CTX_set_read_ahead.pod
new file mode 100644
index 0000000..527164b
--- /dev/null
+++ b/doc/ssl/SSL_CTX_set_read_ahead.pod
@@ -0,0 +1,51 @@
+=pod
+
+=head1 NAME
+
+SSL_CTX_set_read_ahead, SSL_CTX_set_default_read_ahead, SSL_CTX_get_read_ahead,
+SSL_CTX_get_default_read_ahead, SSL_set_read_ahead, SSL_get_read_ahead
+- manage whether to read as many input bytes as possible
+
+=head1 SYNOPSIS
+
+ #include <openssl/ssl.h>
+
+ int SSL_get_read_ahead(const SSL *s);
+ void SSL_set_read_ahead(SSL *s, int yes);
+
+ #define SSL_CTX_get_default_read_ahead(ctx)
+ #define SSL_CTX_set_default_read_ahead(ctx,m)
+ #define SSL_CTX_get_read_ahead(ctx)
+ #define SSL_CTX_set_read_ahead(ctx,m)
+
+=head1 DESCRIPTION
+
+SSL_CTX_set_read_ahead() and SSL_set_read_ahead() set whether we should read as
+many input bytes as possible (for non-blocking reads) or not. For example if
+B<x> bytes are currently required by OpenSSL, but B<y> bytes are available from
+the underlying BIO (where B<y> > B<x>), then OpenSSL will read all B<y> bytes
+into its buffer (providing that the buffer is large enough) if reading ahead is
+on, or B<x> bytes otherwise. The parameter B<yes> or B<m> should be 0 to ensure
+reading ahead is off, or non zero otherwise.
+
+SSL_CTX_set_default_read_ahead is a synonym for SSL_CTX_set_read_ahead, and
+SSL_CTX_get_default_read_ahead is a synonym for SSL_CTX_get_read_ahead.
+
+SSL_CTX_get_read_ahead() and SSL_get_read_ahead() indicate whether reading
+ahead has been set or not.
+
+=head1 NOTES
+
+These functions have no impact when used with DTLS. The return values for
+SSL_CTX_get_read_head() and SSL_get_read_ahead() are undefined for DTLS.
+
+=head1 RETURN VALUES
+
+SSL_get_read_ahead and SSL_CTX_get_read_ahead return 0 if reading ahead is off,
+and non zero otherwise.
+
+=head1 SEE ALSO
+
+L<ssl(3)|ssl(3)>
+
+=cut
diff --git a/doc/ssl/SSL_pending.pod b/doc/ssl/SSL_pending.pod
index 43f2874..9dd071b 100644
--- a/doc/ssl/SSL_pending.pod
+++ b/doc/ssl/SSL_pending.pod
@@ -29,8 +29,9 @@ The number of bytes pending is returned.

SSL_pending() takes into account only bytes from the TLS/SSL record
that is currently being processed (if any). If the B<SSL> object's
-I<read_ahead> flag is set, additional protocol bytes may have been
-read containing more TLS/SSL records; these are ignored by
+I<read_ahead> flag is set (see
+L<SSL_CTX_set_read_ahead(3)|SSL_CTX_set_read_ahead(3)>), additional protocol
+bytes may have been read containing more TLS/SSL records; these are ignored by
SSL_pending().

Up to OpenSSL 0.9.6, SSL_pending() does not check if the record type
@@ -38,6 +39,7 @@ of pending data is application data.

=head1 SEE ALSO

-L<SSL_read(3)|SSL_read(3)>, L<ssl(3)|ssl(3)>
+L<SSL_read(3)|SSL_read(3)>,
+L<SSL_CTX_set_read_ahead(3)|SSL_CTX_set_read_ahead(3)>, L<ssl(3)|ssl(3)>

=cut
diff --git a/doc/ssl/ssl.pod b/doc/ssl/ssl.pod
index ceb9766..3634fa9 100644
--- a/doc/ssl/ssl.pod
+++ b/doc/ssl/ssl.pod
@@ -217,6 +217,8 @@ protocol context defined in the B<SSL_CTX> structure.

=item int (*B<SSL_CTX_get_client_cert_cb>(SSL_CTX *ctx))(SSL *ssl, X509 **x509, EVP_PKEY **pkey);

+=item void B<SSL_CTX_get_default_read_ahead>(SSL_CTX *ctx);
+
=item char *B<SSL_CTX_get_ex_data>(const SSL_CTX *s, int idx);

=item int B<SSL_CTX_get_ex_new_index>(long argl, char *argp, int (*new_func);(void), int (*dup_func)(void), void (*free_func)(void))
@@ -225,6 +227,8 @@ protocol context defined in the B<SSL_CTX> structure.

=item int B<SSL_CTX_get_quiet_shutdown>(const SSL_CTX *ctx);

+=item void B<SSL_CTX_get_read_ahead>(SSL_CTX *ctx);
+
=item int B<SSL_CTX_get_session_cache_mode>(SSL_CTX *ctx);

=item long B<SSL_CTX_get_timeout>(const SSL_CTX *ctx);
@@ -313,6 +317,8 @@ protocol context defined in the B<SSL_CTX> structure.

=item void B<SSL_CTX_set_quiet_shutdown>(SSL_CTX *ctx, int mode);

+=item void B<SSL_CTX_set_read_ahead>(SSL_CTX *ctx, int m);
+
=item void B<SSL_CTX_set_session_cache_mode>(SSL_CTX *ctx, int mode);

=item int B<SSL_CTX_set_ssl_version>(SSL_CTX *ctx, const SSL_METHOD *meth);
@@ -695,6 +701,7 @@ L<SSL_CTX_set_mode(3)|SSL_CTX_set_mode(3)>,
L<SSL_CTX_set_msg_callback(3)|SSL_CTX_set_msg_callback(3)>,
L<SSL_CTX_set_options(3)|SSL_CTX_set_options(3)>,
L<SSL_CTX_set_quiet_shutdown(3)|SSL_CTX_set_quiet_shutdown(3)>,
+L<SSL_CTX_set_read_ahead(3)|SSL_CTX_set_read_ahead(3)>,
L<SSL_CTX_set_session_cache_mode(3)|SSL_CTX_set_session_cache_mode(3)>,
L<SSL_CTX_set_session_id_context(3)|SSL_CTX_set_session_id_context(3)>,
L<SSL_CTX_set_ssl_version(3)|SSL_CTX_set_ssl_version(3)>,
diff --git a/ssl/s3_pkt.c b/ssl/s3_pkt.c
index 85af629..07adf0f 100644
--- a/ssl/s3_pkt.c
+++ b/ssl/s3_pkt.c
@@ -231,7 +231,8 @@ int ssl3_read_n(SSL *s, int n, int max, int extend)
return -1;
}

- if (!s->read_ahead)
+ /* We always act like read_ahead is set for DTLS */
+ if (!s->read_ahead && !SSL_IS_DTLS(s))
/* ignore max parameter */
max = n;
else {

Rich Salz

unread,

Jan 27, 2015, 10:05:39 AM1/27/15

to

The branch master has been updated

via 109f1031a8d03a7c0a7c53c82314505ec5b7b207 (commit)
from 8507474564f3f743f5daa3468ca97a9b707b3583 (commit)

- Log -----------------------------------------------------------------
commit 109f1031a8d03a7c0a7c53c82314505ec5b7b207
Author: Rich Salz <rs...@openssl.org>
Date: Tue Jan 27 10:02:39 2015 -0500

OPENSSL_NO_xxx cleanup: DEC-CBCM removed

A DES algorithm mode, known attacks, no EVP support.
Flushed.

Reviewed-by: Andy Polyakov <ap...@openssl.org>

-----------------------------------------------------------------------

Summary of changes:

crypto/des/Makefile | 11 +--
crypto/des/des.h | 5 --
crypto/des/des_old.h | 2 -
crypto/des/destest.c | 52 +------------
crypto/des/ede_cbcm_enc.c | 189 ---------------------------------------------
doc/crypto/des.pod | 6 +-
6 files changed, 4 insertions(+), 261 deletions(-)
delete mode 100644 crypto/des/ede_cbcm_enc.c

diff --git a/crypto/des/Makefile b/crypto/des/Makefile
index 4a63c1c..80a7add 100644
--- a/crypto/des/Makefile
+++ b/crypto/des/Makefile
@@ -28,7 +28,7 @@ LIBSRC= cbc_cksm.c cbc_enc.c cfb64enc.c cfb_enc.c \
qud_cksm.c rand_key.c rpc_enc.c set_key.c \
des_enc.c fcrypt_b.c \
xcbc_enc.c \
- str2key.c cfb64ede.c ofb64ede.c ede_cbcm_enc.c des_old.c des_old2.c \
+ str2key.c cfb64ede.c ofb64ede.c des_old.c des_old2.c \
read2pwd.c

LIBOBJ= set_key.o ecb_enc.o cbc_enc.o \
@@ -37,7 +37,7 @@ LIBOBJ= set_key.o ecb_enc.o cbc_enc.o \
ofb_enc.o str2key.o pcbc_enc.o qud_cksm.o rand_key.o \
${DES_ENC} \
fcrypt.o xcbc_enc.o rpc_enc.o cbc_cksm.o \
- ede_cbcm_enc.o des_old.o des_old2.o read2pwd.o
+ des_old.o des_old2.o read2pwd.o

SRC= $(LIBSRC)

@@ -169,13 +169,6 @@ ecb_enc.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
ecb_enc.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
ecb_enc.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
ecb_enc.o: ../../include/openssl/ui_compat.h des_locl.h des_ver.h ecb_enc.c
-ede_cbcm_enc.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
-ede_cbcm_enc.o: ../../include/openssl/e_os2.h
-ede_cbcm_enc.o: ../../include/openssl/opensslconf.h
-ede_cbcm_enc.o: ../../include/openssl/ossl_typ.h
-ede_cbcm_enc.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-ede_cbcm_enc.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
-ede_cbcm_enc.o: ../../include/openssl/ui_compat.h des_locl.h ede_cbcm_enc.c
enc_read.o: ../../e_os.h ../../include/openssl/bio.h
enc_read.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
enc_read.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
diff --git a/crypto/des/des.h b/crypto/des/des.h
index fe02e34..0accc9b 100644
--- a/crypto/des/des.h
+++ b/crypto/des/des.h
@@ -182,11 +182,6 @@ void DES_ede3_cbc_encrypt(const unsigned char *input, unsigned char *output,
long length,
DES_key_schedule *ks1, DES_key_schedule *ks2,
DES_key_schedule *ks3, DES_cblock *ivec, int enc);
-void DES_ede3_cbcm_encrypt(const unsigned char *in, unsigned char *out,
- long length,
- DES_key_schedule *ks1, DES_key_schedule *ks2,
- DES_key_schedule *ks3,
- DES_cblock *ivec1, DES_cblock *ivec2, int enc);
void DES_ede3_cfb64_encrypt(const unsigned char *in, unsigned char *out,
long length, DES_key_schedule *ks1,
DES_key_schedule *ks2, DES_key_schedule *ks3,
diff --git a/crypto/des/des_old.h b/crypto/des/des_old.h
index 4dabd45..baa4b7d 100644
--- a/crypto/des/des_old.h
+++ b/crypto/des/des_old.h
@@ -141,8 +141,6 @@ typedef struct _ossl_old_des_ks_struct {
DES_ecb3_encrypt((i),(o),&(k1),&(k2),&(k3),(e))
# define des_ede3_cbc_encrypt(i,o,l,k1,k2,k3,iv,e)\
DES_ede3_cbc_encrypt((i),(o),(l),&(k1),&(k2),&(k3),(iv),(e))
-# define des_ede3_cbcm_encrypt(i,o,l,k1,k2,k3,iv1,iv2,e)\
- DES_ede3_cbcm_encrypt((i),(o),(l),&(k1),&(k2),&(k3),(iv1),(iv2),(e))
# define des_ede3_cfb64_encrypt(i,o,l,k1,k2,k3,iv,n,e)\
DES_ede3_cfb64_encrypt((i),(o),(l),&(k1),&(k2),&(k3),(iv),(n),(e))
# define des_ede3_ofb64_encrypt(i,o,l,k1,k2,k3,iv,n)\
diff --git a/crypto/des/destest.c b/crypto/des/destest.c
index 62cc7a5..be68d36 100644
--- a/crypto/des/destest.c
+++ b/crypto/des/destest.c
@@ -362,7 +362,7 @@ int main(int argc, char *argv[])
{
int j, err = 0;
unsigned int i;
- des_cblock in, out, outin, iv3, iv2;
+ des_cblock in, out, outin, iv3;
des_key_schedule ks, ks2, ks3;
unsigned char cbc_in[40];
unsigned char cbc_out[40];
@@ -372,56 +372,6 @@ int main(int argc, char *argv[])
int num;
char *str;

-# ifndef OPENSSL_NO_DESCBCM
- printf("Doing cbcm\n");
- if ((j = DES_set_key_checked(&cbc_key, &ks)) != 0) {
- printf("Key error %d\n", j);
- err = 1;
- }
- if ((j = DES_set_key_checked(&cbc2_key, &ks2)) != 0) {
- printf("Key error %d\n", j);
- err = 1;
- }
- if ((j = DES_set_key_checked(&cbc3_key, &ks3)) != 0) {
- printf("Key error %d\n", j);
- err = 1;
- }
- memset(cbc_out, 0, 40);
- memset(cbc_in, 0, 40);
- i = strlen((char *)cbc_data) + 1;
- /* i=((i+7)/8)*8; */
- memcpy(iv3, cbc_iv, sizeof(cbc_iv));
- memset(iv2, '\0', sizeof iv2);
-
- DES_ede3_cbcm_encrypt(cbc_data, cbc_out, 16L, &ks, &ks2, &ks3, &iv3, &iv2,
- DES_ENCRYPT);
- DES_ede3_cbcm_encrypt(&cbc_data[16], &cbc_out[16], i - 16, &ks, &ks2,
- &ks3, &iv3, &iv2, DES_ENCRYPT);
-/*- if (memcmp(cbc_out,cbc3_ok,
- (unsigned int)(strlen((char *)cbc_data)+1+7)/8*8) != 0)
- {
- printf("des_ede3_cbc_encrypt encrypt error\n");
- err=1;
- }
-*/
- memcpy(iv3, cbc_iv, sizeof(cbc_iv));
- memset(iv2, '\0', sizeof iv2);
- DES_ede3_cbcm_encrypt(cbc_out, cbc_in, i, &ks, &ks2, &ks3, &iv3, &iv2,
- DES_DECRYPT);
- if (memcmp(cbc_in, cbc_data, strlen((char *)cbc_data) + 1) != 0) {
- unsigned int n;
-
- printf("des_ede3_cbcm_encrypt decrypt error\n");
- for (n = 0; n < i; ++n)
- printf(" %02x", cbc_data[n]);
- printf("\n");
- for (n = 0; n < i; ++n)
- printf(" %02x", cbc_in[n]);
- printf("\n");
- err = 1;
- }
-# endif
-
printf("Doing ecb\n");
for (i = 0; i < NUM_TESTS; i++) {
DES_set_key_unchecked(&key_data[i], &ks);
diff --git a/crypto/des/ede_cbcm_enc.c b/crypto/des/ede_cbcm_enc.c
deleted file mode 100644
index 86f27d0..0000000
--- a/crypto/des/ede_cbcm_enc.c
+++ /dev/null
@@ -1,189 +0,0 @@
-/* ede_cbcm_enc.c */
-/*
- * Written by Ben Laurie <b...@algroup.co.uk> for the OpenSSL project 13 Feb
- * 1999.
- */
-/* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * lice...@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (e...@cryptsoft.com). This product includes software written by Tim
- * Hudson (t...@cryptsoft.com).
- *
- */
-
-/*
- *
- * This is an implementation of Triple DES Cipher Block Chaining with Output
- * Feedback Masking, by Coppersmith, Johnson and Matyas, (IBM and Certicom).
- *
- * Note that there is a known attack on this by Biham and Knudsen but it
- * takes a lot of work:
- *
- * http://www.cs.technion.ac.il/users/wwwb/cgi-bin/tr-get.cgi/1998/CS/CS0928.ps.gz
- *
- */
-
-#include <openssl/opensslconf.h> /* To see if OPENSSL_NO_DESCBCM is defined */
-
-#ifndef OPENSSL_NO_DESCBCM
-# include "des_locl.h"
-
-void DES_ede3_cbcm_encrypt(const unsigned char *in, unsigned char *out,
- long length, DES_key_schedule *ks1,
- DES_key_schedule *ks2, DES_key_schedule *ks3,
- DES_cblock *ivec1, DES_cblock *ivec2, int enc)
-{
- register DES_LONG tin0, tin1;
- register DES_LONG tout0, tout1, xor0, xor1, m0, m1;
- register long l = length;
- DES_LONG tin[2];
- unsigned char *iv1, *iv2;
-
- iv1 = &(*ivec1)[0];
- iv2 = &(*ivec2)[0];
-
- if (enc) {
- c2l(iv1, m0);
- c2l(iv1, m1);
- c2l(iv2, tout0);
- c2l(iv2, tout1);
- for (l -= 8; l >= -7; l -= 8) {
- tin[0] = m0;
- tin[1] = m1;
- DES_encrypt1(tin, ks3, 1);
- m0 = tin[0];
- m1 = tin[1];
-
- if (l < 0) {
- c2ln(in, tin0, tin1, l + 8);
- } else {
- c2l(in, tin0);
- c2l(in, tin1);
- }
- tin0 ^= tout0;
- tin1 ^= tout1;
-
- tin[0] = tin0;
- tin[1] = tin1;
- DES_encrypt1(tin, ks1, 1);
- tin[0] ^= m0;
- tin[1] ^= m1;
- DES_encrypt1(tin, ks2, 0);
- tin[0] ^= m0;
- tin[1] ^= m1;
- DES_encrypt1(tin, ks1, 1);
- tout0 = tin[0];
- tout1 = tin[1];
-
- l2c(tout0, out);
- l2c(tout1, out);
- }
- iv1 = &(*ivec1)[0];
- l2c(m0, iv1);
- l2c(m1, iv1);
-
- iv2 = &(*ivec2)[0];
- l2c(tout0, iv2);
- l2c(tout1, iv2);
- } else {
- register DES_LONG t0, t1;
-
- c2l(iv1, m0);
- c2l(iv1, m1);
- c2l(iv2, xor0);
- c2l(iv2, xor1);
- for (l -= 8; l >= -7; l -= 8) {
- tin[0] = m0;
- tin[1] = m1;
- DES_encrypt1(tin, ks3, 1);
- m0 = tin[0];
- m1 = tin[1];
-
- c2l(in, tin0);
- c2l(in, tin1);
-
- t0 = tin0;
- t1 = tin1;
-
- tin[0] = tin0;
- tin[1] = tin1;
- DES_encrypt1(tin, ks1, 0);
- tin[0] ^= m0;
- tin[1] ^= m1;
- DES_encrypt1(tin, ks2, 1);
- tin[0] ^= m0;
- tin[1] ^= m1;
- DES_encrypt1(tin, ks1, 0);
- tout0 = tin[0];
- tout1 = tin[1];
-
- tout0 ^= xor0;
- tout1 ^= xor1;
- if (l < 0) {
- l2cn(tout0, tout1, out, l + 8);
- } else {
- l2c(tout0, out);
- l2c(tout1, out);
- }
- xor0 = t0;
- xor1 = t1;
- }
-
- iv1 = &(*ivec1)[0];
- l2c(m0, iv1);
- l2c(m1, iv1);
-
- iv2 = &(*ivec2)[0];
- l2c(xor0, iv2);
- l2c(xor1, iv2);
- }
- tin0 = tin1 = tout0 = tout1 = xor0 = xor1 = 0;
- tin[0] = tin[1] = 0;
-}
-#endif
diff --git a/doc/crypto/des.pod b/doc/crypto/des.pod
index 51df21a..2afe572 100644
--- a/doc/crypto/des.pod
+++ b/doc/crypto/des.pod
@@ -8,7 +8,7 @@ DES_ecb_encrypt, DES_ecb2_encrypt, DES_ecb3_encrypt, DES_ncbc_encrypt,
DES_cfb_encrypt, DES_ofb_encrypt, DES_pcbc_encrypt, DES_cfb64_encrypt,
DES_ofb64_encrypt, DES_xcbc_encrypt, DES_ede2_cbc_encrypt,
DES_ede2_cfb64_encrypt, DES_ede2_ofb64_encrypt, DES_ede3_cbc_encrypt,
-DES_ede3_cbcm_encrypt, DES_ede3_cfb64_encrypt, DES_ede3_ofb64_encrypt,
+DES_ede3_cfb64_encrypt, DES_ede3_ofb64_encrypt,
DES_cbc_cksum, DES_quad_cksum, DES_string_to_key, DES_string_to_2keys,
DES_fcrypt, DES_crypt, DES_enc_read, DES_enc_write - DES encryption

@@ -73,10 +73,6 @@ DES_fcrypt, DES_crypt, DES_enc_read, DES_enc_write - DES encryption
unsigned char *output, long length, DES_key_schedule *ks1,
DES_key_schedule *ks2, DES_key_schedule *ks3, DES_cblock *ivec,
int enc);
- void DES_ede3_cbcm_encrypt(const unsigned char *in, unsigned char *out,
- long length, DES_key_schedule *ks1, DES_key_schedule *ks2,
- DES_key_schedule *ks3, DES_cblock *ivec1, DES_cblock *ivec2,
- int enc);
void DES_ede3_cfb64_encrypt(const unsigned char *in, unsigned char *out,
long length, DES_key_schedule *ks1, DES_key_schedule *ks2,
DES_key_schedule *ks3, DES_cblock *ivec, int *num, int enc);

Rich Salz

unread,

Jan 27, 2015, 10:14:54 AM1/27/15

to

The branch master has been updated

via a00ae6c46e0d7907a7c9f9e85334e968aa5fd338 (commit)
from 109f1031a8d03a7c0a7c53c82314505ec5b7b207 (commit)

- Log -----------------------------------------------------------------
commit a00ae6c46e0d7907a7c9f9e85334e968aa5fd338
Author: Rich Salz <rs...@openssl.org>
Date: Tue Jan 27 10:06:22 2015 -0500

OPENSSL_NO_xxx cleanup: many removals

The following compile options (#ifdef's) are removed:
OPENSSL_NO_BIO OPENSSL_NO_BUFFER OPENSSL_NO_CHAIN_VERIFY
OPENSSL_NO_EVP OPENSSL_NO_FIPS_ERR OPENSSL_NO_HASH_COMP
OPENSSL_NO_LHASH OPENSSL_NO_OBJECT OPENSSL_NO_SPEED OPENSSL_NO_STACK
OPENSSL_NO_X509 OPENSSL_NO_X509_VERIFY

This diff is big because of updating the indents on preprocessor lines.

Reviewed-by: Richard Levitte <lev...@openssl.org>

-----------------------------------------------------------------------

Summary of changes:
apps/progs.h | 2 -
apps/progs.pl | 2 -
apps/speed.c | 1194 +++++++++++++++++++++++-----------------------
crypto/asn1/asn1.h | 10 +-
crypto/bn/bn_print.c | 2 -
crypto/dh/dh.h | 8 +-
crypto/dsa/dsa.h | 6 +-
crypto/ec/ec.h | 4 -
crypto/err/err.c | 2 -
crypto/err/err.h | 12 +-
crypto/err/err_all.c | 2 -
crypto/evp/evp.h | 13 +-
crypto/lhash/lh_stats.c | 79 +--
crypto/lhash/lhash.c | 9 -
crypto/lhash/lhash.h | 14 +-
crypto/objects/obj_dat.c | 15 +-
crypto/pem/pem.h | 24 +-
crypto/rsa/rsa.h | 6 +-
crypto/ts/ts.h | 12 +-
crypto/ts/ts_asn1.c | 8 -
crypto/txt_db/txt_db.h | 9 +-
crypto/x509/x509.h | 26 +-
crypto/x509/x509_vfy.c | 4 -
crypto/x509/x509_vfy.h | 4 +-
ssl/ssl.h | 24 +-
ssl/ssl_cert.c | 6 -
ssl/ssltest.c | 2 -
27 files changed, 616 insertions(+), 883 deletions(-)

diff --git a/apps/progs.h b/apps/progs.h
index 5eb974b..c66da30 100644
--- a/apps/progs.h
+++ b/apps/progs.h
@@ -113,9 +113,7 @@ FUNCTION functions[] = {
#if !defined(OPENSSL_NO_SOCK)
{FUNC_TYPE_GENERAL, "s_client", s_client_main},
#endif
-#ifndef OPENSSL_NO_SPEED
{FUNC_TYPE_GENERAL, "speed", speed_main},
-#endif
#if !defined(OPENSSL_NO_SOCK)
{FUNC_TYPE_GENERAL, "s_time", s_time_main},
#endif
diff --git a/apps/progs.pl b/apps/progs.pl
index 2b1efd8..8695742 100644
--- a/apps/progs.pl
+++ b/apps/progs.pl
@@ -33,8 +33,6 @@ foreach (@ARGV)
$str="\t{FUNC_TYPE_GENERAL,\"$_\",${_}_main},\n";
if (($_ =~ /^s_/) || ($_ =~ /^ciphers$/))
{ print "#if !defined(OPENSSL_NO_SOCK)\n${str}#endif\n"; }
- elsif ( ($_ =~ /^speed$/))
- { print "#ifndef OPENSSL_NO_SPEED\n${str}#endif\n"; }
elsif ( ($_ =~ /^engine$/))
{ print "#ifndef OPENSSL_NO_ENGINE\n${str}#endif\n"; }
elsif ( ($_ =~ /^rsa$/) || ($_ =~ /^genrsa$/) || ($_ =~ /^rsautl$/))
diff --git a/apps/speed.c b/apps/speed.c
index 1b4d23b..f5af9a3 100644
--- a/apps/speed.c
+++ b/apps/speed.c
@@ -69,147 +69,140 @@
*
*/

-/* most of this code has been pilfered from my libdes speed.c program */
-
-#ifndef OPENSSL_NO_SPEED
-
-# undef SECONDS
-# define SECONDS 3
-# define PRIME_SECONDS 10
-# define RSA_SECONDS 10
-# define DSA_SECONDS 10
-# define ECDSA_SECONDS 10
-# define ECDH_SECONDS 10
-
-/* 11-Sep-92 Andrew Daviel Support for Silicon Graphics IRIX added */
-/* 06-Apr-92 Luke Brennan Support for VMS and add extra signal calls */
-
-# undef PROG
-# define PROG speed_main
-
-# include <stdio.h>
-# include <stdlib.h>
-
-# include <string.h>
-# include <math.h>
-# include "apps.h"
-# include <openssl/crypto.h>
-# include <openssl/rand.h>
-# include <openssl/err.h>
-# include <openssl/evp.h>
-# include <openssl/objects.h>
-# if !defined(OPENSSL_SYS_MSDOS)
-# include OPENSSL_UNISTD
-# endif
+#undef SECONDS
+#define SECONDS 3
+#define PRIME_SECONDS 10
+#define RSA_SECONDS 10
+#define DSA_SECONDS 10
+#define ECDSA_SECONDS 10
+#define ECDH_SECONDS 10
+
+#undef PROG
+#define PROG speed_main
+
+#include <stdio.h>
+#include <stdlib.h>
+
+#include <string.h>
+#include <math.h>
+#include "apps.h"
+#include <openssl/crypto.h>
+#include <openssl/rand.h>
+#include <openssl/err.h>
+#include <openssl/evp.h>
+#include <openssl/objects.h>
+#if !defined(OPENSSL_SYS_MSDOS)
+# include OPENSSL_UNISTD
+#endif

-# ifndef OPENSSL_SYS_NETWARE
-# include <signal.h>
-# endif
+#ifndef OPENSSL_SYS_NETWARE
+# include <signal.h>
+#endif

-# if defined(_WIN32) || defined(__CYGWIN__)
-# include <windows.h>
-# if defined(__CYGWIN__) && !defined(_WIN32)
+#if defined(_WIN32) || defined(__CYGWIN__)
+# include <windows.h>
+# if defined(__CYGWIN__) && !defined(_WIN32)
/*
* <windows.h> should define _WIN32, which normally is mutually exclusive
* with __CYGWIN__, but if it didn't...
*/
-# define _WIN32
+# define _WIN32
/* this is done because Cygwin alarm() fails sometimes. */
-# endif
-# endif
-
-# include <openssl/bn.h>
-# ifndef OPENSSL_NO_DES
-# include <openssl/des.h>
-# endif
-# ifndef OPENSSL_NO_AES
-# include <openssl/aes.h>
-# endif
-# ifndef OPENSSL_NO_CAMELLIA
-# include <openssl/camellia.h>
-# endif
-# ifndef OPENSSL_NO_MD2
-# include <openssl/md2.h>
-# endif
-# ifndef OPENSSL_NO_MDC2
-# include <openssl/mdc2.h>
-# endif
-# ifndef OPENSSL_NO_MD4
-# include <openssl/md4.h>
-# endif
-# ifndef OPENSSL_NO_MD5
-# include <openssl/md5.h>
-# endif
-# ifndef OPENSSL_NO_HMAC
-# include <openssl/hmac.h>
-# endif
-# include <openssl/evp.h>
-# ifndef OPENSSL_NO_SHA
-# include <openssl/sha.h>
-# endif
-# ifndef OPENSSL_NO_RMD160
-# include <openssl/ripemd.h>
-# endif
-# ifndef OPENSSL_NO_WHIRLPOOL
-# include <openssl/whrlpool.h>
-# endif
-# ifndef OPENSSL_NO_RC4
-# include <openssl/rc4.h>
-# endif
-# ifndef OPENSSL_NO_RC5
-# include <openssl/rc5.h>
-# endif
-# ifndef OPENSSL_NO_RC2
-# include <openssl/rc2.h>
-# endif
-# ifndef OPENSSL_NO_IDEA
-# include <openssl/idea.h>
-# endif
-# ifndef OPENSSL_NO_SEED
-# include <openssl/seed.h>
-# endif
-# ifndef OPENSSL_NO_BF
-# include <openssl/blowfish.h>
-# endif
-# ifndef OPENSSL_NO_CAST
-# include <openssl/cast.h>
-# endif
-# ifndef OPENSSL_NO_RSA
-# include <openssl/rsa.h>
-# include "./testrsa.h"
-# endif
-# include <openssl/x509.h>
-# ifndef OPENSSL_NO_DSA
-# include <openssl/dsa.h>
-# include "./testdsa.h"
-# endif
-# ifndef OPENSSL_NO_ECDSA
-# include <openssl/ecdsa.h>
# endif
-# ifndef OPENSSL_NO_ECDH
-# include <openssl/ecdh.h>
-# endif
-# include <openssl/modes.h>
+#endif

-# include <openssl/bn.h>
+#include <openssl/bn.h>
+#ifndef OPENSSL_NO_DES
+# include <openssl/des.h>
+#endif
+#ifndef OPENSSL_NO_AES
+# include <openssl/aes.h>
+#endif
+#ifndef OPENSSL_NO_CAMELLIA
+# include <openssl/camellia.h>
+#endif
+#ifndef OPENSSL_NO_MD2
+# include <openssl/md2.h>
+#endif
+#ifndef OPENSSL_NO_MDC2
+# include <openssl/mdc2.h>
+#endif
+#ifndef OPENSSL_NO_MD4
+# include <openssl/md4.h>
+#endif
+#ifndef OPENSSL_NO_MD5
+# include <openssl/md5.h>
+#endif
+#ifndef OPENSSL_NO_HMAC
+# include <openssl/hmac.h>
+#endif
+#include <openssl/evp.h>
+#ifndef OPENSSL_NO_SHA
+# include <openssl/sha.h>
+#endif
+#ifndef OPENSSL_NO_RMD160
+# include <openssl/ripemd.h>
+#endif
+#ifndef OPENSSL_NO_WHIRLPOOL
+# include <openssl/whrlpool.h>
+#endif
+#ifndef OPENSSL_NO_RC4
+# include <openssl/rc4.h>
+#endif
+#ifndef OPENSSL_NO_RC5
+# include <openssl/rc5.h>
+#endif
+#ifndef OPENSSL_NO_RC2
+# include <openssl/rc2.h>
+#endif
+#ifndef OPENSSL_NO_IDEA
+# include <openssl/idea.h>
+#endif
+#ifndef OPENSSL_NO_SEED
+# include <openssl/seed.h>
+#endif
+#ifndef OPENSSL_NO_BF
+# include <openssl/blowfish.h>
+#endif
+#ifndef OPENSSL_NO_CAST
+# include <openssl/cast.h>
+#endif
+#ifndef OPENSSL_NO_RSA
+# include <openssl/rsa.h>
+# include "./testrsa.h"
+#endif
+#include <openssl/x509.h>
+#ifndef OPENSSL_NO_DSA
+# include <openssl/dsa.h>
+# include "./testdsa.h"
+#endif
+#ifndef OPENSSL_NO_ECDSA
+# include <openssl/ecdsa.h>
+#endif
+#ifndef OPENSSL_NO_ECDH
+# include <openssl/ecdh.h>
+#endif
+#include <openssl/modes.h>

-# ifndef HAVE_FORK
-# if defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_OS2) || defined(OPENSSL_SYS_NETWARE)
-# define HAVE_FORK 0
-# else
-# define HAVE_FORK 1
-# endif
-# endif
+#include <openssl/bn.h>

-# if HAVE_FORK
-# undef NO_FORK
+#ifndef HAVE_FORK
+# if defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_OS2) || defined(OPENSSL_SYS_NETWARE)
+# define HAVE_FORK 0
# else
-# define NO_FORK
+# define HAVE_FORK 1
# endif
+#endif

-# undef BUFSIZE
-# define BUFSIZE (1024*8+1)
-# define MAX_MISALIGNMENT 63
+#if HAVE_FORK
+# undef NO_FORK
+#else
+# define NO_FORK
+#endif
+
+#undef BUFSIZE
+#define BUFSIZE (1024*8+1)
+#define MAX_MISALIGNMENT 63

static volatile int run = 0;

@@ -221,18 +214,18 @@ static void print_message(const char *s, long num, int length);
static void pkey_print_message(const char *str, const char *str2,
long num, int bits, int sec);
static void print_result(int alg, int run_no, int count, double time_used);
-# ifndef NO_FORK
+#ifndef NO_FORK
static int do_multi(int multi);
-# endif
+#endif

-# define ALGOR_NUM 30
-# define SIZE_NUM 5
-# define PRIME_NUM 3
-# define RSA_NUM 7
-# define DSA_NUM 3
+#define ALGOR_NUM 30
+#define SIZE_NUM 5
+#define PRIME_NUM 3
+#define RSA_NUM 7
+#define DSA_NUM 3

-# define EC_NUM 16
-# define MAX_ECDH_SIZE 256
+#define EC_NUM 16
+#define MAX_ECDH_SIZE 256

static const char *names[ALGOR_NUM] = {
"md2", "mdc2", "md4", "md5", "hmac(md5)", "sha1", "rmd160", "rc4",
@@ -247,31 +240,31 @@ static const char *names[ALGOR_NUM] = {
static double results[ALGOR_NUM][SIZE_NUM];
static int lengths[SIZE_NUM] = { 16, 64, 256, 1024, 8 * 1024 };

-# ifndef OPENSSL_NO_RSA
+#ifndef OPENSSL_NO_RSA
static double rsa_results[RSA_NUM][2];
-# endif
-# ifndef OPENSSL_NO_DSA
+#endif
+#ifndef OPENSSL_NO_DSA
static double dsa_results[DSA_NUM][2];
-# endif
-# ifndef OPENSSL_NO_ECDSA
+#endif
+#ifndef OPENSSL_NO_ECDSA
static double ecdsa_results[EC_NUM][2];
-# endif
-# ifndef OPENSSL_NO_ECDH
+#endif
+#ifndef OPENSSL_NO_ECDH
static double ecdh_results[EC_NUM][1];
-# endif
+#endif

-# if defined(OPENSSL_NO_DSA) && !(defined(OPENSSL_NO_ECDSA) && defined(OPENSSL_NO_ECDH))
+#if defined(OPENSSL_NO_DSA) && !(defined(OPENSSL_NO_ECDSA) && defined(OPENSSL_NO_ECDH))
static const char rnd_seed[] =
"string to make the random number generator think it has entropy";
static int rnd_fake = 0;
-# endif
+#endif

-# ifdef SIGALRM
-# if defined(__STDC__) || defined(sgi) || defined(_AIX)
-# define SIGRETTYPE void
-# else
-# define SIGRETTYPE int
-# endif
+#ifdef SIGALRM
+# if defined(__STDC__) || defined(sgi) || defined(_AIX)
+# define SIGRETTYPE void
+# else
+# define SIGRETTYPE int
+# endif

static SIGRETTYPE sig_done(int sig);
static SIGRETTYPE sig_done(int sig)
@@ -279,23 +272,23 @@ static SIGRETTYPE sig_done(int sig)
signal(SIGALRM, sig_done);
run = 0;
}
-# endif
+#endif

-# define START 0
-# define STOP 1
+#define START 0
+#define STOP 1

-# if defined(_WIN32)
+#if defined(_WIN32)

-# if !defined(SIGALRM)
-# define SIGALRM
-# endif
+# if !defined(SIGALRM)
+# define SIGALRM
+# endif
static unsigned int lapse, schlock;
static void alarm_win32(unsigned int secs)
{
lapse = secs * 1000;
}

-# define alarm alarm_win32
+# define alarm alarm_win32

static DWORD WINAPI sleepy(VOID * arg)
{
@@ -330,7 +323,7 @@ static double Time_F(int s)

return ret;
}
-# else
+#else

static double Time_F(int s)
{
@@ -339,24 +332,24 @@ static double Time_F(int s)
alarm(0);
return ret;
}
-# endif
+#endif

-# ifndef OPENSSL_NO_ECDH
+#ifndef OPENSSL_NO_ECDH
static const int KDF1_SHA1_len = 20;
static void *KDF1_SHA1(const void *in, size_t inlen, void *out,
size_t *outlen)
{
-# ifndef OPENSSL_NO_SHA
+# ifndef OPENSSL_NO_SHA
if (*outlen < SHA_DIGEST_LENGTH)
return NULL;
else
*outlen = SHA_DIGEST_LENGTH;
return SHA1(in, inlen, out);
-# else
+# else
return NULL;
-# endif /* OPENSSL_NO_SHA */
+# endif /* OPENSSL_NO_SHA */
}
-# endif /* OPENSSL_NO_ECDH */
+#endif /* OPENSSL_NO_ECDH */

static void multiblock_speed(const EVP_CIPHER *evp_cipher);

@@ -369,67 +362,67 @@ int MAIN(int argc, char **argv)
int mret = 1;
long count = 0, save_count = 0;
int i, j, k;
-# if !defined(OPENSSL_NO_RSA) || !defined(OPENSSL_NO_DSA)
+#if !defined(OPENSSL_NO_RSA) || !defined(OPENSSL_NO_DSA)
long rsa_count;
-# endif
-# ifndef OPENSSL_NO_RSA
+#endif
+#ifndef OPENSSL_NO_RSA
unsigned rsa_num;
-# endif
+#endif
unsigned char md[EVP_MAX_MD_SIZE];
-# ifndef OPENSSL_NO_MD2
+#ifndef OPENSSL_NO_MD2
unsigned char md2[MD2_DIGEST_LENGTH];
-# endif
-# ifndef OPENSSL_NO_MDC2
+#endif
+#ifndef OPENSSL_NO_MDC2
unsigned char mdc2[MDC2_DIGEST_LENGTH];
-# endif
-# ifndef OPENSSL_NO_MD4
+#endif
+#ifndef OPENSSL_NO_MD4
unsigned char md4[MD4_DIGEST_LENGTH];
-# endif
-# ifndef OPENSSL_NO_MD5
+#endif
+#ifndef OPENSSL_NO_MD5
unsigned char md5[MD5_DIGEST_LENGTH];
unsigned char hmac[MD5_DIGEST_LENGTH];
-# endif
-# ifndef OPENSSL_NO_SHA
+#endif
+#ifndef OPENSSL_NO_SHA
unsigned char sha[SHA_DIGEST_LENGTH];
-# ifndef OPENSSL_NO_SHA256
+# ifndef OPENSSL_NO_SHA256
unsigned char sha256[SHA256_DIGEST_LENGTH];
-# endif
-# ifndef OPENSSL_NO_SHA512
+# endif
+# ifndef OPENSSL_NO_SHA512
unsigned char sha512[SHA512_DIGEST_LENGTH];
-# endif
# endif
-# ifndef OPENSSL_NO_WHIRLPOOL
+#endif
+#ifndef OPENSSL_NO_WHIRLPOOL
unsigned char whirlpool[WHIRLPOOL_DIGEST_LENGTH];
-# endif
-# ifndef OPENSSL_NO_RMD160
+#endif
+#ifndef OPENSSL_NO_RMD160
unsigned char rmd160[RIPEMD160_DIGEST_LENGTH];
-# endif
-# ifndef OPENSSL_NO_RC4
+#endif
+#ifndef OPENSSL_NO_RC4
RC4_KEY rc4_ks;
-# endif
-# ifndef OPENSSL_NO_RC5
+#endif
+#ifndef OPENSSL_NO_RC5
RC5_32_KEY rc5_ks;
-# endif
-# ifndef OPENSSL_NO_RC2
+#endif
+#ifndef OPENSSL_NO_RC2
RC2_KEY rc2_ks;
-# endif
-# ifndef OPENSSL_NO_IDEA
+#endif
+#ifndef OPENSSL_NO_IDEA
IDEA_KEY_SCHEDULE idea_ks;
-# endif
-# ifndef OPENSSL_NO_SEED
+#endif
+#ifndef OPENSSL_NO_SEED
SEED_KEY_SCHEDULE seed_ks;
-# endif
-# ifndef OPENSSL_NO_BF
+#endif
+#ifndef OPENSSL_NO_BF
BF_KEY bf_ks;
-# endif
-# ifndef OPENSSL_NO_CAST
+#endif
+#ifndef OPENSSL_NO_CAST
CAST_KEY cast_ks;
-# endif
+#endif
static const unsigned char key16[16] = {
0x12, 0x34, 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0,
0x34, 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0, 0x12
};
-# ifndef OPENSSL_NO_AES
+#ifndef OPENSSL_NO_AES
static const unsigned char key24[24] = {
0x12, 0x34, 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0,
0x34, 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0, 0x12,
@@ -441,8 +434,8 @@ int MAIN(int argc, char **argv)
0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0, 0x12, 0x34,
0x78, 0x9a, 0xbc, 0xde, 0xf0, 0x12, 0x34, 0x56
};
-# endif
-# ifndef OPENSSL_NO_CAMELLIA
+#endif
+#ifndef OPENSSL_NO_CAMELLIA
static const unsigned char ckey24[24] = {
0x12, 0x34, 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0,
0x34, 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0, 0x12,
@@ -454,15 +447,15 @@ int MAIN(int argc, char **argv)
0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0, 0x12, 0x34,
0x78, 0x9a, 0xbc, 0xde, 0xf0, 0x12, 0x34, 0x56
};
-# endif
-# ifndef OPENSSL_NO_AES
-# define MAX_BLOCK_SIZE 128
-# else
-# define MAX_BLOCK_SIZE 64
-# endif
+#endif
+#ifndef OPENSSL_NO_AES
+# define MAX_BLOCK_SIZE 128
+#else
+# define MAX_BLOCK_SIZE 64
+#endif
unsigned char DES_iv[8];
unsigned char iv[2 * MAX_BLOCK_SIZE / 8];
-# ifndef OPENSSL_NO_DES
+#ifndef OPENSSL_NO_DES
static DES_cblock key =
{ 0x12, 0x34, 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0 };
static DES_cblock key2 =
@@ -472,77 +465,77 @@ int MAIN(int argc, char **argv)
DES_key_schedule sch;
DES_key_schedule sch2;
DES_key_schedule sch3;
-# endif
-# ifndef OPENSSL_NO_AES
+#endif
+#ifndef OPENSSL_NO_AES
AES_KEY aes_ks1, aes_ks2, aes_ks3;
-# endif
-# ifndef OPENSSL_NO_CAMELLIA
+#endif
+#ifndef OPENSSL_NO_CAMELLIA
CAMELLIA_KEY camellia_ks1, camellia_ks2, camellia_ks3;
-# endif
-# define D_MD2 0
-# define D_MDC2 1
-# define D_MD4 2
-# define D_MD5 3
-# define D_HMAC 4
-# define D_SHA1 5
-# define D_RMD160 6
-# define D_RC4 7
-# define D_CBC_DES 8
-# define D_EDE3_DES 9
-# define D_CBC_IDEA 10
-# define D_CBC_SEED 11
-# define D_CBC_RC2 12
-# define D_CBC_RC5 13
-# define D_CBC_BF 14
-# define D_CBC_CAST 15
-# define D_CBC_128_AES 16
-# define D_CBC_192_AES 17
-# define D_CBC_256_AES 18
-# define D_CBC_128_CML 19
-# define D_CBC_192_CML 20
-# define D_CBC_256_CML 21
-# define D_EVP 22
-# define D_SHA256 23
-# define D_SHA512 24
-# define D_WHIRLPOOL 25
-# define D_IGE_128_AES 26
-# define D_IGE_192_AES 27
-# define D_IGE_256_AES 28
-# define D_GHASH 29
+#endif
+#define D_MD2 0
+#define D_MDC2 1
+#define D_MD4 2
+#define D_MD5 3
+#define D_HMAC 4
+#define D_SHA1 5
+#define D_RMD160 6
+#define D_RC4 7
+#define D_CBC_DES 8
+#define D_EDE3_DES 9
+#define D_CBC_IDEA 10
+#define D_CBC_SEED 11
+#define D_CBC_RC2 12
+#define D_CBC_RC5 13
+#define D_CBC_BF 14
+#define D_CBC_CAST 15
+#define D_CBC_128_AES 16
+#define D_CBC_192_AES 17
+#define D_CBC_256_AES 18
+#define D_CBC_128_CML 19
+#define D_CBC_192_CML 20
+#define D_CBC_256_CML 21
+#define D_EVP 22
+#define D_SHA256 23
+#define D_SHA512 24
+#define D_WHIRLPOOL 25
+#define D_IGE_128_AES 26
+#define D_IGE_192_AES 27
+#define D_IGE_256_AES 28
+#define D_GHASH 29
double d = 0.0;
long c[ALGOR_NUM][SIZE_NUM];

-# ifndef OPENSSL_SYS_WIN32
-# endif
-# define R_DSA_512 0
-# define R_DSA_1024 1
-# define R_DSA_2048 2
-# define R_RSA_512 0
-# define R_RSA_1024 1
-# define R_RSA_2048 2
-# define R_RSA_3072 3
-# define R_RSA_4096 4
-# define R_RSA_7680 5
-# define R_RSA_15360 6
-
-# define R_EC_P160 0
-# define R_EC_P192 1
-# define R_EC_P224 2
-# define R_EC_P256 3
-# define R_EC_P384 4
-# define R_EC_P521 5
-# define R_EC_K163 6
-# define R_EC_K233 7
-# define R_EC_K283 8
-# define R_EC_K409 9
-# define R_EC_K571 10
-# define R_EC_B163 11
-# define R_EC_B233 12
-# define R_EC_B283 13
-# define R_EC_B409 14
-# define R_EC_B571 15
-
-# ifndef OPENSSL_NO_RSA
+#ifndef OPENSSL_SYS_WIN32
+#endif
+#define R_DSA_512 0
+#define R_DSA_1024 1
+#define R_DSA_2048 2
+#define R_RSA_512 0
+#define R_RSA_1024 1
+#define R_RSA_2048 2
+#define R_RSA_3072 3
+#define R_RSA_4096 4
+#define R_RSA_7680 5
+#define R_RSA_15360 6
+
+#define R_EC_P160 0
+#define R_EC_P192 1
+#define R_EC_P224 2
+#define R_EC_P256 3
+#define R_EC_P384 4
+#define R_EC_P521 5
+#define R_EC_K163 6
+#define R_EC_K233 7
+#define R_EC_K283 8
+#define R_EC_K409 9
+#define R_EC_K571 10
+#define R_EC_B163 11
+#define R_EC_B233 12
+#define R_EC_B283 13
+#define R_EC_B409 14
+#define R_EC_B571 15
+
+#ifndef OPENSSL_NO_RSA
RSA *rsa_key[RSA_NUM];
long rsa_c[RSA_NUM][2];
static unsigned int rsa_bits[RSA_NUM] = {
@@ -557,13 +550,13 @@ int MAIN(int argc, char **argv)
sizeof(test4096), sizeof(test7680),
sizeof(test15360)
};
-# endif
-# ifndef OPENSSL_NO_DSA
+#endif
+#ifndef OPENSSL_NO_DSA
DSA *dsa_key[DSA_NUM];
long dsa_c[DSA_NUM][2];
static unsigned int dsa_bits[DSA_NUM] = { 512, 1024, 2048 };
-# endif
-# ifndef OPENSSL_NO_EC
+#endif
+#ifndef OPENSSL_NO_EC
/*
* We only test over the following curves as they are representative, To
* add tests over more curves, simply add the curve NID and curve name to
@@ -615,62 +608,62 @@ int MAIN(int argc, char **argv)
163, 233, 283, 409, 571
};

-# endif
+#endif

-# ifndef OPENSSL_NO_ECDSA
+#ifndef OPENSSL_NO_ECDSA
unsigned char ecdsasig[256];
unsigned int ecdsasiglen;
EC_KEY *ecdsa[EC_NUM];
long ecdsa_c[EC_NUM][2];
-# endif
+#endif

-# ifndef OPENSSL_NO_ECDH
+#ifndef OPENSSL_NO_ECDH
EC_KEY *ecdh_a[EC_NUM], *ecdh_b[EC_NUM];
unsigned char secret_a[MAX_ECDH_SIZE], secret_b[MAX_ECDH_SIZE];
int secret_size_a, secret_size_b;
int ecdh_checks = 0;
int secret_idx = 0;
long ecdh_c[EC_NUM][2];
-# endif
+#endif

int rsa_doit[RSA_NUM];
int dsa_doit[DSA_NUM];
-# ifndef OPENSSL_NO_ECDSA
+#ifndef OPENSSL_NO_ECDSA
int ecdsa_doit[EC_NUM];
-# endif
-# ifndef OPENSSL_NO_ECDH
+#endif
+#ifndef OPENSSL_NO_ECDH
int ecdh_doit[EC_NUM];
-# endif
+#endif
int doit[ALGOR_NUM];
int pr_header = 0;
const EVP_CIPHER *evp_cipher = NULL;
const EVP_MD *evp_md = NULL;
int decrypt = 0;
-# ifndef NO_FORK
+#ifndef NO_FORK
int multi = 0;
-# endif
+#endif
int multiblock = 0;
int misalign = MAX_MISALIGNMENT + 1;

-# ifndef TIMES
+#ifndef TIMES
usertime = -1;
-# endif
+#endif

apps_startup();
memset(results, 0, sizeof(results));
-# ifndef OPENSSL_NO_DSA
+#ifndef OPENSSL_NO_DSA
memset(dsa_key, 0, sizeof(dsa_key));
-# endif
-# ifndef OPENSSL_NO_ECDSA
+#endif
+#ifndef OPENSSL_NO_ECDSA
for (i = 0; i < EC_NUM; i++)
ecdsa[i] = NULL;
-# endif
-# ifndef OPENSSL_NO_ECDH
+#endif
+#ifndef OPENSSL_NO_ECDH
for (i = 0; i < EC_NUM; i++) {
ecdh_a[i] = NULL;
ecdh_b[i] = NULL;
}
-# endif
+#endif

if (bio_err == NULL)
if ((bio_err = BIO_new(BIO_s_file())) != NULL)
@@ -679,11 +672,11 @@ int MAIN(int argc, char **argv)
if (!load_config(bio_err, NULL))
goto end;

-# ifndef OPENSSL_NO_RSA
+#ifndef OPENSSL_NO_RSA
memset(rsa_key, 0, sizeof(rsa_key));
for (i = 0; i < RSA_NUM; i++)
rsa_key[i] = NULL;
-# endif
+#endif

if ((buf_malloc =
(unsigned char *)OPENSSL_malloc(BUFSIZE + misalign)) == NULL) {
@@ -711,14 +704,14 @@ int MAIN(int argc, char **argv)
rsa_doit[i] = 0;
for (i = 0; i < DSA_NUM; i++)
dsa_doit[i] = 0;
-# ifndef OPENSSL_NO_ECDSA
+#ifndef OPENSSL_NO_ECDSA
for (i = 0; i < EC_NUM; i++)
ecdsa_doit[i] = 0;
-# endif
-# ifndef OPENSSL_NO_ECDH
+#endif
+#ifndef OPENSSL_NO_ECDH
for (i = 0; i < EC_NUM; i++)
ecdh_doit[i] = 0;
-# endif
+#endif

j = 0;
argc--;
@@ -750,7 +743,7 @@ int MAIN(int argc, char **argv)
j--; /* Otherwise, -elapsed gets confused with an
* algorithm. */
}
-# ifndef OPENSSL_NO_ENGINE
+#ifndef OPENSSL_NO_ENGINE
else if ((argc > 0) && (strcmp(*argv, "-engine") == 0)) {
argc--;
argv++;
@@ -766,8 +759,8 @@ int MAIN(int argc, char **argv)
*/
j--;
}
-# endif
-# ifndef NO_FORK
+#endif
+#ifndef NO_FORK
else if ((argc > 0) && (strcmp(*argv, "-multi") == 0)) {
argc--;
argv++;
@@ -783,7 +776,7 @@ int MAIN(int argc, char **argv)
j--; /* Otherwise, -mr gets confused with an
* algorithm. */
}
-# endif
+#endif
else if (argc > 0 && !strcmp(*argv, "-mr")) {
mr = 1;
j--; /* Otherwise, -mr gets confused with an
@@ -809,54 +802,54 @@ int MAIN(int argc, char **argv)
buf2 = buf2_malloc + misalign;
j--;
} else
-# ifndef OPENSSL_NO_MD2
+#ifndef OPENSSL_NO_MD2
if (strcmp(*argv, "md2") == 0)
doit[D_MD2] = 1;
else
-# endif
-# ifndef OPENSSL_NO_MDC2
+#endif
+#ifndef OPENSSL_NO_MDC2
if (strcmp(*argv, "mdc2") == 0)
doit[D_MDC2] = 1;
else
-# endif
-# ifndef OPENSSL_NO_MD4
+#endif
+#ifndef OPENSSL_NO_MD4
if (strcmp(*argv, "md4") == 0)
doit[D_MD4] = 1;
else
-# endif
-# ifndef OPENSSL_NO_MD5
+#endif
+#ifndef OPENSSL_NO_MD5
if (strcmp(*argv, "md5") == 0)
doit[D_MD5] = 1;
else
-# endif
-# ifndef OPENSSL_NO_MD5
+#endif
+#ifndef OPENSSL_NO_MD5
if (strcmp(*argv, "hmac") == 0)
doit[D_HMAC] = 1;
else
-# endif
-# ifndef OPENSSL_NO_SHA
+#endif
+#ifndef OPENSSL_NO_SHA
if (strcmp(*argv, "sha1") == 0)
doit[D_SHA1] = 1;
else if (strcmp(*argv, "sha") == 0)
doit[D_SHA1] = 1, doit[D_SHA256] = 1, doit[D_SHA512] = 1;
else
-# ifndef OPENSSL_NO_SHA256
+# ifndef OPENSSL_NO_SHA256
if (strcmp(*argv, "sha256") == 0)
doit[D_SHA256] = 1;
else
-# endif
-# ifndef OPENSSL_NO_SHA512
+# endif
+# ifndef OPENSSL_NO_SHA512
if (strcmp(*argv, "sha512") == 0)
doit[D_SHA512] = 1;
else
-# endif
# endif
-# ifndef OPENSSL_NO_WHIRLPOOL
+#endif
+#ifndef OPENSSL_NO_WHIRLPOOL
if (strcmp(*argv, "whirlpool") == 0)
doit[D_WHIRLPOOL] = 1;
else
-# endif
-# ifndef OPENSSL_NO_RMD160
+#endif
+#ifndef OPENSSL_NO_RMD160
if (strcmp(*argv, "ripemd") == 0)
doit[D_RMD160] = 1;
else if (strcmp(*argv, "rmd160") == 0)
@@ -864,20 +857,20 @@ int MAIN(int argc, char **argv)
else if (strcmp(*argv, "ripemd160") == 0)
doit[D_RMD160] = 1;
else
-# endif
-# ifndef OPENSSL_NO_RC4
+#endif
+#ifndef OPENSSL_NO_RC4
if (strcmp(*argv, "rc4") == 0)
doit[D_RC4] = 1;
else
-# endif
-# ifndef OPENSSL_NO_DES
+#endif
+#ifndef OPENSSL_NO_DES
if (strcmp(*argv, "des-cbc") == 0)
doit[D_CBC_DES] = 1;
else if (strcmp(*argv, "des-ede3") == 0)
doit[D_EDE3_DES] = 1;
else
-# endif
-# ifndef OPENSSL_NO_AES
+#endif
+#ifndef OPENSSL_NO_AES
if (strcmp(*argv, "aes-128-cbc") == 0)
doit[D_CBC_128_AES] = 1;
else if (strcmp(*argv, "aes-192-cbc") == 0)
@@ -891,8 +884,8 @@ int MAIN(int argc, char **argv)
else if (strcmp(*argv, "aes-256-ige") == 0)
doit[D_IGE_256_AES] = 1;
else
-# endif
-# ifndef OPENSSL_NO_CAMELLIA
+#endif
+#ifndef OPENSSL_NO_CAMELLIA
if (strcmp(*argv, "camellia-128-cbc") == 0)
doit[D_CBC_128_CML] = 1;
else if (strcmp(*argv, "camellia-192-cbc") == 0)
@@ -900,21 +893,21 @@ int MAIN(int argc, char **argv)
else if (strcmp(*argv, "camellia-256-cbc") == 0)
doit[D_CBC_256_CML] = 1;
else
-# endif
-# ifndef OPENSSL_NO_RSA
-# if 0 /* was: #ifdef RSAref */
+#endif
+#ifndef OPENSSL_NO_RSA
+# if 0 /* was: #ifdef RSAref */
if (strcmp(*argv, "rsaref") == 0) {
RSA_set_default_openssl_method(RSA_PKCS1_RSAref());
j--;
} else
-# endif
-# ifndef RSA_NULL
+# endif
+# ifndef RSA_NULL
if (strcmp(*argv, "openssl") == 0) {
RSA_set_default_method(RSA_PKCS1_SSLeay());
j--;
} else
-# endif
-# endif /* !OPENSSL_NO_RSA */
+# endif
+#endif /* !OPENSSL_NO_RSA */
if (strcmp(*argv, "dsa512") == 0)
dsa_doit[R_DSA_512] = 2;
else if (strcmp(*argv, "dsa1024") == 0)
@@ -936,35 +929,35 @@ int MAIN(int argc, char **argv)
else if (strcmp(*argv, "rsa15360") == 0)
rsa_doit[R_RSA_15360] = 2;
else
-# ifndef OPENSSL_NO_RC2
+#ifndef OPENSSL_NO_RC2
if (strcmp(*argv, "rc2-cbc") == 0)
doit[D_CBC_RC2] = 1;
else if (strcmp(*argv, "rc2") == 0)
doit[D_CBC_RC2] = 1;
else
-# endif
-# ifndef OPENSSL_NO_RC5
+#endif
+#ifndef OPENSSL_NO_RC5
if (strcmp(*argv, "rc5-cbc") == 0)
doit[D_CBC_RC5] = 1;
else if (strcmp(*argv, "rc5") == 0)
doit[D_CBC_RC5] = 1;
else
-# endif
-# ifndef OPENSSL_NO_IDEA
+#endif
+#ifndef OPENSSL_NO_IDEA
if (strcmp(*argv, "idea-cbc") == 0)
doit[D_CBC_IDEA] = 1;
else if (strcmp(*argv, "idea") == 0)
doit[D_CBC_IDEA] = 1;
else
-# endif
-# ifndef OPENSSL_NO_SEED
+#endif
+#ifndef OPENSSL_NO_SEED
if (strcmp(*argv, "seed-cbc") == 0)
doit[D_CBC_SEED] = 1;
else if (strcmp(*argv, "seed") == 0)
doit[D_CBC_SEED] = 1;
else
-# endif
-# ifndef OPENSSL_NO_BF
+#endif
+#ifndef OPENSSL_NO_BF
if (strcmp(*argv, "bf-cbc") == 0)
doit[D_CBC_BF] = 1;
else if (strcmp(*argv, "blowfish") == 0)
@@ -972,8 +965,8 @@ int MAIN(int argc, char **argv)
else if (strcmp(*argv, "bf") == 0)
doit[D_CBC_BF] = 1;
else
-# endif
-# ifndef OPENSSL_NO_CAST
+#endif
+#ifndef OPENSSL_NO_CAST
if (strcmp(*argv, "cast-cbc") == 0)
doit[D_CBC_CAST] = 1;
else if (strcmp(*argv, "cast") == 0)
@@ -981,14 +974,14 @@ int MAIN(int argc, char **argv)
else if (strcmp(*argv, "cast5") == 0)
doit[D_CBC_CAST] = 1;
else
-# endif
-# ifndef OPENSSL_NO_DES
+#endif
+#ifndef OPENSSL_NO_DES
if (strcmp(*argv, "des") == 0) {
doit[D_CBC_DES] = 1;
doit[D_EDE3_DES] = 1;
} else
-# endif
-# ifndef OPENSSL_NO_AES
+#endif
+#ifndef OPENSSL_NO_AES
if (strcmp(*argv, "aes") == 0) {
doit[D_CBC_128_AES] = 1;
doit[D_CBC_192_AES] = 1;
@@ -996,15 +989,15 @@ int MAIN(int argc, char **argv)
} else if (strcmp(*argv, "ghash") == 0) {
doit[D_GHASH] = 1;
} else
-# endif
-# ifndef OPENSSL_NO_CAMELLIA
+#endif
+#ifndef OPENSSL_NO_CAMELLIA
if (strcmp(*argv, "camellia") == 0) {
doit[D_CBC_128_CML] = 1;
doit[D_CBC_192_CML] = 1;
doit[D_CBC_256_CML] = 1;
} else
-# endif
-# ifndef OPENSSL_NO_RSA
+#endif
+#ifndef OPENSSL_NO_RSA
if (strcmp(*argv, "rsa") == 0) {
rsa_doit[R_RSA_512] = 1;
rsa_doit[R_RSA_1024] = 1;
@@ -1014,15 +1007,15 @@ int MAIN(int argc, char **argv)
rsa_doit[R_RSA_7680] = 1;
rsa_doit[R_RSA_15360] = 1;
} else
-# endif
-# ifndef OPENSSL_NO_DSA
+#endif
+#ifndef OPENSSL_NO_DSA
if (strcmp(*argv, "dsa") == 0) {
dsa_doit[R_DSA_512] = 1;
dsa_doit[R_DSA_1024] = 1;
dsa_doit[R_DSA_2048] = 1;
} else
-# endif
-# ifndef OPENSSL_NO_ECDSA
+#endif
+#ifndef OPENSSL_NO_ECDSA
if (strcmp(*argv, "ecdsap160") == 0)
ecdsa_doit[R_EC_P160] = 2;
else if (strcmp(*argv, "ecdsap192") == 0)
@@ -1059,8 +1052,8 @@ int MAIN(int argc, char **argv)
for (i = 0; i < EC_NUM; i++)
ecdsa_doit[i] = 1;
} else
-# endif
-# ifndef OPENSSL_NO_ECDH
+#endif
+#ifndef OPENSSL_NO_ECDH
if (strcmp(*argv, "ecdhp160") == 0)
ecdh_doit[R_EC_P160] = 2;
else if (strcmp(*argv, "ecdhp192") == 0)
@@ -1097,94 +1090,94 @@ int MAIN(int argc, char **argv)
for (i = 0; i < EC_NUM; i++)
ecdh_doit[i] = 1;
} else
-# endif
+#endif
{
BIO_printf(bio_err, "Error: bad option or value\n");
BIO_printf(bio_err, "\n");
BIO_printf(bio_err, "Available values:\n");
-# ifndef OPENSSL_NO_MD2
+#ifndef OPENSSL_NO_MD2
BIO_printf(bio_err, "md2 ");
-# endif
-# ifndef OPENSSL_NO_MDC2
+#endif
+#ifndef OPENSSL_NO_MDC2
BIO_printf(bio_err, "mdc2 ");
-# endif
-# ifndef OPENSSL_NO_MD4
+#endif
+#ifndef OPENSSL_NO_MD4
BIO_printf(bio_err, "md4 ");
-# endif
-# ifndef OPENSSL_NO_MD5
+#endif
+#ifndef OPENSSL_NO_MD5
BIO_printf(bio_err, "md5 ");
-# ifndef OPENSSL_NO_HMAC
+# ifndef OPENSSL_NO_HMAC
BIO_printf(bio_err, "hmac ");
-# endif
# endif
-# ifndef OPENSSL_NO_SHA1
+#endif
+#ifndef OPENSSL_NO_SHA1
BIO_printf(bio_err, "sha1 ");
-# endif
-# ifndef OPENSSL_NO_SHA256
+#endif
+#ifndef OPENSSL_NO_SHA256
BIO_printf(bio_err, "sha256 ");
-# endif
-# ifndef OPENSSL_NO_SHA512
+#endif
+#ifndef OPENSSL_NO_SHA512
BIO_printf(bio_err, "sha512 ");
-# endif
-# ifndef OPENSSL_NO_WHIRLPOOL
+#endif
+#ifndef OPENSSL_NO_WHIRLPOOL
BIO_printf(bio_err, "whirlpool");
-# endif
-# ifndef OPENSSL_NO_RMD160
+#endif
+#ifndef OPENSSL_NO_RMD160
BIO_printf(bio_err, "rmd160");
-# endif
-# if !defined(OPENSSL_NO_MD2) || !defined(OPENSSL_NO_MDC2) || \
+#endif
+#if !defined(OPENSSL_NO_MD2) || !defined(OPENSSL_NO_MDC2) || \
!defined(OPENSSL_NO_MD4) || !defined(OPENSSL_NO_MD5) || \
!defined(OPENSSL_NO_SHA1) || !defined(OPENSSL_NO_RMD160) || \
!defined(OPENSSL_NO_WHIRLPOOL)
BIO_printf(bio_err, "\n");
-# endif
+#endif

-# ifndef OPENSSL_NO_IDEA
+#ifndef OPENSSL_NO_IDEA
BIO_printf(bio_err, "idea-cbc ");
-# endif
-# ifndef OPENSSL_NO_SEED
+#endif
+#ifndef OPENSSL_NO_SEED
BIO_printf(bio_err, "seed-cbc ");
-# endif
-# ifndef OPENSSL_NO_RC2
+#endif
+#ifndef OPENSSL_NO_RC2
BIO_printf(bio_err, "rc2-cbc ");
-# endif
-# ifndef OPENSSL_NO_RC5
+#endif
+#ifndef OPENSSL_NO_RC5
BIO_printf(bio_err, "rc5-cbc ");
-# endif
-# ifndef OPENSSL_NO_BF
+#endif
+#ifndef OPENSSL_NO_BF
BIO_printf(bio_err, "bf-cbc");
-# endif
-# if !defined(OPENSSL_NO_IDEA) || !defined(OPENSSL_NO_SEED) || !defined(OPENSSL_NO_RC2) || \
+#endif
+#if !defined(OPENSSL_NO_IDEA) || !defined(OPENSSL_NO_SEED) || !defined(OPENSSL_NO_RC2) || \
!defined(OPENSSL_NO_BF) || !defined(OPENSSL_NO_RC5)
BIO_printf(bio_err, "\n");
-# endif
-# ifndef OPENSSL_NO_DES
+#endif
+#ifndef OPENSSL_NO_DES
BIO_printf(bio_err, "des-cbc des-ede3 ");
-# endif
-# ifndef OPENSSL_NO_AES
+#endif
+#ifndef OPENSSL_NO_AES
BIO_printf(bio_err, "aes-128-cbc aes-192-cbc aes-256-cbc ");
BIO_printf(bio_err, "aes-128-ige aes-192-ige aes-256-ige ");
-# endif
-# ifndef OPENSSL_NO_CAMELLIA
+#endif
+#ifndef OPENSSL_NO_CAMELLIA
BIO_printf(bio_err, "\n");
BIO_printf(bio_err,
"camellia-128-cbc camellia-192-cbc camellia-256-cbc ");
-# endif
-# ifndef OPENSSL_NO_RC4
+#endif
+#ifndef OPENSSL_NO_RC4
BIO_printf(bio_err, "rc4");
-# endif
+#endif
BIO_printf(bio_err, "\n");

-# ifndef OPENSSL_NO_RSA
+#ifndef OPENSSL_NO_RSA
BIO_printf(bio_err,
"rsa512 rsa1024 rsa2048 rsa3072 rsa4096\n");
BIO_printf(bio_err, "rsa7680 rsa15360\n");
-# endif
+#endif

-# ifndef OPENSSL_NO_DSA
+#ifndef OPENSSL_NO_DSA
BIO_printf(bio_err, "dsa512 dsa1024 dsa2048\n");
-# endif
-# ifndef OPENSSL_NO_ECDSA
+#endif
+#ifndef OPENSSL_NO_ECDSA
BIO_printf(bio_err, "ecdsap160 ecdsap192 ecdsap224 "
"ecdsap256 ecdsap384 ecdsap521\n");
BIO_printf(bio_err,
@@ -1192,8 +1185,8 @@ int MAIN(int argc, char **argv)
BIO_printf(bio_err,
"ecdsab163 ecdsab233 ecdsab283 ecdsab409 ecdsab571\n");
BIO_printf(bio_err, "ecdsa\n");
-# endif
-# ifndef OPENSSL_NO_ECDH
+#endif
+#ifndef OPENSSL_NO_ECDH
BIO_printf(bio_err, "ecdhp160 ecdhp192 ecdhp224 "
"ecdhp256 ecdhp384 ecdhp521\n");
BIO_printf(bio_err,
@@ -1201,50 +1194,50 @@ int MAIN(int argc, char **argv)
BIO_printf(bio_err,
"ecdhb163 ecdhb233 ecdhb283 ecdhb409 ecdhb571\n");
BIO_printf(bio_err, "ecdh\n");
-# endif
+#endif

-# ifndef OPENSSL_NO_IDEA
+#ifndef OPENSSL_NO_IDEA
BIO_printf(bio_err, "idea ");
-# endif
-# ifndef OPENSSL_NO_SEED
+#endif
+#ifndef OPENSSL_NO_SEED
BIO_printf(bio_err, "seed ");
-# endif
-# ifndef OPENSSL_NO_RC2
+#endif
+#ifndef OPENSSL_NO_RC2
BIO_printf(bio_err, "rc2 ");
-# endif
-# ifndef OPENSSL_NO_DES
+#endif
+#ifndef OPENSSL_NO_DES
BIO_printf(bio_err, "des ");
-# endif
-# ifndef OPENSSL_NO_AES
+#endif
+#ifndef OPENSSL_NO_AES
BIO_printf(bio_err, "aes ");
-# endif
-# ifndef OPENSSL_NO_CAMELLIA
+#endif
+#ifndef OPENSSL_NO_CAMELLIA
BIO_printf(bio_err, "camellia ");
-# endif
-# ifndef OPENSSL_NO_RSA
+#endif
+#ifndef OPENSSL_NO_RSA
BIO_printf(bio_err, "rsa ");
-# endif
-# ifndef OPENSSL_NO_BF
+#endif
+#ifndef OPENSSL_NO_BF
BIO_printf(bio_err, "blowfish");
-# endif
-# if !defined(OPENSSL_NO_IDEA) || !defined(OPENSSL_NO_SEED) || \
+#endif
+#if !defined(OPENSSL_NO_IDEA) || !defined(OPENSSL_NO_SEED) || \
!defined(OPENSSL_NO_RC2) || !defined(OPENSSL_NO_DES) || \
!defined(OPENSSL_NO_RSA) || !defined(OPENSSL_NO_BF) || \
!defined(OPENSSL_NO_AES) || !defined(OPENSSL_NO_CAMELLIA)
BIO_printf(bio_err, "\n");
-# endif
+#endif

BIO_printf(bio_err, "\n");
BIO_printf(bio_err, "Available options:\n");
-# if defined(TIMES) || defined(USE_TOD)
+#if defined(TIMES) || defined(USE_TOD)
BIO_printf(bio_err, "-elapsed "
"measure time in real time instead of CPU user time.\n");
-# endif
-# ifndef OPENSSL_NO_ENGINE
+#endif
+#ifndef OPENSSL_NO_ENGINE
BIO_printf(bio_err,
"-engine e "
"use engine e, possibly a hardware device.\n");
-# endif
+#endif
BIO_printf(bio_err, "-evp e " "use EVP e.\n");
BIO_printf(bio_err,
"-decrypt "
@@ -1258,10 +1251,10 @@ int MAIN(int argc, char **argv)
BIO_printf(bio_err,
"-misalign n "
"perform benchmark with misaligned data\n");
-# ifndef NO_FORK
+#ifndef NO_FORK
BIO_printf(bio_err,
"-multi n " "run n benchmarks in parallel.\n");
-# endif
+#endif
goto end;
}
argc--;
@@ -1269,10 +1262,10 @@ int MAIN(int argc, char **argv)
j++;
}

-# ifndef NO_FORK
+#ifndef NO_FORK
if (multi && do_multi(multi))
goto show_res;
-# endif
+#endif

if (j == 0) {
for (i = 0; i < ALGOR_NUM; i++) {
@@ -1283,14 +1276,14 @@ int MAIN(int argc, char **argv)
rsa_doit[i] = 1;
for (i = 0; i < DSA_NUM; i++)
dsa_doit[i] = 1;
-# ifndef OPENSSL_NO_ECDSA
+#ifndef OPENSSL_NO_ECDSA
for (i = 0; i < EC_NUM; i++)
ecdsa_doit[i] = 1;
-# endif
-# ifndef OPENSSL_NO_ECDH
+#endif
+#ifndef OPENSSL_NO_ECDH
for (i = 0; i < EC_NUM; i++)
ecdh_doit[i] = 1;
-# endif
+#endif
}
for (i = 0; i < ALGOR_NUM; i++)
if (doit[i])
@@ -1301,7 +1294,7 @@ int MAIN(int argc, char **argv)
"You have chosen to measure elapsed time "
"instead of user CPU time.\n");

-# ifndef OPENSSL_NO_RSA
+#ifndef OPENSSL_NO_RSA
for (i = 0; i < RSA_NUM; i++) {
const unsigned char *p;

@@ -1312,7 +1305,7 @@ int MAIN(int argc, char **argv)
i);
goto end;
}
-# if 0
+# if 0
else {
BIO_printf(bio_err,
mr ? "+RK:%d:"
@@ -1321,57 +1314,57 @@ int MAIN(int argc, char **argv)
BN_print(bio_err, rsa_key[i]->e);
BIO_printf(bio_err, "\n");
}
-# endif
- }
# endif
+ }
+#endif

-# ifndef OPENSSL_NO_DSA
+#ifndef OPENSSL_NO_DSA
dsa_key[0] = get_dsa512();
dsa_key[1] = get_dsa1024();
dsa_key[2] = get_dsa2048();
-# endif
+#endif

-# ifndef OPENSSL_NO_DES
+#ifndef OPENSSL_NO_DES
DES_set_key_unchecked(&key, &sch);
DES_set_key_unchecked(&key2, &sch2);
DES_set_key_unchecked(&key3, &sch3);
-# endif
-# ifndef OPENSSL_NO_AES
+#endif
+#ifndef OPENSSL_NO_AES
AES_set_encrypt_key(key16, 128, &aes_ks1);
AES_set_encrypt_key(key24, 192, &aes_ks2);
AES_set_encrypt_key(key32, 256, &aes_ks3);
-# endif
-# ifndef OPENSSL_NO_CAMELLIA
+#endif
+#ifndef OPENSSL_NO_CAMELLIA
Camellia_set_key(key16, 128, &camellia_ks1);
Camellia_set_key(ckey24, 192, &camellia_ks2);
Camellia_set_key(ckey32, 256, &camellia_ks3);
-# endif
-# ifndef OPENSSL_NO_IDEA
+#endif
+#ifndef OPENSSL_NO_IDEA
idea_set_encrypt_key(key16, &idea_ks);
-# endif
-# ifndef OPENSSL_NO_SEED
+#endif
+#ifndef OPENSSL_NO_SEED
SEED_set_key(key16, &seed_ks);
-# endif
-# ifndef OPENSSL_NO_RC4
+#endif
+#ifndef OPENSSL_NO_RC4
RC4_set_key(&rc4_ks, 16, key16);
-# endif
-# ifndef OPENSSL_NO_RC2
+#endif
+#ifndef OPENSSL_NO_RC2
RC2_set_key(&rc2_ks, 16, key16, 128);
-# endif
-# ifndef OPENSSL_NO_RC5
+#endif
+#ifndef OPENSSL_NO_RC5
RC5_32_set_key(&rc5_ks, 16, key16, 12);
-# endif
-# ifndef OPENSSL_NO_BF
+#endif
+#ifndef OPENSSL_NO_BF
BF_set_key(&bf_ks, 16, key16);
-# endif
-# ifndef OPENSSL_NO_CAST
+#endif
+#ifndef OPENSSL_NO_CAST
CAST_set_key(&cast_ks, 16, key16);
-# endif
-# ifndef OPENSSL_NO_RSA
+#endif
+#ifndef OPENSSL_NO_RSA
memset(rsa_c, 0, sizeof(rsa_c));
-# endif
-# ifndef SIGALRM
-# ifndef OPENSSL_NO_DES
+#endif
+#ifndef SIGALRM
+# ifndef OPENSSL_NO_DES
BIO_printf(bio_err, "First we calculate the approximate speed ...\n");
count = 10;
do {
@@ -1453,7 +1446,7 @@ int MAIN(int argc, char **argv)
c[D_IGE_256_AES][i] = c[D_IGE_256_AES][i - 1] * l0 / l1;
}

-# ifndef OPENSSL_NO_RSA
+# ifndef OPENSSL_NO_RSA
rsa_c[R_RSA_512][0] = count / 2000;
rsa_c[R_RSA_512][1] = count / 400;
for (i = 1; i < RSA_NUM; i++) {
@@ -1468,9 +1461,9 @@ int MAIN(int argc, char **argv)
}
}
}
-# endif
+# endif

-# ifndef OPENSSL_NO_DSA
+# ifndef OPENSSL_NO_DSA
dsa_c[R_DSA_512][0] = count / 1000;
dsa_c[R_DSA_512][1] = count / 1000 / 2;
for (i = 1; i < DSA_NUM; i++) {
@@ -1485,9 +1478,9 @@ int MAIN(int argc, char **argv)
}
}
}
-# endif
+# endif

-# ifndef OPENSSL_NO_ECDSA
+# ifndef OPENSSL_NO_ECDSA
ecdsa_c[R_EC_P160][0] = count / 1000;
ecdsa_c[R_EC_P160][1] = count / 1000 / 2;
for (i = R_EC_P192; i <= R_EC_P521; i++) {
@@ -1530,9 +1523,9 @@ int MAIN(int argc, char **argv)
}
}
}
-# endif
+# endif

-# ifndef OPENSSL_NO_ECDH
+# ifndef OPENSSL_NO_ECDH
ecdh_c[R_EC_P160][0] = count / 1000;
ecdh_c[R_EC_P160][1] = count / 1000;
for (i = R_EC_P192; i <= R_EC_P521; i++) {
@@ -1575,23 +1568,23 @@ int MAIN(int argc, char **argv)
}
}
}
-# endif
+# endif

-# define COND(d) (count < (d))
-# define COUNT(d) (d)
-# else
-/* not worth fixing */
-# error "You cannot disable DES on systems without SIGALRM."
-# endif /* OPENSSL_NO_DES */
+# define COND(d) (count < (d))
+# define COUNT(d) (d)
# else
-# define COND(c) (run && count<0x7fffffff)
-# define COUNT(d) (count)
-# ifndef _WIN32
+/* not worth fixing */
+# error "You cannot disable DES on systems without SIGALRM."
+# endif /* OPENSSL_NO_DES */
+#else
+# define COND(c) (run && count<0x7fffffff)
+# define COUNT(d) (count)
+# ifndef _WIN32
signal(SIGALRM, sig_done);
-# endif
-# endif /* SIGALRM */
+# endif
+#endif /* SIGALRM */

-# ifndef OPENSSL_NO_MD2
+#ifndef OPENSSL_NO_MD2
if (doit[D_MD2]) {
for (j = 0; j < SIZE_NUM; j++) {
print_message(names[D_MD2], c[D_MD2][j], lengths[j]);
@@ -1603,8 +1596,8 @@ int MAIN(int argc, char **argv)
print_result(D_MD2, j, count, d);
}
}
-# endif
-# ifndef OPENSSL_NO_MDC2
+#endif
+#ifndef OPENSSL_NO_MDC2
if (doit[D_MDC2]) {
for (j = 0; j < SIZE_NUM; j++) {
print_message(names[D_MDC2], c[D_MDC2][j], lengths[j]);
@@ -1616,9 +1609,9 @@ int MAIN(int argc, char **argv)
print_result(D_MDC2, j, count, d);
}
}
-# endif
+#endif

-# ifndef OPENSSL_NO_MD4
+#ifndef OPENSSL_NO_MD4
if (doit[D_MD4]) {
for (j = 0; j < SIZE_NUM; j++) {
print_message(names[D_MD4], c[D_MD4][j], lengths[j]);
@@ -1630,9 +1623,9 @@ int MAIN(int argc, char **argv)
print_result(D_MD4, j, count, d);
}
}
-# endif
+#endif

-# ifndef OPENSSL_NO_MD5
+#ifndef OPENSSL_NO_MD5
if (doit[D_MD5]) {
for (j = 0; j < SIZE_NUM; j++) {
print_message(names[D_MD5], c[D_MD5][j], lengths[j]);
@@ -1643,9 +1636,9 @@ int MAIN(int argc, char **argv)
print_result(D_MD5, j, count, d);
}
}
-# endif
+#endif

-# if !defined(OPENSSL_NO_MD5) && !defined(OPENSSL_NO_HMAC)
+#if !defined(OPENSSL_NO_MD5) && !defined(OPENSSL_NO_HMAC)
if (doit[D_HMAC]) {
HMAC_CTX hctx;

@@ -1666,24 +1659,24 @@ int MAIN(int argc, char **argv)
}
HMAC_CTX_cleanup(&hctx);
}
-# endif
-# ifndef OPENSSL_NO_SHA
+#endif
+#ifndef OPENSSL_NO_SHA
if (doit[D_SHA1]) {
for (j = 0; j < SIZE_NUM; j++) {
print_message(names[D_SHA1], c[D_SHA1][j], lengths[j]);
Time_F(START);
for (count = 0, run = 1; COND(c[D_SHA1][j]); count++)
-# if 0
+# if 0
EVP_Digest(buf, (unsigned long)lengths[j], &(sha[0]), NULL,
EVP_sha1(), NULL);
-# else
+# else
SHA1(buf, lengths[j], sha);
-# endif
+# endif
d = Time_F(STOP);
print_result(D_SHA1, j, count, d);
}
}
-# ifndef OPENSSL_NO_SHA256
+# ifndef OPENSSL_NO_SHA256
if (doit[D_SHA256]) {
for (j = 0; j < SIZE_NUM; j++) {
print_message(names[D_SHA256], c[D_SHA256][j], lengths[j]);
@@ -1694,9 +1687,9 @@ int MAIN(int argc, char **argv)
print_result(D_SHA256, j, count, d);
}
}
-# endif
+# endif

-# ifndef OPENSSL_NO_SHA512
+# ifndef OPENSSL_NO_SHA512
if (doit[D_SHA512]) {
for (j = 0; j < SIZE_NUM; j++) {
print_message(names[D_SHA512], c[D_SHA512][j], lengths[j]);
@@ -1707,10 +1700,10 @@ int MAIN(int argc, char **argv)
print_result(D_SHA512, j, count, d);
}
}
-# endif
# endif
+#endif

-# ifndef OPENSSL_NO_WHIRLPOOL
+#ifndef OPENSSL_NO_WHIRLPOOL
if (doit[D_WHIRLPOOL]) {
for (j = 0; j < SIZE_NUM; j++) {
print_message(names[D_WHIRLPOOL], c[D_WHIRLPOOL][j], lengths[j]);
@@ -1721,9 +1714,9 @@ int MAIN(int argc, char **argv)
print_result(D_WHIRLPOOL, j, count, d);
}
}
-# endif
+#endif

-# ifndef OPENSSL_NO_RMD160
+#ifndef OPENSSL_NO_RMD160
if (doit[D_RMD160]) {
for (j = 0; j < SIZE_NUM; j++) {
print_message(names[D_RMD160], c[D_RMD160][j], lengths[j]);
@@ -1735,8 +1728,8 @@ int MAIN(int argc, char **argv)
print_result(D_RMD160, j, count, d);
}
}
-# endif
-# ifndef OPENSSL_NO_RC4
+#endif
+#ifndef OPENSSL_NO_RC4
if (doit[D_RC4]) {
for (j = 0; j < SIZE_NUM; j++) {
print_message(names[D_RC4], c[D_RC4][j], lengths[j]);
@@ -1747,8 +1740,8 @@ int MAIN(int argc, char **argv)
print_result(D_RC4, j, count, d);
}
}
-# endif
-# ifndef OPENSSL_NO_DES
+#endif
+#ifndef OPENSSL_NO_DES
if (doit[D_CBC_DES]) {
for (j = 0; j < SIZE_NUM; j++) {
print_message(names[D_CBC_DES], c[D_CBC_DES][j], lengths[j]);
@@ -1773,8 +1766,8 @@ int MAIN(int argc, char **argv)
print_result(D_EDE3_DES, j, count, d);
}
}
-# endif
-# ifndef OPENSSL_NO_AES
+#endif
+#ifndef OPENSSL_NO_AES
if (doit[D_CBC_128_AES]) {
for (j = 0; j < SIZE_NUM; j++) {
print_message(names[D_CBC_128_AES], c[D_CBC_128_AES][j],
@@ -1869,8 +1862,8 @@ int MAIN(int argc, char **argv)
}
CRYPTO_gcm128_release(ctx);
}
-# endif
-# ifndef OPENSSL_NO_CAMELLIA
+#endif
+#ifndef OPENSSL_NO_CAMELLIA
if (doit[D_CBC_128_CML]) {
for (j = 0; j < SIZE_NUM; j++) {
print_message(names[D_CBC_128_CML], c[D_CBC_128_CML][j],
@@ -1910,8 +1903,8 @@ int MAIN(int argc, char **argv)
print_result(D_CBC_256_CML, j, count, d);
}
}
-# endif
-# ifndef OPENSSL_NO_IDEA
+#endif
+#ifndef OPENSSL_NO_IDEA
if (doit[D_CBC_IDEA]) {
for (j = 0; j < SIZE_NUM; j++) {
print_message(names[D_CBC_IDEA], c[D_CBC_IDEA][j], lengths[j]);
@@ -1924,8 +1917,8 @@ int MAIN(int argc, char **argv)
print_result(D_CBC_IDEA, j, count, d);
}
}
-# endif
-# ifndef OPENSSL_NO_SEED
+#endif
+#ifndef OPENSSL_NO_SEED
if (doit[D_CBC_SEED]) {
for (j = 0; j < SIZE_NUM; j++) {
print_message(names[D_CBC_SEED], c[D_CBC_SEED][j], lengths[j]);
@@ -1937,8 +1930,8 @@ int MAIN(int argc, char **argv)
print_result(D_CBC_SEED, j, count, d);
}
}
-# endif
-# ifndef OPENSSL_NO_RC2
+#endif
+#ifndef OPENSSL_NO_RC2
if (doit[D_CBC_RC2]) {
for (j = 0; j < SIZE_NUM; j++) {
print_message(names[D_CBC_RC2], c[D_CBC_RC2][j], lengths[j]);
@@ -1951,8 +1944,8 @@ int MAIN(int argc, char **argv)
print_result(D_CBC_RC2, j, count, d);
}
}
-# endif
-# ifndef OPENSSL_NO_RC5
+#endif
+#ifndef OPENSSL_NO_RC5
if (doit[D_CBC_RC5]) {
for (j = 0; j < SIZE_NUM; j++) {
print_message(names[D_CBC_RC5], c[D_CBC_RC5][j], lengths[j]);
@@ -1965,8 +1958,8 @@ int MAIN(int argc, char **argv)
print_result(D_CBC_RC5, j, count, d);
}
}
-# endif
-# ifndef OPENSSL_NO_BF
+#endif
+#ifndef OPENSSL_NO_BF
if (doit[D_CBC_BF]) {
for (j = 0; j < SIZE_NUM; j++) {
print_message(names[D_CBC_BF], c[D_CBC_BF][j], lengths[j]);
@@ -1979,8 +1972,8 @@ int MAIN(int argc, char **argv)
print_result(D_CBC_BF, j, count, d);
}
}
-# endif
-# ifndef OPENSSL_NO_CAST
+#endif
+#ifndef OPENSSL_NO_CAST
if (doit[D_CBC_CAST]) {
for (j = 0; j < SIZE_NUM; j++) {
print_message(names[D_CBC_CAST], c[D_CBC_CAST][j], lengths[j]);
@@ -1993,10 +1986,10 @@ int MAIN(int argc, char **argv)
print_result(D_CBC_CAST, j, count, d);
}
}
-# endif
+#endif

if (doit[D_EVP]) {
-# ifdef EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK
+#ifdef EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK
if (multiblock && evp_cipher) {
if (!
(EVP_CIPHER_flags(evp_cipher) &
@@ -2009,7 +2002,7 @@ int MAIN(int argc, char **argv)
mret = 0;
goto end;
}
-# endif
+#endif
for (j = 0; j < SIZE_NUM; j++) {
if (evp_cipher) {
EVP_CIPHER_CTX ctx;
@@ -2061,10 +2054,10 @@ int MAIN(int argc, char **argv)
print_result(D_EVP, j, count, d);
}
}
-# ifndef OPENSSL_SYS_WIN32
-# endif
+#ifndef OPENSSL_SYS_WIN32
+#endif
RAND_pseudo_bytes(buf, 36);
-# ifndef OPENSSL_NO_RSA
+#ifndef OPENSSL_NO_RSA
for (j = 0; j < RSA_NUM; j++) {
int ret;
if (!rsa_doit[j])
@@ -2099,7 +2092,7 @@ int MAIN(int argc, char **argv)
rsa_count = count;
}

-# if 1
+# if 1
ret = RSA_verify(NID_md5_sha1, buf, 36, buf2, rsa_num, rsa_key[j]);
if (ret <= 0) {
BIO_printf(bio_err,
@@ -2127,7 +2120,7 @@ int MAIN(int argc, char **argv)
count, rsa_bits[j], d);
rsa_results[j][1] = d / (double)count;
}
-# endif
+# endif

if (rsa_count <= 1) {
/* if longer than 10s, don't do any more */
@@ -2135,10 +2128,10 @@ int MAIN(int argc, char **argv)
rsa_doit[j] = 0;
}
}
-# endif
+#endif

RAND_pseudo_bytes(buf, 20);
-# ifndef OPENSSL_NO_DSA
+#ifndef OPENSSL_NO_DSA
if (RAND_status() != 1) {
RAND_seed(rnd_seed, sizeof rnd_seed);
rnd_fake = 1;
@@ -2215,9 +2208,9 @@ int MAIN(int argc, char **argv)
}
if (rnd_fake)
RAND_cleanup();
-# endif
+#endif

-# ifndef OPENSSL_NO_ECDSA
+#ifndef OPENSSL_NO_ECDSA
if (RAND_status() != 1) {
RAND_seed(rnd_seed, sizeof rnd_seed);
rnd_fake = 1;
@@ -2233,9 +2226,9 @@ int MAIN(int argc, char **argv)
ERR_print_errors(bio_err);
rsa_count = 1;
} else {
-# if 1
+# if 1
EC_KEY_precompute_mult(ecdsa[j], NULL);
-# endif
+# endif
/* Perform ECDSA signature test */
EC_KEY_generate_key(ecdsa[j]);
ret = ECDSA_sign(0, buf, 20, ecdsasig, &ecdsasiglen, ecdsa[j]);
@@ -2310,9 +2303,9 @@ int MAIN(int argc, char **argv)
}
if (rnd_fake)
RAND_cleanup();
-# endif
+#endif

-# ifndef OPENSSL_NO_ECDH
+#ifndef OPENSSL_NO_ECDH
if (RAND_status() != 1) {
RAND_seed(rnd_seed, sizeof rnd_seed);
rnd_fake = 1;
@@ -2403,33 +2396,33 @@ int MAIN(int argc, char **argv)
}
if (rnd_fake)
RAND_cleanup();
-# endif
-# ifndef NO_FORK
+#endif
+#ifndef NO_FORK
show_res:
-# endif
+#endif
if (!mr) {
fprintf(stdout, "%s\n", SSLeay_version(SSLEAY_VERSION));
fprintf(stdout, "%s\n", SSLeay_version(SSLEAY_BUILT_ON));
printf("options:");
printf("%s ", BN_options());
-# ifndef OPENSSL_NO_MD2
+#ifndef OPENSSL_NO_MD2
printf("%s ", MD2_options());
-# endif
-# ifndef OPENSSL_NO_RC4
+#endif
+#ifndef OPENSSL_NO_RC4
printf("%s ", RC4_options());
-# endif
-# ifndef OPENSSL_NO_DES
+#endif
+#ifndef OPENSSL_NO_DES
printf("%s ", DES_options());
-# endif
-# ifndef OPENSSL_NO_AES
+#endif
+#ifndef OPENSSL_NO_AES
printf("%s ", AES_options());
-# endif
-# ifndef OPENSSL_NO_IDEA
+#endif
+#ifndef OPENSSL_NO_IDEA
printf("%s ", idea_options());
-# endif
-# ifndef OPENSSL_NO_BF
+#endif
+#ifndef OPENSSL_NO_BF
printf("%s ", BF_options());
-# endif
+#endif
fprintf(stdout, "\n%s\n", SSLeay_version(SSLEAY_CFLAGS));
}

@@ -2461,7 +2454,7 @@ int MAIN(int argc, char **argv)
}
fprintf(stdout, "\n");
}
-# ifndef OPENSSL_NO_RSA
+#ifndef OPENSSL_NO_RSA
j = 1;
for (k = 0; k < RSA_NUM; k++) {
if (!rsa_doit[k])
@@ -2478,8 +2471,8 @@ int MAIN(int argc, char **argv)
rsa_bits[k], rsa_results[k][0], rsa_results[k][1],
1.0 / rsa_results[k][0], 1.0 / rsa_results[k][1]);
}
-# endif
-# ifndef OPENSSL_NO_DSA
+#endif
+#ifndef OPENSSL_NO_DSA
j = 1;
for (k = 0; k < DSA_NUM; k++) {
if (!dsa_doit[k])
@@ -2496,8 +2489,8 @@ int MAIN(int argc, char **argv)
dsa_bits[k], dsa_results[k][0], dsa_results[k][1],
1.0 / dsa_results[k][0], 1.0 / dsa_results[k][1]);
}
-# endif
-# ifndef OPENSSL_NO_ECDSA
+#endif
+#ifndef OPENSSL_NO_ECDSA
j = 1;
for (k = 0; k < EC_NUM; k++) {
if (!ecdsa_doit[k])
@@ -2519,9 +2512,9 @@ int MAIN(int argc, char **argv)
ecdsa_results[k][0], ecdsa_results[k][1],
1.0 / ecdsa_results[k][0], 1.0 / ecdsa_results[k][1]);
}
-# endif
+#endif

-# ifndef OPENSSL_NO_ECDH
+#ifndef OPENSSL_NO_ECDH
j = 1;
for (k = 0; k < EC_NUM; k++) {
if (!ecdh_doit[k])
@@ -2541,7 +2534,7 @@ int MAIN(int argc, char **argv)
test_curves_names[k],
ecdh_results[k][0], 1.0 / ecdh_results[k][0]);
}
-# endif
+#endif

mret = 0;

@@ -2551,30 +2544,30 @@ int MAIN(int argc, char **argv)
OPENSSL_free(buf_malloc);
if (buf2_malloc != NULL)
OPENSSL_free(buf2_malloc);
-# ifndef OPENSSL_NO_RSA
+#ifndef OPENSSL_NO_RSA
for (i = 0; i < RSA_NUM; i++)
if (rsa_key[i] != NULL)
RSA_free(rsa_key[i]);
-# endif
-# ifndef OPENSSL_NO_DSA
+#endif
+#ifndef OPENSSL_NO_DSA
for (i = 0; i < DSA_NUM; i++)
if (dsa_key[i] != NULL)
DSA_free(dsa_key[i]);
-# endif
+#endif

-# ifndef OPENSSL_NO_ECDSA
+#ifndef OPENSSL_NO_ECDSA
for (i = 0; i < EC_NUM; i++)
if (ecdsa[i] != NULL)
EC_KEY_free(ecdsa[i]);
-# endif
-# ifndef OPENSSL_NO_ECDH
+#endif
+#ifndef OPENSSL_NO_ECDH
for (i = 0; i < EC_NUM; i++) {
if (ecdh_a[i] != NULL)
EC_KEY_free(ecdh_a[i]);
if (ecdh_b[i] != NULL)
EC_KEY_free(ecdh_b[i]);
}
-# endif
+#endif

apps_shutdown();
OPENSSL_EXIT(mret);
@@ -2582,35 +2575,35 @@ int MAIN(int argc, char **argv)

static void print_message(const char *s, long num, int length)
{
-# ifdef SIGALRM
+#ifdef SIGALRM
BIO_printf(bio_err,
mr ? "+DT:%s:%d:%d\n"
: "Doing %s for %ds on %d size blocks: ", s, SECONDS, length);
(void)BIO_flush(bio_err);
alarm(SECONDS);
-# else
+#else
BIO_printf(bio_err,
mr ? "+DN:%s:%ld:%d\n"
: "Doing %s %ld times on %d size blocks: ", s, num, length);
(void)BIO_flush(bio_err);
-# endif
+#endif
}

static void pkey_print_message(const char *str, const char *str2, long num,
int bits, int tm)
{
-# ifdef SIGALRM
+#ifdef SIGALRM
BIO_printf(bio_err,
mr ? "+DTP:%d:%s:%s:%d\n"
: "Doing %d bit %s %s's for %ds: ", bits, str, str2, tm);
(void)BIO_flush(bio_err);
alarm(tm);
-# else
+#else
BIO_printf(bio_err,
mr ? "+DNP:%ld:%d:%s:%s\n"
: "Doing %ld %d bit %s %s's: ", num, bits, str, str2);
(void)BIO_flush(bio_err);
-# endif
+#endif
}

static void print_result(int alg, int run_no, int count, double time_used)
@@ -2621,7 +2614,7 @@ static void print_result(int alg, int run_no, int count, double time_used)
results[alg][run_no] = ((double)count) / time_used * lengths[run_no];
}

-# ifndef NO_FORK
+#ifndef NO_FORK
static char *sstrsep(char **string, const char *delim)
{
char isdelim[256];
@@ -2749,7 +2742,7 @@ static int do_multi(int multi)
else
rsa_results[k][1] = d;
}
-# ifndef OPENSSL_NO_DSA
+# ifndef OPENSSL_NO_DSA
else if (!strncmp(buf, "+F3:", 4)) {
int k;
double d;
@@ -2770,8 +2763,8 @@ static int do_multi(int multi)
else
dsa_results[k][1] = d;
}
-# endif
-# ifndef OPENSSL_NO_ECDSA
+# endif
+# ifndef OPENSSL_NO_ECDSA
else if (!strncmp(buf, "+F4:", 4)) {
int k;
double d;
@@ -2794,9 +2787,9 @@ static int do_multi(int multi)
else
ecdsa_results[k][1] = d;
}
-# endif
+# endif

-# ifndef OPENSSL_NO_ECDH
+# ifndef OPENSSL_NO_ECDH
else if (!strncmp(buf, "+F5:", 4)) {
int k;
double d;
@@ -2812,7 +2805,7 @@ static int do_multi(int multi)
ecdh_results[k][0] = d;

}
-# endif
+# endif

else if (!strncmp(buf, "+H:", 3)) {
} else
@@ -2824,7 +2817,7 @@ static int do_multi(int multi)
free(fds);
return 1;
}
-# endif
+#endif

static void multiblock_speed(const EVP_CIPHER *evp_cipher)
{
@@ -2925,4 +2918,3 @@ static void multiblock_speed(const EVP_CIPHER *evp_cipher)
OPENSSL_free(inp);
OPENSSL_free(out);
}
-#endif
diff --git a/crypto/asn1/asn1.h b/crypto/asn1/asn1.h
index a8f9c0c..e3fea15 100644
--- a/crypto/asn1/asn1.h
+++ b/crypto/asn1/asn1.h
@@ -61,9 +61,7 @@

# include <time.h>
# include <openssl/e_os2.h>
-# ifndef OPENSSL_NO_BIO
-# include <openssl/bio.h>
-# endif
+# include <openssl/bio.h>
# include <openssl/stack.h>
# include <openssl/safestack.h>

@@ -827,10 +825,8 @@ int ASN1_BIT_STRING_get_bit(const ASN1_BIT_STRING *a, int n);
int ASN1_BIT_STRING_check(const ASN1_BIT_STRING *a,
const unsigned char *flags, int flags_len);

-# ifndef OPENSSL_NO_BIO
int ASN1_BIT_STRING_name_print(BIO *out, ASN1_BIT_STRING *bs,
BIT_STRING_BITNAME *tbl, int indent);
-# endif
int ASN1_BIT_STRING_num_asc(char *name, BIT_STRING_BITNAME *tbl);
int ASN1_BIT_STRING_set_asc(ASN1_BIT_STRING *bs, char *name, int value,
BIT_STRING_BITNAME *tbl);
@@ -915,7 +911,6 @@ STACK_OF(OPENSSL_BLOCK) *d2i_ASN1_SET(STACK_OF(OPENSSL_BLOCK) **a,
void (*free_func) (OPENSSL_BLOCK),
int ex_tag, int ex_class);

-# ifndef OPENSSL_NO_BIO
int i2a_ASN1_INTEGER(BIO *bp, ASN1_INTEGER *a);
int a2i_ASN1_INTEGER(BIO *bp, ASN1_INTEGER *bs, char *buf, int size);
int i2a_ASN1_ENUMERATED(BIO *bp, ASN1_ENUMERATED *a);
@@ -923,7 +918,6 @@ int a2i_ASN1_ENUMERATED(BIO *bp, ASN1_ENUMERATED *bs, char *buf, int size);
int i2a_ASN1_OBJECT(BIO *bp, ASN1_OBJECT *a);
int a2i_ASN1_STRING(BIO *bp, ASN1_STRING *bs, char *buf, int size);
int i2a_ASN1_STRING(BIO *bp, ASN1_STRING *a, int type);
-# endif
int i2t_ASN1_OBJECT(char *buf, int buf_len, ASN1_OBJECT *a);

int a2d_ASN1_OBJECT(unsigned char *out, int olen, const char *buf, int num);
@@ -1015,7 +1009,6 @@ int ASN1_STRING_print_ex_fp(FILE *fp, ASN1_STRING *str, unsigned long flags);

int ASN1_STRING_to_UTF8(unsigned char **out, ASN1_STRING *in);

-# ifndef OPENSSL_NO_BIO
void *ASN1_d2i_bio(void *(*xnew) (void), d2i_of_void *d2i, BIO *in, void **x);

# define ASN1_d2i_bio_of(type,xnew,d2i,in,x) \
@@ -1048,7 +1041,6 @@ int ASN1_bn_print(BIO *bp, const char *number, const BIGNUM *num,
int ASN1_parse(BIO *bp, const unsigned char *pp, long len, int indent);
int ASN1_parse_dump(BIO *bp, const unsigned char *pp, long len, int indent,
int dump);
-# endif
const char *ASN1_tag2str(int tag);

/* Used to load and write netscape format cert */
diff --git a/crypto/bn/bn_print.c b/crypto/bn/bn_print.c
index 0f356c2..1000e69 100644
--- a/crypto/bn/bn_print.c
+++ b/crypto/bn/bn_print.c
@@ -322,7 +322,6 @@ int BN_asc2bn(BIGNUM **bn, const char *a)
return 1;
}

-#ifndef OPENSSL_NO_BIO
# ifndef OPENSSL_NO_STDIO
int BN_print_fp(FILE *fp, const BIGNUM *a)
{
@@ -362,7 +361,6 @@ int BN_print(BIO *bp, const BIGNUM *a)
end:
return (ret);
}
-#endif

char *BN_options(void)
{
diff --git a/crypto/dh/dh.h b/crypto/dh/dh.h
index ececd4d..2d7c739 100644
--- a/crypto/dh/dh.h
+++ b/crypto/dh/dh.h
@@ -65,9 +65,7 @@
# error DH is disabled.
# endif

-# ifndef OPENSSL_NO_BIO
-# include <openssl/bio.h>
-# endif
+# include <openssl/bio.h>
# include <openssl/ossl_typ.h>
# ifdef OPENSSL_USE_DEPRECATED
# include <openssl/bn.h>
@@ -233,11 +231,7 @@ int i2d_DHxparams(const DH *a, unsigned char **pp);
# ifndef OPENSSL_NO_STDIO
int DHparams_print_fp(FILE *fp, const DH *x);
# endif
-# ifndef OPENSSL_NO_BIO
int DHparams_print(BIO *bp, const DH *x);
-# else
-int DHparams_print(char *bp, const DH *x);
-# endif

/* RFC 5114 parameters */
DH *DH_get_1024_160(void);
diff --git a/crypto/dsa/dsa.h b/crypto/dsa/dsa.h
index 2bb6b11..949360f 100644
--- a/crypto/dsa/dsa.h
+++ b/crypto/dsa/dsa.h
@@ -71,9 +71,7 @@
# error DSA is disabled.
# endif

-# ifndef OPENSSL_NO_BIO
-# include <openssl/bio.h>
-# endif
+# include <openssl/bio.h>
# include <openssl/crypto.h>
# include <openssl/ossl_typ.h>

@@ -248,10 +246,8 @@ int i2d_DSAPublicKey(const DSA *a, unsigned char **pp);
int i2d_DSAPrivateKey(const DSA *a, unsigned char **pp);
int i2d_DSAparams(const DSA *a, unsigned char **pp);

-# ifndef OPENSSL_NO_BIO
int DSAparams_print(BIO *bp, const DSA *x);
int DSA_print(BIO *bp, const DSA *x, int off);
-# endif
# ifndef OPENSSL_NO_STDIO
int DSAparams_print_fp(FILE *fp, const DSA *x);
int DSA_print_fp(FILE *bp, const DSA *x, int off);
diff --git a/crypto/ec/ec.h b/crypto/ec/ec.h
index a3d50e7..b89add6 100644
--- a/crypto/ec/ec.h
+++ b/crypto/ec/ec.h
@@ -729,9 +729,7 @@ int i2d_ECPKParameters(const EC_GROUP *, unsigned char **out);
# define i2d_ECPKParameters_fp(fp,x) ASN1_i2d_fp(i2d_ECPKParameters,(fp), \
(unsigned char *)(x))

-# ifndef OPENSSL_NO_BIO
int ECPKParameters_print(BIO *bp, const EC_GROUP *x, int off);
-# endif
# ifndef OPENSSL_NO_STDIO
int ECPKParameters_print_fp(FILE *fp, const EC_GROUP *x, int off);
# endif
@@ -951,7 +949,6 @@ EC_KEY *o2i_ECPublicKey(EC_KEY **key, const unsigned char **in, long len);
*/
int i2o_ECPublicKey(EC_KEY *key, unsigned char **out);

-# ifndef OPENSSL_NO_BIO
/** Prints out the ec parameters on human readable form.
* \param bp BIO object to which the information is printed
* \param key EC_KEY object
@@ -967,7 +964,6 @@ int ECParameters_print(BIO *bp, const EC_KEY *key);
*/
int EC_KEY_print(BIO *bp, const EC_KEY *key, int off);

-# endif
# ifndef OPENSSL_NO_STDIO
/** Prints out the ec parameters on human readable form.
* \param fp file descriptor to which the information is printed
diff --git a/crypto/err/err.c b/crypto/err/err.c
index ed50511..50865b8 100644
--- a/crypto/err/err.c
+++ b/crypto/err/err.c
@@ -109,8 +109,6 @@
*
*/

-#define OPENSSL_NO_FIPS_ERR
-
#include <stdio.h>
#include <stdarg.h>
#include <string.h>
diff --git a/crypto/err/err.h b/crypto/err/err.h
index d24ec9a..577a121 100644
--- a/crypto/err/err.h
+++ b/crypto/err/err.h
@@ -120,12 +120,8 @@
# endif

# include <openssl/ossl_typ.h>
-# ifndef OPENSSL_NO_BIO
-# include <openssl/bio.h>
-# endif
-# ifndef OPENSSL_NO_LHASH
-# include <openssl/lhash.h>
-# endif
+# include <openssl/bio.h>
+# include <openssl/lhash.h>

#ifdef __cplusplus
extern "C" {
@@ -341,9 +337,7 @@ void ERR_print_errors_cb(int (*cb) (const char *str, size_t len, void *u),
# ifndef OPENSSL_NO_STDIO
void ERR_print_errors_fp(FILE *fp);
# endif
-# ifndef OPENSSL_NO_BIO
void ERR_print_errors(BIO *bp);
-# endif
void ERR_add_error_data(int num, ...);
void ERR_add_error_vdata(int num, va_list args);
void ERR_load_strings(int lib, ERR_STRING_DATA str[]);
@@ -359,11 +353,9 @@ DECLARE_DEPRECATED(void ERR_remove_state(unsigned long pid)); /* if zero we
# endif
ERR_STATE *ERR_get_state(void);

-# ifndef OPENSSL_NO_LHASH
LHASH_OF(ERR_STRING_DATA) *ERR_get_string_table(void);
LHASH_OF(ERR_STATE) *ERR_get_err_state_table(void);
void ERR_release_err_state_table(LHASH_OF(ERR_STATE) **hash);
-# endif

int ERR_get_next_error_library(void);

diff --git a/crypto/err/err_all.c b/crypto/err/err_all.c
index 54693ed..1363fb0 100644
--- a/crypto/err/err_all.c
+++ b/crypto/err/err_all.c
@@ -56,8 +56,6 @@
* [including the GNU Public Licence.]
*/

-#define OPENSSL_NO_FIPS_ERR
-
#include <stdio.h>
#include <openssl/asn1.h>
#include <openssl/bn.h>
diff --git a/crypto/evp/evp.h b/crypto/evp/evp.h
index 0882324..7a95de0 100644
--- a/crypto/evp/evp.h
+++ b/crypto/evp/evp.h
@@ -71,17 +71,8 @@

# include <openssl/symhacks.h>

-# ifndef OPENSSL_NO_BIO
-# include <openssl/bio.h>
-# endif
+# include <openssl/bio.h>

-/*-
-#define EVP_RC2_KEY_SIZE 16
-#define EVP_RC4_KEY_SIZE 16
-#define EVP_BLOWFISH_KEY_SIZE 16
-#define EVP_CAST5_KEY_SIZE 16
-#define EVP_RC5_32_12_16_KEY_SIZE 16
-*/
# define EVP_MAX_MD_SIZE 64/* longest known is SHA512 */
# define EVP_MAX_KEY_LENGTH 64
# define EVP_MAX_IV_LENGTH 16
@@ -751,14 +742,12 @@ int EVP_CIPHER_CTX_set_padding(EVP_CIPHER_CTX *c, int pad);
int EVP_CIPHER_CTX_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr);
int EVP_CIPHER_CTX_rand_key(EVP_CIPHER_CTX *ctx, unsigned char *key);

-# ifndef OPENSSL_NO_BIO
BIO_METHOD *BIO_f_md(void);
BIO_METHOD *BIO_f_base64(void);
BIO_METHOD *BIO_f_cipher(void);
BIO_METHOD *BIO_f_reliable(void);
__owur int BIO_set_cipher(BIO *b, const EVP_CIPHER *c, const unsigned char *k,
const unsigned char *i, int enc);
-# endif

const EVP_MD *EVP_md_null(void);
# ifndef OPENSSL_NO_MD2
diff --git a/crypto/lhash/lh_stats.c b/crypto/lhash/lh_stats.c
index 8b09966..0a21399 100644
--- a/crypto/lhash/lh_stats.c
+++ b/crypto/lhash/lh_stats.c
@@ -65,78 +65,9 @@
*/
#include "cryptlib.h"

-#ifndef OPENSSL_NO_BIO
-# include <openssl/bio.h>
-#endif
+#include <openssl/bio.h>
#include <openssl/lhash.h>

-#ifdef OPENSSL_NO_BIO
-
-void lh_stats(LHASH *lh, FILE *out)
-{
- fprintf(out, "num_items = %lu\n", lh->num_items);
- fprintf(out, "num_nodes = %u\n", lh->num_nodes);
- fprintf(out, "num_alloc_nodes = %u\n", lh->num_alloc_nodes);
- fprintf(out, "num_expands = %lu\n", lh->num_expands);
- fprintf(out, "num_expand_reallocs = %lu\n", lh->num_expand_reallocs);
- fprintf(out, "num_contracts = %lu\n", lh->num_contracts);
- fprintf(out, "num_contract_reallocs = %lu\n", lh->num_contract_reallocs);
- fprintf(out, "num_hash_calls = %lu\n", lh->num_hash_calls);
- fprintf(out, "num_comp_calls = %lu\n", lh->num_comp_calls);
- fprintf(out, "num_insert = %lu\n", lh->num_insert);
- fprintf(out, "num_replace = %lu\n", lh->num_replace);
- fprintf(out, "num_delete = %lu\n", lh->num_delete);
- fprintf(out, "num_no_delete = %lu\n", lh->num_no_delete);
- fprintf(out, "num_retrieve = %lu\n", lh->num_retrieve);
- fprintf(out, "num_retrieve_miss = %lu\n", lh->num_retrieve_miss);
- fprintf(out, "num_hash_comps = %lu\n", lh->num_hash_comps);
-# if 0
- fprintf(out, "p = %u\n", lh->p);
- fprintf(out, "pmax = %u\n", lh->pmax);
- fprintf(out, "up_load = %lu\n", lh->up_load);
- fprintf(out, "down_load = %lu\n", lh->down_load);
-# endif
-}
-
-void lh_node_stats(LHASH *lh, FILE *out)
-{
- LHASH_NODE *n;
- unsigned int i, num;
-
- for (i = 0; i < lh->num_nodes; i++) {
- for (n = lh->b[i], num = 0; n != NULL; n = n->next)
- num++;
- fprintf(out, "node %6u -> %3u\n", i, num);
- }
-}
-
-void lh_node_usage_stats(LHASH *lh, FILE *out)
-{
- LHASH_NODE *n;
- unsigned long num;
- unsigned int i;
- unsigned long total = 0, n_used = 0;
-
- for (i = 0; i < lh->num_nodes; i++) {
- for (n = lh->b[i], num = 0; n != NULL; n = n->next)
- num++;
- if (num != 0) {
- n_used++;
- total += num;
- }
- }
- fprintf(out, "%lu nodes used out of %u\n", n_used, lh->num_nodes);
- fprintf(out, "%lu items\n", total);
- if (n_used == 0)
- return;
- fprintf(out, "load %d.%02d actual load %d.%02d\n",
- (int)(total / lh->num_nodes),
- (int)((total % lh->num_nodes) * 100 / lh->num_nodes),
- (int)(total / n_used), (int)((total % n_used) * 100 / n_used));
-}
-
-#else
-
# ifndef OPENSSL_NO_STDIO
void lh_stats(const _LHASH *lh, FILE *fp)
{
@@ -198,12 +129,6 @@ void lh_stats_bio(const _LHASH *lh, BIO *out)
BIO_printf(out, "num_retrieve = %lu\n", lh->num_retrieve);
BIO_printf(out, "num_retrieve_miss = %lu\n", lh->num_retrieve_miss);
BIO_printf(out, "num_hash_comps = %lu\n", lh->num_hash_comps);
-# if 0
- BIO_printf(out, "p = %u\n", lh->p);
- BIO_printf(out, "pmax = %u\n", lh->pmax);
- BIO_printf(out, "up_load = %lu\n", lh->up_load);
- BIO_printf(out, "down_load = %lu\n", lh->down_load);
-# endif
}

void lh_node_stats_bio(const _LHASH *lh, BIO *out)
@@ -242,5 +167,3 @@ void lh_node_usage_stats_bio(const _LHASH *lh, BIO *out)
(int)((total % lh->num_nodes) * 100 / lh->num_nodes),
(int)(total / n_used), (int)((total % n_used) * 100 / n_used));
}
-
-#endif
diff --git a/crypto/lhash/lhash.c b/crypto/lhash/lhash.c
index 53c5c13..5e9bfb8 100644
--- a/crypto/lhash/lhash.c
+++ b/crypto/lhash/lhash.c
@@ -194,9 +194,7 @@ void *lh_insert(_LHASH *lh, void *data)
}
nn->data = data;
nn->next = NULL;
-#ifndef OPENSSL_NO_HASH_COMP
nn->hash = hash;
-#endif
*rn = nn;
ret = NULL;
lh->num_insert++;
@@ -315,12 +313,7 @@ static void expand(_LHASH *lh)
nni = lh->num_alloc_nodes;

for (np = *n1; np != NULL;) {
-#ifndef OPENSSL_NO_HASH_COMP
hash = np->hash;
-#else
- hash = lh->hash(np->data);
- lh->num_hash_calls++;
-#endif
if ((hash % nni) != p) { /* move it */
*n1 = (*n1)->next;
np->next = *n2;
@@ -404,13 +397,11 @@ static LHASH_NODE **getrn(_LHASH *lh, const void *data, unsigned long *rhash)
cf = lh->comp;
ret = &(lh->b[(int)nn]);
for (n1 = *ret; n1 != NULL; n1 = n1->next) {
-#ifndef OPENSSL_NO_HASH_COMP
lh->num_hash_comps++;
if (n1->hash != hash) {
ret = &(n1->next);
continue;
}
-#endif
lh->num_comp_calls++;
if (cf(n1->data, data) == 0)
break;
diff --git a/crypto/lhash/lhash.h b/crypto/lhash/lhash.h
index 8ddac6b..92ec80a 100644
--- a/crypto/lhash/lhash.h
+++ b/crypto/lhash/lhash.h
@@ -68,9 +68,7 @@
# include <stdio.h>
# endif

-# ifndef OPENSSL_NO_BIO
-# include <openssl/bio.h>
-# endif
+# include <openssl/bio.h>

#ifdef __cplusplus
extern "C" {
@@ -79,9 +77,7 @@ extern "C" {
typedef struct lhash_node_st {
void *data;
struct lhash_node_st *next;
-# ifndef OPENSSL_NO_HASH_COMP
unsigned long hash;
-# endif
} LHASH_NODE;

typedef int (*LHASH_COMP_FN_TYPE) (const void *, const void *);
@@ -182,17 +178,9 @@ void lh_doall_arg(_LHASH *lh, LHASH_DOALL_ARG_FN_TYPE func, void *arg);
unsigned long lh_strhash(const char *c);
unsigned long lh_num_items(const _LHASH *lh);

-# ifndef OPENSSL_NO_STDIO
-void lh_stats(const _LHASH *lh, FILE *out);
-void lh_node_stats(const _LHASH *lh, FILE *out);
-void lh_node_usage_stats(const _LHASH *lh, FILE *out);
-# endif
-
-# ifndef OPENSSL_NO_BIO
void lh_stats_bio(const _LHASH *lh, BIO *out);
void lh_node_stats_bio(const _LHASH *lh, BIO *out);
void lh_node_usage_stats_bio(const _LHASH *lh, BIO *out);
-# endif

/* Type checking... */

diff --git a/crypto/objects/obj_dat.c b/crypto/objects/obj_dat.c
index 0b06ea4..e7366af 100644
--- a/crypto/objects/obj_dat.c
+++ b/crypto/objects/obj_dat.c
@@ -66,20 +66,7 @@
#include <openssl/bn.h>

/* obj_dat.h is generated from objects.h by obj_dat.pl */
-#ifndef OPENSSL_NO_OBJECT
-# include "obj_dat.h"
-#else
-/* You will have to load all the objects needed manually in the application */
-# define NUM_NID 0
-# define NUM_SN 0
-# define NUM_LN 0
-# define NUM_OBJ 0
-static const unsigned char lvalues[1];
-static const ASN1_OBJECT nid_objs[1];
-static const unsigned int sn_objs[1];
-static const unsigned int ln_objs[1];
-static const unsigned int obj_objs[1];
-#endif
+#include "obj_dat.h"

DECLARE_OBJ_BSEARCH_CMP_FN(const ASN1_OBJECT *, unsigned int, sn);
DECLARE_OBJ_BSEARCH_CMP_FN(const ASN1_OBJECT *, unsigned int, ln);
diff --git a/crypto/pem/pem.h b/crypto/pem/pem.h
index 848649d..d8057cb 100644
--- a/crypto/pem/pem.h
+++ b/crypto/pem/pem.h
@@ -60,12 +60,8 @@
# define HEADER_PEM_H

# include <openssl/e_os2.h>
-# ifndef OPENSSL_NO_BIO
-# include <openssl/bio.h>
-# endif
-# ifndef OPENSSL_NO_STACK
-# include <openssl/stack.h>
-# endif
+# include <openssl/bio.h>
+# include <openssl/stack.h>
# include <openssl/evp.h>
# include <openssl/x509.h>
# include <openssl/pem2.h>
@@ -343,7 +339,6 @@ int PEM_write_bio_##name(BIO *bp, type *x, const EVP_CIPHER *enc, \

# endif

-# ifndef OPENSSL_NO_BIO
# define DECLARE_PEM_read_bio(name, type) \
type *PEM_read_bio_##name(BIO *bp, type **x, pem_password_cb *cb, void *u);

@@ -357,13 +352,6 @@ int PEM_write_bio_##name(BIO *bp, type *x, const EVP_CIPHER *enc, \
int PEM_write_bio_##name(BIO *bp, type *x, const EVP_CIPHER *enc, \
unsigned char *kstr, int klen, pem_password_cb *cb, void *u);

-# else
-
-# define DECLARE_PEM_read_bio(name, type) /**/
-# define DECLARE_PEM_write_bio(name, type) /**/
-# define DECLARE_PEM_write_bio_const(name, type) /**/
-# define DECLARE_PEM_write_cb_bio(name, type) /**/
-# endif
# define DECLARE_PEM_write(name, type) \
DECLARE_PEM_write_bio(name, type) \
DECLARE_PEM_write_fp(name, type)
@@ -385,19 +373,12 @@ int PEM_write_bio_##name(BIO *bp, type *x, const EVP_CIPHER *enc, \
# define DECLARE_PEM_rw_cb(name, type) \
DECLARE_PEM_read(name, type) \
DECLARE_PEM_write_cb(name, type)
-# if 1
-/* "userdata": new with OpenSSL 0.9.4 */
typedef int pem_password_cb (char *buf, int size, int rwflag, void *userdata);
-# else
-/* OpenSSL 0.9.3, 0.9.3a */
-typedef int pem_password_cb (char *buf, int size, int rwflag);
-# endif

int PEM_get_EVP_CIPHER_INFO(char *header, EVP_CIPHER_INFO *cipher);
int PEM_do_header(EVP_CIPHER_INFO *cipher, unsigned char *data, long *len,
pem_password_cb *callback, void *u);

-# ifndef OPENSSL_NO_BIO
int PEM_read_bio(BIO *bp, char **name, char **header,
unsigned char **data, long *len);
int PEM_write_bio(BIO *bp, const char *name, const char *hdr,
@@ -416,7 +397,6 @@ STACK_OF(X509_INFO) *PEM_X509_INFO_read_bio(BIO *bp, STACK_OF(X509_INFO) *sk,
int PEM_X509_INFO_write_bio(BIO *bp, X509_INFO *xi, EVP_CIPHER *enc,
unsigned char *kstr, int klen,
pem_password_cb *cd, void *u);
-# endif

int PEM_read(FILE *fp, char **name, char **header,
unsigned char **data, long *len);
diff --git a/crypto/rsa/rsa.h b/crypto/rsa/rsa.h
index b3d2839..9ba6497 100644
--- a/crypto/rsa/rsa.h
+++ b/crypto/rsa/rsa.h
@@ -61,9 +61,7 @@

# include <openssl/asn1.h>

-# ifndef OPENSSL_NO_BIO
-# include <openssl/bio.h>
-# endif
+# include <openssl/bio.h>
# include <openssl/crypto.h>
# include <openssl/ossl_typ.h>
# ifdef OPENSSL_USE_DEPRECATED
@@ -395,9 +393,7 @@ DECLARE_ASN1_FUNCTIONS(RSA_OAEP_PARAMS)
int RSA_print_fp(FILE *fp, const RSA *r, int offset);
# endif

-# ifndef OPENSSL_NO_BIO
int RSA_print(BIO *bp, const RSA *r, int offset);
-# endif

# ifndef OPENSSL_NO_RC4
int i2d_RSA_NET(const RSA *a, unsigned char **pp,
diff --git a/crypto/ts/ts.h b/crypto/ts/ts.h
index 16eccbb..8b6b5f2 100644
--- a/crypto/ts/ts.h
+++ b/crypto/ts/ts.h
@@ -62,15 +62,9 @@

# include <openssl/opensslconf.h>
# include <openssl/symhacks.h>
-# ifndef OPENSSL_NO_BUFFER
-# include <openssl/buffer.h>
-# endif
-# ifndef OPENSSL_NO_EVP
-# include <openssl/evp.h>
-# endif
-# ifndef OPENSSL_NO_BIO
-# include <openssl/bio.h>
-# endif
+# include <openssl/buffer.h>
+# include <openssl/evp.h>
+# include <openssl/bio.h>
# include <openssl/stack.h>
# include <openssl/asn1.h>
# include <openssl/safestack.h>
diff --git a/crypto/ts/ts_asn1.c b/crypto/ts/ts_asn1.c
index 06bf5f3..7c741d9 100644
--- a/crypto/ts/ts_asn1.c
+++ b/crypto/ts/ts_asn1.c
@@ -67,7 +67,6 @@ ASN1_SEQUENCE(TS_MSG_IMPRINT) = {

IMPLEMENT_ASN1_FUNCTIONS_const(TS_MSG_IMPRINT)
IMPLEMENT_ASN1_DUP_FUNCTION(TS_MSG_IMPRINT)
-#ifndef OPENSSL_NO_BIO
TS_MSG_IMPRINT *d2i_TS_MSG_IMPRINT_bio(BIO *bp, TS_MSG_IMPRINT **a)
{
return ASN1_d2i_bio_of(TS_MSG_IMPRINT, TS_MSG_IMPRINT_new,
@@ -78,7 +77,6 @@ int i2d_TS_MSG_IMPRINT_bio(BIO *bp, TS_MSG_IMPRINT *a)
{
return ASN1_i2d_bio_of_const(TS_MSG_IMPRINT, i2d_TS_MSG_IMPRINT, bp, a);
}
-#endif
#ifndef OPENSSL_NO_STDIO
TS_MSG_IMPRINT *d2i_TS_MSG_IMPRINT_fp(FILE *fp, TS_MSG_IMPRINT **a)
{
@@ -103,7 +101,6 @@ ASN1_SEQUENCE(TS_REQ) = {

IMPLEMENT_ASN1_FUNCTIONS_const(TS_REQ)
IMPLEMENT_ASN1_DUP_FUNCTION(TS_REQ)
-#ifndef OPENSSL_NO_BIO
TS_REQ *d2i_TS_REQ_bio(BIO *bp, TS_REQ **a)
{
return ASN1_d2i_bio_of(TS_REQ, TS_REQ_new, d2i_TS_REQ, bp, a);
@@ -113,7 +110,6 @@ int i2d_TS_REQ_bio(BIO *bp, TS_REQ *a)
{
return ASN1_i2d_bio_of_const(TS_REQ, i2d_TS_REQ, bp, a);
}
-#endif
#ifndef OPENSSL_NO_STDIO
TS_REQ *d2i_TS_REQ_fp(FILE *fp, TS_REQ **a)
{
@@ -150,7 +146,6 @@ ASN1_SEQUENCE(TS_TST_INFO) = {

IMPLEMENT_ASN1_FUNCTIONS_const(TS_TST_INFO)
IMPLEMENT_ASN1_DUP_FUNCTION(TS_TST_INFO)
-#ifndef OPENSSL_NO_BIO
TS_TST_INFO *d2i_TS_TST_INFO_bio(BIO *bp, TS_TST_INFO **a)
{
return ASN1_d2i_bio_of(TS_TST_INFO, TS_TST_INFO_new, d2i_TS_TST_INFO, bp,
@@ -161,7 +156,6 @@ int i2d_TS_TST_INFO_bio(BIO *bp, TS_TST_INFO *a)
{
return ASN1_i2d_bio_of_const(TS_TST_INFO, i2d_TS_TST_INFO, bp, a);
}
-#endif
#ifndef OPENSSL_NO_STDIO
TS_TST_INFO *d2i_TS_TST_INFO_fp(FILE *fp, TS_TST_INFO **a)
{
@@ -236,7 +230,6 @@ IMPLEMENT_ASN1_FUNCTIONS_const(TS_RESP)

IMPLEMENT_ASN1_DUP_FUNCTION(TS_RESP)

-#ifndef OPENSSL_NO_BIO
TS_RESP *d2i_TS_RESP_bio(BIO *bp, TS_RESP **a)
{
return ASN1_d2i_bio_of(TS_RESP, TS_RESP_new, d2i_TS_RESP, bp, a);
@@ -246,7 +239,6 @@ int i2d_TS_RESP_bio(BIO *bp, TS_RESP *a)
{
return ASN1_i2d_bio_of_const(TS_RESP, i2d_TS_RESP, bp, a);
}
-#endif
#ifndef OPENSSL_NO_STDIO
TS_RESP *d2i_TS_RESP_fp(FILE *fp, TS_RESP **a)
{
diff --git a/crypto/txt_db/txt_db.h b/crypto/txt_db/txt_db.h
index 98e23a2..54b71fc 100644
--- a/crypto/txt_db/txt_db.h
+++ b/crypto/txt_db/txt_db.h
@@ -60,9 +60,7 @@
# define HEADER_TXT_DB_H

# include <openssl/opensslconf.h>
-# ifndef OPENSSL_NO_BIO
-# include <openssl/bio.h>
-# endif
+# include <openssl/bio.h>
# include <openssl/stack.h>
# include <openssl/lhash.h>

@@ -91,13 +89,8 @@ typedef struct txt_db_st {
OPENSSL_STRING *arg_row;
} TXT_DB;

-# ifndef OPENSSL_NO_BIO
TXT_DB *TXT_DB_read(BIO *in, int num);
long TXT_DB_write(BIO *out, TXT_DB *db);
-# else
-TXT_DB *TXT_DB_read(char *in, int num);
-long TXT_DB_write(char *out, TXT_DB *db);
-# endif
int TXT_DB_create_index(TXT_DB *db, int field, int (*qual) (OPENSSL_STRING *),
LHASH_HASH_FN_TYPE hash, LHASH_COMP_FN_TYPE cmp);
void TXT_DB_free(TXT_DB *db);
diff --git a/crypto/x509/x509.h b/crypto/x509/x509.h
index 8e67262..5b25de0 100644
--- a/crypto/x509/x509.h
+++ b/crypto/x509/x509.h
@@ -66,15 +66,9 @@

# include <openssl/e_os2.h>
# include <openssl/symhacks.h>
-# ifndef OPENSSL_NO_BUFFER
-# include <openssl/buffer.h>
-# endif
-# ifndef OPENSSL_NO_EVP
-# include <openssl/evp.h>
-# endif
-# ifndef OPENSSL_NO_BIO
-# include <openssl/bio.h>
-# endif
+# include <openssl/buffer.h>
+# include <openssl/evp.h>
+# include <openssl/bio.h>
# include <openssl/stack.h>
# include <openssl/asn1.h>
# include <openssl/safestack.h>
@@ -179,11 +173,7 @@ DECLARE_ASN1_SET_OF(X509_NAME_ENTRY)
struct X509_name_st {
STACK_OF(X509_NAME_ENTRY) *entries;
int modified; /* true if 'bytes' needs to be built */
-# ifndef OPENSSL_NO_BUFFER
BUF_MEM *bytes;
-# else
- char *bytes;
-# endif
/* unsigned long hash; Keep the hash around for lookups */
unsigned char *canon_enc;
int canon_enclen;
@@ -492,7 +482,6 @@ typedef struct private_key_st {
int references;
} X509_PKEY;

-# ifndef OPENSSL_NO_EVP
typedef struct X509_info_st {
X509 *x509;
X509_CRL *crl;
@@ -504,7 +493,6 @@ typedef struct X509_info_st {
} X509_INFO;

DECLARE_STACK_OF(X509_INFO)
-# endif

/*
* The next 2 structures and their 8 routines were sent to me by Pat Richard
@@ -627,7 +615,6 @@ void *X509_CRL_get_meth_data(X509_CRL *crl);

const char *X509_verify_cert_error_string(long n);

-# ifndef OPENSSL_NO_EVP
int X509_verify(X509 *a, EVP_PKEY *r);

int X509_REQ_verify(X509_REQ *a, EVP_PKEY *r);
@@ -664,7 +651,6 @@ int X509_REQ_digest(const X509_REQ *data, const EVP_MD *type,
unsigned char *md, unsigned int *len);
int X509_NAME_digest(const X509_NAME *data, const EVP_MD *type,
unsigned char *md, unsigned int *len);
-# endif

# ifndef OPENSSL_NO_STDIO
X509 *d2i_X509_fp(FILE *fp, X509 **x509);
@@ -705,7 +691,6 @@ int i2d_PUBKEY_fp(FILE *fp, EVP_PKEY *pkey);
EVP_PKEY *d2i_PUBKEY_fp(FILE *fp, EVP_PKEY **a);
# endif

-# ifndef OPENSSL_NO_BIO
X509 *d2i_X509_bio(BIO *bp, X509 **x509);
int i2d_X509_bio(BIO *bp, X509 *x509);
X509_CRL *d2i_X509_CRL_bio(BIO *bp, X509_CRL **crl);
@@ -742,7 +727,6 @@ int i2d_PrivateKey_bio(BIO *bp, EVP_PKEY *pkey);
EVP_PKEY *d2i_PrivateKey_bio(BIO *bp, EVP_PKEY **a);
int i2d_PUBKEY_bio(BIO *bp, EVP_PKEY *pkey);
EVP_PKEY *d2i_PUBKEY_bio(BIO *bp, EVP_PKEY **a);
-# endif

X509 *X509_dup(X509 *x509);
X509_ATTRIBUTE *X509_ATTRIBUTE_dup(X509_ATTRIBUTE *xa);
@@ -869,7 +853,6 @@ DECLARE_ASN1_FUNCTIONS(NETSCAPE_SPKI)
DECLARE_ASN1_FUNCTIONS(NETSCAPE_SPKAC)
DECLARE_ASN1_FUNCTIONS(NETSCAPE_CERT_SEQUENCE)

-# ifndef OPENSSL_NO_EVP
X509_INFO *X509_INFO_new(void);
void X509_INFO_free(X509_INFO *a);
char *X509_NAME_oneline(X509_NAME *a, char *buf, int size);
@@ -896,7 +879,6 @@ int ASN1_item_sign(const ASN1_ITEM *it, X509_ALGOR *algor1,
int ASN1_item_sign_ctx(const ASN1_ITEM *it, X509_ALGOR *algor1,
X509_ALGOR *algor2, ASN1_BIT_STRING *signature,
void *asn, EVP_MD_CTX *ctx);
-# endif

int X509_set_version(X509 *x, long version);
int X509_set_serialNumber(X509 *x, ASN1_INTEGER *serial);
@@ -992,7 +974,6 @@ int X509_NAME_print_ex_fp(FILE *fp, X509_NAME *nm, int indent,
unsigned long flags);
# endif

-# ifndef OPENSSL_NO_BIO
int X509_NAME_print(BIO *bp, X509_NAME *name, int obase);
int X509_NAME_print_ex(BIO *out, X509_NAME *nm, int indent,
unsigned long flags);
@@ -1005,7 +986,6 @@ int X509_CRL_print(BIO *bp, X509_CRL *x);
int X509_REQ_print_ex(BIO *bp, X509_REQ *x, unsigned long nmflag,
unsigned long cflag);
int X509_REQ_print(BIO *bp, X509_REQ *req);
-# endif

int X509_NAME_entry_count(X509_NAME *name);
int X509_NAME_get_text_by_NID(X509_NAME *name, int nid, char *buf, int len);
diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c
index f5da926..8e639c8 100644
--- a/crypto/x509/x509_vfy.c
+++ b/crypto/x509/x509_vfy.c
@@ -538,9 +538,6 @@ static int get_issuer_sk(X509 **issuer, X509_STORE_CTX *ctx, X509 *x)

static int check_chain_extensions(X509_STORE_CTX *ctx)
{
-#ifdef OPENSSL_NO_CHAIN_VERIFY
- return 1;
-#else
int i, ok = 0, must_be_ca, plen = 0;
X509 *x;
int (*cb) (int xok, X509_STORE_CTX *xctx);
@@ -680,7 +677,6 @@ static int check_chain_extensions(X509_STORE_CTX *ctx)
ok = 1;
end:
return ok;
-#endif
}

static int check_name_constraints(X509_STORE_CTX *ctx)
diff --git a/crypto/x509/x509_vfy.h b/crypto/x509/x509_vfy.h
index 105862b..959af30 100644
--- a/crypto/x509/x509_vfy.h
+++ b/crypto/x509/x509_vfy.h
@@ -68,9 +68,7 @@
# define HEADER_X509_VFY_H

# include <openssl/opensslconf.h>
-# ifndef OPENSSL_NO_LHASH
-# include <openssl/lhash.h>
-# endif
+# include <openssl/lhash.h>
# include <openssl/bio.h>
# include <openssl/crypto.h>
# include <openssl/symhacks.h>
diff --git a/ssl/ssl.h b/ssl/ssl.h
index ad2136a..a0025e6 100644
--- a/ssl/ssl.h
+++ b/ssl/ssl.h
@@ -148,13 +148,9 @@
# ifndef OPENSSL_NO_COMP
# include <openssl/comp.h>
# endif
-# ifndef OPENSSL_NO_BIO
-# include <openssl/bio.h>
-# endif
+# include <openssl/bio.h>
# ifdef OPENSSL_USE_DEPRECATED
-# ifndef OPENSSL_NO_X509
-# include <openssl/x509.h>
-# endif
+# include <openssl/x509.h>
# include <openssl/crypto.h>
# include <openssl/lhash.h>
# include <openssl/buffer.h>
@@ -1417,20 +1413,12 @@ struct ssl_st {
* There are 2 BIO's even though they are normally both the same. This
* is so data can be read and written to different handlers
*/
-# ifndef OPENSSL_NO_BIO
/* used by SSL_read */
BIO *rbio;
/* used by SSL_write */
BIO *wbio;
/* used during session-id reuse to concatenate messages */
BIO *bbio;
-# else
- /* used by SSL_read */
- char *rbio;
- /* used by SSL_write */
- char *wbio;
- char *bbio;
-# endif
/*
* This holds a variable that indicates what we were doing when a 0 or -1
* is returned. This is needed for non-blocking IO so we know what
@@ -2108,7 +2096,7 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)
SSL_ctrl(s,SSL_CTRL_GET_RAW_CIPHERLIST,0,plst)
# define SSL_get0_ec_point_formats(s, plst) \
SSL_ctrl(s,SSL_CTRL_GET_EC_POINT_FORMATS,0,plst)
-# ifndef OPENSSL_NO_BIO
+
BIO_METHOD *BIO_f_ssl(void);
BIO *BIO_new_ssl(SSL_CTX *ctx, int client);
BIO *BIO_new_ssl_connect(SSL_CTX *ctx);
@@ -2116,8 +2104,6 @@ BIO *BIO_new_buffer_ssl_connect(SSL_CTX *ctx);
int BIO_ssl_copy_session_id(BIO *to, BIO *from);
void BIO_ssl_shutdown(BIO *ssl_bio);

-# endif
-
int SSL_CTX_set_cipher_list(SSL_CTX *, const char *str);
SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth);
void SSL_CTX_free(SSL_CTX *);
@@ -2148,11 +2134,9 @@ int SSL_set_fd(SSL *s, int fd);
int SSL_set_rfd(SSL *s, int fd);
int SSL_set_wfd(SSL *s, int fd);
# endif
-# ifndef OPENSSL_NO_BIO
void SSL_set_bio(SSL *s, BIO *rbio, BIO *wbio);
BIO *SSL_get_rbio(const SSL *s);
BIO *SSL_get_wbio(const SSL *s);
-# endif
int SSL_set_cipher_list(SSL *s, const char *str);

void SSL_set_read_ahead(SSL *s, int yes);

int SSL_get_verify_mode(const SSL *s);
@@ -2222,10 +2206,8 @@ unsigned int SSL_SESSION_get_compress_id(const SSL_SESSION *s);
# ifndef OPENSSL_NO_STDIO
int SSL_SESSION_print_fp(FILE *fp, const SSL_SESSION *ses);
# endif
-# ifndef OPENSSL_NO_BIO
int SSL_SESSION_print(BIO *fp, const SSL_SESSION *ses);
int SSL_SESSION_print_keylog(BIO *bp, const SSL_SESSION *x);
-# endif
void SSL_SESSION_free(SSL_SESSION *ses);
int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp);
int SSL_set_session(SSL *to, SSL_SESSION *session);
diff --git a/ssl/ssl_cert.c b/ssl/ssl_cert.c
index bfaf69a..f2de54b 100644
--- a/ssl/ssl_cert.c
+++ b/ssl/ssl_cert.c
@@ -740,7 +740,6 @@ int ssl_verify_cert_chain(SSL *s, STACK_OF(X509) *sk)
i = s->ctx->app_verify_callback(&ctx); /* should pass app_verify_arg */
#endif
else {
-#ifndef OPENSSL_NO_X509_VERIFY
i = X509_verify_cert(&ctx);
# if 0
/* Dummy error calls so mkerr generates them */
@@ -750,11 +749,6 @@ int ssl_verify_cert_chain(SSL *s, STACK_OF(X509) *sk)
# endif
if (i > 0)
i = ssl_security_cert_chain(s, ctx.chain, NULL, 1);
-#else
- i = 0;
- ctx.error = X509_V_ERR_APPLICATION_VERIFICATION;
- SSLerr(SSL_F_SSL_VERIFY_CERT_CHAIN, SSL_R_NO_VERIFY_CALLBACK);
-#endif
}

s->verify_result = ctx.error;
diff --git a/ssl/ssltest.c b/ssl/ssltest.c
index d217efa..a49fd86 100644
--- a/ssl/ssltest.c
+++ b/ssl/ssltest.c
@@ -2909,9 +2909,7 @@ static int app_verify_callback(X509_STORE_CTX *ctx, void *arg)
if (cb_arg->allow_proxy_certs) {
X509_STORE_CTX_set_flags(ctx, X509_V_FLAG_ALLOW_PROXY_CERTS);
}
-#ifndef OPENSSL_NO_X509_VERIFY
ok = X509_verify_cert(ctx);
-#endif

if (cb_arg->proxy_auth) {
if (ok > 0) {

Rich Salz

unread,

Jan 27, 2015, 10:23:15 AM1/27/15

to

The branch master has been updated

via c73ad690174171b63a53dabdb2f2d9ebfd30053a (commit)
from a00ae6c46e0d7907a7c9f9e85334e968aa5fd338 (commit)

- Log -----------------------------------------------------------------
commit c73ad690174171b63a53dabdb2f2d9ebfd30053a
Author: Rich Salz <rs...@openssl.org>
Date: Tue Jan 27 10:19:14 2015 -0500

OPENSSL_NO_xxx cleanup: RFC3779

Remove OPENSSL_NO_RFCF3779.

Also, makevms.com was ignored by some of the other cleanups, so
I caught it up. Sorry I ignored you, poor little VMS...

Reviewed-by: Richard Levitte <lev...@openssl.org>

-----------------------------------------------------------------------

Summary of changes:

crypto/asn1/x_x509.c | 4 ----
crypto/x509/x509.h | 2 --
crypto/x509/x509_vfy.c | 2 --
crypto/x509v3/ext_dat.h | 2 --
crypto/x509v3/v3_addr.c | 11 ++++-------
crypto/x509v3/v3_asid.c | 7 ++-----
crypto/x509v3/v3_purp.c | 4 ----
crypto/x509v3/x509v3.h | 28 ++++++++++++----------------
makevms.com | 7 +------
util/mkdef.pl | 6 +-----
10 files changed, 20 insertions(+), 53 deletions(-)

diff --git a/crypto/asn1/x_x509.c b/crypto/asn1/x_x509.c
index cd838e0..f487dbb 100644
--- a/crypto/asn1/x_x509.c
+++ b/crypto/asn1/x_x509.c
@@ -95,10 +95,8 @@ static int x509_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
ret->ex_pathlen = -1;
ret->skid = NULL;
ret->akid = NULL;
-#ifndef OPENSSL_NO_RFC3779
ret->rfc3779_addr = NULL;
ret->rfc3779_asid = NULL;
-#endif
ret->aux = NULL;
ret->crldp = NULL;
CRYPTO_new_ex_data(CRYPTO_EX_INDEX_X509, ret, &ret->ex_data);
@@ -119,10 +117,8 @@ static int x509_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
policy_cache_free(ret->policy_cache);
GENERAL_NAMES_free(ret->altname);
NAME_CONSTRAINTS_free(ret->nc);
-#ifndef OPENSSL_NO_RFC3779
sk_IPAddressFamily_pop_free(ret->rfc3779_addr, IPAddressFamily_free);
ASIdentifiers_free(ret->rfc3779_asid);
-#endif

if (ret->name != NULL)
OPENSSL_free(ret->name);
diff --git a/crypto/x509/x509.h b/crypto/x509/x509.h
index 5b25de0..13f7531 100644
--- a/crypto/x509/x509.h
+++ b/crypto/x509/x509.h
@@ -278,10 +278,8 @@ struct x509_st {
STACK_OF(DIST_POINT) *crldp;
STACK_OF(GENERAL_NAME) *altname;
NAME_CONSTRAINTS *nc;
-# ifndef OPENSSL_NO_RFC3779
STACK_OF(IPAddressFamily) *rfc3779_addr;
struct ASIdentifiers_st *rfc3779_asid;
-# endif
# ifndef OPENSSL_NO_SHA
unsigned char sha1_hash[SHA_DIGEST_LENGTH];
# endif
diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c
index 8e639c8..31bb95b 100644
--- a/crypto/x509/x509_vfy.c
+++ b/crypto/x509/x509_vfy.c
@@ -439,7 +439,6 @@ int X509_verify_cert(X509_STORE_CTX *ctx)
if (!ok)
goto end;

-#ifndef OPENSSL_NO_RFC3779
/* RFC 3779 path validation, now that CRL check has been done */
ok = v3_asid_validate_path(ctx);
if (!ok)
@@ -447,7 +446,6 @@ int X509_verify_cert(X509_STORE_CTX *ctx)
ok = v3_addr_validate_path(ctx);
if (!ok)
goto end;
-#endif

/* If we get this far evaluate policies */
if (!bad_chain && (ctx->param->flags & X509_V_FLAG_POLICY_CHECK))
diff --git a/crypto/x509v3/ext_dat.h b/crypto/x509v3/ext_dat.h
index c3a6fce..4e0fe92 100644
--- a/crypto/x509v3/ext_dat.h
+++ b/crypto/x509v3/ext_dat.h
@@ -103,10 +103,8 @@ static const X509V3_EXT_METHOD *standard_exts[] = {
#endif
&v3_sxnet,
&v3_info,
-#ifndef OPENSSL_NO_RFC3779
&v3_addr,
&v3_asid,
-#endif
#ifndef OPENSSL_NO_OCSP
&v3_ocsp_nonce,
&v3_ocsp_crlid,
diff --git a/crypto/x509v3/v3_addr.c b/crypto/x509v3/v3_addr.c
index 94cfed0..1635421 100644
--- a/crypto/x509v3/v3_addr.c
+++ b/crypto/x509v3/v3_addr.c
@@ -69,7 +69,6 @@
#include <openssl/buffer.h>
#include <openssl/x509v3.h>

-#ifndef OPENSSL_NO_RFC3779

/*
* OpenSSL ASN.1 template translation of RFC 3779 2.2.3.
@@ -108,7 +107,7 @@ IMPLEMENT_ASN1_FUNCTIONS(IPAddressFamily)
/*
* How much buffer space do we need for a raw address?
*/
-# define ADDR_RAW_BUF_LEN 16
+#define ADDR_RAW_BUF_LEN 16

/*
* What's the address length associated with this AFI?
@@ -163,7 +162,7 @@ static int addr_expand(unsigned char *addr,
/*
* Extract the prefix length from a bitstring.
*/
-# define addr_prefixlen(bs) ((int) ((bs)->length * 8 - ((bs)->flags & 7)))
+#define addr_prefixlen(bs) ((int) ((bs)->length * 8 - ((bs)->flags & 7)))

/*
* i2r handler for one address bitstring.
@@ -1195,7 +1194,7 @@ int v3_addr_subset(IPAddrBlocks *a, IPAddrBlocks *b)
/*
* Validation error handling via callback.
*/
-# define validation_err(_err_) \
+#define validation_err(_err_) \
do { \
if (ctx != NULL) { \
ctx->error = _err_; \
@@ -1315,7 +1314,7 @@ static int v3_addr_validate_path_internal(X509_STORE_CTX *ctx,
return ret;
}

-# undef validation_err
+#undef validation_err

/*
* RFC 3779 2.3 path validation -- called from X509_verify_cert().
@@ -1340,5 +1339,3 @@ int v3_addr_validate_resource_set(STACK_OF(X509) *chain,
return 0;
return v3_addr_validate_path_internal(NULL, chain, ext);
}
-
-#endif /* OPENSSL_NO_RFC3779 */
diff --git a/crypto/x509v3/v3_asid.c b/crypto/x509v3/v3_asid.c
index 68a5f68..34469eb 100644
--- a/crypto/x509v3/v3_asid.c
+++ b/crypto/x509v3/v3_asid.c
@@ -69,7 +69,6 @@
#include <openssl/x509.h>
#include <openssl/bn.h>

-#ifndef OPENSSL_NO_RFC3779

/*
* OpenSSL ASN.1 template translation of RFC 3779 3.2.3.
@@ -736,7 +735,7 @@ int v3_asid_subset(ASIdentifiers *a, ASIdentifiers *b)
/*
* Validation error handling via callback.
*/
-# define validation_err(_err_) \
+#define validation_err(_err_) \
do { \
if (ctx != NULL) { \
ctx->error = _err_; \
@@ -869,7 +868,7 @@ static int v3_asid_validate_path_internal(X509_STORE_CTX *ctx,
return ret;
}

-# undef validation_err
+#undef validation_err

/*
* RFC 3779 3.3 path validation -- called from X509_verify_cert().
@@ -894,5 +893,3 @@ int v3_asid_validate_resource_set(STACK_OF(X509) *chain,
return 0;
return v3_asid_validate_path_internal(NULL, chain, ext);
}
-
-#endif /* OPENSSL_NO_RFC3779 */
diff --git a/crypto/x509v3/v3_purp.c b/crypto/x509v3/v3_purp.c
index 36b0d87..dfc8c5b 100644
--- a/crypto/x509v3/v3_purp.c
+++ b/crypto/x509v3/v3_purp.c
@@ -322,10 +322,8 @@ int X509_supported_extension(X509_EXTENSION *ex)
NID_basic_constraints, /* 87 */
NID_certificate_policies, /* 89 */
NID_ext_key_usage, /* 126 */
-#ifndef OPENSSL_NO_RFC3779
NID_sbgp_ipAddrBlock, /* 290 */
NID_sbgp_autonomousSysNum, /* 291 */
-#endif
NID_policy_constraints, /* 401 */
NID_proxyCertInfo, /* 663 */
NID_name_constraints, /* 666 */
@@ -508,11 +506,9 @@ static void x509v3_cache_extensions(X509 *x)
x->ex_flags |= EXFLAG_INVALID;
setup_crldp(x);

-#ifndef OPENSSL_NO_RFC3779
x->rfc3779_addr = X509_get_ext_d2i(x, NID_sbgp_ipAddrBlock, NULL, NULL);
x->rfc3779_asid = X509_get_ext_d2i(x, NID_sbgp_autonomousSysNum,
NULL, NULL);
-#endif
for (i = 0; i < X509_get_ext_count(x); i++) {
ex = X509_get_ext(x, i);
if (OBJ_obj2nid(X509_EXTENSION_get_object(ex))
diff --git a/crypto/x509v3/x509v3.h b/crypto/x509v3/x509v3.h
index a0c7e1a..a99d71b 100644
--- a/crypto/x509v3/x509v3.h
+++ b/crypto/x509v3/x509v3.h
@@ -758,14 +758,12 @@ int X509V3_NAME_from_section(X509_NAME *nm, STACK_OF(CONF_VALUE) *dn_sk,
void X509_POLICY_NODE_print(BIO *out, X509_POLICY_NODE *node, int indent);
DECLARE_STACK_OF(X509_POLICY_NODE)

-# ifndef OPENSSL_NO_RFC3779
-
typedef struct ASRange_st {
ASN1_INTEGER *min, *max;
} ASRange;

-# define ASIdOrRange_id 0
-# define ASIdOrRange_range 1
+# define ASIdOrRange_id 0
+# define ASIdOrRange_range 1

typedef struct ASIdOrRange_st {
int type;
@@ -778,8 +776,8 @@ typedef struct ASIdOrRange_st {
typedef STACK_OF(ASIdOrRange) ASIdOrRanges;
DECLARE_STACK_OF(ASIdOrRange)

-# define ASIdentifierChoice_inherit 0
-# define ASIdentifierChoice_asIdsOrRanges 1
+# define ASIdentifierChoice_inherit 0
+# define ASIdentifierChoice_asIdsOrRanges 1

typedef struct ASIdentifierChoice_st {
int type;
@@ -802,8 +800,8 @@ typedef struct IPAddressRange_st {
ASN1_BIT_STRING *min, *max;
} IPAddressRange;

-# define IPAddressOrRange_addressPrefix 0
-# define IPAddressOrRange_addressRange 1
+# define IPAddressOrRange_addressPrefix 0
+# define IPAddressOrRange_addressRange 1

typedef struct IPAddressOrRange_st {
int type;
@@ -816,8 +814,8 @@ typedef struct IPAddressOrRange_st {
typedef STACK_OF(IPAddressOrRange) IPAddressOrRanges;
DECLARE_STACK_OF(IPAddressOrRange)

-# define IPAddressChoice_inherit 0
-# define IPAddressChoice_addressesOrRanges 1
+# define IPAddressChoice_inherit 0
+# define IPAddressChoice_addressesOrRanges 1

typedef struct IPAddressChoice_st {
int type;
@@ -843,8 +841,8 @@ DECLARE_ASN1_FUNCTIONS(IPAddressFamily)
/*
* API tag for elements of the ASIdentifer SEQUENCE.
*/
-# define V3_ASID_ASNUM 0
-# define V3_ASID_RDI 1
+# define V3_ASID_ASNUM 0
+# define V3_ASID_RDI 1

/*
* AFI values, assigned by IANA. It'd be nice to make the AFI
@@ -852,8 +850,8 @@ DECLARE_ASN1_FUNCTIONS(IPAddressFamily)
* that would need to be defined for other address families for it to
* be worth the trouble.
*/
-# define IANA_AFI_IPV4 1
-# define IANA_AFI_IPV6 2
+# define IANA_AFI_IPV4 1
+# define IANA_AFI_IPV6 2

/*
* Utilities to construct and extract values from RFC3779 extensions,
@@ -902,8 +900,6 @@ int v3_asid_validate_resource_set(STACK_OF(X509) *chain,
int v3_addr_validate_resource_set(STACK_OF(X509) *chain,
IPAddrBlocks *ext, int allow_inheritance);

-# endif /* OPENSSL_NO_RFC3779 */
-
/* BEGIN ERROR CODES */
/*
* The following lines are auto generated by the script mkerr.pl. Any changes
diff --git a/makevms.com b/makevms.com
index 82aa4ce..4705346 100755
--- a/makevms.com
+++ b/makevms.com
@@ -250,9 +250,6 @@ $! For that reason, the list will also always end up in alphabetical order
$ CONFIG_LOGICALS := AES,-
ASM,INLINE_ASM,-
BF,-
- BIO,-
- BUFFER,-
- BUF_FREELISTS,-
CAMELLIA,-
CAST,-
CMS,-
@@ -289,7 +286,6 @@ $ CONFIG_LOGICALS := AES,-
RC2,-
RC4,-
RC5,-
- RFC3779,-
RIPEMD,-
RSA,-
SEED,-
@@ -306,8 +302,7 @@ $ CONFIG_LOGICALS := AES,-
STDIO,-
STORE,-
TLSEXT,-
- WHIRLPOOL,-
- X509
+ WHIRLPOOL
$! Add a few that we know about
$ CONFIG_LOGICALS := 'CONFIG_LOGICALS',-
THREADS
diff --git a/util/mkdef.pl b/util/mkdef.pl
index e5063b0..a6f64e3 100755
--- a/util/mkdef.pl
+++ b/util/mkdef.pl
@@ -97,8 +97,6 @@ my @known_algorithms = ( "RC2", "RC4", "RC5", "IDEA", "DES", "BF",
"FP_API", "STDIO", "SOCK", "KRB5", "DGRAM",
# Engines
"STATIC_ENGINE", "ENGINE", "HW", "GMP",
- # RFC3779
- "RFC3779",
# TLS
"TLSEXT", "PSK", "SRP", "HEARTBEATS",
# CMS
@@ -140,7 +138,7 @@ my $no_md2; my $no_md4; my $no_md5; my $no_sha; my $no_ripemd; my $no_mdc2;
my $no_rsa; my $no_dsa; my $no_dh; my $no_hmac=0; my $no_aes; my $no_krb5;
my $no_ec; my $no_ecdsa; my $no_ecdh; my $no_engine; my $no_hw;
my $no_fp_api; my $no_static_engine=1; my $no_gmp; my $no_deprecated;
-my $no_rfc3779; my $no_psk; my $no_tlsext; my $no_cms; my $no_capieng;
+my my $no_psk; my $no_tlsext; my $no_cms; my $no_capieng;
my $no_jpake; my $no_srp; my $no_ec2m; my $no_nistp_gcc;
my $no_nextprotoneg; my $no_sctp; my $no_srtp; my $no_ssl_trace;
my $no_unit_test; my $no_ssl3_method;
@@ -231,7 +229,6 @@ foreach (@ARGV, split(/ /, $options))
elsif (/^no-engine$/) { $no_engine=1; }
elsif (/^no-hw$/) { $no_hw=1; }
elsif (/^no-gmp$/) { $no_gmp=1; }
- elsif (/^no-rfc3779$/) { $no_rfc3779=1; }
elsif (/^no-tlsext$/) { $no_tlsext=1; }
elsif (/^no-cms$/) { $no_cms=1; }
elsif (/^no-ec2m$/) { $no_ec2m=1; }
@@ -1209,7 +1206,6 @@ sub is_valid
if ($keyword eq "FP_API" && $no_fp_api) { return 0; }
if ($keyword eq "STATIC_ENGINE" && $no_static_engine) { return 0; }
if ($keyword eq "GMP" && $no_gmp) { return 0; }
- if ($keyword eq "RFC3779" && $no_rfc3779) { return 0; }
if ($keyword eq "TLSEXT" && $no_tlsext) { return 0; }
if ($keyword eq "PSK" && $no_psk) { return 0; }
if ($keyword eq "CMS" && $no_cms) { return 0; }

Rich Salz

unread,

Jan 27, 2015, 12:47:25 PM1/27/15

to

The branch master has been updated

via 474e469bbd056aebcf7e7d3207ef820f2faed4ce (commit)
from c73ad690174171b63a53dabdb2f2d9ebfd30053a (commit)

- Log -----------------------------------------------------------------
commit 474e469bbd056aebcf7e7d3207ef820f2faed4ce
Author: Rich Salz <rs...@openssl.org>
Date: Tue Jan 27 12:34:45 2015 -0500

OPENSSL_NO_xxx cleanup: SHA

Remove support for SHA0 and DSS0 (they were broken), and remove
the ability to attempt to build without SHA (it didn't work).
For simplicity, remove the option of not building various SHA algorithms;
you could argue that SHA_224/256/384/512 should be kept, since they're
like crypto algorithms, but I decided to go the other way.
So these options are gone:
GENUINE_DSA OPENSSL_NO_SHA0
OPENSSL_NO_SHA OPENSSL_NO_SHA1
OPENSSL_NO_SHA224 OPENSSL_NO_SHA256
OPENSSL_NO_SHA384 OPENSSL_NO_SHA512

Reviewed-by: Richard Levitte <lev...@openssl.org>

-----------------------------------------------------------------------

Summary of changes:

apps/pkcs12.c | 2 +-
apps/progs.h | 14 +--
apps/progs.pl | 34 +++----
apps/speed.c | 50 +----------
crypto/asn1/x_crl.c | 2 -
crypto/bn/bn_rand.c | 2 -
crypto/dsa/dsa_depr.c | 33 +++----
crypto/dsa/dsa_gen.c | 30 ++-----
crypto/dsa/dsa_key.c | 8 +-
crypto/dsa/dsa_ossl.c | 5 +-
crypto/ecdh/ecdhtest.c | 7 +-
crypto/ecdsa/ecs_ossl.c | 5 +-
crypto/engine/eng_openssl.c | 7 --
crypto/evp/Makefile | 17 +---
crypto/evp/c_allc.c | 4 -
crypto/evp/c_alld.c | 12 ---
crypto/evp/e_aes_cbc_hmac_sha1.c | 2 +-
crypto/evp/e_aes_cbc_hmac_sha256.c | 2 +-
crypto/evp/e_des3.c | 4 +-
crypto/evp/evp.h | 12 ---
crypto/evp/m_dss.c | 2 -
crypto/evp/m_dss1.c | 15 ++--
crypto/evp/m_ecdsa.c | 3 -
crypto/evp/m_sha.c | 105 ----------------------
crypto/evp/m_sha1.c | 19 ++--
crypto/evp/p5_crpt2.c | 2 +-
crypto/evp/p5_crpt2_test.c | 15 ----
crypto/lhash/lhash.h | 4 +
crypto/ocsp/ocsp_lib.c | 2 -
crypto/rand/rand_lcl.h | 12 +--
crypto/rsa/rsa_eay.c | 4 -
crypto/rsa/rsa_oaep.c | 21 ++---
crypto/sha/Makefile | 15 +---
crypto/sha/sha.h | 45 +++-------
crypto/sha/sha1_one.c | 2 -
crypto/sha/sha1dgst.c | 6 --
crypto/sha/sha1test.c | 44 +++------
crypto/sha/sha256.c | 64 +++++++------
crypto/sha/sha256t.c | 9 --
crypto/sha/sha512.c | 169 +++++++++++++++++-----------------
crypto/sha/sha512t.c | 9 --
crypto/sha/sha_dgst.c | 74 ---------------
crypto/sha/sha_locl.h | 38 +++-----
crypto/sha/sha_one.c | 79 ----------------
crypto/sha/shatest.c | 174 ------------------------------------
crypto/x509/x509.h | 8 +-
crypto/x509/x509_cmp.c | 4 -
crypto/x509v3/v3_purp.c | 2 -
doc/crypto/EVP_DigestInit.pod | 11 ++-
engines/e_sureware.c | 2 -
makevms.com | 6 --
ssl/s3_cbc.c | 21 +----
ssl/s3_clnt.c | 4 -
ssl/s3_srvr.c | 2 +-
ssl/ssl_algs.c | 17 +---
ssl/ssl_locl.h | 5 --
ssl/t1_lib.c | 22 +----
util/mk1mf.pl | 13 +--
util/mkdef.pl | 1 -
59 files changed, 240 insertions(+), 1062 deletions(-)
delete mode 100644 crypto/evp/m_sha.c
delete mode 100644 crypto/sha/sha_dgst.c
delete mode 100644 crypto/sha/sha_one.c
delete mode 100644 crypto/sha/shatest.c

diff --git a/apps/pkcs12.c b/apps/pkcs12.c
index 1e26c13..0de46f0 100644
--- a/apps/pkcs12.c
+++ b/apps/pkcs12.c
@@ -58,7 +58,7 @@
*/

#include <openssl/opensslconf.h>
-#if !defined(OPENSSL_NO_DES) && !defined(OPENSSL_NO_SHA1)
+#if !defined(OPENSSL_NO_DES)

# include <stdio.h>
# include <stdlib.h>
diff --git a/apps/progs.h b/apps/progs.h
index c66da30..9a8a192 100644
--- a/apps/progs.h
+++ b/apps/progs.h
@@ -128,7 +128,7 @@ FUNCTION functions[] = {
{FUNC_TYPE_GENERAL, "ciphers", ciphers_main},
#endif
{FUNC_TYPE_GENERAL, "nseq", nseq_main},
-#if !defined(OPENSSL_NO_DES) && !defined(OPENSSL_NO_SHA1)
+#if !defined(OPENSSL_NO_DES)
{FUNC_TYPE_GENERAL, "pkcs12", pkcs12_main},
#endif
{FUNC_TYPE_GENERAL, "pkcs8", pkcs8_main},
@@ -158,30 +158,18 @@ FUNCTION functions[] = {
#ifndef OPENSSL_NO_MD5
{FUNC_TYPE_MD, "md5", dgst_main},
#endif
-#ifndef OPENSSL_NO_SHA
{FUNC_TYPE_MD, "sha", dgst_main},
-#endif
-#ifndef OPENSSL_NO_SHA1
{FUNC_TYPE_MD, "sha1", dgst_main},
-#endif
#ifndef OPENSSL_NO_MDC2
{FUNC_TYPE_MD, "mdc2", dgst_main},
#endif
#ifndef OPENSSL_NO_RMD160
{FUNC_TYPE_MD, "rmd160", dgst_main},
#endif
-#ifndef OPENSSL_NO_SHA224
{FUNC_TYPE_MD, "sha224", dgst_main},
-#endif
-#ifndef OPENSSL_NO_SHA256
{FUNC_TYPE_MD, "sha256", dgst_main},
-#endif
-#ifndef OPENSSL_NO_SHA384
{FUNC_TYPE_MD, "sha384", dgst_main},
-#endif
-#ifndef OPENSSL_NO_SHA512
{FUNC_TYPE_MD, "sha512", dgst_main},
-#endif
#ifndef OPENSSL_NO_AES
{FUNC_TYPE_CIPHER, "aes-128-cbc", enc_main},

#endif
diff --git a/apps/progs.pl b/apps/progs.pl

index 8695742..09dd00b 100644
--- a/apps/progs.pl
+++ b/apps/progs.pl
@@ -6,22 +6,22 @@ print "/* automatically generated by progs.pl for openssl.c */\n\n";
grep(s/^asn1pars$/asn1parse/,@ARGV);

foreach (@ARGV)
- { printf "extern int %s_main(int argc,char *argv[]);\n",$_; }
+ { printf "extern int %s_main(int argc, char *argv[]);\n",$_; }

print <<'EOF';

-#define FUNC_TYPE_GENERAL 1
-#define FUNC_TYPE_MD 2
-#define FUNC_TYPE_CIPHER 3
-#define FUNC_TYPE_PKEY 4
-#define FUNC_TYPE_MD_ALG 5
-#define FUNC_TYPE_CIPHER_ALG 6
+#define FUNC_TYPE_GENERAL 1
+#define FUNC_TYPE_MD 2
+#define FUNC_TYPE_CIPHER 3
+#define FUNC_TYPE_PKEY 4
+#define FUNC_TYPE_MD_ALG 5
+#define FUNC_TYPE_CIPHER_ALG 6

typedef struct {
- int type;
- const char *name;
- int (*func)(int argc,char *argv[]);
- } FUNCTION;
+ int type;
+ const char *name;
+ int (*func) (int argc, char *argv[]);
+} FUNCTION;
DECLARE_LHASH_OF(FUNCTION);

FUNCTION functions[] = {
@@ -30,7 +30,7 @@ EOF
foreach (@ARGV)
{
push(@files,$_);
- $str="\t{FUNC_TYPE_GENERAL,\"$_\",${_}_main},\n";
+ $str=" {FUNC_TYPE_GENERAL, \"$_\", ${_}_main},\n";

if (($_ =~ /^s_/) || ($_ =~ /^ciphers$/))
{ print "#if !defined(OPENSSL_NO_SOCK)\n${str}#endif\n"; }

elsif ( ($_ =~ /^engine$/))

@@ -44,7 +44,7 @@ foreach (@ARGV)
elsif ( ($_ =~ /^dh$/) || ($_ =~ /^gendh$/) || ($_ =~ /^dhparam$/))
{ print "#ifndef OPENSSL_NO_DH\n${str}#endif\n"; }
elsif ( ($_ =~ /^pkcs12$/))
- { print "#if !defined(OPENSSL_NO_DES) && !defined(OPENSSL_NO_SHA1)\n${str}#endif\n"; }
+ { print "#if !defined(OPENSSL_NO_DES)\n${str}#endif\n"; }
elsif ( ($_ =~ /^cms$/))
{ print "#ifndef OPENSSL_NO_CMS\n${str}#endif\n"; }
elsif ( ($_ =~ /^ocsp$/))
@@ -58,7 +58,9 @@ foreach (@ARGV)
foreach ("md2","md4","md5","sha","sha1","mdc2","rmd160","sha224","sha256","sha384","sha512")
{
push(@files,$_);
- printf "#ifndef OPENSSL_NO_".uc($_)."\n\t{FUNC_TYPE_MD,\"".$_."\",dgst_main},\n#endif\n";
+ printf "#ifndef OPENSSL_NO_".uc($_)."\n" if ! /sha/;
+ printf " {FUNC_TYPE_MD, \"".$_."\", dgst_main},\n";
+ printf "#endif\n" if ! /sha/;
}

foreach (
@@ -84,7 +86,7 @@ foreach (
{
push(@files,$_);

- $t=sprintf("\t{FUNC_TYPE_CIPHER,\"%s\",enc_main},\n",$_);
+ $t=sprintf(" {FUNC_TYPE_CIPHER, \"%s\", enc_main},\n", $_);
if ($_ =~ /des/) { $t="#ifndef OPENSSL_NO_DES\n${t}#endif\n"; }
elsif ($_ =~ /aes/) { $t="#ifndef OPENSSL_NO_AES\n${t}#endif\n"; }
elsif ($_ =~ /camellia/) { $t="#ifndef OPENSSL_NO_CAMELLIA\n${t}#endif\n"; }
@@ -99,4 +101,4 @@ foreach (
print $t;
}

-print "\t{0,NULL,NULL}\n\t};\n";
+print " {0, NULL, NULL}\n};\n";
diff --git a/apps/speed.c b/apps/speed.c
index f5af9a3..419dced 100644
--- a/apps/speed.c
+++ b/apps/speed.c
@@ -137,9 +137,7 @@
# include <openssl/hmac.h>
#endif
#include <openssl/evp.h>
-#ifndef OPENSSL_NO_SHA
# include <openssl/sha.h>
-#endif
#ifndef OPENSSL_NO_RMD160
# include <openssl/ripemd.h>
#endif
@@ -339,15 +337,10 @@ static const int KDF1_SHA1_len = 20;

static void *KDF1_SHA1(const void *in, size_t inlen, void *out,
size_t *outlen)
{
-# ifndef OPENSSL_NO_SHA

if (*outlen < SHA_DIGEST_LENGTH)
return NULL;

- else
- *outlen = SHA_DIGEST_LENGTH;
+ *outlen = SHA_DIGEST_LENGTH;

return SHA1(in, inlen, out);
-# else

- return NULL;

-# endif /* OPENSSL_NO_SHA */
}

#endif /* OPENSSL_NO_ECDH */

@@ -382,15 +375,9 @@ int MAIN(int argc, char **argv)

unsigned char md5[MD5_DIGEST_LENGTH];
unsigned char hmac[MD5_DIGEST_LENGTH];

#endif
-#ifndef OPENSSL_NO_SHA

unsigned char sha[SHA_DIGEST_LENGTH];
-# ifndef OPENSSL_NO_SHA256

unsigned char sha256[SHA256_DIGEST_LENGTH];
-# endif
-# ifndef OPENSSL_NO_SHA512

unsigned char sha512[SHA512_DIGEST_LENGTH];
-# endif

-#endif

#ifndef OPENSSL_NO_WHIRLPOOL
unsigned char whirlpool[WHIRLPOOL_DIGEST_LENGTH];

#endif
@@ -827,23 +814,15 @@ int MAIN(int argc, char **argv)

doit[D_HMAC] = 1;
else

#endif
-#ifndef OPENSSL_NO_SHA

if (strcmp(*argv, "sha1") == 0)
doit[D_SHA1] = 1;
else if (strcmp(*argv, "sha") == 0)
doit[D_SHA1] = 1, doit[D_SHA256] = 1, doit[D_SHA512] = 1;

- else
-# ifndef OPENSSL_NO_SHA256
- if (strcmp(*argv, "sha256") == 0)
+ else if (strcmp(*argv, "sha256") == 0)
doit[D_SHA256] = 1;
- else

-# endif
-# ifndef OPENSSL_NO_SHA512

- if (strcmp(*argv, "sha512") == 0)
+ else if (strcmp(*argv, "sha512") == 0)

doit[D_SHA512] = 1;
else
-# endif

-#endif

#ifndef OPENSSL_NO_WHIRLPOOL
if (strcmp(*argv, "whirlpool") == 0)
doit[D_WHIRLPOOL] = 1;

@@ -1110,27 +1089,16 @@ int MAIN(int argc, char **argv)
BIO_printf(bio_err, "hmac ");
# endif
#endif
-#ifndef OPENSSL_NO_SHA1
BIO_printf(bio_err, "sha1 ");
-#endif
-#ifndef OPENSSL_NO_SHA256
BIO_printf(bio_err, "sha256 ");
-#endif
-#ifndef OPENSSL_NO_SHA512
BIO_printf(bio_err, "sha512 ");
-#endif
#ifndef OPENSSL_NO_WHIRLPOOL
BIO_printf(bio_err, "whirlpool");
#endif
#ifndef OPENSSL_NO_RMD160
BIO_printf(bio_err, "rmd160");
#endif
-#if !defined(OPENSSL_NO_MD2) || !defined(OPENSSL_NO_MDC2) || \
- !defined(OPENSSL_NO_MD4) || !defined(OPENSSL_NO_MD5) || \
- !defined(OPENSSL_NO_SHA1) || !defined(OPENSSL_NO_RMD160) || \
- !defined(OPENSSL_NO_WHIRLPOOL)
BIO_printf(bio_err, "\n");
-#endif

#ifndef OPENSSL_NO_IDEA
BIO_printf(bio_err, "idea-cbc ");
@@ -1660,23 +1628,16 @@ int MAIN(int argc, char **argv)
HMAC_CTX_cleanup(&hctx);
}
#endif
-#ifndef OPENSSL_NO_SHA

if (doit[D_SHA1]) {
for (j = 0; j < SIZE_NUM; j++) {
print_message(names[D_SHA1], c[D_SHA1][j], lengths[j]);
Time_F(START);
for (count = 0, run = 1; COND(c[D_SHA1][j]); count++)
-# if 0

- EVP_Digest(buf, (unsigned long)lengths[j], &(sha[0]), NULL,
- EVP_sha1(), NULL);
-# else

SHA1(buf, lengths[j], sha);
-# endif

d = Time_F(STOP);
print_result(D_SHA1, j, count, d);
}
}
-# ifndef OPENSSL_NO_SHA256

if (doit[D_SHA256]) {
for (j = 0; j < SIZE_NUM; j++) {
print_message(names[D_SHA256], c[D_SHA256][j], lengths[j]);

@@ -1687,9 +1648,6 @@ int MAIN(int argc, char **argv)

print_result(D_SHA256, j, count, d);
}
}
-# endif

-
-# ifndef OPENSSL_NO_SHA512

if (doit[D_SHA512]) {
for (j = 0; j < SIZE_NUM; j++) {
print_message(names[D_SHA512], c[D_SHA512][j], lengths[j]);

@@ -1700,8 +1658,6 @@ int MAIN(int argc, char **argv)

print_result(D_SHA512, j, count, d);
}
}
-# endif

-#endif

#ifndef OPENSSL_NO_WHIRLPOOL
if (doit[D_WHIRLPOOL]) {

diff --git a/crypto/asn1/x_crl.c b/crypto/asn1/x_crl.c
index 0279503..79eab4f 100644
--- a/crypto/asn1/x_crl.c
+++ b/crypto/asn1/x_crl.c
@@ -220,9 +220,7 @@ static int crl_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
break;

case ASN1_OP_D2I_POST:
-#ifndef OPENSSL_NO_SHA
X509_CRL_digest(crl, EVP_sha1(), crl->sha1_hash, NULL);
-#endif
crl->idp = X509_CRL_get_ext_d2i(crl,
NID_issuing_distribution_point, NULL,
NULL);
diff --git a/crypto/bn/bn_rand.c b/crypto/bn/bn_rand.c
index de60286..ecdce9f 100644
--- a/crypto/bn/bn_rand.c
+++ b/crypto/bn/bn_rand.c
@@ -289,7 +289,6 @@ int BN_pseudo_rand_range(BIGNUM *r, const BIGNUM *range)
return bn_rand_range(1, r, range);
}

-#ifndef OPENSSL_NO_SHA512
/*
* BN_generate_dsa_nonce generates a random number 0 <= out < range. Unlike
* BN_rand_range, it also includes the contents of |priv| and |message| in
@@ -362,4 +361,3 @@ int BN_generate_dsa_nonce(BIGNUM *out, const BIGNUM *range,
OPENSSL_free(k_bytes);
return ret;
}
-#endif /* OPENSSL_NO_SHA512 */
diff --git a/crypto/dsa/dsa_depr.c b/crypto/dsa/dsa_depr.c
index b3d0fab..be1df13 100644
--- a/crypto/dsa/dsa_depr.c
+++ b/crypto/dsa/dsa_depr.c
@@ -58,37 +58,25 @@
* version(s).
*/

-#undef GENUINE_DSA
-
-#ifdef GENUINE_DSA
-/*
- * Parameter generation follows the original release of FIPS PUB 186,
- * Appendix 2.2 (i.e. use SHA as defined in FIPS PUB 180)
- */
-# define HASH EVP_sha()
-#else
/*
* Parameter generation follows the updated Appendix 2.2 for FIPS PUB 186,
* also Appendix 2.2 of FIPS PUB 186-1 (i.e. use SHA as defined in FIPS PUB
* 180-1)
*/
-# define HASH EVP_sha1()
-#endif
+#define xxxHASH EVP_sha1()

static void *dummy = &dummy;

-#ifndef OPENSSL_NO_SHA
-
-# include <stdio.h>
-# include <time.h>
-# include "cryptlib.h"
-# include <openssl/evp.h>
-# include <openssl/bn.h>
-# include <openssl/dsa.h>
-# include <openssl/rand.h>
-# include <openssl/sha.h>
+#include <stdio.h>
+#include <time.h>
+#include "cryptlib.h"
+#include <openssl/evp.h>
+#include <openssl/bn.h>
+#include <openssl/dsa.h>
+#include <openssl/rand.h>
+#include <openssl/sha.h>

-# ifndef OPENSSL_NO_DEPRECATED
+#ifndef OPENSSL_NO_DEPRECATED
DSA *DSA_generate_parameters(int bits,
unsigned char *seed_in, int seed_len,
int *counter_ret, unsigned long *h_ret,
@@ -117,5 +105,4 @@ DSA *DSA_generate_parameters(int bits,
DSA_free(ret);
return NULL;
}
-# endif
#endif
diff --git a/crypto/dsa/dsa_gen.c b/crypto/dsa/dsa_gen.c
index 5e92d93..37b23c9 100644
--- a/crypto/dsa/dsa_gen.c
+++ b/crypto/dsa/dsa_gen.c
@@ -56,35 +56,23 @@

* [including the GNU Public Licence.]
*/

-#undef GENUINE_DSA
-
-#ifdef GENUINE_DSA
-/*
- * Parameter generation follows the original release of FIPS PUB 186,
- * Appendix 2.2 (i.e. use SHA as defined in FIPS PUB 180)
- */
-# define HASH EVP_sha()
-#else
/*
* Parameter generation follows the updated Appendix 2.2 for FIPS PUB 186,
* also Appendix 2.2 of FIPS PUB 186-1 (i.e. use SHA as defined in FIPS PUB
* 180-1)
*/
-# define HASH EVP_sha1()
-#endif
+#define xxxHASH EVP_sha1()

#include <openssl/opensslconf.h> /* To see if OPENSSL_NO_SHA is defined */

-#ifndef OPENSSL_NO_SHA
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/evp.h>
+#include <openssl/bn.h>
+#include <openssl/rand.h>
+#include <openssl/sha.h>

-# include <stdio.h>
-# include "cryptlib.h"
-# include <openssl/evp.h>
-# include <openssl/bn.h>
-# include <openssl/rand.h>
-# include <openssl/sha.h>
-
-# include "dsa_locl.h"
+#include "dsa_locl.h"

int DSA_generate_parameters_ex(DSA *ret, int bits,
const unsigned char *seed_in, int seed_len,
@@ -714,5 +702,3 @@ int dsa_paramgen_check_g(DSA *dsa)
return rv;

}
-
-#endif
diff --git a/crypto/dsa/dsa_key.c b/crypto/dsa/dsa_key.c
index 8584963..1c05b0f 100644
--- a/crypto/dsa/dsa_key.c
+++ b/crypto/dsa/dsa_key.c
@@ -59,10 +59,9 @@
#include <stdio.h>
#include <time.h>
#include "cryptlib.h"
-#ifndef OPENSSL_NO_SHA
-# include <openssl/bn.h>
-# include <openssl/dsa.h>
-# include <openssl/rand.h>
+#include <openssl/bn.h>
+#include <openssl/dsa.h>
+#include <openssl/rand.h>

static int dsa_builtin_keygen(DSA *dsa);

@@ -133,4 +132,3 @@ static int dsa_builtin_keygen(DSA *dsa)
BN_CTX_free(ctx);
return (ok);
}
-#endif
diff --git a/crypto/dsa/dsa_ossl.c b/crypto/dsa/dsa_ossl.c
index bd83227..96f5d6f 100644
--- a/crypto/dsa/dsa_ossl.c
+++ b/crypto/dsa/dsa_ossl.c
@@ -258,7 +258,6 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in,

/* Get random k */
do {
-#ifndef OPENSSL_NO_SHA512
if (dgst != NULL) {
/*
* We calculate k from SHA512(private_key + H(message) + random).
@@ -267,9 +266,7 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in,
if (!BN_generate_dsa_nonce(k, dsa->q, dsa->priv_key, dgst,
dlen, ctx))
goto err;
- } else
-#endif
- if (!BN_rand_range(k, dsa->q))
+ } else if (!BN_rand_range(k, dsa->q))
goto err;
} while (BN_is_zero(k));

diff --git a/crypto/ecdh/ecdhtest.c b/crypto/ecdh/ecdhtest.c
index a791d63..04b0cf3 100644
--- a/crypto/ecdh/ecdhtest.c
+++ b/crypto/ecdh/ecdhtest.c
@@ -103,15 +103,10 @@ static const int KDF1_SHA1_len = 20;

static void *KDF1_SHA1(const void *in, size_t inlen, void *out,
size_t *outlen)
{
-# ifndef OPENSSL_NO_SHA

if (*outlen < SHA_DIGEST_LENGTH)
return NULL;

- else
- *outlen = SHA_DIGEST_LENGTH;
+ *outlen = SHA_DIGEST_LENGTH;

return SHA1(in, inlen, out);
-# else

- return NULL;
-# endif
}

static int test_ecdh_curve(int nid, const char *text, BN_CTX *ctx, BIO *out)
diff --git a/crypto/ecdsa/ecs_ossl.c b/crypto/ecdsa/ecs_ossl.c
index 95d9dad..c232321 100644
--- a/crypto/ecdsa/ecs_ossl.c
+++ b/crypto/ecdsa/ecs_ossl.c
@@ -140,7 +140,6 @@ static int ecdsa_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in,
do {
/* get random k */
do
-#ifndef OPENSSL_NO_SHA512
if (dgst != NULL) {
if (!BN_generate_dsa_nonce
(k, order, EC_KEY_get0_private_key(eckey), dgst, dlen,
@@ -149,9 +148,7 @@ static int ecdsa_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in,
ECDSA_R_RANDOM_NUMBER_GENERATION_FAILED);
goto err;
}
- } else
-#endif
- {
+ } else {
if (!BN_rand_range(k, order)) {
ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP,
ECDSA_R_RANDOM_NUMBER_GENERATION_FAILED);
diff --git a/crypto/engine/eng_openssl.c b/crypto/engine/eng_openssl.c
index 19c5213..3e12ecf 100644
--- a/crypto/engine/eng_openssl.c
+++ b/crypto/engine/eng_openssl.c
@@ -108,13 +108,6 @@
# undef TEST_ENG_OPENSSL_RC4_P_INIT
# undef TEST_ENG_OPENSSL_RC4_P_CIPHER
#endif
-#if defined(OPENSSL_NO_SHA) || defined(OPENSSL_NO_SHA0) || defined(OPENSSL_NO_SHA1)
-# undef TEST_ENG_OPENSSL_SHA
-# undef TEST_ENG_OPENSSL_SHA_OTHERS
-# undef TEST_ENG_OPENSSL_SHA_P_INIT
-# undef TEST_ENG_OPENSSL_SHA_P_UPDATE
-# undef TEST_ENG_OPENSSL_SHA_P_FINAL
-#endif

#ifdef TEST_ENG_OPENSSL_RC4
static int openssl_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
diff --git a/crypto/evp/Makefile b/crypto/evp/Makefile
index fd5727d..f882096 100644
--- a/crypto/evp/Makefile
+++ b/crypto/evp/Makefile
@@ -22,7 +22,7 @@ LIBSRC= encode.c digest.c evp_enc.c evp_key.c evp_acnf.c evp_cnf.c \
e_des.c e_bf.c e_idea.c e_des3.c e_camellia.c\
e_rc4.c e_aes.c names.c e_seed.c \
e_xcbc_d.c e_rc2.c e_cast.c e_rc5.c \
- m_null.c m_md2.c m_md4.c m_md5.c m_sha.c m_sha1.c m_wp.c \
+ m_null.c m_md2.c m_md4.c m_md5.c m_sha1.c m_wp.c \
m_dss.c m_dss1.c m_mdc2.c m_ripemd.c m_ecdsa.c\
p_open.c p_seal.c p_sign.c p_verify.c p_lib.c p_enc.c p_dec.c \
bio_md.c bio_b64.c bio_enc.c evp_err.c e_null.c \
@@ -35,7 +35,7 @@ LIBOBJ= encode.o digest.o evp_enc.o evp_key.o evp_acnf.o evp_cnf.o \
e_des.o e_bf.o e_idea.o e_des3.o e_camellia.o\
e_rc4.o e_aes.o names.o e_seed.o \
e_xcbc_d.o e_rc2.o e_cast.o e_rc5.o \
- m_null.o m_md2.o m_md4.o m_md5.o m_sha.o m_sha1.o m_wp.o \
+ m_null.o m_md2.o m_md4.o m_md5.o m_sha1.o m_wp.o \
m_dss.o m_dss1.o m_mdc2.o m_ripemd.o m_ecdsa.o\
p_open.o p_seal.o p_sign.o p_verify.o p_lib.o p_enc.o p_dec.o \
bio_md.o bio_b64.o bio_enc.o evp_err.o e_null.o \
@@ -568,19 +568,6 @@ m_ripemd.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
m_ripemd.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
m_ripemd.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
m_ripemd.o: ../../include/openssl/x509_vfy.h ../cryptlib.h m_ripemd.c
-m_sha.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
-m_sha.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-m_sha.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
-m_sha.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
-m_sha.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-m_sha.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-m_sha.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-m_sha.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-m_sha.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h
-m_sha.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-m_sha.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-m_sha.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-m_sha.o: ../cryptlib.h m_sha.c
m_sha1.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
m_sha1.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
m_sha1.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
diff --git a/crypto/evp/c_allc.c b/crypto/evp/c_allc.c
index 0a1f90a..174a419 100644
--- a/crypto/evp/c_allc.c
+++ b/crypto/evp/c_allc.c
@@ -214,14 +214,10 @@ void OpenSSL_add_all_ciphers(void)
EVP_add_cipher(EVP_aes_256_wrap_pad());
EVP_add_cipher_alias(SN_aes_256_cbc, "AES256");
EVP_add_cipher_alias(SN_aes_256_cbc, "aes256");
-# if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA1)
EVP_add_cipher(EVP_aes_128_cbc_hmac_sha1());
EVP_add_cipher(EVP_aes_256_cbc_hmac_sha1());
-# endif
-# if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA256)
EVP_add_cipher(EVP_aes_128_cbc_hmac_sha256());
EVP_add_cipher(EVP_aes_256_cbc_hmac_sha256());
-# endif
#endif

#ifndef OPENSSL_NO_CAMELLIA
diff --git a/crypto/evp/c_alld.c b/crypto/evp/c_alld.c
index 7e1200b..0d4278b 100644
--- a/crypto/evp/c_alld.c
+++ b/crypto/evp/c_alld.c
@@ -71,13 +71,6 @@ void OpenSSL_add_all_digests(void)
EVP_add_digest(EVP_md5());
EVP_add_digest_alias(SN_md5, "ssl3-md5");
#endif
-#if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA0)
- EVP_add_digest(EVP_sha());
-# ifndef OPENSSL_NO_DSA
- EVP_add_digest(EVP_dss());
-# endif
-#endif
-#if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA1)
EVP_add_digest(EVP_sha1());
EVP_add_digest_alias(SN_sha1, "ssl3-sha1");
EVP_add_digest_alias(SN_sha1WithRSAEncryption, SN_sha1WithRSA);
@@ -90,7 +83,6 @@ void OpenSSL_add_all_digests(void)
# ifndef OPENSSL_NO_ECDSA
EVP_add_digest(EVP_ecdsa());
# endif
-#endif
#if !defined(OPENSSL_NO_MDC2) && !defined(OPENSSL_NO_DES)
EVP_add_digest(EVP_mdc2());
#endif
@@ -99,14 +91,10 @@ void OpenSSL_add_all_digests(void)
EVP_add_digest_alias(SN_ripemd160, "ripemd");
EVP_add_digest_alias(SN_ripemd160, "rmd160");
#endif
-#ifndef OPENSSL_NO_SHA256
EVP_add_digest(EVP_sha224());
EVP_add_digest(EVP_sha256());
-#endif
-#ifndef OPENSSL_NO_SHA512
EVP_add_digest(EVP_sha384());
EVP_add_digest(EVP_sha512());
-#endif
#ifndef OPENSSL_NO_WHIRLPOOL
EVP_add_digest(EVP_whirlpool());
#endif
diff --git a/crypto/evp/e_aes_cbc_hmac_sha1.c b/crypto/evp/e_aes_cbc_hmac_sha1.c
index e0127a9..960be3c 100644
--- a/crypto/evp/e_aes_cbc_hmac_sha1.c
+++ b/crypto/evp/e_aes_cbc_hmac_sha1.c
@@ -52,7 +52,7 @@
#include <stdio.h>
#include <string.h>

-#if !defined(OPENSSL_NO_AES) && !defined(OPENSSL_NO_SHA1)
+#if !defined(OPENSSL_NO_AES)

# include <openssl/evp.h>
# include <openssl/objects.h>
diff --git a/crypto/evp/e_aes_cbc_hmac_sha256.c b/crypto/evp/e_aes_cbc_hmac_sha256.c
index 598c096..bea8f6d 100644
--- a/crypto/evp/e_aes_cbc_hmac_sha256.c
+++ b/crypto/evp/e_aes_cbc_hmac_sha256.c
@@ -52,7 +52,7 @@
#include <stdio.h>
#include <string.h>

-#if !defined(OPENSSL_NO_AES) && !defined(OPENSSL_NO_SHA256)
+#if !defined(OPENSSL_NO_AES)

# include <openssl/evp.h>
# include <openssl/objects.h>
diff --git a/crypto/evp/e_des3.c b/crypto/evp/e_des3.c
index 0627a63..73d7923 100644
--- a/crypto/evp/e_des3.c
+++ b/crypto/evp/e_des3.c
@@ -374,9 +374,8 @@ const EVP_CIPHER *EVP_des_ede3(void)
return &des_ede3_ecb;

}

-# ifndef OPENSSL_NO_SHA

-# include <openssl/sha.h>

+# include <openssl/sha.h>

static const unsigned char wrap_iv[8] =
{ 0x4a, 0xdd, 0xa2, 0x2c, 0x79, 0xe8, 0x21, 0x05 };
@@ -482,5 +481,4 @@ const EVP_CIPHER *EVP_des_ede3_wrap(void)
return &des3_wrap;
}

-# endif
#endif
diff --git a/crypto/evp/evp.h b/crypto/evp/evp.h
index 7a95de0..ca7447f 100644
--- a/crypto/evp/evp.h
+++ b/crypto/evp/evp.h
@@ -759,21 +759,13 @@ const EVP_MD *EVP_md4(void);
# ifndef OPENSSL_NO_MD5
const EVP_MD *EVP_md5(void);
# endif
-# ifndef OPENSSL_NO_SHA
-const EVP_MD *EVP_sha(void);
const EVP_MD *EVP_sha1(void);
-const EVP_MD *EVP_dss(void);
const EVP_MD *EVP_dss1(void);
const EVP_MD *EVP_ecdsa(void);

-# endif
-# ifndef OPENSSL_NO_SHA256

const EVP_MD *EVP_sha224(void);
const EVP_MD *EVP_sha256(void);

-# endif
-# ifndef OPENSSL_NO_SHA512

const EVP_MD *EVP_sha384(void);
const EVP_MD *EVP_sha512(void);
-# endif
# ifndef OPENSSL_NO_MDC2
const EVP_MD *EVP_mdc2(void);
# endif
@@ -917,14 +909,10 @@ const EVP_CIPHER *EVP_aes_256_wrap_pad(void);
# ifndef OPENSSL_NO_OCB
const EVP_CIPHER *EVP_aes_256_ocb(void);
# endif
-# if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA1)
const EVP_CIPHER *EVP_aes_128_cbc_hmac_sha1(void);
const EVP_CIPHER *EVP_aes_256_cbc_hmac_sha1(void);

-# endif
-# ifndef OPENSSL_NO_SHA256

const EVP_CIPHER *EVP_aes_128_cbc_hmac_sha256(void);
const EVP_CIPHER *EVP_aes_256_cbc_hmac_sha256(void);
-# endif
# endif
# ifndef OPENSSL_NO_CAMELLIA
const EVP_CIPHER *EVP_camellia_128_ecb(void);
diff --git a/crypto/evp/m_dss.c b/crypto/evp/m_dss.c
index 221eda4..7fa1ca3 100644
--- a/crypto/evp/m_dss.c
+++ b/crypto/evp/m_dss.c
@@ -65,7 +65,6 @@
# include <openssl/dsa.h>
#endif

-#ifndef OPENSSL_NO_SHA

static int init(EVP_MD_CTX *ctx)
{
@@ -101,4 +100,3 @@ const EVP_MD *EVP_dss(void)
{
return (&dsa_md);
}
-#endif
diff --git a/crypto/evp/m_dss1.c b/crypto/evp/m_dss1.c
index a80a865..41b837c 100644
--- a/crypto/evp/m_dss1.c
+++ b/crypto/evp/m_dss1.c
@@ -59,14 +59,12 @@
#include <stdio.h>
#include "cryptlib.h"

-#ifndef OPENSSL_NO_SHA
-

-# include <openssl/evp.h>
-# include <openssl/objects.h>

-# include <openssl/sha.h>

-# ifndef OPENSSL_NO_DSA
-# include <openssl/dsa.h>

-# endif
+#include <openssl/evp.h>
+#include <openssl/objects.h>
+#include <openssl/sha.h>

+#ifndef OPENSSL_NO_DSA
+# include <openssl/dsa.h>

+#endif

static int init(EVP_MD_CTX *ctx)
{
@@ -102,4 +100,3 @@ const EVP_MD *EVP_dss1(void)
{
return (&dss1_md);
}
-#endif
diff --git a/crypto/evp/m_ecdsa.c b/crypto/evp/m_ecdsa.c
index b774e41..181f19f 100644
--- a/crypto/evp/m_ecdsa.c
+++ b/crypto/evp/m_ecdsa.c
@@ -115,8 +115,6 @@
#include <openssl/objects.h>
#include <openssl/sha.h>

-#ifndef OPENSSL_NO_SHA
-
static int init(EVP_MD_CTX *ctx)
{
return SHA1_Init(ctx->md_data);
@@ -151,4 +149,3 @@ const EVP_MD *EVP_ecdsa(void)
{
return (&ecdsa_md);
}
-#endif
diff --git a/crypto/evp/m_sha.c b/crypto/evp/m_sha.c
deleted file mode 100644
index 548fae4..0000000
--- a/crypto/evp/m_sha.c
+++ /dev/null
@@ -1,105 +0,0 @@
-/* crypto/evp/m_sha.c */
-/* Copyright (C) 1995-1998 Eric Young (e...@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (e...@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (t...@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.

- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:

- * 1. Redistributions of source code must retain the copyright

- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright

- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:

- * "This product includes cryptographic software written by

- * Eric Young (e...@cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (t...@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-
-#if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA0)
-

-# include <openssl/evp.h>
-# include <openssl/objects.h>

-# include <openssl/x509.h>

-# ifndef OPENSSL_NO_RSA
-# include <openssl/rsa.h>

-# endif
-
-static int init(EVP_MD_CTX *ctx)
-{
- return SHA_Init(ctx->md_data);
-}
-
-static int update(EVP_MD_CTX *ctx, const void *data, size_t count)
-{
- return SHA_Update(ctx->md_data, data, count);
-}
-
-static int final(EVP_MD_CTX *ctx, unsigned char *md)
-{
- return SHA_Final(md, ctx->md_data);
-}
-
-static const EVP_MD sha_md = {
- NID_sha,
- NID_shaWithRSAEncryption,
- SHA_DIGEST_LENGTH,
- 0,
- init,
- update,
- final,
- NULL,
- NULL,
- EVP_PKEY_RSA_method,
- SHA_CBLOCK,
- sizeof(EVP_MD *) + sizeof(SHA_CTX),
-};
-
-const EVP_MD *EVP_sha(void)
-{
- return (&sha_md);
-}
-#endif
diff --git a/crypto/evp/m_sha1.c b/crypto/evp/m_sha1.c
index 83edc40..9ab8c90 100644
--- a/crypto/evp/m_sha1.c
+++ b/crypto/evp/m_sha1.c
@@ -59,14 +59,12 @@
#include <stdio.h>
#include "cryptlib.h"

-#ifndef OPENSSL_NO_SHA
-

-# include <openssl/evp.h>
-# include <openssl/objects.h>

-# include <openssl/sha.h>

-# ifndef OPENSSL_NO_RSA
-# include <openssl/rsa.h>

-# endif
+#include <openssl/evp.h>
+#include <openssl/objects.h>
+#include <openssl/sha.h>

+#ifndef OPENSSL_NO_RSA
+# include <openssl/rsa.h>

+#endif

static int init(EVP_MD_CTX *ctx)
{
@@ -102,9 +100,7 @@ const EVP_MD *EVP_sha1(void)
{
return (&sha1_md);
}
-#endif

-#ifndef OPENSSL_NO_SHA256
static int init224(EVP_MD_CTX *ctx)
{
return SHA224_Init(ctx->md_data);
@@ -169,9 +165,7 @@ const EVP_MD *EVP_sha256(void)
{
return (&sha256_md);
}
-#endif /* ifndef OPENSSL_NO_SHA256 */

-#ifndef OPENSSL_NO_SHA512
static int init384(EVP_MD_CTX *ctx)
{
return SHA384_Init(ctx->md_data);
@@ -232,4 +226,3 @@ const EVP_MD *EVP_sha512(void)
{
return (&sha512_md);
}
-#endif /* ifndef OPENSSL_NO_SHA512 */
diff --git a/crypto/evp/p5_crpt2.c b/crypto/evp/p5_crpt2.c
index f2ae1e5..b9c4dcb 100644
--- a/crypto/evp/p5_crpt2.c
+++ b/crypto/evp/p5_crpt2.c
@@ -59,7 +59,7 @@
#include <stdio.h>
#include <stdlib.h>
#include "cryptlib.h"
-#if !defined(OPENSSL_NO_HMAC) && !defined(OPENSSL_NO_SHA)
+#if !defined(OPENSSL_NO_HMAC)
# include <openssl/x509.h>
# include <openssl/evp.h>
# include <openssl/hmac.h>
diff --git a/crypto/evp/p5_crpt2_test.c b/crypto/evp/p5_crpt2_test.c
index 451c580..01661b1 100644
--- a/crypto/evp/p5_crpt2_test.c
+++ b/crypto/evp/p5_crpt2_test.c
@@ -60,14 +60,6 @@
#include <openssl/err.h>
#include <openssl/conf.h>

-#ifdef OPENSSL_NO_SHA
-int main(int argc, char *argv[])
-{
- printf("No SHA support\n");
- return (0);
-}
-#else
-
typedef struct {
const char *pass;
int passlen;
@@ -200,15 +192,9 @@ int main(int argc, char **argv)

printf("PKCS5_PBKDF2_HMAC() tests ");
for (i = 0; test->pass != NULL; i++, test++) {
-# ifndef OPENSSL_NO_SHA0
test_p5_pbkdf2(i, "sha1", test, sha1_results[i]);
-# endif
-# ifndef OPENSSL_NO_SHA256
test_p5_pbkdf2(i, "sha256", test, sha256_results[i]);
-# endif
-# ifndef OPENSSL_NO_SHA512
test_p5_pbkdf2(i, "sha512", test, sha512_results[i]);
-# endif
printf(".");
}
printf(" done\n");
@@ -223,4 +209,3 @@ int main(int argc, char **argv)
CRYPTO_mem_leaks_fp(stderr);
return 0;
}
-#endif /* OPENSSL_NO_SHA */
diff --git a/crypto/lhash/lhash.h b/crypto/lhash/lhash.h
index 92ec80a..cb01854 100644
--- a/crypto/lhash/lhash.h
+++ b/crypto/lhash/lhash.h
@@ -178,6 +178,10 @@ void lh_doall_arg(_LHASH *lh, LHASH_DOALL_ARG_FN_TYPE func, void *arg);

unsigned long lh_strhash(const char *c);
unsigned long lh_num_items(const _LHASH *lh);

+# ifndef OPENSSL_NO_STDIO
+void lh_stats(const _LHASH *lh, FILE *fp);
+void lh_node_stats(const _LHASH *lh, FILE *fp);
+# endif

void lh_stats_bio(const _LHASH *lh, BIO *out);
void lh_node_stats_bio(const _LHASH *lh, BIO *out);
void lh_node_usage_stats_bio(const _LHASH *lh, BIO *out);

diff --git a/crypto/ocsp/ocsp_lib.c b/crypto/ocsp/ocsp_lib.c
index 442a5b6..24ca40e 100644
--- a/crypto/ocsp/ocsp_lib.c
+++ b/crypto/ocsp/ocsp_lib.c
@@ -81,10 +81,8 @@ OCSP_CERTID *OCSP_cert_to_id(const EVP_MD *dgst, X509 *subject, X509 *issuer)
X509_NAME *iname;
ASN1_INTEGER *serial;
ASN1_BIT_STRING *ikey;
-#ifndef OPENSSL_NO_SHA1
if (!dgst)
dgst = EVP_sha1();
-#endif
if (subject) {
iname = X509_get_issuer_name(subject);
serial = X509_get_serialNumber(subject);
diff --git a/crypto/rand/rand_lcl.h b/crypto/rand/rand_lcl.h
index e2f7844..3ced44d 100644
--- a/crypto/rand/rand_lcl.h
+++ b/crypto/rand/rand_lcl.h
@@ -115,17 +115,7 @@
# define ENTROPY_NEEDED 32 /* require 256 bits = 32 bytes of randomness */

# if !defined(USE_MD5_RAND) && !defined(USE_SHA1_RAND) && !defined(USE_MDC2_RAND) && !defined(USE_MD2_RAND)
-# if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA1)
-# define USE_SHA1_RAND
-# elif !defined(OPENSSL_NO_MD5)
-# define USE_MD5_RAND
-# elif !defined(OPENSSL_NO_MDC2) && !defined(OPENSSL_NO_DES)
-# define USE_MDC2_RAND
-# elif !defined(OPENSSL_NO_MD2)
-# define USE_MD2_RAND
-# else
-# error No message digest algorithm available
-# endif
+# define USE_SHA1_RAND
# endif

# include <openssl/evp.h>
diff --git a/crypto/rsa/rsa_eay.c b/crypto/rsa/rsa_eay.c
index b8d9221..73a8e07 100644
--- a/crypto/rsa/rsa_eay.c
+++ b/crypto/rsa/rsa_eay.c
@@ -193,11 +193,9 @@ static int RSA_eay_public_encrypt(int flen, const unsigned char *from,
case RSA_PKCS1_PADDING:
i = RSA_padding_add_PKCS1_type_2(buf, num, from, flen);
break;
-# ifndef OPENSSL_NO_SHA
case RSA_PKCS1_OAEP_PADDING:
i = RSA_padding_add_PKCS1_OAEP(buf, num, from, flen, NULL, 0);
break;
-# endif
case RSA_SSLV23_PADDING:
i = RSA_padding_add_SSLv23(buf, num, from, flen);
break;
@@ -603,11 +601,9 @@ static int RSA_eay_private_decrypt(int flen, const unsigned char *from,
case RSA_PKCS1_PADDING:
r = RSA_padding_check_PKCS1_type_2(to, num, buf, j, num);
break;
-# ifndef OPENSSL_NO_SHA
case RSA_PKCS1_OAEP_PADDING:
r = RSA_padding_check_PKCS1_OAEP(to, num, buf, j, num, NULL, 0);
break;
-# endif
case RSA_SSLV23_PADDING:
r = RSA_padding_check_SSLv23(to, num, buf, j, num);
break;
diff --git a/crypto/rsa/rsa_oaep.c b/crypto/rsa/rsa_oaep.c
index ebaad1a..ab8f9ec 100644
--- a/crypto/rsa/rsa_oaep.c
+++ b/crypto/rsa/rsa_oaep.c
@@ -19,14 +19,13 @@

#include "constant_time_locl.h"

-#if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA1)
-# include <stdio.h>
-# include "cryptlib.h"
-# include <openssl/bn.h>
-# include <openssl/rsa.h>
-# include <openssl/evp.h>
-# include <openssl/rand.h>
-# include <openssl/sha.h>
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/bn.h>
+#include <openssl/rsa.h>
+#include <openssl/evp.h>
+#include <openssl/rand.h>
+#include <openssl/sha.h>

int RSA_padding_add_PKCS1_OAEP(unsigned char *to, int tlen,
const unsigned char *from, int flen,
@@ -76,11 +75,11 @@ int RSA_padding_add_PKCS1_OAEP_mgf1(unsigned char *to, int tlen,
memcpy(db + emlen - flen - mdlen, from, (unsigned int)flen);
if (RAND_bytes(seed, mdlen) <= 0)
return 0;
-# ifdef PKCS_TESTVECT
+#ifdef PKCS_TESTVECT
memcpy(seed,
"\xaa\xfd\x12\xf6\x59\xca\xe6\x34\x89\xb4\x79\xe5\x07\x6d\xde\xc2\xf0\x6c\xb5\x8f",
20);
-# endif
+#endif

dbmask = OPENSSL_malloc(emlen - mdlen);
if (dbmask == NULL) {
@@ -279,5 +278,3 @@ int PKCS1_MGF1(unsigned char *mask, long len,
EVP_MD_CTX_cleanup(&c);
return rv;
}
-
-#endif
diff --git a/crypto/sha/Makefile b/crypto/sha/Makefile
index a8c0cf7..c72bba6 100644
--- a/crypto/sha/Makefile
+++ b/crypto/sha/Makefile
@@ -22,8 +22,8 @@ TEST=shatest.c sha1test.c sha256t.c sha512t.c
APPS=

LIB=$(TOP)/libcrypto.a
-LIBSRC=sha_dgst.c sha1dgst.c sha_one.c sha1_one.c sha256.c sha512.c
-LIBOBJ=sha_dgst.o sha1dgst.o sha_one.o sha1_one.o sha256.o sha512.o $(SHA1_ASM_OBJ)
+LIBSRC=sha1dgst.c sha1_one.c sha256.c sha512.c
+LIBOBJ=sha1dgst.o sha1_one.o sha256.o sha512.o $(SHA1_ASM_OBJ)

SRC= $(LIBSRC)

@@ -162,14 +162,3 @@ sha512.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
sha512.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
sha512.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
sha512.o: ../cryptlib.h sha512.c
-sha_dgst.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
-sha_dgst.o: ../../include/openssl/opensslconf.h
-sha_dgst.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-sha_dgst.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-sha_dgst.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-sha_dgst.o: ../md32_common.h sha_dgst.c sha_locl.h
-sha_one.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
-sha_one.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-sha_one.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
-sha_one.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-sha_one.o: ../../include/openssl/symhacks.h sha_one.c
diff --git a/crypto/sha/sha.h b/crypto/sha/sha.h
index d76790b..e35f328 100644
--- a/crypto/sha/sha.h
+++ b/crypto/sha/sha.h
@@ -66,10 +66,6 @@
extern "C" {
#endif

-# if defined(OPENSSL_NO_SHA) || (defined(OPENSSL_NO_SHA0) && defined(OPENSSL_NO_SHA1))
-# error SHA is disabled.
-# endif
-
/*-
* !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
* ! SHA_LONG has to be at least 32 bits wide. !
@@ -91,26 +87,15 @@ typedef struct SHAstate_st {
unsigned int num;
} SHA_CTX;

-# ifndef OPENSSL_NO_SHA0
-int SHA_Init(SHA_CTX *c);
-int SHA_Update(SHA_CTX *c, const void *data, size_t len);
-int SHA_Final(unsigned char *md, SHA_CTX *c);
-unsigned char *SHA(const unsigned char *d, size_t n, unsigned char *md);
-void SHA_Transform(SHA_CTX *c, const unsigned char *data);
-# endif
-# ifndef OPENSSL_NO_SHA1
int SHA1_Init(SHA_CTX *c);
int SHA1_Update(SHA_CTX *c, const void *data, size_t len);
int SHA1_Final(unsigned char *md, SHA_CTX *c);
unsigned char *SHA1(const unsigned char *d, size_t n, unsigned char *md);
void SHA1_Transform(SHA_CTX *c, const unsigned char *data);
-# endif

# define SHA256_CBLOCK (SHA_LBLOCK*4)/* SHA-256 treats input data as a
* contiguous array of 32 bit wide
* big-endian values. */
-# define SHA224_DIGEST_LENGTH 28
-# define SHA256_DIGEST_LENGTH 32

typedef struct SHA256state_st {
SHA_LONG h[8];
@@ -119,7 +104,6 @@ typedef struct SHA256state_st {
unsigned int num, md_len;
} SHA256_CTX;

-# ifndef OPENSSL_NO_SHA256
int SHA224_Init(SHA256_CTX *c);
int SHA224_Update(SHA256_CTX *c, const void *data, size_t len);
int SHA224_Final(unsigned char *md, SHA256_CTX *c);
@@ -129,12 +113,12 @@ int SHA256_Update(SHA256_CTX *c, const void *data, size_t len);
int SHA256_Final(unsigned char *md, SHA256_CTX *c);
unsigned char *SHA256(const unsigned char *d, size_t n, unsigned char *md);
void SHA256_Transform(SHA256_CTX *c, const unsigned char *data);
-# endif

+# define SHA224_DIGEST_LENGTH 28
+# define SHA256_DIGEST_LENGTH 32
# define SHA384_DIGEST_LENGTH 48
# define SHA512_DIGEST_LENGTH 64

-# ifndef OPENSSL_NO_SHA512
/*
* Unlike 32-bit digest algorithms, SHA-512 *relies* on SHA_LONG64
* being exactly 64-bit wide. See Implementation Notes in sha512.c
@@ -145,17 +129,17 @@ void SHA256_Transform(SHA256_CTX *c, const unsigned char *data);
* contiguous array of 64 bit
* wide big-endian values.
*/
-# define SHA512_CBLOCK (SHA_LBLOCK*8)
-# if (defined(_WIN32) || defined(_WIN64)) && !defined(__MINGW32__)
-# define SHA_LONG64 unsigned __int64
-# define U64(C) C##UI64
-# elif defined(__arch64__)
-# define SHA_LONG64 unsigned long
-# define U64(C) C##UL
-# else
-# define SHA_LONG64 unsigned long long
-# define U64(C) C##ULL
-# endif
+# define SHA512_CBLOCK (SHA_LBLOCK*8)
+# if (defined(_WIN32) || defined(_WIN64)) && !defined(__MINGW32__)
+# define SHA_LONG64 unsigned __int64
+# define U64(C) C##UI64
+# elif defined(__arch64__)
+# define SHA_LONG64 unsigned long
+# define U64(C) C##UL
+# else
+# define SHA_LONG64 unsigned long long
+# define U64(C) C##ULL
+# endif

typedef struct SHA512state_st {
SHA_LONG64 h[8];
@@ -166,9 +150,7 @@ typedef struct SHA512state_st {
} u;
unsigned int num, md_len;
} SHA512_CTX;

-# endif

-# ifndef OPENSSL_NO_SHA512

int SHA384_Init(SHA512_CTX *c);
int SHA384_Update(SHA512_CTX *c, const void *data, size_t len);
int SHA384_Final(unsigned char *md, SHA512_CTX *c);
@@ -178,7 +160,6 @@ int SHA512_Update(SHA512_CTX *c, const void *data, size_t len);
int SHA512_Final(unsigned char *md, SHA512_CTX *c);
unsigned char *SHA512(const unsigned char *d, size_t n, unsigned char *md);
void SHA512_Transform(SHA512_CTX *c, const unsigned char *data);
-# endif

#ifdef __cplusplus
}
diff --git a/crypto/sha/sha1_one.c b/crypto/sha/sha1_one.c
index a6dd760..4a59115 100644
--- a/crypto/sha/sha1_one.c
+++ b/crypto/sha/sha1_one.c
@@ -61,7 +61,6 @@
#include <openssl/crypto.h>
#include <openssl/sha.h>

-#ifndef OPENSSL_NO_SHA1
unsigned char *SHA1(const unsigned char *d, size_t n, unsigned char *md)
{
SHA_CTX c;
@@ -76,4 +75,3 @@ unsigned char *SHA1(const unsigned char *d, size_t n, unsigned char *md)
OPENSSL_cleanse(&c, sizeof(c));
return (md);
}
-#endif
diff --git a/crypto/sha/sha1dgst.c b/crypto/sha/sha1dgst.c
index a67f1fe..9f1b8f0 100644
--- a/crypto/sha/sha1dgst.c
+++ b/crypto/sha/sha1dgst.c
@@ -58,10 +58,6 @@

#include <openssl/crypto.h>
#include <openssl/opensslconf.h>
-#if !defined(OPENSSL_NO_SHA1) && !defined(OPENSSL_NO_SHA)
-
-# undef SHA_0
-# define SHA_1

# include <openssl/opensslv.h>

@@ -70,5 +66,3 @@ const char SHA1_version[] = "SHA1" OPENSSL_VERSION_PTEXT;
/* The implementation is in ../md32_common.h */

# include "sha_locl.h"
-
-#endif
diff --git a/crypto/sha/sha1test.c b/crypto/sha/sha1test.c
index 0052a95..cc3633d 100644
--- a/crypto/sha/sha1test.c
+++ b/crypto/sha/sha1test.c
@@ -61,23 +61,12 @@
#include <stdlib.h>

#include "../e_os.h"
+#include <openssl/evp.h>
+#include <openssl/sha.h>

-#ifdef OPENSSL_NO_SHA
-int main(int argc, char *argv[])
-{
- printf("No SHA support\n");
- return (0);
-}
-#else
-# include <openssl/evp.h>
-# include <openssl/sha.h>
-
-# ifdef CHARSET_EBCDIC
-# include <openssl/ebcdic.h>
-# endif
-
-# undef SHA_0 /* FIPS 180 */
-# define SHA_1 /* FIPS 180-1 */
+#ifdef CHARSET_EBCDIC
+# include <openssl/ebcdic.h>
+#endif

static char *test[] = {
"abc",
@@ -85,22 +74,12 @@ static char *test[] = {
NULL,
};

-# ifdef SHA_0
-static char *ret[] = {
- "0164b8a914cd2a5e74c4f7ff082c4d97f1edf880",
- "d2516ee1acfa5baf33dfc1c471e438449ef134c8",
-};
-
-static char *bigret = "3232affa48628a26653b5aaa44541fd90d690603";
-# endif
-# ifdef SHA_1
static char *ret[] = {
"a9993e364706816aba3e25717850c26c9cd0d89d",
"84983e441c3bd26ebaae4aa1f95129e5e54670f1",
};

static char *bigret = "34aa973cd4c4daa4f61eeb2bdbad27316534016f";
-# endif

static char *pt(unsigned char *md);

int main(int argc, char *argv[])

@@ -112,10 +91,10 @@ int main(int argc, char *argv[])
EVP_MD_CTX c;
unsigned char md[SHA_DIGEST_LENGTH];

-# ifdef CHARSET_EBCDIC
+#ifdef CHARSET_EBCDIC
ebcdic2ascii(test[0], test[0], strlen(test[0]));
ebcdic2ascii(test[1], test[1], strlen(test[1]));
-# endif
+#endif

EVP_MD_CTX_init(&c);
P = test;
@@ -136,9 +115,9 @@ int main(int argc, char *argv[])
}

memset(buf, 'a', 1000);
-# ifdef CHARSET_EBCDIC
+#ifdef CHARSET_EBCDIC
ebcdic2ascii(buf, buf, 1000);
-# endif /* CHARSET_EBCDIC */
+#endif /* CHARSET_EBCDIC */
EVP_DigestInit_ex(&c, EVP_sha1(), NULL);
for (i = 0; i < 1000; i++)
EVP_DigestUpdate(&c, buf, 1000);
@@ -153,10 +132,10 @@ int main(int argc, char *argv[])
} else
printf("test 3 ok\n");

-# ifdef OPENSSL_SYS_NETWARE
+#ifdef OPENSSL_SYS_NETWARE
if (err)
printf("ERROR: %d\n", err);
-# endif
+#endif
EXIT(err);
EVP_MD_CTX_cleanup(&c);
return (0);
@@ -171,4 +150,3 @@ static char *pt(unsigned char *md)
sprintf(&(buf[i * 2]), "%02x", md[i]);
return (buf);
}
-#endif
diff --git a/crypto/sha/sha256.c b/crypto/sha/sha256.c
index 92d8dd8..eec0cad 100644
--- a/crypto/sha/sha256.c
+++ b/crypto/sha/sha256.c
@@ -5,14 +5,13 @@
* ====================================================================
*/
#include <openssl/opensslconf.h>
-#if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA256)

-# include <stdlib.h>
-# include <string.h>
+#include <stdlib.h>
+#include <string.h>

-# include <openssl/crypto.h>
-# include <openssl/sha.h>
-# include <openssl/opensslv.h>
+#include <openssl/crypto.h>
+#include <openssl/sha.h>
+#include <openssl/opensslv.h>

const char SHA256_version[] = "SHA-256" OPENSSL_VERSION_PTEXT;

@@ -84,11 +83,12 @@ int SHA224_Final(unsigned char *md, SHA256_CTX *c)
return SHA256_Final(md, c);
}

-# define DATA_ORDER_IS_BIG_ENDIAN
+#define DATA_ORDER_IS_BIG_ENDIAN
+
+#define HASH_LONG SHA_LONG
+#define HASH_CTX SHA256_CTX
+#define HASH_CBLOCK SHA_CBLOCK

-# define HASH_LONG SHA_LONG
-# define HASH_CTX SHA256_CTX
-# define HASH_CBLOCK SHA_CBLOCK
/*
* Note that FIPS180-2 discusses "Truncation of the Hash Function Output."
* default: case below covers for it. It's not clear however if it's
@@ -97,7 +97,7 @@ int SHA224_Final(unsigned char *md, SHA256_CTX *c)
* Idea behind separate cases for pre-defined lenghts is to let the
* compiler decide if it's appropriate to unroll small loops.
*/
-# define HASH_MAKE_STRING(c,s) do { \
+#define HASH_MAKE_STRING(c,s) do { \
unsigned long ll; \
unsigned int nn; \
switch ((c)->md_len) \
@@ -118,18 +118,18 @@ int SHA224_Final(unsigned char *md, SHA256_CTX *c)
} \
} while (0)

-# define HASH_UPDATE SHA256_Update
-# define HASH_TRANSFORM SHA256_Transform
-# define HASH_FINAL SHA256_Final
-# define HASH_BLOCK_DATA_ORDER sha256_block_data_order
-# ifndef SHA256_ASM
+#define HASH_UPDATE SHA256_Update
+#define HASH_TRANSFORM SHA256_Transform
+#define HASH_FINAL SHA256_Final
+#define HASH_BLOCK_DATA_ORDER sha256_block_data_order
+#ifndef SHA256_ASM
static
-# endif
+#endif
void sha256_block_data_order(SHA256_CTX *ctx, const void *in, size_t num);

-# include "md32_common.h"
+#include "md32_common.h"

-# ifndef SHA256_ASM
+#ifndef SHA256_ASM
static const SHA_LONG K256[64] = {
0x428a2f98UL, 0x71374491UL, 0xb5c0fbcfUL, 0xe9b5dba5UL,
0x3956c25bUL, 0x59f111f1UL, 0x923f82a4UL, 0xab1c5ed5UL,
@@ -154,15 +154,15 @@ static const SHA_LONG K256[64] = {
* is left one. This is why you might notice that rotation coefficients
* differ from those observed in FIPS document by 32-N...
*/
-# define Sigma0(x) (ROTATE((x),30) ^ ROTATE((x),19) ^ ROTATE((x),10))
-# define Sigma1(x) (ROTATE((x),26) ^ ROTATE((x),21) ^ ROTATE((x),7))
-# define sigma0(x) (ROTATE((x),25) ^ ROTATE((x),14) ^ ((x)>>3))
-# define sigma1(x) (ROTATE((x),15) ^ ROTATE((x),13) ^ ((x)>>10))
+# define Sigma0(x) (ROTATE((x),30) ^ ROTATE((x),19) ^ ROTATE((x),10))
+# define Sigma1(x) (ROTATE((x),26) ^ ROTATE((x),21) ^ ROTATE((x),7))
+# define sigma0(x) (ROTATE((x),25) ^ ROTATE((x),14) ^ ((x)>>3))
+# define sigma1(x) (ROTATE((x),15) ^ ROTATE((x),13) ^ ((x)>>10))

-# define Ch(x,y,z) (((x) & (y)) ^ ((~(x)) & (z)))
-# define Maj(x,y,z) (((x) & (y)) ^ ((x) & (z)) ^ ((y) & (z)))
+# define Ch(x,y,z) (((x) & (y)) ^ ((~(x)) & (z)))
+# define Maj(x,y,z) (((x) & (y)) ^ ((x) & (z)) ^ ((y) & (z)))

-# ifdef OPENSSL_SMALL_FOOTPRINT
+# ifdef OPENSSL_SMALL_FOOTPRINT

static void sha256_block_data_order(SHA256_CTX *ctx, const void *in,
size_t num)
@@ -229,14 +229,14 @@ static void sha256_block_data_order(SHA256_CTX *ctx, const void *in,
}
}

-# else
+# else

-# define ROUND_00_15(i,a,b,c,d,e,f,g,h) do { \
+# define ROUND_00_15(i,a,b,c,d,e,f,g,h) do { \
T1 += h + Sigma1(e) + Ch(e,f,g) + K256[i]; \
h = Sigma0(a) + Maj(a,b,c); \
d += T1; h += T1; } while (0)

-# define ROUND_16_63(i,a,b,c,d,e,f,g,h,X) do { \
+# define ROUND_16_63(i,a,b,c,d,e,f,g,h,X) do { \
s0 = X[(i+1)&0x0f]; s0 = sigma0(s0); \
s1 = X[(i+14)&0x0f]; s1 = sigma1(s1); \
T1 = X[(i)&0x0f] += s0 + s1 + X[(i+9)&0x0f]; \
@@ -381,7 +381,5 @@ static void sha256_block_data_order(SHA256_CTX *ctx, const void *in,
}
}

-# endif
-# endif /* SHA256_ASM */
-
-#endif /* OPENSSL_NO_SHA256 */
+# endif
+#endif /* SHA256_ASM */
diff --git a/crypto/sha/sha256t.c b/crypto/sha/sha256t.c
index 476702c..0872f34 100644
--- a/crypto/sha/sha256t.c
+++ b/crypto/sha/sha256t.c
@@ -10,14 +10,6 @@
#include <openssl/sha.h>
#include <openssl/evp.h>

-#if defined(OPENSSL_NO_SHA) || defined(OPENSSL_NO_SHA256)
-int main(int argc, char *argv[])
-{
- printf("No SHA256 support\n");
- return (0);
-}
-#else
-
unsigned char app_b1[SHA256_DIGEST_LENGTH] = {
0xba, 0x78, 0x16, 0xbf, 0x8f, 0x01, 0xcf, 0xea,
0x41, 0x41, 0x40, 0xde, 0x5d, 0xae, 0x22, 0x23,
@@ -159,4 +151,3 @@ int main(int argc, char **argv)

return 0;
}
-#endif
diff --git a/crypto/sha/sha512.c b/crypto/sha/sha512.c
index d79c2a0..f934c74 100644
--- a/crypto/sha/sha512.c
+++ b/crypto/sha/sha512.c
@@ -5,7 +5,6 @@
* ====================================================================
*/
#include <openssl/opensslconf.h>
-#if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA512)
/*-
* IMPLEMENTATION NOTES.
*
@@ -41,24 +40,24 @@
* 16-bit platforms.
* <ap...@fy.chalmers.se>
*/
-# include <stdlib.h>
-# include <string.h>
+#include <stdlib.h>
+#include <string.h>

-# include <openssl/crypto.h>
-# include <openssl/sha.h>
-# include <openssl/opensslv.h>
+#include <openssl/crypto.h>
+#include <openssl/sha.h>
+#include <openssl/opensslv.h>

-# include "cryptlib.h"
+#include "cryptlib.h"

const char SHA512_version[] = "SHA-512" OPENSSL_VERSION_PTEXT;

-# if defined(__i386) || defined(__i386__) || defined(_M_IX86) || \
+#if defined(__i386) || defined(__i386__) || defined(_M_IX86) || \
defined(__x86_64) || defined(_M_AMD64) || defined(_M_X64) || \
defined(__s390__) || defined(__s390x__) || \
defined(__aarch64__) || \
defined(SHA512_ASM)
-# define SHA512_BLOCK_CAN_MANAGE_UNALIGNED_DATA
-# endif
+# define SHA512_BLOCK_CAN_MANAGE_UNALIGNED_DATA
+#endif

int SHA384_Init(SHA512_CTX *c)
{
@@ -96,9 +95,9 @@ int SHA512_Init(SHA512_CTX *c)
return 1;
}

-# ifndef SHA512_ASM
+#ifndef SHA512_ASM
static
-# endif
+#endif
void sha512_block_data_order(SHA512_CTX *ctx, const void *in, size_t num);

int SHA512_Final(unsigned char *md, SHA512_CTX *c)
@@ -113,10 +112,10 @@ int SHA512_Final(unsigned char *md, SHA512_CTX *c)
sha512_block_data_order(c, p, 1);

memset(p + n, 0, sizeof(c->u) - 16 - n);
-# ifdef B_ENDIAN
+#ifdef B_ENDIAN
c->u.d[SHA_LBLOCK - 2] = c->Nh;
c->u.d[SHA_LBLOCK - 1] = c->Nl;
-# else
+#else
p[sizeof(c->u) - 1] = (unsigned char)(c->Nl);
p[sizeof(c->u) - 2] = (unsigned char)(c->Nl >> 8);
p[sizeof(c->u) - 3] = (unsigned char)(c->Nl >> 16);
@@ -133,7 +132,7 @@ int SHA512_Final(unsigned char *md, SHA512_CTX *c)
p[sizeof(c->u) - 14] = (unsigned char)(c->Nh >> 40);
p[sizeof(c->u) - 15] = (unsigned char)(c->Nh >> 48);
p[sizeof(c->u) - 16] = (unsigned char)(c->Nh >> 56);
-# endif
+#endif

sha512_block_data_order(c, p, 1);

@@ -213,14 +212,14 @@ int SHA512_Update(SHA512_CTX *c, const void *_data, size_t len)
}

if (len >= sizeof(c->u)) {
-# ifndef SHA512_BLOCK_CAN_MANAGE_UNALIGNED_DATA
+#ifndef SHA512_BLOCK_CAN_MANAGE_UNALIGNED_DATA
if ((size_t)data % sizeof(c->u.d[0]) != 0)
while (len >= sizeof(c->u))
memcpy(p, data, sizeof(c->u)),
sha512_block_data_order(c, p, 1),
len -= sizeof(c->u), data += sizeof(c->u);
else
-# endif
+#endif
sha512_block_data_order(c, data, len / sizeof(c->u)),
data += len, len %= sizeof(c->u), data -= len;
}
@@ -238,10 +237,10 @@ int SHA384_Update(SHA512_CTX *c, const void *data, size_t len)

void SHA512_Transform(SHA512_CTX *c, const unsigned char *data)
{
-# ifndef SHA512_BLOCK_CAN_MANAGE_UNALIGNED_DATA
+#ifndef SHA512_BLOCK_CAN_MANAGE_UNALIGNED_DATA
if ((size_t)data % sizeof(c->u.d[0]) != 0)
memcpy(c->u.p, data, sizeof(c->u.p)), data = c->u.p;
-# endif
+#endif
sha512_block_data_order(c, data, 1);
}

@@ -273,7 +272,7 @@ unsigned char *SHA512(const unsigned char *d, size_t n, unsigned char *md)
return (md);
}

-# ifndef SHA512_ASM
+#ifndef SHA512_ASM
static const SHA_LONG64 K512[80] = {
U64(0x428a2f98d728ae22), U64(0x7137449123ef65cd),
U64(0xb5c0fbcfec4d3b2f), U64(0xe9b5dba58189dbbc),
@@ -317,23 +316,23 @@ static const SHA_LONG64 K512[80] = {
U64(0x5fcb6fab3ad6faec), U64(0x6c44198c4a475817)
};

-# ifndef PEDANTIC
-# if defined(__GNUC__) && __GNUC__>=2 && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM)
-# if defined(__x86_64) || defined(__x86_64__)
-# define ROTR(a,n) ({ SHA_LONG64 ret; \
+# ifndef PEDANTIC
+# if defined(__GNUC__) && __GNUC__>=2 && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM)
+# if defined(__x86_64) || defined(__x86_64__)
+# define ROTR(a,n) ({ SHA_LONG64 ret; \
asm ("rorq %1,%0" \
: "=r"(ret) \
: "J"(n),"0"(a) \
: "cc"); ret; })
-# if !defined(B_ENDIAN)
-# define PULL64(x) ({ SHA_LONG64 ret=*((const SHA_LONG64 *)(&(x))); \
+# if !defined(B_ENDIAN)
+# define PULL64(x) ({ SHA_LONG64 ret=*((const SHA_LONG64 *)(&(x))); \
asm ("bswapq %0" \
: "=r"(ret) \
: "0"(ret)); ret; })
-# endif
-# elif (defined(__i386) || defined(__i386__)) && !defined(B_ENDIAN)
-# if defined(I386_ONLY)
-# define PULL64(x) ({ const unsigned int *p=(const unsigned int *)(&(x));\
+# endif
+# elif (defined(__i386) || defined(__i386__)) && !defined(B_ENDIAN)
+# if defined(I386_ONLY)
+# define PULL64(x) ({ const unsigned int *p=(const unsigned int *)(&(x));\
unsigned int hi=p[0],lo=p[1]; \
asm("xchgb %%ah,%%al;xchgb %%dh,%%dl;"\
"roll $16,%%eax; roll $16,%%edx; "\
@@ -341,39 +340,39 @@ static const SHA_LONG64 K512[80] = {
: "=a"(lo),"=d"(hi) \
: "0"(lo),"1"(hi) : "cc"); \
((SHA_LONG64)hi)<<32|lo; })
-# else
-# define PULL64(x) ({ const unsigned int *p=(const unsigned int *)(&(x));\
+# else
+# define PULL64(x) ({ const unsigned int *p=(const unsigned int *)(&(x));\
unsigned int hi=p[0],lo=p[1]; \
asm ("bswapl %0; bswapl %1;" \
: "=r"(lo),"=r"(hi) \
: "0"(lo),"1"(hi)); \
((SHA_LONG64)hi)<<32|lo; })
-# endif
-# elif (defined(_ARCH_PPC) && defined(__64BIT__)) || defined(_ARCH_PPC64)
-# define ROTR(a,n) ({ SHA_LONG64 ret; \
+# endif
+# elif (defined(_ARCH_PPC) && defined(__64BIT__)) || defined(_ARCH_PPC64)
+# define ROTR(a,n) ({ SHA_LONG64 ret; \
asm ("rotrdi %0,%1,%2" \
: "=r"(ret) \
: "r"(a),"K"(n)); ret; })
-# elif defined(__aarch64__)
-# define ROTR(a,n) ({ SHA_LONG64 ret; \
+# elif defined(__aarch64__)
+# define ROTR(a,n) ({ SHA_LONG64 ret; \
asm ("ror %0,%1,%2" \
: "=r"(ret) \
: "r"(a),"I"(n)); ret; })
-# if defined(__BYTE_ORDER__) && defined(__ORDER_LITTLE_ENDIAN__) && \
+# if defined(__BYTE_ORDER__) && defined(__ORDER_LITTLE_ENDIAN__) && \
__BYTE_ORDER__==__ORDER_LITTLE_ENDIAN__
-# define PULL64(x) ({ SHA_LONG64 ret; \
+# define PULL64(x) ({ SHA_LONG64 ret; \
asm ("rev %0,%1" \
: "=r"(ret) \
: "r"(*((const SHA_LONG64 *)(&(x))))); ret; })
-# endif
# endif
-# elif defined(_MSC_VER)
-# if defined(_WIN64) /* applies to both IA-64 and AMD64 */
-# pragma intrinsic(_rotr64)
-# define ROTR(a,n) _rotr64((a),n)
-# endif
-# if defined(_M_IX86) && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM)
-# if defined(I386_ONLY)
+# endif
+# elif defined(_MSC_VER)
+# if defined(_WIN64) /* applies to both IA-64 and AMD64 */
+# pragma intrinsic(_rotr64)
+# define ROTR(a,n) _rotr64((a),n)
+# endif
+# if defined(_M_IX86) && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM)
+# if defined(I386_ONLY)
static SHA_LONG64 __fastcall __pull64be(const void *x)
{
_asm mov edx,[ecx + 0]
@@ -381,34 +380,34 @@ static SHA_LONG64 __fastcall __pull64be(const void *x)
_asm xchg dh, dl
_asm xchg ah, al
_asm rol edx, 16 _asm rol eax, 16 _asm xchg dh, dl _asm xchg ah, al}
-# else
+# else
static SHA_LONG64 __fastcall __pull64be(const void *x)
{
_asm mov edx,[ecx + 0]
_asm mov eax,[ecx + 4]
_asm bswap edx _asm bswap eax}
-# endif
-# define PULL64(x) __pull64be(&(x))
-# if _MSC_VER<=1200
-# pragma inline_depth(0)
-# endif
+# endif
+# define PULL64(x) __pull64be(&(x))
+# if _MSC_VER<=1200
+# pragma inline_depth(0)
# endif
# endif
# endif
-# ifndef PULL64
-# define B(x,j) (((SHA_LONG64)(*(((const unsigned char *)(&x))+j)))<<((7-j)*8))
-# define PULL64(x) (B(x,0)|B(x,1)|B(x,2)|B(x,3)|B(x,4)|B(x,5)|B(x,6)|B(x,7))
-# endif
-# ifndef ROTR
-# define ROTR(x,s) (((x)>>s) | (x)<<(64-s))
-# endif
-# define Sigma0(x) (ROTR((x),28) ^ ROTR((x),34) ^ ROTR((x),39))
-# define Sigma1(x) (ROTR((x),14) ^ ROTR((x),18) ^ ROTR((x),41))
-# define sigma0(x) (ROTR((x),1) ^ ROTR((x),8) ^ ((x)>>7))
-# define sigma1(x) (ROTR((x),19) ^ ROTR((x),61) ^ ((x)>>6))
-# define Ch(x,y,z) (((x) & (y)) ^ ((~(x)) & (z)))
-# define Maj(x,y,z) (((x) & (y)) ^ ((x) & (z)) ^ ((y) & (z)))
-# if defined(__i386) || defined(__i386__) || defined(_M_IX86)
+# endif
+# ifndef PULL64
+# define B(x,j) (((SHA_LONG64)(*(((const unsigned char *)(&x))+j)))<<((7-j)*8))
+# define PULL64(x) (B(x,0)|B(x,1)|B(x,2)|B(x,3)|B(x,4)|B(x,5)|B(x,6)|B(x,7))
+# endif
+# ifndef ROTR
+# define ROTR(x,s) (((x)>>s) | (x)<<(64-s))
+# endif
+# define Sigma0(x) (ROTR((x),28) ^ ROTR((x),34) ^ ROTR((x),39))
+# define Sigma1(x) (ROTR((x),14) ^ ROTR((x),18) ^ ROTR((x),41))
+# define sigma0(x) (ROTR((x),1) ^ ROTR((x),8) ^ ((x)>>7))
+# define sigma1(x) (ROTR((x),19) ^ ROTR((x),61) ^ ((x)>>6))
+# define Ch(x,y,z) (((x) & (y)) ^ ((~(x)) & (z)))
+# define Maj(x,y,z) (((x) & (y)) ^ ((x) & (z)) ^ ((y) & (z)))
+# if defined(__i386) || defined(__i386__) || defined(_M_IX86)
/*
* This code should give better results on 32-bit CPU with less than
* ~24 registers, both size and performance wise...
@@ -433,11 +432,11 @@ _asm bswap edx _asm bswap eax}
F[7] = ctx->h[7];

for (i = 0; i < 16; i++, F--) {
-# ifdef B_ENDIAN
+# ifdef B_ENDIAN
T = W[i];
-# else
+# else
T = PULL64(W[i]);
-# endif
+# endif
F[0] = A;
F[4] = E;
F[8] = T;
@@ -472,7 +471,7 @@ _asm bswap edx _asm bswap eax}
}
}

-# elif defined(OPENSSL_SMALL_FOOTPRINT)
+# elif defined(OPENSSL_SMALL_FOOTPRINT)
static void sha512_block_data_order(SHA512_CTX *ctx, const void *in,
size_t num)
{
@@ -493,11 +492,11 @@ static void sha512_block_data_order(SHA512_CTX *ctx, const void *in,
h = ctx->h[7];

for (i = 0; i < 16; i++) {
-# ifdef B_ENDIAN
+# ifdef B_ENDIAN
T1 = X[i] = W[i];
-# else
+# else
T1 = X[i] = PULL64(W[i]);
-# endif
+# endif
T1 += h + Sigma1(e) + Ch(e, f, g) + K512[i];
T2 = Sigma0(a) + Maj(a, b, c);
h = g;
@@ -542,12 +541,12 @@ static void sha512_block_data_order(SHA512_CTX *ctx, const void *in,
}
}

-# else
-# define ROUND_00_15(i,a,b,c,d,e,f,g,h) do { \
+# else
+# define ROUND_00_15(i,a,b,c,d,e,f,g,h) do { \
T1 += h + Sigma1(e) + Ch(e,f,g) + K512[i]; \
h = Sigma0(a) + Maj(a,b,c); \
d += T1; h += T1; } while (0)
-# define ROUND_16_80(i,j,a,b,c,d,e,f,g,h,X) do { \
+# define ROUND_16_80(i,j,a,b,c,d,e,f,g,h,X) do { \
s0 = X[(j+1)&0x0f]; s0 = sigma0(s0); \
s1 = X[(j+14)&0x0f]; s1 = sigma1(s1); \
T1 = X[(j)&0x0f] += s0 + s1 + X[(j+9)&0x0f]; \
@@ -571,7 +570,7 @@ static void sha512_block_data_order(SHA512_CTX *ctx, const void *in,
g = ctx->h[6];
h = ctx->h[7];

-# ifdef B_ENDIAN
+# ifdef B_ENDIAN
T1 = X[0] = W[0];
ROUND_00_15(0, a, b, c, d, e, f, g, h);
T1 = X[1] = W[1];
@@ -604,7 +603,7 @@ static void sha512_block_data_order(SHA512_CTX *ctx, const void *in,
ROUND_00_15(14, c, d, e, f, g, h, a, b);
T1 = X[15] = W[15];
ROUND_00_15(15, b, c, d, e, f, g, h, a);
-# else
+# else
T1 = X[0] = PULL64(W[0]);
ROUND_00_15(0, a, b, c, d, e, f, g, h);
T1 = X[1] = PULL64(W[1]);
@@ -637,7 +636,7 @@ static void sha512_block_data_order(SHA512_CTX *ctx, const void *in,
ROUND_00_15(14, c, d, e, f, g, h, a, b);
T1 = X[15] = PULL64(W[15]);
ROUND_00_15(15, b, c, d, e, f, g, h, a);
-# endif
+# endif

for (i = 16; i < 80; i += 16) {
ROUND_16_80(i, 0, a, b, c, d, e, f, g, h, X);
@@ -671,14 +670,6 @@ static void sha512_block_data_order(SHA512_CTX *ctx, const void *in,
}
}

-# endif
-
-# endif /* SHA512_ASM */
-
-#else /* !OPENSSL_NO_SHA512 */
-
-# if defined(PEDANTIC) || defined(__DECC) || defined(OPENSSL_SYS_MACOSX)
-static void *dummy = &dummy;
# endif

-#endif /* !OPENSSL_NO_SHA512 */
+#endif /* SHA512_ASM */
diff --git a/crypto/sha/sha512t.c b/crypto/sha/sha512t.c
index 178882f..a4d4b5e 100644
--- a/crypto/sha/sha512t.c
+++ b/crypto/sha/sha512t.c
@@ -11,14 +11,6 @@
#include <openssl/evp.h>
#include <openssl/crypto.h>

-#if defined(OPENSSL_NO_SHA) || defined(OPENSSL_NO_SHA512)
-int main(int argc, char *argv[])
-{
- printf("No SHA512 support\n");
- return (0);
-}
-#else
-
unsigned char app_c1[SHA512_DIGEST_LENGTH] = {
0xdd, 0xaf, 0x35, 0xa1, 0x93, 0x61, 0x7a, 0xba,
0xcc, 0x41, 0x73, 0x49, 0xae, 0x20, 0x41, 0x31,
@@ -193,4 +185,3 @@ int main(int argc, char **argv)

return 0;
}
-#endif
diff --git a/crypto/sha/sha_dgst.c b/crypto/sha/sha_dgst.c
deleted file mode 100644
index f77cf5e..0000000
--- a/crypto/sha/sha_dgst.c
+++ /dev/null
@@ -1,74 +0,0 @@
-/* crypto/sha/sha1dgst.c */
-/* Copyright (C) 1995-1998 Eric Young (e...@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (e...@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (t...@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.

- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:

- * 1. Redistributions of source code must retain the copyright

- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright

- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:

- * "This product includes cryptographic software written by

- * Eric Young (e...@cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (t...@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <openssl/crypto.h>
-#include <openssl/opensslconf.h>
-#if !defined(OPENSSL_NO_SHA0) && !defined(OPENSSL_NO_SHA)
-
-# undef SHA_1
-# define SHA_0
-
-# include <openssl/opensslv.h>
-
-const char SHA_version[] = "SHA" OPENSSL_VERSION_PTEXT;
-
-/* The implementation is in ../md32_common.h */
-
-# include "sha_locl.h"
-
-#endif
diff --git a/crypto/sha/sha_locl.h b/crypto/sha/sha_locl.h
index 2a44f57..af62d9e 100644
--- a/crypto/sha/sha_locl.h
+++ b/crypto/sha/sha_locl.h
@@ -76,35 +76,19 @@
ll=(c)->h4; (void)HOST_l2c(ll,(s)); \
} while (0)

-#if defined(SHA_0)
-
-# define HASH_UPDATE SHA_Update
-# define HASH_TRANSFORM SHA_Transform
-# define HASH_FINAL SHA_Final
-# define HASH_INIT SHA_Init
-# define HASH_BLOCK_DATA_ORDER sha_block_data_order
-# define Xupdate(a,ix,ia,ib,ic,id) (ix=(a)=(ia^ib^ic^id))
-
-static void sha_block_data_order(SHA_CTX *c, const void *p, size_t num);
-
-#elif defined(SHA_1)
-
-# define HASH_UPDATE SHA1_Update
-# define HASH_TRANSFORM SHA1_Transform
-# define HASH_FINAL SHA1_Final
-# define HASH_INIT SHA1_Init
-# define HASH_BLOCK_DATA_ORDER sha1_block_data_order
-# define Xupdate(a,ix,ia,ib,ic,id) ( (a)=(ia^ib^ic^id), \
+#define HASH_UPDATE SHA1_Update
+#define HASH_TRANSFORM SHA1_Transform
+#define HASH_FINAL SHA1_Final
+#define HASH_INIT SHA1_Init
+#define HASH_BLOCK_DATA_ORDER sha1_block_data_order
+#define Xupdate(a,ix,ia,ib,ic,id) ( (a)=(ia^ib^ic^id), \
ix=(a)=ROTATE((a),1) \
)

-# ifndef SHA1_ASM
-static
-# endif
-void sha1_block_data_order(SHA_CTX *c, const void *p, size_t num);
-
+#ifndef SHA1_ASM
+static void sha1_block_data_order(SHA_CTX *c, const void *p, size_t num);
#else
-# error "Either SHA_0 or SHA_1 must be defined."
+void sha1_block_data_order(SHA_CTX *c, const void *p, size_t num);
#endif

#include "md32_common.h"
@@ -197,7 +181,7 @@ int HASH_INIT(SHA_CTX *c)
# define X(i) XX[i]
# endif

-# if !defined(SHA_1) || !defined(SHA1_ASM)
+# if !defined(SHA1_ASM)
static void HASH_BLOCK_DATA_ORDER(SHA_CTX *c, const void *p, size_t num)
{
const unsigned char *data = p;
@@ -431,7 +415,7 @@ static void HASH_BLOCK_DATA_ORDER(SHA_CTX *c, const void *p, size_t num)
E=D, D=C, C=ROTATE(B,30), B=A; \
A=ROTATE(A,5)+T+xa; } while(0)

-# if !defined(SHA_1) || !defined(SHA1_ASM)
+# if !defined(SHA1_ASM)
static void HASH_BLOCK_DATA_ORDER(SHA_CTX *c, const void *p, size_t num)
{
const unsigned char *data = p;
diff --git a/crypto/sha/sha_one.c b/crypto/sha/sha_one.c
deleted file mode 100644
index 0930b98..0000000
--- a/crypto/sha/sha_one.c
+++ /dev/null
@@ -1,79 +0,0 @@
-/* crypto/sha/sha_one.c */
-/* Copyright (C) 1995-1998 Eric Young (e...@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (e...@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (t...@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.

- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:

- * 1. Redistributions of source code must retain the copyright

- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright

- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:

- * "This product includes cryptographic software written by

- * Eric Young (e...@cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (t...@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <string.h>
-#include <openssl/sha.h>
-#include <openssl/crypto.h>
-
-#ifndef OPENSSL_NO_SHA0
-unsigned char *SHA(const unsigned char *d, size_t n, unsigned char *md)
-{
- SHA_CTX c;
- static unsigned char m[SHA_DIGEST_LENGTH];
-
- if (md == NULL)
- md = m;
- if (!SHA_Init(&c))
- return NULL;
- SHA_Update(&c, d, n);
- SHA_Final(md, &c);
- OPENSSL_cleanse(&c, sizeof(c));
- return (md);
-}
-#endif
diff --git a/crypto/sha/shatest.c b/crypto/sha/shatest.c
deleted file mode 100644
index 105060a..0000000
--- a/crypto/sha/shatest.c
+++ /dev/null
@@ -1,174 +0,0 @@
-/* crypto/sha/shatest.c */
-/* Copyright (C) 1995-1998 Eric Young (e...@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (e...@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (t...@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.

- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:

- * 1. Redistributions of source code must retain the copyright

- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright

- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:

- * "This product includes cryptographic software written by

- * Eric Young (e...@cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (t...@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <string.h>
-#include <stdlib.h>
-
-#include "../e_os.h"
-
-#if defined(OPENSSL_NO_SHA) || defined(OPENSSL_NO_SHA0)
-int main(int argc, char *argv[])
-{
- printf("No SHA0 support\n");
- return (0);
-}
-#else
-# include <openssl/evp.h>
-# include <openssl/sha.h>
-
-# ifdef CHARSET_EBCDIC
-# include <openssl/ebcdic.h>
-# endif
-
-# define SHA_0 /* FIPS 180 */
-# undef SHA_1 /* FIPS 180-1 */
-
-static char *test[] = {
- "abc",
- "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq",
- NULL,
-};
-
-# ifdef SHA_0
-static char *ret[] = {
- "0164b8a914cd2a5e74c4f7ff082c4d97f1edf880",
- "d2516ee1acfa5baf33dfc1c471e438449ef134c8",
-};
-
-static char *bigret = "3232affa48628a26653b5aaa44541fd90d690603";
-# endif
-# ifdef SHA_1
-static char *ret[] = {
- "a9993e364706816aba3e25717850c26c9cd0d89d",
- "84983e441c3bd26ebaae4aa1f95129e5e54670f1",
-};
-
-static char *bigret = "34aa973cd4c4daa4f61eeb2bdbad27316534016f";
-# endif
-
-static char *pt(unsigned char *md);
-int main(int argc, char *argv[])
-{
- int i, err = 0;
- char **P, **R;
- static unsigned char buf[1000];
- char *p, *r;
- EVP_MD_CTX c;
- unsigned char md[SHA_DIGEST_LENGTH];
-
-# ifdef CHARSET_EBCDIC
- ebcdic2ascii(test[0], test[0], strlen(test[0]));
- ebcdic2ascii(test[1], test[1], strlen(test[1]));
-# endif
-
- EVP_MD_CTX_init(&c);
- P = test;
- R = ret;
- i = 1;
- while (*P != NULL) {
- EVP_Digest(*P, strlen(*P), md, NULL, EVP_sha(), NULL);
- p = pt(md);
- if (strcmp(p, *R) != 0) {
- printf("error calculating SHA on '%s'\n", *P);
- printf("got %s instead of %s\n", p, *R);
- err++;
- } else
- printf("test %d ok\n", i);
- i++;
- R++;
- P++;
- }
-
- memset(buf, 'a', 1000);
-# ifdef CHARSET_EBCDIC
- ebcdic2ascii(buf, buf, 1000);
-# endif /* CHARSET_EBCDIC */
- EVP_DigestInit_ex(&c, EVP_sha(), NULL);
- for (i = 0; i < 1000; i++)
- EVP_DigestUpdate(&c, buf, 1000);
- EVP_DigestFinal_ex(&c, md, NULL);
- p = pt(md);
-
- r = bigret;
- if (strcmp(p, r) != 0) {
- printf("error calculating SHA on '%s'\n", p);
- printf("got %s instead of %s\n", p, r);
- err++;
- } else
- printf("test 3 ok\n");
-
-# ifdef OPENSSL_SYS_NETWARE
- if (err)
- printf("ERROR: %d\n", err);
-# endif
- EVP_MD_CTX_cleanup(&c);
- EXIT(err);
- return (0);
-}
-
-static char *pt(unsigned char *md)
-{
- int i;
- static char buf[80];
-
- for (i = 0; i < SHA_DIGEST_LENGTH; i++)
- sprintf(&(buf[i * 2]), "%02x", md[i]);
- return (buf);
-}
-#endif
diff --git a/crypto/x509/x509.h b/crypto/x509/x509.h
index 13f7531..fae320f 100644
--- a/crypto/x509/x509.h
+++ b/crypto/x509/x509.h
@@ -97,9 +97,7 @@
# endif
# endif

-# ifndef OPENSSL_NO_SHA
-# include <openssl/sha.h>
-# endif

+# include <openssl/sha.h>
# include <openssl/ossl_typ.h>

#ifdef __cplusplus
@@ -280,9 +278,7 @@ struct x509_st {
NAME_CONSTRAINTS *nc;

STACK_OF(IPAddressFamily) *rfc3779_addr;
struct ASIdentifiers_st *rfc3779_asid;

-# ifndef OPENSSL_NO_SHA
unsigned char sha1_hash[SHA_DIGEST_LENGTH];
-# endif
X509_CERT_AUX *aux;
} /* X509 */ ;

@@ -453,9 +449,7 @@ struct X509_crl_st {
/* CRL and base CRL numbers for delta processing */
ASN1_INTEGER *crl_number;
ASN1_INTEGER *base_crl_number;
-# ifndef OPENSSL_NO_SHA
unsigned char sha1_hash[SHA_DIGEST_LENGTH];
-# endif
STACK_OF(GENERAL_NAMES) *issuers;
const X509_CRL_METHOD *meth;
void *meth_data;
diff --git a/crypto/x509/x509_cmp.c b/crypto/x509/x509_cmp.c
index 49c71b9..04cecad 100644
--- a/crypto/x509/x509_cmp.c
+++ b/crypto/x509/x509_cmp.c
@@ -122,12 +122,10 @@ int X509_CRL_cmp(const X509_CRL *a, const X509_CRL *b)
return (X509_NAME_cmp(a->crl->issuer, b->crl->issuer));
}

-#ifndef OPENSSL_NO_SHA
int X509_CRL_match(const X509_CRL *a, const X509_CRL *b)
{
return memcmp(a->sha1_hash, b->sha1_hash, 20);
}
-#endif

X509_NAME *X509_get_issuer_name(X509 *a)
{
@@ -168,7 +166,6 @@ unsigned long X509_subject_name_hash_old(X509 *x)
}
#endif

-#ifndef OPENSSL_NO_SHA
/*
* Compare two certificates: they must be identical for this to work. NB:
* Although "cmp" operations are generally prototyped to take "const"
@@ -197,7 +194,6 @@ int X509_cmp(const X509 *a, const X509 *b)
}
return rv;
}
-#endif

int X509_NAME_cmp(const X509_NAME *a, const X509_NAME *b)
{
diff --git a/crypto/x509v3/v3_purp.c b/crypto/x509v3/v3_purp.c
index dfc8c5b..b748e98 100644
--- a/crypto/x509v3/v3_purp.c
+++ b/crypto/x509v3/v3_purp.c
@@ -390,9 +390,7 @@ static void x509v3_cache_extensions(X509 *x)
int i;
if (x->ex_flags & EXFLAG_SET)
return;
-#ifndef OPENSSL_NO_SHA
X509_digest(x, EVP_sha1(), x->sha1_hash, NULL);
-#endif
/* V1 should mean no extensions ... */
if (!X509_get_version(x))
x->ex_flags |= EXFLAG_V1;
diff --git a/doc/crypto/EVP_DigestInit.pod b/doc/crypto/EVP_DigestInit.pod
index d9fada9..6605507 100644
--- a/doc/crypto/EVP_DigestInit.pod
+++ b/doc/crypto/EVP_DigestInit.pod
@@ -6,7 +6,7 @@ EVP_MD_CTX_init, EVP_MD_CTX_create, EVP_DigestInit_ex, EVP_DigestUpdate,
EVP_DigestFinal_ex, EVP_MD_CTX_cleanup, EVP_MD_CTX_destroy, EVP_MAX_MD_SIZE,
EVP_MD_CTX_copy_ex, EVP_DigestInit, EVP_DigestFinal, EVP_MD_CTX_copy, EVP_MD_type,
EVP_MD_pkey_type, EVP_MD_size, EVP_MD_block_size, EVP_MD_CTX_md, EVP_MD_CTX_size,
-EVP_MD_CTX_block_size, EVP_MD_CTX_type, EVP_md_null, EVP_md2, EVP_md5, EVP_sha, EVP_sha1,
+EVP_MD_CTX_block_size, EVP_MD_CTX_type, EVP_md_null, EVP_md2, EVP_md5, EVP_sha1,
EVP_sha224, EVP_sha256, EVP_sha384, EVP_sha512, EVP_dss, EVP_dss1, EVP_mdc2,
EVP_ripemd160, EVP_get_digestbyname, EVP_get_digestbynid, EVP_get_digestbyobj -
EVP digest routines
@@ -49,7 +49,6 @@ EVP digest routines
const EVP_MD *EVP_md_null(void);
const EVP_MD *EVP_md2(void);
const EVP_MD *EVP_md5(void);
- const EVP_MD *EVP_sha(void);
const EVP_MD *EVP_sha1(void);
const EVP_MD *EVP_dss(void);
const EVP_MD *EVP_dss1(void);
@@ -134,9 +133,9 @@ return B<NID_sha1WithRSAEncryption>. Since digests and signature algorithms
are no longer linked this function is only retained for compatibility
reasons.

-EVP_md2(), EVP_md5(), EVP_sha(), EVP_sha1(), EVP_sha224(), EVP_sha256(),
+EVP_md2(), EVP_md5(), EVP_sha1(), EVP_sha224(), EVP_sha256(),
EVP_sha384(), EVP_sha512(), EVP_mdc2() and EVP_ripemd160() return B<EVP_MD>
-structures for the MD2, MD5, SHA, SHA1, SHA224, SHA256, SHA384, SHA512, MDC2
+structures for the MD2, MD5, SHA1, SHA224, SHA256, SHA384, SHA512, MDC2
and RIPEMD160 digest algorithms respectively.

EVP_dss() and EVP_dss1() return B<EVP_MD> structures for SHA and SHA1 digest
@@ -165,7 +164,7 @@ corresponding OBJECT IDENTIFIER or NID_undef if none exists.
EVP_MD_size(), EVP_MD_block_size(), EVP_MD_CTX_size() and
EVP_MD_CTX_block_size() return the digest or block size in bytes.

-EVP_md_null(), EVP_md2(), EVP_md5(), EVP_sha(), EVP_sha1(), EVP_dss(),
+EVP_md_null(), EVP_md2(), EVP_md5(), EVP_sha1(), EVP_dss(),
EVP_dss1(), EVP_mdc2() and EVP_ripemd160() return pointers to the
corresponding EVP_MD structures.

@@ -269,7 +268,7 @@ EVP_MD_CTX_init(), EVP_MD_CTX_create(), EVP_MD_CTX_copy_ex(),
EVP_MD_CTX_cleanup(), EVP_MD_CTX_destroy(), EVP_DigestInit_ex()
and EVP_DigestFinal_ex() were added in OpenSSL 0.9.7.

-EVP_md_null(), EVP_md2(), EVP_md5(), EVP_sha(), EVP_sha1(),
+EVP_md_null(), EVP_md2(), EVP_md5(), EVP_sha1(),
EVP_dss(), EVP_dss1(), EVP_mdc2() and EVP_ripemd160() were
changed to return truly const EVP_MD * in OpenSSL 0.9.7.

diff --git a/engines/e_sureware.c b/engines/e_sureware.c
index dc3e21f..aae568a 100644
--- a/engines/e_sureware.c
+++ b/engines/e_sureware.c
@@ -946,13 +946,11 @@ static int surewarehk_rsa_priv_dec(int flen, const unsigned char *from,
}
memcpy(buf, to, tlen); /* transfert to into buf */
switch (padding) { /* check padding in software */
-# ifndef OPENSSL_NO_SHA
case RSA_PKCS1_OAEP_PADDING:
ret =
RSA_padding_check_PKCS1_OAEP(to, tlen, (unsigned char *)buf,
tlen, tlen, NULL, 0);
break;
-# endif
case RSA_SSLV23_PADDING:
ret =
RSA_padding_check_SSLv23(to, tlen, (unsigned char *)buf, flen,
diff --git a/makevms.com b/makevms.com
index 4705346..331b1be 100755
--- a/makevms.com
+++ b/makevms.com
@@ -566,12 +566,6 @@ $ WRITE H_FILE "#undef SIXTEEN_BIT"
$ WRITE H_FILE "#undef EIGHT_BIT"
$ WRITE H_FILE "#endif"
$!
-$! Oddly enough, the following symbol is tested in crypto/sha/sha512.c
-$! before sha.h gets included (and HEADER_SHA_H defined), so we will not
-$! protect this one...
-$ WRITE H_FILE "#undef OPENSSL_NO_SHA512"
-$ WRITE H_FILE "#define OPENSSL_NO_SHA512"
-$!
$ WRITE H_FILE "#undef OPENSSL_EXPORT_VAR_AS_FUNCTION"
$ WRITE H_FILE "#define OPENSSL_EXPORT_VAR_AS_FUNCTION"
$!
diff --git a/ssl/s3_cbc.c b/ssl/s3_cbc.c
index e5a04ac..53e3c87 100644
--- a/ssl/s3_cbc.c
+++ b/ssl/s3_cbc.c
@@ -328,9 +328,6 @@ static void tls1_sha1_final_raw(void *ctx, unsigned char *md_out)
l2n(sha1->h4, md_out);
}

-#define LARGEST_DIGEST_CTX SHA_CTX
-
-#ifndef OPENSSL_NO_SHA256
static void tls1_sha256_final_raw(void *ctx, unsigned char *md_out)
{
SHA256_CTX *sha256 = ctx;
@@ -341,11 +338,6 @@ static void tls1_sha256_final_raw(void *ctx, unsigned char *md_out)
}
}

-# undef LARGEST_DIGEST_CTX
-# define LARGEST_DIGEST_CTX SHA256_CTX
-#endif
-
-#ifndef OPENSSL_NO_SHA512
static void tls1_sha512_final_raw(void *ctx, unsigned char *md_out)
{
SHA512_CTX *sha512 = ctx;
@@ -356,9 +348,8 @@ static void tls1_sha512_final_raw(void *ctx, unsigned char *md_out)
}
}

-# undef LARGEST_DIGEST_CTX
-# define LARGEST_DIGEST_CTX SHA512_CTX
-#endif
+#undef LARGEST_DIGEST_CTX
+#define LARGEST_DIGEST_CTX SHA512_CTX

/*
* ssl3_cbc_record_digest_supported returns 1 iff |ctx| uses a hash function
@@ -371,14 +362,10 @@ char ssl3_cbc_record_digest_supported(const EVP_MD_CTX *ctx)
switch (EVP_MD_CTX_type(ctx)) {
case NID_md5:
case NID_sha1:
-#ifndef OPENSSL_NO_SHA256
case NID_sha224:
case NID_sha256:
-#endif
-#ifndef OPENSSL_NO_SHA512
case NID_sha384:
case NID_sha512:
-#endif
return 1;
default:
return 0;
@@ -465,7 +452,6 @@ void ssl3_cbc_digest_record(const EVP_MD_CTX *ctx,
(void (*)(void *ctx, const unsigned char *block))SHA1_Transform;
md_size = 20;
break;
-#ifndef OPENSSL_NO_SHA256
case NID_sha224:
SHA224_Init((SHA256_CTX *)md_state.c);
md_final_raw = tls1_sha256_final_raw;
@@ -480,8 +466,6 @@ void ssl3_cbc_digest_record(const EVP_MD_CTX *ctx,
(void (*)(void *ctx, const unsigned char *block))SHA256_Transform;
md_size = 32;
break;
-#endif
-#ifndef OPENSSL_NO_SHA512
case NID_sha384:
SHA384_Init((SHA512_CTX *)md_state.c);
md_final_raw = tls1_sha512_final_raw;
@@ -500,7 +484,6 @@ void ssl3_cbc_digest_record(const EVP_MD_CTX *ctx,
md_block_size = 128;
md_length_size = 16;
break;
-#endif
default:
/*
* ssl3_cbc_record_digest_supported should have been called first to
diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c
index 93518b8..a383eee 100644
--- a/ssl/s3_clnt.c
+++ b/ssl/s3_clnt.c
@@ -2225,11 +2225,7 @@ int ssl3_get_new_session_ticket(SSL *s)
*/
EVP_Digest(p, ticklen,
s->session->session_id, &s->session->session_id_length,
-# ifndef OPENSSL_NO_SHA256
EVP_sha256(), NULL);
-# else
- EVP_sha1(), NULL);
-# endif
ret = 1;
return (ret);
f_err:
diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c
index ccc418a..e929658 100644
--- a/ssl/s3_srvr.c
+++ b/ssl/s3_srvr.c
@@ -3385,7 +3385,7 @@ int ssl3_send_newsession_ticket(SSL *s)
EVP_EncryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL,
tctx->tlsext_tick_aes_key, iv);
HMAC_Init_ex(&hctx, tctx->tlsext_tick_hmac_key, 16,
- tlsext_tick_md(), NULL);
+ EVP_sha256(), NULL);
memcpy(key_name, tctx->tlsext_tick_key_name, 16);
}

diff --git a/ssl/ssl_algs.c b/ssl/ssl_algs.c
index fdf1481..3843aef 100644
--- a/ssl/ssl_algs.c
+++ b/ssl/ssl_algs.c
@@ -91,14 +91,10 @@ int SSL_library_init(void)
EVP_add_cipher(EVP_aes_256_cbc());
EVP_add_cipher(EVP_aes_128_gcm());
EVP_add_cipher(EVP_aes_256_gcm());
-# if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA1)
EVP_add_cipher(EVP_aes_128_cbc_hmac_sha1());
EVP_add_cipher(EVP_aes_256_cbc_hmac_sha1());
-# endif
-# if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA256)
EVP_add_cipher(EVP_aes_128_cbc_hmac_sha256());
EVP_add_cipher(EVP_aes_256_cbc_hmac_sha256());
-# endif
#endif
#ifndef OPENSSL_NO_CAMELLIA
EVP_add_cipher(EVP_camellia_128_cbc());
@@ -113,20 +109,14 @@ int SSL_library_init(void)
EVP_add_digest(EVP_md5());
EVP_add_digest_alias(SN_md5, "ssl3-md5");
#endif
-#ifndef OPENSSL_NO_SHA
EVP_add_digest(EVP_sha1()); /* RSA with sha1 */
EVP_add_digest_alias(SN_sha1, "ssl3-sha1");
EVP_add_digest_alias(SN_sha1WithRSAEncryption, SN_sha1WithRSA);
-#endif
-#ifndef OPENSSL_NO_SHA256
EVP_add_digest(EVP_sha224());
EVP_add_digest(EVP_sha256());
-#endif
-#ifndef OPENSSL_NO_SHA512
EVP_add_digest(EVP_sha384());
EVP_add_digest(EVP_sha512());
-#endif
-#if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_DSA)
+#if !defined(OPENSSL_NO_DSA)
EVP_add_digest(EVP_dss1()); /* DSA with sha1 */
EVP_add_digest_alias(SN_dsaWithSHA1, SN_dsaWithSHA1_2);
EVP_add_digest_alias(SN_dsaWithSHA1, "DSS1");
@@ -135,11 +125,6 @@ int SSL_library_init(void)
#ifndef OPENSSL_NO_ECDSA
EVP_add_digest(EVP_ecdsa());
#endif
- /* If you want support for phased out ciphers, add the following */
-#if 0
- EVP_add_digest(EVP_sha());
- EVP_add_digest(EVP_dss());
-#endif
#ifndef OPENSSL_NO_COMP
/*
* This will initialise the built-in compression algorithms. The value
diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h
index f58a605..fcf5f8d 100644
--- a/ssl/ssl_locl.h
+++ b/ssl/ssl_locl.h
@@ -1329,11 +1329,6 @@ int tls1_process_heartbeat(SSL *s);
int dtls1_process_heartbeat(SSL *s);
# endif

-# ifdef OPENSSL_NO_SHA256
-# define tlsext_tick_md EVP_sha1
-# else
-# define tlsext_tick_md EVP_sha256
-# endif
int tls1_process_ticket(SSL *s, unsigned char *session_id, int len,
const unsigned char *limit, SSL_SESSION **ret);

diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index 115aab5..6a1ed6a 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -906,17 +906,11 @@ static int tls1_check_cert_param(SSL *s, X509 *x, int set_ee_md)
tlsext_sigalg_ecdsa(md)

static const unsigned char tls12_sigalgs[] = {
-# ifndef OPENSSL_NO_SHA512
tlsext_sigalg(TLSEXT_hash_sha512)
tlsext_sigalg(TLSEXT_hash_sha384)

-# endif
-# ifndef OPENSSL_NO_SHA256

tlsext_sigalg(TLSEXT_hash_sha256)
tlsext_sigalg(TLSEXT_hash_sha224)

-# endif
-# ifndef OPENSSL_NO_SHA

tlsext_sigalg(TLSEXT_hash_sha1)
-# endif
};

# ifndef OPENSSL_NO_ECDSA
@@ -3318,7 +3312,7 @@ static int tls_decrypt_ticket(SSL *s, const unsigned char *etick,
if (memcmp(etick, tctx->tlsext_tick_key_name, 16))
return 2;
HMAC_Init_ex(&hctx, tctx->tlsext_tick_hmac_key, 16,
- tlsext_tick_md(), NULL);
+ EVP_sha256(), NULL);
EVP_DecryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL,
tctx->tlsext_tick_aes_key, etick + 16);
}
@@ -3462,25 +3456,11 @@ static const tls12_hash_info tls12_md_info[] = {
# else
{NID_md5, 64, EVP_md5},
# endif
-# ifdef OPENSSL_NO_SHA
- {NID_sha1, 80, 0},
-# else
{NID_sha1, 80, EVP_sha1},
-# endif
-# ifdef OPENSSL_NO_SHA256
- {NID_sha224, 112, 0},
- {NID_sha256, 128, 0},
-# else
{NID_sha224, 112, EVP_sha224},
{NID_sha256, 128, EVP_sha256},
-# endif
-# ifdef OPENSSL_NO_SHA512
- {NID_sha384, 192, 0},
- {NID_sha512, 256, 0}
-# else
{NID_sha384, 192, EVP_sha384},
{NID_sha512, 256, EVP_sha512}
-# endif
};

static const tls12_hash_info *tls12_get_hash_info(unsigned char hash_alg)
diff --git a/util/mk1mf.pl b/util/mk1mf.pl
index 07f6fdd..5424ed5 100755
--- a/util/mk1mf.pl
+++ b/util/mk1mf.pl
@@ -177,7 +177,7 @@ $no_static_engine = 0 if (!$shlib);

$no_mdc2=1 if ($no_des);

-$no_ssl3=1 if ($no_md5 || $no_sha);
+$no_ssl3=1 if ($no_md5);
$no_ssl3=1 if ($no_rsa && $no_dh);

$out_def="out";
@@ -281,8 +281,6 @@ $cflags.=" -DOPENSSL_NO_RC5" if $no_rc5;
$cflags.=" -DOPENSSL_NO_MD2" if $no_md2;
$cflags.=" -DOPENSSL_NO_MD4" if $no_md4;
$cflags.=" -DOPENSSL_NO_MD5" if $no_md5;
-$cflags.=" -DOPENSSL_NO_SHA" if $no_sha;
-$cflags.=" -DOPENSSL_NO_SHA1" if $no_sha1;
$cflags.=" -DOPENSSL_NO_RMD160" if $no_ripemd;
$cflags.=" -DOPENSSL_NO_MDC2" if $no_mdc2;
$cflags.=" -DOPENSSL_NO_BF" if $no_bf;
@@ -1123,8 +1121,6 @@ sub var_add

@a=grep(!/_dhp$/,@a) if $no_dh;

- @a=grep(!/(^sha[^1])|(_sha$)|(m_dss$)/,@a) if $no_sha;
- @a=grep(!/(^sha1)|(_sha1$)|(m_dss1$)/,@a) if $no_sha1;
@a=grep(!/_mdc2$/,@a) if $no_mdc2;

@a=grep(!/(srp)/,@a) if $no_srp;
@@ -1133,11 +1129,8 @@ sub var_add
@a=grep(!/^hw$/,@a) if $no_hw;
@a=grep(!/(^rsa$)|(^genrsa$)/,@a) if $no_rsa;
@a=grep(!/(^dsa$)|(^gendsa$)|(^dsaparam$)/,@a) if $no_dsa;
- @a=grep(!/^gendsa$/,@a) if $no_sha1;
@a=grep(!/(^dh$)|(^gendh$)/,@a) if $no_dh;

- @a=grep(!/(^dh)|(_sha1$)|(m_dss1$)/,@a) if $no_sha1;
-
grep($_="$dir/$_",@a);
@a=grep(!/(^|\/)s_/,@a) if $no_sock;
@a=grep(!/(^|\/)bio_sock/,@a) if $no_sock;
@@ -1409,8 +1402,6 @@ sub read_options
"no-md2" => \$no_md2,
"no-md4" => \$no_md4,
"no-md5" => \$no_md5,
- "no-sha" => \$no_sha,
- "no-sha1" => \$no_sha1,
"no-ripemd" => \$no_ripemd,
"no-mdc2" => \$no_mdc2,
"no-whirlpool" => \$no_whirlpool,
@@ -1444,7 +1435,7 @@ sub read_options
"no-hw" => \$no_hw,
"just-ssl" =>
[\$no_rc2, \$no_idea, \$no_des, \$no_bf, \$no_cast,
- \$no_md2, \$no_sha, \$no_mdc2, \$no_dsa, \$no_dh,
+ \$no_md2, \$no_mdc2, \$no_dsa, \$no_dh,
\$no_err, \$no_ripemd, \$no_rc5,
\$no_aes, \$no_camellia, \$no_seed, \$no_srp],
"rsaref" => 0,
diff --git a/util/mkdef.pl b/util/mkdef.pl
index a6f64e3..1dbd555 100755
--- a/util/mkdef.pl
+++ b/util/mkdef.pl
@@ -972,7 +972,6 @@ sub do_defs
$a .= ",RC4" if($s =~ /EVP_rc4/);
$a .= ",RC5" if($s =~ /EVP_rc5/);
$a .= ",RIPEMD" if($s =~ /EVP_ripemd/);
- $a .= ",SHA" if($s =~ /EVP_sha/);
$a .= ",RSA" if($s =~ /EVP_(Open|Seal)(Final|Init)/);
$a .= ",RSA" if($s =~ /PEM_Seal(Final|Init|Update)/);
$a .= ",RSA" if($s =~ /RSAPrivateKey/);

Rich Salz

unread,

Jan 27, 2015, 3:18:35 PM1/27/15

to

The branch master has been updated

via daa48704cc04c61cf8f3e74759a7a3139b6aff01 (commit)
from 474e469bbd056aebcf7e7d3207ef820f2faed4ce (commit)

- Log -----------------------------------------------------------------
commit daa48704cc04c61cf8f3e74759a7a3139b6aff01
Author: Rich Salz <rs...@openssl.org>
Date: Tue Jan 27 15:14:12 2015 -0500

OPENSSL_NO_XXX cleanup: NO_TLS, NO_TLS1

TLS and TLS1 are no longer optional.

Reviewed-by: Richard Levitte <lev...@openssl.org>

-----------------------------------------------------------------------

Summary of changes:

apps/ciphers.c | 2 --
apps/s_client.c | 2 --
apps/s_server.c | 2 --
ssl/d1_pkt.c | 2 --
ssl/s23_meth.c | 2 --
ssl/s3_pkt.c | 2 --
ssl/ssltest.c | 8 --------
7 files changed, 20 deletions(-)

diff --git a/apps/ciphers.c b/apps/ciphers.c
index f36db20..803b021 100644
--- a/apps/ciphers.c
+++ b/apps/ciphers.c
@@ -129,10 +129,8 @@ int MAIN(int argc, char **argv)
else if (strcmp(*argv, "-ssl3") == 0)
meth = SSLv3_client_method();
#endif
-#ifndef OPENSSL_NO_TLS1
else if (strcmp(*argv, "-tls1") == 0)
meth = TLSv1_client_method();
-#endif
else if ((strncmp(*argv, "-h", 2) == 0) || (strcmp(*argv, "-?") == 0)) {
badops = 1;
break;
diff --git a/apps/s_client.c b/apps/s_client.c
index 0c4e6bd..512c258 100644
--- a/apps/s_client.c
+++ b/apps/s_client.c
@@ -931,14 +931,12 @@ int MAIN(int argc, char **argv)
else if (strcmp(*argv, "-ssl3") == 0)
meth = SSLv3_client_method();
#endif
-#ifndef OPENSSL_NO_TLS1
else if (strcmp(*argv, "-tls1_2") == 0)
meth = TLSv1_2_client_method();
else if (strcmp(*argv, "-tls1_1") == 0)
meth = TLSv1_1_client_method();
else if (strcmp(*argv, "-tls1") == 0)
meth = TLSv1_client_method();
-#endif
#ifndef OPENSSL_NO_DTLS1
else if (strcmp(*argv, "-dtls") == 0) {
meth = DTLS_client_method();
diff --git a/apps/s_server.c b/apps/s_server.c
index e07df85..48ac6b3 100644
--- a/apps/s_server.c
+++ b/apps/s_server.c
@@ -1404,7 +1404,6 @@ int MAIN(int argc, char *argv[])
meth = SSLv3_server_method();
}
#endif
-#ifndef OPENSSL_NO_TLS1
else if (strcmp(*argv, "-tls1") == 0) {
meth = TLSv1_server_method();
} else if (strcmp(*argv, "-tls1_1") == 0) {
@@ -1412,7 +1411,6 @@ int MAIN(int argc, char *argv[])
} else if (strcmp(*argv, "-tls1_2") == 0) {
meth = TLSv1_2_server_method();
}
-#endif
#ifndef OPENSSL_NO_DTLS1
else if (strcmp(*argv, "-dtls") == 0) {
meth = DTLS_server_method();
diff --git a/ssl/d1_pkt.c b/ssl/d1_pkt.c
index 598002b..331a50f 100644
--- a/ssl/d1_pkt.c
+++ b/ssl/d1_pkt.c
@@ -1343,13 +1343,11 @@ int dtls1_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek)

switch (rr->type) {
default:
-#ifndef OPENSSL_NO_TLS
/* TLS just ignores unknown message types */
if (s->version == TLS1_VERSION) {
rr->length = 0;
goto start;
}
-#endif
al = SSL_AD_UNEXPECTED_MESSAGE;
SSLerr(SSL_F_DTLS1_READ_BYTES, SSL_R_UNEXPECTED_RECORD);
goto f_err;
diff --git a/ssl/s23_meth.c b/ssl/s23_meth.c
index 05fb4f9..757c5a9 100644
--- a/ssl/s23_meth.c
+++ b/ssl/s23_meth.c
@@ -68,7 +68,6 @@ static const SSL_METHOD *ssl23_get_method(int ver)
return (SSLv3_method());
else
#endif
-#ifndef OPENSSL_NO_TLS1
if (ver == TLS1_VERSION)
return (TLSv1_method());
else if (ver == TLS1_1_VERSION)
@@ -76,7 +75,6 @@ static const SSL_METHOD *ssl23_get_method(int ver)
else if (ver == TLS1_2_VERSION)
return (TLSv1_2_method());
else
-#endif
return (NULL);
}

diff --git a/ssl/s3_pkt.c b/ssl/s3_pkt.c
index 07adf0f..a8fd16c 100644
--- a/ssl/s3_pkt.c
+++ b/ssl/s3_pkt.c
@@ -1649,7 +1649,6 @@ int ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek)

switch (rr->type) {
default:
-#ifndef OPENSSL_NO_TLS
/*
* TLS up to v1.1 just ignores unknown message types: TLS v1.2 give
* an unexpected message alert.
@@ -1658,7 +1657,6 @@ int ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek)
rr->length = 0;
goto start;
}
-#endif
al = SSL_AD_UNEXPECTED_MESSAGE;
SSLerr(SSL_F_SSL3_READ_BYTES, SSL_R_UNEXPECTED_RECORD);
goto f_err;
diff --git a/ssl/ssltest.c b/ssl/ssltest.c
index a49fd86..0b4df3e 100644
--- a/ssl/ssltest.c
+++ b/ssl/ssltest.c
@@ -791,9 +791,7 @@ static void sv_usage(void)
#ifndef OPENSSL_NO_SSL3_METHOD
fprintf(stderr, " -ssl3 - use SSLv3\n");
#endif
-#ifndef OPENSSL_NO_TLS1
fprintf(stderr, " -tls1 - use TLSv1\n");
-#endif
fprintf(stderr, " -CApath arg - PEM format directory of CA's\n");
fprintf(stderr, " -CAfile arg - PEM format file of CA's\n");
fprintf(stderr, " -cert arg - Server certificate file\n");
@@ -1160,9 +1158,7 @@ int main(int argc, char *argv[])
}
#endif
else if (strcmp(*argv, "-tls1") == 0) {
-#ifdef OPENSSL_NO_TLS1
no_protocol = 1;
-#endif
tls1 = 1;
} else if (strcmp(*argv, "-ssl3") == 0) {
#ifdef OPENSSL_NO_SSL3_METHOD
@@ -1436,11 +1432,9 @@ int main(int argc, char *argv[])
meth = SSLv3_method();
else
#endif
-#ifndef OPENSSL_NO_TLS1
if (tls1)
meth = TLSv1_method();
else
-#endif
meth = SSLv23_method();

c_ctx = SSL_CTX_new(meth);
@@ -3204,7 +3198,6 @@ static int do_test_cipherlist(void)
}
fprintf(stderr, "ok\n");
#endif
-#ifndef OPENSSL_NO_TLS1
fprintf(stderr, "testing TLSv1 cipher list order: ");
meth = TLSv1_method();
tci = NULL;
@@ -3217,7 +3210,6 @@ static int do_test_cipherlist(void)
tci = ci;
}
fprintf(stderr, "ok\n");
-#endif

return 1;

Rich Salz

unread,

Jan 27, 2015, 4:45:47 PM1/27/15

to

The branch master has been updated

via 63c574f6a639cfa3f53476080054526e6bfa3bc9 (commit)
from daa48704cc04c61cf8f3e74759a7a3139b6aff01 (commit)

- Log -----------------------------------------------------------------
commit 63c574f6a639cfa3f53476080054526e6bfa3bc9
Author: Rich Salz <rs...@openssl.org>
Date: Tue Jan 27 16:43:53 2015 -0500

OPENSSL_NO_XXX cleanup: OPENSSL_NO_BUF_FREELISTS

Remove OPENSSL_NO_BUF_FREELISTS. This was turned on by default,
so the work here is removing the 'maintain our own freelist' code.
Also removed a minor old Windows-multibyte/widechar conversion flag.

Reviewed-by: Andy Polyakov <ap...@openssl.org>

-----------------------------------------------------------------------

Summary of changes:

crypto/cryptlib.c | 3 --
doc/ssl/SSL_CTX_set_mode.pod | 6 ++--
ssl/s3_both.c | 78 +++---------------------------------------
ssl/ssl.h | 6 ----
ssl/ssl_lib.c | 42 -----------------------
ssl/ssl_locl.h | 12 -------
6 files changed, 6 insertions(+), 141 deletions(-)

diff --git a/crypto/cryptlib.c b/crypto/cryptlib.c
index 6597af6..ce07b84 100644
--- a/crypto/cryptlib.c
+++ b/crypto/cryptlib.c
@@ -365,12 +365,9 @@ void OPENSSL_showfatal(const char *fmta, ...)
fmt = (const TCHAR *)L"no stack?";
break;
}
-# ifndef OPENSSL_NO_MULTIBYTE
if (!MultiByteToWideChar(CP_ACP, 0, fmta, len_0, fmtw, len_0))
-# endif
for (i = 0; i < len_0; i++)
fmtw[i] = (WCHAR)fmta[i];
-
for (i = 0; i < len_0; i++) {
if (fmtw[i] == L'%')
do {
diff --git a/doc/ssl/SSL_CTX_set_mode.pod b/doc/ssl/SSL_CTX_set_mode.pod
index 2a5aaa5..a109f34 100644
--- a/doc/ssl/SSL_CTX_set_mode.pod
+++ b/doc/ssl/SSL_CTX_set_mode.pod
@@ -64,10 +64,8 @@ return after the handshake and successful completion.
=item SSL_MODE_RELEASE_BUFFERS

When we no longer need a read buffer or a write buffer for a given SSL,
-then release the memory we were using to hold it. Released memory is
-either appended to a list of unused RAM chunks on the SSL_CTX, or simply
-freed if the list of unused chunks would become longer than
-SSL_CTX->freelist_max_len, which defaults to 32. Using this flag can
+then release the memory we were using to hold it.
+Using this flag can
save around 34k per idle SSL connection.
This flag has no effect on SSL v2 connections, or on DTLS connections.

diff --git a/ssl/s3_both.c b/ssl/s3_both.c
index 50aa428..de49e64 100644
--- a/ssl/s3_both.c
+++ b/ssl/s3_both.c
@@ -566,76 +566,6 @@ int ssl_verify_alarm_type(long type)
return (al);
}

-#ifndef OPENSSL_NO_BUF_FREELISTS
-/*-
- * On some platforms, malloc() performance is bad enough that you can't just
- * free() and malloc() buffers all the time, so we need to use freelists from
- * unused buffers. Currently, each freelist holds memory chunks of only a
- * given size (list->chunklen); other sized chunks are freed and malloced.
- * This doesn't help much if you're using many different SSL option settings
- * with a given context. (The options affecting buffer size are
- * max_send_fragment, read buffer vs write buffer,
- * SSL_OP_MICROSOFT_BIG_WRITE_BUFFER, SSL_OP_NO_COMPRESSION, and
- * SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS.) Using a separate freelist for every
- * possible size is not an option, since max_send_fragment can take on many
- * different values.
- *
- * If you are on a platform with a slow malloc(), and you're using SSL
- * connections with many different settings for these options, and you need to
- * use the SSL_MOD_RELEASE_BUFFERS feature, you have a few options:
- * - Link against a faster malloc implementation.
- * - Use a separate SSL_CTX for each option set.
- * - Improve this code.
- */
-static void *freelist_extract(SSL_CTX *ctx, int for_read, int sz)
-{
- SSL3_BUF_FREELIST *list;
- SSL3_BUF_FREELIST_ENTRY *ent = NULL;
- void *result = NULL;
-
- CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX);
- list = for_read ? ctx->rbuf_freelist : ctx->wbuf_freelist;
- if (list != NULL && sz == (int)list->chunklen)
- ent = list->head;
- if (ent != NULL) {
- list->head = ent->next;
- result = ent;
- if (--list->len == 0)
- list->chunklen = 0;
- }
- CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX);
- if (!result)
- result = OPENSSL_malloc(sz);
- return result;
-}
-
-static void freelist_insert(SSL_CTX *ctx, int for_read, size_t sz, void *mem)
-{
- SSL3_BUF_FREELIST *list;
- SSL3_BUF_FREELIST_ENTRY *ent;
-
- CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX);
- list = for_read ? ctx->rbuf_freelist : ctx->wbuf_freelist;
- if (list != NULL &&
- (sz == list->chunklen || list->chunklen == 0) &&
- list->len < ctx->freelist_max_len && sz >= sizeof(*ent)) {
- list->chunklen = sz;
- ent = mem;
- ent->next = list->head;
- list->head = ent;
- ++list->len;
- mem = NULL;
- }
-
- CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX);
- if (mem)
- OPENSSL_free(mem);
-}
-#else
-# define freelist_extract(c,fr,sz) OPENSSL_malloc(sz)
-# define freelist_insert(c,fr,sz,m) OPENSSL_free(m)
-#endif
-
int ssl3_setup_read_buffer(SSL *s)
{
unsigned char *p;
@@ -661,7 +591,7 @@ int ssl3_setup_read_buffer(SSL *s)
if (ssl_allow_compression(s))
len += SSL3_RT_MAX_COMPRESSED_OVERHEAD;
#endif
- if ((p = freelist_extract(s->ctx, 1, len)) == NULL)
+ if ((p = OPENSSL_malloc(len)) == NULL)
goto err;
s->s3->rbuf.buf = p;
s->s3->rbuf.len = len;
@@ -699,7 +629,7 @@ int ssl3_setup_write_buffer(SSL *s)
if (!(s->options & SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS))
len += headerlen + align + SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD;

- if ((p = freelist_extract(s->ctx, 0, len)) == NULL)
+ if ((p = OPENSSL_malloc(len)) == NULL)
goto err;
s->s3->wbuf.buf = p;
s->s3->wbuf.len = len;
@@ -724,7 +654,7 @@ int ssl3_setup_buffers(SSL *s)
int ssl3_release_write_buffer(SSL *s)
{
if (s->s3->wbuf.buf != NULL) {
- freelist_insert(s->ctx, 0, s->s3->wbuf.len, s->s3->wbuf.buf);
+ OPENSSL_free(s->s3->wbuf.buf);
s->s3->wbuf.buf = NULL;
}
return 1;
@@ -733,7 +663,7 @@ int ssl3_release_write_buffer(SSL *s)
int ssl3_release_read_buffer(SSL *s)
{
if (s->s3->rbuf.buf != NULL) {
- freelist_insert(s->ctx, 1, s->s3->rbuf.len, s->s3->rbuf.buf);
+ OPENSSL_free(s->s3->rbuf.buf);
s->s3->rbuf.buf = NULL;
}
return 1;
diff --git a/ssl/ssl.h b/ssl/ssl.h
index a0025e6..6809fd6 100644
--- a/ssl/ssl.h
+++ b/ssl/ssl.h
@@ -1083,12 +1083,6 @@ struct ssl_ctx_st {
unsigned int max_psk_len);
# endif

-# ifndef OPENSSL_NO_BUF_FREELISTS
-# define SSL_MAX_BUF_FREELIST_LEN_DEFAULT 32
- unsigned int freelist_max_len;
- struct ssl3_buf_freelist_st *wbuf_freelist;
- struct ssl3_buf_freelist_st *rbuf_freelist;
-# endif
# ifndef OPENSSL_NO_SRP
SRP_CTX srp_ctx; /* ctx for SRP authentication */
# endif
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index d777935..59a871c 100644
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -2008,23 +2008,6 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth)
#ifndef OPENSSL_NO_SRP
SSL_CTX_SRP_CTX_init(ret);
#endif
-#ifndef OPENSSL_NO_BUF_FREELISTS
- ret->freelist_max_len = SSL_MAX_BUF_FREELIST_LEN_DEFAULT;
- ret->rbuf_freelist = OPENSSL_malloc(sizeof(SSL3_BUF_FREELIST));
- if (!ret->rbuf_freelist)
- goto err;
- ret->rbuf_freelist->chunklen = 0;
- ret->rbuf_freelist->len = 0;
- ret->rbuf_freelist->head = NULL;
- ret->wbuf_freelist = OPENSSL_malloc(sizeof(SSL3_BUF_FREELIST));
- if (!ret->wbuf_freelist) {
- OPENSSL_free(ret->rbuf_freelist);
- goto err;
- }
- ret->wbuf_freelist->chunklen = 0;
- ret->wbuf_freelist->len = 0;
- ret->wbuf_freelist->head = NULL;
-#endif
#ifndef OPENSSL_NO_ENGINE
ret->client_cert_engine = NULL;
# ifdef OPENSSL_SSL_CLIENT_ENGINE_AUTO
@@ -2059,25 +2042,6 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth)
return (NULL);
}

-#if 0
-static void SSL_COMP_free(SSL_COMP *comp)
-{
- OPENSSL_free(comp);
-}
-#endif
-
-#ifndef OPENSSL_NO_BUF_FREELISTS
-static void ssl_buf_freelist_free(SSL3_BUF_FREELIST *list)
-{
- SSL3_BUF_FREELIST_ENTRY *ent, *next;
- for (ent = list->head; ent; ent = next) {
- next = ent->next;
- OPENSSL_free(ent);
- }
- OPENSSL_free(list);
-}
-#endif
-
void SSL_CTX_free(SSL_CTX *a)
{
int i;
@@ -2155,12 +2119,6 @@ void SSL_CTX_free(SSL_CTX *a)
ENGINE_finish(a->client_cert_engine);
#endif

-#ifndef OPENSSL_NO_BUF_FREELISTS
- if (a->wbuf_freelist)
- ssl_buf_freelist_free(a->wbuf_freelist);
- if (a->rbuf_freelist)
- ssl_buf_freelist_free(a->rbuf_freelist);
-#endif
#ifndef OPENSSL_NO_TLSEXT
# ifndef OPENSSL_NO_EC
if (a->tlsext_ecpointformatlist)
diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h
index fcf5f8d..f3ce460 100644
--- a/ssl/ssl_locl.h
+++ b/ssl/ssl_locl.h
@@ -833,18 +833,6 @@ typedef struct ssl3_comp_st {
} SSL3_COMP;
# endif

-# ifndef OPENSSL_NO_BUF_FREELISTS
-typedef struct ssl3_buf_freelist_st {
- size_t chunklen;
- unsigned int len;
- struct ssl3_buf_freelist_entry_st *head;
-} SSL3_BUF_FREELIST;
-
-typedef struct ssl3_buf_freelist_entry_st {
- struct ssl3_buf_freelist_entry_st *next;
-} SSL3_BUF_FREELIST_ENTRY;
-# endif
-
extern SSL3_ENC_METHOD ssl3_undef_enc_method;
OPENSSL_EXTERN const SSL_CIPHER ssl3_ciphers[];

Rich Salz

unread,

Jan 27, 2015, 5:46:03 PM1/27/15

to

The branch master has been updated

via 1a5adcfb5edfe23908b350f8757df405b0f5f71f (commit)
from 63c574f6a639cfa3f53476080054526e6bfa3bc9 (commit)

- Log -----------------------------------------------------------------
commit 1a5adcfb5edfe23908b350f8757df405b0f5f71f
Author: Rich Salz <rs...@openssl.org>
Date: Tue Jan 27 17:44:12 2015 -0500

"#if 0" removal: header files

Remove all "#if 0" blocks from header files.

Reviewed-by: Tim Hudson <t...@openssl.org>

-----------------------------------------------------------------------

Summary of changes:

crypto/aes/aes.h | 7 -------
crypto/asn1/asn1.h | 3 ---
crypto/bn/bn.h | 11 -----------
crypto/conf/conf.h | 11 +----------
crypto/crypto.h | 14 --------------
crypto/des/des.h | 5 -----
crypto/des/des_old.h | 18 ------------------
crypto/dso/dso.h | 7 -------
crypto/evp/evp.h | 11 -----------
crypto/symhacks.h | 27 ---------------------------
crypto/x509/x509_vfy.h | 10 ----------
ssl/dtls1.h | 5 -----
ssl/ssl.h | 17 -----------------
ssl/ssl3.h | 18 ------------------
14 files changed, 1 insertion(+), 163 deletions(-)

diff --git a/crypto/aes/aes.h b/crypto/aes/aes.h
index 18fd527..20e7b8e 100644
--- a/crypto/aes/aes.h
+++ b/crypto/aes/aes.h
@@ -114,13 +114,6 @@ void AES_cfb8_encrypt(const unsigned char *in, unsigned char *out,
void AES_ofb128_encrypt(const unsigned char *in, unsigned char *out,
size_t length, const AES_KEY *key,
unsigned char *ivec, int *num);
-# if 0
-void AES_ctr128_encrypt(const unsigned char *in, unsigned char *out,
- size_t length, const AES_KEY *key,
- unsigned char ivec[AES_BLOCK_SIZE],
- unsigned char ecount_buf[AES_BLOCK_SIZE],
- unsigned int *num);
-# endif
/* NB: the IV is _two_ blocks long */
void AES_ige_encrypt(const unsigned char *in, unsigned char *out,
size_t length, const AES_KEY *key,
diff --git a/crypto/asn1/asn1.h b/crypto/asn1/asn1.h
index e3fea15..104056e 100644
--- a/crypto/asn1/asn1.h
+++ b/crypto/asn1/asn1.h
@@ -851,9 +851,6 @@ ASN1_UTCTIME *ASN1_UTCTIME_adj(ASN1_UTCTIME *s, time_t t,
int offset_day, long offset_sec);
int ASN1_UTCTIME_set_string(ASN1_UTCTIME *s, const char *str);
int ASN1_UTCTIME_cmp_time_t(const ASN1_UTCTIME *s, time_t t);
-# if 0
-time_t ASN1_UTCTIME_get(const ASN1_UTCTIME *s);
-# endif

int ASN1_GENERALIZEDTIME_check(const ASN1_GENERALIZEDTIME *a);
ASN1_GENERALIZEDTIME *ASN1_GENERALIZEDTIME_set(ASN1_GENERALIZEDTIME *s,
diff --git a/crypto/bn/bn.h b/crypto/bn/bn.h
index ae44e65..f137605 100644
--- a/crypto/bn/bn.h
+++ b/crypto/bn/bn.h
@@ -292,17 +292,6 @@ int BN_get_flags(const BIGNUM *b, int n);
*/
void BN_with_flags(BIGNUM *dest, const BIGNUM *b, int n);

-/* Already declared in ossl_typ.h */
-# if 0
-typedef struct bignum_st BIGNUM;
-/* Used for temp variables (declaration hidden in bn_lcl.h) */
-typedef struct bignum_ctx BN_CTX;
-typedef struct bn_blinding_st BN_BLINDING;
-typedef struct bn_mont_ctx_st BN_MONT_CTX;
-typedef struct bn_recp_ctx_st BN_RECP_CTX;
-typedef struct bn_gencb_st BN_GENCB;
-# endif
-
/* Wrapper function to make using BN_GENCB easier, */
int BN_GENCB_call(BN_GENCB *cb, int a, int b);

diff --git a/crypto/conf/conf.h b/crypto/conf/conf.h
index 54edfdd..06c7601 100644
--- a/crypto/conf/conf.h
+++ b/crypto/conf/conf.h
@@ -153,10 +153,6 @@ struct conf_st {
CONF *NCONF_new(CONF_METHOD *meth);
CONF_METHOD *NCONF_default(void);
CONF_METHOD *NCONF_WIN32(void);
-# if 0 /* Just to give you an idea of what I have in
- * mind */
-CONF_METHOD *NCONF_XML(void);
-# endif
void NCONF_free(CONF *conf);
void NCONF_free_data(CONF *conf);

@@ -173,12 +169,7 @@ int NCONF_get_number_e(const CONF *conf, const char *group, const char *name,
int NCONF_dump_fp(const CONF *conf, FILE *out);
int NCONF_dump_bio(const CONF *conf, BIO *out);

-# if 0 /* The following function has no error
- * checking, and should therefore be avoided */
-long NCONF_get_number(CONF *conf, char *group, char *name);
-# else
-# define NCONF_get_number(c,g,n,r) NCONF_get_number_e(c,g,n,r)
-# endif
+#define NCONF_get_number(c,g,n,r) NCONF_get_number_e(c,g,n,r)

/* Module functions */

diff --git a/crypto/crypto.h b/crypto/crypto.h
index 167f375..9762398 100644
--- a/crypto/crypto.h
+++ b/crypto/crypto.h
@@ -158,20 +158,6 @@ extern "C" {
# define SSLEAY_PLATFORM 4
# define SSLEAY_DIR 5

-/* Already declared in ossl_typ.h */
-# if 0
-typedef struct crypto_ex_data_st CRYPTO_EX_DATA;
-/* Called when a new object is created */
-typedef int CRYPTO_EX_new (void *parent, void *ptr, CRYPTO_EX_DATA *ad,
- int idx, long argl, void *argp);
-/* Called when an object is free()ed */
-typedef void CRYPTO_EX_free (void *parent, void *ptr, CRYPTO_EX_DATA *ad,
- int idx, long argl, void *argp);
-/* Called when we need to dup an object */
-typedef int CRYPTO_EX_dup (CRYPTO_EX_DATA *to, CRYPTO_EX_DATA *from,
- void *from_d, int idx, long argl, void *argp);
-# endif
-
/* A generic structure to pass assorted data in a expandable way */
typedef struct openssl_item_st {
int code;
diff --git a/crypto/des/des.h b/crypto/des/des.h
index 0accc9b..589b73b 100644
--- a/crypto/des/des.h
+++ b/crypto/des/des.h
@@ -194,11 +194,6 @@ void DES_ede3_ofb64_encrypt(const unsigned char *in, unsigned char *out,

long length, DES_key_schedule *ks1,
DES_key_schedule *ks2, DES_key_schedule *ks3,

DES_cblock *ivec, int *num);
-# if 0
-void DES_xwhite_in2out(const_DES_cblock *DES_key, const_DES_cblock *in_white,
- DES_cblock *out_white);
-# endif
-
int DES_enc_read(int fd, void *buf, int len, DES_key_schedule *sched,
DES_cblock *iv);
int DES_enc_write(int fd, const void *buf, int len, DES_key_schedule *sched,
diff --git a/crypto/des/des_old.h b/crypto/des/des_old.h
index baa4b7d..998ac09 100644
--- a/crypto/des/des_old.h
+++ b/crypto/des/des_old.h
@@ -175,14 +175,6 @@ typedef struct _ossl_old_des_ks_struct {
DES_enc_write((f),(b),(l),&(k),(iv))
# define des_fcrypt(b,s,r)\
DES_fcrypt((b),(s),(r))
-# if 0
-# define des_crypt(b,s)\
- DES_crypt((b),(s))
-# if !defined(PERL5) && !defined(__FreeBSD__) && !defined(__OpenBSD__)
-# define crypt(b,s)\
- DES_crypt((b),(s))
-# endif
-# endif
# define des_ofb_encrypt(i,o,n,l,k,iv)\
DES_ofb_encrypt((i),(o),(n),(l),&(k),(iv))
# define des_pcbc_encrypt(i,o,l,k,iv,e)\
@@ -281,10 +273,6 @@ typedef struct _ossl_old_des_ks_struct {
_ossl_old_des_fcrypt((b),(s),(r))
# define des_crypt(b,s)\
_ossl_old_des_crypt((b),(s))
-# if 0
-# define crypt(b,s)\
- _ossl_old_crypt((b),(s))
-# endif
# define des_ofb_encrypt(i,o,n,l,k,iv)\
_ossl_old_des_ofb_encrypt((i),(o),(n),(l),(k),(iv))
# define des_pcbc_encrypt(i,o,l,k,iv,e)\
@@ -392,12 +380,6 @@ void _ossl_old_des_ede3_ofb64_encrypt(unsigned char *in, unsigned char *out,
_ossl_old_des_key_schedule ks2,
_ossl_old_des_key_schedule ks3,
_ossl_old_des_cblock *ivec, int *num);
-# if 0
-void _ossl_old_des_xwhite_in2out(_ossl_old_des_cblock (*des_key),
- _ossl_old_des_cblock (*in_white),
- _ossl_old_des_cblock (*out_white));
-# endif
-
int _ossl_old_des_enc_read(int fd, char *buf, int len,
_ossl_old_des_key_schedule sched,
_ossl_old_des_cblock *iv);
diff --git a/crypto/dso/dso.h b/crypto/dso/dso.h
index f6a1b67..12c16b6 100644
--- a/crypto/dso/dso.h
+++ b/crypto/dso/dso.h
@@ -157,13 +157,6 @@ typedef struct dso_meth_st {
* libraries at all, let alone a DSO_METHOD implemented for them.
*/
DSO_FUNC_TYPE (*dso_bind_func) (DSO *dso, const char *symname);
-/* I don't think this would actually be used in any circumstances. */
-# if 0
- /* Unbinds a variable */
- int (*dso_unbind_var) (DSO *dso, char *symname, void *symptr);
- /* Unbinds a function */
- int (*dso_unbind_func) (DSO *dso, char *symname, DSO_FUNC_TYPE symptr);
-# endif
/*
* The generic (yuck) "ctrl()" function. NB: Negative return values
* (rather than zero) indicate errors.
diff --git a/crypto/evp/evp.h b/crypto/evp/evp.h
index ca7447f..74f6217 100644
--- a/crypto/evp/evp.h
+++ b/crypto/evp/evp.h
@@ -788,10 +788,6 @@ const EVP_CIPHER *EVP_des_cfb1(void);
const EVP_CIPHER *EVP_des_cfb8(void);
const EVP_CIPHER *EVP_des_ede_cfb64(void);
# define EVP_des_ede_cfb EVP_des_ede_cfb64
-# if 0
-const EVP_CIPHER *EVP_des_ede_cfb1(void);
-const EVP_CIPHER *EVP_des_ede_cfb8(void);
-# endif
const EVP_CIPHER *EVP_des_ede3_cfb64(void);
# define EVP_des_ede3_cfb EVP_des_ede3_cfb64
const EVP_CIPHER *EVP_des_ede3_cfb1(void);
@@ -809,13 +805,6 @@ const EVP_CIPHER *EVP_des_ede3_wrap(void);
* are rc4 and md5 declarations made here inside a "NO_DES" precompiler
* branch?
*/
-# if 0
-# ifdef OPENSSL_OPENBSD_DEV_CRYPTO
-const EVP_CIPHER *EVP_dev_crypto_des_ede3_cbc(void);
-const EVP_CIPHER *EVP_dev_crypto_rc4(void);
-const EVP_MD *EVP_dev_crypto_md5(void);
-# endif
-# endif
# endif
# ifndef OPENSSL_NO_RC4
const EVP_CIPHER *EVP_rc4(void);
diff --git a/crypto/symhacks.h b/crypto/symhacks.h
index 6348fb4..56922c9 100644
--- a/crypto/symhacks.h
+++ b/crypto/symhacks.h
@@ -81,33 +81,6 @@
# undef ASN1_STRING_set_default_mask_asc
# define ASN1_STRING_set_default_mask_asc ASN1_STRING_set_def_mask_asc

-# if 0 /* No longer needed, since safestack macro
- * magic does the job */
-/* Hack the names created with DECLARE_ASN1_SET_OF(PKCS7_SIGNER_INFO) */
-# undef i2d_ASN1_SET_OF_PKCS7_SIGNER_INFO
-# define i2d_ASN1_SET_OF_PKCS7_SIGNER_INFO i2d_ASN1_SET_OF_PKCS7_SIGINF
-# undef d2i_ASN1_SET_OF_PKCS7_SIGNER_INFO
-# define d2i_ASN1_SET_OF_PKCS7_SIGNER_INFO d2i_ASN1_SET_OF_PKCS7_SIGINF
-# endif
-
-# if 0 /* No longer needed, since safestack macro
- * magic does the job */
-/* Hack the names created with DECLARE_ASN1_SET_OF(PKCS7_RECIP_INFO) */
-# undef i2d_ASN1_SET_OF_PKCS7_RECIP_INFO
-# define i2d_ASN1_SET_OF_PKCS7_RECIP_INFO i2d_ASN1_SET_OF_PKCS7_RECINF
-# undef d2i_ASN1_SET_OF_PKCS7_RECIP_INFO
-# define d2i_ASN1_SET_OF_PKCS7_RECIP_INFO d2i_ASN1_SET_OF_PKCS7_RECINF
-# endif
-
-# if 0 /* No longer needed, since safestack macro
- * magic does the job */
-/* Hack the names created with DECLARE_ASN1_SET_OF(ACCESS_DESCRIPTION) */
-# undef i2d_ASN1_SET_OF_ACCESS_DESCRIPTION
-# define i2d_ASN1_SET_OF_ACCESS_DESCRIPTION i2d_ASN1_SET_OF_ACC_DESC
-# undef d2i_ASN1_SET_OF_ACCESS_DESCRIPTION
-# define d2i_ASN1_SET_OF_ACCESS_DESCRIPTION d2i_ASN1_SET_OF_ACC_DESC
-# endif
-
/* Hack the names created with DECLARE_PEM_rw(NETSCAPE_CERT_SEQUENCE) */
# undef PEM_read_NETSCAPE_CERT_SEQUENCE
# define PEM_read_NETSCAPE_CERT_SEQUENCE PEM_read_NS_CERT_SEQ
diff --git a/crypto/x509/x509_vfy.h b/crypto/x509/x509_vfy.h
index 959af30..03e43e5 100644
--- a/crypto/x509/x509_vfy.h
+++ b/crypto/x509/x509_vfy.h
@@ -77,16 +77,6 @@
extern "C" {
#endif

-# if 0
-/* Outer object */
-typedef struct x509_hash_dir_st {
- int num_dirs;
- char **dirs;
- int *dirs_type;
- int num_dirs_alloced;
-} X509_HASH_DIR_CTX;
-# endif
-
typedef struct x509_file_st {
int num_paths; /* number of paths to files or directories */
int num_alloced;
diff --git a/ssl/dtls1.h b/ssl/dtls1.h
index 4af7e4a..e2be78d 100644
--- a/ssl/dtls1.h
+++ b/ssl/dtls1.h
@@ -92,11 +92,6 @@ extern "C" {
/* Special value for method supporting multiple versions */
# define DTLS_ANY_VERSION 0x1FFFF

-# if 0
-/* this alert description is not specified anywhere... */
-# define DTLS1_AD_MISSING_HANDSHAKE_MESSAGE 110
-# endif
-
/* lengths of messages */
# define DTLS1_COOKIE_LENGTH 256

diff --git a/ssl/ssl.h b/ssl/ssl.h
index 6809fd6..86f2387 100644
--- a/ssl/ssl.h
+++ b/ssl/ssl.h
@@ -1026,11 +1026,6 @@ struct ssl_ctx_st {

X509_VERIFY_PARAM *param;

-# if 0
- int purpose; /* Purpose setting */
- int trust; /* Trust setting */
-# endif
-
int quiet_shutdown;

/*
@@ -1464,10 +1459,6 @@ struct ssl_st {
void *msg_callback_arg;
int hit; /* reusing a previous session */
X509_VERIFY_PARAM *param;
-# if 0
- int purpose; /* Purpose setting */
- int trust; /* Trust setting */
-# endif
/* crypto */
STACK_OF(SSL_CIPHER) *cipher_list;
STACK_OF(SSL_CIPHER) *cipher_list_by_id;
@@ -1747,14 +1738,6 @@ size_t SSL_get_peer_finished(const SSL *s, void *buf, size_t count);
# define OpenSSL_add_ssl_algorithms() SSL_library_init()
# define SSLeay_add_ssl_algorithms() SSL_library_init()

-/* this is for backward compatibility */
-# if 0 /* NEW_SSLEAY */
-# define SSL_CTX_set_default_verify(a,b,c) SSL_CTX_set_verify(a,b,c)
-# define SSL_set_pref_cipher(c,n) SSL_set_cipher_list(c,n)
-# define SSL_add_session(a,b) SSL_CTX_add_session((a),(b))
-# define SSL_remove_session(a,b) SSL_CTX_remove_session((a),(b))
-# define SSL_flush_sessions(a,b) SSL_CTX_flush_sessions((a),(b))
-# endif
/* More backward compatibility */
# define SSL_get_cipher(s) \
SSL_CIPHER_get_name(SSL_get_current_cipher(s))
diff --git a/ssl/ssl3.h b/ssl/ssl3.h
index beaa04d..6c7c439 100644
--- a/ssl/ssl3.h
+++ b/ssl/ssl3.h
@@ -177,18 +177,6 @@ extern "C" {
# define SSL3_CK_ADH_DES_64_CBC_SHA 0x0300001A
# define SSL3_CK_ADH_DES_192_CBC_SHA 0x0300001B

-# if 0
-# define SSL3_CK_FZA_DMS_NULL_SHA 0x0300001C
-# define SSL3_CK_FZA_DMS_FZA_SHA 0x0300001D
-# if 0 /* Because it clashes with KRB5, is never
- * used any more, and is safe to remove
- * according to David Hopwood
- * <david....@zetnet.co.uk> of the
- * ietf-tls list */
-# define SSL3_CK_FZA_DMS_RC4_SHA 0x0300001E

-# endif
-# endif
-

/*
* VRS Additional Kerberos5 entries
*/
@@ -251,12 +239,6 @@ extern "C" {
# define SSL3_TXT_ADH_DES_64_CBC_SHA "ADH-DES-CBC-SHA"
# define SSL3_TXT_ADH_DES_192_CBC_SHA "ADH-DES-CBC3-SHA"

-# if 0
-# define SSL3_TXT_FZA_DMS_NULL_SHA "FZA-NULL-SHA"
-# define SSL3_TXT_FZA_DMS_FZA_SHA "FZA-FZA-CBC-SHA"
-# define SSL3_TXT_FZA_DMS_RC4_SHA "FZA-RC4-SHA"
-# endif
-
# define SSL3_TXT_KRB5_DES_64_CBC_SHA "KRB5-DES-CBC-SHA"
# define SSL3_TXT_KRB5_DES_192_CBC3_SHA "KRB5-DES-CBC3-SHA"
# define SSL3_TXT_KRB5_RC4_128_SHA "KRB5-RC4-SHA"

Rich Salz

unread,

Jan 27, 2015, 9:01:52 PM1/27/15

to

The branch master has been updated

via 646e8c1d6b30a2ed080ce5b968b49d234b42644f (commit)
from 1a5adcfb5edfe23908b350f8757df405b0f5f71f (commit)

- Log -----------------------------------------------------------------
commit 646e8c1d6b30a2ed080ce5b968b49d234b42644f
Author: Rich Salz <rs...@openssl.org>
Date: Tue Jan 27 21:00:03 2015 -0500

Dead code removal: Fortezza identifiers

Not interested in helping the NSA in the slightest.
And anyway, it was never implemented, #if'd out.

Reviewed-by: Richard Levitte <lev...@openssl.org>

-----------------------------------------------------------------------

Summary of changes:

doc/apps/ciphers.pod | 5 -----
ssl/s3_lib.c | 51 --------------------------------------------------
ssl/ssl.h | 5 -----
3 files changed, 61 deletions(-)

diff --git a/doc/apps/ciphers.pod b/doc/apps/ciphers.pod
index 5f8dac4..6d39c54 100644
--- a/doc/apps/ciphers.pod
+++ b/doc/apps/ciphers.pod
@@ -246,11 +246,6 @@ carry ECDH keys.
cipher suites using ECDSA authentication, i.e. the certificates carry ECDSA
keys.

-=item B<kFZA>, B<aFZA>, B<eFZA>, B<FZA>
-
-ciphers suites using FORTEZZA key exchange, authentication, encryption or all
-FORTEZZA algorithms. Not implemented.
-
=item B<TLSv1.2>, B<TLSv1>, B<SSLv3>

TLS v1.2, TLS v1.0 or SSL v3.0 cipher suites respectively. Note:
diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
index 508cf89..3a1377a 100644
--- a/ssl/s3_lib.c
+++ b/ssl/s3_lib.c
@@ -601,57 +601,6 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = {
168,
},

-/* Fortezza ciphersuite from SSL 3.0 spec */
-#if 0
-/* Cipher 1C */
- {
- 0,
- SSL3_TXT_FZA_DMS_NULL_SHA,
- SSL3_CK_FZA_DMS_NULL_SHA,
- SSL_kFZA,
- SSL_aFZA,
- SSL_eNULL,
- SSL_SHA1,
- SSL_SSLV3,
- SSL_NOT_EXP | SSL_STRONG_NONE,
- SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
- 0,
- 0,
- },
-
-/* Cipher 1D */
- {
- 0,
- SSL3_TXT_FZA_DMS_FZA_SHA,
- SSL3_CK_FZA_DMS_FZA_SHA,
- SSL_kFZA,
- SSL_aFZA,
- SSL_eFZA,
- SSL_SHA1,
- SSL_SSLV3,
- SSL_NOT_EXP | SSL_STRONG_NONE,
- SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
- 0,
- 0,
- },
-
-/* Cipher 1E */
- {
- 0,
- SSL3_TXT_FZA_DMS_RC4_SHA,
- SSL3_CK_FZA_DMS_RC4_SHA,
- SSL_kFZA,
- SSL_aFZA,
- SSL_RC4,
- SSL_SHA1,
- SSL_SSLV3,
- SSL_NOT_EXP | SSL_MEDIUM,
- SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
- 128,
- 128,
- },
-#endif
-
#ifndef OPENSSL_NO_KRB5
/* The Kerberos ciphers*/
/* Cipher 1E */
diff --git a/ssl/ssl.h b/ssl/ssl.h
index 86f2387..5622860 100644
--- a/ssl/ssl.h
+++ b/ssl/ssl.h
@@ -218,11 +218,6 @@ extern "C" {
# define SSL_TXT_HIGH "HIGH"
# define SSL_TXT_FIPS "FIPS"

-# define SSL_TXT_kFZA "kFZA"/* unused! */
-# define SSL_TXT_aFZA "aFZA"/* unused! */
-# define SSL_TXT_eFZA "eFZA"/* unused! */
-# define SSL_TXT_FZA "FZA"/* unused! */
-
# define SSL_TXT_aNULL "aNULL"
# define SSL_TXT_eNULL "eNULL"
# define SSL_TXT_NULL "NULL"

Matt Caswell

unread,

Jan 28, 2015, 5:45:45 AM1/28/15

to

The branch master has been updated

via dc0e9a35fa89c262833d6b498108acc58a70bdcb (commit)
via 488ede07bd9d2a2d3f63851eb28204c9ee998cf9 (commit)
via e640fa02005422c8783b7a452329e8a5059be0b5 (commit)
via d57d135c33938dfdac441c98b2c40183a8cb66b0 (commit)
from 646e8c1d6b30a2ed080ce5b968b49d234b42644f (commit)

- Log -----------------------------------------------------------------
commit dc0e9a35fa89c262833d6b498108acc58a70bdcb
Author: Matt Caswell <ma...@openssl.org>
Date: Mon Dec 8 14:19:26 2014 +0000

Fix no-ocb for Windows

Reviewed-by: Tim Hudson <t...@openssl.org>

commit 488ede07bd9d2a2d3f63851eb28204c9ee998cf9
Author: Matt Caswell <ma...@openssl.org>
Date: Tue Jan 27 14:10:16 2015 +0000

Rationalise testing of AEAD modes

Reviewed-by: Tim Hudson <t...@openssl.org>

commit e640fa02005422c8783b7a452329e8a5059be0b5
Author: Matt Caswell <ma...@openssl.org>
Date: Tue Jan 27 14:05:07 2015 +0000

Harmonise use of EVP_CTRL_GET_TAG/EVP_CTRL_SET_TAG/EVP_CTRL_SET_IVLEN

Reviewed-by: Tim Hudson <t...@openssl.org>

commit d57d135c33938dfdac441c98b2c40183a8cb66b0
Author: Matt Caswell <ma...@openssl.org>
Date: Tue Jan 27 14:00:50 2015 +0000

Replace EVP_CTRL_OCB_SET_TAGLEN with EVP_CTRL_SET_TAG for consistency with
CCM

Reviewed-by: Tim Hudson <t...@openssl.org>

-----------------------------------------------------------------------

Summary of changes:

crypto/evp/e_aes.c | 32 ++++++++++++------------
crypto/evp/evp.h | 20 +++++++--------
crypto/evp/evp_test.c | 53 +++++++++++-----------------------------
demos/evp/aesccm.c | 12 +++++----
demos/evp/aesgcm.c | 15 +++++++-----
doc/crypto/EVP_EncryptInit.pod | 27 +++++++++-----------
util/libeay.num | 26 ++++++++++----------
util/mk1mf.pl | 1 +
util/mkdef.pl | 8 ++++--
9 files changed, 87 insertions(+), 107 deletions(-)

diff --git a/crypto/evp/e_aes.c b/crypto/evp/e_aes.c
index 8b31388..15b233c 100644
--- a/crypto/evp/e_aes.c
+++ b/crypto/evp/e_aes.c
@@ -1271,7 +1271,7 @@ static int aes_gcm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
gctx->tls_aad_len = -1;
return 1;

- case EVP_CTRL_GCM_SET_IVLEN:
+ case EVP_CTRL_AEAD_SET_IVLEN:
if (arg <= 0)
return 0;
/* Allocate memory for IV if needed */
@@ -1285,14 +1285,14 @@ static int aes_gcm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
gctx->ivlen = arg;
return 1;

- case EVP_CTRL_GCM_SET_TAG:
+ case EVP_CTRL_AEAD_SET_TAG:
if (arg <= 0 || arg > 16 || c->encrypt)
return 0;
memcpy(c->buf, ptr, arg);
gctx->taglen = arg;
return 1;

- case EVP_CTRL_GCM_GET_TAG:
+ case EVP_CTRL_AEAD_GET_TAG:
if (arg <= 0 || arg > 16 || !c->encrypt || gctx->taglen < 0)
return 0;
memcpy(ptr, c->buf, arg);
@@ -1870,7 +1870,7 @@ static int aes_ccm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
cctx->len_set = 0;
return 1;

- case EVP_CTRL_CCM_SET_IVLEN:
+ case EVP_CTRL_AEAD_SET_IVLEN:
arg = 15 - arg;
case EVP_CTRL_CCM_SET_L:
if (arg < 2 || arg > 8)
@@ -1878,7 +1878,7 @@ static int aes_ccm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
cctx->L = arg;
return 1;

- case EVP_CTRL_CCM_SET_TAG:
+ case EVP_CTRL_AEAD_SET_TAG:
if ((arg & 1) || arg < 4 || arg > 16)
return 0;
if ((c->encrypt && ptr) || (!c->encrypt && !ptr))
@@ -1890,7 +1890,7 @@ static int aes_ccm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
cctx->M = arg;
return 1;

- case EVP_CTRL_CCM_GET_TAG:
+ case EVP_CTRL_AEAD_GET_TAG:
if (!c->encrypt || !cctx->tag_set)
return 0;
if (!CRYPTO_ccm128_tag(&cctx->ccm, ptr, (size_t)arg))
@@ -2217,7 +2217,7 @@ static int aes_ocb_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
octx->aad_buf_len = 0;
return 1;

- case EVP_CTRL_SET_IVLEN:
+ case EVP_CTRL_AEAD_SET_IVLEN:
/* IV len must be 1 to 15 */
if (arg <= 0 || arg > 15)
return 0;
@@ -2225,21 +2225,21 @@ static int aes_ocb_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
octx->ivlen = arg;
return 1;

- case EVP_CTRL_OCB_SET_TAGLEN:
- /* Tag len must be 0 to 16 */
- if (arg < 0 || arg > 16)
- return 0;
-
- octx->taglen = arg;
- return 1;
+ case EVP_CTRL_AEAD_SET_TAG:
+ if (!ptr) {
+ /* Tag len must be 0 to 16 */
+ if (arg < 0 || arg > 16)
+ return 0;

- case EVP_CTRL_SET_TAG:
+ octx->taglen = arg;
+ return 1;
+ }
if (arg != octx->taglen || c->encrypt)
return 0;
memcpy(octx->tag, ptr, arg);
return 1;

- case EVP_CTRL_GET_TAG:
+ case EVP_CTRL_AEAD_GET_TAG:
if (arg != octx->taglen || !c->encrypt)
return 0;

diff --git a/crypto/evp/evp.h b/crypto/evp/evp.h
index 74f6217..ff6665d 100644
--- a/crypto/evp/evp.h
+++ b/crypto/evp/evp.h
@@ -397,14 +397,17 @@ struct evp_cipher_st {
# define EVP_CTRL_RAND_KEY 0x6
# define EVP_CTRL_PBE_PRF_NID 0x7
# define EVP_CTRL_COPY 0x8
-# define EVP_CTRL_GCM_SET_IVLEN 0x9
-# define EVP_CTRL_GCM_GET_TAG 0x10
-# define EVP_CTRL_GCM_SET_TAG 0x11
+# define EVP_CTRL_AEAD_SET_IVLEN 0x9
+# define EVP_CTRL_AEAD_GET_TAG 0x10
+# define EVP_CTRL_AEAD_SET_TAG 0x11
+# define EVP_CTRL_GCM_SET_IVLEN EVP_CTRL_AEAD_SET_IVLEN
+# define EVP_CTRL_GCM_GET_TAG EVP_CTRL_AEAD_GET_TAG
+# define EVP_CTRL_GCM_SET_TAG EVP_CTRL_AEAD_SET_TAG
# define EVP_CTRL_GCM_SET_IV_FIXED 0x12
# define EVP_CTRL_GCM_IV_GEN 0x13
-# define EVP_CTRL_CCM_SET_IVLEN EVP_CTRL_GCM_SET_IVLEN
-# define EVP_CTRL_CCM_GET_TAG EVP_CTRL_GCM_GET_TAG
-# define EVP_CTRL_CCM_SET_TAG EVP_CTRL_GCM_SET_TAG
+# define EVP_CTRL_CCM_SET_IVLEN EVP_CTRL_AEAD_SET_IVLEN
+# define EVP_CTRL_CCM_GET_TAG EVP_CTRL_AEAD_GET_TAG
+# define EVP_CTRL_CCM_SET_TAG EVP_CTRL_AEAD_SET_TAG
# define EVP_CTRL_CCM_SET_L 0x14
# define EVP_CTRL_CCM_SET_MSGLEN 0x15
/*
@@ -430,11 +433,6 @@ typedef struct {
unsigned int interleave;
} EVP_CTRL_TLS1_1_MULTIBLOCK_PARAM;

-# define EVP_CTRL_SET_IVLEN EVP_CTRL_GCM_SET_IVLEN
-# define EVP_CTRL_GET_TAG EVP_CTRL_GCM_GET_TAG
-# define EVP_CTRL_SET_TAG EVP_CTRL_GCM_SET_TAG
-# define EVP_CTRL_OCB_SET_TAGLEN 0x1c
-
/* GCM TLS constants */
/* Length of fixed part of IV derived from PRF */
# define EVP_GCM_TLS_FIXED_IV_LEN 4
diff --git a/crypto/evp/evp_test.c b/crypto/evp/evp_test.c
index dde9e16..597b9fe 100644
--- a/crypto/evp/evp_test.c
+++ b/crypto/evp/evp_test.c
@@ -173,20 +173,20 @@ static void test1(const EVP_CIPHER *c, const unsigned char *key, int kn,
ctx = EVP_CIPHER_CTX_new();
EVP_CIPHER_CTX_set_flags(ctx, EVP_CIPHER_CTX_FLAG_WRAP_ALLOW);
if (encdec != 0) {
- if ((mode == EVP_CIPH_GCM_MODE) || (mode == EVP_CIPH_OCB_MODE)) {
+ if ((mode == EVP_CIPH_GCM_MODE) || (mode == EVP_CIPH_OCB_MODE)
+ || (mode == EVP_CIPH_CCM_MODE)) {
if (!EVP_EncryptInit_ex(ctx, c, NULL, NULL, NULL)) {
fprintf(stderr, "EncryptInit failed\n");
ERR_print_errors_fp(stderr);
test1_exit(10);
}
- if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_SET_IVLEN, in, NULL)) {
+ if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN, in, NULL)) {
fprintf(stderr, "IV length set failed\n");
ERR_print_errors_fp(stderr);
test1_exit(11);
}
- if ((mode == EVP_CIPH_OCB_MODE) &&
- !EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_OCB_SET_TAGLEN, tn, NULL))
- {
+ if ((mode != EVP_CIPH_GCM_MODE) &&
+ !EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, tn, NULL)) {
fprintf(stderr, "Tag length set failed\n");
ERR_print_errors_fp(stderr);
test1_exit(15);
@@ -196,33 +196,8 @@ static void test1(const EVP_CIPHER *c, const unsigned char *key, int kn,
ERR_print_errors_fp(stderr);
test1_exit(12);
}
- if (an && !EVP_EncryptUpdate(ctx, NULL, &outl, aad, an)) {
- fprintf(stderr, "AAD set failed\n");
- ERR_print_errors_fp(stderr);
- test1_exit(13);
- }
- } else if (mode == EVP_CIPH_CCM_MODE) {
- if (!EVP_EncryptInit_ex(ctx, c, NULL, NULL, NULL)) {
- fprintf(stderr, "EncryptInit failed\n");
- ERR_print_errors_fp(stderr);
- test1_exit(10);
- }
- if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_CCM_SET_IVLEN, in, NULL)) {
- fprintf(stderr, "IV length set failed\n");
- ERR_print_errors_fp(stderr);
- test1_exit(11);
- }
- if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_CCM_SET_TAG, tn, NULL)) {
- fprintf(stderr, "Tag length set failed\n");
- ERR_print_errors_fp(stderr);
- test1_exit(11);
- }
- if (!EVP_EncryptInit_ex(ctx, NULL, NULL, key, iv)) {
- fprintf(stderr, "Key/IV set failed\n");
- ERR_print_errors_fp(stderr);
- test1_exit(12);
- }
- if (!EVP_EncryptUpdate(ctx, NULL, &outl, NULL, pn)) {
+ if ((mode == EVP_CIPH_CCM_MODE) &&
+ !EVP_EncryptUpdate(ctx, NULL, &outl, NULL, pn)) {
fprintf(stderr, "Plaintext length set failed\n");
ERR_print_errors_fp(stderr);
test1_exit(12);
@@ -274,7 +249,7 @@ static void test1(const EVP_CIPHER *c, const unsigned char *key, int kn,
|| (mode == EVP_CIPH_CCM_MODE)) {
unsigned char rtag[16];

- if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GET_TAG, tn, rtag)) {
+ if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, tn, rtag)) {
fprintf(stderr, "Get tag failed\n");
ERR_print_errors_fp(stderr);
test1_exit(14);
@@ -295,14 +270,13 @@ static void test1(const EVP_CIPHER *c, const unsigned char *key, int kn,
ERR_print_errors_fp(stderr);
test1_exit(10);
}
- if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_SET_IVLEN, in, NULL)) {
+ if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN, in, NULL)) {
fprintf(stderr, "IV length set failed\n");
ERR_print_errors_fp(stderr);
test1_exit(11);
}
if ((mode == EVP_CIPH_OCB_MODE) &&
- !EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_OCB_SET_TAGLEN, tn, NULL))
- {
+ !EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, tn, NULL)) {
fprintf(stderr, "Tag length set failed\n");
ERR_print_errors_fp(stderr);
test1_exit(15);
@@ -312,7 +286,8 @@ static void test1(const EVP_CIPHER *c, const unsigned char *key, int kn,
ERR_print_errors_fp(stderr);
test1_exit(12);
}
- if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_SET_TAG, tn, (void *)tag)) {
+ if (!EVP_CIPHER_CTX_ctrl
+ (ctx, EVP_CTRL_AEAD_SET_TAG, tn, (void *)tag)) {
fprintf(stderr, "Set tag failed\n");
ERR_print_errors_fp(stderr);
test1_exit(14);
@@ -328,13 +303,13 @@ static void test1(const EVP_CIPHER *c, const unsigned char *key, int kn,
ERR_print_errors_fp(stderr);
test1_exit(10);
}
- if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_CCM_SET_IVLEN, in, NULL)) {
+ if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN, in, NULL)) {
fprintf(stderr, "IV length set failed\n");
ERR_print_errors_fp(stderr);
test1_exit(11);
}
if (!EVP_CIPHER_CTX_ctrl
- (ctx, EVP_CTRL_CCM_SET_TAG, tn, (void *)tag)) {
+ (ctx, EVP_CTRL_AEAD_SET_TAG, tn, (void *)tag)) {
fprintf(stderr, "Tag length set failed\n");
ERR_print_errors_fp(stderr);
test1_exit(11);
diff --git a/demos/evp/aesccm.c b/demos/evp/aesccm.c
index 1810a51..e0240e5 100644
--- a/demos/evp/aesccm.c
+++ b/demos/evp/aesccm.c
@@ -50,9 +50,10 @@ void aes_ccm_encrypt(void)
/* Set cipher type and mode */
EVP_EncryptInit_ex(ctx, EVP_aes_192_ccm(), NULL, NULL, NULL);
/* Set nonce length if default 96 bits is not appropriate */
- EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_CCM_SET_IVLEN, sizeof(ccm_nonce), NULL);
+ EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN, sizeof(ccm_nonce),
+ NULL);
/* Set tag length */
- EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_CCM_SET_TAG, sizeof(ccm_tag), NULL);
+ EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, sizeof(ccm_tag), NULL);
/* Initialise key and IV */
EVP_EncryptInit_ex(ctx, NULL, NULL, ccm_key, ccm_nonce);
/* Set plaintext length: only needed if AAD is used */
@@ -67,7 +68,7 @@ void aes_ccm_encrypt(void)
/* Finalise: note get no output for CCM */
EVP_EncryptFinal_ex(ctx, outbuf, &outlen);
/* Get tag */
- EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_CCM_GET_TAG, 16, outbuf);
+ EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, 16, outbuf);
/* Output tag */
printf("Tag:\n");
BIO_dump_fp(stdout, outbuf, 16);
@@ -86,9 +87,10 @@ void aes_ccm_decrypt(void)
/* Select cipher */
EVP_DecryptInit_ex(ctx, EVP_aes_192_ccm(), NULL, NULL, NULL);
/* Set nonce length, omit for 96 bits */
- EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_CCM_SET_IVLEN, sizeof(ccm_nonce), NULL);
+ EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN, sizeof(ccm_nonce),
+ NULL);
/* Set expected tag value */
- EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_CCM_SET_TAG,
+ EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG,
sizeof(ccm_tag), (void *)ccm_tag);
/* Specify key and IV */
EVP_DecryptInit_ex(ctx, NULL, NULL, ccm_key, ccm_nonce);
diff --git a/demos/evp/aesgcm.c b/demos/evp/aesgcm.c
index 12d4192..9159c5c 100644
--- a/demos/evp/aesgcm.c
+++ b/demos/evp/aesgcm.c
@@ -50,7 +50,7 @@ void aes_gcm_encrypt(void)
/* Set cipher type and mode */
EVP_EncryptInit_ex(ctx, EVP_aes_256_gcm(), NULL, NULL, NULL);
/* Set IV length if default 96 bits is not appropriate */
- EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, sizeof(gcm_iv), NULL);
+ EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN, sizeof(gcm_iv), NULL);
/* Initialise key and IV */
EVP_EncryptInit_ex(ctx, NULL, NULL, gcm_key, gcm_iv);
/* Zero or more calls to specify any AAD */
@@ -63,7 +63,7 @@ void aes_gcm_encrypt(void)
/* Finalise: note get no output for GCM */
EVP_EncryptFinal_ex(ctx, outbuf, &outlen);
/* Get tag */
- EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_GET_TAG, 16, outbuf);
+ EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, 16, outbuf);
/* Output tag */
printf("Tag:\n");
BIO_dump_fp(stdout, outbuf, 16);
@@ -82,7 +82,7 @@ void aes_gcm_decrypt(void)
/* Select cipher */
EVP_DecryptInit_ex(ctx, EVP_aes_256_gcm(), NULL, NULL, NULL);
/* Set IV length, omit for 96 bits */
- EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, sizeof(gcm_iv), NULL);
+ EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN, sizeof(gcm_iv), NULL);
/* Specify key and IV */
EVP_DecryptInit_ex(ctx, NULL, NULL, gcm_key, gcm_iv);
#if 0
@@ -90,7 +90,7 @@ void aes_gcm_decrypt(void)
* Set expected tag value. A restriction in OpenSSL 1.0.1c and earlier
* required the tag before any AAD or ciphertext
*/
- EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_TAG, sizeof(gcm_tag), gcm_tag);
+ EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, sizeof(gcm_tag), gcm_tag);
#endif
/* Zero or more calls to specify any AAD */
EVP_DecryptUpdate(ctx, NULL, &outlen, gcm_aad, sizeof(gcm_aad));
@@ -99,8 +99,11 @@ void aes_gcm_decrypt(void)
/* Output decrypted block */
printf("Plaintext:\n");
BIO_dump_fp(stdout, outbuf, outlen);
- /* Set expected tag value. Works in OpenSSL 1.0.1d and later */
- EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_TAG, sizeof(gcm_tag), gcm_tag);
+ /*
+ * Set expected tag value. Works in OpenSSL 1.0.1d and later
+ * In versions prior to OpenSSL 1.1.0 you should use EVP_CTRL_GCM_SET_TAG
+ */
+ EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, sizeof(gcm_tag), gcm_tag);
/* Finalise: note get no output for GCM */
rv = EVP_DecryptFinal_ex(ctx, outbuf, &outlen);
/*
diff --git a/doc/crypto/EVP_EncryptInit.pod b/doc/crypto/EVP_EncryptInit.pod
index 6940de6..6d897da 100644
--- a/doc/crypto/EVP_EncryptInit.pod
+++ b/doc/crypto/EVP_EncryptInit.pod
@@ -399,41 +399,38 @@ indicates if the operation was successful. If it does not indicate success
the authentication operation has failed and any output data B<MUST NOT>
be used as it is corrupted.

-The following ctrl is supported in OCB mode only:
-
- EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_OCB_SET_TAGLEN, taglen, NULL);
-
-Sets the tag length: this call can only be made before specifying an IV. If
-not called a default tag length is used. For OCB AES the default is 16 (i.e. 128
-bits). This is also the maximum tag length.
-
The following ctrls are supported in both GCM and OCB modes:

- EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_SET_IVLEN, ivlen, NULL);
+ EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN, ivlen, NULL);

Sets the IV length: this call can only be made before specifying an IV. If
not called a default IV length is used. For GCM AES and OCB AES the default is
12 (i.e. 96 bits). For OCB mode the maximum is 15.

- EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GET_TAG, taglen, tag);
+ EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, taglen, tag);

Writes B<taglen> bytes of the tag value to the buffer indicated by B<tag>.
This call can only be made when encrypting data and B<after> all data has been
processed (e.g. after an EVP_EncryptFinal() call). For OCB mode the taglen must
either be 16 or the value previously set via EVP_CTRL_OCB_SET_TAGLEN.

- EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_SET_TAG, taglen, tag);
+ EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, taglen, tag);

Sets the expected tag to B<taglen> bytes from B<tag>. This call is only legal
when decrypting data and must be made B<before> any data is processed (e.g.
before any EVP_DecryptUpdate() call). For OCB mode the taglen must
-either be 16 or the value previously set via EVP_CTRL_OCB_SET_TAGLEN.
+either be 16 or the value previously set via EVP_CTRL_AEAD_SET_TAG.
+
+In OCB mode calling this with B<tag> set to NULL sets the tag length. The tag
+length can only be set before specifying an IV. If not called a default tag
+length is used. For OCB AES the default is 16 (i.e. 128 bits). This is also the
+maximum tag length for OCB.

See L<EXAMPLES> below for an example of the use of GCM mode.

=head1 CCM Mode

-The behaviour of CCM mode ciphers is similar to CCM mode but with a few
+The behaviour of CCM mode ciphers is similar to GCM mode but with a few
additional requirements and different ctrl values.

Like GCM and OCB modes any additional authenticated data (AAD) is passed by calling
@@ -445,7 +442,7 @@ set to B<NULL> and the length passed in the B<inl> parameter.

The following ctrls are supported in CCM mode:

- EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_CCM_SET_TAG, taglen, tag);
+ EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, taglen, tag);

This call is made to set the expected B<CCM> tag value when decrypting or
the length of the tag (with the B<tag> parameter set to NULL) when encrypting.
@@ -456,7 +453,7 @@ used (12 for AES).

Sets the CCM B<L> value. If not set a default is used (8 for AES).

- EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_CCM_SET_IVLEN, ivlen, NULL);
+ EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN, ivlen, NULL);

Sets the CCM nonce (IV) length: this call can only be made before specifying
an nonce value. The nonce length is given by B<15 - L> so it is 7 by default
diff --git a/util/libeay.num b/util/libeay.num
index 6859081..03f0d39 100755
--- a/util/libeay.num
+++ b/util/libeay.num
@@ -4515,21 +4515,21 @@ i2s_ASN1_IA5STRING 4874 EXIST::FUNCTION:
s2i_ASN1_IA5STRING 4875 EXIST::FUNCTION:
FIPS_dsa_sign_ctx 4876 NOEXIST::FUNCTION:
CRYPTO_ocb128_release 4878 NOEXIST::FUNCTION:
-CRYPTO_ocb128_new 4879 EXIST::FUNCTION:
-CRYPTO_ocb128_finish 4880 EXIST::FUNCTION:
-EVP_aes_256_ocb 4881 EXIST::FUNCTION:AES
-CRYPTO_ocb128_setiv 4882 EXIST::FUNCTION:
-CRYPTO_ocb128_aad 4883 EXIST::FUNCTION:
-CRYPTO_ocb128_decrypt 4884 EXIST::FUNCTION:
-CRYPTO_ocb128_tag 4885 EXIST::FUNCTION:
-EVP_aes_192_ocb 4886 EXIST::FUNCTION:AES
-EVP_aes_128_ocb 4887 EXIST::FUNCTION:AES
-CRYPTO_ocb128_init 4888 EXIST::FUNCTION:
-CRYPTO_ocb128_encrypt 4889 EXIST::FUNCTION:
-CRYPTO_ocb128_copy_ctx 4890 EXIST::FUNCTION:
+CRYPTO_ocb128_new 4879 EXIST::FUNCTION:OCB
+CRYPTO_ocb128_finish 4880 EXIST::FUNCTION:OCB
+EVP_aes_256_ocb 4881 EXIST::FUNCTION:AES,OCB
+CRYPTO_ocb128_setiv 4882 EXIST::FUNCTION:OCB
+CRYPTO_ocb128_aad 4883 EXIST::FUNCTION:OCB
+CRYPTO_ocb128_decrypt 4884 EXIST::FUNCTION:OCB
+CRYPTO_ocb128_tag 4885 EXIST::FUNCTION:OCB
+EVP_aes_192_ocb 4886 EXIST::FUNCTION:AES,OCB
+EVP_aes_128_ocb 4887 EXIST::FUNCTION:AES,OCB
+CRYPTO_ocb128_init 4888 EXIST::FUNCTION:OCB
+CRYPTO_ocb128_encrypt 4889 EXIST::FUNCTION:OCB
+CRYPTO_ocb128_copy_ctx 4890 EXIST::FUNCTION:OCB
BN_is_word 4891 EXIST::FUNCTION:
BN_GENCB_set 4892 EXIST::FUNCTION:
-CRYPTO_ocb128_cleanup 4893 EXIST::FUNCTION:
+CRYPTO_ocb128_cleanup 4893 EXIST::FUNCTION:OCB
BN_GENCB_set_old 4894 EXIST::FUNCTION:
BN_is_zero 4895 EXIST::FUNCTION:
BN_with_flags 4896 EXIST::FUNCTION:
diff --git a/util/mk1mf.pl b/util/mk1mf.pl
index 5424ed5..01329b7 100755
--- a/util/mk1mf.pl
+++ b/util/mk1mf.pl
@@ -1457,6 +1457,7 @@ sub read_options
"no-ssl-trace" => 0,
"no-unit-test" => 0,
"no-deprecated" => 0,
+ "no-ocb" => 0,
"fips" => \$fips,
"fipscanisterbuild" => [\$fips, \$fipscanisterbuild],
"fipscanisteronly" => [\$fips, \$fipscanisterbuild, \$fipscanisteronly],
diff --git a/util/mkdef.pl b/util/mkdef.pl
index 1dbd555..b67d14b 100755
--- a/util/mkdef.pl
+++ b/util/mkdef.pl
@@ -120,7 +120,9 @@ my @known_algorithms = ( "RC2", "RC4", "RC5", "IDEA", "DES", "BF",
# SSL TRACE
"SSL_TRACE",
# Unit testing
- "UNIT_TEST");
+ "UNIT_TEST",
+ # OCB mode
+ "OCB");

my $options="";
open(IN,"<Makefile") || die "unable to open Makefile!\n";
@@ -141,7 +143,7 @@ my $no_fp_api; my $no_static_engine=1; my $no_gmp; my $no_deprecated;

my my $no_psk; my $no_tlsext; my $no_cms; my $no_capieng;
my $no_jpake; my $no_srp; my $no_ec2m; my $no_nistp_gcc;
my $no_nextprotoneg; my $no_sctp; my $no_srtp; my $no_ssl_trace;

-my $no_unit_test; my $no_ssl3_method;
+my $no_unit_test; my $no_ssl3_method; my $no_ocb;

my $fips;

@@ -243,6 +245,7 @@ foreach (@ARGV, split(/ /, $options))
elsif (/^no-srtp$/) { $no_srtp=1; }
elsif (/^no-unit-test$/){ $no_unit_test=1; }
elsif (/^no-deprecated$/) { $no_deprecated=1; }
+ elsif (/^no-ocb/){ $no_ocb=1; }
}

@@ -1221,6 +1224,7 @@ sub is_valid
if ($keyword eq "SRTP" && $no_srtp) { return 0; }
if ($keyword eq "UNIT_TEST" && $no_unit_test) { return 0; }
if ($keyword eq "DEPRECATED" && $no_deprecated) { return 0; }
+ if ($keyword eq "OCB" && $no_ocb) { return 0; }

# Nothing recognise as true
return 1;

Matt Caswell

unread,

Jan 28, 2015, 5:58:15 AM1/28/15

to

The branch master has been updated

via 55467a16c2baf798ebcb627835654524cf8598a1 (commit)
from dc0e9a35fa89c262833d6b498108acc58a70bdcb (commit)

- Log -----------------------------------------------------------------
commit 55467a16c2baf798ebcb627835654524cf8598a1
Author: Matt Caswell <ma...@openssl.org>
Date: Tue Jan 27 16:39:13 2015 +0000

Fix warning on some compilers where variable index shadows a global
declaration

Reviewed-by: Rich Salz <rs...@openssl.org>

-----------------------------------------------------------------------

Summary of changes:

crypto/modes/ocb128.c | 10 +++++-----
1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/crypto/modes/ocb128.c b/crypto/modes/ocb128.c
index a322410..cbcb7f6 100644
--- a/crypto/modes/ocb128.c
+++ b/crypto/modes/ocb128.c
@@ -151,10 +151,10 @@ static void ocb_block_xor(const unsigned char *in1,
* Lookup L_index in our lookup table. If we haven't already got it we need to
* calculate it
*/
-static OCB_BLOCK *ocb_lookup_l(OCB128_CONTEXT *ctx, size_t index)
+static OCB_BLOCK *ocb_lookup_l(OCB128_CONTEXT *ctx, size_t idx)
{
- if (index <= ctx->l_index) {
- return ctx->l + index;
+ if (idx <= ctx->l_index) {
+ return ctx->l + idx;
}

/* We don't have it - so calculate it */
@@ -166,9 +166,9 @@ static OCB_BLOCK *ocb_lookup_l(OCB128_CONTEXT *ctx, size_t index)
if (!ctx->l)
return NULL;
}
- ocb_double(ctx->l + (index - 1), ctx->l + index);
+ ocb_double(ctx->l + (idx - 1), ctx->l + idx);

- return ctx->l + index;
+ return ctx->l + idx;
}

/*

Rich Salz

unread,

Jan 28, 2015, 12:23:39 PM1/28/15

to

The branch master has been updated

via 625a9baf11c1dd94f17e5876b6ee8d6271b3921d (commit)
from 55467a16c2baf798ebcb627835654524cf8598a1 (commit)

- Log -----------------------------------------------------------------
commit 625a9baf11c1dd94f17e5876b6ee8d6271b3921d
Author: Rich Salz <rs...@openssl.org>
Date: Wed Jan 28 12:21:55 2015 -0500

Finish removal of DSS

Reviewed-by: Matt Caswell <ma...@openssl.org>

-----------------------------------------------------------------------

Summary of changes:
crypto/evp/Makefile | 14 +-----
crypto/evp/m_dss.c | 102 -----------------------------------------
doc/crypto/EVP_DigestInit.pod | 11 ++---
3 files changed, 7 insertions(+), 120 deletions(-)
delete mode 100644 crypto/evp/m_dss.c

diff --git a/crypto/evp/Makefile b/crypto/evp/Makefile
index f882096..51730c1 100644
--- a/crypto/evp/Makefile
+++ b/crypto/evp/Makefile
@@ -23,7 +23,7 @@ LIBSRC= encode.c digest.c evp_enc.c evp_key.c evp_acnf.c evp_cnf.c \

e_rc4.c e_aes.c names.c e_seed.c \
e_xcbc_d.c e_rc2.c e_cast.c e_rc5.c \

m_null.c m_md2.c m_md4.c m_md5.c m_sha1.c m_wp.c \

- m_dss.c m_dss1.c m_mdc2.c m_ripemd.c m_ecdsa.c\
+ m_dss1.c m_mdc2.c m_ripemd.c m_ecdsa.c\

p_open.c p_seal.c p_sign.c p_verify.c p_lib.c p_enc.c p_dec.c \
bio_md.c bio_b64.c bio_enc.c evp_err.c e_null.c \

c_all.c c_allc.c c_alld.c evp_lib.c bio_ok.c \
@@ -36,7 +36,7 @@ LIBOBJ= encode.o digest.o evp_enc.o evp_key.o evp_acnf.o evp_cnf.o \

e_rc4.o e_aes.o names.o e_seed.o \
e_xcbc_d.o e_rc2.o e_cast.o e_rc5.o \

m_null.o m_md2.o m_md4.o m_md5.o m_sha1.o m_wp.o \

- m_dss.o m_dss1.o m_mdc2.o m_ripemd.o m_ecdsa.o\
+ m_dss1.o m_mdc2.o m_ripemd.o m_ecdsa.o\

p_open.o p_seal.o p_sign.o p_verify.o p_lib.o p_enc.o p_dec.o \
bio_md.o bio_b64.o bio_enc.o evp_err.o e_null.o \

c_all.o c_allc.o c_alld.o evp_lib.o bio_ok.o \
@@ -464,16 +464,6 @@ evp_pkey.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
evp_pkey.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
evp_pkey.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
evp_pkey.o: ../asn1/asn1_locl.h ../cryptlib.h evp_pkey.c
-m_dss.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
-m_dss.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-m_dss.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
-m_dss.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-m_dss.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-m_dss.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-m_dss.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-m_dss.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-m_dss.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-m_dss.o: ../cryptlib.h m_dss.c
m_dss1.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
m_dss1.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
m_dss1.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
diff --git a/crypto/evp/m_dss.c b/crypto/evp/m_dss.c
deleted file mode 100644
index 7fa1ca3..0000000
--- a/crypto/evp/m_dss.c
+++ /dev/null
@@ -1,102 +0,0 @@
-/* crypto/evp/m_dss.c */

-#include <openssl/evp.h>
-#include <openssl/objects.h>
-#include <openssl/sha.h>
-#ifndef OPENSSL_NO_DSA
-# include <openssl/dsa.h>
-#endif
-

-
-static int init(EVP_MD_CTX *ctx)
-{

- return SHA1_Init(ctx->md_data);

-}
-
-static int update(EVP_MD_CTX *ctx, const void *data, size_t count)
-{

- return SHA1_Update(ctx->md_data, data, count);

-}
-
-static int final(EVP_MD_CTX *ctx, unsigned char *md)
-{

- return SHA1_Final(md, ctx->md_data);
-}
-
-static const EVP_MD dsa_md = {
- NID_dsaWithSHA,
- NID_dsaWithSHA,
- SHA_DIGEST_LENGTH,
- EVP_MD_FLAG_PKEY_METHOD_SIGNATURE | EVP_MD_FLAG_PKEY_DIGEST,

- init,
- update,
- final,
- NULL,
- NULL,

- EVP_PKEY_NULL_method,

- SHA_CBLOCK,
- sizeof(EVP_MD *) + sizeof(SHA_CTX),
-};
-

-const EVP_MD *EVP_dss(void)
-{
- return (&dsa_md);
-}
diff --git a/doc/crypto/EVP_DigestInit.pod b/doc/crypto/EVP_DigestInit.pod
index 6605507..3fb9b4c 100644
--- a/doc/crypto/EVP_DigestInit.pod
+++ b/doc/crypto/EVP_DigestInit.pod
@@ -7,7 +7,7 @@ EVP_DigestFinal_ex, EVP_MD_CTX_cleanup, EVP_MD_CTX_destroy, EVP_MAX_MD_SIZE,

EVP_MD_CTX_copy_ex, EVP_DigestInit, EVP_DigestFinal, EVP_MD_CTX_copy, EVP_MD_type,
EVP_MD_pkey_type, EVP_MD_size, EVP_MD_block_size, EVP_MD_CTX_md, EVP_MD_CTX_size,

EVP_MD_CTX_block_size, EVP_MD_CTX_type, EVP_md_null, EVP_md2, EVP_md5, EVP_sha1,

-EVP_sha224, EVP_sha256, EVP_sha384, EVP_sha512, EVP_dss, EVP_dss1, EVP_mdc2,
+EVP_sha224, EVP_sha256, EVP_sha384, EVP_sha512, EVP_dss1, EVP_mdc2,

EVP_ripemd160, EVP_get_digestbyname, EVP_get_digestbynid, EVP_get_digestbyobj -
EVP digest routines

@@ -50,7 +50,6 @@ EVP digest routines
const EVP_MD *EVP_md2(void);
const EVP_MD *EVP_md5(void);
const EVP_MD *EVP_sha1(void);
- const EVP_MD *EVP_dss(void);
const EVP_MD *EVP_dss1(void);
const EVP_MD *EVP_mdc2(void);
const EVP_MD *EVP_ripemd160(void);
@@ -138,8 +137,8 @@ EVP_sha384(), EVP_sha512(), EVP_mdc2() and EVP_ripemd160() return B<EVP_MD>

structures for the MD2, MD5, SHA1, SHA224, SHA256, SHA384, SHA512, MDC2
and RIPEMD160 digest algorithms respectively.

-EVP_dss() and EVP_dss1() return B<EVP_MD> structures for SHA and SHA1 digest
-algorithms but using DSS (DSA) for the signature algorithm. Note: there is
+EVP_dss1() returns B<EVP_MD> an structure the SHA1 digest
+algorithm but using DSS (DSA) for the signature algorithm. Note: there is
no need to use these pseudo-digests in OpenSSL 1.0.0 and later, they are
however retained for compatibility.

@@ -164,7 +163,7 @@ corresponding OBJECT IDENTIFIER or NID_undef if none exists.

EVP_MD_size(), EVP_MD_block_size(), EVP_MD_CTX_size() and
EVP_MD_CTX_block_size() return the digest or block size in bytes.

-EVP_md_null(), EVP_md2(), EVP_md5(), EVP_sha1(), EVP_dss(),
+EVP_md_null(), EVP_md2(), EVP_md5(), EVP_sha1(),

EVP_dss1(), EVP_mdc2() and EVP_ripemd160() return pointers to the
corresponding EVP_MD structures.

@@ -269,7 +268,7 @@ EVP_MD_CTX_cleanup(), EVP_MD_CTX_destroy(), EVP_DigestInit_ex()

and EVP_DigestFinal_ex() were added in OpenSSL 0.9.7.

EVP_md_null(), EVP_md2(), EVP_md5(), EVP_sha1(),
-EVP_dss(), EVP_dss1(), EVP_mdc2() and EVP_ripemd160() were
+EVP_dss1(), EVP_mdc2() and EVP_ripemd160() were

changed to return truly const EVP_MD * in OpenSSL 0.9.7.

The link between digests and signing algorithms was fixed in OpenSSL 1.0 and

Rich Salz

unread,

Jan 28, 2015, 12:24:50 PM1/28/15

to

The branch master has been updated

via 49b05c7d503b26fea4aaa5dda9c30b181c8e46cf (commit)
from 625a9baf11c1dd94f17e5876b6ee8d6271b3921d (commit)

- Log -----------------------------------------------------------------
commit 49b05c7d503b26fea4aaa5dda9c30b181c8e46cf
Author: Rich Salz <rs...@openssl.org>
Date: Wed Jan 28 12:23:01 2015 -0500

Rename index to idx to avoid symbol conflicts.

Picky compilers with old index() string functions.

Reviewed-by: Matt Caswell <ma...@openssl.org>

-----------------------------------------------------------------------

Summary of changes:

crypto/ec/ecp_nistz256.c | 110 +++++++++++++++++++++++-----------------------
1 file changed, 55 insertions(+), 55 deletions(-)

diff --git a/crypto/ec/ecp_nistz256.c b/crypto/ec/ecp_nistz256.c
index 54a36c7..c50b845 100644
--- a/crypto/ec/ecp_nistz256.c
+++ b/crypto/ec/ecp_nistz256.c
@@ -116,13 +116,13 @@ void ecp_nistz256_to_mont(BN_ULONG res[P256_LIMBS],
const BN_ULONG in[P256_LIMBS]);
/* Functions that perform constant time access to the precomputed tables */
void ecp_nistz256_scatter_w5(P256_POINT *val,
- const P256_POINT *in_t, int index);
+ const P256_POINT *in_t, int idx);
void ecp_nistz256_gather_w5(P256_POINT *val,
- const P256_POINT *in_t, int index);
+ const P256_POINT *in_t, int idx);
void ecp_nistz256_scatter_w7(P256_POINT_AFFINE *val,
- const P256_POINT_AFFINE *in_t, int index);
+ const P256_POINT_AFFINE *in_t, int idx);
void ecp_nistz256_gather_w7(P256_POINT_AFFINE *val,
- const P256_POINT_AFFINE *in_t, int index);
+ const P256_POINT_AFFINE *in_t, int idx);

/* One converted into the Montgomery domain */
static const BN_ULONG ONE[P256_LIMBS] = {
@@ -563,7 +563,7 @@ static void ecp_nistz256_windowed_mul(const EC_GROUP *group,
int num, BN_CTX *ctx)
{
int i, j;
- unsigned int index;
+ unsigned int idx;
unsigned char (*p_str)[33] = NULL;
const unsigned int window_size = 5;
const unsigned int mask = (1 << (window_size + 1)) - 1;
@@ -666,10 +666,10 @@ static void ecp_nistz256_windowed_mul(const EC_GROUP *group,
ecp_nistz256_scatter_w5 (row, &temp[1], 16);
}

- index = 255;
+ idx = 255;

- wvalue = p_str[0][(index - 1) / 8];
- wvalue = (wvalue >> ((index - 1) % 8)) & mask;
+ wvalue = p_str[0][(idx - 1) / 8];
+ wvalue = (wvalue >> ((idx - 1) % 8)) & mask;

/*
* We gather to temp[0], because we know it's position relative
@@ -678,12 +678,12 @@ static void ecp_nistz256_windowed_mul(const EC_GROUP *group,
ecp_nistz256_gather_w5(&temp[0], table[0], _booth_recode_w5(wvalue) >> 1);
memcpy(r, &temp[0], sizeof(temp[0]));

- while (index >= 5) {
- for (i = (index == 255 ? 1 : 0); i < num; i++) {
- unsigned int off = (index - 1) / 8;
+ while (idx >= 5) {
+ for (i = (idx == 255 ? 1 : 0); i < num; i++) {
+ unsigned int off = (idx - 1) / 8;

wvalue = p_str[i][off] | p_str[i][off + 1] << 8;
- wvalue = (wvalue >> ((index - 1) % 8)) & mask;
+ wvalue = (wvalue >> ((idx - 1) % 8)) & mask;

wvalue = _booth_recode_w5(wvalue);

@@ -695,7 +695,7 @@ static void ecp_nistz256_windowed_mul(const EC_GROUP *group,
ecp_nistz256_point_add(r, r, &temp[0]);
}

- index -= window_size;
+ idx -= window_size;

ecp_nistz256_point_double(r, r);
ecp_nistz256_point_double(r, r);
@@ -943,7 +943,7 @@ static void ecp_nistz256_avx2_mul_g(P256_POINT *r,
unsigned char sign1, digit1;
unsigned char sign2, digit2;
unsigned char sign3, digit3;
- unsigned int index = 0;
+ unsigned int idx = 0;
BN_ULONG tmp[P256_LIMBS];
int i;

@@ -955,19 +955,19 @@ static void ecp_nistz256_avx2_mul_g(P256_POINT *r,
/* Initial four windows */
wvalue = *((u16 *) & p_str[0]);
wvalue = (wvalue << 1) & mask;
- index += window_size;
+ idx += window_size;
booth_recode_w7(&sign0, &digit0, wvalue);
- wvalue = *((u16 *) & p_str[(index - 1) / 8]);
- wvalue = (wvalue >> ((index - 1) % 8)) & mask;
- index += window_size;
+ wvalue = *((u16 *) & p_str[(idx - 1) / 8]);
+ wvalue = (wvalue >> ((idx - 1) % 8)) & mask;
+ idx += window_size;
booth_recode_w7(&sign1, &digit1, wvalue);
- wvalue = *((u16 *) & p_str[(index - 1) / 8]);
- wvalue = (wvalue >> ((index - 1) % 8)) & mask;
- index += window_size;
+ wvalue = *((u16 *) & p_str[(idx - 1) / 8]);
+ wvalue = (wvalue >> ((idx - 1) % 8)) & mask;
+ idx += window_size;
booth_recode_w7(&sign2, &digit2, wvalue);
- wvalue = *((u16 *) & p_str[(index - 1) / 8]);
- wvalue = (wvalue >> ((index - 1) % 8)) & mask;
- index += window_size;
+ wvalue = *((u16 *) & p_str[(idx - 1) / 8]);
+ wvalue = (wvalue >> ((idx - 1) % 8)) & mask;
+ idx += window_size;
booth_recode_w7(&sign3, &digit3, wvalue);

ecp_nistz256_avx2_multi_gather_w7(point_arr, preComputedTable[0],
@@ -987,21 +987,21 @@ static void ecp_nistz256_avx2_mul_g(P256_POINT *r,
ecp_nistz256_avx2_to_mont(&aX4[4 * 9], &aX4[4 * 9]);
ecp_nistz256_avx2_set1(&aX4[4 * 9 * 2]);

- wvalue = *((u16 *) & p_str[(index - 1) / 8]);
- wvalue = (wvalue >> ((index - 1) % 8)) & mask;
- index += window_size;
+ wvalue = *((u16 *) & p_str[(idx - 1) / 8]);
+ wvalue = (wvalue >> ((idx - 1) % 8)) & mask;
+ idx += window_size;
booth_recode_w7(&sign0, &digit0, wvalue);
- wvalue = *((u16 *) & p_str[(index - 1) / 8]);
- wvalue = (wvalue >> ((index - 1) % 8)) & mask;
- index += window_size;
+ wvalue = *((u16 *) & p_str[(idx - 1) / 8]);
+ wvalue = (wvalue >> ((idx - 1) % 8)) & mask;
+ idx += window_size;
booth_recode_w7(&sign1, &digit1, wvalue);
- wvalue = *((u16 *) & p_str[(index - 1) / 8]);
- wvalue = (wvalue >> ((index - 1) % 8)) & mask;
- index += window_size;
+ wvalue = *((u16 *) & p_str[(idx - 1) / 8]);
+ wvalue = (wvalue >> ((idx - 1) % 8)) & mask;
+ idx += window_size;
booth_recode_w7(&sign2, &digit2, wvalue);
- wvalue = *((u16 *) & p_str[(index - 1) / 8]);
- wvalue = (wvalue >> ((index - 1) % 8)) & mask;
- index += window_size;
+ wvalue = *((u16 *) & p_str[(idx - 1) / 8]);
+ wvalue = (wvalue >> ((idx - 1) % 8)) & mask;
+ idx += window_size;
booth_recode_w7(&sign3, &digit3, wvalue);

ecp_nistz256_avx2_multi_gather_w7(point_arr, preComputedTable[4 * 1],
@@ -1023,21 +1023,21 @@ static void ecp_nistz256_avx2_mul_g(P256_POINT *r,
ecp_nistz256_avx2_point_add_affines_x4(aX4, aX4, bX4);

for (i = 2; i < 9; i++) {
- wvalue = *((u16 *) & p_str[(index - 1) / 8]);
- wvalue = (wvalue >> ((index - 1) % 8)) & mask;
- index += window_size;
+ wvalue = *((u16 *) & p_str[(idx - 1) / 8]);
+ wvalue = (wvalue >> ((idx - 1) % 8)) & mask;
+ idx += window_size;
booth_recode_w7(&sign0, &digit0, wvalue);
- wvalue = *((u16 *) & p_str[(index - 1) / 8]);
- wvalue = (wvalue >> ((index - 1) % 8)) & mask;
- index += window_size;
+ wvalue = *((u16 *) & p_str[(idx - 1) / 8]);
+ wvalue = (wvalue >> ((idx - 1) % 8)) & mask;
+ idx += window_size;
booth_recode_w7(&sign1, &digit1, wvalue);
- wvalue = *((u16 *) & p_str[(index - 1) / 8]);
- wvalue = (wvalue >> ((index - 1) % 8)) & mask;
- index += window_size;
+ wvalue = *((u16 *) & p_str[(idx - 1) / 8]);
+ wvalue = (wvalue >> ((idx - 1) % 8)) & mask;
+ idx += window_size;
booth_recode_w7(&sign2, &digit2, wvalue);
- wvalue = *((u16 *) & p_str[(index - 1) / 8]);
- wvalue = (wvalue >> ((index - 1) % 8)) & mask;
- index += window_size;
+ wvalue = *((u16 *) & p_str[(idx - 1) / 8]);
+ wvalue = (wvalue >> ((idx - 1) % 8)) & mask;
+ idx += window_size;
booth_recode_w7(&sign3, &digit3, wvalue);

ecp_nistz256_avx2_multi_gather_w7(point_arr,
@@ -1066,8 +1066,8 @@ static void ecp_nistz256_avx2_mul_g(P256_POINT *r,

ecp_nistz256_avx2_convert_transpose_back(res_point_arr, aX4);
/* Last window is performed serially */
- wvalue = *((u16 *) & p_str[(index - 1) / 8]);
- wvalue = (wvalue >> ((index - 1) % 8)) & mask;
+ wvalue = *((u16 *) & p_str[(idx - 1) / 8]);
+ wvalue = (wvalue >> ((idx - 1) % 8)) & mask;
booth_recode_w7(&sign0, &digit0, wvalue);
ecp_nistz256_gather_w7((P256_POINT_AFFINE *)r,
preComputedTable[36], digit0);
@@ -1129,7 +1129,7 @@ static int ecp_nistz256_points_mul(const EC_GROUP *group,
const PRECOMP256_ROW *preComputedTable = NULL;
const EC_PRE_COMP *pre_comp = NULL;
const EC_POINT *generator = NULL;
- unsigned int index = 0;
+ unsigned int idx = 0;
const unsigned int window_size = 7;
const unsigned int mask = (1 << (window_size + 1)) - 1;
unsigned int wvalue;
@@ -1249,7 +1249,7 @@ static int ecp_nistz256_points_mul(const EC_GROUP *group,
{
/* First window */
wvalue = (p_str[0] << 1) & mask;
- index += window_size;
+ idx += window_size;

wvalue = _booth_recode_w7(wvalue);

@@ -1262,10 +1262,10 @@ static int ecp_nistz256_points_mul(const EC_GROUP *group,
memcpy(p.p.Z, ONE, sizeof(ONE));

for (i = 1; i < 37; i++) {
- unsigned int off = (index - 1) / 8;
+ unsigned int off = (idx - 1) / 8;
wvalue = p_str[off] | p_str[off + 1] << 8;
- wvalue = (wvalue >> ((index - 1) % 8)) & mask;
- index += window_size;
+ wvalue = (wvalue >> ((idx - 1) % 8)) & mask;
+ idx += window_size;

wvalue = _booth_recode_w7(wvalue);

Rich Salz

unread,

Jan 28, 2015, 12:29:01 PM1/28/15

to

The branch master has been updated

via 31b446e212e2209d62e66a608e540716716430e4 (commit)
from 49b05c7d503b26fea4aaa5dda9c30b181c8e46cf (commit)

- Log -----------------------------------------------------------------
commit 31b446e212e2209d62e66a608e540716716430e4
Author: Rich Salz <rs...@openssl.org>
Date: Wed Jan 28 12:27:23 2015 -0500

Add missing declaration for lh_node_usage_stats

Reviewed-by: Matt Caswell <ma...@openssl.org>

-----------------------------------------------------------------------

Summary of changes:

crypto/lhash/lhash.h | 1 +
1 file changed, 1 insertion(+)

diff --git a/crypto/lhash/lhash.h b/crypto/lhash/lhash.h
index cb01854..fb92317 100644
--- a/crypto/lhash/lhash.h
+++ b/crypto/lhash/lhash.h
@@ -181,6 +181,7 @@ unsigned long lh_num_items(const _LHASH *lh);
# ifndef OPENSSL_NO_STDIO

void lh_stats(const _LHASH *lh, FILE *fp);

void lh_node_stats(const _LHASH *lh, FILE *fp);

+void lh_node_usage_stats(const _LHASH *lh, FILE *fp);

# endif
void lh_stats_bio(const _LHASH *lh, BIO *out);
void lh_node_stats_bio(const _LHASH *lh, BIO *out);

Rich Salz

unread,

Jan 28, 2015, 2:58:15 PM1/28/15

to

The branch master has been updated

via bff6986d9cf373cba053f5d4f5e80c6775536932 (commit)
from 31b446e212e2209d62e66a608e540716716430e4 (commit)

- Log -----------------------------------------------------------------
commit bff6986d9cf373cba053f5d4f5e80c6775536932
Author: Rich Salz <rs...@openssl.org>
Date: Wed Jan 28 14:53:04 2015 -0500

Remove support for opaque-prf

An expired IETF Internet-Draft (seven years old) that nobody
implements, and probably just as good as NSA DRBG work.
Remove this vestige of the NSA playing ekr for a fool. :(

Reviewed-by: Richard Levitte <lev...@openssl.org>

-----------------------------------------------------------------------

Summary of changes:

apps/s_cb.c | 5 --
apps/s_client.c | 6 --
apps/s_server.c | 5 --
ssl/s3_lib.c | 53 -------------
ssl/ssl.h | 17 +---
ssl/ssl3.h | 9 ---
ssl/ssl_lib.c | 2 -
ssl/ssltest.c | 33 --------
ssl/t1_enc.c | 16 ----
ssl/t1_ext.c | 3 -
ssl/t1_lib.c | 233 -------------------------------------------------------
ssl/t1_trce.c | 3 -
ssl/tls1.h | 17 ----
13 files changed, 3 insertions(+), 399 deletions(-)

diff --git a/apps/s_cb.c b/apps/s_cb.c
index 7227b19..eb89949 100644
--- a/apps/s_cb.c
+++ b/apps/s_cb.c
@@ -907,11 +907,6 @@ void tlsext_cb(SSL *s, int client_server, int type,
extname = "renegotiation info";
break;

-#ifdef TLSEXT_TYPE_opaque_prf_input
- case TLSEXT_TYPE_opaque_prf_input:
- extname = "opaque PRF input";
- break;
-#endif
#ifdef TLSEXT_TYPE_next_proto_neg
case TLSEXT_TYPE_next_proto_neg:
extname = "next protocol";
diff --git a/apps/s_client.c b/apps/s_client.c
index 512c258..0fb4771 100644
--- a/apps/s_client.c
+++ b/apps/s_client.c
@@ -1409,12 +1409,6 @@ int MAIN(int argc, char **argv)
kssl_ctx_setstring(kctx, KSSL_SERVER, host);
}
#endif /* OPENSSL_NO_KRB5 */
-/* SSL_set_cipher_list(con,"RC4-MD5"); */
-#if 0
-# ifdef TLSEXT_TYPE_opaque_prf_input
- SSL_set_tlsext_opaque_prf_input(con, "Test client", 11);
-# endif
-#endif

re_start:
#ifdef NO_SYS_UN_H
diff --git a/apps/s_server.c b/apps/s_server.c
index 48ac6b3..e6ea350 100644
--- a/apps/s_server.c
+++ b/apps/s_server.c
@@ -2183,11 +2183,6 @@ static int sv_body(char *hostname, int s, int stype, unsigned char *context)
SSL_set_session_id_context(con, context, strlen((char *)context));
}
SSL_clear(con);
-#if 0
-# ifdef TLSEXT_TYPE_opaque_prf_input
- SSL_set_tlsext_opaque_prf_input(con, "Test server", 11);
-# endif
-#endif

if (stype == SOCK_DGRAM) {

diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
index 3a1377a..b85d9bf 100644
--- a/ssl/s3_lib.c
+++ b/ssl/s3_lib.c
@@ -3244,13 +3244,6 @@ void ssl3_free(SSL *s)
if (s == NULL)
return;

-#ifdef TLSEXT_TYPE_opaque_prf_input
- if (s->s3->client_opaque_prf_input != NULL)
- OPENSSL_free(s->s3->client_opaque_prf_input);
- if (s->s3->server_opaque_prf_input != NULL)
- OPENSSL_free(s->s3->server_opaque_prf_input);
-#endif
-
ssl3_cleanup_key_block(s);

if (s->s3->rbuf.buf != NULL)

ssl3_release_read_buffer(s);
@@ -3293,15 +3286,6 @@ void ssl3_clear(SSL *s)
size_t rlen, wlen;
int init_extra;

-#ifdef TLSEXT_TYPE_opaque_prf_input
- if (s->s3->client_opaque_prf_input != NULL)
- OPENSSL_free(s->s3->client_opaque_prf_input);
- s->s3->client_opaque_prf_input = NULL;
- if (s->s3->server_opaque_prf_input != NULL)
- OPENSSL_free(s->s3->server_opaque_prf_input);
- s->s3->server_opaque_prf_input = NULL;
-#endif
-
ssl3_cleanup_key_block(s);
if (s->s3->tmp.ca_names != NULL)
sk_X509_NAME_pop_free(s->s3->tmp.ca_names, X509_NAME_free);
@@ -3554,30 +3538,6 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
ret = 1;
break;

-# ifdef TLSEXT_TYPE_opaque_prf_input
- case SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT:
- if (larg > 12288) { /* actual internal limit is 2^16 for the
- * complete hello message * (including the
- * cert chain and everything) */
- SSLerr(SSL_F_SSL3_CTRL, SSL_R_OPAQUE_PRF_INPUT_TOO_LONG);
- break;
- }
- if (s->tlsext_opaque_prf_input != NULL)
- OPENSSL_free(s->tlsext_opaque_prf_input);
- if ((size_t)larg == 0)
- s->tlsext_opaque_prf_input = OPENSSL_malloc(1); /* dummy byte
- * just to get
- * non-NULL */
- else
- s->tlsext_opaque_prf_input = BUF_memdup(parg, (size_t)larg);
- if (s->tlsext_opaque_prf_input != NULL) {
- s->tlsext_opaque_prf_input_len = (size_t)larg;
- ret = 1;
- } else
- s->tlsext_opaque_prf_input_len = 0;
- break;
-# endif
-
case SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE:
s->tlsext_status_type = larg;
ret = 1;
@@ -4071,12 +4031,6 @@ long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
return 1;
}

-# ifdef TLSEXT_TYPE_opaque_prf_input
- case SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT_CB_ARG:
- ctx->tlsext_opaque_prf_input_callback_arg = parg;
- return 1;
-# endif
-
case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG:
ctx->tlsext_status_arg = parg;
return 1;
@@ -4241,13 +4195,6 @@ long ssl3_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp) (void))
ctx->tlsext_servername_callback = (int (*)(SSL *, int *, void *))fp;
break;

-# ifdef TLSEXT_TYPE_opaque_prf_input
- case SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT_CB:
- ctx->tlsext_opaque_prf_input_callback =
- (int (*)(SSL *, void *, size_t, void *))fp;
- break;
-# endif
-
case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB:
ctx->tlsext_status_cb = (int (*)(SSL *, void *))fp;
break;
diff --git a/ssl/ssl.h b/ssl/ssl.h
index 5622860..0a6f4da 100644
--- a/ssl/ssl.h
+++ b/ssl/ssl.h
@@ -1054,11 +1054,6 @@ struct ssl_ctx_st {
/* Callback for status request */
int (*tlsext_status_cb) (SSL *ssl, void *arg);
void *tlsext_status_arg;
-
- /* draft-rescorla-tls-opaque-prf-input-00.txt information */
- int (*tlsext_opaque_prf_input_callback) (SSL *, void *peerinput,
- size_t len, void *arg);
- void *tlsext_opaque_prf_input_callback_arg;
# endif

# ifndef OPENSSL_NO_PSK
@@ -1573,12 +1568,6 @@ struct ssl_st {
/* our list */
unsigned char *tlsext_ellipticcurvelist;
# endif /* OPENSSL_NO_EC */
- /*
- * draft-rescorla-tls-opaque-prf-input-00.txt information to be used for
- * handshakes
- */
- void *tlsext_opaque_prf_input;
- size_t tlsext_opaque_prf_input_len;
/* TLS Session Ticket extension override */
TLS_SESSION_TICKET_EXT *tlsext_session_ticket;
/* TLS Session Ticket extension callback */
@@ -1861,9 +1850,9 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)
# define SSL_CTRL_SET_TLSEXT_DEBUG_ARG 57
# define SSL_CTRL_GET_TLSEXT_TICKET_KEYS 58
# define SSL_CTRL_SET_TLSEXT_TICKET_KEYS 59
-# define SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT 60
-# define SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT_CB 61
-# define SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT_CB_ARG 62
+/*# define SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT 60 */
+/*# define SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT_CB 61 */
+/*# define SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT_CB_ARG 62 */
# define SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB 63
# define SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG 64
# define SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE 65
diff --git a/ssl/ssl3.h b/ssl/ssl3.h
index 6c7c439..23eb156 100644
--- a/ssl/ssl3.h
+++ b/ssl/ssl3.h
@@ -530,15 +530,6 @@ typedef struct ssl3_state_st {
int total_renegotiations;
int num_renegotiations;
int in_read_app_data;
- /*
- * Opaque PRF input as used for the current handshake. These fields are
- * used only if TLSEXT_TYPE_opaque_prf_input is defined (otherwise, they
- * are merely present to improve binary compatibility)
- */
- void *client_opaque_prf_input;
- size_t client_opaque_prf_input_len;
- void *server_opaque_prf_input;
- size_t server_opaque_prf_input_len;
struct {
/* actually only needs to be 16+20 */
unsigned char cert_verify_md[EVP_MAX_MD_SIZE * 2];
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index 59a871c..2a84ff2 100644
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -610,8 +610,6 @@ void SSL_free(SSL *s)
if (s->tlsext_ellipticcurvelist)
OPENSSL_free(s->tlsext_ellipticcurvelist);
# endif /* OPENSSL_NO_EC */
- if (s->tlsext_opaque_prf_input)
- OPENSSL_free(s->tlsext_opaque_prf_input);
if (s->tlsext_ocsp_exts)
sk_X509_EXTENSION_pop_free(s->tlsext_ocsp_exts, X509_EXTENSION_free);
if (s->tlsext_ocsp_ids)
diff --git a/ssl/ssltest.c b/ssl/ssltest.c
index 0b4df3e..b90f6fb 100644
--- a/ssl/ssltest.c
+++ b/ssl/ssltest.c
@@ -956,30 +956,6 @@ static void lock_dbg_cb(int mode, int type, const char *file, int line)
}
}

-#ifdef TLSEXT_TYPE_opaque_prf_input
-struct cb_info_st {
- void *input;
- size_t len;
- int ret;
-};
-struct cb_info_st co1 = { "C", 1, 1 }; /* try to negotiate oqaque PRF input */
-struct cb_info_st co2 = { "C", 1, 2 }; /* insist on oqaque PRF input */
-struct cb_info_st so1 = { "S", 1, 1 }; /* try to negotiate oqaque PRF input */
-struct cb_info_st so2 = { "S", 1, 2 }; /* insist on oqaque PRF input */
-
-int opaque_prf_input_cb(SSL *ssl, void *peerinput, size_t len, void *arg_)
-{
- struct cb_info_st *arg = arg_;
-
- if (arg == NULL)
- return 1;
-
- if (!SSL_set_tlsext_opaque_prf_input(ssl, arg->input, arg->len))
- return 0;
- return arg->ret;
-}
-#endif
-

int main(int argc, char *argv[])

{
char *CApath = NULL, *CAfile = NULL;
@@ -1534,15 +1510,6 @@ int main(int argc, char *argv[])
SSL_CTX_set_tmp_rsa_callback(s_ctx, tmp_rsa_cb);
#endif

-#ifdef TLSEXT_TYPE_opaque_prf_input
- SSL_CTX_set_tlsext_opaque_prf_input_callback(c_ctx, opaque_prf_input_cb);
- SSL_CTX_set_tlsext_opaque_prf_input_callback(s_ctx, opaque_prf_input_cb);
- /* or &co2 or NULL */
- SSL_CTX_set_tlsext_opaque_prf_input_callback_arg(c_ctx, &co1);
- /* or &so2 or NULL */
- SSL_CTX_set_tlsext_opaque_prf_input_callback_arg(s_ctx, &so1);
-#endif
-
if (!SSL_CTX_use_certificate_file(s_ctx, server_cert, SSL_FILETYPE_PEM)) {
ERR_print_errors(bio_err);
} else if (!SSL_CTX_use_PrivateKey_file(s_ctx,
diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c
index 693a1b0..3f4973e 100644
--- a/ssl/t1_enc.c
+++ b/ssl/t1_enc.c
@@ -1099,22 +1099,6 @@ int tls1_generate_master_secret(SSL *s, unsigned char *out, unsigned char *p,
len);
#endif /* KSSL_DEBUG */

-#ifdef TLSEXT_TYPE_opaque_prf_input
- if (s->s3->client_opaque_prf_input != NULL
- && s->s3->server_opaque_prf_input != NULL
- && s->s3->client_opaque_prf_input_len > 0
- && s->s3->client_opaque_prf_input_len ==
- s->s3->server_opaque_prf_input_len) {
- co = s->s3->client_opaque_prf_input;
- col = s->s3->server_opaque_prf_input_len;
- so = s->s3->server_opaque_prf_input;
- /*
- * must be same as col (see
- * draft-resc-00.txts-opaque-prf-input-00.txt, section 3.1)
- */
- sol = s->s3->client_opaque_prf_input_len;
- }
-#endif

tls1_PRF(ssl_get_algorithm2(s),
TLS_MD_MASTER_SECRET_CONST, TLS_MD_MASTER_SECRET_CONST_SIZE,
diff --git a/ssl/t1_ext.c b/ssl/t1_ext.c
index 724ddf7..ce54f4f 100644
--- a/ssl/t1_ext.c
+++ b/ssl/t1_ext.c
@@ -284,9 +284,6 @@ int SSL_extension_supported(unsigned int ext_type)
case TLSEXT_TYPE_srp:
case TLSEXT_TYPE_status_request:
case TLSEXT_TYPE_use_srtp:
-# ifdef TLSEXT_TYPE_opaque_prf_input
- case TLSEXT_TYPE_opaque_prf_input:
-# endif
# ifdef TLSEXT_TYPE_encrypt_then_mac
case TLSEXT_TYPE_encrypt_then_mac:
# endif
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index 6a1ed6a..9be7347 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -1335,22 +1335,6 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *buf,
s2n(salglen, etmp);
ret += salglen;
}
-# ifdef TLSEXT_TYPE_opaque_prf_input
- if (s->s3->client_opaque_prf_input != NULL) {
- size_t col = s->s3->client_opaque_prf_input_len;
-
- if ((long)(limit - ret - 6 - col) < 0)
- return NULL;
- if (col > 0xFFFD) /* can't happen */
- return NULL;
-
- s2n(TLSEXT_TYPE_opaque_prf_input, ret);
- s2n(col + 2, ret);
- s2n(col, ret);
- memcpy(ret, s->s3->client_opaque_prf_input, col);
- ret += col;
- }
-# endif

if (s->tlsext_status_type == TLSEXT_STATUSTYPE_ocsp) {
int i;
@@ -1601,22 +1585,6 @@ unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *buf,
s2n(TLSEXT_TYPE_status_request, ret);
s2n(0, ret);
}
-# ifdef TLSEXT_TYPE_opaque_prf_input
- if (s->s3->server_opaque_prf_input != NULL) {
- size_t sol = s->s3->server_opaque_prf_input_len;
-
- if ((long)(limit - ret - 6 - sol) < 0)
- return NULL;
- if (sol > 0xFFFD) /* can't happen */
- return NULL;
-
- s2n(TLSEXT_TYPE_opaque_prf_input, ret);
- s2n(sol + 2, ret);
- s2n(sol, ret);
- memcpy(ret, s->s3->server_opaque_prf_input, sol);
- ret += sol;
- }
-# endif

# ifndef OPENSSL_NO_SRTP
if (SSL_IS_DTLS(s) && s->srtp_profile) {
@@ -2154,37 +2122,6 @@ static int ssl_scan_clienthello_tlsext(SSL *s, unsigned char **p,
# endif
}
# endif /* OPENSSL_NO_EC */
-# ifdef TLSEXT_TYPE_opaque_prf_input
- else if (type == TLSEXT_TYPE_opaque_prf_input) {
- unsigned char *sdata = data;
-
- if (size < 2) {
- *al = SSL_AD_DECODE_ERROR;
- return 0;
- }
- n2s(sdata, s->s3->client_opaque_prf_input_len);
- if (s->s3->client_opaque_prf_input_len != size - 2) {
- *al = SSL_AD_DECODE_ERROR;

- return 0;
- }
-

- if (s->s3->client_opaque_prf_input != NULL) {
- /* shouldn't really happen */
- OPENSSL_free(s->s3->client_opaque_prf_input);
- }
-
- /* dummy byte just to get non-NULL */
- if (s->s3->client_opaque_prf_input_len == 0)
- s->s3->client_opaque_prf_input = OPENSSL_malloc(1);
- else
- s->s3->client_opaque_prf_input =
- BUF_memdup(sdata, s->s3->client_opaque_prf_input_len);
- if (s->s3->client_opaque_prf_input == NULL) {
- *al = TLS1_AD_INTERNAL_ERROR;

- return 0;
- }
- }

-# endif
else if (type == TLSEXT_TYPE_session_ticket) {
if (s->tls_session_ticket_ext_cb &&
!s->tls_session_ticket_ext_cb(s, data, size,
@@ -2540,38 +2477,6 @@ static int ssl_scan_serverhello_tlsext(SSL *s, unsigned char **p,
}
s->tlsext_ticket_expected = 1;
}
-# ifdef TLSEXT_TYPE_opaque_prf_input
- else if (type == TLSEXT_TYPE_opaque_prf_input) {
- unsigned char *sdata = data;
-
- if (size < 2) {
- *al = SSL_AD_DECODE_ERROR;
- return 0;
- }
- n2s(sdata, s->s3->server_opaque_prf_input_len);
- if (s->s3->server_opaque_prf_input_len != size - 2) {
- *al = SSL_AD_DECODE_ERROR;

- return 0;
- }
-

- if (s->s3->server_opaque_prf_input != NULL) {
- /* shouldn't really happen */
- OPENSSL_free(s->s3->server_opaque_prf_input);
- }
- if (s->s3->server_opaque_prf_input_len == 0) {
- /* dummy byte just to get non-NULL */
- s->s3->server_opaque_prf_input = OPENSSL_malloc(1);
- } else {
- s->s3->server_opaque_prf_input =
- BUF_memdup(sdata, s->s3->server_opaque_prf_input_len);
- }
-
- if (s->s3->server_opaque_prf_input == NULL) {
- *al = TLS1_AD_INTERNAL_ERROR;

- return 0;
- }
- }

-# endif
else if (type == TLSEXT_TYPE_status_request) {
/*
* MUST be empty and only sent if we've requested a status
@@ -2745,51 +2650,6 @@ static int ssl_scan_serverhello_tlsext(SSL *s, unsigned char **p,
int ssl_prepare_clienthello_tlsext(SSL *s)
{

-# ifdef TLSEXT_TYPE_opaque_prf_input
- {
- int r = 1;
-
- if (s->ctx->tlsext_opaque_prf_input_callback != 0) {
- r = s->ctx->tlsext_opaque_prf_input_callback(s, NULL, 0,
- s->
- ctx->tlsext_opaque_prf_input_callback_arg);
- if (!r)
- return -1;
- }
-
- if (s->tlsext_opaque_prf_input != NULL) {
- if (s->s3->client_opaque_prf_input != NULL) {
- /* shouldn't really happen */
- OPENSSL_free(s->s3->client_opaque_prf_input);
- }
-
- if (s->tlsext_opaque_prf_input_len == 0) {
- /* dummy byte just to get non-NULL */
- s->s3->client_opaque_prf_input = OPENSSL_malloc(1);
- } else {
- s->s3->client_opaque_prf_input =
- BUF_memdup(s->tlsext_opaque_prf_input,
- s->tlsext_opaque_prf_input_len);
- }
- if (s->s3->client_opaque_prf_input == NULL) {
- SSLerr(SSL_F_SSL_PREPARE_CLIENTHELLO_TLSEXT,
- ERR_R_MALLOC_FAILURE);
- return -1;
- }
- s->s3->client_opaque_prf_input_len =
- s->tlsext_opaque_prf_input_len;
- }
-
- if (r == 2)
- /*
- * at callback's request, insist on receiving an appropriate
- * server opaque PRF input
- */
- s->s3->server_opaque_prf_input_len =
- s->tlsext_opaque_prf_input_len;
- }
-# endif
-
return 1;
}

@@ -2825,73 +2685,6 @@ static int ssl_check_clienthello_tlsext_early(SSL *s)
s->
initial_ctx->tlsext_servername_arg);

-# ifdef TLSEXT_TYPE_opaque_prf_input
- {
- /*
- * This sort of belongs into ssl_prepare_serverhello_tlsext(), but we
- * might be sending an alert in response to the client hello, so this
- * has to happen here in ssl_check_clienthello_tlsext_early().
- */
-
- int r = 1;
-
- if (s->ctx->tlsext_opaque_prf_input_callback != 0) {
- r = s->ctx->tlsext_opaque_prf_input_callback(s, NULL, 0,
- s->
- ctx->tlsext_opaque_prf_input_callback_arg);
- if (!r) {
- ret = SSL_TLSEXT_ERR_ALERT_FATAL;
- al = SSL_AD_INTERNAL_ERROR;

- goto err;
- }
- }

-
- if (s->s3->server_opaque_prf_input != NULL) {
- /* shouldn't really happen */
- OPENSSL_free(s->s3->server_opaque_prf_input);
- }
- s->s3->server_opaque_prf_input = NULL;
-
- if (s->tlsext_opaque_prf_input != NULL) {
- if (s->s3->client_opaque_prf_input != NULL &&
- s->s3->client_opaque_prf_input_len ==
- s->tlsext_opaque_prf_input_len) {
- /*
- * can only use this extension if we have a server opaque PRF
- * input of the same length as the client opaque PRF input!
- */
-
- if (s->tlsext_opaque_prf_input_len == 0) {
- /* dummy byte just to get non-NULL */
- s->s3->server_opaque_prf_input = OPENSSL_malloc(1);
- } else {
- s->s3->server_opaque_prf_input =
- BUF_memdup(s->tlsext_opaque_prf_input,
- s->tlsext_opaque_prf_input_len);
- }
- if (s->s3->server_opaque_prf_input == NULL) {
- ret = SSL_TLSEXT_ERR_ALERT_FATAL;
- al = SSL_AD_INTERNAL_ERROR;
- goto err;
- }
- s->s3->server_opaque_prf_input_len =
- s->tlsext_opaque_prf_input_len;
- }
- }
-
- if (r == 2 && s->s3->server_opaque_prf_input == NULL) {
- /*
- * The callback wants to enforce use of the extension, but we
- * can't do that with the client opaque PRF input; abort the
- * handshake.
- */
- ret = SSL_TLSEXT_ERR_ALERT_FATAL;
- al = SSL_AD_HANDSHAKE_FAILURE;
- }
- }
-
- err:
-# endif
switch (ret) {
case SSL_TLSEXT_ERR_ALERT_FATAL:
ssl3_send_alert(s, SSL3_AL_FATAL, al);
@@ -3057,32 +2850,6 @@ int ssl_check_serverhello_tlsext(SSL *s)
s->
initial_ctx->tlsext_servername_arg);

-# ifdef TLSEXT_TYPE_opaque_prf_input
- if (s->s3->server_opaque_prf_input_len > 0) {
- /*
- * This case may indicate that we, as a client, want to insist on
- * using opaque PRF inputs. So first verify that we really have a
- * value from the server too.
- */
-
- if (s->s3->server_opaque_prf_input == NULL) {
- ret = SSL_TLSEXT_ERR_ALERT_FATAL;
- al = SSL_AD_HANDSHAKE_FAILURE;
- }
-
- /*
- * Anytime the server *has* sent an opaque PRF input, we need to
- * check that we have a client opaque PRF input of the same size.
- */
- if (s->s3->client_opaque_prf_input == NULL ||
- s->s3->client_opaque_prf_input_len !=
- s->s3->server_opaque_prf_input_len) {
- ret = SSL_TLSEXT_ERR_ALERT_FATAL;
- al = SSL_AD_ILLEGAL_PARAMETER;
- }
- }
-# endif
-
/*
* If we've requested certificate status and we wont get one tell the
* callback
diff --git a/ssl/t1_trce.c b/ssl/t1_trce.c
index 49b767f..26160ed 100644
--- a/ssl/t1_trce.c
+++ b/ssl/t1_trce.c
@@ -361,9 +361,6 @@ static ssl_trace_tbl ssl_exts_tbl[] = {
{TLSEXT_TYPE_use_srtp, "use_srtp"},
{TLSEXT_TYPE_heartbeat, "heartbeat"},
{TLSEXT_TYPE_session_ticket, "session_ticket"},
-# ifdef TLSEXT_TYPE_opaque_prf_input
- {TLSEXT_TYPE_opaque_prf_input, "opaque_prf_input"},
-# endif
{TLSEXT_TYPE_renegotiate, "renegotiate"},
{TLSEXT_TYPE_next_proto_neg, "next_proto_neg"},
{TLSEXT_TYPE_padding, "padding"}
diff --git a/ssl/tls1.h b/ssl/tls1.h
index 91c2cce..1f756a4 100644
--- a/ssl/tls1.h
+++ b/ssl/tls1.h
@@ -254,16 +254,6 @@ extern "C" {
/* ExtensionType value from RFC4507 */
# define TLSEXT_TYPE_session_ticket 35

-/* ExtensionType value from draft-rescorla-tls-opaque-prf-input-00.txt */
-# if 0
-/*
- * will have to be provided externally for now ,
- * i.e. build with -DTLSEXT_TYPE_opaque_prf_input=38183
- * using whatever extension number you'd like to try
- */
-# define TLSEXT_TYPE_opaque_prf_input ??
-# endif
-
/* Temporary extension type */
# define TLSEXT_TYPE_renegotiate 0xff01

@@ -394,13 +384,6 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB,(void (*)(void))cb)
# define SSL_CTX_set_tlsext_status_arg(ssl, arg) \
SSL_CTX_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG,0, (void *)arg)

-# define SSL_set_tlsext_opaque_prf_input(s, src, len) \
-SSL_ctrl(s,SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT, len, src)
-# define SSL_CTX_set_tlsext_opaque_prf_input_callback(ctx, cb) \
-SSL_CTX_callback_ctrl(ctx,SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT_CB, (void (*)(void))cb)
-# define SSL_CTX_set_tlsext_opaque_prf_input_callback_arg(ctx, arg) \
-SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT_CB_ARG, 0, arg)
-
# define SSL_CTX_set_tlsext_ticket_key_cb(ssl, cb) \
SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb)

Rich Salz

unread,

Jan 28, 2015, 3:37:54 PM1/28/15

to

The branch master has been updated

discards bff6986d9cf373cba053f5d4f5e80c6775536932 (commit)
via 68fd6dce73e07cb9a5944e8667455f2f9a80d52e (commit)

This update added new revisions after undoing existing revisions. That is
to say, the old revision is not a strict subset of the new revision. This
situation occurs when you --force push a change and generate a repository
containing something like this:

* -- * -- B -- O -- O -- O (bff6986d9cf373cba053f5d4f5e80c6775536932)
\
N -- N -- N (68fd6dce73e07cb9a5944e8667455f2f9a80d52e)

When this happens we assume that you've already had alert emails for all
of the O revisions, and so we here report only the revisions in the N
branch from the common base, B.

- Log -----------------------------------------------------------------
commit 68fd6dce73e07cb9a5944e8667455f2f9a80d52e

Author: Rich Salz <rs...@openssl.org>
Date: Wed Jan 28 14:53:04 2015 -0500

Remove support for opaque-prf

An expired IETF Internet-Draft (seven years old) that nobody
implements, and probably just as good as NSA DRBG work.

Reviewed-by: Richard Levitte <lev...@openssl.org>

-----------------------------------------------------------------------

Summary of changes:

Rich Salz

unread,

Jan 28, 2015, 3:42:19 PM1/28/15

to

The branch master has been updated

via 537bf4381b0db3436e8ef8daff65e39e8593eecf (commit)
from 68fd6dce73e07cb9a5944e8667455f2f9a80d52e (commit)

- Log -----------------------------------------------------------------
commit 537bf4381b0db3436e8ef8daff65e39e8593eecf
Author: Rich Salz <rs...@openssl.org>
Date: Wed Jan 28 15:41:14 2015 -0500

Fix int/unsigned compiler complaint

Reviewed-by: Matt Caswell <ma...@openssl.org>

-----------------------------------------------------------------------

Summary of changes:

crypto/x509v3/v3_addr.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/crypto/x509v3/v3_addr.c b/crypto/x509v3/v3_addr.c
index 1635421..fecf765 100644
--- a/crypto/x509v3/v3_addr.c
+++ b/crypto/x509v3/v3_addr.c
@@ -527,7 +527,7 @@ static IPAddressFamily *make_IPAddressFamily(IPAddrBlocks *addr,
{
IPAddressFamily *f;
unsigned char key[3];
- unsigned keylen;
+ int keylen;
int i;

key[0] = (afi >> 8) & 0xFF;

Matt Caswell

unread,

Jan 28, 2015, 5:56:21 PM1/28/15

to

The branch master has been updated

via 7317192c645f24dfdb0c8340b871bc045454f8f4 (commit)
from 537bf4381b0db3436e8ef8daff65e39e8593eecf (commit)

- Log -----------------------------------------------------------------
commit 7317192c645f24dfdb0c8340b871bc045454f8f4
Author: Matt Caswell <ma...@openssl.org>
Date: Wed Jan 28 13:01:44 2015 +0000

Fix various windows compilation issues

Reviewed-by: Tim Hudson <t...@openssl.org>

-----------------------------------------------------------------------

Summary of changes:

crypto/sha/Makefile | 2 +-
ms/test.bat | 4 ----
ms/testce.bat | 4 ----
util/mkdef.pl | 2 +-
4 files changed, 2 insertions(+), 10 deletions(-)

diff --git a/crypto/sha/Makefile b/crypto/sha/Makefile
index c72bba6..17dcbc8 100644
--- a/crypto/sha/Makefile
+++ b/crypto/sha/Makefile
@@ -18,7 +18,7 @@ ASFLAGS= $(INCLUDES) $(ASFLAG)
AFLAGS= $(ASFLAGS)

GENERAL=Makefile
-TEST=shatest.c sha1test.c sha256t.c sha512t.c
+TEST=sha1test.c sha256t.c sha512t.c
APPS=

LIB=$(TOP)/libcrypto.a
diff --git a/ms/test.bat b/ms/test.bat
index d0b6060..e8b7ae2 100755
--- a/ms/test.bat
+++ b/ms/test.bat
@@ -23,10 +23,6 @@ echo bftest
bftest
if errorlevel 1 goto done

-echo shatest
-shatest
-if errorlevel 1 goto done
-
echo sha1test
sha1test
if errorlevel 1 goto done
diff --git a/ms/testce.bat b/ms/testce.bat
index 8de94a4..9b309e4 100644
--- a/ms/testce.bat
+++ b/ms/testce.bat
@@ -32,10 +32,6 @@ echo bftest
call %test%\testce2 bftest
if errorlevel 1 goto done

-echo shatest
-call %test%\testce2 shatest
-if errorlevel 1 goto done
-
echo sha1test
call %test%\testce2 sha1test
if errorlevel 1 goto done
diff --git a/util/mkdef.pl b/util/mkdef.pl
index b67d14b..faed402 100755
--- a/util/mkdef.pl
+++ b/util/mkdef.pl
@@ -140,7 +140,7 @@ my $no_md2; my $no_md4; my $no_md5; my $no_sha; my $no_ripemd; my $no_mdc2;

my $no_rsa; my $no_dsa; my $no_dh; my $no_hmac=0; my $no_aes; my $no_krb5;
my $no_ec; my $no_ecdsa; my $no_ecdh; my $no_engine; my $no_hw;

my $no_fp_api; my $no_static_engine=1; my $no_gmp; my $no_deprecated;

-my my $no_psk; my $no_tlsext; my $no_cms; my $no_capieng;
+my $no_psk; my $no_tlsext; my $no_cms; my $no_capieng;

my $no_jpake; my $no_srp; my $no_ec2m; my $no_nistp_gcc;
my $no_nextprotoneg; my $no_sctp; my $no_srtp; my $no_ssl_trace;

my $no_unit_test; my $no_ssl3_method; my $no_ocb;

Richard Levitte

unread,

Jan 28, 2015, 11:36:36 PM1/28/15

to

The branch master has been updated

via c6ef15c494e49ecc505156c8063474b20e29ef6a (commit)
from 7317192c645f24dfdb0c8340b871bc045454f8f4 (commit)

- Log -----------------------------------------------------------------
commit c6ef15c494e49ecc505156c8063474b20e29ef6a
Author: Richard Levitte <lev...@openssl.org>
Date: Thu Jan 29 01:54:09 2015 +0100

clang on Linux x86_64 complains about unreachable code.

Reviewed-by: Rich Salz <rs...@openssl.org>

-----------------------------------------------------------------------

Summary of changes:

apps/pkcs12.c | 1 -
crypto/asn1/asn1_gen.c | 2 --
crypto/asn1/asn_mime.c | 1 -
crypto/asn1/bio_asn1.c | 1 -
crypto/asn1/tasn_dec.c | 1 -
crypto/asn1/tasn_enc.c | 3 ---
crypto/bf/bftest.c | 1 -
crypto/bio/bss_dgram.c | 1 -
crypto/bn/bntest.c | 1 -
crypto/bn/exptest.c | 1 -
crypto/cast/casttest.c | 1 -
crypto/cms/cms_env.c | 2 --
crypto/dh/dhtest.c | 1 -
crypto/dsa/dsatest.c | 1 -
crypto/ecdh/ecdhtest.c | 1 -
crypto/evp/evp_enc.c | 1 -
crypto/evp/evp_pkey.c | 2 --
crypto/evp/evp_test.c | 1 -
crypto/hmac/hmactest.c | 1 -
crypto/idea/ideatest.c | 1 -
crypto/md4/md4test.c | 1 -
crypto/md5/md5test.c | 1 -
crypto/mdc2/mdc2test.c | 1 -
crypto/ocsp/ocsp_ht.c | 2 --
crypto/pkcs12/p12_kiss.c | 2 --
crypto/rand/randtest.c | 1 -
crypto/rc2/rc2test.c | 1 -
crypto/rc4/rc4test.c | 1 -
crypto/ripemd/rmdtest.c | 1 -
crypto/x509v3/pcy_tree.c | 2 +-
engines/ccgost/gost_ameth.c | 2 --
engines/ccgost/gost_pmeth.c | 6 ------
ssl/s3_lib.c | 7 -------
ssl/ssl_rsa.c | 2 +-
ssl/ssltest.c | 1 -
35 files changed, 2 insertions(+), 54 deletions(-)

diff --git a/apps/pkcs12.c b/apps/pkcs12.c
index 0de46f0..3c06930 100644
--- a/apps/pkcs12.c
+++ b/apps/pkcs12.c
@@ -892,7 +892,6 @@ int dump_certs_pkeys_bag(BIO *out, PKCS12_SAFEBAG *bag, char *pass,
i2a_ASN1_OBJECT(bio_err, bag->type);
BIO_printf(bio_err, "\n");
return 1;
- break;
}
return 1;
}
diff --git a/crypto/asn1/asn1_gen.c b/crypto/asn1/asn1_gen.c
index 87066e8..9735cb5 100644
--- a/crypto/asn1/asn1_gen.c
+++ b/crypto/asn1/asn1_gen.c
@@ -419,7 +419,6 @@ static int parse_tagging(const char *vstart, int vlen, int *ptag, int *pclass)
ASN1err(ASN1_F_PARSE_TAGGING, ASN1_R_INVALID_MODIFIER);
ERR_add_error_data(2, "Char=", erch);
return 0;
- break;

}
} else
@@ -769,7 +768,6 @@ static ASN1_TYPE *asn1_str2type(const char *str, int format, int utype)
default:
ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_UNSUPPORTED_TYPE);
goto bad_str;
- break;
}

atmp->type = utype;
diff --git a/crypto/asn1/asn_mime.c b/crypto/asn1/asn_mime.c
index 7aae022..97e5b34 100644
--- a/crypto/asn1/asn_mime.c
+++ b/crypto/asn1/asn_mime.c
@@ -246,7 +246,6 @@ static int asn1_write_micalg(BIO *out, STACK_OF(X509_ALGOR) *mdalgs)
case NID_id_GostR3411_94:
BIO_puts(out, "gostr3411-94");
goto err;
- break;

default:
if (have_unknown)
diff --git a/crypto/asn1/bio_asn1.c b/crypto/asn1/bio_asn1.c
index 60189b3..0b4fd1d 100644
--- a/crypto/asn1/bio_asn1.c
+++ b/crypto/asn1/bio_asn1.c
@@ -422,7 +422,6 @@ static long asn1_bio_ctrl(BIO *b, int cmd, long arg1, void *arg2)
BIO_clear_retry_flags(b);
return 0;
}
- break;

default:
if (!b->next_bio)
diff --git a/crypto/asn1/tasn_dec.c b/crypto/asn1/tasn_dec.c
index 4595664..abdeba4 100644
--- a/crypto/asn1/tasn_dec.c
+++ b/crypto/asn1/tasn_dec.c
@@ -206,7 +206,6 @@ int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len,
}
return asn1_d2i_ex_primitive(pval, in, len, it,
tag, aclass, opt, ctx);
- break;

case ASN1_ITYPE_MSTRING:
p = *in;
diff --git a/crypto/asn1/tasn_enc.c b/crypto/asn1/tasn_enc.c
index f04a689..bc9429c 100644
--- a/crypto/asn1/tasn_enc.c
+++ b/crypto/asn1/tasn_enc.c
@@ -147,7 +147,6 @@ int ASN1_item_ex_i2d(ASN1_VALUE **pval, unsigned char **out,
return asn1_template_ex_i2d(pval, out, it->templates,
tag, aclass);
return asn1_i2d_ex_primitive(pval, out, it, tag, aclass);
- break;

case ASN1_ITYPE_MSTRING:
return asn1_i2d_ex_primitive(pval, out, it, -1, aclass);
@@ -608,7 +607,6 @@ int asn1_ex_i2c(ASN1_VALUE **pval, unsigned char *cout, int *putype,
case V_ASN1_BIT_STRING:
return i2c_ASN1_BIT_STRING((ASN1_BIT_STRING *)*pval,
cout ? &cout : NULL);
- break;

case V_ASN1_INTEGER:
case V_ASN1_NEG_INTEGER:
@@ -618,7 +616,6 @@ int asn1_ex_i2c(ASN1_VALUE **pval, unsigned char *cout, int *putype,
* These are all have the same content format as ASN1_INTEGER
*/
return i2c_ASN1_INTEGER((ASN1_INTEGER *)*pval, cout ? &cout : NULL);
- break;

case V_ASN1_OCTET_STRING:
case V_ASN1_NUMERICSTRING:
diff --git a/crypto/bf/bftest.c b/crypto/bf/bftest.c
index 0b008f0..e581bf5 100644
--- a/crypto/bf/bftest.c
+++ b/crypto/bf/bftest.c
@@ -294,7 +294,6 @@ int main(int argc, char *argv[])
printf("ERROR: %d\n", ret);
# endif
EXIT(ret);
- return (0);
}

static int print_test_data(void)
diff --git a/crypto/bio/bss_dgram.c b/crypto/bio/bss_dgram.c
index 885b969..7373597 100644
--- a/crypto/bio/bss_dgram.c
+++ b/crypto/bio/bss_dgram.c
@@ -686,7 +686,6 @@ static long dgram_ctrl(BIO *b, int cmd, long num, void *ptr)
break;
case BIO_CTRL_DGRAM_GET_MTU:
return data->mtu;
- break;
case BIO_CTRL_DGRAM_SET_MTU:
data->mtu = num;
ret = num;
diff --git a/crypto/bn/bntest.c b/crypto/bn/bntest.c
index e03c808..4d109d8 100644
--- a/crypto/bn/bntest.c
+++ b/crypto/bn/bntest.c
@@ -353,7 +353,6 @@ int main(int argc, char *argv[])
ERR_load_crypto_strings();
ERR_print_errors_fp(stderr);
EXIT(1);
- return (1);
}

int test_add(BIO *bp)
diff --git a/crypto/bn/exptest.c b/crypto/bn/exptest.c
index bf96c5b..2da8dc2 100644
--- a/crypto/bn/exptest.c
+++ b/crypto/bn/exptest.c
@@ -254,5 +254,4 @@ int main(int argc, char *argv[])
printf("ERROR\n");
#endif
EXIT(1);
- return (1);
}
diff --git a/crypto/cast/casttest.c b/crypto/cast/casttest.c
index dc31bc6..9c6614b 100644
--- a/crypto/cast/casttest.c
+++ b/crypto/cast/casttest.c
@@ -236,6 +236,5 @@ int main(int argc, char *argv[])
# endif

EXIT(err);
- return (err);
}
#endif
diff --git a/crypto/cms/cms_env.c b/crypto/cms/cms_env.c
index 93c06cb..624c3f2 100644
--- a/crypto/cms/cms_env.c
+++ b/crypto/cms/cms_env.c
@@ -832,11 +832,9 @@ int CMS_RecipientInfo_encrypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri)

case CMS_RECIPINFO_KEK:
return cms_RecipientInfo_kekri_encrypt(cms, ri);
- break;

case CMS_RECIPINFO_PASS:
return cms_RecipientInfo_pwri_crypt(cms, ri, 1);
- break;

default:
CMSerr(CMS_F_CMS_RECIPIENTINFO_ENCRYPT,
diff --git a/crypto/dh/dhtest.c b/crypto/dh/dhtest.c
index 988322a..9bb9a00 100644
--- a/crypto/dh/dhtest.c
+++ b/crypto/dh/dhtest.c
@@ -211,7 +211,6 @@ int main(int argc, char *argv[])
printf("ERROR: %d\n", ret);
# endif
EXIT(ret);
- return (ret);
}

static int cb(int p, int n, BN_GENCB *arg)
diff --git a/crypto/dsa/dsatest.c b/crypto/dsa/dsatest.c
index ed3b24a..9b13089 100644
--- a/crypto/dsa/dsatest.c
+++ b/crypto/dsa/dsatest.c
@@ -228,7 +228,6 @@ int main(int argc, char **argv)
printf("ERROR\n");
# endif
EXIT(!ret);
- return (0);
}

static int dsa_cb(int p, int n, BN_GENCB *arg)
diff --git a/crypto/ecdh/ecdhtest.c b/crypto/ecdh/ecdhtest.c
index 04b0cf3..5aed2b1 100644
--- a/crypto/ecdh/ecdhtest.c
+++ b/crypto/ecdh/ecdhtest.c
@@ -543,7 +543,6 @@ int main(int argc, char *argv[])
ERR_remove_thread_state(NULL);
CRYPTO_mem_leaks_fp(stderr);
EXIT(ret);
- return (ret);
}

# if 0
diff --git a/crypto/evp/evp_enc.c b/crypto/evp/evp_enc.c
index 1113518..3d40b04 100644
--- a/crypto/evp/evp_enc.c
+++ b/crypto/evp/evp_enc.c
@@ -227,7 +227,6 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,

default:
return 0;
- break;
}
}

diff --git a/crypto/evp/evp_pkey.c b/crypto/evp/evp_pkey.c
index 6a45629..52c9a86 100644
--- a/crypto/evp/evp_pkey.c
+++ b/crypto/evp/evp_pkey.c
@@ -152,13 +152,11 @@ PKCS8_PRIV_KEY_INFO *PKCS8_set_broken(PKCS8_PRIV_KEY_INFO *p8, int broken)
case PKCS8_OK:
p8->broken = PKCS8_OK;
return p8;
- break;

case PKCS8_NO_OCTET:
p8->broken = PKCS8_NO_OCTET;
p8->pkey->type = V_ASN1_SEQUENCE;
return p8;
- break;

default:
EVPerr(EVP_F_PKCS8_SET_BROKEN, EVP_R_PKCS8_UNKNOWN_BROKEN_TYPE);
diff --git a/crypto/evp/evp_test.c b/crypto/evp/evp_test.c
index 597b9fe..b356131 100644
--- a/crypto/evp/evp_test.c
+++ b/crypto/evp/evp_test.c
@@ -126,7 +126,6 @@ static unsigned char *ustrsep(char **p, const char *sep)
static int test1_exit(int ec)
{
EXIT(ec);
- return (0); /* To keep some compilers quiet */
}

/* Test copying of contexts */
diff --git a/crypto/hmac/hmactest.c b/crypto/hmac/hmactest.c
index 3d130a0..492f5c5 100644
--- a/crypto/hmac/hmactest.c
+++ b/crypto/hmac/hmactest.c
@@ -150,7 +150,6 @@ int main(int argc, char *argv[])
}
# endif /* OPENSSL_NO_MD5 */
EXIT(err);
- return (0);
}

# ifndef OPENSSL_NO_MD5
diff --git a/crypto/idea/ideatest.c b/crypto/idea/ideatest.c
index a967dd5..dd5d9ff 100644
--- a/crypto/idea/ideatest.c
+++ b/crypto/idea/ideatest.c
@@ -173,7 +173,6 @@ int main(int argc, char *argv[])

printf("ERROR: %d\n", err);

# endif
EXIT(err);
- return (err);
}

static int cfb64_test(unsigned char *cfb_cipher)
diff --git a/crypto/md4/md4test.c b/crypto/md4/md4test.c
index 59f23bb..9c82eb0 100644
--- a/crypto/md4/md4test.c
+++ b/crypto/md4/md4test.c
@@ -118,7 +118,6 @@ int main(int argc, char *argv[])
P++;
}
EXIT(err);
- return (0);

}

static char *pt(unsigned char *md)

diff --git a/crypto/md5/md5test.c b/crypto/md5/md5test.c
index 0d0ab2d..3016ee3 100644
--- a/crypto/md5/md5test.c
+++ b/crypto/md5/md5test.c
@@ -123,7 +123,6 @@ int main(int argc, char *argv[])

printf("ERROR: %d\n", err);

# endif
EXIT(err);
- return (0);

}

static char *pt(unsigned char *md)

diff --git a/crypto/mdc2/mdc2test.c b/crypto/mdc2/mdc2test.c
index 8416252..a0d77a3 100644
--- a/crypto/mdc2/mdc2test.c
+++ b/crypto/mdc2/mdc2test.c
@@ -141,6 +141,5 @@ int main(int argc, char *argv[])
printf("ERROR: %d\n", ret);
# endif
EXIT(ret);
- return (ret);
}
#endif
diff --git a/crypto/ocsp/ocsp_ht.c b/crypto/ocsp/ocsp_ht.c
index 446882d..aca0d48 100644
--- a/crypto/ocsp/ocsp_ht.c
+++ b/crypto/ocsp/ocsp_ht.c
@@ -508,8 +508,6 @@ int OCSP_REQ_CTX_nbio(OCSP_REQ_CTX *rctx)
rctx->state = OHS_DONE;
return 1;

- break;
-
case OHS_DONE:
return 1;

diff --git a/crypto/pkcs12/p12_kiss.c b/crypto/pkcs12/p12_kiss.c
index ee476c3..4fd8b8c 100644
--- a/crypto/pkcs12/p12_kiss.c
+++ b/crypto/pkcs12/p12_kiss.c
@@ -287,11 +287,9 @@ static int parse_bag(PKCS12_SAFEBAG *bag, const char *pass, int passlen,

case NID_safeContentsBag:
return parse_bags(bag->value.safes, pass, passlen, pkey, ocerts);
- break;

default:
return 1;
- break;
}
return 1;
}
diff --git a/crypto/rand/randtest.c b/crypto/rand/randtest.c
index 3c2628c..267752e 100644
--- a/crypto/rand/randtest.c
+++ b/crypto/rand/randtest.c
@@ -195,5 +195,4 @@ int main(int argc, char **argv)

printf("ERROR: %d\n", err);

#endif
EXIT(err);
- return (err);
}
diff --git a/crypto/rc2/rc2test.c b/crypto/rc2/rc2test.c
index f7eae13..ae57e56 100644
--- a/crypto/rc2/rc2test.c
+++ b/crypto/rc2/rc2test.c
@@ -147,7 +147,6 @@ int main(int argc, char *argv[])

printf("ERROR: %d\n", err);

# endif
EXIT(err);
- return (err);
}

#endif
diff --git a/crypto/rc4/rc4test.c b/crypto/rc4/rc4test.c
index e2bfbfa..a1f96e4 100644
--- a/crypto/rc4/rc4test.c
+++ b/crypto/rc4/rc4test.c
@@ -230,6 +230,5 @@ int main(int argc, char *argv[])

printf("ERROR: %d\n", err);

# endif
EXIT(err);
- return (0);
}
#endif
diff --git a/crypto/ripemd/rmdtest.c b/crypto/ripemd/rmdtest.c
index 86054c7..b0ebb12 100644
--- a/crypto/ripemd/rmdtest.c
+++ b/crypto/ripemd/rmdtest.c
@@ -128,7 +128,6 @@ int main(int argc, char *argv[])
P++;
}
EXIT(err);
- return (0);

}

static char *pt(unsigned char *md)

diff --git a/crypto/x509v3/pcy_tree.c b/crypto/x509v3/pcy_tree.c
index 8d02092..d4b550e 100644
--- a/crypto/x509v3/pcy_tree.c
+++ b/crypto/x509v3/pcy_tree.c
@@ -530,7 +530,7 @@ static int tree_prune(X509_POLICY_TREE *tree, X509_POLICY_LEVEL *curr)
}
}

- return 1;
+ /* Unreachable */

}

diff --git a/engines/ccgost/gost_ameth.c b/engines/ccgost/gost_ameth.c
index fc4d2e2..ad8480d 100644
--- a/engines/ccgost/gost_ameth.c
+++ b/engines/ccgost/gost_ameth.c
@@ -189,7 +189,6 @@ BIGNUM *gost_get0_priv_key(const EVP_PKEY *pkey)
if (!dsa->priv_key)
return NULL;
return dsa->priv_key;
- break;
}
case NID_id_GostR3410_2001:
{
@@ -201,7 +200,6 @@ BIGNUM *gost_get0_priv_key(const EVP_PKEY *pkey)
if (!(priv = EC_KEY_get0_private_key(ec)))
return NULL;
return (BIGNUM *)priv;
- break;
}
}
return NULL;
diff --git a/engines/ccgost/gost_pmeth.c b/engines/ccgost/gost_pmeth.c
index eb63d42..f1220e8 100644
--- a/engines/ccgost/gost_pmeth.c
+++ b/engines/ccgost/gost_pmeth.c
@@ -86,7 +86,6 @@ static int pkey_gost_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
pctx->md = (EVP_MD *)p2;
return 1;
}
- break;

case EVP_PKEY_CTRL_GET_MD:
*(const EVP_MD **)p2 = pctx->md;
@@ -150,7 +149,6 @@ static int pkey_gost_ctrl94_str(EVP_PKEY_CTX *ctx,
break;
default:
return 0;
- break;
}
} else if ((strlen(value) == 2)
&& (toupper((unsigned char)value[0]) == 'X')) {
@@ -166,7 +164,6 @@ static int pkey_gost_ctrl94_str(EVP_PKEY_CTX *ctx,
break;
default:
return 0;
- break;
}
} else {
R3410_params *p = R3410_paramset;
@@ -214,7 +211,6 @@ static int pkey_gost_ctrl01_str(EVP_PKEY_CTX *ctx,
break;
default:
return 0;
- break;
}
} else if ((strlen(value) == 2)
&& (toupper((unsigned char)value[0]) == 'X')) {
@@ -227,7 +223,6 @@ static int pkey_gost_ctrl01_str(EVP_PKEY_CTX *ctx,
break;
default:
return 0;
- break;
}
} else {
R3410_2001_params *p = R3410_2001_paramset;
@@ -454,7 +449,6 @@ static int pkey_gost_mac_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
data->md = (EVP_MD *)p2;
return 1;
}
- break;

case EVP_PKEY_CTRL_GET_MD:
*(const EVP_MD **)p2 = data->md;
diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
index b85d9bf..7a07a24 100644
--- a/ssl/s3_lib.c
+++ b/ssl/s3_lib.c
@@ -3434,7 +3434,6 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
SSLerr(SSL_F_SSL3_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
return (ret);
}
- break;
#endif
#ifndef OPENSSL_NO_DH
case SSL_CTRL_SET_TMP_DH:
@@ -3471,7 +3470,6 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
SSLerr(SSL_F_SSL3_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
return (ret);
}
- break;
case SSL_CTRL_SET_DH_AUTO:
s->cert->dh_tmp_auto = larg;
return 1;
@@ -3508,7 +3506,6 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
SSLerr(SSL_F_SSL3_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
return (ret);
}
- break;
#endif /* !OPENSSL_NO_ECDH */
#ifndef OPENSSL_NO_TLSEXT
case SSL_CTRL_SET_TLSEXT_HOSTNAME:
@@ -3927,7 +3924,6 @@ long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
return (0);
}
- break;
#endif
#ifndef OPENSSL_NO_DH
case SSL_CTRL_SET_TMP_DH:
@@ -3964,7 +3960,6 @@ long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
return (0);
}
- break;
case SSL_CTRL_SET_DH_AUTO:
ctx->cert->dh_tmp_auto = larg;
return 1;
@@ -4003,7 +3998,6 @@ long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
return (0);
}
- break;
#endif /* !OPENSSL_NO_ECDH */
#ifndef OPENSSL_NO_TLSEXT
case SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG:
@@ -4034,7 +4028,6 @@ long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)

case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG:
ctx->tlsext_status_arg = parg;
return 1;

- break;

# ifndef OPENSSL_NO_SRP
case SSL_CTRL_SET_TLS_EXT_SRP_USERNAME:
diff --git a/ssl/ssl_rsa.c b/ssl/ssl_rsa.c
index d046020..723da6e 100644
--- a/ssl/ssl_rsa.c
+++ b/ssl/ssl_rsa.c
@@ -798,7 +798,7 @@ static int serverinfo_find_extension(const unsigned char *serverinfo,
serverinfo += len;
serverinfo_length -= len;
}
- return 0; /* Error */
+ /* Unreachable */
}

static int serverinfo_srv_parse_cb(SSL *s, unsigned int ext_type,
diff --git a/ssl/ssltest.c b/ssl/ssltest.c
index b90f6fb..fb78aea 100644
--- a/ssl/ssltest.c
+++ b/ssl/ssltest.c
@@ -1771,7 +1771,6 @@ int main(int argc, char *argv[])
if (bio_err != NULL)
BIO_free(bio_err);
EXIT(ret);
- return ret;
}

int doit_biopair(SSL *s_ssl, SSL *c_ssl, long count,

Rich Salz

unread,

Jan 29, 2015, 12:10:40 PM1/29/15

to

The branch master has been updated

via 33fc38ff8e2cb8723f7b116de3f8923c4f4eb9d5 (commit)
from c6ef15c494e49ecc505156c8063474b20e29ef6a (commit)

- Log -----------------------------------------------------------------
commit 33fc38ff8e2cb8723f7b116de3f8923c4f4eb9d5
Author: Rich Salz <rs...@openssl.org>
Date: Thu Jan 29 12:09:14 2015 -0500

Make output consistency: remove blank line

When you use "-s" in the make flag, you see that engines outputs
a blank line because EDIRS isn't set. This is a debug echo that
isn't needed.

Reviewed-by: Richard Levitte <lev...@openssl.org>

-----------------------------------------------------------------------

Summary of changes:

engines/Makefile | 1 -
1 file changed, 1 deletion(-)

diff --git a/engines/Makefile b/engines/Makefile
index ffd36f0..a2882e3 100644
--- a/engines/Makefile
+++ b/engines/Makefile
@@ -83,7 +83,6 @@ e_padlock-x86_64.s: asm/e_padlock-x86_64.pl
$(PERL) asm/e_padlock-x86_64.pl $(PERLASM_SCHEME) > $@

subdirs:
- echo $(EDIRS)
@target=all; $(RECURSIVE_MAKE)

files:

Rich Salz

unread,

Jan 29, 2015, 10:11:54 PM1/29/15

to

The branch master has been updated

via 4d428cd2504c7ef03bc9672ecf2862eaedb3d87e (commit)
from 33fc38ff8e2cb8723f7b116de3f8923c4f4eb9d5 (commit)

- Log -----------------------------------------------------------------
commit 4d428cd2504c7ef03bc9672ecf2862eaedb3d87e
Author: Rich Salz <rs...@openssl.org>
Date: Thu Jan 29 21:38:57 2015 -0500

Dead code removal: #if 0 bio, comp, rand

The start of removing dead code.
A remaining #if 0 in bss_conn.c needs more thought.

Reviewed-by: Richard Levitte <lev...@openssl.org>

-----------------------------------------------------------------------

Summary of changes:

crypto/bio/b_sock.c | 220 +-----------------------------------------------
crypto/bio/bf_buff.c | 4 -
crypto/bio/bf_lbuf.c | 21 -----
crypto/bio/bss_dgram.c | 42 +++------
crypto/bio/bss_sock.c | 6 --
crypto/comp/c_zlib.c | 113 -------------------------
crypto/rand/rand_win.c | 10 ---
7 files changed, 12 insertions(+), 404 deletions(-)

diff --git a/crypto/bio/b_sock.c b/crypto/bio/b_sock.c
index 7f7a68c..ca485d9 100644
--- a/crypto/bio/b_sock.c
+++ b/crypto/bio/b_sock.c
@@ -94,23 +94,7 @@ static int wsa_init_done = 0;
# define WSAAPI
# endif

-# if 0
-static unsigned long BIO_ghbn_hits = 0L;
-static unsigned long BIO_ghbn_miss = 0L;
-
-# define GHBN_NUM 4
-static struct ghbn_cache_st {
- char name[129];
- struct hostent *ent;
- unsigned long order;
-} ghbn_cache[GHBN_NUM];
-# endif
-
static int get_ip(const char *str, unsigned char *ip);
-# if 0
-static void ghbn_free(struct hostent *a);
-static struct hostent *ghbn_dup(struct hostent *a);
-# endif
int BIO_get_host_ip(const char *str, unsigned char *ip)
{
int i;
@@ -207,10 +191,6 @@ int BIO_get_port(const char *str, unsigned short *port_ptr)
*port_ptr = 21;
else if (strcmp(str, "gopher") == 0)
*port_ptr = 70;
-# if 0
- else if (strcmp(str, "wais") == 0)
- *port_ptr = 21;
-# endif
else {
SYSerr(SYS_F_GETSERVBYNAME, get_last_socket_error());
ERR_add_error_data(3, "service='", str, "'");
@@ -244,208 +224,16 @@ int BIO_sock_error(int sock)
return (j);
}

-# if 0
-long BIO_ghbn_ctrl(int cmd, int iarg, char *parg)
-{
- int i;
- char **p;
-
- switch (cmd) {
- case BIO_GHBN_CTRL_HITS:
- return (BIO_ghbn_hits);
- /* break; */
- case BIO_GHBN_CTRL_MISSES:
- return (BIO_ghbn_miss);
- /* break; */
- case BIO_GHBN_CTRL_CACHE_SIZE:
- return (GHBN_NUM);
- /* break; */
- case BIO_GHBN_CTRL_GET_ENTRY:
- if ((iarg >= 0) && (iarg < GHBN_NUM) && (ghbn_cache[iarg].order > 0)) {
- p = (char **)parg;
- if (p == NULL)
- return (0);
- *p = ghbn_cache[iarg].name;
- ghbn_cache[iarg].name[128] = '\0';
- return (1);
- }
- return (0);
- /* break; */
- case BIO_GHBN_CTRL_FLUSH:
- for (i = 0; i < GHBN_NUM; i++)
- ghbn_cache[i].order = 0;
- break;
- default:
- return (0);
- }
- return (1);
-}

-# endif
-
-# if 0

-static struct hostent *ghbn_dup(struct hostent *a)
-{
- struct hostent *ret;
- int i, j;
-
- MemCheck_off();
- ret = (struct hostent *)OPENSSL_malloc(sizeof(struct hostent));
- if (ret == NULL)
- return (NULL);
- memset(ret, 0, sizeof(struct hostent));
-
- for (i = 0; a->h_aliases[i] != NULL; i++) ;
- i++;
- ret->h_aliases = (char **)OPENSSL_malloc(i * sizeof(char *));
- if (ret->h_aliases == NULL)
- goto err;
- memset(ret->h_aliases, 0, i * sizeof(char *));
-
- for (i = 0; a->h_addr_list[i] != NULL; i++) ;
- i++;
- ret->h_addr_list = (char **)OPENSSL_malloc(i * sizeof(char *));
- if (ret->h_addr_list == NULL)
- goto err;
- memset(ret->h_addr_list, 0, i * sizeof(char *));
-
- j = strlen(a->h_name) + 1;
- if ((ret->h_name = OPENSSL_malloc(j)) == NULL)
- goto err;
- memcpy((char *)ret->h_name, a->h_name, j);
- for (i = 0; a->h_aliases[i] != NULL; i++) {
- j = strlen(a->h_aliases[i]) + 1;
- if ((ret->h_aliases[i] = OPENSSL_malloc(j)) == NULL)
- goto err;
- memcpy(ret->h_aliases[i], a->h_aliases[i], j);
- }
- ret->h_length = a->h_length;
- ret->h_addrtype = a->h_addrtype;
- for (i = 0; a->h_addr_list[i] != NULL; i++) {
- if ((ret->h_addr_list[i] = OPENSSL_malloc(a->h_length)) == NULL)
- goto err;
- memcpy(ret->h_addr_list[i], a->h_addr_list[i], a->h_length);
- }
- if (0) {
- err:
- if (ret != NULL)
- ghbn_free(ret);
- ret = NULL;
- }
- MemCheck_on();
- return (ret);
-}
-
-static void ghbn_free(struct hostent *a)

-{
- int i;
-

- if (a == NULL)
- return;
-
- if (a->h_aliases != NULL) {
- for (i = 0; a->h_aliases[i] != NULL; i++)
- OPENSSL_free(a->h_aliases[i]);
- OPENSSL_free(a->h_aliases);
- }
- if (a->h_addr_list != NULL) {
- for (i = 0; a->h_addr_list[i] != NULL; i++)
- OPENSSL_free(a->h_addr_list[i]);
- OPENSSL_free(a->h_addr_list);
- }
- if (a->h_name != NULL)
- OPENSSL_free(a->h_name);
- OPENSSL_free(a);

-}
-
-# endif
-

struct hostent *BIO_gethostbyname(const char *name)
{
-# if 1
/*
* Caching gethostbyname() results forever is wrong, so we have to let
* the true gethostbyname() worry about this
*/
-# if (defined(NETWARE_BSDSOCK) && !defined(__NOVELL_LIBC__))
+# if (defined(NETWARE_BSDSOCK) && !defined(__NOVELL_LIBC__))
return gethostbyname((char *)name);
-# else
- return gethostbyname(name);
-# endif
# else
- struct hostent *ret;
- int i, lowi = 0, j;
- unsigned long low = (unsigned long)-1;
-

-# if 0
- /*

- * It doesn't make sense to use locking here: The function interface is
- * not thread-safe, because threads can never be sure when some other
- * thread destroys the data they were given a pointer to.
- */
- CRYPTO_w_lock(CRYPTO_LOCK_GETHOSTBYNAME);
-# endif
- j = strlen(name);
- if (j < 128) {
- for (i = 0; i < GHBN_NUM; i++) {
- if (low > ghbn_cache[i].order) {
- low = ghbn_cache[i].order;
- lowi = i;
- }
- if (ghbn_cache[i].order > 0) {
- if (strncmp(name, ghbn_cache[i].name, 128) == 0)
- break;
- }
- }
- } else
- i = GHBN_NUM;
-
- if (i == GHBN_NUM) { /* no hit */
- BIO_ghbn_miss++;
- /*
- * Note: under VMS with SOCKETSHR, it seems like the first parameter
- * is 'char *', instead of 'const char *'
- */
-# ifndef CONST_STRICT
- ret = gethostbyname((char *)name);
-# else
- ret = gethostbyname(name);
-# endif
-
- if (ret == NULL)
- goto end;
- if (j > 128) { /* too big to cache */

-# if 0
- /*

- * If we were trying to make this function thread-safe (which is
- * bound to fail), we'd have to give up in this case (or allocate
- * more memory).
- */
- ret = NULL;
-# endif
- goto end;
- }
-
- /* else add to cache */
- if (ghbn_cache[lowi].ent != NULL)
- ghbn_free(ghbn_cache[lowi].ent); /* XXX not thread-safe */
- ghbn_cache[lowi].name[0] = '\0';
-
- if ((ret = ghbn_cache[lowi].ent = ghbn_dup(ret)) == NULL) {
- BIOerr(BIO_F_BIO_GETHOSTBYNAME, ERR_R_MALLOC_FAILURE);
- goto end;
- }
- strncpy(ghbn_cache[lowi].name, name, 128);
- ghbn_cache[lowi].order = BIO_ghbn_miss + BIO_ghbn_hits;
- } else {
- BIO_ghbn_hits++;
- ret = ghbn_cache[i].ent;
- ghbn_cache[i].order = BIO_ghbn_miss + BIO_ghbn_hits;
- }
- end:
-# if 0
- CRYPTO_w_unlock(CRYPTO_LOCK_GETHOSTBYNAME);
-# endif
- return (ret);
+ return gethostbyname(name);
# endif
}

@@ -505,10 +293,6 @@ void BIO_sock_cleanup(void)
# ifdef OPENSSL_SYS_WINDOWS
if (wsa_init_done) {
wsa_init_done = 0;
-# if 0 /* this call is claimed to be non-present in
- * Winsock2 */
- WSACancelBlockingCall();
-# endif
WSACleanup();
}
# elif defined(OPENSSL_SYS_NETWARE) && !defined(NETWARE_BSDSOCK)
diff --git a/crypto/bio/bf_buff.c b/crypto/bio/bf_buff.c
index 478fa16..0e998d6 100644
--- a/crypto/bio/bf_buff.c
+++ b/crypto/bio/bf_buff.c
@@ -414,10 +414,6 @@ static long buffer_ctrl(BIO *b, int cmd, long num, void *ptr)
if (ctx->obuf_len > 0) {
r = BIO_write(b->next_bio,
&(ctx->obuf[ctx->obuf_off]), ctx->obuf_len);
-#if 0
- fprintf(stderr, "FLUSH [%3d] %3d -> %3d\n", ctx->obuf_off,
- ctx->obuf_len, r);
-#endif
BIO_copy_next_retry(b);
if (r <= 0)
return ((long)r);
diff --git a/crypto/bio/bf_lbuf.c b/crypto/bio/bf_lbuf.c
index 46d0d5a..3b75b7e 100644
--- a/crypto/bio/bf_lbuf.c
+++ b/crypto/bio/bf_lbuf.c
@@ -198,25 +198,16 @@ static int linebuffer_write(BIO *b, const char *in, int inl)
num += i;
}
}
-#if 0
- BIO_write(b->next_bio, "<*<", 3);
-#endif
i = BIO_write(b->next_bio, ctx->obuf, ctx->obuf_len);
if (i <= 0) {
ctx->obuf_len = orig_olen;
BIO_copy_next_retry(b);

-#if 0
- BIO_write(b->next_bio, ">*>", 3);
-#endif
if (i < 0)
return ((num > 0) ? num : i);
if (i == 0)
return (num);
}
-#if 0
- BIO_write(b->next_bio, ">*>", 3);
-#endif
if (i < ctx->obuf_len)
memmove(ctx->obuf, ctx->obuf + i, ctx->obuf_len - i);
ctx->obuf_len -= i;
@@ -227,23 +218,14 @@ static int linebuffer_write(BIO *b, const char *in, int inl)
* if a NL was found and there is anything to write.
*/
if ((foundnl || p - in > ctx->obuf_size) && p - in > 0) {
-#if 0
- BIO_write(b->next_bio, "<*<", 3);
-#endif
i = BIO_write(b->next_bio, in, p - in);
if (i <= 0) {
BIO_copy_next_retry(b);
-#if 0
- BIO_write(b->next_bio, ">*>", 3);
-#endif
if (i < 0)
return ((num > 0) ? num : i);
if (i == 0)
return (num);
}
-#if 0
- BIO_write(b->next_bio, ">*>", 3);
-#endif
num += i;
in += i;
inl -= i;
@@ -330,9 +312,6 @@ static long linebuffer_ctrl(BIO *b, int cmd, long num, void *ptr)
BIO_clear_retry_flags(b);
if (ctx->obuf_len > 0) {
r = BIO_write(b->next_bio, ctx->obuf, ctx->obuf_len);
-#if 0
- fprintf(stderr, "FLUSH %3d -> %3d\n", ctx->obuf_len, r);
-#endif
BIO_copy_next_retry(b);
if (r <= 0)
return ((long)r);
diff --git a/crypto/bio/bss_dgram.c b/crypto/bio/bss_dgram.c
index 7373597..0767809 100644
--- a/crypto/bio/bss_dgram.c
+++ b/crypto/bio/bss_dgram.c
@@ -449,13 +449,6 @@ static int dgram_write(BIO *b, const char *in, int inl)
if (BIO_dgram_should_retry(ret)) {
BIO_set_retry_write(b);
data->_errno = get_last_socket_error();
-
-# if 0 /* higher layers are responsible for querying
- * MTU, if necessary */
- if (data->_errno == EMSGSIZE)
- /* retrieve the new MTU */
- BIO_ctrl(b, BIO_CTRL_DGRAM_QUERY_MTU, 0, NULL);
-# endif
}
}
return (ret);
@@ -559,28 +552,19 @@ static long dgram_ctrl(BIO *b, int cmd, long num, void *ptr)
break;
case BIO_CTRL_DGRAM_CONNECT:
to = (struct sockaddr *)ptr;
-# if 0
- if (connect(b->num, to, sizeof(struct sockaddr)) < 0) {
- perror("connect");
- ret = 0;
- } else {
-# endif
- switch (to->sa_family) {
- case AF_INET:
- memcpy(&data->peer, to, sizeof(data->peer.sa_in));
- break;
+ switch (to->sa_family) {
+ case AF_INET:
+ memcpy(&data->peer, to, sizeof(data->peer.sa_in));
+ break;
# if OPENSSL_USE_IPV6
- case AF_INET6:
- memcpy(&data->peer, to, sizeof(data->peer.sa_in6));
- break;
+ case AF_INET6:
+ memcpy(&data->peer, to, sizeof(data->peer.sa_in6));
+ break;
# endif
- default:
- memcpy(&data->peer, to, sizeof(data->peer.sa));
- break;
- }
-# if 0
+ default:
+ memcpy(&data->peer, to, sizeof(data->peer.sa));
+ break;
}
-# endif
break;
/* (Linux)kernel sets DF bit on outgoing IP packets */
case BIO_CTRL_DGRAM_MTU_DISCOVER:
@@ -1992,12 +1976,6 @@ int BIO_dgram_non_fatal_error(int err)
# if defined(WSAEWOULDBLOCK)
case WSAEWOULDBLOCK:
# endif
-
-# if 0 /* This appears to always be an error */
-# if defined(WSAENOTCONN)
- case WSAENOTCONN:

-# endif
-# endif
# endif

# ifdef EWOULDBLOCK
diff --git a/crypto/bio/bss_sock.c b/crypto/bio/bss_sock.c
index 6194d2c..5a73e81 100644
--- a/crypto/bio/bss_sock.c
+++ b/crypto/bio/bss_sock.c
@@ -233,12 +233,6 @@ int BIO_sock_non_fatal_error(int err)
# if defined(WSAEWOULDBLOCK)
case WSAEWOULDBLOCK:
# endif
-
-# if 0 /* This appears to always be an error */
-# if defined(WSAENOTCONN)
- case WSAENOTCONN:

-# endif
-# endif
# endif

# ifdef EWOULDBLOCK
diff --git a/crypto/comp/c_zlib.c b/crypto/comp/c_zlib.c
index 6731af8..c3b064c 100644
--- a/crypto/comp/c_zlib.c
+++ b/crypto/comp/c_zlib.c
@@ -49,28 +49,6 @@ static void zlib_zfree(void *opaque, void *address)
OPENSSL_free(address);
}

-# if 0
-static int zlib_compress_block(COMP_CTX *ctx, unsigned char *out,
- unsigned int olen, unsigned char *in,
- unsigned int ilen);
-static int zlib_expand_block(COMP_CTX *ctx, unsigned char *out,
- unsigned int olen, unsigned char *in,
- unsigned int ilen);
-
-static int zz_uncompress(Bytef *dest, uLongf * destLen, const Bytef *source,
- uLong sourceLen);
-
-static COMP_METHOD zlib_stateless_method = {
- NID_zlib_compression,
- LN_zlib_compression,
- NULL,
- NULL,
- zlib_compress_block,
- zlib_expand_block,
- NULL,
- NULL,
-};
-# endif

static COMP_METHOD zlib_stateful_method = {
NID_zlib_compression,
@@ -247,97 +225,6 @@ static int zlib_stateful_expand_block(COMP_CTX *ctx, unsigned char *out,
return olen - state->istream.avail_out;
}

-# if 0
-static int zlib_compress_block(COMP_CTX *ctx, unsigned char *out,
- unsigned int olen, unsigned char *in,
- unsigned int ilen)
-{
- unsigned long l;
- int i;
- int clear = 1;
-
- if (ilen > 128) {
- out[0] = 1;
- l = olen - 1;
- i = compress(&(out[1]), &l, in, (unsigned long)ilen);
- if (i != Z_OK)
- return (-1);
- if (ilen > l) {
- clear = 0;
- l++;
- }
- }
- if (clear) {
- out[0] = 0;
- memcpy(&(out[1]), in, ilen);
- l = ilen + 1;
- }
-# ifdef DEBUG_ZLIB
- fprintf(stderr, "compress(%4d)->%4d %s\n",
- ilen, (int)l, (clear) ? "clear" : "zlib");
-# endif
- return ((int)l);
-}
-
-static int zlib_expand_block(COMP_CTX *ctx, unsigned char *out,
- unsigned int olen, unsigned char *in,
- unsigned int ilen)
-{
- unsigned long l;
- int i;
-
- if (in[0]) {
- l = olen;
- i = zz_uncompress(out, &l, &(in[1]), (unsigned long)ilen - 1);
- if (i != Z_OK)
- return (-1);
- } else {
- memcpy(out, &(in[1]), ilen - 1);
- l = ilen - 1;
- }
-# ifdef DEBUG_ZLIB
- fprintf(stderr, "expand (%4d)->%4d %s\n",
- ilen, (int)l, in[0] ? "zlib" : "clear");
-# endif
- return ((int)l);
-}
-
-static int zz_uncompress(Bytef *dest, uLongf * destLen, const Bytef *source,
- uLong sourceLen)
-{
- z_stream stream;
- int err;
-
- stream.next_in = (Bytef *)source;
- stream.avail_in = (uInt) sourceLen;
- /* Check for source > 64K on 16-bit machine: */
- if ((uLong) stream.avail_in != sourceLen)
- return Z_BUF_ERROR;
-
- stream.next_out = dest;
- stream.avail_out = (uInt) * destLen;
- if ((uLong) stream.avail_out != *destLen)
- return Z_BUF_ERROR;
-
- stream.zalloc = (alloc_func) 0;
- stream.zfree = (free_func) 0;
-
- err = inflateInit_(&stream, ZLIB_VERSION, sizeof(z_stream));
- if (err != Z_OK)
- return err;
-
- err = inflate(&stream, Z_FINISH);
- if (err != Z_STREAM_END) {
- inflateEnd(&stream);
- return err;
- }
- *destLen = stream.total_out;
-
- err = inflateEnd(&stream);
- return err;
-}
-# endif
-
#endif

COMP_METHOD *COMP_zlib(void)
diff --git a/crypto/rand/rand_win.c b/crypto/rand/rand_win.c
index 06670ae..eeb5e9c 100644
--- a/crypto/rand/rand_win.c
+++ b/crypto/rand/rand_win.c
@@ -303,9 +303,6 @@ int RAND_poll(void)
if (gen(hProvider, sizeof(buf), buf) != 0) {
RAND_add(buf, sizeof(buf), 0);
good = 1;
-# if 0
- printf("randomness from PROV_RSA_FULL\n");
-# endif
}
release(hProvider, 0);
}
@@ -315,9 +312,6 @@ int RAND_poll(void)
if (gen(hProvider, sizeof(buf), buf) != 0) {
RAND_add(buf, sizeof(buf), sizeof(buf));
good = 1;
-# if 0
- printf("randomness from PROV_INTEL_SEC\n");
-# endif
}
release(hProvider, 0);
}
@@ -573,10 +567,6 @@ int RAND_poll(void)
w = GetCurrentProcessId();
RAND_add(&w, sizeof(w), 1);

-# if 0
- printf("Exiting RAND_poll\n");
-# endif
-
return (1);

Richard Levitte

unread,

Jan 29, 2015, 10:58:18 PM1/29/15

to

The branch master has been updated

via be7b1097e28ff6d49f0d4b7ab8b036d6da87ebc6 (commit)
from 4d428cd2504c7ef03bc9672ecf2862eaedb3d87e (commit)

- Log -----------------------------------------------------------------
commit be7b1097e28ff6d49f0d4b7ab8b036d6da87ebc6
Author: Richard Levitte <lev...@openssl.org>
Date: Fri Jan 30 04:44:17 2015 +0100

dso_vms needs to add the .EXE extension if there is none already

Reviewed-by: Rich Salz <rs...@openssl.org>

-----------------------------------------------------------------------

Summary of changes:

crypto/dso/dso_vms.c | 16 +++++++++++++++-
1 file changed, 15 insertions(+), 1 deletion(-)

diff --git a/crypto/dso/dso_vms.c b/crypto/dso/dso_vms.c
index 14d885d..8793f7e 100644
--- a/crypto/dso/dso_vms.c
+++ b/crypto/dso/dso_vms.c
@@ -172,6 +172,7 @@ static int vms_load(DSO *dso)
# endif /* __INITIAL_POINTER_SIZE == 64 */

const char *sp1, *sp2; /* Search result */
+ const char *ext = NULL; /* possible extension to add */

if (filename == NULL) {
DSOerr(DSO_F_VMS_LOAD, DSO_R_NO_FILENAME);
@@ -214,11 +215,19 @@ static int vms_load(DSO *dso)
/* Now, let's see if there's a type, and save the position in sp2 */
sp2 = strchr(sp1, '.');
/*
+ * If there is a period and the next character is a semi-colon,
+ * we need to add an extension
+ */
+ if (sp2 != NULL && sp2[1] == ';')
+ ext = ".EXE";
+ /*
* If we found it, that's where we'll cut. Otherwise, look for a version
* number and save the position in sp2
*/
- if (sp2 == NULL)
+ if (sp2 == NULL) {
sp2 = strchr(sp1, ';');
+ ext = ".EXE";
+ }
/*
* If there was still nothing to find, set sp2 to point at the end of the
* string
@@ -244,6 +253,11 @@ static int vms_load(DSO *dso)

strncpy(p->imagename, filename, sp1 - filename);
p->imagename[sp1 - filename] = '\0';
+ if (ext) {
+ strcat(p->imagename, ext);
+ if (*sp2 == '.')
+ sp2++;
+ }
strcat(p->imagename, sp2);

p->filename_dsc.dsc$w_length = strlen(p->filename);

Richard Levitte

unread,

Jan 30, 2015, 8:52:16 AM1/30/15

to

The branch master has been updated

via 4fdde1aa0c2146342a279dc11757e4e566248d6b (commit)
via e00ab250c878f7a7f0ae908a6305cebf6883a244 (commit)
via 09ebad72dffe74933a5d5976bfb191d9dd041a89 (commit)
via 36ed7adfbc2230dbc5db926c3e667a1ff491e8c1 (commit)
via 36759bb75152cece52bcf3b514e4336036deb6d3 (commit)
via 132536f96e1baba466baa7323c0d74bd7948dd5b (commit)
via c168a027cfe1459e946dade4179938f34894fe1d (commit)
from be7b1097e28ff6d49f0d4b7ab8b036d6da87ebc6 (commit)

- Log -----------------------------------------------------------------
commit 4fdde1aa0c2146342a279dc11757e4e566248d6b
Author: Richard Levitte <lev...@openssl.org>
Date: Fri Jan 30 14:30:25 2015 +0100

Update on the use of logical names for OpenSSL configuration

Reviewed-by: Andy Polyakov <ap...@openssl.org>

commit e00ab250c878f7a7f0ae908a6305cebf6883a244
Author: Richard Levitte <lev...@openssl.org>
Date: Fri Jan 30 12:36:13 2015 +0100

VMS exit codes weren't handled well enough and were unclear

Making a specific variable $failure_code and a bit of commenting in the
VMS section should help clear things up.

Reviewed-by: Andy Polyakov <ap...@openssl.org>

commit 09ebad72dffe74933a5d5976bfb191d9dd041a89
Author: Richard Levitte <lev...@openssl.org>
Date: Thu Jan 29 14:36:27 2015 +0100

VMS adjustments:

Add missing crypto modules and files to copy to crypto/install-crypto.com

Reviewed-by: Andy Polyakov <ap...@openssl.org>

commit 36ed7adfbc2230dbc5db926c3e667a1ff491e8c1
Author: Richard Levitte <lev...@openssl.org>
Date: Thu Jan 29 14:35:46 2015 +0100

VMS adjustments:

test/cms-test.pl adjusted to handle NL: instead of /dev/null on VMS

Reviewed-by: Andy Polyakov <ap...@openssl.org>

commit 36759bb75152cece52bcf3b514e4336036deb6d3
Author: Richard Levitte <lev...@openssl.org>
Date: Thu Jan 29 14:27:21 2015 +0100

VMS build changes

crypto/crypto-lib.com:
Remove all APPS building, as they are gone.
Depend on the variable SDIRS that's defined by makevms.com.
Remake the whole partial module list mechanism to check for variables with a counter.
Define the logical name INTERNAL to allow for '#include "internal/foo.h"'.

makevms.com:
Define SDIRS, to allow for removal of crypto modules and pass that information to crypto/crypto-lib.com.
Allow for experimental modules.
Update the allowed things to disable.
Update the things disabled by default to match Configure.
Update headers to be copied.

Reviewed-by: Andy Polyakov <ap...@openssl.org>

commit 132536f96e1baba466baa7323c0d74bd7948dd5b
Author: Richard Levitte <lev...@openssl.org>
Date: Thu Jan 29 13:13:28 2015 +0100

VMS adjustments:

catch up with the Unix build.
A number of new tests, among others test/tocsp.com
Define INTERNAL in ssl/ssl-lib.com to allow for '#include "internal/foo.h"'

Reviewed-by: Andy Polyakov <ap...@openssl.org>

commit c168a027cfe1459e946dade4179938f34894fe1d
Author: Richard Levitte <lev...@openssl.org>
Date: Thu Jan 29 13:07:53 2015 +0100

VMS adjustments:

Add new symbols that are longer than 31 chars to symhacks.
VMS doesn't have <sys/un.h>, reflect that in e_os.h.
MS_CALLBACK has been removed, ssl_task.c needs adjustment.

Reviewed-by: Andy Polyakov <ap...@openssl.org>

-----------------------------------------------------------------------

Summary of changes:

INSTALL.VMS | 26 ++--
crypto/crypto-lib.com | 287 ++++++++++++++++-----------------------------
crypto/install-crypto.com | 10 +-
crypto/symhacks.h | 24 ++++
e_os.h | 1 +
engines/makeengines.com | 24 ++--
makevms.com | 162 ++++++++++++++++++-------
ssl/ssl-lib.com | 17 ++-
ssl/ssl_task.c | 4 +-
test/cms-test.pl | 25 +++-
test/maketests.com | 86 ++++++++------
test/tests.com | 103 ++++++++++------
test/tocsp.com | 165 ++++++++++++++++++++++++++
13 files changed, 586 insertions(+), 348 deletions(-)
create mode 100644 test/tocsp.com

diff --git a/INSTALL.VMS b/INSTALL.VMS
index 6a50e6f..7c530a1 100644
--- a/INSTALL.VMS
+++ b/INSTALL.VMS
@@ -130,15 +130,23 @@ Currently, the logical names supported are:
OPENSSL_NO_ASM with value YES, the assembler parts of OpenSSL will
not be used. Instead, plain C implementations are
used. This is good to try if something doesn't work.
- OPENSSL_NO_'alg' with value YES, the corresponding crypto algorithm
- will not be implemented. Supported algorithms to
- do this with are: RSA, DSA, DH, MD2, MD4, MD5, RIPEMD,
- SHA, DES, MDC2, CR2, RC4, RC5, IDEA, BF, CAST, HMAC,
- SSL3. So, for example, having the logical name
- OPENSSL_NO_RSA with the value YES means that the
- LIBCRYPTO.OLB library will not contain an RSA
- implementation.
-
+ OPENSSL_NO_'alg' with value YES, the corresponding crypto algorithm,
+ protocol or other routine will not be implemented if
+ disabling it is supported. Supported algorithms to
+ do this with are: AES, BF, CAMELLIA, CAST, CMS, COMP,
+ DES, DGRAM, DH, DSA, EC, EC2M, ECDH, ECDSA, ENGINE,
+ ERR, GOST, HEARTBEATS, HMAC, IDEA, KRB5, MD2, MD4,
+ MD5, OCB, OCSP, PSK, RC2, RC4, RC5, RMD160, RSA, SCTP,
+ SEED, SOCK, SRP, SRTP, TLSEXT, WHIRLPOOL. So, for
+ example, having the logical name OPENSSL_NO_RSA with
+ the value YES means that the LIBCRYPTO.OLB library
+ will not contain an RSA implementation.
+ OPENSSL_EXPERIMENTAL_'alg'
+ with value YES, the corresponding experimental
+ algorithm is enabled. Note that is also requires
+ the application using this to define the C macro
+ OPENSSL_EXPERIMENTAL_'alg'. Supported algorithms
+ to do this with are: JPAKE, STORE.

Test:
=====
diff --git a/crypto/crypto-lib.com b/crypto/crypto-lib.com
index 4db5063..84ca96e 100644
--- a/crypto/crypto-lib.com
+++ b/crypto/crypto-lib.com
@@ -19,7 +19,6 @@ $! Specify the following as P1 to build just that part or ALL to just
$! build everything.
$!
$! LIBRARY To just compile the [.xxx.EXE.CRYPTO]LIBCRYPTO.OLB Library.
-$! APPS To just compile the [.xxx.EXE.CRYPTO]*.EXE
$! ALL To do both LIBRARY and APPS
$!
$! Specify DEBUG or NODEBUG as P2 to compile with or without debugger
@@ -102,22 +101,35 @@ $ LIB32 = "32"
$ OPT_FILE = ""
$ POINTER_SIZE = ""
$!
-$! Define The Different Encryption Types.
-$! NOTE: Some might think this list ugly. However, it's made this way to
-$! reflect the SDIRS variable in [-]Makefile.org as closely as possible,
-$! thereby making it fairly easy to verify that the lists are the same.
-$!
-$ ET_WHIRLPOOL = "WHRLPOOL"
-$ IF ARCH .EQS. "VAX" THEN ET_WHIRLPOOL = ""
-$ ENCRYPT_TYPES = "Basic,"+ -
- "OBJECTS,"+ -
- "MD2,MD4,MD5,SHA,MDC2,HMAC,RIPEMD,"+ET_WHIRLPOOL+","+ -
- "DES,AES,RC2,RC4,RC5,IDEA,BF,CAST,CAMELLIA,SEED,MODES,"+ -
- "BN,EC,RSA,DSA,ECDSA,DH,ECDH,DSO,ENGINE,"+ -
- "BUFFER,BIO,STACK,LHASH,RAND,ERR,"+ -
- "EVP,EVP_2,EVP_3,ASN1,ASN1_2,PEM,X509,X509V3,"+ -
- "CONF,TXT_DB,PKCS7,PKCS12,COMP,OCSP,UI,KRB5,"+ -
- "CMS,PQUEUE,TS,JPAKE,SRP,STORE,CMAC"
+$! Check if there's a SDIRS variable defined
+$!
+$ IF "''SDIRS'" .NES. ""
+$ THEN
+$!
+$! If SDIRS was defined, define ENCRYPT_TYPES from it
+$!
+$ ENCRYPT_TYPES = "Basic,''SDIRS'"
+$!
+$! Otherwise
+$!
+$ ELSE
+$!
+$! Define The Different Encryption Types.
+$! NOTE: Some might think this list ugly. However, it's made this way to
+$! reflect the SDIRS variable in [-]Makefile.org as closely as possible,
+$! thereby making it fairly easy to verify that the lists are the same.
+$!
+$ ET_WHIRLPOOL = "WHRLPOOL"
+$ IF ARCH .EQS. "VAX" THEN ET_WHIRLPOOL = ""
+$ ENCRYPT_TYPES = "Basic,"+ -
+ "OBJECTS,"+ -
+ "MD2,MD4,MD5,SHA,MDC2,HMAC,RIPEMD,"+ET_WHIRLPOOL+","+ -
+ "DES,AES,RC2,RC4,RC5,IDEA,BF,CAST,CAMELLIA,SEED,MODES,"+ -
+ "BN,EC,RSA,DSA,ECDSA,DH,ECDH,DSO,ENGINE,"+ -
+ "BUFFER,BIO,STACK,LHASH,RAND,ERR,"+ -
+ "EVP,ASN1,PEM,X509,X509V3,CONF,TXT_DB,PKCS7,PKCS12,COMP,OCSP,UI,KRB5,"+ -
+ "CMS,PQUEUE,TS,JPAKE,SRP,STORE,CMAC"
+$ ENDIF
$!
$! Check To Make Sure We Have Valid Command Line Parameters.
$!
@@ -204,16 +216,14 @@ $ GOSUB CHECK_OPT_FILE
$!
$! Define The Different Encryption "library" Strings.
$!
-$ APPS_DES = "DES/DES,CBC3_ENC"
-$ APPS_PKCS7 = "ENC/ENC;DEC/DEC;SIGN/SIGN;VERIFY/VERIFY,EXAMPLE"
-$
$ LIB_ = "cryptlib,mem,mem_clr,mem_dbg,cversion,ex_data,cpt_err,"+ -
"ebcdic,uid,o_time,o_str,o_dir,thr_id,lock,fips_ers,"+ -
"o_init,o_fips"
+$ LIB_OBJECTS = "o_names,obj_dat,obj_lib,obj_err,obj_xref"
$ LIB_MD2 = "md2_dgst,md2_one"
$ LIB_MD4 = "md4_dgst,md4_one"
$ LIB_MD5 = "md5_dgst,md5_one"
-$ LIB_SHA = "sha_dgst,sha1dgst,sha_one,sha1_one,sha256,sha512"
+$ LIB_SHA = "sha1dgst,sha1_one,sha256,sha512"
$ LIB_MDC2 = "mdc2dgst,mdc2_one"
$ LIB_HMAC = "hmac,hm_ameth,hm_pmeth"
$ LIB_RIPEMD = "rmd_dgst,rmd_one"
@@ -224,18 +234,19 @@ $ LIB_DES = "set_key,ecb_enc,cbc_enc,"+ -
"ofb_enc,str2key,pcbc_enc,qud_cksm,rand_key,"+ -
"des_enc,fcrypt_b,"+ -
"fcrypt,xcbc_enc,rpc_enc,cbc_cksm,"+ -
- "ede_cbcm_enc,des_old,des_old2,read2pwd"
+ "des_old,des_old2,read2pwd"
+$ LIB_AES = "aes_misc,aes_ecb,aes_cfb,aes_ofb,aes_ige,aes_wrap,"+ -
+ "aes_core,aes_cbc"
$ LIB_RC2 = "rc2_ecb,rc2_skey,rc2_cbc,rc2cfb64,rc2ofb64"
-$ LIB_RC4 = "rc4_skey,rc4_enc"
+$ LIB_RC4 = "rc4_enc,rc4_skey"
$ LIB_RC5 = "rc5_skey,rc5_ecb,rc5_enc,rc5cfb64,rc5ofb64"
$ LIB_IDEA = "i_cbc,i_cfb64,i_ofb64,i_ecb,i_skey"
$ LIB_BF = "bf_skey,bf_ecb,bf_enc,bf_cfb64,bf_ofb64"
$ LIB_CAST = "c_skey,c_ecb,c_enc,c_cfb64,c_ofb64"
-$ LIB_CAMELLIA = "camellia,cmll_misc,cmll_ecb,cmll_cbc,cmll_ofb,"+ -
- "cmll_cfb,cmll_ctr"
+$ LIB_CAMELLIA = "cmll_ecb,cmll_ofb,cmll_cfb,cmll_ctr,camellia,cmll_misc,cmll_cbc"
$ LIB_SEED = "seed,seed_ecb,seed_cbc,seed_cfb,seed_ofb"
$ LIB_MODES = "cbc128,ctr128,cts128,cfb128,ofb128,gcm128,"+ -
- "ccm128,xts128"
+ "ccm128,xts128,wrap128,ocb128"
$ LIB_BN_ASM = "[.asm]vms.mar,vms-helper"
$ IF F$TRNLNM("OPENSSL_NO_ASM") .OR. ARCH .NES. "VAX" THEN -
LIB_BN_ASM = "bn_asm"
@@ -243,7 +254,7 @@ $ LIB_BN = "bn_add,bn_div,bn_exp,bn_lib,bn_ctx,bn_mul,bn_mod,"+ -
"bn_print,bn_rand,bn_shift,bn_word,bn_blind,"+ -
"bn_kron,bn_sqrt,bn_gcd,bn_prime,bn_err,bn_sqr,"+LIB_BN_ASM+","+ -
"bn_recp,bn_mont,bn_mpi,bn_exp2,bn_gf2m,bn_nist,"+ -
- "bn_depr,bn_const,bn_x931p"
+ "bn_depr,bn_const,bn_x931p,bn_intern,bn_dh,bn_srp"
$ LIB_EC = "ec_lib,ecp_smpl,ecp_mont,ecp_nist,ec_cvt,ec_mult,"+ -
"ec_err,ec_curve,ec_check,ec_print,ec_asn1,ec_key,"+ -
"ec2_smpl,ec2_mult,ec_ameth,ec_pmeth,eck_prn,"+ -
@@ -257,45 +268,42 @@ $ LIB_DSA = "dsa_gen,dsa_key,dsa_lib,dsa_asn1,dsa_vrf,dsa_sign,"+ -
"dsa_err,dsa_ossl,dsa_depr,dsa_ameth,dsa_pmeth,dsa_prn"
$ LIB_ECDSA = "ecs_lib,ecs_asn1,ecs_ossl,ecs_sign,ecs_vrf,ecs_err"
$ LIB_DH = "dh_asn1,dh_gen,dh_key,dh_lib,dh_check,dh_err,dh_depr,"+ -
- "dh_ameth,dh_pmeth,dh_prn,dh_rfc5114"
-$ LIB_ECDH = "ech_lib,ech_ossl,ech_key,ech_err"
+ "dh_ameth,dh_pmeth,dh_prn,dh_rfc5114,dh_kdf"
+$ LIB_ECDH = "ech_lib,ech_ossl,ech_key,ech_err,ech_kdf"
$ LIB_DSO = "dso_dl,dso_dlfcn,dso_err,dso_lib,dso_null,"+ -
- "dso_openssl,dso_win32,dso_vms,dso_beos"
+ "dso_openssl,dso_win32,dso_vms"
$ LIB_ENGINE = "eng_err,eng_lib,eng_list,eng_init,eng_ctrl,"+ -
"eng_table,eng_pkey,eng_fat,eng_all,"+ -
"tb_rsa,tb_dsa,tb_ecdsa,tb_dh,tb_ecdh,tb_rand,tb_store,"+ -
"tb_cipher,tb_digest,tb_pkmeth,tb_asnmth,"+ -
- "eng_openssl,eng_dyn,eng_cnf,eng_cryptodev,"+ -
- "eng_rsax,eng_rdrand"
-$ LIB_AES = "aes_core,aes_misc,aes_ecb,aes_cbc,aes_cfb,aes_ofb,"+ -
- "aes_ige,aes_wrap"
+ "eng_openssl,eng_cnf,eng_dyn,eng_cryptodev,"+ -
+ "eng_rdrand"
$ LIB_BUFFER = "buffer,buf_str,buf_err"
$ LIB_BIO = "bio_lib,bio_cb,bio_err,"+ -
"bss_mem,bss_null,bss_fd,"+ -
"bss_file,bss_sock,bss_conn,"+ -
"bf_null,bf_buff,b_print,b_dump,"+ -
- "b_sock,bss_acpt,bf_nbio,bss_rtcp,bss_bio,bss_log,"+ -
+ "b_sock,bss_acpt,bf_nbio,bss_log,bss_bio,"+ -
"bss_dgram,"+ -
- "bf_lbuf"
+ "bf_lbuf,bss_rtcp" ! The last two are VMS specific
$ LIB_STACK = "stack"
$ LIB_LHASH = "lhash,lh_stats"
$ LIB_RAND = "md_rand,randfile,rand_lib,rand_err,rand_egd,"+ -
- "rand_vms"
+ "rand_win,rand_unix,rand_vms,rand_os2,rand_nw"
$ LIB_ERR = "err,err_all,err_prn"
-$ LIB_OBJECTS = "o_names,obj_dat,obj_lib,obj_err,obj_xref"
-$ LIB_EVP = "encode,digest,evp_enc,evp_key,evp_acnf,evp_cnf,"+ -
+$ LIB_EVP_1 = "encode,digest,evp_enc,evp_key,evp_acnf,evp_cnf,"+ -
"e_des,e_bf,e_idea,e_des3,e_camellia,"+ -
"e_rc4,e_aes,names,e_seed,"+ -
"e_xcbc_d,e_rc2,e_cast,e_rc5"
-$ LIB_EVP_2 = "m_null,m_md2,m_md4,m_md5,m_sha,m_sha1,m_wp," + -
- "m_dss,m_dss1,m_mdc2,m_ripemd,m_ecdsa,"+ -
+$ LIB_EVP_2 = "m_null,m_md2,m_md4,m_md5,m_sha1,m_wp," + -
+ "m_dss1,m_mdc2,m_ripemd,m_ecdsa,"+ -
"p_open,p_seal,p_sign,p_verify,p_lib,p_enc,p_dec,"+ -
"bio_md,bio_b64,bio_enc,evp_err,e_null,"+ -
"c_all,c_allc,c_alld,evp_lib,bio_ok,"+-
"evp_pkey,evp_pbe,p5_crpt,p5_crpt2"
$ LIB_EVP_3 = "e_old,pmeth_lib,pmeth_fn,pmeth_gn,m_sigver,"+ -
- "e_aes_cbc_hmac_sha1,e_rc4_hmac_md5"
-$ LIB_ASN1 = "a_object,a_bitstr,a_utctm,a_gentm,a_time,a_int,a_octet,"+ -
+ "e_aes_cbc_hmac_sha1,e_aes_cbc_hmac_sha256,e_rc4_hmac_md5"
+$ LIB_ASN1_1 = "a_object,a_bitstr,a_utctm,a_gentm,a_time,a_int,a_octet,"+ -
"a_print,a_type,a_set,a_dup,a_d2i_fp,a_i2d_fp,"+ -
"a_enum,a_utf8,a_sign,a_digest,a_verify,a_mbstr,a_strex,"+ -
"x_algor,x_val,x_pubkey,x_sig,x_req,x_attrib,x_bignum,"+ -
@@ -307,7 +315,8 @@ $ LIB_ASN1_2 = "t_req,t_x509,t_x509a,t_crl,t_pkey,t_spki,t_bitst,"+ -
"f_int,f_string,n_pkey,"+ -
"f_enum,x_pkey,a_bool,x_exten,bio_asn1,bio_ndef,asn_mime,"+ -
"asn1_gen,asn1_par,asn1_lib,asn1_err,a_bytes,a_strnid,"+ -
- "evp_asn1,asn_pack,p5_pbe,p5_pbev2,p8_pkey,asn_moid"
+ "evp_asn1,asn_pack,p5_pbe,p5_pbev2,p8_pkey,asn_moid,"+ -
+ "asn_mstbl"
$ LIB_PEM = "pem_sign,pem_seal,pem_info,pem_lib,pem_all,pem_err,"+ -
"pem_x509,pem_xaux,pem_oth,pem_pk8,pem_pkey,pvkfmt"
$ LIB_X509 = "x509_def,x509_d2,x509_r2x,x509_cmp,"+ -
@@ -338,7 +347,7 @@ $ LIB_UI = "ui_err,ui_lib,ui_openssl,ui_util"+LIB_UI_COMPAT
$ LIB_KRB5 = "krb5_asn"
$ LIB_CMS = "cms_lib,cms_asn1,cms_att,cms_io,cms_smime,cms_err,"+ -
"cms_sd,cms_dd,cms_cd,cms_env,cms_enc,cms_ess,"+ -
- "cms_pwri"
+ "cms_pwri,cms_kari"
$ LIB_PQUEUE = "pqueue"
$ LIB_TS = "ts_err,ts_req_utils,ts_req_print,ts_rsp_utils,ts_rsp_print,"+ -
"ts_rsp_sign,ts_rsp_verify,ts_verify_ctx,ts_lib,ts_conf,"+ -
@@ -383,8 +392,6 @@ $!
$! Extract The Module Name From The Encryption List.
$!
$ MODULE_NAME = F$ELEMENT(MODULE_COUNTER,",",ENCRYPT_TYPES)
-$ IF MODULE_NAME.EQS."Basic" THEN MODULE_NAME = ""
-$ MODULE_NAME1 = MODULE_NAME
$!
$! Check To See If We Are At The End Of The Module List.
$!
@@ -402,121 +409,71 @@ $!
$! Increment The Moudle Counter.
$!
$ MODULE_COUNTER = MODULE_COUNTER + 1
+$
+$ IF MODULE_NAME.EQS."" THEN GOTO MODULE_NEXT
+$ MODULE_NAME1 = MODULE_NAME
+$ IF MODULE_NAME.EQS."Basic" THEN MODULE_NAME = ""
$!
-$! Create The Library and Apps Module Names.
+$! Check if the library module name actually is defined
$!
-$ LIB_MODULE = "LIB_" + MODULE_NAME
-$ APPS_MODULE = "APPS_" + MODULE_NAME
-$ IF (F$EXTRACT(0,5,MODULE_NAME).EQS."ASN1_")
-$ THEN
-$ MODULE_NAME = "ASN1"
-$ ENDIF
-$ IF (F$EXTRACT(0,4,MODULE_NAME).EQS."EVP_")
+$ PART_COUNTER = -1
+$ IF F$TYPE(LIB_'MODULE_NAME'_1) .NES. ""
$ THEN
-$ MODULE_NAME = "EVP"
+$ PART_COUNTER = 1
+$ ELSE
+$ IF F$TYPE(LIB_'MODULE_NAME') .EQS. ""
+$ THEN
+$ WRITE SYS$ERROR ""
+$ WRITE SYS$ERROR "The module ",MODULE_NAME1," does not exist. Continuing..."
+$ WRITE SYS$ERROR ""
+$ GOTO MODULE_NEXT
+$ ENDIF
$ ENDIF
$!
-$! Set state (can be LIB and APPS)
+$! Tell The User What Module We Are Building.
$!
-$ STATE = "LIB"
-$ IF BUILDALL .EQS. "APPS" THEN STATE = "APPS"
+$ WRITE SYS$OUTPUT "Compiling The ",MODULE_NAME1," Library Files. (",BUILDALL,")"
$!
-$! Check if the library module name actually is defined
+$! Create The Library Module Names.
$!
-$ IF F$TYPE('LIB_MODULE') .EQS. ""
+$ PART_NEXT:
+$ IF PART_COUNTER .EQ. 0 THEN GOTO MODULE_NEXT
+$
+$ IF PART_COUNTER .LT. 0
$ THEN
-$ WRITE SYS$ERROR ""
-$ WRITE SYS$ERROR "The module ",MODULE_NAME1," does not exist. Continuing..."
-$ WRITE SYS$ERROR ""
-$ GOTO MODULE_NEXT
+$ LIB_MODULE = "LIB_" + MODULE_NAME
+$ ELSE
+$ LIB_MODULE = "LIB_" + MODULE_NAME + "_''PART_COUNTER'"
$ ENDIF
$!
-$! Top Of The Module Loop.
+$! If there are no more parts, go to the next module
$!
-$ MODULE_AGAIN:
+$ IF F$TYPE('LIB_MODULE') .EQS. "" THEN GOTO MODULE_NEXT
$!
-$! Tell The User What Module We Are Building.
+$! Increment The Counter.
$!
-$ IF (MODULE_NAME1.NES."")
-$ THEN
-$ IF STATE .EQS. "LIB"
-$ THEN
-$ WRITE SYS$OUTPUT "Compiling The ",MODULE_NAME1," Library Files. (",BUILDALL,",",STATE,")"
-$ ELSE IF F$TYPE('APPS_MODULE') .NES. ""
-$ THEN
-$ WRITE SYS$OUTPUT "Compiling The ",MODULE_NAME1," Applications. (",BUILDALL,",",STATE,")"
-$ ENDIF
-$ ENDIF
-$ ENDIF
+$ PART_COUNTER = PART_COUNTER + 1
$!
$! Define A File Counter And Set It To "0".
$!
$ FILE_COUNTER = 0
-$ APPLICATION = ""
-$ APPLICATION_COUNTER = 0
$!
$! Top Of The File Loop.
$!
$ NEXT_FILE:
$!
-$! Look in the LIB_MODULE is we're in state LIB
-$!
-$ IF STATE .EQS. "LIB"
-$ THEN
-$!
-$! O.K, Extract The File Name From The File List.
-$!
-$ FILE_NAME = F$ELEMENT(FILE_COUNTER,",",'LIB_MODULE')
+$! Extract The File Name From The File List.
$!
-$! else
-$!
-$ ELSE
-$ FILE_NAME = ","
-$!
-$ IF F$TYPE('APPS_MODULE') .NES. ""
-$ THEN
-$!
-$! Extract The File Name From The File List.
-$! This part is a bit more complicated.
-$!
-$ IF APPLICATION .EQS. ""
-$ THEN
-$ APPLICATION = F$ELEMENT(APPLICATION_COUNTER,";",'APPS_MODULE')
-$ APPLICATION_COUNTER = APPLICATION_COUNTER + 1
-$ APPLICATION_OBJECTS = F$ELEMENT(1,"/",APPLICATION)
-$ APPLICATION = F$ELEMENT(0,"/",APPLICATION)
-$ FILE_COUNTER = 0
-$ ENDIF
-$
-$! WRITE SYS$OUTPUT "DEBUG: SHOW SYMBOL APPLICATION*"
-$! SHOW SYMBOL APPLICATION*
-$!
-$ IF APPLICATION .NES. ";"
-$ THEN
-$ FILE_NAME = F$ELEMENT(FILE_COUNTER,",",APPLICATION_OBJECTS)
-$ IF FILE_NAME .EQS. ","
-$ THEN
-$ APPLICATION = ""
-$ GOTO NEXT_FILE
-$ ENDIF
-$ ENDIF
-$ ENDIF
-$ ENDIF
+$ FILE_NAME = F$ELEMENT(FILE_COUNTER,",",'LIB_MODULE')
$!
$! Check To See If We Are At The End Of The File List.
$!
$ IF (FILE_NAME.EQS.",")
$ THEN
$!
-$! We Are At The End Of The File List, Change State Or Goto FILE_DONE.
+$! We Are At The End Of The File List, Goto FILE_DONE.
$!
-$ IF STATE .EQS. "LIB" .AND. BUILDALL .NES. "LIBRARY"
-$ THEN
-$ STATE = "APPS"
-$ GOTO MODULE_AGAIN
-$ ELSE
-$ GOTO FILE_DONE
-$ ENDIF
+$ GOTO FILE_DONE
$!
$! End The File List Check.
$!
@@ -566,14 +523,7 @@ $ ENDIF
$!
$! Tell The User We Are Compiling The File.
$!
-$ IF (MODULE_NAME.EQS."")
-$ THEN
-$ WRITE SYS$OUTPUT "Compiling The ",FILE_NAME," File. (",BUILDALL,",",STATE,")"
-$ ENDIF
-$ IF (MODULE_NAME.NES."")
-$ THEN
-$ WRITE SYS$OUTPUT " ",FILE_NAME,""
-$ ENDIF
+$ WRITE SYS$OUTPUT " ",FILE_NAME,""
$!
$! Compile The File.
$!
@@ -634,17 +584,14 @@ $ ENDIF
$ ENDIF
$ ENDIF
$ ENDIF
-$ IF STATE .EQS. "LIB"
-$ THEN
$!
-$! Add It To The Library.
+$! Add It To The Library.
$!
-$ LIBRARY/REPLACE 'LIB_NAME' 'OBJECT_FILE'
+$ LIBRARY/REPLACE 'LIB_NAME' 'OBJECT_FILE'
$!
-$! Time To Clean Up The Object File.
+$! Time To Clean Up The Object File.
$!
-$ DELETE 'OBJECT_FILE';*
-$ ENDIF
+$ DELETE 'OBJECT_FILE';*
$!
$! Go Back And Do It Again.
$!
@@ -654,47 +601,9 @@ $! All Done With This Library Part.
$!
$ FILE_DONE:
$!
-$! Time To Build Some Applications
-$!
-$ IF F$TYPE('APPS_MODULE') .NES. "" .AND. BUILDALL .NES. "LIBRARY"
-$ THEN
-$ APPLICATION_COUNTER = 0
-$ NEXT_APPLICATION:
-$ APPLICATION = F$ELEMENT(APPLICATION_COUNTER,";",'APPS_MODULE')
-$ IF APPLICATION .EQS. ";" THEN GOTO APPLICATION_DONE
-$
-$ APPLICATION_COUNTER = APPLICATION_COUNTER + 1
-$ APPLICATION_OBJECTS = F$ELEMENT(1,"/",APPLICATION)
-$ APPLICATION = F$ELEMENT(0,"/",APPLICATION)
-$
-$! WRITE SYS$OUTPUT "DEBUG: SHOW SYMBOL APPLICATION*"
-$! SHOW SYMBOL APPLICATION*
-$!
-$! Tell the user what happens
-$!
-$ WRITE SYS$OUTPUT " ",APPLICATION,".exe"
-$!
-$! Link The Program.
-$!
-$ ON ERROR THEN GOTO NEXT_APPLICATION
-$!
-$! Link With A TCP/IP Library.
-$!
-$ LINK /'DEBUGGER' /'LINKMAP' /'TRACEBACK' -
- /EXE='EXE_DIR''APPLICATION'.EXE -
- 'OBJ_DIR''APPLICATION_OBJECTS', -
- 'CRYPTO_LIB'/LIBRARY -
- 'TCPIP_LIB' -
- 'ZLIB_LIB' -
- ,'OPT_FILE' /OPTIONS
-$!
-$ GOTO NEXT_APPLICATION
-$ APPLICATION_DONE:
-$ ENDIF
-$!
-$! Go Back And Get The Next Module.
+$! Go Back And Get The Next Part.
$!
-$ GOTO MODULE_NEXT
+$ GOTO PART_NEXT
$!
$! All Done With This Module.
$!
@@ -851,7 +760,7 @@ $ ELSE
$!
$! Else, Check To See If P1 Has A Valid Argument.
$!
-$ IF (P1.EQS."LIBRARY").OR.(P1.EQS."APPS")
+$ IF (P1.EQS."LIBRARY")
$ THEN
$!
$! A Valid Argument.
@@ -869,7 +778,6 @@ $ WRITE SYS$OUTPUT "The Option ",P1," Is Invalid. The Valid Options Are:"
$ WRITE SYS$OUTPUT ""
$ WRITE SYS$OUTPUT " ALL : Just Build Everything."
$ WRITE SYS$OUTPUT " LIBRARY : To Compile Just The [.xxx.EXE.CRYPTO]LIBCRYPTO.OLB Library."
-$ WRITE SYS$OUTPUT " APPS : To Compile Just The [.xxx.EXE.CRYPTO]*.EXE Programs."
$ WRITE SYS$OUTPUT ""
$ WRITE SYS$OUTPUT " Where 'xxx' Stands For:"
$ WRITE SYS$OUTPUT ""
@@ -1493,10 +1401,12 @@ $ __HERE = F$PARSE(F$PARSE("A.;",F$ENVIRONMENT("PROCEDURE"))-"A.;","[]A.;") - "A
$ __HERE = F$EDIT(__HERE,"UPCASE")
$ __TOP = __HERE - "CRYPTO]"
$ __INCLUDE = __TOP + "INCLUDE.OPENSSL]"
+$ __INTERNAL = __TOP + "CRYPTO.INCLUDE.INTERNAL]"
$!
$! Set up the logical name OPENSSL to point at the include directory
$!
$ DEFINE OPENSSL/NOLOG '__INCLUDE'
+$ DEFINE INTERNAL/NOLOG '__INTERNAL'
$!
$! Done
$!
@@ -1509,6 +1419,7 @@ $!
$ IF __SAVE_OPENSSL .EQS. ""
$ THEN
$ DEASSIGN OPENSSL
+$ DEASSIGN INTERNAL
$ ELSE
$ DEFINE/NOLOG OPENSSL '__SAVE_OPENSSL'
$ ENDIF
diff --git a/crypto/install-crypto.com b/crypto/install-crypto.com
index 85b3d58..e57b2ee 100755
--- a/crypto/install-crypto.com
+++ b/crypto/install-crypto.com
@@ -76,12 +76,12 @@ $ sdirs := , -
'archd', -
objects, -
md2, md4, md5, sha, mdc2, hmac, ripemd, whrlpool, -
- des, aes, rc2, rc4, rc5, idea, bf, cast, camellia, seed, -
+ des, aes, rc2, rc4, rc5, idea, bf, cast, camellia, seed, modes, -
bn, ec, rsa, dsa, ecdsa, dh, ecdh, dso, engine, -
buffer, bio, stack, lhash, rand, err, -
evp, asn1, pem, x509, x509v3, conf, txt_db, pkcs7, pkcs12, comp, ocsp, -
ui, krb5, -
- store, cms, pqueue, ts, jpake
+ cms, pqueue, ts, jpake, srp, store, cmac
$!
$ exheader_ := crypto.h, opensslv.h, ebcdic.h, symhacks.h, ossl_typ.h
$ exheader_'archd' := opensslconf.h
@@ -133,12 +133,14 @@ $ exheader_comp := comp.h
$ exheader_ocsp := ocsp.h
$ exheader_ui := ui.h, ui_compat.h
$ exheader_krb5 := krb5_asn.h
-$! exheader_store := store.h, str_compat.h
-$ exheader_store := store.h
$ exheader_cms := cms.h
$ exheader_pqueue := pqueue.h
$ exheader_ts := ts.h
$ exheader_jpake := jpake.h
+$ exheader_srp := srp.h
+$! exheader_store := store.h, str_compat.h
+$ exheader_store := store.h
+$ exheader_cmac := cmac.h
$ libs := ssl_libcrypto
$!
$ exe_dir := [-.'archd'.exe.crypto]
diff --git a/crypto/symhacks.h b/crypto/symhacks.h
index 56922c9..03cdb1a 100644
--- a/crypto/symhacks.h
+++ b/crypto/symhacks.h
@@ -189,6 +189,14 @@
SSL_CTX_set_not_resumbl_sess_cb
# undef SSL_set_not_resumable_session_callback
# define SSL_set_not_resumable_session_callback SSL_set_not_resumbl_sess_cb
+# undef ssl_check_clienthello_tlsext_late
+# define ssl_check_clienthello_tlsext_late ssl_chk_clienthello_tlsext_late
+# undef ssl3_cbc_record_digest_supported
+# define ssl3_cbc_record_digest_supported ssl3_cbc_rcd_digest_supported
+# undef SSL_COMP_set0_compression_methods
+# define SSL_COMP_set0_compression_methods SSL_COMP_set0_compr_methods
+# undef SSL_COMP_free_compression_methods
+# define SSL_COMP_free_compression_methods SSL_COMP_free_compr_methods

/* Hack some long ENGINE names */
# undef ENGINE_get_default_BN_mod_exp_crt
@@ -399,6 +407,18 @@
# define CMS_OriginatorIdentifierOrKey_it CMS_OriginatorIdOrKey_it
# undef cms_SignerIdentifier_get0_signer_id
# define cms_SignerIdentifier_get0_signer_id cms_SignerId_get0_signer_id
+# undef CMS_RecipientInfo_kari_get0_orig_id
+# define CMS_RecipientInfo_kari_get0_orig_id CMS_RecipInfo_kari_get0_orig_id
+# undef CMS_RecipientInfo_kari_get0_reks
+# define CMS_RecipientInfo_kari_get0_reks CMS_RecipInfo_kari_get0_reks
+# undef CMS_RecipientInfo_kari_set0_pkey
+# define CMS_RecipientInfo_kari_set0_pkey CMS_RecipInfo_kari_set0_pkey
+# undef CMS_RecipientInfo_kari_orig_id_cmp
+# define CMS_RecipientInfo_kari_orig_id_cmp CMS_RecipInfo_kari_orig_id_cmp
+# undef CMS_RecipientEncryptedKey_cert_cmp
+# define CMS_RecipientEncryptedKey_cert_cmp CMS_RecipEncryptedKey_cert_cmp
+# undef CMS_RecipientEncryptedKey_get0_id
+# define CMS_RecipientEncryptedKey_get0_id CMS_RecipEncryptedKey_get0_id

/* Hack some long DTLS1 names */
# undef dtls1_retransmit_buffered_messages
@@ -416,6 +436,10 @@
# undef UI_method_set_prompt_constructor
# define UI_method_set_prompt_constructor UI_method_set_prompt_constructr

+/* Hack some long RSA names */
+# undef RSA_padding_check_PKCS1_OAEP_mgf1
+# define RSA_padding_check_PKCS1_OAEP_mgf1 RSA_padding_chk_PKCS1_OAEP_mgf1
+
# endif /* defined OPENSSL_SYS_VMS */

/* Case insensitive linking causes problems.... */
diff --git a/e_os.h b/e_os.h
index 0fbc33c..f4a427a 100644
--- a/e_os.h
+++ b/e_os.h
@@ -385,6 +385,7 @@ extern FILE *_imp___iob;
__VMS_EXIT |= 0x10000000; \
exit(__VMS_EXIT); } while(0)
# define NO_SYS_PARAM_H
+# define NO_SYS_UN_H

# elif defined(OPENSSL_SYS_NETWARE)
# include <fcntl.h>
diff --git a/engines/makeengines.com b/engines/makeengines.com
index 6329fbb..a0bd168 100644
--- a/engines/makeengines.com
+++ b/engines/makeengines.com
@@ -94,12 +94,12 @@ $! library that isn't necessarely ported to VMS.
$!
$ ENGINES = "," + P6
$ IF ENGINES .EQS. "," THEN -
- ENGINES = ",4758cca,aep,atalla,cswift,chil,nuron,sureware,ubsec,padlock,"
+ ENGINES = ",4758cca,padlock,capi,"
$!
$! GOST requires a 64-bit integer type, unavailable on VAX.
$!
$ IF (ARCH .NES. "VAX") THEN -
- ENGINES = ENGINES+ ",ccgost"
+ ENGINES = ENGINES+ ",gost"
$!
$! Check options.
$!
@@ -156,20 +156,14 @@ $ TV_OBJ_NAME = OBJ_DIR + F$PARSE(ENGINE_,,,"NAME","SYNTAX_ONLY") + ".OBJ"
$ TV_OBJ = ",''TV_OBJ_NAME'"
$ ENDIF
$ ENGINE_4758CCA = "e_4758cca"
-$ ENGINE_aep = "e_aep"
-$ ENGINE_atalla = "e_atalla"
-$ ENGINE_cswift = "e_cswift"
-$ ENGINE_chil = "e_chil"
-$ ENGINE_nuron = "e_nuron"
-$ ENGINE_sureware = "e_sureware"
-$ ENGINE_ubsec = "e_ubsec"
$ ENGINE_padlock = "e_padlock"
-$
-$ ENGINE_ccgost_SUBDIR = "ccgost"
-$ ENGINE_ccgost = "e_gost_err,gost2001_keyx,gost2001,gost89,gost94_keyx,"+ -
- "gost_ameth,gost_asn1,gost_crypt,gost_ctl,gost_eng,"+ -
- "gosthash,gost_keywrap,gost_md,gost_params,gost_pmeth,"+ -
- "gost_sign"
+$ ENGINE_capi = "e_capi"
+$
+$ ENGINE_gost_SUBDIR = "ccgost"
+$ ENGINE_gost = "e_gost_err,gost2001_keyx,gost2001,gost89,gost94_keyx,"+ -
+ "gost_ameth,gost_asn1,gost_crypt,gost_ctl,gost_eng,"+ -
+ "gosthash,gost_keywrap,gost_md,gost_params,gost_pmeth,"+ -
+ "gost_sign"
$!
$! Define which programs need to be linked with a TCP/IP library
$!
diff --git a/makevms.com b/makevms.com
index 331b1be..cf759e4 100755
--- a/makevms.com
+++ b/makevms.com
@@ -243,9 +243,23 @@ $ WRITE H_FILE "#ifndef OPENSSL_SYS_VMS"
$ WRITE H_FILE "# define OPENSSL_SYS_VMS"
$ WRITE H_FILE "#endif"
$
+$!
+$! Defined the full SDIRS here. It will be pruned depending on configuration.
+$! This is an exact copy of what's found in Makefile.org, with spaces replaced
+$! with commas.
+$!
+$ SDIRS := -
+ objects,-
+ md2,md4,md5,sha,mdc2,hmac,ripemd,whrlpool,-
+ des,aes,rc2,rc4,rc5,idea,bf,cast,camellia,seed,modes,-
+ bn,ec,rsa,dsa,ecdsa,dh,ecdh,dso,engine,-
+ buffer,bio,stack,lhash,rand,err,-
+ evp,asn1,pem,x509,x509v3,conf,txt_db,pkcs7,pkcs12,comp,ocsp,ui,krb5,-
+ cms,pqueue,ts,jpake,srp,store,cmac
+$
$! One of the best way to figure out what the list should be is to do
$! the following on a Unix system:
-$! grep OPENSSL_NO_ crypto/*/*.h ssl/*.h engines/*.h engines/*/*.h|grep ':# *if'|sed -e 's/^.*def //'|sort|uniq
+$! grep OPENSSL_NO_ crypto/include/internal/*.h crypto/*/*.h ssl/*.h engines/*.h engines/*/*.h|grep ':# *if'|sed -e 's/^.*def //'|sort|uniq

$! For that reason, the list will also always end up in alphabetical order
$ CONFIG_LOGICALS := AES,-
ASM,INLINE_ASM,-

@@ -266,46 +280,42 @@ $ CONFIG_LOGICALS := AES,-
EC_NISTP_64_GCC_128,-
ENGINE,-
ERR,-
- EVP,-
- FP_API,-
GMP,-
GOST,-
- HASH_COMP,-
+ HEARTBEATS,-
HMAC,-
IDEA,-
JPAKE,-
KRB5,-
- LHASH,-
MD2,-
MD4,-
MD5,-
MDC2,-
NEXTPROTONEG,-
+ OCB,-
OCSP,-
PSK,-
RC2,-
RC4,-
RC5,-
- RIPEMD,-
+ RMD160,-
RSA,-
+ SCTP,-
SEED,-
- SHA,-
- SHA0,-
- SHA1,-
- SHA256,-
- SHA512,-
SOCK,-
SRP,-
+ SRTP,-
+ SSL3_METHOD,-
SSL_INTERN,-
- STACK,-
+ SSL_TRACE,-
STATIC_ENGINE,-
STDIO,-
STORE,-
TLSEXT,-
+ UNIT_TEST,-
WHIRLPOOL
-$! Add a few that we know about
-$ CONFIG_LOGICALS := 'CONFIG_LOGICALS',-
- THREADS
+$ CONFIG_EXPERIMENTAL := JPAKE,-
+ STORE
$! The following rules, which dictate how some algorithm choices affect
$! others, are picked from Configure.
$! Quick syntax:
@@ -322,18 +332,29 @@ $! affect all following rules that depend on that algorithm being disabled.
$! To force something to be enabled or disabled, have no algorithms in the
$! algos part.
$ CONFIG_DISABLE_RULES := RIJNDAEL/AES;-
+ RMD160/RIPEMD;-
DES/MDC2;-
EC/ECDSA,ECDH;-
MD5/SSL3,TLS1;-
SHA/SSL3,TLS1;-
+ RSA,DSA/SSL3,TLS1;-
DH/SSL3,TLS1;-
TLS1/TLSEXT;-
EC/GOST;-
DSA/GOST;-
DH/GOST;-
+ TLSEXT/SRP,HEARTBEAT;-
/STATIC_ENGINE;-
/KRB5;-
- /EC_NISTP_64_GCC_128
+ /DEPRECATED;-
+ /EC_NISTP_64_GCC_128;-
+ /GMP;-
+ /MD2;-
+ /RC5;-
+ /RFC3779;-
+ /SCTP;-
+ /SSL_TRACE;-
+ /UNIT_TEST
$ CONFIG_ENABLE_RULES := ZLIB_DYNAMIC/ZLIB;-
/THREADS
$
@@ -346,25 +367,59 @@ $ CONFIG_DISABLE_RULES = CONFIG_DISABLE_RULES + -
";/WHIRLPOOL"
$ ENDIF
$
+$! Keep track of things to remove from SDIRS, have the items surrounded
+$! with commas
+$ SKIP_SDIRS = ","
+$
$ CONFIG_LOG_I = 0
-$ CONFIG_LOG_LOOP1:
+$ CONFIG_LOG_LOOP11:
$ CONFIG_LOG_E = F$EDIT(F$ELEMENT(CONFIG_LOG_I,",",CONFIG_LOGICALS),"TRIM")
$ CONFIG_LOG_I = CONFIG_LOG_I + 1
-$ IF CONFIG_LOG_E .EQS. "" THEN GOTO CONFIG_LOG_LOOP1
-$ IF CONFIG_LOG_E .EQS. "," THEN GOTO CONFIG_LOG_LOOP1_END
+$ IF CONFIG_LOG_E .EQS. "" THEN GOTO CONFIG_LOG_LOOP11
+$ IF CONFIG_LOG_E .EQS. "," THEN GOTO CONFIG_LOG_LOOP11_END
$ IF F$TRNLNM("OPENSSL_NO_"+CONFIG_LOG_E)
$ THEN
$ CONFIG_DISABLED_'CONFIG_LOG_E' := YES
$ CONFIG_ENABLED_'CONFIG_LOG_E' := NO
$ CONFIG_CHANGED_'CONFIG_LOG_E' := YES
+$ IF (SKIP_SDIRS - (","+CONFIG_LOG_E+",")) .EQS. SKIP_SDIRS THEN -
+ SKIP_SDIRS = SKIP_SDIRS + CONFIG_LOG_E + ","
$ ELSE
$ CONFIG_DISABLED_'CONFIG_LOG_E' := NO
$ CONFIG_ENABLED_'CONFIG_LOG_E' := YES
-$ ! Because all algorithms are assumed enabled by default
+$ ! Because all non-experimental algorithms are assumed
+$ ! enabled by default
$ CONFIG_CHANGED_'CONFIG_LOG_E' := NO
+$ IF (SKIP_SDIRS - (","+CONFIG_LOG_E+",")) .NES. SKIP_SDIRS THEN -
+ SKIP_SDIRS = SKIP_SDIRS - (CONFIG_LOG_E + ",")
$ ENDIF
-$ GOTO CONFIG_LOG_LOOP1
-$ CONFIG_LOG_LOOP1_END:
+$ GOTO CONFIG_LOG_LOOP11
+$ CONFIG_LOG_LOOP11_END:
+$
+$ CONFIG_LOG_I = 0
+$ CONFIG_LOG_LOOP12:
+$ CONFIG_LOG_E = F$EDIT(F$ELEMENT(CONFIG_LOG_I,",",CONFIG_EXPERIMENTAL),"TRIM")
+$ CONFIG_LOG_I = CONFIG_LOG_I + 1
+$ IF CONFIG_LOG_E .EQS. "" THEN GOTO CONFIG_LOG_LOOP12
+$ IF CONFIG_LOG_E .EQS. "," THEN GOTO CONFIG_LOG_LOOP12_END
+$ IF F$TRNLNM("OPENSSL_EXPERIMENTAL_"+CONFIG_LOG_E)
+$ THEN
+$ CONFIG_DISABLED_'CONFIG_LOG_E' := NO
+$ CONFIG_ENABLED_'CONFIG_LOG_E' := YES
+$ CONFIG_CHANGED_'CONFIG_LOG_E' := YES
+$ IF (SKIP_SDIRS - (","+CONFIG_LOG_E+",")) .NES. SKIP_SDIRS THEN -
+ SKIP_SDIRS = SKIP_SDIRS - (CONFIG_LOG_E + ",")
+$ ELSE
+$ CONFIG_DISABLED_'CONFIG_LOG_E' := YES
+$ CONFIG_ENABLED_'CONFIG_LOG_E' := NO
+$ ! Because all experimental algorithms are assumed
+$ ! disabled by default
+$ CONFIG_CHANGED_'CONFIG_LOG_E' := NO
+$ IF (SKIP_SDIRS - (","+CONFIG_LOG_E+",")) .EQS. SKIP_SDIRS THEN -
+ SKIP_SDIRS = SKIP_SDIRS + CONFIG_LOG_E + ","
+$ ENDIF
+$ GOTO CONFIG_LOG_LOOP12
+$ CONFIG_LOG_LOOP12_END:
$
$! Apply cascading disable rules
$ CONFIG_DISABLE_I = 0
@@ -407,6 +462,8 @@ $ CONFIG_DISABLED_'CONFIG_DEPENDENT_E' := YES
$ CONFIG_ENABLED_'CONFIG_DEPENDENT_E' := NO
$ ! Better not to assume defaults at this point...
$ CONFIG_CHANGED_'CONFIG_DEPENDENT_E' := YES
+$ IF (SKIP_SDIRS - (","+CONFIG_DEPENDENT_E+",")) .EQS. SKIP_SDIRS THEN -
+ SKIP_SDIRS = SKIP_SDIRS + CONFIG_DEPENDENT_E + ","
$ WRITE SYS$ERROR -
"''CONFIG_DEPENDENT_E' disabled by rule ''CONFIG_DISABLE_E'"
$ GOTO CONFIG_DISABLE_LOOP2
@@ -456,6 +513,8 @@ $ CONFIG_DISABLED_'CONFIG_DEPENDENT_E' := NO
$ CONFIG_ENABLED_'CONFIG_DEPENDENT_E' := YES
$ ! Better not to assume defaults at this point...
$ CONFIG_CHANGED_'CONFIG_DEPENDENT_E' := YES
+$ IF (SKIP_SDIRS - (","+CONFIG_DEPENDENT_E+",")) .NES. SKIP_SDIRS THEN -
+ SKIP_SDIRS = SKIP_SDIRS - (CONFIG_DEPENDENT_E + ",")
$ WRITE SYS$ERROR -
"''CONFIG_DEPENDENT_E' enabled by rule ''CONFIG_ENABLE_E'"
$ GOTO CONFIG_ENABLE_LOOP2
@@ -464,6 +523,19 @@ $ ENDIF
$ GOTO CONFIG_ENABLE_LOOP0
$ CONFIG_ENABLE_LOOP0_END:
$
+$! Fix SDIRS
+$ SDIRS = ","+F$EDIT(SDIRS,"COLLAPSE")+","
+$ CONFIG_SKIP_I = 0
+$ CONFIG_SDIRS_LOOP1:
+$ CONFIG_SKIP_E = F$EDIT(F$ELEMENT(CONFIG_SKIP_I,",",SKIP_SDIRS),"TRIM")
+$ CONFIG_SKIP_I = CONFIG_SKIP_I + 1
+$ IF CONFIG_SKIP_E .EQS. "" THEN GOTO CONFIG_SDIRS_LOOP1
+$ IF CONFIG_SKIP_E .EQS. "," THEN GOTO CONFIG_SDIRS_LOOP1_END
+$ IF (SDIRS - (","+CONFIG_SKIP_E+",")) .NES. SDIRS THEN -
+ SDIRS = SDIRS - (CONFIG_SKIP_E+",")
+$ GOTO CONFIG_SDIRS_LOOP1
+$ CONFIG_SDIRS_LOOP1_END:
+$
$! Write to the configuration
$ CONFIG_LOG_I = 0
$ CONFIG_LOG_LOOP2:
@@ -471,21 +543,32 @@ $ CONFIG_LOG_E = F$EDIT(F$ELEMENT(CONFIG_LOG_I,",",CONFIG_LOGICALS),"TRIM")
$ CONFIG_LOG_I = CONFIG_LOG_I + 1
$ IF CONFIG_LOG_E .EQS. "" THEN GOTO CONFIG_LOG_LOOP2
$ IF CONFIG_LOG_E .EQS. "," THEN GOTO CONFIG_LOG_LOOP2_END
-$ IF CONFIG_CHANGED_'CONFIG_LOG_E'
+$ IF CONFIG_DISABLED_'CONFIG_LOG_E'
$ THEN
-$ IF CONFIG_DISABLED_'CONFIG_LOG_E'
+$ WRITE H_FILE "#ifndef OPENSSL_NO_",CONFIG_LOG_E
+$ WRITE H_FILE "# define OPENSSL_NO_",CONFIG_LOG_E
+$ WRITE H_FILE "#endif"
+$ ELSE
+$ IF CONFIG_CHANGED_'CONFIG_LOG_E'
$ THEN
-$ WRITE H_FILE "#ifndef OPENSSL_NO_",CONFIG_LOG_E
-$ WRITE H_FILE "# define OPENSSL_NO_",CONFIG_LOG_E
-$ WRITE H_FILE "#endif"
-$ ELSE
-$ WRITE H_FILE "#ifndef OPENSSL_",CONFIG_LOG_E
-$ WRITE H_FILE "# define OPENSSL_",CONFIG_LOG_E
+$ WRITE H_FILE "#ifndef OPENSSL_EXPERIMENTAL_",CONFIG_LOG_E
+$ WRITE H_FILE "# ifndef OPENSSL_NO_",CONFIG_LOG_E
+$ WRITE H_FILE "# define OPENSSL_NO_",CONFIG_LOG_E
+$ WRITE H_FILE "# endif"
$ WRITE H_FILE "#endif"
+$
+$ IF F$TYPE(USER_CCDEFS) .NES. ""
+$ THEN
+$ USER_CCDEFS = USER_CCDEFS + ",OPENSSL_EXPERIMENTAL_" + CONFIG_LOG_E
+$ ELSE
+$ USER_CCDEFS = "OPENSSL_EXPERIMENTAL_" + CONFIG_LOG_E
+$ ENDIF
$ ENDIF
$ ENDIF
$ GOTO CONFIG_LOG_LOOP2
$ CONFIG_LOG_LOOP2_END:
+$
+$ WRITE/SYMBOL SYS$ERROR "SDIRS = """,SDIRS,""""
$!
$ WRITE H_FILE ""
$ WRITE H_FILE "/* STCP support comes with TCPIP 5.7 ECO 2 "
@@ -689,7 +772,7 @@ $ copy 'exheader' sys$disk:[.include.openssl]
$!
$! Copy All The ".H" Files From The [.CRYPTO] Directory Tree.
$!
-$ SDIRS := , -
+$ HEADER_SDIRS := , -
'ARCHD', -
OBJECTS, -
MD2, MD4, MD5, SHA, MDC2, HMAC, RIPEMD, WHRLPOOL, -
@@ -760,20 +843,20 @@ $ EXHEADER_STORE := store.h
$ EXHEADER_CMAC := cmac.h
$!
$ i = 0
-$ loop_sdirs:
-$ sdir = f$edit( f$element( i, ",", sdirs), "trim")
+$ loop_header_sdirs:
+$ sdir = f$edit( f$element( i, ",", header_sdirs), "trim")
$ i = i + 1
-$ if (sdir .eqs. ",") then goto loop_sdirs_end
+$ if (sdir .eqs. ",") then goto loop_header_sdirs_end
$ hdr_list = exheader_'sdir'
$ if (sdir .nes. "") then sdir = "."+ sdir
$ copy [.crypto'sdir']'hdr_list' sys$disk:[.include.openssl]
-$ goto loop_sdirs
-$ loop_sdirs_end:
+$ goto loop_header_sdirs
+$ loop_header_sdirs_end:
$!
$! Copy All The ".H" Files From The [.SSL] Directory.
$!
$! (keep these in the same order as ssl/Makefile)
-$ EXHEADER := ssl.h, ssl2.h, ssl3.h, ssl23.h, tls1.h, dtls1.h, kssl.h
+$ EXHEADER := ssl.h, ssl2.h, ssl3.h, ssl23.h, tls1.h, dtls1.h, kssl.h, srtp.h
$ copy sys$disk:[.ssl]'exheader' sys$disk:[.include.openssl]
$!
$! Purge the [.include.openssl] header files.
@@ -803,11 +886,6 @@ $!
$ @CRYPTO-LIB LIBRARY 'DEBUGGER' "''COMPILER'" "''TCPIP_TYPE'" -
"''ISSEVEN'" "''BUILDPART'" "''POINTER_SIZE'" "''ZLIB'"
$!
-$! Build The [.xxx.EXE.CRYPTO]*.EXE Test Applications.
-$!
-$ @CRYPTO-LIB APPS 'DEBUGGER' "''COMPILER'" "''TCPIP_TYPE'" -
- "''ISSEVEN'" "''BUILDPART'" "''POINTER_SIZE'" "''ZLIB'"
-$!
$! Go Back To The Main Directory.
$!
$ SET DEFAULT [-]
diff --git a/ssl/ssl-lib.com b/ssl/ssl-lib.com
index 51e2b12..b160a0a 100644
--- a/ssl/ssl-lib.com
+++ b/ssl/ssl-lib.com
@@ -213,16 +213,15 @@ $ ENDIF
$!
$! Define The Different SSL "library" Files.
$!
-$ LIB_SSL = "s2_meth,s2_srvr,s2_clnt,s2_lib,s2_enc,s2_pkt,"+ -
- "s3_meth,s3_srvr,s3_clnt,s3_lib,s3_enc,s3_pkt,s3_both,"+ -
- "s23_meth,s23_srvr,s23_clnt,s23_lib,s23_pkt,"+ -
- "t1_meth,t1_srvr,t1_clnt,t1_lib,t1_enc,"+ -
- "d1_meth,d1_srvr,d1_clnt,d1_lib,d1_pkt,"+ -
- "d1_both,d1_enc,d1_srtp,"+ -
+$ LIB_SSL = "s3_meth, s3_srvr, s3_clnt, s3_lib, s3_enc,s3_pkt,s3_both,s3_cbc,"+ -
+ "s23_meth,s23_srvr,s23_clnt,s23_lib, s23_pkt,"+ -
+ "t1_meth, t1_srvr, t1_clnt, t1_lib, t1_enc, t1_ext,"+ -
+ "d1_meth, d1_srvr, d1_clnt, d1_lib, d1_pkt,"+ -
+ "d1_both,d1_srtp,"+ -
"ssl_lib,ssl_err2,ssl_cert,ssl_sess,"+ -
"ssl_ciph,ssl_stat,ssl_rsa,"+ -
- "ssl_asn1,ssl_txt,ssl_algs,"+ -
- "bio_ssl,ssl_err,kssl,t1_reneg,tls_srp,t1_trce"
+ "ssl_asn1,ssl_txt,ssl_algs,ssl_conf,"+ -
+ "bio_ssl,ssl_err,kssl,t1_reneg,tls_srp,t1_trce,ssl_utst"
$!
$ COMPILEWITH_CC5 = ""
$!
@@ -240,7 +239,7 @@ $ NEXT_FILE:
$!
$! O.K, Extract The File Name From The File List.
$!
-$ FILE_NAME = F$ELEMENT(FILE_COUNTER,",",LIB_SSL)
+$ FILE_NAME = F$EDIT(F$ELEMENT(FILE_COUNTER,",",LIB_SSL),"TRIM")
$!
$! Check To See If We Are At The End Of The File List.
$!
diff --git a/ssl/ssl_task.c b/ssl/ssl_task.c
index f0ed4e4..dad20c6 100644
--- a/ssl/ssl_task.c
+++ b/ssl/ssl_task.c
@@ -131,8 +131,8 @@ int LIB$INIT_TIMER(), LIB$SHOW_TIMER();
#include <openssl/ssl.h>
#include <openssl/err.h>

-int MS_CALLBACK verify_callback(int ok, X509 *xs, X509 *xi, int depth,
- int error);
+int verify_callback(int ok, X509 *xs, X509 *xi, int depth,
+ int error);
BIO *bio_err = NULL;
BIO *bio_stdout = NULL;
BIO_METHOD *BIO_s_rtcp();
diff --git a/test/cms-test.pl b/test/cms-test.pl
index 7d4ca29..1c3f00d 100644
--- a/test/cms-test.pl
+++ b/test/cms-test.pl
@@ -58,19 +58,32 @@ my $redir = " 2> cms.err > cms.out";
# Make VMS work
if ( $^O eq "VMS" && -f "OSSLX:openssl.exe" ) {
$ossl_path = "pipe mcr OSSLX:openssl";
+ $null_path = "NL:";
+ # On VMS, the lowest 3 bits of the exit code indicates severity
+ # 1 is success (perl translates it to 0 for $?), 2 is error
+ # (perl doesn't translate it)
+ $failure_code = 512; # 2 << 8 = 512
}
# Make MSYS work
elsif ( $^O eq "MSWin32" && -f "../apps/openssl.exe" ) {
$ossl_path = "cmd /c ..\\apps\\openssl";
+ $null_path = "/dev/null";
+ $failure_code = 256;
}
elsif ( -f "../apps/openssl$ENV{EXE_EXT}" ) {
$ossl_path = "../util/shlib_wrap.sh ../apps/openssl";
+ $null_path = "/dev/null";
+ $failure_code = 256;
}
elsif ( -f "..\\out32dll\\openssl.exe" ) {
$ossl_path = "..\\out32dll\\openssl.exe";
+ $null_path = "/dev/null";
+ $failure_code = 256;
}
elsif ( -f "..\\out32\\openssl.exe" ) {
$ossl_path = "..\\out32\\openssl.exe";
+ $null_path = "/dev/null";
+ $failure_code = 256;
}
else {
die "Can't find OpenSSL executable";
@@ -87,12 +100,12 @@ my $no_ec2m;
my $no_ecdh;
my $ossl8 = `$ossl_path version -v` =~ /0\.9\.8/;

-system ("$ossl_path no-ec >/dev/null");
+system ("$ossl_path no-ec > $null_path");
if ($? == 0)
{
$no_ec = 1;
}
-elsif ($? == 256)
+elsif ($? == $failure_code)
{
$no_ec = 0;
}
@@ -101,12 +114,12 @@ else
die "Error checking for EC support\n";
}

-system ("$ossl_path no-ec2m >/dev/null");
+system ("$ossl_path no-ec2m > $null_path");
if ($? == 0)
{
$no_ec2m = 1;
}
-elsif ($? == 256)
+elsif ($? == $failure_code)
{
$no_ec2m = 0;
}
@@ -115,12 +128,12 @@ else
die "Error checking for EC2M support\n";
}

-system ("$ossl_path no-ecdh >/dev/null");
+system ("$ossl_path no-ecdh > $null_path");
if ($? == 0)
{
$no_ecdh = 1;
}
-elsif ($? == 256)
+elsif ($? == $failure_code)
{
$no_ecdh = 0;
}
diff --git a/test/maketests.com b/test/maketests.com
index e7a6860..5919374 100644
--- a/test/maketests.com
+++ b/test/maketests.com
@@ -142,47 +142,56 @@ $!
$ TEST_FILES = "BNTEST,ECTEST,ECDSATEST,ECDHTEST,IDEATEST,"+ -
"MD2TEST,MD4TEST,MD5TEST,HMACTEST,WP_TEST,"+ -
"RC2TEST,RC4TEST,RC5TEST,"+ -
- "DESTEST,SHATEST,SHA1TEST,SHA256T,SHA512T,"+ -
+ "DESTEST,SHA1TEST,SHA256T,SHA512T,"+ -
"MDC2TEST,RMDTEST,"+ -
"RANDTEST,DHTEST,ENGINETEST,"+ -
- "BFTEST,CASTTEST,SSLTEST,EXPTEST,DSATEST,RSA_TEST,"+ -
- "EVP_TEST,IGETEST,JPAKETEST,SRPTEST"
+ "GOST2814789TEST,"+ -
+ "BFTEST,CASTTEST,SSLTEST,"+ -
+ "EXPTEST,DSATEST,RSA_TEST,"+ -
+ "EVP_TEST,IGETEST,JPAKETEST,SRPTEST,"+ -
+ "V3NAMETEST,HEARTBEAT_TEST,P5_CRPT2_TEST,"+ -
+ "CONSTANT_TIME_TEST"
$! Should we add MTTEST,PQ_TEST,LH_TEST,DIVTEST,TABTEST as well?
$!
$! Additional directory information.
-$ T_D_BNTEST := [-.crypto.bn]
-$ T_D_ECTEST := [-.crypto.ec]
-$ T_D_ECDSATEST := [-.crypto.ecdsa]
-$ T_D_ECDHTEST := [-.crypto.ecdh]
-$ T_D_IDEATEST := [-.crypto.idea]
-$ T_D_MD2TEST := [-.crypto.md2]
-$ T_D_MD4TEST := [-.crypto.md4]
-$ T_D_MD5TEST := [-.crypto.md5]
-$ T_D_HMACTEST := [-.crypto.hmac]
-$ T_D_WP_TEST := [-.crypto.whrlpool]
-$ T_D_RC2TEST := [-.crypto.rc2]
-$ T_D_RC4TEST := [-.crypto.rc4]
-$ T_D_RC5TEST := [-.crypto.rc5]
-$ T_D_DESTEST := [-.crypto.des]
-$ T_D_SHATEST := [-.crypto.sha]
-$ T_D_SHA1TEST := [-.crypto.sha]
-$ T_D_SHA256T := [-.crypto.sha]
-$ T_D_SHA512T := [-.crypto.sha]
-$ T_D_MDC2TEST := [-.crypto.mdc2]
-$ T_D_RMDTEST := [-.crypto.ripemd]
-$ T_D_RANDTEST := [-.crypto.rand]
-$ T_D_DHTEST := [-.crypto.dh]
-$ T_D_ENGINETEST := [-.crypto.engine]
-$ T_D_BFTEST := [-.crypto.bf]
-$ T_D_CASTTEST := [-.crypto.cast]
-$ T_D_SSLTEST := [-.ssl]
-$ T_D_EXPTEST := [-.crypto.bn]
-$ T_D_DSATEST := [-.crypto.dsa]
-$ T_D_RSA_TEST := [-.crypto.rsa]
-$ T_D_EVP_TEST := [-.crypto.evp]
-$ T_D_IGETEST := [-.test]
-$ T_D_JPAKETEST := [-.crypto.jpake]
-$ T_D_SRPTEST := [-.crypto.srp]
+$ T_D_BNTEST := [-.crypto.bn]
+$ T_D_ECTEST := [-.crypto.ec]
+$ T_D_ECDSATEST := [-.crypto.ecdsa]
+$ T_D_ECDHTEST := [-.crypto.ecdh]
+$ T_D_IDEATEST := [-.crypto.idea]
+$ T_D_MD2TEST := [-.crypto.md2]
+$ T_D_MD4TEST := [-.crypto.md4]
+$ T_D_MD5TEST := [-.crypto.md5]
+$ T_D_HMACTEST := [-.crypto.hmac]
+$ T_D_WP_TEST := [-.crypto.whrlpool]
+$ T_D_RC2TEST := [-.crypto.rc2]
+$ T_D_RC4TEST := [-.crypto.rc4]
+$ T_D_RC5TEST := [-.crypto.rc5]
+$ T_D_DESTEST := [-.crypto.des]
+$ T_D_SHATEST := [-.crypto.sha]
+$ T_D_SHA1TEST := [-.crypto.sha]
+$ T_D_SHA256T := [-.crypto.sha]
+$ T_D_SHA512T := [-.crypto.sha]
+$ T_D_MDC2TEST := [-.crypto.mdc2]
+$ T_D_RMDTEST := [-.crypto.ripemd]
+$ T_D_RANDTEST := [-.crypto.rand]
+$ T_D_DHTEST := [-.crypto.dh]
+$ T_D_ENGINETEST := [-.crypto.engine]
+$ T_D_GOST2814789TEST := [-.engines.ccgost]
+$ T_D_BFTEST := [-.crypto.bf]
+$ T_D_CASTTEST := [-.crypto.cast]
+$ T_D_SSLTEST := [-.ssl]
+$ T_D_EXPTEST := [-.crypto.bn]
+$ T_D_DSATEST := [-.crypto.dsa]
+$ T_D_RSA_TEST := [-.crypto.rsa]
+$ T_D_EVP_TEST := [-.crypto.evp]
+$ T_D_IGETEST := [-.test]
+$ T_D_JPAKETEST := [-.crypto.jpake]
+$ T_D_SRPTEST := [-.crypto.srp]
+$ T_D_V3NAMETEST := [-.crypto.x509v3]
+$ T_D_HEARTBEAT_TEST := [-.ssl]
+$ T_D_P5_CRPT2_TEST := [-.crypto.evp]
+$ T_D_CONSTANT_TIME_TEST := [-.crypto]
$!
$ TCPIP_PROGRAMS = ",,"
$ IF COMPILER .EQS. "VAXC" THEN -
@@ -468,7 +477,7 @@ $ CHECK_OPTIONS:
$!
$! Set basic C compiler /INCLUDE directories.
$!
-$ CC_INCLUDES = "SYS$DISK:[-],SYS$DISK:[-.CRYPTO]"
+$ CC_INCLUDES = "SYS$DISK:[],SYS$DISK:[-],SYS$DISK:[-.CRYPTO]"
$!
$! Check To See If P1 Is Blank.
$!
@@ -1060,10 +1069,12 @@ $ __HERE = F$PARSE(F$PARSE("A.;",F$ENVIRONMENT("PROCEDURE"))-"A.;","[]A.;") - "A
$ __HERE = F$EDIT(__HERE,"UPCASE")
$ __TOP = __HERE - "TEST]"
$ __INCLUDE = __TOP + "INCLUDE.OPENSSL]"
+$ __INTERNAL = __TOP + "CRYPTO.INCLUDE.INTERNAL]"
$!
$! Set up the logical name OPENSSL to point at the include directory
$!
$ DEFINE OPENSSL /NOLOG '__INCLUDE'
+$ DEFINE INTERNAL /NOLOG '__INTERNAL'
$!
$! Done
$!
@@ -1076,6 +1087,7 @@ $!
$ IF __SAVE_OPENSSL .EQS. ""
$ THEN
$ DEASSIGN OPENSSL
+$ DEASSIGN INTERNAL
$ ELSE
$ DEFINE /NOLOG OPENSSL '__SAVE_OPENSSL'
$ ENDIF
diff --git a/test/tests.com b/test/tests.com
index 62be1e7..ba947be 100644
--- a/test/tests.com
+++ b/test/tests.com
@@ -27,6 +27,7 @@ $ endif
$!
$ texe_dir := sys$disk:[-.'__archd'.exe.test]
$ exe_dir := sys$disk:[-.'__archd'.exe.apps]
+$ engines_dir := sys$disk:[-.'__archd'.exe.engines]
$
$ set default '__here'
$
@@ -51,47 +52,55 @@ $! if there's a difference that needs to be taken care of.
$ tests := -
test_des,test_idea,test_sha,test_md4,test_md5,test_hmac,-
test_md2,test_mdc2,test_wp,-
- test_rmd,test_rc2,test_rc4,test_rc5,test_bf,test_cast,test_aes,-
+ test_rmd,test_rc2,test_rc4,test_rc5,test_bf,test_cast,-
test_rand,test_bn,test_ec,test_ecdsa,test_ecdh,-
test_enc,test_x509,test_rsa,test_crl,test_sid,-
test_gen,test_req,test_pkcs7,test_verify,test_dh,test_dsa,-
test_ss,test_ca,test_engine,test_evp,test_ssl,test_tsa,test_ige,-
- test_jpake,test_srp,test_cms
+ test_jpake,test_srp,test_cms,test_v3name,test_ocsp,-
+ test_gost2814789,test_heartbeat,test_p5_crpt2,-
+ test_constant_time
$ endif
$ tests = f$edit(tests,"COLLAPSE")
$
-$ BNTEST := bntest
-$ ECTEST := ectest
-$ ECDSATEST := ecdsatest
-$ ECDHTEST := ecdhtest
-$ EXPTEST := exptest
-$ IDEATEST := ideatest
-$ SHATEST := shatest
-$ SHA1TEST := sha1test
-$ MDC2TEST := mdc2test
-$ RMDTEST := rmdtest
-$ MD2TEST := md2test
-$ MD4TEST := md4test
-$ MD5TEST := md5test
-$ HMACTEST := hmactest
-$ WPTEST := wp_test
-$ RC2TEST := rc2test
-$ RC4TEST := rc4test
-$ RC5TEST := rc5test
-$ BFTEST := bftest
-$ CASTTEST := casttest
-$ DESTEST := destest
-$ RANDTEST := randtest
-$ DHTEST := dhtest
-$ DSATEST := dsatest
-$ METHTEST := methtest
-$ SSLTEST := ssltest
-$ RSATEST := rsa_test
-$ ENGINETEST := enginetest
-$ EVPTEST := evp_test
-$ IGETEST := igetest
-$ JPAKETEST := jpaketest
-$ SRPTEST := srptest
+$ BNTEST := bntest
+$ ECTEST := ectest
+$ ECDSATEST := ecdsatest
+$ ECDHTEST := ecdhtest
+$ EXPTEST := exptest
+$ IDEATEST := ideatest
+$ SHA1TEST := sha1test
+$ SHA256TEST := sha256t
+$ SHA512TEST := sha512t
+$ MDC2TEST := mdc2test
+$ RMDTEST := rmdtest
+$ MD2TEST := md2test
+$ MD4TEST := md4test
+$ MD5TEST := md5test
+$ HMACTEST := hmactest
+$ WPTEST := wp_test
+$ RC2TEST := rc2test
+$ RC4TEST := rc4test
+$ RC5TEST := rc5test
+$ BFTEST := bftest
+$ CASTTEST := casttest
+$ DESTEST := destest
+$ RANDTEST := randtest
+$ DHTEST := dhtest
+$ DSATEST := dsatest
+$ METHTEST := methtest
+$ SSLTEST := ssltest
+$ RSATEST := rsa_test
+$ ENGINETEST := enginetest
+$ GOST2814789TEST := gost2814789test
+$ EVPTEST := evp_test
+$ P5_CRPT2_TEST := p5_crpt2_test
+$ IGETEST := igetest
+$ JPAKETEST := jpaketest
+$ SRPTEST := srptest
+$ V3NAMETEST := v3nametest
+$ HEARTBEATTEST := heartbeat_test
+$ CONSTTIMETEST := constant_time_test
$!
$ tests_i = 0
$ loop_tests:
@@ -105,6 +114,9 @@ $
$ test_evp:
$ mcr 'texe_dir''evptest' 'ROOT'.CRYPTO.EVP]evptests.txt
$ return
+$ test_p5_crpt2:
+$ mcr 'texe_dir''p5_crpt2_test'
+$ return
$ test_des:
$ mcr 'texe_dir''destest'
$ return
@@ -112,8 +124,9 @@ $ test_idea:
$ mcr 'texe_dir''ideatest'
$ return
$ test_sha:
-$ mcr 'texe_dir''shatest'
$ mcr 'texe_dir''sha1test'
+$ mcr 'texe_dir''sha256test'
+$ mcr 'texe_dir''sha512test'
$ return
$ test_mdc2:
$ mcr 'texe_dir''mdc2test'
@@ -154,6 +167,10 @@ $ return
$ test_rand:
$ mcr 'texe_dir''randtest'
$ return
+$ test_gost2814789:
+$ define/user OPENSSL_ENGINES 'engines_dir'
+$ mcr 'texe_dir''gost2814789test'
+$ return
$ test_enc:
$ @testenc.com 'pointer_size'
$ return
@@ -361,7 +378,21 @@ $ test_srp:
$ write sys$output "Test SRP"
$ mcr 'texe_dir''srptest'
$ return
-$
+$ test_v3name:
+$ write sys$output "Test X509v3_check_*"
+$ mcr 'texe_dir''v3nametest'
+$ return
+$ test_ocsp:
+$ write sys$output "Test OCSP"
+$ @tocsp.com
+$ return
+$ test_heartbeat:
+$ mcr 'texe_dir''heartbeattest'
+$ return
+$ test_constant_time:
+$ write sys$output "Test constant time utilites"
+$ mcr 'texe_dir''consttimetest'
+$ return
$
$ exit:
$ mcr 'exe_dir'openssl version -a
diff --git a/test/tocsp.com b/test/tocsp.com
new file mode 100644
index 0000000..97253fe
--- /dev/null
+++ b/test/tocsp.com
@@ -0,0 +1,165 @@
+$! TOCSP.COM -- Test ocsp
+$
+$ __arch = "VAX"
+$ if f$getsyi("cpu") .ge. 128 then -
+ __arch = f$edit( f$getsyi( "ARCH_NAME"), "UPCASE")
+$ if __arch .eqs. "" then __arch = "UNK"
+$!
+$ if (p2 .eqs. "64") then __arch = __arch+ "_64"
+$!
+$ exe_dir = "sys$disk:[-.''__arch'.exe.apps]"
+$
+$ cmd = "mcr ''f$parse(exe_dir+"openssl.exe")'"
+$ ocspdir = "ocsp-tests"
+$
+$! 17 December 2012 so we don't get certificate expiry errors.
+$ check_time="-attime 1355875200"
+$
+$ test_ocsp:
+$ subroutine
+$ 'cmd' base64 -d -in [.'ocspdir']'p1' -out ocsp-test.test-bin
+$ 'cmd' ocsp -respin ocsp-test.test-bin -partial_chain 'check_time' -
+ "-CAfile" [.'ocspdir']'p2' -verify_other [.'ocspdir']'p2' "-CApath" NLA0:
+$ if $severity .ne. p3+1
+$ then
+$ write sys$error "OCSP test failed!"
+$ exit 3
+$ endif
+$ endsubroutine
+$
+$ set noon
+$
+$ write sys$output "=== VALID OCSP RESPONSES ==="
+$ write sys$output "NON-DELEGATED; Intermediate CA -> EE"
+$ call test_ocsp "ND1.ors" "ND1_Issuer_ICA.pem" 0
+$ write sys$output "NON-DELEGATED; Root CA -> Intermediate CA"
+$ call test_ocsp "ND2.ors" "ND2_Issuer_Root.pem" 0
+$ write sys$output "NON-DELEGATED; Root CA -> EE"
+$ call test_ocsp "ND3.ors" "ND3_Issuer_Root.pem" 0
+$ write sys$output "DELEGATED; Intermediate CA -> EE"
+$ call test_ocsp "D1.ors" "D1_Issuer_ICA.pem" 0
+$ write sys$output "DELEGATED; Root CA -> Intermediate CA"
+$ call test_ocsp "D2.ors" "D2_Issuer_Root.pem" 0
+$ write sys$output "DELEGATED; Root CA -> EE"
+$ call test_ocsp "D3.ors" "D3_Issuer_Root.pem" 0
+$
+$ write sys$output "=== INVALID SIGNATURE on the OCSP RESPONSE ==="
+$ write sys$output "NON-DELEGATED; Intermediate CA -> EE"
+$ call test_ocsp "ISOP_ND1.ors" "ND1_Issuer_ICA.pem" 1
+$ write sys$output "NON-DELEGATED; Root CA -> Intermediate CA"
+$ call test_ocsp "ISOP_ND2.ors" "ND2_Issuer_Root.pem" 1
+$ write sys$output "NON-DELEGATED; Root CA -> EE"
+$ call test_ocsp "ISOP_ND3.ors" "ND3_Issuer_Root.pem" 1
+$ write sys$output "DELEGATED; Intermediate CA -> EE"
+$ call test_ocsp "ISOP_D1.ors" "D1_Issuer_ICA.pem" 1
+$ write sys$output "DELEGATED; Root CA -> Intermediate CA"
+$ call test_ocsp "ISOP_D2.ors" "D2_Issuer_Root.pem" 1
+$ write sys$output "DELEGATED; Root CA -> EE"
+$ call test_ocsp "ISOP_D3.ors" "D3_Issuer_Root.pem" 1
+$
+$ write sys$output "=== WRONG RESPONDERID in the OCSP RESPONSE ==="
+$ write sys$output "NON-DELEGATED; Intermediate CA -> EE"
+$ call test_ocsp "WRID_ND1.ors" "ND1_Issuer_ICA.pem" 1
+$ write sys$output "NON-DELEGATED; Root CA -> Intermediate CA"
+$ call test_ocsp "WRID_ND2.ors" "ND2_Issuer_Root.pem" 1
+$ write sys$output "NON-DELEGATED; Root CA -> EE"
+$ call test_ocsp "WRID_ND3.ors" "ND3_Issuer_Root.pem" 1
+$ write sys$output "DELEGATED; Intermediate CA -> EE"
+$ call test_ocsp "WRID_D1.ors" "D1_Issuer_ICA.pem" 1
+$ write sys$output "DELEGATED; Root CA -> Intermediate CA"
+$ call test_ocsp "WRID_D2.ors" "D2_Issuer_Root.pem" 1
+$ write sys$output "DELEGATED; Root CA -> EE"
+$ call test_ocsp "WRID_D3.ors" "D3_Issuer_Root.pem" 1
+$
+$ write sys$output "=== WRONG ISSUERNAMEHASH in the OCSP RESPONSE ==="
+$ write sys$output "NON-DELEGATED; Intermediate CA -> EE"
+$ call test_ocsp "WINH_ND1.ors" "ND1_Issuer_ICA.pem" 1
+$ write sys$output "NON-DELEGATED; Root CA -> Intermediate CA"
+$ call test_ocsp "WINH_ND2.ors" "ND2_Issuer_Root.pem" 1
+$ write sys$output "NON-DELEGATED; Root CA -> EE"
+$ call test_ocsp "WINH_ND3.ors" "ND3_Issuer_Root.pem" 1
+$ write sys$output "DELEGATED; Intermediate CA -> EE"
+$ call test_ocsp "WINH_D1.ors" "D1_Issuer_ICA.pem" 1
+$ write sys$output "DELEGATED; Root CA -> Intermediate CA"
+$ call test_ocsp "WINH_D2.ors" "D2_Issuer_Root.pem" 1
+$ write sys$output "DELEGATED; Root CA -> EE"
+$ call test_ocsp "WINH_D3.ors" "D3_Issuer_Root.pem" 1
+$
+$ write sys$output "=== WRONG ISSUERKEYHASH in the OCSP RESPONSE ==="
+$ write sys$output "NON-DELEGATED; Intermediate CA -> EE"
+$ call test_ocsp "WIKH_ND1.ors" "ND1_Issuer_ICA.pem" 1
+$ write sys$output "NON-DELEGATED; Root CA -> Intermediate CA"
+$ call test_ocsp "WIKH_ND2.ors" "ND2_Issuer_Root.pem" 1
+$ write sys$output "NON-DELEGATED; Root CA -> EE"
+$ call test_ocsp "WIKH_ND3.ors" "ND3_Issuer_Root.pem" 1
+$ write sys$output "DELEGATED; Intermediate CA -> EE"
+$ call test_ocsp "WIKH_D1.ors" "D1_Issuer_ICA.pem" 1
+$ write sys$output "DELEGATED; Root CA -> Intermediate CA"
+$ call test_ocsp "WIKH_D2.ors" "D2_Issuer_Root.pem" 1
+$ write sys$output "DELEGATED; Root CA -> EE"
+$ call test_ocsp "WIKH_D3.ors" "D3_Issuer_Root.pem" 1
+$
+$ write sys$output "=== WRONG KEY in the DELEGATED OCSP SIGNING CERTIFICATE ==="
+$ write sys$output "DELEGATED; Intermediate CA -> EE"
+$ call test_ocsp "WKDOSC_D1.ors" "D1_Issuer_ICA.pem" 1
+$ write sys$output "DELEGATED; Root CA -> Intermediate CA"
+$ call test_ocsp "WKDOSC_D2.ors" "D2_Issuer_Root.pem" 1
+$ write sys$output "DELEGATED; Root CA -> EE"
+$ call test_ocsp "WKDOSC_D3.ors" "D3_Issuer_Root.pem" 1
+$
+$ write sys$output "=== INVALID SIGNATURE on the DELEGATED OCSP SIGNING CERTIFICATE ==="
+$ write sys$output "DELEGATED; Intermediate CA -> EE"
+$ call test_ocsp "ISDOSC_D1.ors" "D1_Issuer_ICA.pem" 1
+$ write sys$output "DELEGATED; Root CA -> Intermediate CA"
+$ call test_ocsp "ISDOSC_D2.ors" "D2_Issuer_Root.pem" 1
+$ write sys$output "DELEGATED; Root CA -> EE"
+$ call test_ocsp "ISDOSC_D3.ors" "D3_Issuer_Root.pem" 1
+$
+$ write sys$output "=== WRONG SUBJECT NAME in the ISSUER CERTIFICATE ==="
+$ write sys$output "NON-DELEGATED; Intermediate CA -> EE"
+$ call test_ocsp "ND1.ors" "WSNIC_ND1_Issuer_ICA.pem" 1
+$ write sys$output "NON-DELEGATED; Root CA -> Intermediate CA"
+$ call test_ocsp "ND2.ors" "WSNIC_ND2_Issuer_Root.pem" 1
+$ write sys$output "NON-DELEGATED; Root CA -> EE"
+$ call test_ocsp "ND3.ors" "WSNIC_ND3_Issuer_Root.pem" 1
+$ write sys$output "DELEGATED; Intermediate CA -> EE"
+$ call test_ocsp "D1.ors" "WSNIC_D1_Issuer_ICA.pem" 1
+$ write sys$output "DELEGATED; Root CA -> Intermediate CA"
+$ call test_ocsp "D2.ors" "WSNIC_D2_Issuer_Root.pem" 1
+$ write sys$output "DELEGATED; Root CA -> EE"
+$ call test_ocsp "D3.ors" "WSNIC_D3_Issuer_Root.pem" 1
+$
+$ write sys$output "=== WRONG KEY in the ISSUER CERTIFICATE ==="
+$ write sys$output "NON-DELEGATED; Intermediate CA -> EE"
+$ call test_ocsp "ND1.ors" "WKIC_ND1_Issuer_ICA.pem" 1
+$ write sys$output "NON-DELEGATED; Root CA -> Intermediate CA"
+$ call test_ocsp "ND2.ors" "WKIC_ND2_Issuer_Root.pem" 1
+$ write sys$output "NON-DELEGATED; Root CA -> EE"
+$ call test_ocsp "ND3.ors" "WKIC_ND3_Issuer_Root.pem" 1
+$ write sys$output "DELEGATED; Intermediate CA -> EE"
+$ call test_ocsp "D1.ors" "WKIC_D1_Issuer_ICA.pem" 1
+$ write sys$output "DELEGATED; Root CA -> Intermediate CA"
+$ call test_ocsp "D2.ors" "WKIC_D2_Issuer_Root.pem" 1
+$ write sys$output "DELEGATED; Root CA -> EE"
+$ call test_ocsp "D3.ors" "WKIC_D3_Issuer_Root.pem" 1
+$
+$ write sys$output "=== INVALID SIGNATURE on the ISSUER CERTIFICATE ==="
+$! Expect success, because we're explicitly trusting the issuer certificate.
+$ write sys$output "NON-DELEGATED; Intermediate CA -> EE"
+$ call test_ocsp "ND1.ors" "ISIC_ND1_Issuer_ICA.pem" 0
+$ write sys$output "NON-DELEGATED; Root CA -> Intermediate CA"
+$ call test_ocsp "ND2.ors" "ISIC_ND2_Issuer_Root.pem" 0
+$ write sys$output "NON-DELEGATED; Root CA -> EE"
+$ call test_ocsp "ND3.ors" "ISIC_ND3_Issuer_Root.pem" 0
+$ write sys$output "DELEGATED; Intermediate CA -> EE"
+$ call test_ocsp "D1.ors" "ISIC_D1_Issuer_ICA.pem" 0
+$ write sys$output "DELEGATED; Root CA -> Intermediate CA"
+$ call test_ocsp "D2.ors" "ISIC_D2_Issuer_Root.pem" 0
+$ write sys$output "DELEGATED; Root CA -> EE"
+$ call test_ocsp "D3.ors" "ISIC_D3_Issuer_Root.pem" 0
+$
+$ write sys$output "ALL OCSP TESTS SUCCESSFUL"
+$
+$ set on
+$
+$ exit

Richard Levitte

unread,

Jan 30, 2015, 9:35:04 AM1/30/15

to

The branch master has been updated

via 4938ebc4067ae74e07e88b25cd22fd8adf6b8ddc (commit)
from 4fdde1aa0c2146342a279dc11757e4e566248d6b (commit)

- Log -----------------------------------------------------------------
commit 4938ebc4067ae74e07e88b25cd22fd8adf6b8ddc
Author: Richard Levitte <lev...@openssl.org>
Date: Fri Jan 30 15:14:48 2015 +0100

Since SHA0 was completely removed, also remove the related test

Reviewed-by: Andy Polyakov <ap...@openssl.org>

-----------------------------------------------------------------------

Summary of changes:

test/Makefile | 20 ++++----------------
1 file changed, 4 insertions(+), 16 deletions(-)

diff --git a/test/Makefile b/test/Makefile
index 176bf70..fda5d76 100644
--- a/test/Makefile
+++ b/test/Makefile
@@ -36,7 +36,6 @@ ECDSATEST= ecdsatest
ECDHTEST= ecdhtest
EXPTEST= exptest
IDEATEST= ideatest
-SHATEST= shatest
SHA1TEST= sha1test
SHA256TEST= sha256t
SHA512TEST= sha512t
@@ -75,7 +74,7 @@ TESTS= alltests
EXE= $(BNTEST)$(EXE_EXT) $(ECTEST)$(EXE_EXT) $(ECDSATEST)$(EXE_EXT) $(ECDHTEST)$(EXE_EXT) $(IDEATEST)$(EXE_EXT) \
$(MD2TEST)$(EXE_EXT) $(MD4TEST)$(EXE_EXT) $(MD5TEST)$(EXE_EXT) $(HMACTEST)$(EXE_EXT) $(WPTEST)$(EXE_EXT) \
$(RC2TEST)$(EXE_EXT) $(RC4TEST)$(EXE_EXT) $(RC5TEST)$(EXE_EXT) \
- $(DESTEST)$(EXE_EXT) $(SHATEST)$(EXE_EXT) $(SHA1TEST)$(EXE_EXT) $(SHA256TEST)$(EXE_EXT) $(SHA512TEST)$(EXE_EXT) \
+ $(DESTEST)$(EXE_EXT) $(SHA1TEST)$(EXE_EXT) $(SHA256TEST)$(EXE_EXT) $(SHA512TEST)$(EXE_EXT) \
$(MDC2TEST)$(EXE_EXT) $(RMDTEST)$(EXE_EXT) \
$(RANDTEST)$(EXE_EXT) $(DHTEST)$(EXE_EXT) $(ENGINETEST)$(EXE_EXT) \
$(GOST2814789TEST)$(EXE_EXT) \
@@ -91,7 +90,7 @@ OBJ= $(BNTEST).o $(ECTEST).o $(ECDSATEST).o $(ECDHTEST).o $(IDEATEST).o \
$(MD2TEST).o $(MD4TEST).o $(MD5TEST).o \
$(HMACTEST).o $(WPTEST).o \
$(RC2TEST).o $(RC4TEST).o $(RC5TEST).o \
- $(DESTEST).o $(SHATEST).o $(SHA1TEST).o $(SHA256TEST).o $(SHA512TEST).o \
+ $(DESTEST).o $(SHA1TEST).o $(SHA256TEST).o $(SHA512TEST).o \
$(MDC2TEST).o $(RMDTEST).o \
$(RANDTEST).o $(DHTEST).o $(ENGINETEST).o $(CASTTEST).o \
$(BFTEST).o $(SSLTEST).o $(DSATEST).o $(EXPTEST).o $(RSATEST).o \
@@ -103,7 +102,7 @@ SRC= $(BNTEST).c $(ECTEST).c $(ECDSATEST).c $(ECDHTEST).c $(IDEATEST).c \
$(MD2TEST).c $(MD4TEST).c $(MD5TEST).c \
$(HMACTEST).c $(WPTEST).c \
$(RC2TEST).c $(RC4TEST).c $(RC5TEST).c \
- $(DESTEST).c $(SHATEST).c $(SHA1TEST).c $(MDC2TEST).c $(RMDTEST).c \
+ $(DESTEST).c $(SHA1TEST).c $(MDC2TEST).c $(RMDTEST).c \
$(RANDTEST).c $(DHTEST).c $(ENGINETEST).c $(CASTTEST).c \
$(BFTEST).c $(SSLTEST).c $(DSATEST).c $(EXPTEST).c $(RSATEST).c \
$(EVPTEST).c $(IGETEST).c $(JPAKETEST).c $(V3NAMETEST).c \
@@ -169,8 +168,7 @@ test_des: $(DESTEST)$(EXE_EXT)
test_idea: $(IDEATEST)$(EXE_EXT)
../util/shlib_wrap.sh ./$(IDEATEST)

-test_sha: $(SHATEST)$(EXE_EXT) $(SHA1TEST)$(EXE_EXT) $(SHA256TEST)$(EXE_EXT) $(SHA512TEST)$(EXE_EXT)
- ../util/shlib_wrap.sh ./$(SHATEST)
+test_sha: $(SHA1TEST)$(EXE_EXT) $(SHA256TEST)$(EXE_EXT) $(SHA512TEST)$(EXE_EXT)
../util/shlib_wrap.sh ./$(SHA1TEST)
../util/shlib_wrap.sh ./$(SHA256TEST)
../util/shlib_wrap.sh ./$(SHA512TEST)
@@ -411,9 +409,6 @@ $(IDEATEST)$(EXE_EXT): $(IDEATEST).o $(DLIBCRYPTO)
$(MD2TEST)$(EXE_EXT): $(MD2TEST).o $(DLIBCRYPTO)
@target=$(MD2TEST); $(BUILD_CMD)

-$(SHATEST)$(EXE_EXT): $(SHATEST).o $(DLIBCRYPTO)
- @target=$(SHATEST); $(BUILD_CMD)
-
$(SHA1TEST)$(EXE_EXT): $(SHA1TEST).o $(DLIBCRYPTO)
@target=$(SHA1TEST); $(BUILD_CMD)

@@ -796,13 +791,6 @@ sha1test.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
sha1test.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
sha1test.o: ../include/openssl/safestack.h ../include/openssl/sha.h
sha1test.o: ../include/openssl/stack.h ../include/openssl/symhacks.h sha1test.c
-shatest.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
-shatest.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
-shatest.o: ../include/openssl/evp.h ../include/openssl/obj_mac.h
-shatest.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-shatest.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
-shatest.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-shatest.o: ../include/openssl/stack.h ../include/openssl/symhacks.h shatest.c
ssltest.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
ssltest.o: ../include/openssl/bn.h ../include/openssl/buffer.h
ssltest.o: ../include/openssl/comp.h ../include/openssl/conf.h

Andy Polyakov

unread,

Jan 30, 2015, 10:43:59 AM1/30/15

to

The branch master has been updated

via 2e635aa81cf1c4e3fd7cb0334c79e7d0771140f1 (commit)
via b2991c081aba5351a3386bdde2927672d53e5c99 (commit)
from 4938ebc4067ae74e07e88b25cd22fd8adf6b8ddc (commit)

- Log -----------------------------------------------------------------
commit 2e635aa81cf1c4e3fd7cb0334c79e7d0771140f1
Author: Andy Polyakov <ap...@openssl.org>
Date: Sun Jan 25 15:48:42 2015 +0100

modes/gcm128.c: harmonize ctx->ghash assignment, shortcut *_ctr32
in OPENSSL_SMALL_FOOTPRINT build, remove undesired reformat artefact
and inconsistency in pre-processor logic.

Reviewed-by: Rich Salz <rs...@openssl.org>

commit b2991c081aba5351a3386bdde2927672d53e5c99
Author: Andy Polyakov <ap...@openssl.org>
Date: Sun Jan 25 14:51:43 2015 +0100

modes/gcm128.c: fix OPENSSL_SMALL_FOOTPRINT compile failure
on affected platforms (PowerPC and AArch64).

For reference, minimalistic #ifdef GHASH is sufficient, because
it's never defined with OPENSSL_SMALL_FOOTPRINT and ctx->ghash
is never referred.

Reviewed-by: Rich Salz <rs...@openssl.org>

-----------------------------------------------------------------------

Summary of changes:

crypto/modes/gcm128.c | 190 ++++++++++++++++++++++++-------------------------
1 file changed, 92 insertions(+), 98 deletions(-)

diff --git a/crypto/modes/gcm128.c b/crypto/modes/gcm128.c
index 75556dc..5c75c91 100644
--- a/crypto/modes/gcm128.c
+++ b/crypto/modes/gcm128.c
@@ -148,9 +148,7 @@ static void gcm_gmult_8bit(u64 Xi[2], const u128 Htable[256])
const union {
long one;
char little;
- } is_endian = {
- 1
- };
+ } is_endian = { 1 };
static const size_t rem_8bit[256] = {
PACK(0x0000), PACK(0x01C2), PACK(0x0384), PACK(0x0246),
PACK(0x0708), PACK(0x06CA), PACK(0x048C), PACK(0x054E),
@@ -319,9 +317,7 @@ static void gcm_init_4bit(u128 Htable[16], u64 H[2])
const union {
long one;
char little;
- } is_endian = {
- 1
- };
+ } is_endian = { 1 };

if (is_endian.little)
for (j = 0; j < 16; ++j) {
@@ -354,9 +350,7 @@ static void gcm_gmult_4bit(u64 Xi[2], const u128 Htable[16])
const union {
long one;
char little;
- } is_endian = {
- 1
- };
+ } is_endian = { 1 };

nlo = ((const u8 *)Xi)[15];
nhi = nlo >> 4;
@@ -435,9 +429,7 @@ static void gcm_ghash_4bit(u64 Xi[2], const u128 Htable[16],
const union {
long one;
char little;
- } is_endian = {
- 1
- };
+ } is_endian = { 1 };

# if 1
do {
@@ -627,9 +619,7 @@ static void gcm_gmult_1bit(u64 Xi[2], const u64 H[2])
const union {
long one;
char little;
- } is_endian = {
- 1
- };
+ } is_endian = { 1 };

V.hi = H[0]; /* H is in host byte order, no byte swapping */
V.lo = H[1];
@@ -772,9 +762,7 @@ void CRYPTO_gcm128_init(GCM128_CONTEXT *ctx, void *key, block128_f block)
const union {
long one;
char little;
- } is_endian = {
- 1
- };
+ } is_endian = { 1 };

memset(ctx, 0, sizeof(*ctx));
ctx->block = block;
@@ -799,6 +787,11 @@ void CRYPTO_gcm128_init(GCM128_CONTEXT *ctx, void *key, block128_f block)
#if TABLE_BITS==8
gcm_init_8bit(ctx->Htable, ctx->H.u);
#elif TABLE_BITS==4
+# if defined(GHASH)
+# define CTX__GHASH(f) (ctx->ghash = (f))
+# else
+# define CTX__GHASH(f) (ctx->ghash = NULL)
+# endif
# if defined(GHASH_ASM_X86_OR_64)
# if !defined(GHASH_ASM_X86) || defined(OPENSSL_IA32_SSE2)
if (OPENSSL_ia32cap_P[0] & (1 << 24) && /* check FXSR bit */
@@ -806,11 +799,11 @@ void CRYPTO_gcm128_init(GCM128_CONTEXT *ctx, void *key, block128_f block)
if (((OPENSSL_ia32cap_P[1] >> 22) & 0x41) == 0x41) { /* AVX+MOVBE */
gcm_init_avx(ctx->Htable, ctx->H.u);
ctx->gmult = gcm_gmult_avx;
- ctx->ghash = gcm_ghash_avx;
+ CTX__GHASH(gcm_ghash_avx);
} else {
gcm_init_clmul(ctx->Htable, ctx->H.u);
ctx->gmult = gcm_gmult_clmul;
- ctx->ghash = gcm_ghash_clmul;
+ CTX__GHASH(gcm_ghash_clmul);
}
return;
}
@@ -823,58 +816,59 @@ void CRYPTO_gcm128_init(GCM128_CONTEXT *ctx, void *key, block128_f block)
if (OPENSSL_ia32cap_P[0] & (1 << 23)) { /* check MMX bit */
# endif
ctx->gmult = gcm_gmult_4bit_mmx;
- ctx->ghash = gcm_ghash_4bit_mmx;
+ CTX__GHASH(gcm_ghash_4bit_mmx);
} else {
ctx->gmult = gcm_gmult_4bit_x86;
- ctx->ghash = gcm_ghash_4bit_x86;
+ CTX__GHASH(gcm_ghash_4bit_x86);
}
# else
ctx->gmult = gcm_gmult_4bit;
- ctx->ghash = gcm_ghash_4bit;
+ CTX__GHASH(gcm_ghash_4bit);
# endif
# elif defined(GHASH_ASM_ARM)
# ifdef PMULL_CAPABLE
if (PMULL_CAPABLE) {
gcm_init_v8(ctx->Htable, ctx->H.u);
ctx->gmult = gcm_gmult_v8;
- ctx->ghash = gcm_ghash_v8;
+ CTX__GHASH(gcm_ghash_v8);
} else
# endif
# ifdef NEON_CAPABLE
if (NEON_CAPABLE) {
gcm_init_neon(ctx->Htable, ctx->H.u);
ctx->gmult = gcm_gmult_neon;
- ctx->ghash = gcm_ghash_neon;
+ CTX__GHASH(gcm_ghash_neon);
} else
# endif
{
gcm_init_4bit(ctx->Htable, ctx->H.u);
ctx->gmult = gcm_gmult_4bit;
- ctx->ghash = gcm_ghash_4bit;
+ CTX__GHASH(gcm_ghash_4bit);
}
# elif defined(GHASH_ASM_SPARC)
if (OPENSSL_sparcv9cap_P[0] & SPARCV9_VIS3) {
gcm_init_vis3(ctx->Htable, ctx->H.u);
ctx->gmult = gcm_gmult_vis3;
- ctx->ghash = gcm_ghash_vis3;
+ CTX__GHASH(gcm_ghash_vis3);
} else {
gcm_init_4bit(ctx->Htable, ctx->H.u);
ctx->gmult = gcm_gmult_4bit;
- ctx->ghash = gcm_ghash_4bit;
+ CTX__GHASH(gcm_ghash_4bit);
}
# elif defined(GHASH_ASM_PPC)
if (OPENSSL_ppccap_P & PPC_CRYPTO207) {
gcm_init_p8(ctx->Htable, ctx->H.u);
ctx->gmult = gcm_gmult_p8;
- ctx->ghash = gcm_ghash_p8;
+ CTX__GHASH(gcm_ghash_p8);
} else {
gcm_init_4bit(ctx->Htable, ctx->H.u);
ctx->gmult = gcm_gmult_4bit;
- ctx->ghash = gcm_ghash_4bit;
+ CTX__GHASH(gcm_ghash_4bit);
}
# else
gcm_init_4bit(ctx->Htable, ctx->H.u);
# endif
+# undef CTX__GHASH
#endif
}

@@ -884,9 +878,7 @@ void CRYPTO_gcm128_setiv(GCM128_CONTEXT *ctx, const unsigned char *iv,
const union {
long one;
char little;
- } is_endian = {
- 1
- };
+ } is_endian = { 1 };
unsigned int ctr;
#ifdef GCM_FUNCREF_4BIT
void (*gcm_gmult_p) (u64 Xi[2], const u128 Htable[16]) = ctx->gmult;
@@ -1030,9 +1022,7 @@ int CRYPTO_gcm128_encrypt(GCM128_CONTEXT *ctx,
const union {
long one;
char little;
- } is_endian = {
- 1
- };
+ } is_endian = { 1 };
unsigned int n, ctr;
size_t i;
u64 mlen = ctx->len.u[1];
@@ -1040,7 +1030,7 @@ int CRYPTO_gcm128_encrypt(GCM128_CONTEXT *ctx,
void *key = ctx->key;
#ifdef GCM_FUNCREF_4BIT
void (*gcm_gmult_p) (u64 Xi[2], const u128 Htable[16]) = ctx->gmult;
-# ifdef GHASH
+# if defined(GHASH) && !defined(OPENSSL_SMALL_FOOTPRINT)
void (*gcm_ghash_p) (u64 Xi[2], const u128 Htable[16],
const u8 *inp, size_t len) = ctx->ghash;
# endif
@@ -1090,7 +1080,8 @@ int CRYPTO_gcm128_encrypt(GCM128_CONTEXT *ctx,
if (((size_t)in | (size_t)out) % sizeof(size_t) != 0)
break;
# endif
-# if defined(GHASH) && defined(GHASH_CHUNK)
+# if defined(GHASH)
+# if defined(GHASH_CHUNK)
while (len >= GHASH_CHUNK) {
size_t j = GHASH_CHUNK;

@@ -1101,11 +1092,11 @@ int CRYPTO_gcm128_encrypt(GCM128_CONTEXT *ctx,
(*block) (ctx->Yi.c, ctx->EKi.c, key);
++ctr;
if (is_endian.little)
-# ifdef BSWAP4
+# ifdef BSWAP4
ctx->Yi.d[3] = BSWAP4(ctr);
-# else
+# else
PUTU32(ctx->Yi.c + 12, ctr);

-# endif
+# endif
else

ctx->Yi.d[3] = ctr;
for (i = 0; i < 16 / sizeof(size_t); ++i)
@@ -1117,6 +1108,7 @@ int CRYPTO_gcm128_encrypt(GCM128_CONTEXT *ctx,
GHASH(ctx, out - GHASH_CHUNK, GHASH_CHUNK);
len -= GHASH_CHUNK;
}
+# endif
if ((i = (len & (size_t)-16))) {
size_t j = i;

@@ -1217,9 +1209,7 @@ int CRYPTO_gcm128_decrypt(GCM128_CONTEXT *ctx,
const union {
long one;
char little;
- } is_endian = {
- 1
- };
+ } is_endian = { 1 };
unsigned int n, ctr;
size_t i;
u64 mlen = ctx->len.u[1];
@@ -1227,7 +1217,7 @@ int CRYPTO_gcm128_decrypt(GCM128_CONTEXT *ctx,
void *key = ctx->key;
#ifdef GCM_FUNCREF_4BIT
void (*gcm_gmult_p) (u64 Xi[2], const u128 Htable[16]) = ctx->gmult;
-# ifdef GHASH
+# if defined(GHASH) && !defined(OPENSSL_SMALL_FOOTPRINT)
void (*gcm_ghash_p) (u64 Xi[2], const u128 Htable[16],
const u8 *inp, size_t len) = ctx->ghash;
# endif
@@ -1276,7 +1266,8 @@ int CRYPTO_gcm128_decrypt(GCM128_CONTEXT *ctx,
if (((size_t)in | (size_t)out) % sizeof(size_t) != 0)
break;
# endif
-# if defined(GHASH) && defined(GHASH_CHUNK)
+# if defined(GHASH)
+# if defined(GHASH_CHUNK)
while (len >= GHASH_CHUNK) {
size_t j = GHASH_CHUNK;

@@ -1288,11 +1279,11 @@ int CRYPTO_gcm128_decrypt(GCM128_CONTEXT *ctx,
(*block) (ctx->Yi.c, ctx->EKi.c, key);
++ctr;
if (is_endian.little)
-# ifdef BSWAP4
+# ifdef BSWAP4
ctx->Yi.d[3] = BSWAP4(ctr);
-# else
+# else
PUTU32(ctx->Yi.c + 12, ctr);

-# endif
+# endif
else

ctx->Yi.d[3] = ctr;
for (i = 0; i < 16 / sizeof(size_t); ++i)
@@ -1303,6 +1294,7 @@ int CRYPTO_gcm128_decrypt(GCM128_CONTEXT *ctx,
}
len -= GHASH_CHUNK;
}
+# endif
if ((i = (len & (size_t)-16))) {
GHASH(ctx, in, i);
while (len >= 16) {
@@ -1406,23 +1398,24 @@ int CRYPTO_gcm128_encrypt_ctr32(GCM128_CONTEXT *ctx,

const unsigned char *in, unsigned char *out,

size_t len, ctr128_f stream)
{
+#if defined(OPENSSL_SMALL_FOOTPRINT)
+ return CRYPTO_gcm128_encrypt(ctx, in, out, len);
+#else
const union {
long one;
char little;
- } is_endian = {
- 1
- };
+ } is_endian = { 1 };
unsigned int n, ctr;
size_t i;
u64 mlen = ctx->len.u[1];
void *key = ctx->key;
-#ifdef GCM_FUNCREF_4BIT
+# ifdef GCM_FUNCREF_4BIT
void (*gcm_gmult_p) (u64 Xi[2], const u128 Htable[16]) = ctx->gmult;
-# ifdef GHASH
+# ifdef GHASH
void (*gcm_ghash_p) (u64 Xi[2], const u128 Htable[16],
const u8 *inp, size_t len) = ctx->ghash;
+# endif
# endif
-#endif

mlen += len;
if (mlen > ((U64(1) << 36) - 32) || (sizeof(len) == 8 && mlen < len))
@@ -1436,11 +1429,11 @@ int CRYPTO_gcm128_encrypt_ctr32(GCM128_CONTEXT *ctx,
}

if (is_endian.little)
-#ifdef BSWAP4
+# ifdef BSWAP4
ctr = BSWAP4(ctx->Yi.d[3]);
-#else
+# else
ctr = GETU32(ctx->Yi.c + 12);
-#endif
+# endif
else
ctr = ctx->Yi.d[3];

@@ -1458,16 +1451,16 @@ int CRYPTO_gcm128_encrypt_ctr32(GCM128_CONTEXT *ctx,
return 0;
}
}
-#if defined(GHASH) && !defined(OPENSSL_SMALL_FOOTPRINT)
+# if defined(GHASH) && defined(GHASH_CHUNK)
while (len >= GHASH_CHUNK) {
(*stream) (in, out, GHASH_CHUNK / 16, key, ctx->Yi.c);
ctr += GHASH_CHUNK / 16;
if (is_endian.little)
-# ifdef BSWAP4
+# ifdef BSWAP4
ctx->Yi.d[3] = BSWAP4(ctr);
-# else
+# else
PUTU32(ctx->Yi.c + 12, ctr);

-# endif
+# endif
else

ctx->Yi.d[3] = ctr;
GHASH(ctx, out, GHASH_CHUNK);
@@ -1475,43 +1468,43 @@ int CRYPTO_gcm128_encrypt_ctr32(GCM128_CONTEXT *ctx,
in += GHASH_CHUNK;
len -= GHASH_CHUNK;
}
-#endif
+# endif
if ((i = (len & (size_t)-16))) {
size_t j = i / 16;

(*stream) (in, out, j, key, ctx->Yi.c);
ctr += (unsigned int)j;
if (is_endian.little)
-#ifdef BSWAP4
+# ifdef BSWAP4
ctx->Yi.d[3] = BSWAP4(ctr);
-#else
+# else
PUTU32(ctx->Yi.c + 12, ctr);
-#endif
+# endif
else
ctx->Yi.d[3] = ctr;
in += i;
len -= i;
-#if defined(GHASH)
+# if defined(GHASH)
GHASH(ctx, out, i);
out += i;
-#else
+# else
while (j--) {
for (i = 0; i < 16; ++i)
ctx->Xi.c[i] ^= out[i];
GCM_MUL(ctx, Xi);
out += 16;
}
-#endif
+# endif
}
if (len) {
(*ctx->block) (ctx->Yi.c, ctx->EKi.c, key);
++ctr;
if (is_endian.little)
-#ifdef BSWAP4
+# ifdef BSWAP4
ctx->Yi.d[3] = BSWAP4(ctr);
-#else
+# else
PUTU32(ctx->Yi.c + 12, ctr);
-#endif
+# endif
else
ctx->Yi.d[3] = ctr;
while (len--) {
@@ -1522,29 +1515,31 @@ int CRYPTO_gcm128_encrypt_ctr32(GCM128_CONTEXT *ctx,

ctx->mres = n;
return 0;
+#endif
}

int CRYPTO_gcm128_decrypt_ctr32(GCM128_CONTEXT *ctx,

const unsigned char *in, unsigned char *out,

size_t len, ctr128_f stream)
{
+#if defined(OPENSSL_SMALL_FOOTPRINT)
+ return CRYPTO_gcm128_decrypt(ctx, in, out, len);
+#else
const union {
long one;
char little;
- } is_endian = {
- 1
- };
+ } is_endian = { 1 };
unsigned int n, ctr;
size_t i;
u64 mlen = ctx->len.u[1];
void *key = ctx->key;
-#ifdef GCM_FUNCREF_4BIT
+# ifdef GCM_FUNCREF_4BIT
void (*gcm_gmult_p) (u64 Xi[2], const u128 Htable[16]) = ctx->gmult;
-# ifdef GHASH
+# ifdef GHASH
void (*gcm_ghash_p) (u64 Xi[2], const u128 Htable[16],
const u8 *inp, size_t len) = ctx->ghash;
+# endif
# endif
-#endif

mlen += len;
if (mlen > ((U64(1) << 36) - 32) || (sizeof(len) == 8 && mlen < len))
@@ -1558,11 +1553,11 @@ int CRYPTO_gcm128_decrypt_ctr32(GCM128_CONTEXT *ctx,
}

if (is_endian.little)
-#ifdef BSWAP4
+# ifdef BSWAP4
ctr = BSWAP4(ctx->Yi.d[3]);
-#else
+# else
ctr = GETU32(ctx->Yi.c + 12);
-#endif
+# endif
else
ctr = ctx->Yi.d[3];

@@ -1582,30 +1577,30 @@ int CRYPTO_gcm128_decrypt_ctr32(GCM128_CONTEXT *ctx,
return 0;
}
}
-#if defined(GHASH) && !defined(OPENSSL_SMALL_FOOTPRINT)
+# if defined(GHASH) && defined(GHASH_CHUNK)
while (len >= GHASH_CHUNK) {
GHASH(ctx, in, GHASH_CHUNK);
(*stream) (in, out, GHASH_CHUNK / 16, key, ctx->Yi.c);
ctr += GHASH_CHUNK / 16;
if (is_endian.little)
-# ifdef BSWAP4
+# ifdef BSWAP4
ctx->Yi.d[3] = BSWAP4(ctr);
-# else
+# else
PUTU32(ctx->Yi.c + 12, ctr);

-# endif
+# endif
else

ctx->Yi.d[3] = ctr;
out += GHASH_CHUNK;
in += GHASH_CHUNK;
len -= GHASH_CHUNK;
}
-#endif
+# endif
if ((i = (len & (size_t)-16))) {
size_t j = i / 16;

-#if defined(GHASH)
+# if defined(GHASH)
GHASH(ctx, in, i);
-#else
+# else
while (j--) {
size_t k;
for (k = 0; k < 16; ++k)
@@ -1615,15 +1610,15 @@ int CRYPTO_gcm128_decrypt_ctr32(GCM128_CONTEXT *ctx,
}
j = i / 16;
in -= i;
-#endif
+# endif
(*stream) (in, out, j, key, ctx->Yi.c);
ctr += (unsigned int)j;
if (is_endian.little)
-#ifdef BSWAP4
+# ifdef BSWAP4
ctx->Yi.d[3] = BSWAP4(ctr);
-#else
+# else
PUTU32(ctx->Yi.c + 12, ctr);
-#endif
+# endif
else
ctx->Yi.d[3] = ctr;
out += i;
@@ -1634,11 +1629,11 @@ int CRYPTO_gcm128_decrypt_ctr32(GCM128_CONTEXT *ctx,
(*ctx->block) (ctx->Yi.c, ctx->EKi.c, key);
++ctr;
if (is_endian.little)
-#ifdef BSWAP4
+# ifdef BSWAP4
ctx->Yi.d[3] = BSWAP4(ctr);
-#else
+# else
PUTU32(ctx->Yi.c + 12, ctr);
-#endif
+# endif
else
ctx->Yi.d[3] = ctr;
while (len--) {
@@ -1651,6 +1646,7 @@ int CRYPTO_gcm128_decrypt_ctr32(GCM128_CONTEXT *ctx,

ctx->mres = n;
return 0;
+#endif
}

int CRYPTO_gcm128_finish(GCM128_CONTEXT *ctx, const unsigned char *tag,
@@ -1659,9 +1655,7 @@ int CRYPTO_gcm128_finish(GCM128_CONTEXT *ctx, const unsigned char *tag,
const union {
long one;
char little;
- } is_endian = {
- 1
- };
+ } is_endian = { 1 };
u64 alen = ctx->len.u[0] << 3;
u64 clen = ctx->len.u[1] << 3;
#ifdef GCM_FUNCREF_4BIT

Rich Salz

unread,

Jan 30, 2015, 12:48:44 PM1/30/15

to

The branch master has been updated

via 6f1a93ad111c7dfe36a09a976c4c009079b19ea1 (commit)
from 2e635aa81cf1c4e3fd7cb0334c79e7d0771140f1 (commit)

- Log -----------------------------------------------------------------
commit 6f1a93ad111c7dfe36a09a976c4c009079b19ea1
Author: Rich Salz <rs...@openssl.org>
Date: Fri Jan 30 12:46:49 2015 -0500

Dead code removal: #if 0 conf, dso, pqueue, threads

Mostly, but not completely, debugging print statements.
Some old logic kept for internal documentation reasons, perhaps.

Reviewed-by: Richard Levitte <lev...@openssl.org>

-----------------------------------------------------------------------

Summary of changes:

crypto/conf/conf_api.c | 22 ----------------------
crypto/conf/conf_lib.c | 16 ----------------
crypto/dso/dso_dl.c | 12 ------------
crypto/dso/dso_dlfcn.c | 11 -----------
crypto/dso/dso_null.c | 5 -----
crypto/dso/dso_vms.c | 12 ------------
crypto/dso/dso_win32.c | 26 --------------------------
crypto/pqueue/pqueue.c | 7 -------
crypto/threads/th-lock.c | 23 -----------------------
9 files changed, 134 deletions(-)

diff --git a/crypto/conf/conf_api.c b/crypto/conf/conf_api.c
index 4cf7553..ff73f38 100644
--- a/crypto/conf/conf_api.c
+++ b/crypto/conf/conf_api.c
@@ -157,28 +157,6 @@ char *_CONF_get_string(const CONF *conf, const char *section,
return (getenv(name));
}

-#if 0 /* There's no way to provide error checking
- * with this function, so force implementors
- * of the higher levels to get a string and
- * read the number themselves. */
-long _CONF_get_number(CONF *conf, char *section, char *name)
-{
- char *str;
- long ret = 0;
-
- str = _CONF_get_string(conf, section, name);
- if (str == NULL)
- return (0);
- for (;;) {
- if (conf->meth->is_number(conf, *str))
- ret = ret * 10 + conf->meth->to_int(conf, *str);
- else
- return (ret);
- str++;
- }
-}
-#endif
-
static unsigned long conf_value_hash(const CONF_VALUE *v)
{
return (lh_strhash(v->section) << 2) ^ lh_strhash(v->name);
diff --git a/crypto/conf/conf_lib.c b/crypto/conf/conf_lib.c
index 2aadb37..29e77c7 100644
--- a/crypto/conf/conf_lib.c
+++ b/crypto/conf/conf_lib.c
@@ -373,19 +373,3 @@ int NCONF_dump_bio(const CONF *conf, BIO *out)

return conf->meth->dump(conf, out);
}
-
-/* This function should be avoided */
-#if 0

-long NCONF_get_number(CONF *conf, char *group, char *name)

-{
- int status;
- long ret = 0;
-
- status = NCONF_get_number_e(conf, group, name, &ret);
- if (status == 0) {
- /* This function does not believe in errors... */
- ERR_get_error();
- }
- return ret;
-}
-#endif
diff --git a/crypto/dso/dso_dl.c b/crypto/dso/dso_dl.c
index 1f4d198..989d4d9 100644
--- a/crypto/dso/dso_dl.c
+++ b/crypto/dso/dso_dl.c
@@ -77,13 +77,6 @@ static int dl_load(DSO *dso);
static int dl_unload(DSO *dso);
static void *dl_bind_var(DSO *dso, const char *symname);
static DSO_FUNC_TYPE dl_bind_func(DSO *dso, const char *symname);
-# if 0
-static int dl_unbind_var(DSO *dso, char *symname, void *symptr);
-static int dl_unbind_func(DSO *dso, char *symname, DSO_FUNC_TYPE symptr);
-static int dl_init(DSO *dso);
-static int dl_finish(DSO *dso);
-static int dl_ctrl(DSO *dso, int cmd, long larg, void *parg);
-# endif
static char *dl_name_converter(DSO *dso, const char *filename);
static char *dl_merger(DSO *dso, const char *filespec1,
const char *filespec2);
@@ -96,11 +89,6 @@ static DSO_METHOD dso_meth_dl = {
dl_unload,
dl_bind_var,
dl_bind_func,
-/* For now, "unbind" doesn't exist */
-# if 0
- NULL, /* unbind_var */
- NULL, /* unbind_func */
-# endif
NULL, /* ctrl */
dl_name_converter,
dl_merger,
diff --git a/crypto/dso/dso_dlfcn.c b/crypto/dso/dso_dlfcn.c
index ec87f47..c9a9a8b 100644
--- a/crypto/dso/dso_dlfcn.c
+++ b/crypto/dso/dso_dlfcn.c
@@ -99,12 +99,6 @@ static int dlfcn_load(DSO *dso);
static int dlfcn_unload(DSO *dso);
static void *dlfcn_bind_var(DSO *dso, const char *symname);
static DSO_FUNC_TYPE dlfcn_bind_func(DSO *dso, const char *symname);
-# if 0
-static int dlfcn_unbind(DSO *dso, char *symname, void *symptr);
-static int dlfcn_init(DSO *dso);
-static int dlfcn_finish(DSO *dso);
-static long dlfcn_ctrl(DSO *dso, int cmd, long larg, void *parg);
-# endif
static char *dlfcn_name_converter(DSO *dso, const char *filename);
static char *dlfcn_merger(DSO *dso, const char *filespec1,
const char *filespec2);
@@ -117,11 +111,6 @@ static DSO_METHOD dso_meth_dlfcn = {
dlfcn_unload,
dlfcn_bind_var,
dlfcn_bind_func,
-/* For now, "unbind" doesn't exist */
-# if 0
- NULL, /* unbind_var */
- NULL, /* unbind_func */
-# endif
NULL, /* ctrl */
dlfcn_name_converter,
dlfcn_merger,
diff --git a/crypto/dso/dso_null.c b/crypto/dso/dso_null.c
index 20122d1..ab2125c 100644
--- a/crypto/dso/dso_null.c
+++ b/crypto/dso/dso_null.c
@@ -72,11 +72,6 @@ static DSO_METHOD dso_meth_null = {
NULL, /* unload */
NULL, /* bind_var */
NULL, /* bind_func */
-/* For now, "unbind" doesn't exist */
-#if 0
- NULL, /* unbind_var */
- NULL, /* unbind_func */
-#endif
NULL, /* ctrl */
NULL, /* dso_name_converter */
NULL, /* dso_merger */
diff --git a/crypto/dso/dso_vms.c b/crypto/dso/dso_vms.c
index 8793f7e..6498184 100644
--- a/crypto/dso/dso_vms.c
+++ b/crypto/dso/dso_vms.c
@@ -95,13 +95,6 @@ static int vms_load(DSO *dso);
static int vms_unload(DSO *dso);
static void *vms_bind_var(DSO *dso, const char *symname);
static DSO_FUNC_TYPE vms_bind_func(DSO *dso, const char *symname);
-# if 0
-static int vms_unbind_var(DSO *dso, char *symname, void *symptr);
-static int vms_unbind_func(DSO *dso, char *symname, DSO_FUNC_TYPE symptr);
-static int vms_init(DSO *dso);
-static int vms_finish(DSO *dso);
-static long vms_ctrl(DSO *dso, int cmd, long larg, void *parg);
-# endif
static char *vms_name_converter(DSO *dso, const char *filename);
static char *vms_merger(DSO *dso, const char *filespec1,
const char *filespec2);
@@ -112,11 +105,6 @@ static DSO_METHOD dso_meth_vms = {
NULL, /* unload */
vms_bind_var,
vms_bind_func,
-/* For now, "unbind" doesn't exist */
-# if 0
- NULL, /* unbind_var */
- NULL, /* unbind_func */
-# endif
NULL, /* ctrl */
vms_name_converter,
vms_merger,
diff --git a/crypto/dso/dso_win32.c b/crypto/dso/dso_win32.c
index c65234e..e671672 100644
--- a/crypto/dso/dso_win32.c
+++ b/crypto/dso/dso_win32.c
@@ -119,13 +119,6 @@ static int win32_load(DSO *dso);
static int win32_unload(DSO *dso);
static void *win32_bind_var(DSO *dso, const char *symname);
static DSO_FUNC_TYPE win32_bind_func(DSO *dso, const char *symname);
-# if 0
-static int win32_unbind_var(DSO *dso, char *symname, void *symptr);
-static int win32_unbind_func(DSO *dso, char *symname, DSO_FUNC_TYPE symptr);
-static int win32_init(DSO *dso);
-static int win32_finish(DSO *dso);
-static long win32_ctrl(DSO *dso, int cmd, long larg, void *parg);
-# endif
static char *win32_name_converter(DSO *dso, const char *filename);
static char *win32_merger(DSO *dso, const char *filespec1,
const char *filespec2);
@@ -140,11 +133,6 @@ static DSO_METHOD dso_meth_win32 = {
win32_unload,
win32_bind_var,
win32_bind_func,
-/* For now, "unbind" doesn't exist */
-# if 0
- NULL, /* unbind_var */
- NULL, /* unbind_func */
-# endif
NULL, /* ctrl */
win32_name_converter,
win32_merger,
@@ -476,13 +464,6 @@ static char *win32_joiner(DSO *dso, const struct file_st *file_split)
offset++;
start = end + 1;
}
-# if 0 /* Not needed, since the directory converter
- * above already appeneded a backslash */
- if (file_split->predir && (file_split->dir || file_split->file)) {
- result[offset] = '\\';
- offset++;
- }
-# endif
start = file_split->dir;
while (file_split->dirlen > (start - file_split->dir)) {
const char *end = openssl_strnchr(start, '/',
@@ -496,13 +477,6 @@ static char *win32_joiner(DSO *dso, const struct file_st *file_split)
offset++;
start = end + 1;
}
-# if 0 /* Not needed, since the directory converter
- * above already appeneded a backslash */
- if (file_split->dir && file_split->file) {
- result[offset] = '\\';
- offset++;
- }
-# endif
strncpy(&result[offset], file_split->file, file_split->filelen);
offset += file_split->filelen;
result[offset] = '\0';
diff --git a/crypto/pqueue/pqueue.c b/crypto/pqueue/pqueue.c
index 06a1b8d..675ac60 100644
--- a/crypto/pqueue/pqueue.c
+++ b/crypto/pqueue/pqueue.c
@@ -179,13 +179,6 @@ pitem *pqueue_find(pqueue_s *pq, unsigned char *prio64be)
if (!found)
return NULL;

-#if 0 /* find works in peek mode */
- if (prev == NULL)
- pq->items = next->next;
- else
- prev->next = next->next;
-#endif
-
return found;
}

diff --git a/crypto/threads/th-lock.c b/crypto/threads/th-lock.c
index 1b57659..9a8e909 100644
--- a/crypto/threads/th-lock.c
+++ b/crypto/threads/th-lock.c
@@ -200,18 +200,6 @@ void CRYPTO_thread_cleanup(void)

void solaris_locking_callback(int mode, int type, char *file, int line)
{
-# if 0
- fprintf(stderr, "thread=%4d mode=%s lock=%s %s:%d\n",
- CRYPTO_thread_id(),
- (mode & CRYPTO_LOCK) ? "l" : "u",
- (type & CRYPTO_READ) ? "r" : "w", file, line);

-# endif
-
-# if 0

- if (CRYPTO_LOCK_SSL_CERT == type)
- fprintf(stderr, "(t,m,f,l) %ld %d %s %d\n",
- CRYPTO_thread_id(), mode, file, line);
-# endif
if (mode & CRYPTO_LOCK) {
# ifdef USE_MUTEX
mutex_lock(&(lock_cs[type]));
@@ -338,17 +326,6 @@ void thread_cleanup(void)

void pthreads_locking_callback(int mode, int type, char *file, int line)
{
-# if 0
- fprintf(stderr, "thread=%4d mode=%s lock=%s %s:%d\n",
- CRYPTO_thread_id(),
- (mode & CRYPTO_LOCK) ? "l" : "u",
- (type & CRYPTO_READ) ? "r" : "w", file, line);
-# endif
-# if 0
- if (CRYPTO_LOCK_SSL_CERT == type)
- fprintf(stderr, "(t,m,f,l) %ld %d %s %d\n",
- CRYPTO_thread_id(), mode, file, line);
-# endif
if (mode & CRYPTO_LOCK) {
pthread_mutex_lock(&(lock_cs[type]));
lock_count[type]++;

Rich Salz

unread,

Jan 30, 2015, 1:25:59 PM1/30/15

to

The branch master has been updated

via d6fbb194095312f4722c81c9362dbd0de66cb656 (commit)
from 6f1a93ad111c7dfe36a09a976c4c009079b19ea1 (commit)

- Log -----------------------------------------------------------------
commit d6fbb194095312f4722c81c9362dbd0de66cb656
Author: Rich Salz <rs...@openssl.org>
Date: Fri Jan 30 13:24:35 2015 -0500

Dead code removal #if 0 engines

Reviewed-by: Richard Levitte <lev...@openssl.org>

-----------------------------------------------------------------------

Summary of changes:

engines/ccgost/gost2814789test.c | 85 --------------------------------------
engines/e_cswift.c | 8 ----
engines/e_gmp.c | 10 -----
engines/e_sureware.c | 21 ----------
4 files changed, 124 deletions(-)

diff --git a/engines/ccgost/gost2814789test.c b/engines/ccgost/gost2814789test.c
index ecbfa80..8384d66 100644
--- a/engines/ccgost/gost2814789test.c
+++ b/engines/ccgost/gost2814789test.c
@@ -1251,91 +1251,6 @@ int main(int argc, char *argv[])
}

/*
- * Internal function test on GostR3411_94_TestParamSet
- */
-# if 0 && defined(OPENSSL_NO_DYNAMIC_ENGINE)
- {
- gost_ctx ctx;
-
- for (t = 0; t < sizeof(tcs) / sizeof(tcs[0]); t++) {
- const gost_subst_block *pSubst = NULL;
-
- if (1024 < tcs[t].ullLen) {
- /* Key meshing check by engine tests */
- continue;
- }
- memset(bTest, 0xc3, sizeof(bTest));
- if (0 == strcmp(tcs[t].szParamSet,
- "id-GostR3410-94-TestParamSet")) {
- pSubst = &GostR3411_94_TestParamSet;
- } else if (0 == strcmp(tcs[t].szParamSet,
- "id-Gost28147-89-CryptoPro-A-ParamSet")) {
- pSubst = &Gost28147_CryptoProParamSetA;
- } else if (0 == strcmp(tcs[t].szParamSet,
- "id-Gost28147-89-CryptoPro-B-ParamSet")) {
- pSubst = &Gost28147_CryptoProParamSetB;
- } else if (0 == strcmp(tcs[t].szParamSet,
- "id-Gost28147-89-CryptoPro-C-ParamSet")) {
- pSubst = &Gost28147_CryptoProParamSetC;
- } else if (0 == strcmp(tcs[t].szParamSet,
- "id-Gost28147-89-CryptoPro-D-ParamSet")) {
- pSubst = &Gost28147_CryptoProParamSetD;
- }
- gost_init(&ctx, pSubst);
- gost_key(&ctx, tcs[t].bRawKey);
- switch (tcs[t].gMode) {
- case G89_ECB:
- gost_enc(&ctx, tcs[t].bIn, bTest,
- (int)((tcs[t].ullLen + G89_BLOCK_LEN - 1) /
- G89_BLOCK_LEN));
- l = (size_t)tcs[t].ullLen;
- break;
- case G89_CFB:
- gost_enc_cfb(&ctx, tcs[t].bIV, tcs[t].bIn,
- bTest,
- (int)((tcs[t].ullLen + G89_BLOCK_LEN - 1) /
- G89_BLOCK_LEN));
- l = (size_t)tcs[t].ullLen;
- break;
- case G89_CNT:
- /*
- * GOST 28147-89 cipher CNT mode check by engine tests
- */
- continue;
- case G89_IMIT:
- gost_mac(&ctx, 32, tcs[t].bIn,
- (unsigned int)tcs[t].ullLen, bTest);
- gost_mac_iv(&ctx, 32, tcs[t].bIV, tcs[t].bIn,
- (unsigned int)tcs[t].ullLen, bTest1);
- if (0 != memcmp(bTest, bTest1, 4)) {
- fflush(NULL);
- fprintf(stderr, "\nInternal test t=%d len=" FMT64
- " failed (gost_mac_iv).\n", t, tcs[t].ullLen);
- if (!ignore) {
- return 2;
- }
- }
- l = 4;
- break;
- }
- gost_destroy(&ctx);
-
- if (0 != memcmp(tcs[t].bOut, bTest, l)) {
- fflush(NULL);
- fprintf(stderr, "\nInternal test t=%d len=" FMT64
- " failed.\n", t, tcs[t].ullLen);
- if (!ignore) {
- return 3;
- }
- } else {
- printf(",");
- fflush(NULL);
- }

- }
- }
-# endif
-

- /*
* ccgost engine test on GostR3411_94_CryptoProParamSet
*/
ERR_load_crypto_strings();
diff --git a/engines/e_cswift.c b/engines/e_cswift.c
index c429802..db94bf2 100644
--- a/engines/e_cswift.c
+++ b/engines/e_cswift.c
@@ -748,11 +748,7 @@ static int cswift_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa,
# ifdef RSA_NULL
def_rsa_method = RSA_null_method();
# else
-# if 0
- def_rsa_method = RSA_PKCS1_RSAref();
-# else
def_rsa_method = RSA_PKCS1_SSLeay();
-# endif
# endif
if (def_rsa_method)
return def_rsa_method->rsa_mod_exp(r0, I, rsa, ctx);
@@ -777,11 +773,7 @@ static int cswift_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
# ifdef RSA_NULL
def_rsa_method = RSA_null_method();
# else
-# if 0
- def_rsa_method = RSA_PKCS1_RSAref();
-# else
def_rsa_method = RSA_PKCS1_SSLeay();
-# endif
# endif
if (def_rsa_method)
return def_rsa_method->bn_mod_exp(r, a, p, m, ctx, m_ctx);
diff --git a/engines/e_gmp.c b/engines/e_gmp.c
index de5f9c0..cf01016 100644
--- a/engines/e_gmp.c
+++ b/engines/e_gmp.c
@@ -117,12 +117,6 @@ static int e_gmp_rsa_finish(RSA *r);
/* The definitions for control commands specific to this engine */
/* #define E_GMP_CMD_SO_PATH ENGINE_CMD_BASE */
static const ENGINE_CMD_DEFN e_gmp_cmd_defns[] = {
-# if 0
- {E_GMP_CMD_SO_PATH,
- "SO_PATH",
- "Specifies the path to the 'e_gmp' shared library",
- ENGINE_CMD_FLAG_STRING},
-# endif
{0, NULL, NULL, 0}
};

@@ -247,10 +241,6 @@ static int e_gmp_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f) (void))
int to_return = 1;

switch (cmd) {
-# if 0
- case E_GMP_CMD_SO_PATH:
- /* ... */
-# endif
/* The command isn't understood by this engine */
default:
GMPerr(GMP_F_E_GMP_CTRL, GMP_R_CTRL_COMMAND_NOT_IMPLEMENTED);
diff --git a/engines/e_sureware.c b/engines/e_sureware.c
index aae568a..36f6f43 100644
--- a/engines/e_sureware.c
+++ b/engines/e_sureware.c
@@ -111,10 +111,6 @@ static EVP_PKEY *surewarehk_load_pubkey(ENGINE *e, const char *key_id,
void *callback_data);
static void surewarehk_ex_free(void *obj, void *item, CRYPTO_EX_DATA *ad,

int idx, long argl, void *argp);

-# if 0
-static void surewarehk_dh_ex_free(void *obj, void *item, CRYPTO_EX_DATA *ad,

- int idx, long argl, void *argp);

-# endif

# ifndef OPENSSL_NO_RSA
/* This function is aliased to mod_exp (with the mont stuff dropped). */
@@ -881,23 +877,6 @@ static void surewarehk_ex_free(void *obj, void *item, CRYPTO_EX_DATA *ad,
p_surewarehk_Free((char *)item, 0);
}

-# if 0
-/* not currently used (bug?) */
-/*
- * This cleans up an DH KM key (destroys the key into hardware), called when
- * ex_data is freed
- */
-static void surewarehk_dh_ex_free(void *obj, void *item, CRYPTO_EX_DATA *ad,

- int idx, long argl, void *argp)

-{
- if (!p_surewarehk_Free) {
- SUREWAREerr(SUREWARE_F_SUREWAREHK_DH_EX_FREE,
- ENGINE_R_NOT_INITIALISED);
- } else
- p_surewarehk_Free((char *)item, 1);

-}
-# endif
-
/*

* return number of decrypted bytes
*/

Rich Salz

unread,

Jan 30, 2015, 2:54:29 PM1/30/15

to

The branch master has been updated

via 75d0ebef2aef7a2c77b27575b8da898e22f3ccd5 (commit)
from d6fbb194095312f4722c81c9362dbd0de66cb656 (commit)

- Log -----------------------------------------------------------------
commit 75d0ebef2aef7a2c77b27575b8da898e22f3ccd5
Author: Rich Salz <rs...@openssl.org>
Date: Fri Jan 30 14:52:57 2015 -0500

Dead code clean: #if 0 removal in apps

Reviewed-by: Tim Hudson <t...@openssl.org>

-----------------------------------------------------------------------

Summary of changes:

apps/ca.c | 12 ------------
apps/engine.c | 3 ---
apps/openssl.c | 7 +------
apps/s_cb.c | 4 ----
apps/s_client.c | 25 -------------------------
apps/s_server.c | 49 -------------------------------------------------
apps/s_time.c | 16 ----------------
apps/smime.c | 5 -----
apps/speed.c | 16 ----------------
9 files changed, 1 insertion(+), 136 deletions(-)

diff --git a/apps/ca.c b/apps/ca.c
index a917112..bcb3f50 100644
--- a/apps/ca.c
+++ b/apps/ca.c
@@ -2171,18 +2171,6 @@ static void write_new_certificate(BIO *bp, X509 *x, int output_der,
(void)i2d_X509_bio(bp, x);
return;
}
-#if 0
- /* ??? Not needed since X509_print prints all this stuff anyway */
- f = X509_NAME_oneline(X509_get_issuer_name(x), buf, 256);
- BIO_printf(bp, "issuer :%s\n", f);
-
- f = X509_NAME_oneline(X509_get_subject_name(x), buf, 256);
- BIO_printf(bp, "subject:%s\n", f);
-
- BIO_puts(bp, "serial :");
- i2a_ASN1_INTEGER(bp, x->cert_info->serialNumber);
- BIO_puts(bp, "\n\n");
-#endif
if (!notext)
X509_print(bp, x);
PEM_write_bio_X509(bp, x);
diff --git a/apps/engine.c b/apps/engine.c
index 275d599..8a1e746 100644
--- a/apps/engine.c
+++ b/apps/engine.c
@@ -196,9 +196,6 @@ static int util_verbose(ENGINE *e, int verbose, BIO *bio_out,
if (!ENGINE_ctrl(e, ENGINE_CTRL_HAS_CTRL_FUNCTION, 0, NULL, NULL) ||
((num = ENGINE_ctrl(e, ENGINE_CTRL_GET_FIRST_CMD_TYPE,
0, NULL, NULL)) <= 0)) {
-# if 0
- BIO_printf(bio_out, "%s<no control commands>\n", indent);
-# endif
return 1;
}

diff --git a/apps/openssl.c b/apps/openssl.c
index b196285..50c8275 100644
--- a/apps/openssl.c
+++ b/apps/openssl.c
@@ -301,12 +301,7 @@ int main(int Argc, char *ARGV[])
}
CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);

-#if 0
- if (getenv("OPENSSL_DEBUG_LOCKING") != NULL)
-#endif
- {
- CRYPTO_set_locking_callback(lock_dbg_cb);
- }
+ CRYPTO_set_locking_callback(lock_dbg_cb);

if (getenv("OPENSSL_FIPS")) {
#ifdef OPENSSL_FIPS
diff --git a/apps/s_cb.c b/apps/s_cb.c
index eb89949..eef86cb 100644
--- a/apps/s_cb.c
+++ b/apps/s_cb.c
@@ -812,10 +812,6 @@ void msg_cb(int write_p, int version, int content_type, const void *buf,

BIO_printf(bio, " ");
num = len;
-#if 0
- if (num > 16)
- num = 16;
-#endif
for (i = 0; i < num; i++) {
if (i % 16 == 0 && i > 0)
BIO_printf(bio, "\n ");
diff --git a/apps/s_client.c b/apps/s_client.c
index 0fb4771..325dbf1 100644
--- a/apps/s_client.c
+++ b/apps/s_client.c
@@ -1326,10 +1326,6 @@ int MAIN(int argc, char **argv)

if (state)
SSL_CTX_set_info_callback(ctx, apps_ssl_info_callback);
-#if 0
- else
- SSL_CTX_set_cipher_list(ctx, getenv("SSL_CIPHER"));
-#endif

SSL_CTX_set_verify(ctx, verify, verify_callback);

@@ -1508,17 +1504,6 @@ int MAIN(int argc, char **argv)
SSL_set_tlsext_status_type(con, TLSEXT_STATUSTYPE_ocsp);
SSL_CTX_set_tlsext_status_cb(ctx, ocsp_resp_cb);
SSL_CTX_set_tlsext_status_arg(ctx, bio_c_out);
-# if 0
- {
- STACK_OF(OCSP_RESPID) *ids = sk_OCSP_RESPID_new_null();
- OCSP_RESPID *id = OCSP_RESPID_new();
- id->value.byKey = ASN1_OCTET_STRING_new();
- id->type = V_OCSP_RESPID_KEY;
- ASN1_STRING_set(id->value.byKey, "Hello World", -1);
- sk_OCSP_RESPID_push(ids, id);
- SSL_set_tlsext_status_ids(con, ids);
- }
-# endif
}
#endif
#ifndef OPENSSL_NO_JPAKE
@@ -1667,16 +1652,6 @@ int MAIN(int argc, char **argv)
tty_on = 1;
if (in_init) {
in_init = 0;
-#if 0 /* This test doesn't really work as intended
- * (needs to be fixed) */
-# ifndef OPENSSL_NO_TLSEXT
- if (servername != NULL && !SSL_session_reused(con)) {
- BIO_printf(bio_c_out,
- "Server did %sacknowledge servername extension.\n",
- tlsextcbp.ack ? "" : "not ");
- }
-# endif
-#endif
if (sess_out) {
BIO *stmp = BIO_new_file(sess_out, "w");
if (stmp) {
diff --git a/apps/s_server.c b/apps/s_server.c
index e6ea350..5537fde 100644
--- a/apps/s_server.c
+++ b/apps/s_server.c
@@ -838,12 +838,6 @@ static int cert_status_cb(SSL *s, void *arg)
STACK_OF(X509_EXTENSION) *exts;
int ret = SSL_TLSEXT_ERR_NOACK;
int i;
-# if 0
- STACK_OF(OCSP_RESPID) *ids;
- SSL_get_tlsext_status_ids(s, &ids);
- BIO_printf(err, "cert_status: received %d ids\n",
- sk_OCSP_RESPID_num(ids));
-# endif
if (srctx->verbose)
BIO_puts(err, "cert_status: callback called\n");
/* Build up OCSP query from server certificate */
@@ -1735,19 +1729,6 @@ int MAIN(int argc, char *argv[])
SSL_CTX_set_tlsext_use_srtp(ctx, srtp_profiles);
#endif

-#if 0
- if (cipher == NULL)
- cipher = getenv("SSL_CIPHER");
-#endif
-
-#if 0
- if (s_cert_file == NULL) {
- BIO_printf(bio_err,
- "You must specify a certificate file for the server to use\n");
- goto end;
- }
-#endif
-
if ((!SSL_CTX_load_verify_locations(ctx, CAfile, CApath)) ||
(!SSL_CTX_set_default_verify_paths(ctx))) {
/* BIO_printf(bio_err,"X509_load_verify_locations\n"); */
@@ -2691,27 +2672,6 @@ static DH *load_dh_param(const char *dhfile)
}
#endif

-#if 0
-static int load_CA(SSL_CTX *ctx, char *file)
-{
- FILE *in;
- X509 *x = NULL;
-
- if ((in = fopen(file, "r")) == NULL)

- return (0);
-
- for (;;) {

- if (PEM_read_X509(in, &x, NULL) == NULL)
- break;
- SSL_CTX_add_client_CA(ctx, x);
- }
- if (x != NULL)
- X509_free(x);
- fclose(in);
- return (1);
-}
-#endif
-
static int www_body(char *hostname, int s, int stype, unsigned char *context)
{
char *buf = NULL;
@@ -3010,21 +2970,12 @@ static int www_body(char *hostname, int s, int stype, unsigned char *context)
BIO_printf(io, "'%s' is an invalid path\r\n", p);
break;
}
-#if 0
- /* append if a directory lookup */
- if (e[-1] == '/')
- strcat(p, "index.html");
-#endif

/* if a directory, do the index thang */
if (app_isdir(p) > 0) {
-#if 0 /* must check buffer size */
- strcat(p, "/index.html");
-#else
BIO_puts(io, text);
BIO_printf(io, "'%s' is a directory\r\n", p);
break;
-#endif
}

if ((file = BIO_new_file(p, "r")) == NULL) {
diff --git a/apps/s_time.c b/apps/s_time.c
index 972dccf..102ee72 100644
--- a/apps/s_time.c
+++ b/apps/s_time.c
@@ -217,17 +217,6 @@ static int parseArgs(int argc, char **argv)
goto bad;
host = *(++argv);
}
-#if 0
- else if (strcmp(*argv, "-host") == 0) {
- if (--argc < 1)
- goto bad;
- host = *(++argv);
- } else if (strcmp(*argv, "-port") == 0) {
- if (--argc < 1)
- goto bad;
- port = *(++argv);
- }
-#endif
else if (strcmp(*argv, "-reuse") == 0)
perform = 2;
else if (strcmp(*argv, "-new") == 0)
@@ -582,11 +571,6 @@ static SSL *doConnection(SSL *scon)

SSL_set_bio(serverCon, conn, conn);

-#if 0
- if (scon != NULL)
- SSL_set_session(serverCon, SSL_get_session(scon));
-#endif
-
/* ok, lets connect */
for (;;) {
i = SSL_connect(serverCon);
diff --git a/apps/smime.c b/apps/smime.c
index 05321a9..5efe51f 100644
--- a/apps/smime.c
+++ b/apps/smime.c
@@ -511,11 +511,6 @@ int MAIN(int argc, char **argv)
while (*args) {
if (!(cert = load_cert(bio_err, *args, FORMAT_PEM,
NULL, e, "recipient certificate file"))) {
-#if 0 /* An appropriate message is already printed */
- BIO_printf(bio_err,
- "Can't read recipient certificate file %s\n",
- *args);
-#endif
goto end;
}
sk_X509_push(encerts, cert);
diff --git a/apps/speed.c b/apps/speed.c
index 419dced..8dc9de9 100644
--- a/apps/speed.c
+++ b/apps/speed.c
@@ -874,12 +874,6 @@ int MAIN(int argc, char **argv)
else
#endif
#ifndef OPENSSL_NO_RSA

-# if 0 /* was: #ifdef RSAref */

- if (strcmp(*argv, "rsaref") == 0) {
- RSA_set_default_openssl_method(RSA_PKCS1_RSAref());
- j--;
- } else
-# endif

# ifndef RSA_NULL
if (strcmp(*argv, "openssl") == 0) {
RSA_set_default_method(RSA_PKCS1_SSLeay());

@@ -1273,16 +1267,6 @@ int MAIN(int argc, char **argv)
i);
goto end;
}
-# if 0
- else {
- BIO_printf(bio_err,
- mr ? "+RK:%d:"
- : "Loaded RSA key, %d bit modulus and e= 0x",
- BN_num_bits(rsa_key[i]->n));
- BN_print(bio_err, rsa_key[i]->e);
- BIO_printf(bio_err, "\n");
- }
-# endif
}
#endif

Rich Salz

unread,

Jan 30, 2015, 3:37:50 PM1/30/15

to

The branch master has been updated

via 02a938c953b3e1ced71d9a832de1618f907eb96d (commit)
from 75d0ebef2aef7a2c77b27575b8da898e22f3ccd5 (commit)

- Log -----------------------------------------------------------------
commit 02a938c953b3e1ced71d9a832de1618f907eb96d
Author: Rich Salz <rs...@openssl.org>
Date: Fri Jan 30 15:35:49 2015 -0500

Dead code removal: #if 0 asn1, pkcs7

Keep one #if 0 but rename the symbol to be more descriptive of what
it's doing (you can disable support for old broken Netscape software).

Reviewed-by: Tim Hudson <t...@openssl.org>

-----------------------------------------------------------------------

Summary of changes:

crypto/asn1/a_gentm.c | 51 ---------------------------
crypto/asn1/a_strex.c | 12 -------
crypto/asn1/a_time.c | 27 --------------
crypto/asn1/a_utctm.c | 87 ----------------------------------------------
crypto/asn1/asn1_lib.c | 6 ----
crypto/asn1/asn1_par.c | 4 ---
crypto/asn1/t_x509.c | 8 -----
crypto/asn1/tasn_prn.c | 9 -----
crypto/pkcs7/pk7_doit.c | 35 -------------------
crypto/pkcs7/pk7_smime.c | 9 ++---
10 files changed, 5 insertions(+), 243 deletions(-)

diff --git a/crypto/asn1/a_gentm.c b/crypto/asn1/a_gentm.c
index db4510f..97011f8 100644
--- a/crypto/asn1/a_gentm.c
+++ b/crypto/asn1/a_gentm.c
@@ -66,57 +66,6 @@
#include <openssl/asn1.h>
#include "asn1_locl.h"

-#if 0
-
-int i2d_ASN1_GENERALIZEDTIME(ASN1_GENERALIZEDTIME *a, unsigned char **pp)
-{
-# ifdef CHARSET_EBCDIC
- /* KLUDGE! We convert to ascii before writing DER */
- int len;
- char tmp[24];
- ASN1_STRING tmpstr = *(ASN1_STRING *)a;
-
- len = tmpstr.length;
- ebcdic2ascii(tmp, tmpstr.data, (len >= sizeof tmp) ? sizeof tmp : len);
- tmpstr.data = tmp;
-
- a = (ASN1_GENERALIZEDTIME *)&tmpstr;
-# endif
- return (i2d_ASN1_bytes((ASN1_STRING *)a, pp,
- V_ASN1_GENERALIZEDTIME, V_ASN1_UNIVERSAL));
-}
-
-ASN1_GENERALIZEDTIME *d2i_ASN1_GENERALIZEDTIME(ASN1_GENERALIZEDTIME **a,
- unsigned char **pp,
- long length)
-{
- ASN1_GENERALIZEDTIME *ret = NULL;
-
- ret =
- (ASN1_GENERALIZEDTIME *)d2i_ASN1_bytes((ASN1_STRING **)a, pp, length,
- V_ASN1_GENERALIZEDTIME,
- V_ASN1_UNIVERSAL);

- if (ret == NULL) {

- ASN1err(ASN1_F_D2I_ASN1_GENERALIZEDTIME, ERR_R_NESTED_ASN1_ERROR);
- return (NULL);
- }
-# ifdef CHARSET_EBCDIC
- ascii2ebcdic(ret->data, ret->data, ret->length);
-# endif
- if (!ASN1_GENERALIZEDTIME_check(ret)) {
- ASN1err(ASN1_F_D2I_ASN1_GENERALIZEDTIME, ASN1_R_INVALID_TIME_FORMAT);

- goto err;
- }
-

- return (ret);
- err:
- if ((ret != NULL) && ((a == NULL) || (*a != ret)))
- M_ASN1_GENERALIZEDTIME_free(ret);
- return (NULL);
-}
-
-#endif
-
int asn1_generalizedtime_to_tm(struct tm *tm, const ASN1_GENERALIZEDTIME *d)
{
static const int min[9] = { 0, 0, 1, 1, 0, 0, 0, 0, 0 };
diff --git a/crypto/asn1/a_strex.c b/crypto/asn1/a_strex.c
index 765698f..1744853 100644
--- a/crypto/asn1/a_strex.c
+++ b/crypto/asn1/a_strex.c
@@ -83,18 +83,6 @@
* Three IO functions for sending data to memory, a BIO and and a FILE
* pointer.
*/
-#if 0 /* never used */
-static int send_mem_chars(void *arg, const void *buf, int len)
-{
- unsigned char **out = arg;
- if (!out)
- return 1;
- memcpy(*out, buf, len);
- *out += len;
- return 1;
-}
-#endif
-
static int send_bio_chars(void *arg, const void *buf, int len)
{
if (!arg)
diff --git a/crypto/asn1/a_time.c b/crypto/asn1/a_time.c
index 20e7c6d..7ff3de3 100644
--- a/crypto/asn1/a_time.c
+++ b/crypto/asn1/a_time.c
@@ -71,33 +71,6 @@ IMPLEMENT_ASN1_MSTRING(ASN1_TIME, B_ASN1_TIME)

IMPLEMENT_ASN1_FUNCTIONS(ASN1_TIME)

-#if 0
-int i2d_ASN1_TIME(ASN1_TIME *a, unsigned char **pp)
-{
-# ifdef CHARSET_EBCDIC
- /* KLUDGE! We convert to ascii before writing DER */
- char tmp[24];
- ASN1_STRING tmpstr;
-
- if (a->type == V_ASN1_UTCTIME || a->type == V_ASN1_GENERALIZEDTIME) {
- int len;
-
- tmpstr = *(ASN1_STRING *)a;
- len = tmpstr.length;
- ebcdic2ascii(tmp, tmpstr.data,
- (len >= sizeof tmp) ? sizeof tmp : len);
- tmpstr.data = tmp;
- a = (ASN1_GENERALIZEDTIME *)&tmpstr;
- }
-# endif
- if (a->type == V_ASN1_UTCTIME || a->type == V_ASN1_GENERALIZEDTIME)
- return (i2d_ASN1_bytes((ASN1_STRING *)a, pp,
- a->type, V_ASN1_UNIVERSAL));
- ASN1err(ASN1_F_I2D_ASN1_TIME, ASN1_R_EXPECTING_A_TIME);
- return -1;
-}
-#endif
-
ASN1_TIME *ASN1_TIME_set(ASN1_TIME *s, time_t t)
{
return ASN1_TIME_adj(s, t, 0, 0);
diff --git a/crypto/asn1/a_utctm.c b/crypto/asn1/a_utctm.c
index e84e595..9b55284 100644
--- a/crypto/asn1/a_utctm.c
+++ b/crypto/asn1/a_utctm.c
@@ -62,53 +62,6 @@
#include <openssl/asn1.h>
#include "asn1_locl.h"

-#if 0
-int i2d_ASN1_UTCTIME(ASN1_UTCTIME *a, unsigned char **pp)
-{
-# ifndef CHARSET_EBCDIC
- return (i2d_ASN1_bytes((ASN1_STRING *)a, pp,
- V_ASN1_UTCTIME, V_ASN1_UNIVERSAL));
-# else
- /* KLUDGE! We convert to ascii before writing DER */
- int len;
- char tmp[24];
- ASN1_STRING x = *(ASN1_STRING *)a;
-
- len = x.length;
- ebcdic2ascii(tmp, x.data, (len >= sizeof tmp) ? sizeof tmp : len);
- x.data = tmp;
- return i2d_ASN1_bytes(&x, pp, V_ASN1_UTCTIME, V_ASN1_UNIVERSAL);
-# endif
-}
-
-ASN1_UTCTIME *d2i_ASN1_UTCTIME(ASN1_UTCTIME **a, unsigned char **pp,
- long length)
-{
- ASN1_UTCTIME *ret = NULL;
-
- ret = (ASN1_UTCTIME *)d2i_ASN1_bytes((ASN1_STRING **)a, pp, length,
- V_ASN1_UTCTIME, V_ASN1_UNIVERSAL);

- if (ret == NULL) {

- ASN1err(ASN1_F_D2I_ASN1_UTCTIME, ERR_R_NESTED_ASN1_ERROR);
- return (NULL);
- }
-# ifdef CHARSET_EBCDIC
- ascii2ebcdic(ret->data, ret->data, ret->length);
-# endif
- if (!ASN1_UTCTIME_check(ret)) {
- ASN1err(ASN1_F_D2I_ASN1_UTCTIME, ASN1_R_INVALID_TIME_FORMAT);

- goto err;
- }
-

- return (ret);
- err:
- if ((ret != NULL) && ((a == NULL) || (*a != ret)))
- M_ASN1_UTCTIME_free(ret);
- return (NULL);
-}
-
-#endif
-
int asn1_utctime_to_tm(struct tm *tm, const ASN1_UTCTIME *d)
{
static const int min[8] = { 0, 1, 1, 0, 0, 0, 0, 0 };
@@ -309,43 +262,3 @@ int ASN1_UTCTIME_cmp_time_t(const ASN1_UTCTIME *s, time_t t)
return -1;
return 0;
}
-
-#if 0
-time_t ASN1_UTCTIME_get(const ASN1_UTCTIME *s)
-{
- struct tm tm;
- int offset;
-
- memset(&tm, '\0', sizeof tm);
-
-# define g2(p) (((p)[0]-'0')*10+(p)[1]-'0')
- tm.tm_year = g2(s->data);
- if (tm.tm_year < 50)
- tm.tm_year += 100;
- tm.tm_mon = g2(s->data + 2) - 1;
- tm.tm_mday = g2(s->data + 4);
- tm.tm_hour = g2(s->data + 6);
- tm.tm_min = g2(s->data + 8);
- tm.tm_sec = g2(s->data + 10);
- if (s->data[12] == 'Z')
- offset = 0;
- else {
- offset = g2(s->data + 13) * 60 + g2(s->data + 15);
- if (s->data[12] == '-')
- offset = -offset;
- }
-# undef g2
-
- /*
- * FIXME: mktime assumes the current timezone
- * instead of UTC, and unless we rewrite OpenSSL
- * in Lisp we cannot locally change the timezone
- * without possibly interfering with other parts
- * of the program. timegm, which uses UTC, is
- * non-standard.
- * Also time_t is inappropriate for general
- * UTC times because it may a 32 bit type.
- */
- return mktime(&tm) - offset * 60;
-}
-#endif
diff --git a/crypto/asn1/asn1_lib.c b/crypto/asn1/asn1_lib.c
index aaf5d85..bf84526 100644
--- a/crypto/asn1/asn1_lib.c
+++ b/crypto/asn1/asn1_lib.c
@@ -137,12 +137,6 @@ int ASN1_get_object(const unsigned char **pp, long *plength, int *ptag,
if (inf && !(ret & V_ASN1_CONSTRUCTED))
goto err;

-#if 0
- fprintf(stderr, "p=%d + *plength=%ld > omax=%ld + *pp=%d (%d > %d)\n",
- (int)p, *plength, omax, (int)*pp, (int)(p + *plength),
- (int)(omax + *pp));
-
-#endif
if (*plength > (omax - (p - *pp))) {
ASN1err(ASN1_F_ASN1_GET_OBJECT, ASN1_R_TOO_LONG);
/*
diff --git a/crypto/asn1/asn1_par.c b/crypto/asn1/asn1_par.c
index 98cf249..58d65ac 100644
--- a/crypto/asn1/asn1_par.c
+++ b/crypto/asn1/asn1_par.c
@@ -123,11 +123,7 @@ static int asn1_parse2(BIO *bp, const unsigned char **pp, long length,
/* ASN1_BMPSTRING *bmp=NULL; */
int dump_indent;

-#if 0
- dump_indent = indent;
-#else
dump_indent = 6; /* Because we know BIO_dump_indent() */
-#endif
p = *pp;
tot = p + length;
op = p - 1;
diff --git a/crypto/asn1/t_x509.c b/crypto/asn1/t_x509.c
index 0bdc2c2..667db26 100644
--- a/crypto/asn1/t_x509.c
+++ b/crypto/asn1/t_x509.c
@@ -166,14 +166,6 @@ int X509_print_ex(BIO *bp, X509 *x, unsigned long nmflags,
if (!(cflag & X509_FLAG_NO_SIGNAME)) {
if (X509_signature_print(bp, ci->signature, NULL) <= 0)
goto err;
-#if 0
- if (BIO_printf(bp, "%8sSignature Algorithm: ", "") <= 0)
- goto err;
- if (i2a_ASN1_OBJECT(bp, ci->signature->algorithm) <= 0)
- goto err;
- if (BIO_puts(bp, "\n") <= 0)
- goto err;
-#endif
}

if (!(cflag & X509_FLAG_NO_ISSUER)) {
diff --git a/crypto/asn1/tasn_prn.c b/crypto/asn1/tasn_prn.c
index d956030..94e220b 100644
--- a/crypto/asn1/tasn_prn.c
+++ b/crypto/asn1/tasn_prn.c
@@ -245,10 +245,6 @@ static int asn1_item_print_ctx(BIO *out, ASN1_VALUE **fld, int indent,
break;

case ASN1_ITYPE_CHOICE:
-#if 0
- if (!nohdr && !asn1_print_fsname(out, indent, fname, sname, pctx))
- return 0;
-#endif
/* CHOICE type, get selector */
i = asn1_get_choice_selector(fld, it);
/* This should never happen... */
@@ -376,11 +372,6 @@ static int asn1_print_fsname(BIO *out, int indent,
static const char spaces[] = " ";
static const int nspaces = sizeof(spaces) - 1;

-#if 0
- if (!sname && !fname)
- return 1;
-#endif
-
while (indent > nspaces) {
if (BIO_write(out, spaces, nspaces) != nspaces)
return 0;
diff --git a/crypto/pkcs7/pk7_doit.c b/crypto/pkcs7/pk7_doit.c
index b4886f7..54b7b07 100644
--- a/crypto/pkcs7/pk7_doit.c
+++ b/crypto/pkcs7/pk7_doit.c
@@ -479,15 +479,6 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert)
}

if (evp_cipher != NULL) {
-#if 0
- unsigned char key[EVP_MAX_KEY_LENGTH];
- unsigned char iv[EVP_MAX_IV_LENGTH];
- unsigned char *p;
- int keylen, ivlen;
- int max;
- X509_OBJECT ret;
-#endif
-
if ((etmp = BIO_new(BIO_f_cipher())) == NULL) {
PKCS7err(PKCS7_F_PKCS7_DATADECODE, ERR_R_BIO_LIB);
goto err;
@@ -593,22 +584,9 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert)
BIO_push(out, etmp);
etmp = NULL;
}
-#if 1
if (PKCS7_is_detached(p7) || (in_bio != NULL)) {
bio = in_bio;
} else {
-# if 0
- bio = BIO_new(BIO_s_mem());
- /*
- * We need to set this so that when we have read all the data, the
- * encrypt BIO, if present, will read EOF and encode the last few
- * bytes
- */
- BIO_set_mem_eof_return(bio, 0);
-
- if (data_body->length > 0)
- BIO_write(bio, (char *)data_body->data, data_body->length);
-# else
if (data_body->length > 0)
bio = BIO_new_mem_buf(data_body->data, data_body->length);
else {
@@ -617,11 +595,9 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert)
}
if (bio == NULL)
goto err;
-# endif
}
BIO_push(out, bio);
bio = NULL;
-#endif
if (0) {
err:
if (ek) {
@@ -1017,17 +993,6 @@ int PKCS7_signatureVerify(BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si,
}
if ((message_digest->length != (int)md_len) ||
(memcmp(message_digest->data, md_dat, md_len))) {
-#if 0
- {
- int ii;
- for (ii = 0; ii < message_digest->length; ii++)
- printf("%02X", message_digest->data[ii]);
- printf(" sent\n");
- for (ii = 0; ii < md_len; ii++)
- printf("%02X", md_dat[ii]);
- printf(" calc\n");
- }
-#endif
PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY, PKCS7_R_DIGEST_FAILURE);
ret = -1;
goto err;
diff --git a/crypto/pkcs7/pk7_smime.c b/crypto/pkcs7/pk7_smime.c
index dbd4100..e659af8 100644
--- a/crypto/pkcs7/pk7_smime.c
+++ b/crypto/pkcs7/pk7_smime.c
@@ -274,12 +274,13 @@ int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store,
PKCS7err(PKCS7_F_PKCS7_VERIFY, PKCS7_R_NO_CONTENT);
return 0;
}
-#if 0
+
/*
- * NB: this test commented out because some versions of Netscape
- * illegally include zero length content when signing data.
+ * Very old Netscape illegally included empty content with
+ * a detached signature. To not support that, enable the
+ * following flag.
*/
-
+#ifdef OPENSSL_DONT_SUPPORT_OLD_NETSCAPE
/* Check for data and content: two sets of data */
if (!PKCS7_get_detached(p7) && indata) {
PKCS7err(PKCS7_F_PKCS7_VERIFY, PKCS7_R_CONTENT_AND_DATA_PRESENT);

Ben Laurie

unread,

Jan 30, 2015, 5:24:25 PM1/30/15

to

The branch master has been updated

via 4de8385796541c8c2973813f5da5fad173ba1ca2 (commit)
from 02a938c953b3e1ced71d9a832de1618f907eb96d (commit)

- Log -----------------------------------------------------------------
commit 4de8385796541c8c2973813f5da5fad173ba1ca2
Author: Ben Laurie <b...@links.org>
Date: Fri Jan 30 18:59:32 2015 +0000

Build correctly for me on FreeBSD 10.

Reviewed-by: Rich Salz

Don't debug.

-----------------------------------------------------------------------

Summary of changes:
Configure | 2 +-
crypto/engine/eng_cryptodev.c | 1 +
engines/Makefile | 1 +
3 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/Configure b/Configure
index ca48b52..d56c3d9 100755
--- a/Configure
+++ b/Configure
@@ -177,7 +177,7 @@ my %table=(
"debug-ben-openbsd-debug","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -DOPENSSL_OPENBSD_DEV_CRYPTO -DOPENSSL_NO_ASM -g3 -O2 -pedantic -Wall -Wshadow -Werror -pipe::(unknown)::::",
"debug-ben-debug", "gcc:$gcc_devteam_warn -DBN_DEBUG -DCONF_DEBUG -DDEBUG_SAFESTACK -DOPENSSL_NO_HW_PADLOCK -g3 -O2 -pipe::(unknown)::::::",
"debug-ben-debug-64", "gcc:$gcc_devteam_warn -Wno-error=overlength-strings -DBN_DEBUG -DCONF_DEBUG -DDEBUG_SAFESTACK -DDEBUG_UNUSED -g3 -O3 -pipe::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"debug-ben-debug-64-clang", "clang:$gcc_devteam_warn -fsanitize=undefined -Wno-error=overlength-strings -Wno-error=extended-offsetof -Wno-error=language-extension-token -Wstrict-overflow -Qunused-arguments -DBN_DEBUG -DCONF_DEBUG -DDEBUG_SAFESTACK -DDEBUG_UNUSED -g3 -O3 -pipe::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debug-ben-debug-64-clang", "clang:$gcc_devteam_warn -Wno-error=overlength-strings -Wno-error=extended-offsetof -Wno-error=language-extension-token -Wstrict-overflow -Qunused-arguments -DBN_DEBUG -DCONF_DEBUG -DDEBUG_SAFESTACK -DDEBUG_UNUSED -g3 -O3 -pipe::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
"debug-ben-debug-64-noopt", "gcc:$gcc_devteam_warn -Wno-error=overlength-strings -DBN_DEBUG -DCONF_DEBUG -DDEBUG_SAFESTACK -DDEBUG_UNUSED -g3 -pipe::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
"debug-ben-macos", "cc:$gcc_devteam_warn -DOPENSSL_NO_ASM -DBN_DEBUG -DCONF_DEBUG -DDEBUG_SAFESTACK -DDEBUG_UNUSED -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -arch i386 -O3 -DL_ENDIAN -g3 -pipe::(unknown)::::::",
"debug-ben-no-opt", "gcc: -Wall -Wmissing-prototypes -Wstrict-prototypes -Wmissing-declarations -DDEBUG_SAFESTACK -DCRYPTO_MDEBUG -Werror -DL_ENDIAN -DTERMIOS -Wall -g3::(unknown)::::::",
diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
index 6b5cc19..65efc81 100644
--- a/crypto/engine/eng_cryptodev.c
+++ b/crypto/engine/eng_cryptodev.c
@@ -30,6 +30,7 @@
#include <openssl/engine.h>
#include <openssl/evp.h>
#include <openssl/bn.h>
+#include "../bn/bn_lcl.h"

#if (defined(__unix__) || defined(unix)) && !defined(USG) && \
(defined(OpenBSD) || defined(__FreeBSD__))
diff --git a/engines/Makefile b/engines/Makefile
index a2882e3..da4ae77 100644
--- a/engines/Makefile
+++ b/engines/Makefile
@@ -26,6 +26,7 @@ EX_LIBS=

CFLAGS= $(INCLUDES) $(CFLAG)
ASFLAGS= $(INCLUDES) $(ASFLAG)
+AFLAGS= $(ASFLAGS)

GENERAL=Makefile engines.com install.com engine_vector.mar
TEST=

Matt Caswell

unread,

Jan 31, 2015, 1:16:18 PM1/31/15

to

The branch master has been updated

via 1d4d68570b8d3f214da0df57c5a629ced9668161 (commit)
via 78cc1f03e8ef3a370f900ecda53c1c7e9ca22c78 (commit)
via 0c2837564c878b06f87575361aa7d3b7562ae861 (commit)
via b6ba401497001c2f042feff693ed292b21c8369c (commit)
from 4de8385796541c8c2973813f5da5fad173ba1ca2 (commit)

- Log -----------------------------------------------------------------
commit 1d4d68570b8d3f214da0df57c5a629ced9668161
Author: Richard Levitte <lev...@openssl.org>
Date: Fri Jan 30 23:06:06 2015 +0000

Make the libssl opaque changes compile on VMS

Reviewed-by: Matt Caswell <ma...@openssl.org>

commit 78cc1f03e8ef3a370f900ecda53c1c7e9ca22c78
Author: Matt Caswell <ma...@openssl.org>
Date: Wed Jan 28 11:44:34 2015 +0000

Add changes entry for opaquifying of libssl structures

Reviewed-by: Richard Levitte <lev...@openssl.org>

commit 0c2837564c878b06f87575361aa7d3b7562ae861
Author: Matt Caswell <ma...@openssl.org>
Date: Wed Jan 28 11:40:54 2015 +0000

Remove OPENSSL_NO_SSL_INTERN as it is now redundant - all internals
previously protected by this have been moved into non-public headers

Reviewed-by: Richard Levitte <lev...@openssl.org>

commit b6ba401497001c2f042feff693ed292b21c8369c
Author: Matt Caswell <ma...@openssl.org>
Date: Tue Jan 27 20:11:24 2015 +0000

Make libssl opaque. Move all structures that were previously protected by
OPENSSL_NO_SSL_INTERN into internal header files.

Reviewed-by: Richard Levitte <lev...@openssl.org>

-----------------------------------------------------------------------

Summary of changes:

CHANGES | 5 +
apps/apps.h | 2 -
makevms.com | 1 -
ssl/bio_ssl.c | 2 +-
ssl/dtls1.h | 143 --------
ssl/ssl.h | 702 --------------------------------------
ssl/ssl3.h | 204 -----------
ssl/ssl_locl.h | 1036 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++
ssl/ssl_task.c | 2 +-
ssl/ssltest.c | 2 +
util/mkdef.pl | 2 -
11 files changed, 1045 insertions(+), 1056 deletions(-)

diff --git a/CHANGES b/CHANGES
index 26ea797..4b78387 100644
--- a/CHANGES
+++ b/CHANGES
@@ -3,6 +3,11 @@
_______________

Changes between 1.0.2 and 1.1.0 [xx XXX xxxx]
+ *) All libssl internal structures have been removed from the public header
+ files, and the OPENSSL_NO_SSL_INTERN option has been removed (since it is
+ now redundant). Users should not attempt to access internal structures
+ directly. Instead they should use the provided API functions.
+ [Matt Caswell]

*) config has been changed so that by default OPENSSL_NO_DEPRECATED is used.
Access to deprecated functions can be re-enabled by running config with
diff --git a/apps/apps.h b/apps/apps.h
index 3f53bc1..2e346f9 100644
--- a/apps/apps.h
+++ b/apps/apps.h
@@ -383,6 +383,4 @@ int raw_write_stdout(const void *, int);
# define TM_STOP 1
double app_tminterval(int stop, int usertime);

-# define OPENSSL_NO_SSL_INTERN
-
#endif
diff --git a/makevms.com b/makevms.com
index cf759e4..ac1ccc9 100755
--- a/makevms.com
+++ b/makevms.com
@@ -306,7 +306,6 @@ $ CONFIG_LOGICALS := AES,-
SRP,-
SRTP,-
SSL3_METHOD,-
- SSL_INTERN,-
SSL_TRACE,-
STATIC_ENGINE,-
STDIO,-
diff --git a/ssl/bio_ssl.c b/ssl/bio_ssl.c
index a0c583e..458e071 100644
--- a/ssl/bio_ssl.c
+++ b/ssl/bio_ssl.c
@@ -63,7 +63,7 @@
#include <openssl/crypto.h>
#include <openssl/bio.h>
#include <openssl/err.h>
-#include <openssl/ssl.h>
+#include "ssl_locl.h"

static int ssl_write(BIO *h, const char *buf, int num);
static int ssl_read(BIO *h, char *buf, int size);
diff --git a/ssl/dtls1.h b/ssl/dtls1.h
index e2be78d..ff406d8 100644
--- a/ssl/dtls1.h
+++ b/ssl/dtls1.h
@@ -110,149 +110,6 @@ extern "C" {
# define DTLS1_AL_HEADER_LENGTH 2
# endif

-# ifndef OPENSSL_NO_SSL_INTERN
-
-# ifndef OPENSSL_NO_SCTP
-# define DTLS1_SCTP_AUTH_LABEL "EXPORTER_DTLS_OVER_SCTP"
-# endif
-
-/* Max MTU overhead we know about so far is 40 for IPv6 + 8 for UDP */
-# define DTLS1_MAX_MTU_OVERHEAD 48
-
-typedef struct dtls1_bitmap_st {
- unsigned long map; /* track 32 packets on 32-bit systems and 64
- * - on 64-bit systems */
- unsigned char max_seq_num[8]; /* max record number seen so far, 64-bit
- * value in big-endian encoding */
-} DTLS1_BITMAP;
-
-struct dtls1_retransmit_state {
- EVP_CIPHER_CTX *enc_write_ctx; /* cryptographic state */
- EVP_MD_CTX *write_hash; /* used for mac generation */
-# ifndef OPENSSL_NO_COMP
- COMP_CTX *compress; /* compression */
-# else
- char *compress;
-# endif
- SSL_SESSION *session;
- unsigned short epoch;
-};
-
-struct hm_header_st {
- unsigned char type;
- unsigned long msg_len;
- unsigned short seq;
- unsigned long frag_off;
- unsigned long frag_len;
- unsigned int is_ccs;
- struct dtls1_retransmit_state saved_retransmit_state;
-};
-
-struct ccs_header_st {
- unsigned char type;
- unsigned short seq;
-};
-
-struct dtls1_timeout_st {
- /* Number of read timeouts so far */
- unsigned int read_timeouts;
- /* Number of write timeouts so far */
- unsigned int write_timeouts;
- /* Number of alerts received so far */
- unsigned int num_alerts;
-};
-
-typedef struct record_pqueue_st {
- unsigned short epoch;
- pqueue q;
-} record_pqueue;
-
-typedef struct hm_fragment_st {
- struct hm_header_st msg_header;
- unsigned char *fragment;
- unsigned char *reassembly;
-} hm_fragment;
-
-typedef struct dtls1_state_st {
- unsigned int send_cookie;
- unsigned char cookie[DTLS1_COOKIE_LENGTH];
- unsigned char rcvd_cookie[DTLS1_COOKIE_LENGTH];
- unsigned int cookie_len;
- /*
- * The current data and handshake epoch. This is initially
- * undefined, and starts at zero once the initial handshake is
- * completed
- */
- unsigned short r_epoch;
- unsigned short w_epoch;
- /* records being received in the current epoch */
- DTLS1_BITMAP bitmap;
- /* renegotiation starts a new set of sequence numbers */
- DTLS1_BITMAP next_bitmap;
- /* handshake message numbers */
- unsigned short handshake_write_seq;
- unsigned short next_handshake_write_seq;
- unsigned short handshake_read_seq;
- /* save last sequence number for retransmissions */
- unsigned char last_write_sequence[8];
- /* Received handshake records (processed and unprocessed) */
- record_pqueue unprocessed_rcds;
- record_pqueue processed_rcds;
- /* Buffered handshake messages */
- pqueue buffered_messages;
- /* Buffered (sent) handshake records */
- pqueue sent_messages;
- /*
- * Buffered application records. Only for records between CCS and
- * Finished to prevent either protocol violation or unnecessary message
- * loss.
- */
- record_pqueue buffered_app_data;
- /* Is set when listening for new connections with dtls1_listen() */
- unsigned int listen;
- unsigned int link_mtu; /* max on-the-wire DTLS packet size */
- unsigned int mtu; /* max DTLS packet size */
- struct hm_header_st w_msg_hdr;
- struct hm_header_st r_msg_hdr;
- struct dtls1_timeout_st timeout;
- /*
- * Indicates when the last handshake msg or heartbeat sent will timeout
- */
- struct timeval next_timeout;
- /* Timeout duration */
- unsigned short timeout_duration;
- /*
- * storage for Alert/Handshake protocol data received but not yet
- * processed by ssl3_read_bytes:
- */
- unsigned char alert_fragment[DTLS1_AL_HEADER_LENGTH];
- unsigned int alert_fragment_len;
- unsigned char handshake_fragment[DTLS1_HM_HEADER_LENGTH];
- unsigned int handshake_fragment_len;
- unsigned int retransmitting;
- /*
- * Set when the handshake is ready to process peer's ChangeCipherSpec message.
- * Cleared after the message has been processed.
- */
- unsigned int change_cipher_spec_ok;
-# ifndef OPENSSL_NO_SCTP
- /* used when SSL_ST_XX_FLUSH is entered */
- int next_state;
- int shutdown_received;
-# endif
-} DTLS1_STATE;
-
-typedef struct dtls1_record_data_st {
- unsigned char *packet;
- unsigned int packet_length;
- SSL3_BUFFER rbuf;
- SSL3_RECORD rrec;
-# ifndef OPENSSL_NO_SCTP
- struct bio_dgram_sctp_rcvinfo recordinfo;
-# endif
-} DTLS1_RECORD_DATA;
-
-# endif

/* Timeout multipliers (timeout slice is defined in apps/timeouts.h */
# define DTLS1_TMO_READ_COUNT 2
diff --git a/ssl/ssl.h b/ssl/ssl.h
index 0a6f4da..df91c18 100644
--- a/ssl/ssl.h
+++ b/ssl/ssl.h
@@ -388,166 +388,6 @@ typedef int (*custom_ext_parse_cb) (SSL *s, unsigned int ext_type,

# endif

-# ifndef OPENSSL_NO_SSL_INTERN
-
-/* used to hold info on the particular ciphers used */
-struct ssl_cipher_st {
- int valid;
- const char *name; /* text name */
- unsigned long id; /* id, 4 bytes, first is version */
- /*
- * changed in 0.9.9: these four used to be portions of a single value
- * 'algorithms'
- */
- unsigned long algorithm_mkey; /* key exchange algorithm */
- unsigned long algorithm_auth; /* server authentication */
- unsigned long algorithm_enc; /* symmetric encryption */
- unsigned long algorithm_mac; /* symmetric authentication */
- unsigned long algorithm_ssl; /* (major) protocol version */
- unsigned long algo_strength; /* strength and export flags */
- unsigned long algorithm2; /* Extra flags */
- int strength_bits; /* Number of bits really used */
- int alg_bits; /* Number of bits for algorithm */
-};
-
-/* Used to hold functions for SSLv2 or SSLv3/TLSv1 functions */
-struct ssl_method_st {
- int version;
- int (*ssl_new) (SSL *s);
- void (*ssl_clear) (SSL *s);
- void (*ssl_free) (SSL *s);
- int (*ssl_accept) (SSL *s);
- int (*ssl_connect) (SSL *s);
- int (*ssl_read) (SSL *s, void *buf, int len);
- int (*ssl_peek) (SSL *s, void *buf, int len);
- int (*ssl_write) (SSL *s, const void *buf, int len);
- int (*ssl_shutdown) (SSL *s);
- int (*ssl_renegotiate) (SSL *s);
- int (*ssl_renegotiate_check) (SSL *s);
- long (*ssl_get_message) (SSL *s, int st1, int stn, int mt, long
- max, int *ok);
- int (*ssl_read_bytes) (SSL *s, int type, unsigned char *buf, int len,
- int peek);
- int (*ssl_write_bytes) (SSL *s, int type, const void *buf_, int len);
- int (*ssl_dispatch_alert) (SSL *s);
- long (*ssl_ctrl) (SSL *s, int cmd, long larg, void *parg);
- long (*ssl_ctx_ctrl) (SSL_CTX *ctx, int cmd, long larg, void *parg);
- const SSL_CIPHER *(*get_cipher_by_char) (const unsigned char *ptr);
- int (*put_cipher_by_char) (const SSL_CIPHER *cipher, unsigned char *ptr);
- int (*ssl_pending) (const SSL *s);
- int (*num_ciphers) (void);
- const SSL_CIPHER *(*get_cipher) (unsigned ncipher);
- const struct ssl_method_st *(*get_ssl_method) (int version);
- long (*get_timeout) (void);
- const struct ssl3_enc_method *ssl3_enc; /* Extra SSLv3/TLS stuff */
- int (*ssl_version) (void);
- long (*ssl_callback_ctrl) (SSL *s, int cb_id, void (*fp) (void));
- long (*ssl_ctx_callback_ctrl) (SSL_CTX *s, int cb_id, void (*fp) (void));
-};
-
-/*-
- * Lets make this into an ASN.1 type structure as follows
- * SSL_SESSION_ID ::= SEQUENCE {
- * version INTEGER, -- structure version number
- * SSLversion INTEGER, -- SSL version number
- * Cipher OCTET STRING, -- the 3 byte cipher ID
- * Session_ID OCTET STRING, -- the Session ID
- * Master_key OCTET STRING, -- the master key
- * KRB5_principal OCTET STRING -- optional Kerberos principal
- * Key_Arg [ 0 ] IMPLICIT OCTET STRING, -- the optional Key argument
- * Time [ 1 ] EXPLICIT INTEGER, -- optional Start Time
- * Timeout [ 2 ] EXPLICIT INTEGER, -- optional Timeout ins seconds
- * Peer [ 3 ] EXPLICIT X509, -- optional Peer Certificate
- * Session_ID_context [ 4 ] EXPLICIT OCTET STRING, -- the Session ID context
- * Verify_result [ 5 ] EXPLICIT INTEGER, -- X509_V_... code for `Peer'
- * HostName [ 6 ] EXPLICIT OCTET STRING, -- optional HostName from servername TLS extension
- * PSK_identity_hint [ 7 ] EXPLICIT OCTET STRING, -- optional PSK identity hint
- * PSK_identity [ 8 ] EXPLICIT OCTET STRING, -- optional PSK identity
- * Ticket_lifetime_hint [9] EXPLICIT INTEGER, -- server's lifetime hint for session ticket
- * Ticket [10] EXPLICIT OCTET STRING, -- session ticket (clients only)
- * Compression_meth [11] EXPLICIT OCTET STRING, -- optional compression method
- * SRP_username [ 12 ] EXPLICIT OCTET STRING -- optional SRP username
- * }
- * Look in ssl/ssl_asn1.c for more details
- * I'm using EXPLICIT tags so I can read the damn things using asn1parse :-).
- */
-struct ssl_session_st {
- int ssl_version; /* what ssl version session info is being
- * kept in here? */
- int master_key_length;
- unsigned char master_key[SSL_MAX_MASTER_KEY_LENGTH];
- /* session_id - valid? */
- unsigned int session_id_length;
- unsigned char session_id[SSL_MAX_SSL_SESSION_ID_LENGTH];
- /*
- * this is used to determine whether the session is being reused in the
- * appropriate context. It is up to the application to set this, via
- * SSL_new
- */
- unsigned int sid_ctx_length;
- unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH];
-# ifndef OPENSSL_NO_KRB5
- unsigned int krb5_client_princ_len;
- unsigned char krb5_client_princ[SSL_MAX_KRB5_PRINCIPAL_LENGTH];
-# endif /* OPENSSL_NO_KRB5 */
-# ifndef OPENSSL_NO_PSK
- char *psk_identity_hint;
- char *psk_identity;
-# endif
- /*
- * Used to indicate that session resumption is not allowed. Applications
- * can also set this bit for a new session via not_resumable_session_cb
- * to disable session caching and tickets.
- */
- int not_resumable;
- /* The cert is the certificate used to establish this connection */
- struct sess_cert_st /* SESS_CERT */ *sess_cert;
- /*
- * This is the cert for the other end. On clients, it will be the same as
- * sess_cert->peer_key->x509 (the latter is not enough as sess_cert is
- * not retained in the external representation of sessions, see
- * ssl_asn1.c).
- */
- X509 *peer;
- /*
- * when app_verify_callback accepts a session where the peer's
- * certificate is not ok, we must remember the error for session reuse:
- */
- long verify_result; /* only for servers */
- int references;
- long timeout;
- long time;
- unsigned int compress_meth; /* Need to lookup the method */
- const SSL_CIPHER *cipher;
- unsigned long cipher_id; /* when ASN.1 loaded, this needs to be used
- * to load the 'cipher' structure */
- STACK_OF(SSL_CIPHER) *ciphers; /* shared ciphers? */
- CRYPTO_EX_DATA ex_data; /* application specific data */
- /*
- * These are used to make removal of session-ids more efficient and to
- * implement a maximum cache size.
- */
- struct ssl_session_st *prev, *next;
-# ifndef OPENSSL_NO_TLSEXT
- char *tlsext_hostname;
-# ifndef OPENSSL_NO_EC
- size_t tlsext_ecpointformatlist_length;
- unsigned char *tlsext_ecpointformatlist; /* peer's list */
- size_t tlsext_ellipticcurvelist_length;
- unsigned char *tlsext_ellipticcurvelist; /* peer's list */
-# endif /* OPENSSL_NO_EC */
- /* RFC4507 info */
- unsigned char *tlsext_tick; /* Session ticket */
- size_t tlsext_ticklen; /* Session ticket length */
- long tlsext_tick_lifetime_hint; /* Session lifetime hint in seconds */
-# endif
-# ifndef OPENSSL_NO_SRP
- char *srp_username;
-# endif

-};
-
-# endif
-

/* Allow initial connection to servers that don't support RI */
# define SSL_OP_LEGACY_SERVER_CONNECT 0x00000004L
# define SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG 0x00000008L
@@ -818,27 +658,6 @@ void SSL_set_msg_callback(SSL *ssl,

# ifndef OPENSSL_NO_SRP

-# ifndef OPENSSL_NO_SSL_INTERN
-
-typedef struct srp_ctx_st {
- /* param for all the callbacks */
- void *SRP_cb_arg;
- /* set client Hello login callback */
- int (*TLS_ext_srp_username_callback) (SSL *, int *, void *);
- /* set SRP N/g param callback for verification */
- int (*SRP_verify_param_callback) (SSL *, void *);
- /* set SRP client passwd callback */
- char *(*SRP_give_srp_client_pwd_callback) (SSL *, void *);
- char *login;
- BIGNUM *N, *g, *s, *B, *A;
- BIGNUM *a, *b, *v;
- char *info;
- int strength;
- unsigned long srp_Mask;
-} SRP_CTX;
-
-# endif
-
/* see tls_srp.c */
int SSL_SRP_CTX_init(SSL *s);
int SSL_CTX_SRP_CTX_init(SSL_CTX *ctx);
@@ -878,271 +697,6 @@ typedef int (*GEN_SESSION_CB) (const SSL *ssl, unsigned char *id,

typedef struct ssl_comp_st SSL_COMP;

-# ifndef OPENSSL_NO_SSL_INTERN
-
-struct ssl_comp_st {
- int id;
- const char *name;
-# ifndef OPENSSL_NO_COMP
- COMP_METHOD *method;
-# else
- char *method;
-# endif
-};
-
-DECLARE_STACK_OF(SSL_COMP)
-DECLARE_LHASH_OF(SSL_SESSION);
-
-struct ssl_ctx_st {
- const SSL_METHOD *method;
- STACK_OF(SSL_CIPHER) *cipher_list;
- /* same as above but sorted for lookup */
- STACK_OF(SSL_CIPHER) *cipher_list_by_id;
- struct x509_store_st /* X509_STORE */ *cert_store;
- LHASH_OF(SSL_SESSION) *sessions;
- /*
- * Most session-ids that will be cached, default is
- * SSL_SESSION_CACHE_MAX_SIZE_DEFAULT. 0 is unlimited.
- */
- unsigned long session_cache_size;
- struct ssl_session_st *session_cache_head;
- struct ssl_session_st *session_cache_tail;
- /*
- * This can have one of 2 values, ored together, SSL_SESS_CACHE_CLIENT,
- * SSL_SESS_CACHE_SERVER, Default is SSL_SESSION_CACHE_SERVER, which
- * means only SSL_accept which cache SSL_SESSIONS.
- */
- int session_cache_mode;
- /*
- * If timeout is not 0, it is the default timeout value set when
- * SSL_new() is called. This has been put in to make life easier to set
- * things up
- */
- long session_timeout;
- /*
- * If this callback is not null, it will be called each time a session id
- * is added to the cache. If this function returns 1, it means that the
- * callback will do a SSL_SESSION_free() when it has finished using it.
- * Otherwise, on 0, it means the callback has finished with it. If
- * remove_session_cb is not null, it will be called when a session-id is
- * removed from the cache. After the call, OpenSSL will
- * SSL_SESSION_free() it.
- */
- int (*new_session_cb) (struct ssl_st *ssl, SSL_SESSION *sess);
- void (*remove_session_cb) (struct ssl_ctx_st *ctx, SSL_SESSION *sess);
- SSL_SESSION *(*get_session_cb) (struct ssl_st *ssl,
- unsigned char *data, int len, int *copy);
- struct {
- int sess_connect; /* SSL new conn - started */
- int sess_connect_renegotiate; /* SSL reneg - requested */
- int sess_connect_good; /* SSL new conne/reneg - finished */
- int sess_accept; /* SSL new accept - started */
- int sess_accept_renegotiate; /* SSL reneg - requested */
- int sess_accept_good; /* SSL accept/reneg - finished */
- int sess_miss; /* session lookup misses */
- int sess_timeout; /* reuse attempt on timeouted session */
- int sess_cache_full; /* session removed due to full cache */
- int sess_hit; /* session reuse actually done */
- int sess_cb_hit; /* session-id that was not in the cache was
- * passed back via the callback. This
- * indicates that the application is
- * supplying session-id's from other
- * processes - spooky :-) */
- } stats;
-
- int references;
-
- /* if defined, these override the X509_verify_cert() calls */
- int (*app_verify_callback) (X509_STORE_CTX *, void *);
- void *app_verify_arg;
- /*
- * before OpenSSL 0.9.7, 'app_verify_arg' was ignored
- * ('app_verify_callback' was called with just one argument)
- */
-
- /* Default password callback. */
- pem_password_cb *default_passwd_callback;
-
- /* Default password callback user data. */
- void *default_passwd_callback_userdata;
-
- /* get client cert callback */
- int (*client_cert_cb) (SSL *ssl, X509 **x509, EVP_PKEY **pkey);
-
- /* cookie generate callback */
- int (*app_gen_cookie_cb) (SSL *ssl, unsigned char *cookie,
- unsigned int *cookie_len);
-
- /* verify cookie callback */
- int (*app_verify_cookie_cb) (SSL *ssl, unsigned char *cookie,
- unsigned int cookie_len);
-
- CRYPTO_EX_DATA ex_data;
-
- const EVP_MD *md5; /* For SSLv3/TLSv1 'ssl3-md5' */
- const EVP_MD *sha1; /* For SSLv3/TLSv1 'ssl3->sha1' */
-
- STACK_OF(X509) *extra_certs;
- STACK_OF(SSL_COMP) *comp_methods; /* stack of SSL_COMP, SSLv3/TLSv1 */
-
- /* Default values used when no per-SSL value is defined follow */
-
- /* used if SSL's info_callback is NULL */
- void (*info_callback) (const SSL *ssl, int type, int val);
-
- /* what we put in client cert requests */
- STACK_OF(X509_NAME) *client_CA;
-
- /*
- * Default values to use in SSL structures follow (these are copied by
- * SSL_new)
- */
-
- unsigned long options;
- unsigned long mode;
- long max_cert_list;
-
- struct cert_st /* CERT */ *cert;
- int read_ahead;
-
- /* callback that allows applications to peek at protocol messages */
- void (*msg_callback) (int write_p, int version, int content_type,
- const void *buf, size_t len, SSL *ssl, void *arg);
- void *msg_callback_arg;
-
- int verify_mode;
- unsigned int sid_ctx_length;
- unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH];
- /* called 'verify_callback' in the SSL */
- int (*default_verify_callback) (int ok, X509_STORE_CTX *ctx);
-
- /* Default generate session ID callback. */
- GEN_SESSION_CB generate_session_id;
-
- X509_VERIFY_PARAM *param;
-
- int quiet_shutdown;
-
- /*
- * Maximum amount of data to send in one fragment. actual record size can
- * be more than this due to padding and MAC overheads.
- */
- unsigned int max_send_fragment;
-
-# ifndef OPENSSL_NO_ENGINE
- /*
- * Engine to pass requests for client certs to
- */
- ENGINE *client_cert_engine;
-# endif
-
-# ifndef OPENSSL_NO_TLSEXT
- /* TLS extensions servername callback */
- int (*tlsext_servername_callback) (SSL *, int *, void *);
- void *tlsext_servername_arg;
- /* RFC 4507 session ticket keys */
- unsigned char tlsext_tick_key_name[16];
- unsigned char tlsext_tick_hmac_key[16];
- unsigned char tlsext_tick_aes_key[16];
- /* Callback to support customisation of ticket key setting */
- int (*tlsext_ticket_key_cb) (SSL *ssl,
- unsigned char *name, unsigned char *iv,
- EVP_CIPHER_CTX *ectx,
- HMAC_CTX *hctx, int enc);
-
- /* certificate status request info */
- /* Callback for status request */
- int (*tlsext_status_cb) (SSL *ssl, void *arg);
- void *tlsext_status_arg;
-# endif
-
-# ifndef OPENSSL_NO_PSK
- char *psk_identity_hint;
- unsigned int (*psk_client_callback) (SSL *ssl, const char *hint,
- char *identity,
- unsigned int max_identity_len,
- unsigned char *psk,
- unsigned int max_psk_len);
- unsigned int (*psk_server_callback) (SSL *ssl, const char *identity,
- unsigned char *psk,
- unsigned int max_psk_len);
-# endif
-
-# ifndef OPENSSL_NO_SRP
- SRP_CTX srp_ctx; /* ctx for SRP authentication */
-# endif
-
-# ifndef OPENSSL_NO_TLSEXT
-
-# ifndef OPENSSL_NO_NEXTPROTONEG
- /* Next protocol negotiation information */
- /* (for experimental NPN extension). */
-
- /*
- * For a server, this contains a callback function by which the set of
- * advertised protocols can be provided.
- */
- int (*next_protos_advertised_cb) (SSL *s, const unsigned char **buf,
- unsigned int *len, void *arg);
- void *next_protos_advertised_cb_arg;
- /*
- * For a client, this contains a callback function that selects the next
- * protocol from the list provided by the server.
- */
- int (*next_proto_select_cb) (SSL *s, unsigned char **out,
- unsigned char *outlen,
- const unsigned char *in,
- unsigned int inlen, void *arg);
- void *next_proto_select_cb_arg;
-# endif
-
- /*
- * ALPN information (we are in the process of transitioning from NPN to
- * ALPN.)
- */
-
- /*-
- * For a server, this contains a callback function that allows the
- * server to select the protocol for the connection.
- * out: on successful return, this must point to the raw protocol
- * name (without the length prefix).
- * outlen: on successful return, this contains the length of |*out|.
- * in: points to the client's list of supported protocols in
- * wire-format.
- * inlen: the length of |in|.
- */
- int (*alpn_select_cb) (SSL *s,
- const unsigned char **out,
- unsigned char *outlen,
- const unsigned char *in,
- unsigned int inlen, void *arg);
- void *alpn_select_cb_arg;
-
- /*
- * For a client, this contains the list of supported protocols in wire
- * format.
- */
- unsigned char *alpn_client_proto_list;
- unsigned alpn_client_proto_list_len;
-
- /* SRTP profiles we are willing to do from RFC 5764 */
- STACK_OF(SRTP_PROTECTION_PROFILE) *srtp_profiles;
-# endif
- /*
- * Callback for disabling session caching and ticket support on a session
- * basis, depending on the chosen cipher.
- */
- int (*not_resumable_session_cb) (SSL *ssl, int is_forward_secure);
-# ifndef OPENSSL_NO_EC
- /* EC extension values inherited by SSL structure */
- size_t tlsext_ecpointformatlist_length;
- unsigned char *tlsext_ecpointformatlist;
- size_t tlsext_ellipticcurvelist_length;
- unsigned char *tlsext_ellipticcurvelist;
-# endif /* OPENSSL_NO_EC */
-};
-
-# endif

# define SSL_SESS_CACHE_OFF 0x0000
# define SSL_SESS_CACHE_CLIENT 0x0001
@@ -1376,262 +930,6 @@ int SSL_extension_supported(unsigned int ext_type);
# define SSL_MAC_FLAG_READ_MAC_STREAM 1
# define SSL_MAC_FLAG_WRITE_MAC_STREAM 2

-# ifndef OPENSSL_NO_SSL_INTERN
-
-struct ssl_st {
- /*
- * protocol version (one of SSL2_VERSION, SSL3_VERSION, TLS1_VERSION,
- * DTLS1_VERSION)
- */
- int version;
- /* SSL_ST_CONNECT or SSL_ST_ACCEPT */
- int type;
- /* SSLv3 */
- const SSL_METHOD *method;
- /*
- * There are 2 BIO's even though they are normally both the same. This
- * is so data can be read and written to different handlers
- */
- /* used by SSL_read */
- BIO *rbio;
- /* used by SSL_write */
- BIO *wbio;
- /* used during session-id reuse to concatenate messages */
- BIO *bbio;
- /*
- * This holds a variable that indicates what we were doing when a 0 or -1
- * is returned. This is needed for non-blocking IO so we know what
- * request needs re-doing when in SSL_accept or SSL_connect
- */
- int rwstate;
- /* true when we are actually in SSL_accept() or SSL_connect() */
- int in_handshake;
- int (*handshake_func) (SSL *);
- /*
- * Imagine that here's a boolean member "init" that is switched as soon
- * as SSL_set_{accept/connect}_state is called for the first time, so
- * that "state" and "handshake_func" are properly initialized. But as
- * handshake_func is == 0 until then, we use this test instead of an
- * "init" member.
- */
- /* are we the server side? - mostly used by SSL_clear */
- int server;
- /*
- * Generate a new session or reuse an old one.
- * NB: For servers, the 'new' session may actually be a previously
- * cached session or even the previous session unless
- * SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION is set
- */
- int new_session;
- /* don't send shutdown packets */
- int quiet_shutdown;
- /* we have shut things down, 0x01 sent, 0x02 for received */
- int shutdown;
- /* where we are */
- int state;
- /* where we are when reading */
- int rstate;
- BUF_MEM *init_buf; /* buffer used during init */
- void *init_msg; /* pointer to handshake message body, set by
- * ssl3_get_message() */
- int init_num; /* amount read/written */
- int init_off; /* amount read/written */
- /* used internally to point at a raw packet */
- unsigned char *packet;
- unsigned int packet_length;
- struct ssl3_state_st *s3; /* SSLv3 variables */
- struct dtls1_state_st *d1; /* DTLSv1 variables */
- int read_ahead; /* Read as many input bytes as possible (for
- * non-blocking reads) */
- /* callback that allows applications to peek at protocol messages */
- void (*msg_callback) (int write_p, int version, int content_type,
- const void *buf, size_t len, SSL *ssl, void *arg);
- void *msg_callback_arg;
- int hit; /* reusing a previous session */
- X509_VERIFY_PARAM *param;
- /* crypto */
- STACK_OF(SSL_CIPHER) *cipher_list;
- STACK_OF(SSL_CIPHER) *cipher_list_by_id;
- /*
- * These are the ones being used, the ones in SSL_SESSION are the ones to
- * be 'copied' into these ones
- */
- int mac_flags;
- EVP_CIPHER_CTX *enc_read_ctx; /* cryptographic state */
- EVP_MD_CTX *read_hash; /* used for mac generation */
-# ifndef OPENSSL_NO_COMP
- COMP_CTX *expand; /* uncompress */
-# else
- char *expand;
-# endif
- EVP_CIPHER_CTX *enc_write_ctx; /* cryptographic state */
- EVP_MD_CTX *write_hash; /* used for mac generation */
-# ifndef OPENSSL_NO_COMP
- COMP_CTX *compress; /* compression */
-# else
- char *compress;
-# endif
- /* session info */
- /* client cert? */
- /* This is used to hold the server certificate used */
- struct cert_st /* CERT */ *cert;
- /*
- * the session_id_context is used to ensure sessions are only reused in
- * the appropriate context
- */
- unsigned int sid_ctx_length;
- unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH];
- /* This can also be in the session once a session is established */
- SSL_SESSION *session;
- /* Default generate session ID callback. */
- GEN_SESSION_CB generate_session_id;
- /* Used in SSL3 */
- /*
- * 0 don't care about verify failure.
- * 1 fail if verify fails
- */
- int verify_mode;
- /* fail if callback returns 0 */
- int (*verify_callback) (int ok, X509_STORE_CTX *ctx);
- /* optional informational callback */
- void (*info_callback) (const SSL *ssl, int type, int val);
- /* error bytes to be written */
- int error;
- /* actual code */
- int error_code;
-# ifndef OPENSSL_NO_KRB5
- /* Kerberos 5 context */
- KSSL_CTX *kssl_ctx;
-# endif /* OPENSSL_NO_KRB5 */
-# ifndef OPENSSL_NO_PSK
- unsigned int (*psk_client_callback) (SSL *ssl, const char *hint,
- char *identity,
- unsigned int max_identity_len,
- unsigned char *psk,
- unsigned int max_psk_len);
- unsigned int (*psk_server_callback) (SSL *ssl, const char *identity,
- unsigned char *psk,
- unsigned int max_psk_len);
-# endif
- SSL_CTX *ctx;
- /*
- * set this flag to 1 and a sleep(1) is put into all SSL_read() and
- * SSL_write() calls, good for nbio debuging :-)
- */
- int debug;
- /* extra application data */
- long verify_result;
- CRYPTO_EX_DATA ex_data;
- /* for server side, keep the list of CA_dn we can use */
- STACK_OF(X509_NAME) *client_CA;
- int references;
- /* protocol behaviour */
- unsigned long options;
- /* API behaviour */
- unsigned long mode;
- long max_cert_list;
- int first_packet;
- /* what was passed, used for SSLv3/TLS rollback check */
- int client_version;
- unsigned int max_send_fragment;
-# ifndef OPENSSL_NO_TLSEXT
- /* TLS extension debug callback */
- void (*tlsext_debug_cb) (SSL *s, int client_server, int type,
- unsigned char *data, int len, void *arg);
- void *tlsext_debug_arg;
- char *tlsext_hostname;
- /*-
- * no further mod of servername
- * 0 : call the servername extension callback.
- * 1 : prepare 2, allow last ack just after in server callback.
- * 2 : don't call servername callback, no ack in server hello
- */
- int servername_done;
- /* certificate status request info */
- /* Status type or -1 if no status type */
- int tlsext_status_type;
- /* Expect OCSP CertificateStatus message */
- int tlsext_status_expected;
- /* OCSP status request only */
- STACK_OF(OCSP_RESPID) *tlsext_ocsp_ids;
- X509_EXTENSIONS *tlsext_ocsp_exts;
- /* OCSP response received or to be sent */
- unsigned char *tlsext_ocsp_resp;
- int tlsext_ocsp_resplen;
- /* RFC4507 session ticket expected to be received or sent */
- int tlsext_ticket_expected;
-# ifndef OPENSSL_NO_EC
- size_t tlsext_ecpointformatlist_length;
- /* our list */
- unsigned char *tlsext_ecpointformatlist;
- size_t tlsext_ellipticcurvelist_length;
- /* our list */
- unsigned char *tlsext_ellipticcurvelist;
-# endif /* OPENSSL_NO_EC */
- /* TLS Session Ticket extension override */
- TLS_SESSION_TICKET_EXT *tlsext_session_ticket;
- /* TLS Session Ticket extension callback */
- tls_session_ticket_ext_cb_fn tls_session_ticket_ext_cb;
- void *tls_session_ticket_ext_cb_arg;
- /* TLS pre-shared secret session resumption */
- tls_session_secret_cb_fn tls_session_secret_cb;
- void *tls_session_secret_cb_arg;
- SSL_CTX *initial_ctx; /* initial ctx, used to store sessions */
-# ifndef OPENSSL_NO_NEXTPROTONEG
- /*
- * Next protocol negotiation. For the client, this is the protocol that
- * we sent in NextProtocol and is set when handling ServerHello
- * extensions. For a server, this is the client's selected_protocol from
- * NextProtocol and is set when handling the NextProtocol message, before
- * the Finished message.
- */
- unsigned char *next_proto_negotiated;
- unsigned char next_proto_negotiated_len;
-# endif
-# define session_ctx initial_ctx
- /* What we'll do */
- STACK_OF(SRTP_PROTECTION_PROFILE) *srtp_profiles;
- /* What's been chosen */
- SRTP_PROTECTION_PROFILE *srtp_profile;
- /*-
- * Is use of the Heartbeat extension negotiated?
- * 0: disabled
- * 1: enabled
- * 2: enabled, but not allowed to send Requests
- */
- unsigned int tlsext_heartbeat;
- /* Indicates if a HeartbeatRequest is in flight */
- unsigned int tlsext_hb_pending;
- /* HeartbeatRequest sequence number */
- unsigned int tlsext_hb_seq;
- /*
- * For a client, this contains the list of supported protocols in wire
- * format.
- */
- unsigned char *alpn_client_proto_list;
- unsigned alpn_client_proto_list_len;
-# else
-# define session_ctx ctx
-# endif /* OPENSSL_NO_TLSEXT */
- /*-
- * 1 if we are renegotiating.
- * 2 if we are a server and are inside a handshake
- * (i.e. not just sending a HelloRequest)
- */
- int renegotiate;
-# ifndef OPENSSL_NO_SRP
- /* ctx for SRP authentication */
- SRP_CTX srp_ctx;
-# endif
- /*
- * Callback for disabling session caching and ticket support on a session
- * basis, depending on the chosen cipher.
- */
- int (*not_resumable_session_cb) (SSL *ssl, int is_forward_secure);

-};
-
-# endif
-

#ifdef __cplusplus
}
#endif
diff --git a/ssl/ssl3.h b/ssl/ssl3.h
index 23eb156..7d16d70 100644
--- a/ssl/ssl3.h
+++ b/ssl/ssl3.h
@@ -380,62 +380,6 @@ extern "C" {
# define TLS1_HB_REQUEST 1
# define TLS1_HB_RESPONSE 2

-# ifndef OPENSSL_NO_SSL_INTERN
-
-typedef struct ssl3_record_st {
- /* type of record */
- /*
- * r
- */ int type;
- /* How many bytes available */
- /*
- * rw
- */ unsigned int length;
- /*
- * How many bytes were available before padding was removed? This is used
- * to implement the MAC check in constant time for CBC records.
- */
- /*
- * rw
- */ unsigned int orig_len;
- /* read/write offset into 'buf' */
- /*
- * r
- */ unsigned int off;
- /* pointer to the record data */
- /*
- * rw
- */ unsigned char *data;
- /* where the decode bytes are */
- /*
- * rw
- */ unsigned char *input;
- /* only used with decompression - malloc()ed */
- /*
- * r
- */ unsigned char *comp;
- /* epoch number, needed by DTLS1 */
- /*
- * r
- */ unsigned long epoch;
- /* sequence number, needed by DTLS1 */
- /*
- * r
- */ unsigned char seq_num[8];
-} SSL3_RECORD;
-
-typedef struct ssl3_buffer_st {
- /* at least SSL3_RT_MAX_PACKET_SIZE bytes, see ssl3_setup_buffers() */
- unsigned char *buf;
- /* buffer size */
- size_t len;
- /* where to 'copy from' */
- int offset;
- /* how many bytes left */
- int left;
-} SSL3_BUFFER;
-
-# endif

# define SSL3_CT_RSA_SIGN 1
# define SSL3_CT_DSS_SIGN 2
@@ -465,154 +409,6 @@ typedef struct ssl3_buffer_st {
/* Set if we encrypt then mac instead of usual mac then encrypt */
# define TLS1_FLAGS_ENCRYPT_THEN_MAC 0x0100

-# ifndef OPENSSL_NO_SSL_INTERN
-
-typedef struct ssl3_state_st {
- long flags;
- int delay_buf_pop_ret;
- unsigned char read_sequence[8];
- int read_mac_secret_size;
- unsigned char read_mac_secret[EVP_MAX_MD_SIZE];
- unsigned char write_sequence[8];
- int write_mac_secret_size;
- unsigned char write_mac_secret[EVP_MAX_MD_SIZE];
- unsigned char server_random[SSL3_RANDOM_SIZE];
- unsigned char client_random[SSL3_RANDOM_SIZE];
- /* flags for countermeasure against known-IV weakness */
- int need_empty_fragments;
- int empty_fragment_done;
- /* The value of 'extra' when the buffers were initialized */
- int init_extra;
- SSL3_BUFFER rbuf; /* read IO goes into here */
- SSL3_BUFFER wbuf; /* write IO goes into here */
- SSL3_RECORD rrec; /* each decoded record goes in here */
- SSL3_RECORD wrec; /* goes out from here */
- /*
- * storage for Alert/Handshake protocol data received but not yet
- * processed by ssl3_read_bytes:
- */
- unsigned char alert_fragment[2];
- unsigned int alert_fragment_len;
- unsigned char handshake_fragment[4];
- unsigned int handshake_fragment_len;
- /* partial write - check the numbers match */
- unsigned int wnum; /* number of bytes sent so far */
- int wpend_tot; /* number bytes written */
- int wpend_type;
- int wpend_ret; /* number of bytes submitted */
- const unsigned char *wpend_buf;
- /* used during startup, digest all incoming/outgoing packets */
- BIO *handshake_buffer;
- /*
- * When set of handshake digests is determined, buffer is hashed and
- * freed and MD_CTX-es for all required digests are stored in this array
- */
- EVP_MD_CTX **handshake_dgst;
- /*
- * Set whenever an expected ChangeCipherSpec message is processed.
- * Unset when the peer's Finished message is received.
- * Unexpected ChangeCipherSpec messages trigger a fatal alert.
- */
- int change_cipher_spec;
- int warn_alert;
- int fatal_alert;
- /*
- * we allow one fatal and one warning alert to be outstanding, send close
- * alert via the warning alert
- */
- int alert_dispatch;
- unsigned char send_alert[2];
- /*
- * This flag is set when we should renegotiate ASAP, basically when there
- * is no more data in the read or write buffers
- */
- int renegotiate;
- int total_renegotiations;
- int num_renegotiations;
- int in_read_app_data;
- struct {
- /* actually only needs to be 16+20 */
- unsigned char cert_verify_md[EVP_MAX_MD_SIZE * 2];
- /* actually only need to be 16+20 for SSLv3 and 12 for TLS */
- unsigned char finish_md[EVP_MAX_MD_SIZE * 2];
- int finish_md_len;
- unsigned char peer_finish_md[EVP_MAX_MD_SIZE * 2];
- int peer_finish_md_len;
- unsigned long message_size;
- int message_type;
- /* used to hold the new cipher we are going to use */
- const SSL_CIPHER *new_cipher;
-# ifndef OPENSSL_NO_DH
- DH *dh;
-# endif
-# ifndef OPENSSL_NO_ECDH
- EC_KEY *ecdh; /* holds short lived ECDH key */
-# endif
- /* used when SSL_ST_FLUSH_DATA is entered */
- int next_state;
- int reuse_message;
- /* used for certificate requests */
- int cert_req;
- int ctype_num;
- char ctype[SSL3_CT_NUMBER];
- STACK_OF(X509_NAME) *ca_names;
- int use_rsa_tmp;
- int key_block_length;
- unsigned char *key_block;
- const EVP_CIPHER *new_sym_enc;
- const EVP_MD *new_hash;
- int new_mac_pkey_type;
- int new_mac_secret_size;
-# ifndef OPENSSL_NO_COMP
- const SSL_COMP *new_compression;
-# else
- char *new_compression;
-# endif
- int cert_request;
- } tmp;
-
- /* Connection binding to prevent renegotiation attacks */
- unsigned char previous_client_finished[EVP_MAX_MD_SIZE];
- unsigned char previous_client_finished_len;
- unsigned char previous_server_finished[EVP_MAX_MD_SIZE];
- unsigned char previous_server_finished_len;
- int send_connection_binding; /* TODOEKR */
-
-# ifndef OPENSSL_NO_NEXTPROTONEG
- /*
- * Set if we saw the Next Protocol Negotiation extension from our peer.
- */
- int next_proto_neg_seen;
-# endif
-
-# ifndef OPENSSL_NO_TLSEXT
-
- /*
- * ALPN information (we are in the process of transitioning from NPN to
- * ALPN.)
- */
-
- /*
- * In a server these point to the selected ALPN protocol after the
- * ClientHello has been processed. In a client these contain the protocol
- * that the server selected once the ServerHello has been processed.
- */
- unsigned char *alpn_selected;
- unsigned alpn_selected_len;
-
-# ifndef OPENSSL_NO_EC
- /*
- * This is set to true if we believe that this is a version of Safari
- * running on OS X 10.6 or newer. We wish to know this because Safari on
- * 10.8 .. 10.8.3 has broken ECDHE-ECDSA support.
- */
- char is_probably_safari;
-# endif /* !OPENSSL_NO_EC */
-
-# endif /* !OPENSSL_NO_TLSEXT */
-} SSL3_STATE;
-
-# endif

/* SSLv3 */
/*
diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h
index f3ce460..56d6108 100644
--- a/ssl/ssl_locl.h
+++ b/ssl/ssl_locl.h
@@ -520,6 +520,1042 @@
#define CERT_PRIVATE_KEY 2
*/

+/* used to hold info on the particular ciphers used */
+struct ssl_cipher_st {
+ int valid;
+ const char *name; /* text name */
+ unsigned long id; /* id, 4 bytes, first is version */
+ /*
+ * changed in 0.9.9: these four used to be portions of a single value
+ * 'algorithms'
+ */
+ unsigned long algorithm_mkey; /* key exchange algorithm */
+ unsigned long algorithm_auth; /* server authentication */
+ unsigned long algorithm_enc; /* symmetric encryption */
+ unsigned long algorithm_mac; /* symmetric authentication */
+ unsigned long algorithm_ssl; /* (major) protocol version */
+ unsigned long algo_strength; /* strength and export flags */
+ unsigned long algorithm2; /* Extra flags */
+ int strength_bits; /* Number of bits really used */
+ int alg_bits; /* Number of bits for algorithm */
+};
+
+/* Used to hold functions for SSLv2 or SSLv3/TLSv1 functions */
+struct ssl_method_st {
+ int version;
+ int (*ssl_new) (SSL *s);
+ void (*ssl_clear) (SSL *s);
+ void (*ssl_free) (SSL *s);
+ int (*ssl_accept) (SSL *s);
+ int (*ssl_connect) (SSL *s);
+ int (*ssl_read) (SSL *s, void *buf, int len);
+ int (*ssl_peek) (SSL *s, void *buf, int len);
+ int (*ssl_write) (SSL *s, const void *buf, int len);
+ int (*ssl_shutdown) (SSL *s);
+ int (*ssl_renegotiate) (SSL *s);
+ int (*ssl_renegotiate_check) (SSL *s);
+ long (*ssl_get_message) (SSL *s, int st1, int stn, int mt, long
+ max, int *ok);
+ int (*ssl_read_bytes) (SSL *s, int type, unsigned char *buf, int len,
+ int peek);
+ int (*ssl_write_bytes) (SSL *s, int type, const void *buf_, int len);
+ int (*ssl_dispatch_alert) (SSL *s);
+ long (*ssl_ctrl) (SSL *s, int cmd, long larg, void *parg);
+ long (*ssl_ctx_ctrl) (SSL_CTX *ctx, int cmd, long larg, void *parg);
+ const SSL_CIPHER *(*get_cipher_by_char) (const unsigned char *ptr);
+ int (*put_cipher_by_char) (const SSL_CIPHER *cipher, unsigned char *ptr);
+ int (*ssl_pending) (const SSL *s);
+ int (*num_ciphers) (void);
+ const SSL_CIPHER *(*get_cipher) (unsigned ncipher);
+ const struct ssl_method_st *(*get_ssl_method) (int version);
+ long (*get_timeout) (void);
+ const struct ssl3_enc_method *ssl3_enc; /* Extra SSLv3/TLS stuff */
+ int (*ssl_version) (void);
+ long (*ssl_callback_ctrl) (SSL *s, int cb_id, void (*fp) (void));
+ long (*ssl_ctx_callback_ctrl) (SSL_CTX *s, int cb_id, void (*fp) (void));
+};
+
+/*-
+ * Lets make this into an ASN.1 type structure as follows
+ * SSL_SESSION_ID ::= SEQUENCE {
+ * version INTEGER, -- structure version number
+ * SSLversion INTEGER, -- SSL version number
+ * Cipher OCTET STRING, -- the 3 byte cipher ID
+ * Session_ID OCTET STRING, -- the Session ID
+ * Master_key OCTET STRING, -- the master key
+ * KRB5_principal OCTET STRING -- optional Kerberos principal
+ * Key_Arg [ 0 ] IMPLICIT OCTET STRING, -- the optional Key argument
+ * Time [ 1 ] EXPLICIT INTEGER, -- optional Start Time
+ * Timeout [ 2 ] EXPLICIT INTEGER, -- optional Timeout ins seconds
+ * Peer [ 3 ] EXPLICIT X509, -- optional Peer Certificate
+ * Session_ID_context [ 4 ] EXPLICIT OCTET STRING, -- the Session ID context
+ * Verify_result [ 5 ] EXPLICIT INTEGER, -- X509_V_... code for `Peer'
+ * HostName [ 6 ] EXPLICIT OCTET STRING, -- optional HostName from servername TLS extension
+ * PSK_identity_hint [ 7 ] EXPLICIT OCTET STRING, -- optional PSK identity hint
+ * PSK_identity [ 8 ] EXPLICIT OCTET STRING, -- optional PSK identity
+ * Ticket_lifetime_hint [9] EXPLICIT INTEGER, -- server's lifetime hint for session ticket
+ * Ticket [10] EXPLICIT OCTET STRING, -- session ticket (clients only)
+ * Compression_meth [11] EXPLICIT OCTET STRING, -- optional compression method
+ * SRP_username [ 12 ] EXPLICIT OCTET STRING -- optional SRP username
+ * }
+ * Look in ssl/ssl_asn1.c for more details
+ * I'm using EXPLICIT tags so I can read the damn things using asn1parse :-).
+ */
+struct ssl_session_st {
+ int ssl_version; /* what ssl version session info is being
+ * kept in here? */
+ int master_key_length;
+ unsigned char master_key[SSL_MAX_MASTER_KEY_LENGTH];
+ /* session_id - valid? */
+ unsigned int session_id_length;
+ unsigned char session_id[SSL_MAX_SSL_SESSION_ID_LENGTH];
+ /*
+ * this is used to determine whether the session is being reused in the
+ * appropriate context. It is up to the application to set this, via
+ * SSL_new
+ */
+ unsigned int sid_ctx_length;
+ unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH];
+# ifndef OPENSSL_NO_KRB5
+ unsigned int krb5_client_princ_len;
+ unsigned char krb5_client_princ[SSL_MAX_KRB5_PRINCIPAL_LENGTH];
+# endif /* OPENSSL_NO_KRB5 */
+# ifndef OPENSSL_NO_PSK
+ char *psk_identity_hint;
+ char *psk_identity;
+# endif
+ /*
+ * Used to indicate that session resumption is not allowed. Applications
+ * can also set this bit for a new session via not_resumable_session_cb
+ * to disable session caching and tickets.
+ */
+ int not_resumable;
+ /* The cert is the certificate used to establish this connection */
+ struct sess_cert_st /* SESS_CERT */ *sess_cert;
+ /*
+ * This is the cert for the other end. On clients, it will be the same as
+ * sess_cert->peer_key->x509 (the latter is not enough as sess_cert is
+ * not retained in the external representation of sessions, see
+ * ssl_asn1.c).
+ */
+ X509 *peer;
+ /*
+ * when app_verify_callback accepts a session where the peer's
+ * certificate is not ok, we must remember the error for session reuse:
+ */
+ long verify_result; /* only for servers */
+ int references;
+ long timeout;
+ long time;
+ unsigned int compress_meth; /* Need to lookup the method */
+ const SSL_CIPHER *cipher;
+ unsigned long cipher_id; /* when ASN.1 loaded, this needs to be used
+ * to load the 'cipher' structure */
+ STACK_OF(SSL_CIPHER) *ciphers; /* shared ciphers? */
+ CRYPTO_EX_DATA ex_data; /* application specific data */
+ /*
+ * These are used to make removal of session-ids more efficient and to
+ * implement a maximum cache size.
+ */
+ struct ssl_session_st *prev, *next;
+# ifndef OPENSSL_NO_TLSEXT
+ char *tlsext_hostname;
+# ifndef OPENSSL_NO_EC
+ size_t tlsext_ecpointformatlist_length;
+ unsigned char *tlsext_ecpointformatlist; /* peer's list */
+ size_t tlsext_ellipticcurvelist_length;
+ unsigned char *tlsext_ellipticcurvelist; /* peer's list */
+# endif /* OPENSSL_NO_EC */
+ /* RFC4507 info */
+ unsigned char *tlsext_tick; /* Session ticket */
+ size_t tlsext_ticklen; /* Session ticket length */
+ long tlsext_tick_lifetime_hint; /* Session lifetime hint in seconds */
+# endif
+# ifndef OPENSSL_NO_SRP
+ char *srp_username;
+# endif
+};
+
+
+# ifndef OPENSSL_NO_SRP
+
+typedef struct srp_ctx_st {
+ /* param for all the callbacks */
+ void *SRP_cb_arg;
+ /* set client Hello login callback */
+ int (*TLS_ext_srp_username_callback) (SSL *, int *, void *);
+ /* set SRP N/g param callback for verification */
+ int (*SRP_verify_param_callback) (SSL *, void *);
+ /* set SRP client passwd callback */
+ char *(*SRP_give_srp_client_pwd_callback) (SSL *, void *);
+ char *login;
+ BIGNUM *N, *g, *s, *B, *A;
+ BIGNUM *a, *b, *v;
+ char *info;
+ int strength;
+ unsigned long srp_Mask;
+} SRP_CTX;
+
+# endif
+
+
+struct ssl_comp_st {
+ int id;
+ const char *name;
+# ifndef OPENSSL_NO_COMP
+ COMP_METHOD *method;
+# else
+ char *method;
+# endif
+};
+
+DECLARE_STACK_OF(SSL_COMP)
+DECLARE_LHASH_OF(SSL_SESSION);
+
+struct ssl_ctx_st {
+ const SSL_METHOD *method;
+ STACK_OF(SSL_CIPHER) *cipher_list;
+ /* same as above but sorted for lookup */
+ STACK_OF(SSL_CIPHER) *cipher_list_by_id;
+ struct x509_store_st /* X509_STORE */ *cert_store;
+ LHASH_OF(SSL_SESSION) *sessions;
+ /*
+ * Most session-ids that will be cached, default is
+ * SSL_SESSION_CACHE_MAX_SIZE_DEFAULT. 0 is unlimited.
+ */
+ unsigned long session_cache_size;
+ struct ssl_session_st *session_cache_head;
+ struct ssl_session_st *session_cache_tail;
+ /*
+ * This can have one of 2 values, ored together, SSL_SESS_CACHE_CLIENT,
+ * SSL_SESS_CACHE_SERVER, Default is SSL_SESSION_CACHE_SERVER, which
+ * means only SSL_accept which cache SSL_SESSIONS.
+ */
+ int session_cache_mode;
+ /*
+ * If timeout is not 0, it is the default timeout value set when
+ * SSL_new() is called. This has been put in to make life easier to set
+ * things up
+ */
+ long session_timeout;
+ /*
+ * If this callback is not null, it will be called each time a session id
+ * is added to the cache. If this function returns 1, it means that the
+ * callback will do a SSL_SESSION_free() when it has finished using it.
+ * Otherwise, on 0, it means the callback has finished with it. If
+ * remove_session_cb is not null, it will be called when a session-id is
+ * removed from the cache. After the call, OpenSSL will
+ * SSL_SESSION_free() it.
+ */
+ int (*new_session_cb) (struct ssl_st *ssl, SSL_SESSION *sess);
+ void (*remove_session_cb) (struct ssl_ctx_st *ctx, SSL_SESSION *sess);
+ SSL_SESSION *(*get_session_cb) (struct ssl_st *ssl,
+ unsigned char *data, int len, int *copy);
+ struct {
+ int sess_connect; /* SSL new conn - started */
+ int sess_connect_renegotiate; /* SSL reneg - requested */
+ int sess_connect_good; /* SSL new conne/reneg - finished */
+ int sess_accept; /* SSL new accept - started */
+ int sess_accept_renegotiate; /* SSL reneg - requested */
+ int sess_accept_good; /* SSL accept/reneg - finished */
+ int sess_miss; /* session lookup misses */
+ int sess_timeout; /* reuse attempt on timeouted session */
+ int sess_cache_full; /* session removed due to full cache */
+ int sess_hit; /* session reuse actually done */
+ int sess_cb_hit; /* session-id that was not in the cache was
+ * passed back via the callback. This
+ * indicates that the application is
+ * supplying session-id's from other
+ * processes - spooky :-) */
+ } stats;
+
+ int references;
+
+ /* if defined, these override the X509_verify_cert() calls */
+ int (*app_verify_callback) (X509_STORE_CTX *, void *);
+ void *app_verify_arg;
+ /*
+ * before OpenSSL 0.9.7, 'app_verify_arg' was ignored
+ * ('app_verify_callback' was called with just one argument)
+ */
+
+ /* Default password callback. */
+ pem_password_cb *default_passwd_callback;
+
+ /* Default password callback user data. */
+ void *default_passwd_callback_userdata;
+
+ /* get client cert callback */
+ int (*client_cert_cb) (SSL *ssl, X509 **x509, EVP_PKEY **pkey);
+
+ /* cookie generate callback */
+ int (*app_gen_cookie_cb) (SSL *ssl, unsigned char *cookie,
+ unsigned int *cookie_len);
+
+ /* verify cookie callback */
+ int (*app_verify_cookie_cb) (SSL *ssl, unsigned char *cookie,
+ unsigned int cookie_len);
+
+ CRYPTO_EX_DATA ex_data;
+
+ const EVP_MD *md5; /* For SSLv3/TLSv1 'ssl3-md5' */
+ const EVP_MD *sha1; /* For SSLv3/TLSv1 'ssl3->sha1' */
+
+ STACK_OF(X509) *extra_certs;
+ STACK_OF(SSL_COMP) *comp_methods; /* stack of SSL_COMP, SSLv3/TLSv1 */
+
+ /* Default values used when no per-SSL value is defined follow */
+
+ /* used if SSL's info_callback is NULL */
+ void (*info_callback) (const SSL *ssl, int type, int val);
+
+ /* what we put in client cert requests */
+ STACK_OF(X509_NAME) *client_CA;
+
+ /*
+ * Default values to use in SSL structures follow (these are copied by
+ * SSL_new)
+ */
+
+ unsigned long options;
+ unsigned long mode;
+ long max_cert_list;
+
+ struct cert_st /* CERT */ *cert;
+ int read_ahead;
+
+ /* callback that allows applications to peek at protocol messages */
+ void (*msg_callback) (int write_p, int version, int content_type,
+ const void *buf, size_t len, SSL *ssl, void *arg);
+ void *msg_callback_arg;
+
+ int verify_mode;
+ unsigned int sid_ctx_length;
+ unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH];
+ /* called 'verify_callback' in the SSL */
+ int (*default_verify_callback) (int ok, X509_STORE_CTX *ctx);
+
+ /* Default generate session ID callback. */
+ GEN_SESSION_CB generate_session_id;
+
+ X509_VERIFY_PARAM *param;
+
+ int quiet_shutdown;
+
+ /*
+ * Maximum amount of data to send in one fragment. actual record size can
+ * be more than this due to padding and MAC overheads.
+ */
+ unsigned int max_send_fragment;
+
+# ifndef OPENSSL_NO_ENGINE
+ /*
+ * Engine to pass requests for client certs to
+ */
+ ENGINE *client_cert_engine;
+# endif
+
+# ifndef OPENSSL_NO_TLSEXT
+ /* TLS extensions servername callback */
+ int (*tlsext_servername_callback) (SSL *, int *, void *);
+ void *tlsext_servername_arg;
+ /* RFC 4507 session ticket keys */
+ unsigned char tlsext_tick_key_name[16];
+ unsigned char tlsext_tick_hmac_key[16];
+ unsigned char tlsext_tick_aes_key[16];
+ /* Callback to support customisation of ticket key setting */
+ int (*tlsext_ticket_key_cb) (SSL *ssl,
+ unsigned char *name, unsigned char *iv,
+ EVP_CIPHER_CTX *ectx,
+ HMAC_CTX *hctx, int enc);
+
+ /* certificate status request info */
+ /* Callback for status request */
+ int (*tlsext_status_cb) (SSL *ssl, void *arg);
+ void *tlsext_status_arg;
+# endif
+
+# ifndef OPENSSL_NO_PSK
+ char *psk_identity_hint;
+ unsigned int (*psk_client_callback) (SSL *ssl, const char *hint,
+ char *identity,
+ unsigned int max_identity_len,
+ unsigned char *psk,
+ unsigned int max_psk_len);
+ unsigned int (*psk_server_callback) (SSL *ssl, const char *identity,
+ unsigned char *psk,
+ unsigned int max_psk_len);
+# endif
+
+# ifndef OPENSSL_NO_SRP
+ SRP_CTX srp_ctx; /* ctx for SRP authentication */
+# endif
+
+# ifndef OPENSSL_NO_TLSEXT
+
+# ifndef OPENSSL_NO_NEXTPROTONEG
+ /* Next protocol negotiation information */
+ /* (for experimental NPN extension). */
+
+ /*
+ * For a server, this contains a callback function by which the set of
+ * advertised protocols can be provided.
+ */
+ int (*next_protos_advertised_cb) (SSL *s, const unsigned char **buf,
+ unsigned int *len, void *arg);
+ void *next_protos_advertised_cb_arg;
+ /*
+ * For a client, this contains a callback function that selects the next
+ * protocol from the list provided by the server.
+ */
+ int (*next_proto_select_cb) (SSL *s, unsigned char **out,
+ unsigned char *outlen,
+ const unsigned char *in,
+ unsigned int inlen, void *arg);
+ void *next_proto_select_cb_arg;
+# endif
+
+ /*
+ * ALPN information (we are in the process of transitioning from NPN to
+ * ALPN.)
+ */
+
+ /*-
+ * For a server, this contains a callback function that allows the
+ * server to select the protocol for the connection.
+ * out: on successful return, this must point to the raw protocol
+ * name (without the length prefix).
+ * outlen: on successful return, this contains the length of |*out|.
+ * in: points to the client's list of supported protocols in
+ * wire-format.
+ * inlen: the length of |in|.
+ */
+ int (*alpn_select_cb) (SSL *s,
+ const unsigned char **out,
+ unsigned char *outlen,
+ const unsigned char *in,
+ unsigned int inlen, void *arg);
+ void *alpn_select_cb_arg;
+
+ /*
+ * For a client, this contains the list of supported protocols in wire
+ * format.
+ */
+ unsigned char *alpn_client_proto_list;
+ unsigned alpn_client_proto_list_len;
+
+ /* SRTP profiles we are willing to do from RFC 5764 */
+ STACK_OF(SRTP_PROTECTION_PROFILE) *srtp_profiles;
+# endif
+ /*
+ * Callback for disabling session caching and ticket support on a session
+ * basis, depending on the chosen cipher.
+ */
+ int (*not_resumable_session_cb) (SSL *ssl, int is_forward_secure);
+# ifndef OPENSSL_NO_EC
+ /* EC extension values inherited by SSL structure */
+ size_t tlsext_ecpointformatlist_length;
+ unsigned char *tlsext_ecpointformatlist;
+ size_t tlsext_ellipticcurvelist_length;
+ unsigned char *tlsext_ellipticcurvelist;
+# endif /* OPENSSL_NO_EC */
+};
+
+
+struct ssl_st {
+ /*
+ * protocol version (one of SSL2_VERSION, SSL3_VERSION, TLS1_VERSION,
+ * DTLS1_VERSION)
+ */
+ int version;
+ /* SSL_ST_CONNECT or SSL_ST_ACCEPT */
+ int type;
+ /* SSLv3 */
+ const SSL_METHOD *method;
+ /*
+ * There are 2 BIO's even though they are normally both the same. This
+ * is so data can be read and written to different handlers
+ */
+ /* used by SSL_read */
+ BIO *rbio;
+ /* used by SSL_write */
+ BIO *wbio;
+ /* used during session-id reuse to concatenate messages */
+ BIO *bbio;
+ /*
+ * This holds a variable that indicates what we were doing when a 0 or -1
+ * is returned. This is needed for non-blocking IO so we know what
+ * request needs re-doing when in SSL_accept or SSL_connect
+ */
+ int rwstate;
+ /* true when we are actually in SSL_accept() or SSL_connect() */
+ int in_handshake;
+ int (*handshake_func) (SSL *);
+ /*
+ * Imagine that here's a boolean member "init" that is switched as soon
+ * as SSL_set_{accept/connect}_state is called for the first time, so
+ * that "state" and "handshake_func" are properly initialized. But as
+ * handshake_func is == 0 until then, we use this test instead of an
+ * "init" member.
+ */
+ /* are we the server side? - mostly used by SSL_clear */
+ int server;
+ /*
+ * Generate a new session or reuse an old one.
+ * NB: For servers, the 'new' session may actually be a previously
+ * cached session or even the previous session unless
+ * SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION is set
+ */
+ int new_session;
+ /* don't send shutdown packets */
+ int quiet_shutdown;
+ /* we have shut things down, 0x01 sent, 0x02 for received */
+ int shutdown;
+ /* where we are */
+ int state;
+ /* where we are when reading */
+ int rstate;
+ BUF_MEM *init_buf; /* buffer used during init */
+ void *init_msg; /* pointer to handshake message body, set by
+ * ssl3_get_message() */
+ int init_num; /* amount read/written */
+ int init_off; /* amount read/written */
+ /* used internally to point at a raw packet */
+ unsigned char *packet;
+ unsigned int packet_length;
+ struct ssl3_state_st *s3; /* SSLv3 variables */
+ struct dtls1_state_st *d1; /* DTLSv1 variables */
+ int read_ahead; /* Read as many input bytes as possible (for
+ * non-blocking reads) */
+ /* callback that allows applications to peek at protocol messages */
+ void (*msg_callback) (int write_p, int version, int content_type,
+ const void *buf, size_t len, SSL *ssl, void *arg);
+ void *msg_callback_arg;
+ int hit; /* reusing a previous session */
+ X509_VERIFY_PARAM *param;
+ /* crypto */
+ STACK_OF(SSL_CIPHER) *cipher_list;
+ STACK_OF(SSL_CIPHER) *cipher_list_by_id;
+ /*
+ * These are the ones being used, the ones in SSL_SESSION are the ones to
+ * be 'copied' into these ones
+ */
+ int mac_flags;
+ EVP_CIPHER_CTX *enc_read_ctx; /* cryptographic state */
+ EVP_MD_CTX *read_hash; /* used for mac generation */
+# ifndef OPENSSL_NO_COMP
+ COMP_CTX *expand; /* uncompress */
+# else
+ char *expand;
+# endif
+ EVP_CIPHER_CTX *enc_write_ctx; /* cryptographic state */
+ EVP_MD_CTX *write_hash; /* used for mac generation */
+# ifndef OPENSSL_NO_COMP
+ COMP_CTX *compress; /* compression */
+# else
+ char *compress;
+# endif
+ /* session info */
+ /* client cert? */
+ /* This is used to hold the server certificate used */
+ struct cert_st /* CERT */ *cert;
+ /*
+ * the session_id_context is used to ensure sessions are only reused in
+ * the appropriate context
+ */
+ unsigned int sid_ctx_length;
+ unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH];
+ /* This can also be in the session once a session is established */
+ SSL_SESSION *session;
+ /* Default generate session ID callback. */
+ GEN_SESSION_CB generate_session_id;
+ /* Used in SSL3 */
+ /*
+ * 0 don't care about verify failure.
+ * 1 fail if verify fails
+ */
+ int verify_mode;
+ /* fail if callback returns 0 */
+ int (*verify_callback) (int ok, X509_STORE_CTX *ctx);
+ /* optional informational callback */
+ void (*info_callback) (const SSL *ssl, int type, int val);
+ /* error bytes to be written */
+ int error;
+ /* actual code */
+ int error_code;
+# ifndef OPENSSL_NO_KRB5
+ /* Kerberos 5 context */
+ KSSL_CTX *kssl_ctx;
+# endif /* OPENSSL_NO_KRB5 */
+# ifndef OPENSSL_NO_PSK
+ unsigned int (*psk_client_callback) (SSL *ssl, const char *hint,
+ char *identity,
+ unsigned int max_identity_len,
+ unsigned char *psk,
+ unsigned int max_psk_len);
+ unsigned int (*psk_server_callback) (SSL *ssl, const char *identity,
+ unsigned char *psk,
+ unsigned int max_psk_len);
+# endif
+ SSL_CTX *ctx;
+ /*
+ * set this flag to 1 and a sleep(1) is put into all SSL_read() and
+ * SSL_write() calls, good for nbio debuging :-)
+ */
+ int debug;
+ /* extra application data */
+ long verify_result;
+ CRYPTO_EX_DATA ex_data;
+ /* for server side, keep the list of CA_dn we can use */
+ STACK_OF(X509_NAME) *client_CA;
+ int references;
+ /* protocol behaviour */
+ unsigned long options;
+ /* API behaviour */
+ unsigned long mode;
+ long max_cert_list;
+ int first_packet;
+ /* what was passed, used for SSLv3/TLS rollback check */
+ int client_version;
+ unsigned int max_send_fragment;
+# ifndef OPENSSL_NO_TLSEXT
+ /* TLS extension debug callback */
+ void (*tlsext_debug_cb) (SSL *s, int client_server, int type,
+ unsigned char *data, int len, void *arg);
+ void *tlsext_debug_arg;
+ char *tlsext_hostname;
+ /*-
+ * no further mod of servername
+ * 0 : call the servername extension callback.
+ * 1 : prepare 2, allow last ack just after in server callback.
+ * 2 : don't call servername callback, no ack in server hello
+ */
+ int servername_done;
+ /* certificate status request info */
+ /* Status type or -1 if no status type */
+ int tlsext_status_type;
+ /* Expect OCSP CertificateStatus message */
+ int tlsext_status_expected;
+ /* OCSP status request only */
+ STACK_OF(OCSP_RESPID) *tlsext_ocsp_ids;
+ X509_EXTENSIONS *tlsext_ocsp_exts;
+ /* OCSP response received or to be sent */
+ unsigned char *tlsext_ocsp_resp;
+ int tlsext_ocsp_resplen;
+ /* RFC4507 session ticket expected to be received or sent */
+ int tlsext_ticket_expected;
+# ifndef OPENSSL_NO_EC
+ size_t tlsext_ecpointformatlist_length;
+ /* our list */
+ unsigned char *tlsext_ecpointformatlist;
+ size_t tlsext_ellipticcurvelist_length;
+ /* our list */
+ unsigned char *tlsext_ellipticcurvelist;
+# endif /* OPENSSL_NO_EC */
+ /* TLS Session Ticket extension override */
+ TLS_SESSION_TICKET_EXT *tlsext_session_ticket;
+ /* TLS Session Ticket extension callback */
+ tls_session_ticket_ext_cb_fn tls_session_ticket_ext_cb;
+ void *tls_session_ticket_ext_cb_arg;
+ /* TLS pre-shared secret session resumption */
+ tls_session_secret_cb_fn tls_session_secret_cb;
+ void *tls_session_secret_cb_arg;
+ SSL_CTX *initial_ctx; /* initial ctx, used to store sessions */
+# ifndef OPENSSL_NO_NEXTPROTONEG
+ /*
+ * Next protocol negotiation. For the client, this is the protocol that
+ * we sent in NextProtocol and is set when handling ServerHello
+ * extensions. For a server, this is the client's selected_protocol from
+ * NextProtocol and is set when handling the NextProtocol message, before
+ * the Finished message.
+ */
+ unsigned char *next_proto_negotiated;
+ unsigned char next_proto_negotiated_len;
+# endif
+# define session_ctx initial_ctx
+ /* What we'll do */
+ STACK_OF(SRTP_PROTECTION_PROFILE) *srtp_profiles;
+ /* What's been chosen */
+ SRTP_PROTECTION_PROFILE *srtp_profile;
+ /*-
+ * Is use of the Heartbeat extension negotiated?
+ * 0: disabled
+ * 1: enabled
+ * 2: enabled, but not allowed to send Requests
+ */
+ unsigned int tlsext_heartbeat;
+ /* Indicates if a HeartbeatRequest is in flight */
+ unsigned int tlsext_hb_pending;
+ /* HeartbeatRequest sequence number */
+ unsigned int tlsext_hb_seq;
+ /*
+ * For a client, this contains the list of supported protocols in wire
+ * format.
+ */
+ unsigned char *alpn_client_proto_list;
+ unsigned alpn_client_proto_list_len;
+# else
+# define session_ctx ctx
+# endif /* OPENSSL_NO_TLSEXT */
+ /*-
+ * 1 if we are renegotiating.
+ * 2 if we are a server and are inside a handshake
+ * (i.e. not just sending a HelloRequest)
+ */
+ int renegotiate;
+# ifndef OPENSSL_NO_SRP
+ /* ctx for SRP authentication */
+ SRP_CTX srp_ctx;
+# endif
+ /*
+ * Callback for disabling session caching and ticket support on a session
+ * basis, depending on the chosen cipher.
+ */
+ int (*not_resumable_session_cb) (SSL *ssl, int is_forward_secure);
+};
+
+typedef struct ssl3_record_st {
+ /* type of record */
+ /*
+ * r
+ */ int type;
+ /* How many bytes available */
+ /*
+ * rw
+ */ unsigned int length;
+ /*
+ * How many bytes were available before padding was removed? This is used
+ * to implement the MAC check in constant time for CBC records.
+ */
+ /*
+ * rw
+ */ unsigned int orig_len;
+ /* read/write offset into 'buf' */
+ /*
+ * r
+ */ unsigned int off;
+ /* pointer to the record data */
+ /*
+ * rw
+ */ unsigned char *data;
+ /* where the decode bytes are */
+ /*
+ * rw
+ */ unsigned char *input;
+ /* only used with decompression - malloc()ed */
+ /*
+ * r
+ */ unsigned char *comp;
+ /* epoch number, needed by DTLS1 */
+ /*
+ * r
+ */ unsigned long epoch;
+ /* sequence number, needed by DTLS1 */
+ /*
+ * r
+ */ unsigned char seq_num[8];
+} SSL3_RECORD;
+
+typedef struct ssl3_buffer_st {
+ /* at least SSL3_RT_MAX_PACKET_SIZE bytes, see ssl3_setup_buffers() */
+ unsigned char *buf;
+ /* buffer size */
+ size_t len;
+ /* where to 'copy from' */
+ int offset;
+ /* how many bytes left */
+ int left;
+} SSL3_BUFFER;
+
+typedef struct ssl3_state_st {
+ long flags;
+ int delay_buf_pop_ret;
+ unsigned char read_sequence[8];
+ int read_mac_secret_size;
+ unsigned char read_mac_secret[EVP_MAX_MD_SIZE];
+ unsigned char write_sequence[8];
+ int write_mac_secret_size;
+ unsigned char write_mac_secret[EVP_MAX_MD_SIZE];
+ unsigned char server_random[SSL3_RANDOM_SIZE];
+ unsigned char client_random[SSL3_RANDOM_SIZE];
+ /* flags for countermeasure against known-IV weakness */
+ int need_empty_fragments;
+ int empty_fragment_done;
+ /* The value of 'extra' when the buffers were initialized */
+ int init_extra;
+ SSL3_BUFFER rbuf; /* read IO goes into here */
+ SSL3_BUFFER wbuf; /* write IO goes into here */
+ SSL3_RECORD rrec; /* each decoded record goes in here */
+ SSL3_RECORD wrec; /* goes out from here */
+ /*
+ * storage for Alert/Handshake protocol data received but not yet
+ * processed by ssl3_read_bytes:
+ */
+ unsigned char alert_fragment[2];
+ unsigned int alert_fragment_len;
+ unsigned char handshake_fragment[4];
+ unsigned int handshake_fragment_len;
+ /* partial write - check the numbers match */
+ unsigned int wnum; /* number of bytes sent so far */
+ int wpend_tot; /* number bytes written */
+ int wpend_type;
+ int wpend_ret; /* number of bytes submitted */
+ const unsigned char *wpend_buf;
+ /* used during startup, digest all incoming/outgoing packets */
+ BIO *handshake_buffer;
+ /*
+ * When set of handshake digests is determined, buffer is hashed and
+ * freed and MD_CTX-es for all required digests are stored in this array
+ */
+ EVP_MD_CTX **handshake_dgst;
+ /*
+ * Set whenever an expected ChangeCipherSpec message is processed.
+ * Unset when the peer's Finished message is received.
+ * Unexpected ChangeCipherSpec messages trigger a fatal alert.
+ */
+ int change_cipher_spec;
+ int warn_alert;
+ int fatal_alert;
+ /*
+ * we allow one fatal and one warning alert to be outstanding, send close
+ * alert via the warning alert
+ */
+ int alert_dispatch;
+ unsigned char send_alert[2];
+ /*
+ * This flag is set when we should renegotiate ASAP, basically when there
+ * is no more data in the read or write buffers
+ */
+ int renegotiate;
+ int total_renegotiations;
+ int num_renegotiations;
+ int in_read_app_data;
+ struct {
+ /* actually only needs to be 16+20 */
+ unsigned char cert_verify_md[EVP_MAX_MD_SIZE * 2];
+ /* actually only need to be 16+20 for SSLv3 and 12 for TLS */
+ unsigned char finish_md[EVP_MAX_MD_SIZE * 2];
+ int finish_md_len;
+ unsigned char peer_finish_md[EVP_MAX_MD_SIZE * 2];
+ int peer_finish_md_len;
+ unsigned long message_size;
+ int message_type;
+ /* used to hold the new cipher we are going to use */
+ const SSL_CIPHER *new_cipher;
+# ifndef OPENSSL_NO_DH
+ DH *dh;
+# endif
+# ifndef OPENSSL_NO_ECDH
+ EC_KEY *ecdh; /* holds short lived ECDH key */
+# endif
+ /* used when SSL_ST_FLUSH_DATA is entered */
+ int next_state;
+ int reuse_message;
+ /* used for certificate requests */
+ int cert_req;
+ int ctype_num;
+ char ctype[SSL3_CT_NUMBER];
+ STACK_OF(X509_NAME) *ca_names;
+ int use_rsa_tmp;
+ int key_block_length;
+ unsigned char *key_block;
+ const EVP_CIPHER *new_sym_enc;
+ const EVP_MD *new_hash;
+ int new_mac_pkey_type;
+ int new_mac_secret_size;
+# ifndef OPENSSL_NO_COMP
+ const SSL_COMP *new_compression;
+# else
+ char *new_compression;
+# endif
+ int cert_request;
+ } tmp;
+
+ /* Connection binding to prevent renegotiation attacks */
+ unsigned char previous_client_finished[EVP_MAX_MD_SIZE];
+ unsigned char previous_client_finished_len;
+ unsigned char previous_server_finished[EVP_MAX_MD_SIZE];
+ unsigned char previous_server_finished_len;
+ int send_connection_binding; /* TODOEKR */
+
+# ifndef OPENSSL_NO_NEXTPROTONEG
+ /*
+ * Set if we saw the Next Protocol Negotiation extension from our peer.
+ */
+ int next_proto_neg_seen;
+# endif
+
+# ifndef OPENSSL_NO_TLSEXT
+
+ /*
+ * ALPN information (we are in the process of transitioning from NPN to
+ * ALPN.)
+ */
+
+ /*
+ * In a server these point to the selected ALPN protocol after the
+ * ClientHello has been processed. In a client these contain the protocol
+ * that the server selected once the ServerHello has been processed.
+ */
+ unsigned char *alpn_selected;
+ unsigned alpn_selected_len;
+
+# ifndef OPENSSL_NO_EC
+ /*
+ * This is set to true if we believe that this is a version of Safari
+ * running on OS X 10.6 or newer. We wish to know this because Safari on
+ * 10.8 .. 10.8.3 has broken ECDHE-ECDSA support.
+ */
+ char is_probably_safari;
+# endif /* !OPENSSL_NO_EC */
+
+# endif /* !OPENSSL_NO_TLSEXT */
+} SSL3_STATE;
+
+
+/* DTLS structures */
+
+# ifndef OPENSSL_NO_SCTP
+# define DTLS1_SCTP_AUTH_LABEL "EXPORTER_DTLS_OVER_SCTP"
+# endif
+
+/* Max MTU overhead we know about so far is 40 for IPv6 + 8 for UDP */
+# define DTLS1_MAX_MTU_OVERHEAD 48
+
+typedef struct dtls1_bitmap_st {
+ unsigned long map; /* track 32 packets on 32-bit systems and 64
+ * - on 64-bit systems */
+ unsigned char max_seq_num[8]; /* max record number seen so far, 64-bit
+ * value in big-endian encoding */
+} DTLS1_BITMAP;
+
+struct dtls1_retransmit_state {
+ EVP_CIPHER_CTX *enc_write_ctx; /* cryptographic state */
+ EVP_MD_CTX *write_hash; /* used for mac generation */
+# ifndef OPENSSL_NO_COMP
+ COMP_CTX *compress; /* compression */
+# else
+ char *compress;
+# endif
+ SSL_SESSION *session;
+ unsigned short epoch;
+};
+
+struct hm_header_st {
+ unsigned char type;
+ unsigned long msg_len;
+ unsigned short seq;
+ unsigned long frag_off;
+ unsigned long frag_len;
+ unsigned int is_ccs;
+ struct dtls1_retransmit_state saved_retransmit_state;
+};
+
+struct ccs_header_st {
+ unsigned char type;
+ unsigned short seq;
+};
+
+struct dtls1_timeout_st {
+ /* Number of read timeouts so far */
+ unsigned int read_timeouts;
+ /* Number of write timeouts so far */
+ unsigned int write_timeouts;
+ /* Number of alerts received so far */
+ unsigned int num_alerts;
+};
+
+typedef struct record_pqueue_st {
+ unsigned short epoch;
+ pqueue q;
+} record_pqueue;
+
+typedef struct hm_fragment_st {
+ struct hm_header_st msg_header;
+ unsigned char *fragment;
+ unsigned char *reassembly;
+} hm_fragment;
+
+typedef struct dtls1_state_st {
+ unsigned int send_cookie;
+ unsigned char cookie[DTLS1_COOKIE_LENGTH];
+ unsigned char rcvd_cookie[DTLS1_COOKIE_LENGTH];
+ unsigned int cookie_len;
+ /*
+ * The current data and handshake epoch. This is initially
+ * undefined, and starts at zero once the initial handshake is
+ * completed
+ */
+ unsigned short r_epoch;
+ unsigned short w_epoch;
+ /* records being received in the current epoch */
+ DTLS1_BITMAP bitmap;
+ /* renegotiation starts a new set of sequence numbers */
+ DTLS1_BITMAP next_bitmap;
+ /* handshake message numbers */
+ unsigned short handshake_write_seq;
+ unsigned short next_handshake_write_seq;
+ unsigned short handshake_read_seq;
+ /* save last sequence number for retransmissions */
+ unsigned char last_write_sequence[8];
+ /* Received handshake records (processed and unprocessed) */
+ record_pqueue unprocessed_rcds;
+ record_pqueue processed_rcds;
+ /* Buffered handshake messages */
+ pqueue buffered_messages;
+ /* Buffered (sent) handshake records */
+ pqueue sent_messages;
+ /*
+ * Buffered application records. Only for records between CCS and
+ * Finished to prevent either protocol violation or unnecessary message
+ * loss.
+ */
+ record_pqueue buffered_app_data;
+ /* Is set when listening for new connections with dtls1_listen() */
+ unsigned int listen;
+ unsigned int link_mtu; /* max on-the-wire DTLS packet size */
+ unsigned int mtu; /* max DTLS packet size */
+ struct hm_header_st w_msg_hdr;
+ struct hm_header_st r_msg_hdr;
+ struct dtls1_timeout_st timeout;
+ /*
+ * Indicates when the last handshake msg or heartbeat sent will timeout
+ */
+ struct timeval next_timeout;
+ /* Timeout duration */
+ unsigned short timeout_duration;
+ /*
+ * storage for Alert/Handshake protocol data received but not yet
+ * processed by ssl3_read_bytes:
+ */
+ unsigned char alert_fragment[DTLS1_AL_HEADER_LENGTH];
+ unsigned int alert_fragment_len;
+ unsigned char handshake_fragment[DTLS1_HM_HEADER_LENGTH];
+ unsigned int handshake_fragment_len;
+ unsigned int retransmitting;
+ /*
+ * Set when the handshake is ready to process peer's ChangeCipherSpec message.
+ * Cleared after the message has been processed.
+ */
+ unsigned int change_cipher_spec_ok;
+# ifndef OPENSSL_NO_SCTP
+ /* used when SSL_ST_XX_FLUSH is entered */
+ int next_state;
+ int shutdown_received;
+# endif
+} DTLS1_STATE;
+
+typedef struct dtls1_record_data_st {
+ unsigned char *packet;
+ unsigned int packet_length;
+ SSL3_BUFFER rbuf;
+ SSL3_RECORD rrec;
+# ifndef OPENSSL_NO_SCTP
+ struct bio_dgram_sctp_rcvinfo recordinfo;
+# endif
+} DTLS1_RECORD_DATA;
+
+
# ifndef OPENSSL_NO_EC
/*
* From ECC-TLS draft, used in encoding the curve type in ECParameters
diff --git a/ssl/ssl_task.c b/ssl/ssl_task.c
index dad20c6..ab37cc6 100644
--- a/ssl/ssl_task.c
+++ b/ssl/ssl_task.c
@@ -128,8 +128,8 @@ int LIB$INIT_TIMER(), LIB$SHOW_TIMER();

#include <openssl/buffer.h>
#include <openssl/x509.h>
-#include <openssl/ssl.h>
#include <openssl/err.h>
+#include "ssl_locl.h"

int verify_callback(int ok, X509 *xs, X509 *xi, int depth,
int error);
diff --git a/ssl/ssltest.c b/ssl/ssltest.c
index fb78aea..7bf7e55 100644
--- a/ssl/ssltest.c
+++ b/ssl/ssltest.c
@@ -188,6 +188,8 @@
#endif
#include <openssl/bn.h>

+#include "../ssl/ssl_locl.h"
+
/*
* Or gethostname won't be declared properly
* on Compaq platforms (at least with DEC C).
diff --git a/util/mkdef.pl b/util/mkdef.pl
index faed402..03fbf20 100755
--- a/util/mkdef.pl
+++ b/util/mkdef.pl
@@ -111,8 +111,6 @@ my @known_algorithms = ( "RC2", "RC4", "RC5", "IDEA", "DES", "BF",
"NEXTPROTONEG",
# Deprecated functions
"DEPRECATED",
- # Hide SSL internals
- "SSL_INTERN",
# SCTP
"SCTP",
# SRTP

Andy Polyakov

unread,

Feb 2, 2015, 9:30:34 AM2/2/15

to

The branch master has been updated

via 5da05a26f21e7c43a156b65b13a9bc968a6c78db (commit)
from 1d4d68570b8d3f214da0df57c5a629ced9668161 (commit)

- Log -----------------------------------------------------------------
commit 5da05a26f21e7c43a156b65b13a9bc968a6c78db
Author: Andy Polyakov <ap...@openssl.org>
Date: Fri Jan 30 16:15:46 2015 +0100

cms-test.pl: "localize" /dev/null even further [as follow-up to VMS].

Reviewed-by: Rich Salz <rs...@openssl.org>

-----------------------------------------------------------------------

Summary of changes:

test/cms-test.pl | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/test/cms-test.pl b/test/cms-test.pl
index 1c3f00d..51abeef 100644
--- a/test/cms-test.pl
+++ b/test/cms-test.pl
@@ -67,7 +67,7 @@ if ( $^O eq "VMS" && -f "OSSLX:openssl.exe" ) {

# Make MSYS work
elsif ( $^O eq "MSWin32" && -f "../apps/openssl.exe" ) {
$ossl_path = "cmd /c ..\\apps\\openssl";

- $null_path = "/dev/null";
+ $null_path = "NUL";

$failure_code = 256;
}
elsif ( -f "../apps/openssl$ENV{EXE_EXT}" ) {

@@ -77,12 +77,12 @@ elsif ( -f "../apps/openssl$ENV{EXE_EXT}" ) {

}
elsif ( -f "..\\out32dll\\openssl.exe" ) {
$ossl_path = "..\\out32dll\\openssl.exe";

- $null_path = "/dev/null";
+ $null_path = "NUL";

$failure_code = 256;
}
elsif ( -f "..\\out32\\openssl.exe" ) {
$ossl_path = "..\\out32\\openssl.exe";

- $null_path = "/dev/null";
+ $null_path = "NUL";
$failure_code = 256;
}
else {

Rich Salz

unread,

Feb 2, 2015, 11:10:18 AM2/2/15

to

The branch master has been updated

via 7aa0b022460e1a7bfdf5c70e8cd084d916bac012 (commit)
from 5da05a26f21e7c43a156b65b13a9bc968a6c78db (commit)

- Log -----------------------------------------------------------------
commit 7aa0b022460e1a7bfdf5c70e8cd084d916bac012
Author: Rich Salz <rs...@openssl.org>
Date: Mon Feb 2 11:08:16 2015 -0500

Dead code cleanup: crypto/*.c, x509v3, demos

Some of the #if 0 code in demo's was kept, but given helpful #ifdef
names, to show more sample code.

Reviewed-by: Andy Polyakov <ap...@openssl.org>

-----------------------------------------------------------------------

Summary of changes:

crypto/o_init.c | 3 -
crypto/sparcv9cap.c | 131 --------------------------------------
crypto/x509v3/pcy_lib.c | 9 ---
crypto/x509v3/pcy_tree.c | 51 +--------------
crypto/x509v3/v3_utl.c | 12 ----
demos/bio/server-arg.c | 2 +-
demos/engines/rsaref/rsaref.c | 3 -
demos/engines/zencod/hw_zencod.c | 2 +-
demos/evp/aesgcm.c | 12 +---
demos/selfsign.c | 4 +-
10 files changed, 6 insertions(+), 223 deletions(-)

diff --git a/crypto/o_init.c b/crypto/o_init.c
index 2088388..b7b969b 100644
--- a/crypto/o_init.c
+++ b/crypto/o_init.c
@@ -77,7 +77,4 @@ void OPENSSL_init(void)
FIPS_set_malloc_callbacks(CRYPTO_malloc, CRYPTO_free);
RAND_init_fips();
#endif
-#if 0
- fprintf(stderr, "Called OPENSSL_init\n");
-#endif
}
diff --git a/crypto/sparcv9cap.c b/crypto/sparcv9cap.c
index 8bf2846..1731ef6 100644
--- a/crypto/sparcv9cap.c
+++ b/crypto/sparcv9cap.c
@@ -109,128 +109,6 @@ size_t OPENSSL_instrument_bus2(unsigned int *out, size_t cnt, size_t max)
return 0;
}

-#if 0 && defined(__sun) && defined(__SVR4)
-/*
- * This code path is disabled, because of incompatibility of libdevinfo.so.1
- * and libmalloc.so.1 (see below for details)
- */
-# include <malloc.h>
-# include <dlfcn.h>
-# include <libdevinfo.h>
-# include <sys/systeminfo.h>
-
-typedef di_node_t(*di_init_t) (const char *, uint_t);
-typedef void (*di_fini_t) (di_node_t);
-typedef char *(*di_node_name_t) (di_node_t);
-typedef int (*di_walk_node_t) (di_node_t, uint_t, di_node_name_t,
- int (*)(di_node_t, di_node_name_t));
-
-# define DLLINK(h,name) (name=(name##_t)dlsym((h),#name))
-
-static int walk_nodename(di_node_t node, di_node_name_t di_node_name)
-{
- char *name = (*di_node_name) (node);
-
- /* This is expected to catch all UltraSPARC flavors prior T1 */
- if (!strcmp(name, "SUNW,UltraSPARC") ||
- /* covers II,III,IV */
- !strncmp(name, "SUNW,UltraSPARC-I", 17)) {
- OPENSSL_sparcv9cap_P[0] |= SPARCV9_PREFER_FPU | SPARCV9_VIS1;
-
- /* %tick is privileged only on UltraSPARC-I/II, but not IIe */
- if (name[14] != '\0' && name[17] != '\0' && name[18] != '\0')
- OPENSSL_sparcv9cap_P[0] &= ~SPARCV9_TICK_PRIVILEGED;
-
- return DI_WALK_TERMINATE;
- }
- /* This is expected to catch remaining UltraSPARCs, such as T1 */
- else if (!strncmp(name, "SUNW,UltraSPARC", 15)) {
- OPENSSL_sparcv9cap_P[0] &= ~SPARCV9_TICK_PRIVILEGED;
-
- return DI_WALK_TERMINATE;
- }
-
- return DI_WALK_CONTINUE;
-}
-
-void OPENSSL_cpuid_setup(void)
-{
- void *h;
- char *e, si[256];
- static int trigger = 0;
-
- if (trigger)
- return;
- trigger = 1;
-
- if ((e = getenv("OPENSSL_sparcv9cap"))) {
- OPENSSL_sparcv9cap_P[0] = strtoul(e, NULL, 0);
- return;
- }
-
- if (sysinfo(SI_MACHINE, si, sizeof(si)) > 0) {
- if (strcmp(si, "sun4v"))
- /* FPU is preferred for all CPUs, but US-T1/2 */
- OPENSSL_sparcv9cap_P[0] |= SPARCV9_PREFER_FPU;
- }
-
- if (sysinfo(SI_ISALIST, si, sizeof(si)) > 0) {
- if (strstr(si, "+vis"))
- OPENSSL_sparcv9cap_P[0] |= SPARCV9_VIS1 | SPARCV9_BLK;
- if (strstr(si, "+vis2")) {
- OPENSSL_sparcv9cap_P[0] |= SPARCV9_VIS2;
- OPENSSL_sparcv9cap_P[0] &= ~SPARCV9_TICK_PRIVILEGED;
- return;
- }
- }
-# ifdef M_KEEP
- /*
- * Solaris libdevinfo.so.1 is effectively incomatible with
- * libmalloc.so.1. Specifically, if application is linked with
- * -lmalloc, it crashes upon startup with SIGSEGV in
- * free(3LIBMALLOC) called by di_fini. Prior call to
- * mallopt(M_KEEP,0) somehow helps... But not always...
- */
- if ((h = dlopen(NULL, RTLD_LAZY))) {
- union {
- void *p;
- int (*f) (int, int);
- } sym;
- if ((sym.p = dlsym(h, "mallopt")))
- (*sym.f) (M_KEEP, 0);
- dlclose(h);
- }
-# endif
- if ((h = dlopen("libdevinfo.so.1", RTLD_LAZY)))
- do {
- di_init_t di_init;
- di_fini_t di_fini;
- di_walk_node_t di_walk_node;
- di_node_name_t di_node_name;
- di_node_t root_node;
-
- if (!DLLINK(h, di_init))
- break;
- if (!DLLINK(h, di_fini))
- break;
- if (!DLLINK(h, di_walk_node))
- break;
- if (!DLLINK(h, di_node_name))
- break;
-
- if ((root_node = (*di_init) ("/", DINFOSUBTREE)) != DI_NODE_NIL) {
- (*di_walk_node) (root_node, DI_WALK_SIBFIRST,
- di_node_name, walk_nodename);
- (*di_fini) (root_node);
- }
- } while (0);
-
- if (h)
- dlclose(h);
-}
-
-#else
-
static sigjmp_buf common_jmp;
static void common_handler(int sig)
{
@@ -307,13 +185,6 @@ void OPENSSL_cpuid_setup(void)
_sparcv9_vis3_probe();
OPENSSL_sparcv9cap_P[0] |= SPARCV9_VIS3;
}
-# if 0 /* was planned at some point but never
- * implemented in hardware */
- if (sigsetjmp(common_jmp, 1) == 0) {
- (void)_sparcv9_random();
- OPENSSL_sparcv9cap_P[0] |= SPARCV9_RANDOM;
- }
-# endif

/*
* In wait for better solution _sparcv9_rdcfr is masked by
@@ -342,5 +213,3 @@ void OPENSSL_cpuid_setup(void)
}
# endif
}
-
-#endif
diff --git a/crypto/x509v3/pcy_lib.c b/crypto/x509v3/pcy_lib.c
index dbb2983..58ce8a0 100644
--- a/crypto/x509v3/pcy_lib.c
+++ b/crypto/x509v3/pcy_lib.c
@@ -140,15 +140,6 @@ const ASN1_OBJECT *X509_policy_node_get0_policy(const X509_POLICY_NODE *node)
return node->data->valid_policy;
}

-#if 0
-int X509_policy_node_get_critical(const X509_POLICY_NODE *node)
-{
- if (node_critical(node))
- return 1;
- return 0;
-}
-#endif
-
STACK_OF(POLICYQUALINFO) *X509_policy_node_get0_qualifiers(const
X509_POLICY_NODE
*node)
diff --git a/crypto/x509v3/pcy_tree.c b/crypto/x509v3/pcy_tree.c
index d4b550e..cc52fa2 100644
--- a/crypto/x509v3/pcy_tree.c
+++ b/crypto/x509v3/pcy_tree.c
@@ -156,14 +156,10 @@ static int tree_init(X509_POLICY_TREE **ptree, STACK_OF(X509) *certs,
int explicit_policy;
int any_skip;
int map_skip;
+
*ptree = NULL;
n = sk_X509_num(certs);

-#if 0
- /* Disable policy mapping for now... */
- flags |= X509_V_FLAG_INHIBIT_MAP;
-#endif
-
if (flags & X509_V_FLAG_EXPLICIT_POLICY)
explicit_policy = 0;
else
@@ -340,19 +336,6 @@ static int tree_link_nodes(X509_POLICY_LEVEL *curr,

for (i = 0; i < sk_X509_POLICY_DATA_num(cache->data); i++) {
data = sk_X509_POLICY_DATA_value(cache->data, i);
- /*
- * If a node is mapped any it doesn't have a corresponding
- * CertificatePolicies entry. However such an identical node would
- * be created if anyPolicy matching is enabled because there would be
- * no match with the parent valid_policy_set. So we create link
- * because then it will have the mapping flags right and we can prune
- * it later.
- */
-#if 0
- if ((data->flags & POLICY_DATA_FLAG_MAPPED_ANY)
- && !(curr->flags & X509_V_FLAG_INHIBIT_ANY))
- continue;
-#endif
/* Look for matching nodes in previous level */
if (!tree_link_matching_nodes(curr, data))
return 0;
@@ -432,9 +415,6 @@ static int tree_link_any(X509_POLICY_LEVEL *curr,
X509_POLICY_TREE *tree)
{
int i;
- /*
- * X509_POLICY_DATA *data;
- */
X509_POLICY_NODE *node;
X509_POLICY_LEVEL *last = curr - 1;

@@ -443,35 +423,6 @@ static int tree_link_any(X509_POLICY_LEVEL *curr,

if (!tree_link_unmatched(curr, cache, node, tree))

return 0;
-
-#if 0

-
- /*
- * Skip any node with any children: we only want unmathced nodes.
- * Note: need something better for policy mapping because each node
- * may have multiple children
- */
- if (node->nchild)
- continue;
-
- /*
- * Create a new node with qualifiers from anyPolicy and id from
- * unmatched node.
- */
- data = policy_data_new(NULL, node->data->valid_policy,
- node_critical(node));
-
- if (data == NULL)
- return 0;
- /* Curr may not have anyPolicy */
- data->qualifier_set = cache->anyPolicy->qualifier_set;
- data->flags |= POLICY_DATA_FLAG_SHARED_QUALIFIERS;
- if (!level_add_node(curr, data, node, tree)) {
- policy_data_free(data);
- return 0;
- }
-#endif
-
}
/* Finally add link to anyPolicy */
if (last->anyPolicy) {
diff --git a/crypto/x509v3/v3_utl.c b/crypto/x509v3/v3_utl.c
index f65323b..1ad3999 100644
--- a/crypto/x509v3/v3_utl.c
+++ b/crypto/x509v3/v3_utl.c
@@ -307,9 +307,6 @@ STACK_OF(CONF_VALUE) *X509V3_parse_list(const char *line)
*p = 0;
ntmp = strip_spaces(q);
q = p + 1;
-#if 0
- printf("%s\n", ntmp);
-#endif
if (!ntmp) {
X509V3err(X509V3_F_X509V3_PARSE_LIST,
X509V3_R_INVALID_NULL_NAME);
@@ -324,9 +321,6 @@ STACK_OF(CONF_VALUE) *X509V3_parse_list(const char *line)
state = HDR_NAME;
*p = 0;
vtmp = strip_spaces(q);
-#if 0
- printf("%s\n", ntmp);
-#endif
if (!vtmp) {
X509V3err(X509V3_F_X509V3_PARSE_LIST,
X509V3_R_INVALID_NULL_VALUE);
@@ -342,9 +336,6 @@ STACK_OF(CONF_VALUE) *X509V3_parse_list(const char *line)

if (state == HDR_VALUE) {
vtmp = strip_spaces(q);
-#if 0
- printf("%s=%s\n", ntmp, vtmp);
-#endif
if (!vtmp) {
X509V3err(X509V3_F_X509V3_PARSE_LIST,
X509V3_R_INVALID_NULL_VALUE);
@@ -353,9 +344,6 @@ STACK_OF(CONF_VALUE) *X509V3_parse_list(const char *line)
X509V3_add_value(ntmp, vtmp, &values);
} else {
ntmp = strip_spaces(q);
-#if 0
- printf("%s\n", ntmp);
-#endif
if (!ntmp) {
X509V3err(X509V3_F_X509V3_PARSE_LIST, X509V3_R_INVALID_NULL_NAME);
goto err;
diff --git a/demos/bio/server-arg.c b/demos/bio/server-arg.c
index 1d0e1db..7ba54db 100644
--- a/demos/bio/server-arg.c
+++ b/demos/bio/server-arg.c
@@ -72,7 +72,7 @@ int main(int argc, char *argv[])
ERR_print_errors_fp(stderr);
goto err;
}
-#if 0
+#ifdef ITERATE_CERTS
/*
* Demo of how to iterate over all certificates in an SSL_CTX structure.
*/
diff --git a/demos/engines/rsaref/rsaref.c b/demos/engines/rsaref/rsaref.c
index b6429de..d5a6e6c 100644
--- a/demos/engines/rsaref/rsaref.c
+++ b/demos/engines/rsaref/rsaref.c
@@ -36,9 +36,6 @@ static const char *engine_rsaref_name = "RSAref engine support";
static int rsaref_destroy(ENGINE *e);
static int rsaref_init(ENGINE *e);
static int rsaref_finish(ENGINE *e);
-#if 0
-static int rsaref_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f) ());
-#endif

/*****************************************************************************
* Engine commands
diff --git a/demos/engines/zencod/hw_zencod.c b/demos/engines/zencod/hw_zencod.c
index 26ec3f6..1c76284 100644
--- a/demos/engines/zencod/hw_zencod.c
+++ b/demos/engines/zencod/hw_zencod.c
@@ -82,7 +82,7 @@

# define ZEN_LIBRARY "zenbridge"

-# if 0
+# ifdef ZENCOD_TRACING
# define PERROR(s) perror(s)
# define CHEESE() fputs("## [ZenEngine] ## " __FUNCTION__ "\n", stderr)
# else
diff --git a/demos/evp/aesgcm.c b/demos/evp/aesgcm.c
index 9159c5c..72028a0 100644
--- a/demos/evp/aesgcm.c
+++ b/demos/evp/aesgcm.c
@@ -85,13 +85,6 @@ void aes_gcm_decrypt(void)

EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN, sizeof(gcm_iv), NULL);
/* Specify key and IV */
EVP_DecryptInit_ex(ctx, NULL, NULL, gcm_key, gcm_iv);

-#if 0
- /*
- * Set expected tag value. A restriction in OpenSSL 1.0.1c and earlier
- * required the tag before any AAD or ciphertext
- */
- EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, sizeof(gcm_tag), gcm_tag);
-#endif

/* Zero or more calls to specify any AAD */
EVP_DecryptUpdate(ctx, NULL, &outlen, gcm_aad, sizeof(gcm_aad));

/* Decrypt plaintext */
@@ -99,10 +92,7 @@ void aes_gcm_decrypt(void)

/* Output decrypted block */
printf("Plaintext:\n");
BIO_dump_fp(stdout, outbuf, outlen);

- /*
- * Set expected tag value. Works in OpenSSL 1.0.1d and later
- * In versions prior to OpenSSL 1.1.0 you should use EVP_CTRL_GCM_SET_TAG
- */
+ /* Set expected tag value. */

EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, sizeof(gcm_tag), gcm_tag);
/* Finalise: note get no output for GCM */
rv = EVP_DecryptFinal_ex(ctx, outbuf, &outlen);

diff --git a/demos/selfsign.c b/demos/selfsign.c
index 49228b9..0cc265c 100644
--- a/demos/selfsign.c
+++ b/demos/selfsign.c
@@ -136,7 +136,7 @@ int days;
X509_add_ext(x, ex, -1);
X509_EXTENSION_free(ex);

-#if 0
+#ifdef ADD_CA_CONSTRAINT
/* might want something like this too.... */
ex = X509V3_EXT_conf_nid(NULL, NULL, NID_basic_constraints,
"critical,CA:TRUE");
@@ -145,7 +145,7 @@ int days;
X509_EXTENSION_free(ex);
#endif

-#ifdef CUSTOM_EXT
+#ifdef ADD_A_CUSTOM_EXTENSION
/* Maybe even add our own extension based on existing */
{
int nid;

Rich Salz

unread,

Feb 2, 2015, 11:16:50 AM2/2/15

to

The branch master has been updated

via 9ccc00ef6ea65567622e40c49aca43f2c6d79cdb (commit)
from 7aa0b022460e1a7bfdf5c70e8cd084d916bac012 (commit)

- Log -----------------------------------------------------------------
commit 9ccc00ef6ea65567622e40c49aca43f2c6d79cdb
Author: Rich Salz <rs...@openssl.org>
Date: Mon Feb 2 11:11:34 2015 -0500

Dead code cleanup: #if 0 dropped from tests

Reviewed-by: Andy Polyakov <ap...@openssl.org>

-----------------------------------------------------------------------

Summary of changes:

crypto/bn/bntest.c | 140 ------------------------------------------
crypto/cast/casttest.c | 28 ---------
crypto/des/destest.c | 5 --
crypto/ec/ectest.c | 157 ------------------------------------------------
crypto/ecdh/ecdhtest.c | 22 -------
crypto/evp/evp_test.c | 3 -
ssl/ssltest.c | 12 +---
7 files changed, 1 insertion(+), 366 deletions(-)

diff --git a/crypto/bn/bntest.c b/crypto/bn/bntest.c
index 4d109d8..521858a 100644
--- a/crypto/bn/bntest.c
+++ b/crypto/bn/bntest.c
@@ -1174,19 +1174,6 @@ int test_gf2m_add(BIO *bp)
a->neg = rand_neg();
b->neg = rand_neg();
BN_GF2m_add(c, a, b);
-# if 0 /* make test uses ouput in bc but bc can't
- * handle GF(2^m) arithmetic */
- if (bp != NULL) {
- if (!results) {
- BN_print(bp, a);
- BIO_puts(bp, " ^ ");
- BN_print(bp, b);
- BIO_puts(bp, " = ");
- }
- BN_print(bp, c);
- BIO_puts(bp, "\n");
- }
-# endif
/* Test that two added values have the correct parity. */
if ((BN_is_odd(a) && BN_is_odd(c))
|| (!BN_is_odd(a) && !BN_is_odd(c))) {
@@ -1229,19 +1216,6 @@ int test_gf2m_mod(BIO *bp)
BN_bntest_rand(a, 1024, 0, 0);
for (j = 0; j < 2; j++) {
BN_GF2m_mod(c, a, b[j]);
-# if 0 /* make test uses ouput in bc but bc can't
- * handle GF(2^m) arithmetic */
- if (bp != NULL) {
- if (!results) {
- BN_print(bp, a);
- BIO_puts(bp, " % ");
- BN_print(bp, b[j]);
- BIO_puts(bp, " - ");
- BN_print(bp, c);
- BIO_puts(bp, "\n");
- }
- }
-# endif
BN_GF2m_add(d, a, c);
BN_GF2m_mod(e, d, b[j]);
/* Test that a + (a mod p) mod p == 0. */
@@ -1288,21 +1262,6 @@ int test_gf2m_mod_mul(BIO *bp, BN_CTX *ctx)
BN_bntest_rand(d, 1024, 0, 0);
for (j = 0; j < 2; j++) {
BN_GF2m_mod_mul(e, a, c, b[j], ctx);
-# if 0 /* make test uses ouput in bc but bc can't
- * handle GF(2^m) arithmetic */
- if (bp != NULL) {
- if (!results) {
- BN_print(bp, a);
- BIO_puts(bp, " * ");
- BN_print(bp, c);
- BIO_puts(bp, " % ");
- BN_print(bp, b[j]);
- BIO_puts(bp, " - ");
- BN_print(bp, e);
- BIO_puts(bp, "\n");
- }
- }
-# endif
BN_GF2m_add(f, a, d);
BN_GF2m_mod_mul(g, f, c, b[j], ctx);
BN_GF2m_mod_mul(h, d, c, b[j], ctx);
@@ -1352,21 +1311,6 @@ int test_gf2m_mod_sqr(BIO *bp, BN_CTX *ctx)
BN_GF2m_mod_sqr(c, a, b[j], ctx);
BN_copy(d, a);
BN_GF2m_mod_mul(d, a, d, b[j], ctx);
-# if 0 /* make test uses ouput in bc but bc can't
- * handle GF(2^m) arithmetic */
- if (bp != NULL) {
- if (!results) {
- BN_print(bp, a);
- BIO_puts(bp, " ^ 2 % ");
- BN_print(bp, b[j]);
- BIO_puts(bp, " = ");
- BN_print(bp, c);
- BIO_puts(bp, "; a * a = ");
- BN_print(bp, d);
- BIO_puts(bp, "\n");
- }
- }
-# endif
BN_GF2m_add(d, c, d);
/* Test that a*a = a^2. */
if (!BN_is_zero(d)) {
@@ -1406,19 +1350,6 @@ int test_gf2m_mod_inv(BIO *bp, BN_CTX *ctx)
for (j = 0; j < 2; j++) {
BN_GF2m_mod_inv(c, a, b[j], ctx);
BN_GF2m_mod_mul(d, a, c, b[j], ctx);
-# if 0 /* make test uses ouput in bc but bc can't
- * handle GF(2^m) arithmetic */
- if (bp != NULL) {
- if (!results) {
- BN_print(bp, a);
- BIO_puts(bp, " * ");
- BN_print(bp, c);
- BIO_puts(bp, " - 1 % ");
- BN_print(bp, b[j]);
- BIO_puts(bp, "\n");
- }
- }
-# endif
/* Test that ((1/a)*a) = 1. */
if (!BN_is_one(d)) {
fprintf(stderr, "GF(2^m) modular inversion test failed!\n");
@@ -1461,21 +1392,6 @@ int test_gf2m_mod_div(BIO *bp, BN_CTX *ctx)
BN_GF2m_mod_div(d, a, c, b[j], ctx);
BN_GF2m_mod_mul(e, d, c, b[j], ctx);
BN_GF2m_mod_div(f, a, e, b[j], ctx);
-# if 0 /* make test uses ouput in bc but bc can't
- * handle GF(2^m) arithmetic */
- if (bp != NULL) {
- if (!results) {
- BN_print(bp, a);
- BIO_puts(bp, " = ");
- BN_print(bp, c);
- BIO_puts(bp, " * ");
- BN_print(bp, d);
- BIO_puts(bp, " % ");
- BN_print(bp, b[j]);
- BIO_puts(bp, "\n");
- }
- }
-# endif
/* Test that ((a/c)*c)/a = 1. */
if (!BN_is_one(f)) {
fprintf(stderr, "GF(2^m) modular division test failed!\n");
@@ -1523,25 +1439,6 @@ int test_gf2m_mod_exp(BIO *bp, BN_CTX *ctx)
BN_GF2m_mod_mul(e, e, f, b[j], ctx);
BN_add(f, c, d);
BN_GF2m_mod_exp(f, a, f, b[j], ctx);
-# if 0 /* make test uses ouput in bc but bc can't
- * handle GF(2^m) arithmetic */
- if (bp != NULL) {
- if (!results) {
- BN_print(bp, a);
- BIO_puts(bp, " ^ (");
- BN_print(bp, c);
- BIO_puts(bp, " + ");
- BN_print(bp, d);
- BIO_puts(bp, ") = ");
- BN_print(bp, e);
- BIO_puts(bp, "; - ");
- BN_print(bp, f);
- BIO_puts(bp, " % ");
- BN_print(bp, b[j]);
- BIO_puts(bp, "\n");
- }
- }
-# endif
BN_GF2m_add(f, e, f);
/* Test that a^(c+d)=a^c*a^d. */
if (!BN_is_zero(f)) {
@@ -1587,17 +1484,6 @@ int test_gf2m_mod_sqrt(BIO *bp, BN_CTX *ctx)
BN_GF2m_mod(c, a, b[j]);
BN_GF2m_mod_sqrt(d, a, b[j], ctx);
BN_GF2m_mod_sqr(e, d, b[j], ctx);
-# if 0 /* make test uses ouput in bc but bc can't
- * handle GF(2^m) arithmetic */
- if (bp != NULL) {
- if (!results) {
- BN_print(bp, d);
- BIO_puts(bp, " ^ 2 - ");
- BN_print(bp, a);
- BIO_puts(bp, "\n");
- }
- }
-# endif
BN_GF2m_add(f, c, e);
/* Test that d^2 = a, where d = sqrt(a). */
if (!BN_is_zero(f)) {
@@ -1644,19 +1530,6 @@ int test_gf2m_mod_solve_quad(BIO *bp, BN_CTX *ctx)
BN_GF2m_mod_sqr(d, c, b[j], ctx);
BN_GF2m_add(d, c, d);
BN_GF2m_mod(e, a, b[j]);
-# if 0 /* make test uses ouput in bc but bc can't
- * handle GF(2^m) arithmetic */
- if (bp != NULL) {
- if (!results) {
- BN_print(bp, c);
- BIO_puts(bp, " is root of z^2 + z = ");
- BN_print(bp, a);
- BIO_puts(bp, " % ");
- BN_print(bp, b[j]);
- BIO_puts(bp, "\n");
- }
- }
-# endif
BN_GF2m_add(e, e, d);
/*
* Test that solution of quadratic c satisfies c^2 + c = a.
@@ -1667,19 +1540,6 @@ int test_gf2m_mod_solve_quad(BIO *bp, BN_CTX *ctx)
goto err;
}

- } else {
-# if 0 /* make test uses ouput in bc but bc can't
- * handle GF(2^m) arithmetic */
- if (bp != NULL) {
- if (!results) {
- BIO_puts(bp, "There are no roots of z^2 + z = ");
- BN_print(bp, a);
- BIO_puts(bp, " % ");
- BN_print(bp, b[j]);
- BIO_puts(bp, "\n");
- }
- }
-# endif
}
}
}
diff --git a/crypto/cast/casttest.c b/crypto/cast/casttest.c
index 9c6614b..8063b9c 100644
--- a/crypto/cast/casttest.c
+++ b/crypto/cast/casttest.c
@@ -112,34 +112,6 @@ static unsigned char c_b[16] = {
0x80, 0xAC, 0x05, 0xB8, 0xE8, 0x3D, 0x69, 0x6E
};

-# if 0
-char *text = "Hello to all people out there";
-
-static unsigned char cfb_key[16] = {
- 0xe1, 0xf0, 0xc3, 0xd2, 0xa5, 0xb4, 0x87, 0x96,
- 0x69, 0x78, 0x4b, 0x5a, 0x2d, 0x3c, 0x0f, 0x1e,
-};
-static unsigned char cfb_iv[80] =
- { 0x34, 0x12, 0x78, 0x56, 0xab, 0x90, 0xef, 0xcd };
-static unsigned char cfb_buf1[40], cfb_buf2[40], cfb_tmp[8];
-# define CFB_TEST_SIZE 24
-static unsigned char plain[CFB_TEST_SIZE] = {
- 0x4e, 0x6f, 0x77, 0x20, 0x69, 0x73,
- 0x20, 0x74, 0x68, 0x65, 0x20, 0x74,
- 0x69, 0x6d, 0x65, 0x20, 0x66, 0x6f,
- 0x72, 0x20, 0x61, 0x6c, 0x6c, 0x20
-};
-
-static unsigned char cfb_cipher64[CFB_TEST_SIZE] = {
- 0x59, 0xD8, 0xE2, 0x65, 0x00, 0x58, 0x6C, 0x3F,
- 0x2C, 0x17, 0x25, 0xD0, 0x1A, 0x38, 0xB7, 0x2A,
- 0x39, 0x61, 0x37, 0xDC, 0x79, 0xFB, 0x9F, 0x45
-/*- 0xF9,0x78,0x32,0xB5,0x42,0x1A,0x6B,0x38,
- 0x9A,0x44,0xD6,0x04,0x19,0x43,0xC4,0xD9,
- 0x3D,0x1E,0xAE,0x47,0xFC,0xCF,0x29,0x0B,*/
-};
-# endif
-

int main(int argc, char *argv[])

{
# ifdef FULL_TEST
diff --git a/crypto/des/destest.c b/crypto/des/destest.c
index be68d36..14f4dfe 100644
--- a/crypto/des/destest.c
+++ b/crypto/des/destest.c
@@ -345,12 +345,7 @@ static unsigned char ofb_cipher[24] = {
0x35, 0xf2, 0x4a, 0x24, 0x2e, 0xeb, 0x3d, 0x3f,
0x3d, 0x6d, 0x5b, 0xe3, 0x25, 0x5a, 0xf8, 0xc3
};
-
-# if 0
-static DES_LONG cbc_cksum_ret = 0xB462FEF7L;
-# else
static DES_LONG cbc_cksum_ret = 0xF7FE62B4L;
-# endif
static unsigned char cbc_cksum_data[8] =
{ 0x1D, 0x26, 0x93, 0x97, 0xf7, 0xfe, 0x62, 0xb4 };

diff --git a/crypto/ec/ectest.c b/crypto/ec/ectest.c
index a6be1a9..fc04f3b 100644
--- a/crypto/ec/ectest.c
+++ b/crypto/ec/ectest.c
@@ -114,93 +114,6 @@ int main(int argc, char *argv[])
# define TIMING_RAND_PT 1
# define TIMING_SIMUL 2

-# if 0
-static void timings(EC_GROUP *group, int type, BN_CTX *ctx)
-{
- clock_t clck;
- int i, j;
- BIGNUM *s;
- BIGNUM *r[10], *r0[10];
- EC_POINT *P;
-
- s = BN_new();
- if (s == NULL)
- ABORT;
-
- fprintf(stdout, "Timings for %d-bit field, ", EC_GROUP_get_degree(group));
- if (!EC_GROUP_get_order(group, s, ctx))
- ABORT;
- fprintf(stdout, "%d-bit scalars ", (int)BN_num_bits(s));
- fflush(stdout);
-
- P = EC_POINT_new(group);
- if (P == NULL)
- ABORT;
- EC_POINT_copy(P, EC_GROUP_get0_generator(group));
-
- for (i = 0; i < 10; i++) {
- if ((r[i] = BN_new()) == NULL)
- ABORT;
- if (!BN_pseudo_rand(r[i], BN_num_bits(s), 0, 0))
- ABORT;
- if (type != TIMING_BASE_PT) {
- if ((r0[i] = BN_new()) == NULL)
- ABORT;
- if (!BN_pseudo_rand(r0[i], BN_num_bits(s), 0, 0))
- ABORT;
- }
- }
-
- clck = clock();
- for (i = 0; i < 10; i++) {
- for (j = 0; j < 10; j++) {
- if (!EC_POINT_mul
- (group, P, (type != TIMING_RAND_PT) ? r[i] : NULL,
- (type != TIMING_BASE_PT) ? P : NULL,
- (type != TIMING_BASE_PT) ? r0[i] : NULL, ctx))
- ABORT;
- }
- }
- clck = clock() - clck;
-
- fprintf(stdout, "\n");
-
-# ifdef CLOCKS_PER_SEC
- /*
- * "To determine the time in seconds, the value returned by the clock
- * function should be divided by the value of the macro CLOCKS_PER_SEC."
- * -- ISO/IEC 9899
- */
-# define UNIT "s"
-# else
-# define UNIT "units"
-# define CLOCKS_PER_SEC 1
-# endif
-
- if (type == TIMING_BASE_PT) {
- fprintf(stdout, "%i %s in %.2f " UNIT "\n", i * j,
- "base point multiplications", (double)clck / CLOCKS_PER_SEC);
- } else if (type == TIMING_RAND_PT) {
- fprintf(stdout, "%i %s in %.2f " UNIT "\n", i * j,
- "random point multiplications",
- (double)clck / CLOCKS_PER_SEC);
- } else if (type == TIMING_SIMUL) {
- fprintf(stdout, "%i %s in %.2f " UNIT "\n", i * j,
- "s*P+t*Q operations", (double)clck / CLOCKS_PER_SEC);
- }
- fprintf(stdout, "average: %.4f " UNIT "\n",
- (double)clck / (CLOCKS_PER_SEC * i * j));
-
- EC_POINT_free(P);
- BN_free(s);
- for (i = 0; i < 10; i++) {
- BN_free(r[i]);
- if (type != TIMING_BASE_PT)
- BN_free(r0[i]);

- }
-}
-# endif
-

/* test multiplication with group order, long and negative scalars */
static void group_order_tests(EC_GROUP *group)
{
@@ -443,18 +356,6 @@ static void prime_field_tests(void)
if (!EC_POINT_add(group, P, P, Q, ctx))
ABORT;

-# if 0 /* optional */
- {
- EC_POINT *points[3];
-
- points[0] = R;
- points[1] = Q;
- points[2] = P;
- if (!EC_POINTs_make_affine(group, 2, points, ctx))
- ABORT;
- }
-# endif
-
}
while (!EC_POINT_is_at_infinity(group, P));

@@ -952,27 +853,6 @@ static void prime_field_tests(void)
BN_free(scalar3);
}

-# if 0
- timings(P_160, TIMING_BASE_PT, ctx);
- timings(P_160, TIMING_RAND_PT, ctx);
- timings(P_160, TIMING_SIMUL, ctx);
- timings(P_192, TIMING_BASE_PT, ctx);
- timings(P_192, TIMING_RAND_PT, ctx);
- timings(P_192, TIMING_SIMUL, ctx);
- timings(P_224, TIMING_BASE_PT, ctx);
- timings(P_224, TIMING_RAND_PT, ctx);
- timings(P_224, TIMING_SIMUL, ctx);
- timings(P_256, TIMING_BASE_PT, ctx);
- timings(P_256, TIMING_RAND_PT, ctx);
- timings(P_256, TIMING_SIMUL, ctx);
- timings(P_384, TIMING_BASE_PT, ctx);
- timings(P_384, TIMING_RAND_PT, ctx);
- timings(P_384, TIMING_SIMUL, ctx);
- timings(P_521, TIMING_BASE_PT, ctx);
- timings(P_521, TIMING_RAND_PT, ctx);
- timings(P_521, TIMING_SIMUL, ctx);
-# endif
-
if (ctx)
BN_CTX_free(ctx);
BN_free(p);
@@ -1456,39 +1336,6 @@ static void char2_field_tests(void)
fprintf(stdout, " ok\n\n");
}

-# if 0
- timings(C2_K163, TIMING_BASE_PT, ctx);
- timings(C2_K163, TIMING_RAND_PT, ctx);
- timings(C2_K163, TIMING_SIMUL, ctx);
- timings(C2_B163, TIMING_BASE_PT, ctx);
- timings(C2_B163, TIMING_RAND_PT, ctx);
- timings(C2_B163, TIMING_SIMUL, ctx);
- timings(C2_K233, TIMING_BASE_PT, ctx);
- timings(C2_K233, TIMING_RAND_PT, ctx);
- timings(C2_K233, TIMING_SIMUL, ctx);
- timings(C2_B233, TIMING_BASE_PT, ctx);
- timings(C2_B233, TIMING_RAND_PT, ctx);
- timings(C2_B233, TIMING_SIMUL, ctx);
- timings(C2_K283, TIMING_BASE_PT, ctx);
- timings(C2_K283, TIMING_RAND_PT, ctx);
- timings(C2_K283, TIMING_SIMUL, ctx);
- timings(C2_B283, TIMING_BASE_PT, ctx);
- timings(C2_B283, TIMING_RAND_PT, ctx);
- timings(C2_B283, TIMING_SIMUL, ctx);
- timings(C2_K409, TIMING_BASE_PT, ctx);
- timings(C2_K409, TIMING_RAND_PT, ctx);
- timings(C2_K409, TIMING_SIMUL, ctx);
- timings(C2_B409, TIMING_BASE_PT, ctx);
- timings(C2_B409, TIMING_RAND_PT, ctx);
- timings(C2_B409, TIMING_SIMUL, ctx);
- timings(C2_K571, TIMING_BASE_PT, ctx);
- timings(C2_K571, TIMING_RAND_PT, ctx);
- timings(C2_K571, TIMING_SIMUL, ctx);
- timings(C2_B571, TIMING_BASE_PT, ctx);
- timings(C2_B571, TIMING_RAND_PT, ctx);
- timings(C2_B571, TIMING_SIMUL, ctx);
-# endif
-
if (ctx)
BN_CTX_free(ctx);
BN_free(p);
@@ -1783,10 +1630,6 @@ static void nistp_single_test(const struct nistp_test_params *test)

fprintf(stdout, "ok\n");
group_order_tests(NISTP);
-# if 0
- timings(NISTP, TIMING_BASE_PT, ctx);
- timings(NISTP, TIMING_RAND_PT, ctx);
-# endif
EC_GROUP_free(NISTP);
EC_POINT_free(G);
EC_POINT_free(P);
diff --git a/crypto/ecdh/ecdhtest.c b/crypto/ecdh/ecdhtest.c
index 5aed2b1..41725f6 100644
--- a/crypto/ecdh/ecdhtest.c
+++ b/crypto/ecdh/ecdhtest.c
@@ -92,10 +92,6 @@ int main(int argc, char *argv[])
# include <openssl/ec.h>
# include <openssl/ecdh.h>

-# if 0
-static void cb(int p, int n, void *arg);
-# endif
-
static const char rnd_seed[] =
"string to make the random number generator think it has entropy";

@@ -544,22 +540,4 @@ int main(int argc, char *argv[])
CRYPTO_mem_leaks_fp(stderr);
EXIT(ret);
}
-
-# if 0
-static void cb(int p, int n, void *arg)
-{
- char c = '*';
-
- if (p == 0)
- c = '.';
- if (p == 1)
- c = '+';
- if (p == 2)
- c = '*';
- if (p == 3)
- c = '\n';
- BIO_write((BIO *)arg, &c, 1);
- (void)BIO_flush((BIO *)arg);
-}
-# endif
#endif
diff --git a/crypto/evp/evp_test.c b/crypto/evp/evp_test.c
index b356131..ea332ae 100644
--- a/crypto/evp/evp_test.c
+++ b/crypto/evp/evp_test.c
@@ -480,9 +480,6 @@ int main(int argc, char **argv)
/* Load all compiled-in ENGINEs */
ENGINE_load_builtin_engines();
#endif
-#if 0
- OPENSSL_config();
-#endif
#ifndef OPENSSL_NO_ENGINE
/*
* Register all available ENGINE implementations of ciphers and digests.
diff --git a/ssl/ssltest.c b/ssl/ssltest.c
index 7bf7e55..3eb13e2 100644
--- a/ssl/ssltest.c
+++ b/ssl/ssltest.c
@@ -740,13 +740,6 @@ static int custom_ext_3_srv_add_cb(SSL *s, unsigned int ext_type,
static char *cipher = NULL;
static int verbose = 0;
static int debug = 0;
-#if 0
-/* Not used yet. */
-# ifdef FIONBIO
-static int s_nbio = 0;
-# endif
-#endif
-
static const char rnd_seed[] =
"string to make the random number generator think it has entropy";

@@ -754,6 +747,7 @@ int doit_biopair(SSL *s_ssl, SSL *c_ssl, long bytes, clock_t *s_time,
clock_t *c_time);
int doit(SSL *s_ssl, SSL *c_ssl, long bytes);
static int do_test_cipherlist(void);
+
static void sv_usage(void)
{
fprintf(stderr, "usage: ssltest [args ...]\n");
@@ -2487,10 +2481,6 @@ static int verify_callback(int ok, X509_STORE_CTX *ctx)

if (ok == 1) {
X509 *xs = ctx->current_cert;
-#if 0
- X509 *xi = ctx->current_issuer;
-#endif
-
if (xs->ex_flags & EXFLAG_PROXY) {
unsigned int *letters = X509_STORE_CTX_get_ex_data(ctx,
get_proxy_auth_ex_data_idx

Rich Salz

unread,

Feb 2, 2015, 11:42:02 AM2/2/15

to

The branch master has been updated

via f16a64d11f55c01f56baa62ebf1dec7f8fe718cb (commit)
from 9ccc00ef6ea65567622e40c49aca43f2c6d79cdb (commit)

- Log -----------------------------------------------------------------
commit f16a64d11f55c01f56baa62ebf1dec7f8fe718cb
Author: Rich Salz <rs...@openssl.org>
Date: Mon Feb 2 11:40:36 2015 -0500

Dead code cleanup; remove #if 0 from crypto/engine

Reviewed-by: Richard Levitte <lev...@openssl.org>

-----------------------------------------------------------------------

Summary of changes:

crypto/engine/eng_all.c | 9 ---------
crypto/engine/eng_list.c | 9 ---------
crypto/engine/tb_store.c | 24 ------------------------
3 files changed, 42 deletions(-)

diff --git a/crypto/engine/eng_all.c b/crypto/engine/eng_all.c
index e81506c..b7d2529 100644
--- a/crypto/engine/eng_all.c
+++ b/crypto/engine/eng_all.c
@@ -64,15 +64,6 @@ void ENGINE_load_builtin_engines(void)
{
/* Some ENGINEs need this */
OPENSSL_cpuid_setup();
-#if 0
- /*
- * There's no longer any need for an "openssl" ENGINE unless, one day, it
- * is the *only* way for standard builtin implementations to be be
- * accessed (ie. it would be possible to statically link binaries with
- * *no* builtin implementations).
- */
- ENGINE_load_openssl();
-#endif
#if !defined(OPENSSL_NO_HW) && (defined(__OpenBSD__) || defined(__FreeBSD__) || defined(HAVE_CRYPTODEV))
ENGINE_load_cryptodev();
#endif
diff --git a/crypto/engine/eng_list.c b/crypto/engine/eng_list.c
index 3384e31..c69e8a7 100644
--- a/crypto/engine/eng_list.c
+++ b/crypto/engine/eng_list.c
@@ -353,14 +353,6 @@ ENGINE *ENGINE_by_id(const char *id)
}
}
CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
-#if 0
- if (iterator == NULL) {
- ENGINEerr(ENGINE_F_ENGINE_BY_ID, ENGINE_R_NO_SUCH_ENGINE);
- ERR_add_error_data(2, "id=", id);
- }
- return iterator;
-#else
- /* EEK! Experimental code starts */
if (iterator)
return iterator;
/*
@@ -390,7 +382,6 @@ ENGINE *ENGINE_by_id(const char *id)
ERR_add_error_data(2, "id=", id);
return NULL;
/* EEK! Experimental code ends */
-#endif
}

int ENGINE_up_ref(ENGINE *e)
diff --git a/crypto/engine/tb_store.c b/crypto/engine/tb_store.c
index 1eab49d..84d2268 100644
--- a/crypto/engine/tb_store.c
+++ b/crypto/engine/tb_store.c
@@ -91,30 +91,6 @@ void ENGINE_register_all_STORE()
ENGINE_register_STORE(e);
}

-/* The following two functions are removed because they're useless. */
-#if 0
-int ENGINE_set_default_STORE(ENGINE *e)
-{
- if (e->store_meth)
- return engine_table_register(&store_table,
- engine_unregister_all_STORE, e,
- &dummy_nid, 1, 1);

- return 1;
-}
-#endif
-

-#if 0
-/*
- * Exposed API function to get a functional reference from the implementation
- * table (ie. try to get a functional reference from the tabled structural
- * references).
- */
-ENGINE *ENGINE_get_default_STORE(void)
-{
- return engine_table_select(&store_table, dummy_nid);
-}
-#endif
-
/* Obtains an STORE implementation from an ENGINE functional reference */
const STORE_METHOD *ENGINE_get_STORE(const ENGINE *e)
{

Rich Salz

unread,

Feb 2, 2015, 11:58:02 AM2/2/15

to

The branch master has been updated

via c8fa2356a00cbaada8963f739e5570298311a060 (commit)
from f16a64d11f55c01f56baa62ebf1dec7f8fe718cb (commit)

- Log -----------------------------------------------------------------
commit c8fa2356a00cbaada8963f739e5570298311a060
Author: Rich Salz <rs...@openssl.org>
Date: Mon Feb 2 11:56:47 2015 -0500

Dead code cleanup: crypto/ec,ecdh,ecdsa

Reviewed-by: Andy Polyakov <ap...@openssl.org>

-----------------------------------------------------------------------

Summary of changes:

crypto/ec/ec_curve.c | 20 --------------------
crypto/ecdh/ech_lib.c | 16 ----------------
crypto/ecdh/ech_locl.h | 4 ----
crypto/ecdh/ech_ossl.c | 4 ----
crypto/ecdsa/ecs_lib.c | 7 -------
crypto/ecdsa/ecs_locl.h | 4 ----
crypto/ecdsa/ecs_ossl.c | 4 ----
7 files changed, 59 deletions(-)

diff --git a/crypto/ec/ec_curve.c b/crypto/ec/ec_curve.c
index 81846ec..6199e25 100644
--- a/crypto/ec/ec_curve.c
+++ b/crypto/ec/ec_curve.c
@@ -1061,16 +1061,6 @@ static const struct {
NID_X9_62_characteristic_two_field, 0, 21, 2
},
{
- /* no seed */
-# if 0
- /*
- * The algorithm used to derive the curve parameters from the seed
- * used here is slightly different than the algorithm described in
- * X9.62 .
- */
- 0x24, 0xB7, 0xB1, 0x37, 0xC8, 0xA1, 0x4D, 0x69, 0x6E, 0x67, 0x68, 0x75,
- 0x61, 0x51, 0x75, 0x6F, 0xD0, 0xDA, 0x2E, 0x5C,
-# endif
/* p */
0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xC9,
@@ -1100,16 +1090,6 @@ static const struct {
NID_X9_62_characteristic_two_field, 0, 21, 2
},
{
- /* no seed */
-# if 0
- /*
- * The seed here was used to created the curve parameters in normal
- * basis representation (and not the polynomial representation used
- * here)
- */
- 0x85, 0xE2, 0x5B, 0xFE, 0x5C, 0x86, 0x22, 0x6C, 0xDB, 0x12, 0x01, 0x6F,
- 0x75, 0x53, 0xF9, 0xD0, 0xE6, 0x93, 0xA2, 0x68,
-# endif
/* p */
0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xC9,
diff --git a/crypto/ecdh/ech_lib.c b/crypto/ecdh/ech_lib.c
index b910b50..5147368 100644
--- a/crypto/ecdh/ech_lib.c
+++ b/crypto/ecdh/ech_lib.c
@@ -103,11 +103,6 @@ int ECDH_set_method(EC_KEY *eckey, const ECDH_METHOD *meth)
if (ecdh == NULL)
return 0;

-#if 0
- mtmp = ecdh->meth;
- if (mtmp->finish)
- mtmp->finish(eckey);
-#endif
#ifndef OPENSSL_NO_ENGINE
if (ecdh->engine) {
ENGINE_finish(ecdh->engine);
@@ -115,10 +110,6 @@ int ECDH_set_method(EC_KEY *eckey, const ECDH_METHOD *meth)
}
#endif
ecdh->meth = meth;
-#if 0
- if (meth->init)
- meth->init(eckey);
-#endif
return 1;
}

@@ -152,13 +143,6 @@ static ECDH_DATA *ECDH_DATA_new_method(ENGINE *engine)

ret->flags = ret->meth->flags;
CRYPTO_new_ex_data(CRYPTO_EX_INDEX_ECDH, ret, &ret->ex_data);
-#if 0
- if ((ret->meth->init != NULL) && !ret->meth->init(ret)) {
- CRYPTO_free_ex_data(CRYPTO_EX_INDEX_ECDH, ret, &ret->ex_data);
- OPENSSL_free(ret);

- ret = NULL;
- }

-#endif
return (ret);
}

diff --git a/crypto/ecdh/ech_locl.h b/crypto/ecdh/ech_locl.h
index 4e66024..d61ef80 100644
--- a/crypto/ecdh/ech_locl.h
+++ b/crypto/ecdh/ech_locl.h
@@ -68,10 +68,6 @@ struct ecdh_method {
EC_KEY *ecdh, void *(*KDF) (const void *in,
size_t inlen, void *out,
size_t *outlen));
-# if 0
- int (*init) (EC_KEY *eckey);
- int (*finish) (EC_KEY *eckey);
-# endif
int flags;
char *app_data;
};
diff --git a/crypto/ecdh/ech_ossl.c b/crypto/ecdh/ech_ossl.c
index e60cf10..278c41b 100644
--- a/crypto/ecdh/ech_ossl.c
+++ b/crypto/ecdh/ech_ossl.c
@@ -86,10 +86,6 @@ static int ecdh_compute_key(void *out, size_t len, const EC_POINT *pub_key,
static ECDH_METHOD openssl_ecdh_meth = {
"OpenSSL ECDH method",
ecdh_compute_key,
-#if 0
- NULL, /* init */
- NULL, /* finish */
-#endif
ECDH_FLAG_FIPS_METHOD, /* flags */
NULL /* app_data */
};
diff --git a/crypto/ecdsa/ecs_lib.c b/crypto/ecdsa/ecs_lib.c
index 321b425..67e521f 100644
--- a/crypto/ecdsa/ecs_lib.c
+++ b/crypto/ecdsa/ecs_lib.c
@@ -131,13 +131,6 @@ static ECDSA_DATA *ECDSA_DATA_new_method(ENGINE *engine)

ret->flags = ret->meth->flags;
CRYPTO_new_ex_data(CRYPTO_EX_INDEX_ECDSA, ret, &ret->ex_data);
-#if 0
- if ((ret->meth->init != NULL) && !ret->meth->init(ret)) {
- CRYPTO_free_ex_data(CRYPTO_EX_INDEX_ECDSA, ret, &ret->ex_data);
- OPENSSL_free(ret);

- ret = NULL;
- }

-#endif
return (ret);
}

diff --git a/crypto/ecdsa/ecs_locl.h b/crypto/ecdsa/ecs_locl.h
index d3a5efc..9a0666e 100644
--- a/crypto/ecdsa/ecs_locl.h
+++ b/crypto/ecdsa/ecs_locl.h
@@ -74,10 +74,6 @@ struct ecdsa_method {
BIGNUM **r);
int (*ecdsa_do_verify) (const unsigned char *dgst, int dgst_len,
const ECDSA_SIG *sig, EC_KEY *eckey);
-# if 0
- int (*init) (EC_KEY *eckey);
- int (*finish) (EC_KEY *eckey);
-# endif
int flags;
void *app_data;
};
diff --git a/crypto/ecdsa/ecs_ossl.c b/crypto/ecdsa/ecs_ossl.c
index c232321..1343850 100644
--- a/crypto/ecdsa/ecs_ossl.c
+++ b/crypto/ecdsa/ecs_ossl.c
@@ -77,10 +77,6 @@ static ECDSA_METHOD openssl_ecdsa_meth = {
ecdsa_do_sign,
ecdsa_sign_setup_no_digest,
ecdsa_do_verify,
-#if 0
- NULL, /* init */
- NULL, /* finish */
-#endif
ECDSA_FLAG_FIPS_METHOD, /* flags */
NULL /* app_data */
};

Rich Salz

unread,

Feb 2, 2015, 12:44:26 PM2/2/15

to

The branch master has been updated

via e2f80180271f3badc9dec6f3172009b57ba57842 (commit)
from c8fa2356a00cbaada8963f739e5570298311a060 (commit)

- Log -----------------------------------------------------------------
commit e2f80180271f3badc9dec6f3172009b57ba57842
Author: Rich Salz <rs...@openssl.org>
Date: Mon Feb 2 12:43:17 2015 -0500

Dead code removal; #if 0 from crypto/des

Reviewed-by: Andy Polyakov <ap...@openssl.org>

-----------------------------------------------------------------------

Summary of changes:

crypto/des/des_old.c | 10 --------
crypto/des/read_pwd.c | 3 ---
crypto/des/xcbc_enc.c | 64 -------------------------------------------------
3 files changed, 77 deletions(-)

diff --git a/crypto/des/des_old.c b/crypto/des/des_old.c
index 54b0968..6bd88db 100644
--- a/crypto/des/des_old.c
+++ b/crypto/des/des_old.c
@@ -208,16 +208,6 @@ void _ossl_old_des_ede3_ofb64_encrypt(unsigned char *in, unsigned char *out,
(DES_key_schedule *)ks3, ivec, num);
}

-#if 0 /* broken code, preserved just in case anyone
- * specifically looks for this */
-void _ossl_old_des_xwhite_in2out(_ossl_old_des_cblock (*des_key),
- _ossl_old_des_cblock (*in_white),
- _ossl_old_des_cblock (*out_white))
-{
- DES_xwhite_in2out(des_key, in_white, out_white);
-}
-#endif
-
int _ossl_old_des_enc_read(int fd, char *buf, int len, des_key_schedule sched,
_ossl_old_des_cblock *iv)
{
diff --git a/crypto/des/read_pwd.c b/crypto/des/read_pwd.c
index 0a51f88..42903d6 100644
--- a/crypto/des/read_pwd.c
+++ b/crypto/des/read_pwd.c
@@ -373,9 +373,6 @@ int des_read_pw(char *buf, char *buff, int size, const char *prompt,

error:
fprintf(stderr, "\n");
-# if 0
- perror("fgets(tty)");
-# endif
/* What can we do if there is an error? */
# if defined(TTY_set) && !defined(OPENSSL_SYS_VMS)
if (ps >= 2)
diff --git a/crypto/des/xcbc_enc.c b/crypto/des/xcbc_enc.c
index 6fe021b..201ef70 100644
--- a/crypto/des/xcbc_enc.c
+++ b/crypto/des/xcbc_enc.c
@@ -60,70 +60,6 @@

/* RSA's DESX */

-#if 0 /* broken code, preserved just in case anyone
- * specifically looks for this */
-static const unsigned char desx_white_in2out[256] = {
- 0xBD, 0x56, 0xEA, 0xF2, 0xA2, 0xF1, 0xAC, 0x2A, 0xB0, 0x93, 0xD1, 0x9C,
- 0x1B, 0x33, 0xFD, 0xD0,
- 0x30, 0x04, 0xB6, 0xDC, 0x7D, 0xDF, 0x32, 0x4B, 0xF7, 0xCB, 0x45, 0x9B,
- 0x31, 0xBB, 0x21, 0x5A,
- 0x41, 0x9F, 0xE1, 0xD9, 0x4A, 0x4D, 0x9E, 0xDA, 0xA0, 0x68, 0x2C, 0xC3,
- 0x27, 0x5F, 0x80, 0x36,
- 0x3E, 0xEE, 0xFB, 0x95, 0x1A, 0xFE, 0xCE, 0xA8, 0x34, 0xA9, 0x13, 0xF0,
- 0xA6, 0x3F, 0xD8, 0x0C,
- 0x78, 0x24, 0xAF, 0x23, 0x52, 0xC1, 0x67, 0x17, 0xF5, 0x66, 0x90, 0xE7,
- 0xE8, 0x07, 0xB8, 0x60,
- 0x48, 0xE6, 0x1E, 0x53, 0xF3, 0x92, 0xA4, 0x72, 0x8C, 0x08, 0x15, 0x6E,
- 0x86, 0x00, 0x84, 0xFA,
- 0xF4, 0x7F, 0x8A, 0x42, 0x19, 0xF6, 0xDB, 0xCD, 0x14, 0x8D, 0x50, 0x12,
- 0xBA, 0x3C, 0x06, 0x4E,
- 0xEC, 0xB3, 0x35, 0x11, 0xA1, 0x88, 0x8E, 0x2B, 0x94, 0x99, 0xB7, 0x71,
- 0x74, 0xD3, 0xE4, 0xBF,
- 0x3A, 0xDE, 0x96, 0x0E, 0xBC, 0x0A, 0xED, 0x77, 0xFC, 0x37, 0x6B, 0x03,
- 0x79, 0x89, 0x62, 0xC6,
- 0xD7, 0xC0, 0xD2, 0x7C, 0x6A, 0x8B, 0x22, 0xA3, 0x5B, 0x05, 0x5D, 0x02,
- 0x75, 0xD5, 0x61, 0xE3,
- 0x18, 0x8F, 0x55, 0x51, 0xAD, 0x1F, 0x0B, 0x5E, 0x85, 0xE5, 0xC2, 0x57,
- 0x63, 0xCA, 0x3D, 0x6C,
- 0xB4, 0xC5, 0xCC, 0x70, 0xB2, 0x91, 0x59, 0x0D, 0x47, 0x20, 0xC8, 0x4F,
- 0x58, 0xE0, 0x01, 0xE2,
- 0x16, 0x38, 0xC4, 0x6F, 0x3B, 0x0F, 0x65, 0x46, 0xBE, 0x7E, 0x2D, 0x7B,
- 0x82, 0xF9, 0x40, 0xB5,
- 0x1D, 0x73, 0xF8, 0xEB, 0x26, 0xC7, 0x87, 0x97, 0x25, 0x54, 0xB1, 0x28,
- 0xAA, 0x98, 0x9D, 0xA5,
- 0x64, 0x6D, 0x7A, 0xD4, 0x10, 0x81, 0x44, 0xEF, 0x49, 0xD6, 0xAE, 0x2E,
- 0xDD, 0x76, 0x5C, 0x2F,
- 0xA7, 0x1C, 0xC9, 0x09, 0x69, 0x9A, 0x83, 0xCF, 0x29, 0x39, 0xB9, 0xE9,
- 0x4C, 0xFF, 0x43, 0xAB,
-};
-
-void DES_xwhite_in2out(const_DES_cblock *des_key, const_DES_cblock *in_white,
- DES_cblock *out_white)
-{
- int out0, out1;
- int i;
- const unsigned char *key = &(*des_key)[0];
- const unsigned char *in = &(*in_white)[0];
- unsigned char *out = &(*out_white)[0];
-
- out[0] = out[1] = out[2] = out[3] = out[4] = out[5] = out[6] = out[7] = 0;
- out0 = out1 = 0;
- for (i = 0; i < 8; i++) {
- out[i] = key[i] ^ desx_white_in2out[out0 ^ out1];
- out0 = out1;
- out1 = (int)out[i & 0x07];
- }
-
- out0 = out[0];
- out1 = out[i]; /* BUG: out-of-bounds read */
- for (i = 0; i < 8; i++) {
- out[i] = in[i] ^ desx_white_in2out[out0 ^ out1];
- out0 = out1;
- out1 = (int)out[i & 0x07];
- }
-}
-#endif
-
void DES_xcbc_encrypt(const unsigned char *in, unsigned char *out,
long length, DES_key_schedule *schedule,
DES_cblock *ivec, const_DES_cblock *inw,

Rich Salz

unread,

Feb 2, 2015, 4:56:07 PM2/2/15

to

The branch master has been updated

via fd22ab9edf497ad7d98897377ee798953845d022 (commit)
from e2f80180271f3badc9dec6f3172009b57ba57842 (commit)

- Log -----------------------------------------------------------------
commit fd22ab9edf497ad7d98897377ee798953845d022
Author: Rich Salz <rs...@openssl.org>
Date: Mon Feb 2 16:53:54 2015 -0500

Dead code: if 0 removal from crypto/evp and an unused file.

Reviewed-by: Andy Polyakov <ap...@openssl.org>

Reviewed-by: Richard Levitte <lev...@openssl.org>

-----------------------------------------------------------------------

Summary of changes:

crypto/evp/bio_b64.c | 4 -
crypto/evp/c_all.c | 9 -
crypto/evp/e_aes.c | 28 ---
crypto/evp/openbsd_hw.c | 446 -----------------------------------------------
4 files changed, 487 deletions(-)
delete mode 100644 crypto/evp/openbsd_hw.c

diff --git a/crypto/evp/bio_b64.c b/crypto/evp/bio_b64.c
index 538b520..8cbbf02 100644
--- a/crypto/evp/bio_b64.c
+++ b/crypto/evp/bio_b64.c
@@ -298,11 +298,7 @@ static int b64_read(BIO *b, char *out, int outl)
if (BIO_get_flags(b) & BIO_FLAGS_BASE64_NO_NL) {
int z, jj;

-#if 0
- jj = (i >> 2) << 2;
-#else
jj = i & ~3; /* process per 4 */
-#endif
z = EVP_DecodeBlock((unsigned char *)ctx->buf,
(unsigned char *)ctx->tmp, jj);
if (jj > 2) {
diff --git a/crypto/evp/c_all.c b/crypto/evp/c_all.c
index a3ed00d..cc2f8f6 100644
--- a/crypto/evp/c_all.c
+++ b/crypto/evp/c_all.c
@@ -63,15 +63,6 @@
# include <openssl/engine.h>
#endif

-#if 0
-# undef OpenSSL_add_all_algorithms
-
-void OpenSSL_add_all_algorithms(void)
-{
- OPENSSL_add_all_algorithms_noconf();
-}
-#endif
-
void OPENSSL_add_all_algorithms_noconf(void)
{
/*
diff --git a/crypto/evp/e_aes.c b/crypto/evp/e_aes.c
index 15b233c..eaceab2 100644
--- a/crypto/evp/e_aes.c
+++ b/crypto/evp/e_aes.c
@@ -778,11 +778,6 @@ static int aes_t4_xts_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
case 128:
xctx->stream = aes128_t4_xts_encrypt;
break;
-# if 0 /* not yet */
- case 192:
- xctx->stream = aes192_t4_xts_encrypt;
- break;
-# endif
case 256:
xctx->stream = aes256_t4_xts_encrypt;
break;
@@ -796,11 +791,6 @@ static int aes_t4_xts_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
case 128:
xctx->stream = aes128_t4_xts_decrypt;
break;
-# if 0 /* not yet */
- case 192:
- xctx->stream = aes192_t4_xts_decrypt;
- break;
-# endif
case 256:
xctx->stream = aes256_t4_xts_decrypt;
break;
@@ -839,24 +829,6 @@ static int aes_t4_ccm_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
aes_t4_set_encrypt_key(key, bits, &cctx->ks.ks);
CRYPTO_ccm128_init(&cctx->ccm, cctx->M, cctx->L,
&cctx->ks, (block128_f) aes_t4_encrypt);
-# if 0 /* not yet */
- switch (bits) {
- case 128:
- cctx->str = enc ? (ccm128_f) aes128_t4_ccm64_encrypt :
- (ccm128_f) ae128_t4_ccm64_decrypt;
- break;
- case 192:
- cctx->str = enc ? (ccm128_f) aes192_t4_ccm64_encrypt :
- (ccm128_f) ae192_t4_ccm64_decrypt;
- break;
- case 256:
- cctx->str = enc ? (ccm128_f) aes256_t4_ccm64_encrypt :
- (ccm128_f) ae256_t4_ccm64_decrypt;
- break;
- default:
- return 0;
- }
-# endif
cctx->key_set = 1;
}
if (iv) {
diff --git a/crypto/evp/openbsd_hw.c b/crypto/evp/openbsd_hw.c
deleted file mode 100644
index f36de2c..0000000
--- a/crypto/evp/openbsd_hw.c
+++ /dev/null
@@ -1,446 +0,0 @@
-/* Written by Ben Laurie, 2001 */
-/*
- * Copyright (c) 2001 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openss...@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-#include <openssl/evp.h>
-#include <openssl/objects.h>
-#include <openssl/rsa.h>
-#include "evp_locl.h"
-
-/*
- * This stuff should now all be supported through
- * crypto/engine/hw_openbsd_dev_crypto.c unless I botched it up
- */
-static void *dummy = &dummy;
-
-#if 0
-
-/* check flag after OpenSSL headers to ensure make depend works */
-# ifdef OPENSSL_OPENBSD_DEV_CRYPTO
-
-# include <fcntl.h>
-# include <stdio.h>
-# include <errno.h>
-# include <sys/ioctl.h>
-# include <crypto/cryptodev.h>
-# include <unistd.h>
-# include <assert.h>
-
-/* longest key supported in hardware */
-# define MAX_HW_KEY 24
-# define MAX_HW_IV 8
-
-# define MD5_DIGEST_LENGTH 16
-# define MD5_CBLOCK 64
-
-static int fd;
-static int dev_failed;
-
-typedef struct session_op session_op;
-
-# define CDATA(ctx) EVP_C_DATA(session_op,ctx)
-
-static void err(const char *str)
-{
- fprintf(stderr, "%s: errno %d\n", str, errno);
-}
-
-static int dev_crypto_init(session_op *ses)
-{
- if (dev_failed)
- return 0;
- if (!fd) {
- int cryptodev_fd;
-
- if ((cryptodev_fd = open("/dev/crypto", O_RDWR, 0)) < 0) {
- err("/dev/crypto");
- dev_failed = 1;
- return 0;
- }
- if (ioctl(cryptodev_fd, CRIOGET, &fd) == -1) {
- err("CRIOGET failed");
- close(cryptodev_fd);
- dev_failed = 1;
- return 0;
- }
- close(cryptodev_fd);
- }
- assert(ses);
- memset(ses, '\0', sizeof *ses);
-

- return 1;
-}
-

-static int dev_crypto_cleanup(EVP_CIPHER_CTX *ctx)
-{
- if (ioctl(fd, CIOCFSESSION, &CDATA(ctx)->ses) == -1)
- err("CIOCFSESSION failed");
-
- OPENSSL_free(CDATA(ctx)->key);
-

- return 1;
-}
-

-static int dev_crypto_init_key(EVP_CIPHER_CTX *ctx, int cipher,
- const unsigned char *key, int klen)
-{
- if (!dev_crypto_init(CDATA(ctx)))
- return 0;
-
- CDATA(ctx)->key = OPENSSL_malloc(MAX_HW_KEY);
- if (CDATA(ctx)->key == NULL)
- return 0;
-
- assert(ctx->cipher->iv_len <= MAX_HW_IV);
-
- memcpy(CDATA(ctx)->key, key, klen);
-
- CDATA(ctx)->cipher = cipher;
- CDATA(ctx)->keylen = klen;
-
- if (ioctl(fd, CIOCGSESSION, CDATA(ctx)) == -1) {
- err("CIOCGSESSION failed");
- return 0;
- }
- return 1;
-}
-
-static int dev_crypto_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
- const unsigned char *in, unsigned int inl)
-{
- struct crypt_op cryp;
- unsigned char lb[MAX_HW_IV];
-
- if (!inl)
- return 1;
-
- assert(CDATA(ctx));
- assert(!dev_failed);
-
- memset(&cryp, '\0', sizeof cryp);
- cryp.ses = CDATA(ctx)->ses;
- cryp.op = ctx->encrypt ? COP_ENCRYPT : COP_DECRYPT;
- cryp.flags = 0;
- cryp.len = inl;
- assert((inl & (ctx->cipher->block_size - 1)) == 0);
- cryp.src = (caddr_t) in;
- cryp.dst = (caddr_t) out;
- cryp.mac = 0;
- if (ctx->cipher->iv_len)
- cryp.iv = (caddr_t) ctx->iv;
-
- if (!ctx->encrypt)
- memcpy(lb, &in[cryp.len - ctx->cipher->iv_len], ctx->cipher->iv_len);
-
- if (ioctl(fd, CIOCCRYPT, &cryp) == -1) {
- if (errno == EINVAL) { /* buffers are misaligned */
- unsigned int cinl = 0;
- char *cin = NULL;
- char *cout = NULL;
-
- /* NB: this can only make cinl != inl with stream ciphers */
- cinl = (inl + 3) / 4 * 4;
-
- if (((unsigned long)in & 3) || cinl != inl) {
- cin = OPENSSL_malloc(cinl);
- if (cin == NULL)
- return 0;
- memcpy(cin, in, inl);
- cryp.src = cin;
- }
-
- if (((unsigned long)out & 3) || cinl != inl) {
- cout = OPENSSL_malloc(cinl);
- if (cout == NULL) {
- if (cin != NULL)
- OPENSSL_free(cin);
- return 0;
- }
- cryp.dst = cout;
- }
-
- cryp.len = cinl;
-
- if (ioctl(fd, CIOCCRYPT, &cryp) == -1) {
- err("CIOCCRYPT(2) failed");
- printf("src=%p dst=%p\n", cryp.src, cryp.dst);
- abort();

- return 0;
- }
-

- if (cout) {
- memcpy(out, cout, inl);
- OPENSSL_free(cout);
- }
- if (cin)
- OPENSSL_free(cin);
- } else {
- err("CIOCCRYPT failed");
- abort();

- return 0;
- }
- }
-

- if (ctx->encrypt)
- memcpy(ctx->iv, &out[cryp.len - ctx->cipher->iv_len],
- ctx->cipher->iv_len);
- else
- memcpy(ctx->iv, lb, ctx->cipher->iv_len);
-

- return 1;
-}
-

-static int dev_crypto_des_ede3_init_key(EVP_CIPHER_CTX *ctx,
- const unsigned char *key,
- const unsigned char *iv, int enc)
-{
- return dev_crypto_init_key(ctx, CRYPTO_3DES_CBC, key, 24);
-}
-
-# define dev_crypto_des_ede3_cbc_cipher dev_crypto_cipher
-
-BLOCK_CIPHER_def_cbc(dev_crypto_des_ede3, session_op, NID_des_ede3, 8, 24, 8,
- 0, dev_crypto_des_ede3_init_key,
- dev_crypto_cleanup,
- EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv, NULL)
-
-static int dev_crypto_rc4_init_key(EVP_CIPHER_CTX *ctx,
- const unsigned char *key,
- const unsigned char *iv, int enc)
-{
- return dev_crypto_init_key(ctx, CRYPTO_ARC4, key, 16);
-}
-
-static const EVP_CIPHER r4_cipher = {
- NID_rc4,
- 1, 16, 0, /* FIXME: key should be up to 256 bytes */
- EVP_CIPH_VARIABLE_LENGTH,
- dev_crypto_rc4_init_key,
- dev_crypto_cipher,
- dev_crypto_cleanup,
- sizeof(session_op),
- NULL,
- NULL,
- NULL
-};
-
-const EVP_CIPHER *EVP_dev_crypto_rc4(void)
-{
- return &r4_cipher;
-}
-
-typedef struct {
- session_op sess;
- char *data;
- int len;
- unsigned char md[EVP_MAX_MD_SIZE];
-} MD_DATA;
-
-static int dev_crypto_init_digest(MD_DATA *md_data, int mac)
-{
- if (!dev_crypto_init(&md_data->sess))
- return 0;
-
- md_data->len = 0;
- md_data->data = NULL;
-
- md_data->sess.mac = mac;
-
- if (ioctl(fd, CIOCGSESSION, &md_data->sess) == -1) {
- err("CIOCGSESSION failed");
- return 0;
- }
- return 1;
-}
-
-static int dev_crypto_cleanup_digest(MD_DATA *md_data)
-{
- if (ioctl(fd, CIOCFSESSION, &md_data->sess.ses) == -1) {
- err("CIOCFSESSION failed");

- return 0;
- }
-

- return 1;
-}
-
-/* FIXME: if device can do chained MACs, then don't accumulate */
-/* FIXME: move accumulation to the framework */
-static int dev_crypto_md5_init(EVP_MD_CTX *ctx)
-{
- return dev_crypto_init_digest(ctx->md_data, CRYPTO_MD5);
-}
-
-static int do_digest(int ses, unsigned char *md, const void *data, int len)
-{
- struct crypt_op cryp;
- static const unsigned char md5zero[16] = {
- 0xd4, 0x1d, 0x8c, 0xd9, 0x8f, 0x00, 0xb2, 0x04,
- 0xe9, 0x80, 0x09, 0x98, 0xec, 0xf8, 0x42, 0x7e
- };
-
- /* some cards can't do zero length */
- if (!len) {
- memcpy(md, md5zero, 16);

- return 1;
- }
-

- memset(&cryp, '\0', sizeof cryp);
- cryp.ses = ses;
- cryp.op = COP_ENCRYPT; /* required to do the MAC rather than check
- * it */
- cryp.len = len;
- cryp.src = (caddr_t) data;
- cryp.dst = (caddr_t) data; // FIXME!!!
- cryp.mac = (caddr_t) md;
-
- if (ioctl(fd, CIOCCRYPT, &cryp) == -1) {
- if (errno == EINVAL) { /* buffer is misaligned */
- char *dcopy;
-
- dcopy = OPENSSL_malloc(len);
- memcpy(dcopy, data, len);
- cryp.src = dcopy;
- cryp.dst = cryp.src; // FIXME!!!
-
- if (ioctl(fd, CIOCCRYPT, &cryp) == -1) {
- err("CIOCCRYPT(MAC2) failed");
- abort();
- return 0;
- }
- OPENSSL_free(dcopy);
- } else {
- err("CIOCCRYPT(MAC) failed");
- abort();

- return 0;
- }
- }

- // printf("done\n");
-

- return 1;
-}
-

-static int dev_crypto_md5_update(EVP_MD_CTX *ctx, const void *data,
- unsigned long len)
-{
- MD_DATA *md_data = ctx->md_data;
- char *tmp_md_data;
-
- if (ctx->flags & EVP_MD_CTX_FLAG_ONESHOT)
- return do_digest(md_data->sess.ses, md_data->md, data, len);
-
- tmp_md_data = OPENSSL_realloc(md_data->data, md_data->len + len);
- if (tmp_md_data == NULL)
- return 0;
- md_data->data = tmp_md_data;
- memcpy(md_data->data + md_data->len, data, len);
- md_data->len += len;
-

- return 1;
-}
-

-static int dev_crypto_md5_final(EVP_MD_CTX *ctx, unsigned char *md)
-{
- int ret;
- MD_DATA *md_data = ctx->md_data;
-
- if (ctx->flags & EVP_MD_CTX_FLAG_ONESHOT) {
- memcpy(md, md_data->md, MD5_DIGEST_LENGTH);

- ret = 1;
- } else {

- ret = do_digest(md_data->sess.ses, md, md_data->data, md_data->len);
- OPENSSL_free(md_data->data);
- md_data->data = NULL;
- md_data->len = 0;
- }

-
- return ret;
-}
-

-static int dev_crypto_md5_copy(EVP_MD_CTX *to, const EVP_MD_CTX *from)
-{
- const MD_DATA *from_md = from->md_data;
- MD_DATA *to_md = to->md_data;
-
- // How do we copy sessions?
- assert(from->digest->flags & EVP_MD_FLAG_ONESHOT);
-
- to_md->data = OPENSSL_malloc(from_md->len);
- if (to_md->data == NULL)
- return 0;
- memcpy(to_md->data, from_md->data, from_md->len);
-

- return 1;
-}
-

-static int dev_crypto_md5_cleanup(EVP_MD_CTX *ctx)
-{
- return dev_crypto_cleanup_digest(ctx->md_data);
-}
-
-static const EVP_MD md5_md = {
- NID_md5,
- NID_md5WithRSAEncryption,
- MD5_DIGEST_LENGTH,
- EVP_MD_FLAG_ONESHOT, // XXX: set according to device info...
- dev_crypto_md5_init,
- dev_crypto_md5_update,
- dev_crypto_md5_final,
- dev_crypto_md5_copy,
- dev_crypto_md5_cleanup,
- EVP_PKEY_RSA_method,
- MD5_CBLOCK,
- sizeof(MD_DATA),
-};
-
-const EVP_MD *EVP_dev_crypto_md5(void)
-{
- return &md5_md;
-}
-
-# endif
-#endif

Rich Salz

unread,

Feb 2, 2015, 6:59:29 PM2/2/15

to

The branch master has been updated

via 24956ca00f014a917fb181a8abc39b349f3f316f (commit)
from fd22ab9edf497ad7d98897377ee798953845d022 (commit)

- Log -----------------------------------------------------------------
commit 24956ca00f014a917fb181a8abc39b349f3f316f
Author: Rich Salz <rs...@openssl.org>
Date: Mon Feb 2 18:46:01 2015 -0500

Remove old DES API

Includes VMS fixes from Richard.
Includes Kurt's destest fixes (RT 1290).
Closes tickets 1290 and 1291

Reviewed-by: Kurt Roeckx <ku...@openssl.org>

Reviewed-by: Richard Levitte <lev...@openssl.org>

-----------------------------------------------------------------------

Summary of changes:

CHANGES | 3 +
apps/Makefile | 6 +-
crypto/crypto-lib.com | 2 +-
crypto/des/DES.pm | 19 -
crypto/des/DES.xs | 268 -----------
crypto/des/FILES0 | 96 ----
crypto/des/INSTALL | 69 ---
crypto/des/Imakefile | 35 --
crypto/des/KERBEROS | 41 --
crypto/des/Makefile | 64 ++-
crypto/des/VERSION | 412 -----------------
crypto/des/cbc3_enc.c | 95 ----
crypto/des/des-lib.com | 1005 ------------------------------------------
crypto/des/des.h | 10 -
crypto/des/des.pod | 219 ---------
crypto/des/des3s.cpp | 67 ---
crypto/des/des_old.c | 335 --------------
crypto/des/des_old.h | 477 --------------------
crypto/des/des_old2.c | 80 ----
crypto/des/dess.cpp | 67 ---
crypto/des/destest.c | 102 ++---
crypto/des/makefile.bc | 50 ---
crypto/des/options.txt | 39 --
crypto/des/read_pwd.c | 493 ---------------------
crypto/des/rpw.c | 90 ----
crypto/des/t/test | 27 --
crypto/des/times/486-50.sol | 16 -
crypto/des/times/586-100.lnx | 20 -
crypto/des/times/686-200.fre | 18 -
crypto/des/times/aix.cc | 26 --
crypto/des/times/alpha.cc | 18 -
crypto/des/times/hpux.cc | 17 -
crypto/des/times/sparc.gcc | 17 -
crypto/des/times/usparc.cc | 31 --
crypto/des/typemap | 34 --
crypto/evp/Makefile | 8 +-
crypto/install-crypto.com | 2 +-
crypto/mdc2/Makefile | 4 +-
crypto/pem/Makefile | 2 +-
makevms.com | 2 +-
test/Makefile | 4 +-
41 files changed, 95 insertions(+), 4295 deletions(-)
delete mode 100644 crypto/des/DES.pm
delete mode 100644 crypto/des/DES.xs
delete mode 100644 crypto/des/FILES0
delete mode 100644 crypto/des/INSTALL
delete mode 100644 crypto/des/Imakefile
delete mode 100644 crypto/des/KERBEROS
delete mode 100644 crypto/des/VERSION
delete mode 100644 crypto/des/cbc3_enc.c
delete mode 100644 crypto/des/des-lib.com
delete mode 100644 crypto/des/des.pod
delete mode 100644 crypto/des/des3s.cpp
delete mode 100644 crypto/des/des_old.c
delete mode 100644 crypto/des/des_old.h
delete mode 100644 crypto/des/des_old2.c
delete mode 100644 crypto/des/dess.cpp
delete mode 100644 crypto/des/makefile.bc
delete mode 100644 crypto/des/options.txt
delete mode 100644 crypto/des/read_pwd.c
delete mode 100644 crypto/des/rpw.c
delete mode 100644 crypto/des/t/test
delete mode 100644 crypto/des/times/486-50.sol
delete mode 100644 crypto/des/times/586-100.lnx
delete mode 100644 crypto/des/times/686-200.fre
delete mode 100644 crypto/des/times/aix.cc
delete mode 100644 crypto/des/times/alpha.cc
delete mode 100644 crypto/des/times/hpux.cc
delete mode 100644 crypto/des/times/sparc.gcc
delete mode 100644 crypto/des/times/usparc.cc
delete mode 100644 crypto/des/typemap

diff --git a/CHANGES b/CHANGES
index 4b78387..11176ce 100644
--- a/CHANGES
+++ b/CHANGES
@@ -31,6 +31,9 @@
done while fixing the error code for the key-too-small case.
[Annie Yousar <a.yo...@informatik.hu-berlin.de>]

+ *) Removed old DES API.
+ [Rich Salz]
+
*) Remove various unsupported platforms:
Sony NEWS4
BEOS and BEOS_R5
diff --git a/apps/Makefile b/apps/Makefile
index 4270659..3af50b1 100644
--- a/apps/Makefile
+++ b/apps/Makefile
@@ -593,7 +593,7 @@ openssl.o: openssl.c progs.h s_apps.h
passwd.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
passwd.o: ../include/openssl/buffer.h ../include/openssl/conf.h
passwd.o: ../include/openssl/crypto.h ../include/openssl/des.h
-passwd.o: ../include/openssl/des_old.h ../include/openssl/e_os2.h
+passwd.o: ../include/openssl/e_os2.h
passwd.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
passwd.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
passwd.o: ../include/openssl/err.h ../include/openssl/evp.h
@@ -936,7 +936,7 @@ speed.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
speed.o: ../include/openssl/bn.h ../include/openssl/buffer.h
speed.o: ../include/openssl/camellia.h ../include/openssl/cast.h
speed.o: ../include/openssl/conf.h ../include/openssl/crypto.h
-speed.o: ../include/openssl/des.h ../include/openssl/des_old.h
+speed.o: ../include/openssl/des.h
speed.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
speed.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
speed.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
@@ -1026,7 +1026,7 @@ version.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
version.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
version.o: ../include/openssl/buffer.h ../include/openssl/conf.h
version.o: ../include/openssl/crypto.h ../include/openssl/des.h
-version.o: ../include/openssl/des_old.h ../include/openssl/e_os2.h
+version.o: ../include/openssl/e_os2.h
version.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
version.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
version.o: ../include/openssl/evp.h ../include/openssl/idea.h
diff --git a/crypto/crypto-lib.com b/crypto/crypto-lib.com
index 84ca96e..0b76a33 100644
--- a/crypto/crypto-lib.com
+++ b/crypto/crypto-lib.com
@@ -234,7 +234,7 @@ $ LIB_DES = "set_key,ecb_enc,cbc_enc,"+ -

"ofb_enc,str2key,pcbc_enc,qud_cksm,rand_key,"+ -
"des_enc,fcrypt_b,"+ -
"fcrypt,xcbc_enc,rpc_enc,cbc_cksm,"+ -

- "des_old,des_old2,read2pwd"
+ "read2pwd"

$ LIB_AES = "aes_misc,aes_ecb,aes_cfb,aes_ofb,aes_ige,aes_wrap,"+ -

"aes_core,aes_cbc"
$ LIB_RC2 = "rc2_ecb,rc2_skey,rc2_cbc,rc2cfb64,rc2ofb64"

diff --git a/crypto/des/DES.pm b/crypto/des/DES.pm
deleted file mode 100644
index 6a175b6..0000000
--- a/crypto/des/DES.pm
+++ /dev/null
@@ -1,19 +0,0 @@
-package DES;
-
-require Exporter;
-require DynaLoader;
-@ISA = qw(Exporter DynaLoader);
-# Items to export into callers namespace by default
-# (move infrequently used names to @EXPORT_OK below)
-@EXPORT = qw(
-);
-# Other items we are prepared to export if requested
-@EXPORT_OK = qw(
-crypt
-);
-
-# Preloaded methods go here. Autoload methods go after __END__, and are
-# processed by the autosplit program.
-bootstrap DES;
-1;
-__END__
diff --git a/crypto/des/DES.xs b/crypto/des/DES.xs
deleted file mode 100644
index b8050b9..0000000
--- a/crypto/des/DES.xs
+++ /dev/null
@@ -1,268 +0,0 @@
-#include "EXTERN.h"
-#include "perl.h"
-#include "XSUB.h"
-#include "des.h"
-
-#define deschar char
-static STRLEN len;
-
-static int
-not_here(s)
-char *s;
-{
- croak("%s not implemented on this architecture", s);

- return -1;
-}
-

-MODULE = DES PACKAGE = DES PREFIX = des_
-
-char *
-des_crypt(buf,salt)
- char * buf
- char * salt
-
-void
-des_set_odd_parity(key)
- des_cblock * key
-PPCODE:
- {
- SV *s;
-
- s=sv_newmortal();
- sv_setpvn(s,(char *)key,8);
- des_set_odd_parity((des_cblock *)SvPV(s,na));
- PUSHs(s);
- }
-
-int
-des_is_weak_key(key)
- des_cblock * key
-
-des_key_schedule
-des_set_key(key)
- des_cblock * key
-CODE:
- des_set_key(key,RETVAL);
-OUTPUT:
-RETVAL
-
-des_cblock
-des_ecb_encrypt(input,ks,encrypt)
- des_cblock * input
- des_key_schedule * ks
- int encrypt
-CODE:
- des_ecb_encrypt(input,&RETVAL,*ks,encrypt);
-OUTPUT:
-RETVAL
-
-void
-des_cbc_encrypt(input,ks,ivec,encrypt)
- char * input
- des_key_schedule * ks
- des_cblock * ivec
- int encrypt
-PPCODE:
- {
- SV *s;
- STRLEN len,l;
- char *c;
-
- l=SvCUR(ST(0));
- len=((((unsigned long)l)+7)/8)*8;
- s=sv_newmortal();
- sv_setpvn(s,"",0);
- SvGROW(s,len);
- SvCUR_set(s,len);
- c=(char *)SvPV(s,na);
- des_cbc_encrypt((des_cblock *)input,(des_cblock *)c,
- l,*ks,ivec,encrypt);
- sv_setpvn(ST(2),(char *)c[len-8],8);
- PUSHs(s);
- }
-
-void
-des_cbc3_encrypt(input,ks1,ks2,ivec1,ivec2,encrypt)
- char * input
- des_key_schedule * ks1
- des_key_schedule * ks2
- des_cblock * ivec1
- des_cblock * ivec2
- int encrypt
-PPCODE:
- {
- SV *s;
- STRLEN len,l;
-
- l=SvCUR(ST(0));
- len=((((unsigned long)l)+7)/8)*8;
- s=sv_newmortal();
- sv_setpvn(s,"",0);
- SvGROW(s,len);
- SvCUR_set(s,len);
- des_3cbc_encrypt((des_cblock *)input,(des_cblock *)SvPV(s,na),
- l,*ks1,*ks2,ivec1,ivec2,encrypt);
- sv_setpvn(ST(3),(char *)ivec1,8);
- sv_setpvn(ST(4),(char *)ivec2,8);
- PUSHs(s);
- }
-
-void
-des_cbc_cksum(input,ks,ivec)
- char * input
- des_key_schedule * ks
- des_cblock * ivec
-PPCODE:
- {
- SV *s1,*s2;
- STRLEN len,l;
- des_cblock c;
- unsigned long i1,i2;
-
- s1=sv_newmortal();
- s2=sv_newmortal();
- l=SvCUR(ST(0));
- des_cbc_cksum((des_cblock *)input,(des_cblock *)c,
- l,*ks,ivec);
- i1=c[4]|(c[5]<<8)|(c[6]<<16)|(c[7]<<24);
- i2=c[0]|(c[1]<<8)|(c[2]<<16)|(c[3]<<24);
- sv_setiv(s1,i1);
- sv_setiv(s2,i2);
- sv_setpvn(ST(2),(char *)c,8);
- PUSHs(s1);
- PUSHs(s2);
- }
-
-void
-des_cfb_encrypt(input,numbits,ks,ivec,encrypt)
- char * input
- int numbits
- des_key_schedule * ks
- des_cblock * ivec
- int encrypt
-PPCODE:
- {
- SV *s;
- STRLEN len;
- char *c;
-
- len=SvCUR(ST(0));
- s=sv_newmortal();
- sv_setpvn(s,"",0);
- SvGROW(s,len);
- SvCUR_set(s,len);
- c=(char *)SvPV(s,na);
- des_cfb_encrypt((unsigned char *)input,(unsigned char *)c,
- (int)numbits,(long)len,*ks,ivec,encrypt);
- sv_setpvn(ST(3),(char *)ivec,8);
- PUSHs(s);
- }
-
-des_cblock *
-des_ecb3_encrypt(input,ks1,ks2,encrypt)
- des_cblock * input
- des_key_schedule * ks1
- des_key_schedule * ks2
- int encrypt
-CODE:
- {
- des_cblock c;
-
- des_ecb3_encrypt((des_cblock *)input,(des_cblock *)&c,
- *ks1,*ks2,encrypt);
- RETVAL= &c;
- }
-OUTPUT:
-RETVAL
-
-void
-des_ofb_encrypt(input,numbits,ks,ivec)
- unsigned char * input
- int numbits
- des_key_schedule * ks
- des_cblock * ivec
-PPCODE:
- {
- SV *s;
- STRLEN len,l;
- unsigned char *c;
-
- len=SvCUR(ST(0));
- s=sv_newmortal();
- sv_setpvn(s,"",0);
- SvGROW(s,len);
- SvCUR_set(s,len);
- c=(unsigned char *)SvPV(s,na);
- des_ofb_encrypt((unsigned char *)input,(unsigned char *)c,
- numbits,len,*ks,ivec);
- sv_setpvn(ST(3),(char *)ivec,8);
- PUSHs(s);
- }
-
-void
-des_pcbc_encrypt(input,ks,ivec,encrypt)
- char * input
- des_key_schedule * ks
- des_cblock * ivec
- int encrypt
-PPCODE:
- {
- SV *s;
- STRLEN len,l;
- char *c;
-
- l=SvCUR(ST(0));
- len=((((unsigned long)l)+7)/8)*8;
- s=sv_newmortal();
- sv_setpvn(s,"",0);
- SvGROW(s,len);
- SvCUR_set(s,len);
- c=(char *)SvPV(s,na);
- des_pcbc_encrypt((des_cblock *)input,(des_cblock *)c,
- l,*ks,ivec,encrypt);
- sv_setpvn(ST(2),(char *)c[len-8],8);
- PUSHs(s);
- }
-
-des_cblock *
-des_random_key()
-CODE:
- {
- des_cblock c;
-
- des_random_key(c);
- RETVAL=&c;
- }
-OUTPUT:
-RETVAL
-
-des_cblock *
-des_string_to_key(str)
-char * str
-CODE:
- {
- des_cblock c;
-
- des_string_to_key(str,&c);
- RETVAL=&c;
- }
-OUTPUT:
-RETVAL
-
-void
-des_string_to_2keys(str)
-char * str
-PPCODE:
- {
- des_cblock c1,c2;
- SV *s1,*s2;
-
- des_string_to_2keys(str,&c1,&c2);
- EXTEND(sp,2);
- s1=sv_newmortal();
- sv_setpvn(s1,(char *)c1,8);
- s2=sv_newmortal();
- sv_setpvn(s2,(char *)c2,8);
- PUSHs(s1);
- PUSHs(s2);
- }
diff --git a/crypto/des/FILES0 b/crypto/des/FILES0
deleted file mode 100644
index 4c7ea2d..0000000
--- a/crypto/des/FILES0
+++ /dev/null
@@ -1,96 +0,0 @@
-/* General stuff */
-COPYRIGHT - Copyright info.
-MODES.DES - A description of the features of the different modes of DES.
-FILES - This file.
-INSTALL - How to make things compile.
-Imakefile - For use with kerberos.
-README - What this package is.
-VERSION - Which version this is and what was changed.
-KERBEROS - Kerberos version 4 notes.
-Makefile.PL - An old makefile to build with perl5, not current.
-Makefile.ssl - The SSLeay makefile
-Makefile.uni - The normal unix makefile.
-GNUmakefile - The makefile for use with glibc.
-makefile.bc - A Borland C makefile
-times - Some outputs from 'speed' on some machines.
-vms.com - For use when compiling under VMS
-
-/* My SunOS des(1) replacement */
-des.c - des(1) source code.
-des.man - des(1) manual.
-
-/* Testing and timing programs. */
-destest.c - Source for libdes.a test program.
-speed.c - Source for libdes.a timing program.
-rpw.c - Source for libdes.a testing password reading routines.
-
-/* libdes.a source code */
-des_crypt.man - libdes.a manual page.
-des.h - Public libdes.a header file.
-ecb_enc.c - des_ecb_encrypt() source, this contains the basic DES code.
-ecb3_enc.c - des_ecb3_encrypt() source.
-cbc_ckm.c - des_cbc_cksum() source.
-cbc_enc.c - des_cbc_encrypt() source.
-ncbc_enc.c - des_cbc_encrypt() that is 'normal' in that it copies
- the new iv values back in the passed iv vector.
-ede_enc.c - des_ede3_cbc_encrypt() cbc mode des using triple DES.
-cbc3_enc.c - des_3cbc_encrypt() source, don't use this function.
-cfb_enc.c - des_cfb_encrypt() source.
-cfb64enc.c - des_cfb64_encrypt() cfb in 64 bit mode but setup to be
- used as a stream cipher.
-cfb64ede.c - des_ede3_cfb64_encrypt() cfb in 64 bit mode but setup to be
- used as a stream cipher and using triple DES.
-ofb_enc.c - des_cfb_encrypt() source.
-ofb64_enc.c - des_ofb_encrypt() ofb in 64 bit mode but setup to be
- used as a stream cipher.
-ofb64ede.c - des_ede3_ofb64_encrypt() ofb in 64 bit mode but setup to be
- used as a stream cipher and using triple DES.
-enc_read.c - des_enc_read() source.
-enc_writ.c - des_enc_write() source.
-pcbc_enc.c - des_pcbc_encrypt() source.
-qud_cksm.c - quad_cksum() source.
-rand_key.c - des_random_key() source.
-read_pwd.c - Source for des_read_password() plus related functions.
-set_key.c - Source for des_set_key().
-str2key.c - Covert a string of any length into a key.
-fcrypt.c - A small, fast version of crypt(3).
-des_locl.h - Internal libdes.a header file.
-podd.h - Odd parity tables - used in des_set_key().
-sk.h - Lookup tables used in des_set_key().
-spr.h - What is left of the S tables - used in ecb_encrypt().
-des_ver.h - header file for the external definition of the
- version string.
-des.doc - SSLeay documentation for the library.
-
-/* The perl scripts - you can ignore these files they are only
- * included for the curious */
-des.pl - des in perl anyone? des_set_key and des_ecb_encrypt
- both done in a perl library.
-testdes.pl - Testing program for des.pl
-doIP - Perl script used to develop IP xor/shift code.
-doPC1 - Perl script used to develop PC1 xor/shift code.
-doPC2 - Generates sk.h.
-PC1 - Output of doPC1 should be the same as output from PC1.
-PC2 - used in development of doPC2.
-shifts.pl - Perl library used by my perl scripts.
-
-/* I started making a perl5 dynamic library for libdes
- * but did not fully finish, these files are part of that effort. */
-DES.pm
-DES.pod
-DES.xs
-t
-typemap
-
-/* The following are for use with sun RPC implementaions. */
-rpc_des.h
-rpc_enc.c
-
-/* The following are contibuted by Mark Murray <ma...@grondar.za>. They
- * are not normally built into libdes due to machine specific routines
- * contained in them. They are for use in the most recent incarnation of
- * export kerberos v 4 (eBones). */
-supp.c
-new_rkey.c
-
-
diff --git a/crypto/des/INSTALL b/crypto/des/INSTALL
deleted file mode 100644
index 8aebdfe..0000000
--- a/crypto/des/INSTALL
+++ /dev/null
@@ -1,69 +0,0 @@
-Check the CC and CFLAGS lines in the makefile
-
-If your C library does not support the times(3) function, change the
-#define TIMES to
-#undef TIMES in speed.c
-If it does, check the HZ value for the times(3) function.
-If your system does not define CLK_TCK it will be assumed to
-be 100.0.
-
-If possible use gcc v 2.7.?
-Turn on the maximum optimising (normally '-O3 -fomit-frame-pointer' for gcc)
-In recent times, some system compilers give better performace.
-
-type 'make'
-
-run './destest' to check things are ok.
-run './rpw' to check the tty code for reading passwords works.
-run './speed' to see how fast those optimisations make the library run :-)
-run './des_opts' to determin the best compile time options.
-
-The output from des_opts should be put in the makefile options and des_enc.c
-should be rebuilt. For 64 bit computers, do not use the DES_PTR option.
-For the DEC Alpha, edit des.h and change DES_LONG to 'unsigned int'
-and then you can use the 'DES_PTR' option.
-
-The file options.txt has the options listed for best speed on quite a
-few systems. Look and the options (UNROLL, PTR, RISC2 etc) and then
-turn on the relevant option in the Makefile.
-
-There are some special Makefile targets that make life easier.
-make cc - standard cc build
-make gcc - standard gcc build
-make x86-elf - x86 assembler (elf), linux-elf.
-make x86-out - x86 assembler (a.out), FreeBSD
-make x86-solaris- x86 assembler
-make x86-bsdi - x86 assembler (a.out with primative assembler).
-
-If at all possible use the assembler (for Windows NT/95, use
-asm/win32.obj to link with). The x86 assembler is very very fast.
-
-A make install will by default install
-libdes.a in /usr/local/lib/libdes.a
-des in /usr/local/bin/des
-des_crypt.man in /usr/local/man/man3/des_crypt.3
-des.man in /usr/local/man/man1/des.1
-des.h in /usr/include/des.h
-
-des(1) should be compatible with sunOS's but I have been unable to
-test it.
-
-These routines should compile on MSDOS, most 32bit and 64bit version
-of Unix (BSD and SYSV) and VMS, without modification.
-The only problems should be #include files that are in the wrong places.
-
-These routines can be compiled under MSDOS.
-I have successfully encrypted files using des(1) under MSDOS and then
-decrypted the files on a SparcStation.
-I have been able to compile and test the routines with
-Microsoft C v 5.1 and Turbo C v 2.0.
-The code in this library is in no way optimised for the 16bit
-operation of MSDOS.
-
-When building for glibc, ignore all of the above and just unpack into
-glibc-1.??/des and then gmake as per normal.
-
-As a final note on performace. Certain CPUs like sparcs and Alpha often give
-a %10 speed difference depending on the link order. It is rather anoying
-when one program reports 'x' DES encrypts a second and another reports
-'x*0.9' the speed.
diff --git a/crypto/des/Imakefile b/crypto/des/Imakefile
deleted file mode 100644
index 1b9b562..0000000
--- a/crypto/des/Imakefile
+++ /dev/null
@@ -1,35 +0,0 @@
-# This Imakefile has not been tested for a while but it should still
-# work when placed in the correct directory in the kerberos v 4 distribution
-
-SRCS= cbc_cksm.c cbc_enc.c ecb_enc.c pcbc_enc.c \
- qud_cksm.c rand_key.c read_pwd.c set_key.c str2key.c \
- enc_read.c enc_writ.c fcrypt.c cfb_enc.c \
- ecb3_enc.c ofb_enc.c ofb64enc.c
-
-OBJS= cbc_cksm.o cbc_enc.o ecb_enc.o pcbc_enc.o \
- qud_cksm.o rand_key.o read_pwd.o set_key.o str2key.o \
- enc_read.o enc_writ.o fcrypt.o cfb_enc.o \
- ecb3_enc.o ofb_enc.o ofb64enc.o
-
-GENERAL=COPYRIGHT FILES INSTALL Imakefile README VERSION makefile times \
- vms.com KERBEROS
-DES= des.c des.man
-TESTING=destest.c speed.c rpw.c
-LIBDES= des_crypt.man des.h des_locl.h podd.h sk.h spr.h
-
-PERL= des.pl testdes.pl doIP doPC1 doPC2 PC1 PC2 shifts.pl
-
-CODE= $(GENERAL) $(DES) $(TESTING) $(SRCS) $(LIBDES) $(PERL)
-
-SRCDIR=$(SRCTOP)/lib/des
-
-DBG= -O
-INCLUDE= -I$(SRCDIR)
-CC= cc
-
-library_obj_rule()
-
-install_library_target(des,$(OBJS),$(SRCS),)
-
-test(destest,libdes.a,)
-test(rpw,libdes.a,)
diff --git a/crypto/des/KERBEROS b/crypto/des/KERBEROS
deleted file mode 100644
index f401b10..0000000
--- a/crypto/des/KERBEROS
+++ /dev/null
@@ -1,41 +0,0 @@
- [ This is an old file, I don't know if it is true anymore
- but I will leave the file here - eay 21/11/95 ]
-
-To use this library with Bones (kerberos without DES):
-1) Get my modified Bones - eBones. It can be found on
- gondwana.ecr.mu.oz.au (128.250.1.63) /pub/athena/eBones-p9.tar.Z
- and
- nic.funet.fi (128.214.6.100) /pub/unix/security/Kerberos/eBones-p9.tar.Z
-
-2) Unpack this library in src/lib/des, makeing sure it is version
- 3.00 or greater (libdes.tar.93-10-07.Z). This versions differences
- from the version in comp.sources.misc volume 29 patchlevel2.
- The primarily difference is that it should compile under kerberos :-).
- It can be found at.
- ftp.psy.uq.oz.au (130.102.32.1) /pub/DES/libdes.tar.93-10-07.Z
-
-Now do a normal kerberos build and things should work.
-
-One problem I found when I was build on my local sun.
----
-For sunOS 4.1.1 apply the following patch to src/util/ss/make_commands.c
-
-*** make_commands.c.orig Fri Jul 3 04:18:35 1987
---- make_commands.c Wed May 20 08:47:42 1992
-***************
-*** 98,104 ****
- if (!rename(o_file, z_file)) {
- if (!vfork()) {
- chdir("/tmp");
-! execl("/bin/ld", "ld", "-o", o_file+5, "-s", "-r", "-n",
- z_file+5, 0);
- perror("/bin/ld");
- _exit(1);
---- 98,104 ----
- if (!rename(o_file, z_file)) {
- if (!vfork()) {
- chdir("/tmp");
-! execl("/bin/ld", "ld", "-o", o_file+5, "-s", "-r",
- z_file+5, 0);
- perror("/bin/ld");
- _exit(1);
diff --git a/crypto/des/Makefile b/crypto/des/Makefile
index 80a7add..e906ff3 100644
--- a/crypto/des/Makefile
+++ b/crypto/des/Makefile
@@ -28,7 +28,7 @@ LIBSRC= cbc_cksm.c cbc_enc.c cfb64enc.c cfb_enc.c \
qud_cksm.c rand_key.c rpc_enc.c set_key.c \
des_enc.c fcrypt_b.c \
xcbc_enc.c \
- str2key.c cfb64ede.c ofb64ede.c des_old.c des_old2.c \
+ str2key.c cfb64ede.c ofb64ede.c \
read2pwd.c

LIBOBJ= set_key.o ecb_enc.o cbc_enc.o \
@@ -37,11 +37,11 @@ LIBOBJ= set_key.o ecb_enc.o cbc_enc.o \
ofb_enc.o str2key.o pcbc_enc.o qud_cksm.o rand_key.o \
${DES_ENC} \
fcrypt.o xcbc_enc.o rpc_enc.o cbc_cksm.o \
- des_old.o des_old2.o read2pwd.o
+ read2pwd.o

SRC= $(LIBSRC)

-EXHEADER= des.h des_old.h
+EXHEADER= des.h
HEADER= des_locl.h rpc_des.h spr.h des_ver.h $(EXHEADER)

ALL= $(GENERAL) $(SRC) $(HEADER)
@@ -106,64 +106,52 @@ clean:

# DO NOT DELETE THIS LINE -- make depend depends on it.

-cbc_cksm.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+cbc_cksm.o: ../../include/openssl/des.h
cbc_cksm.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
cbc_cksm.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
cbc_cksm.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
cbc_cksm.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
cbc_cksm.o: cbc_cksm.c des_locl.h
-cbc_enc.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+cbc_enc.o: ../../include/openssl/des.h
cbc_enc.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
cbc_enc.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
cbc_enc.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
cbc_enc.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
cbc_enc.o: cbc_enc.c des_locl.h ncbc_enc.c
cfb64ede.o: ../../e_os.h ../../include/openssl/des.h
-cfb64ede.o: ../../include/openssl/des_old.h ../../include/openssl/e_os2.h
+cfb64ede.o: ../../include/openssl/e_os2.h
cfb64ede.o: ../../include/openssl/opensslconf.h
cfb64ede.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
cfb64ede.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
cfb64ede.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
cfb64ede.o: cfb64ede.c des_locl.h
-cfb64enc.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+cfb64enc.o: ../../include/openssl/des.h
cfb64enc.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
cfb64enc.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
cfb64enc.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
cfb64enc.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
cfb64enc.o: cfb64enc.c des_locl.h
cfb_enc.o: ../../e_os.h ../../include/openssl/des.h
-cfb_enc.o: ../../include/openssl/des_old.h ../../include/openssl/e_os2.h
+cfb_enc.o: ../../include/openssl/e_os2.h
cfb_enc.o: ../../include/openssl/opensslconf.h ../../include/openssl/ossl_typ.h
cfb_enc.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
cfb_enc.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
cfb_enc.o: ../../include/openssl/ui_compat.h cfb_enc.c des_locl.h
des_enc.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
-des_enc.o: ../../include/openssl/des_old.h ../../include/openssl/e_os2.h
+des_enc.o: ../../include/openssl/e_os2.h
des_enc.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
des_enc.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
des_enc.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
des_enc.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
des_enc.o: des_enc.c des_locl.h ncbc_enc.c spr.h
-des_old.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
-des_old.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
-des_old.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h
-des_old.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-des_old.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
-des_old.o: ../../include/openssl/ui_compat.h des_old.c
-des_old2.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
-des_old2.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
-des_old2.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h
-des_old2.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-des_old2.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
-des_old2.o: ../../include/openssl/ui_compat.h des_old2.c
-ecb3_enc.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+ecb3_enc.o: ../../include/openssl/des.h
ecb3_enc.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
ecb3_enc.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
ecb3_enc.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
ecb3_enc.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
ecb3_enc.o: des_locl.h ecb3_enc.c
ecb_enc.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h
-ecb_enc.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+ecb_enc.o: ../../include/openssl/des.h
ecb_enc.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
ecb_enc.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
ecb_enc.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
@@ -171,7 +159,7 @@ ecb_enc.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
ecb_enc.o: ../../include/openssl/ui_compat.h des_locl.h des_ver.h ecb_enc.c
enc_read.o: ../../e_os.h ../../include/openssl/bio.h
enc_read.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-enc_read.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+enc_read.o: ../../include/openssl/des.h
enc_read.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
enc_read.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
enc_read.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
@@ -181,7 +169,7 @@ enc_read.o: ../../include/openssl/ui_compat.h ../cryptlib.h des_locl.h
enc_read.o: enc_read.c
enc_writ.o: ../../e_os.h ../../include/openssl/bio.h
enc_writ.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-enc_writ.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+enc_writ.o: ../../include/openssl/des.h
enc_writ.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
enc_writ.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
enc_writ.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
@@ -190,82 +178,82 @@ enc_writ.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
enc_writ.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
enc_writ.o: ../cryptlib.h des_locl.h enc_writ.c
fcrypt.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
-fcrypt.o: ../../include/openssl/des_old.h ../../include/openssl/e_os2.h
+fcrypt.o: ../../include/openssl/e_os2.h
fcrypt.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
fcrypt.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
fcrypt.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
fcrypt.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
fcrypt.o: des_locl.h fcrypt.c
-fcrypt_b.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+fcrypt_b.o: ../../include/openssl/des.h
fcrypt_b.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
fcrypt_b.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
fcrypt_b.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
fcrypt_b.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
fcrypt_b.o: des_locl.h fcrypt_b.c
-ofb64ede.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+ofb64ede.o: ../../include/openssl/des.h
ofb64ede.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
ofb64ede.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
ofb64ede.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
ofb64ede.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
ofb64ede.o: des_locl.h ofb64ede.c
-ofb64enc.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+ofb64enc.o: ../../include/openssl/des.h
ofb64enc.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
ofb64enc.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
ofb64enc.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
ofb64enc.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
ofb64enc.o: des_locl.h ofb64enc.c
-ofb_enc.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+ofb_enc.o: ../../include/openssl/des.h
ofb_enc.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
ofb_enc.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
ofb_enc.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
ofb_enc.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
ofb_enc.o: des_locl.h ofb_enc.c
-pcbc_enc.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+pcbc_enc.o: ../../include/openssl/des.h
pcbc_enc.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
pcbc_enc.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
pcbc_enc.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
pcbc_enc.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
pcbc_enc.o: des_locl.h pcbc_enc.c
-qud_cksm.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+qud_cksm.o: ../../include/openssl/des.h
qud_cksm.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
qud_cksm.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
qud_cksm.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
qud_cksm.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
qud_cksm.o: des_locl.h qud_cksm.c
-rand_key.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+rand_key.o: ../../include/openssl/des.h
rand_key.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
rand_key.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h
rand_key.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
rand_key.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
rand_key.o: ../../include/openssl/ui_compat.h rand_key.c
read2pwd.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
-read2pwd.o: ../../include/openssl/des_old.h ../../include/openssl/e_os2.h
+read2pwd.o: ../../include/openssl/e_os2.h
read2pwd.o: ../../include/openssl/opensslconf.h
read2pwd.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
read2pwd.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
read2pwd.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
read2pwd.o: ../../include/openssl/ui_compat.h read2pwd.c
-rpc_enc.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+rpc_enc.o: ../../include/openssl/des.h
rpc_enc.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
rpc_enc.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
rpc_enc.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
rpc_enc.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
rpc_enc.o: des_locl.h des_ver.h rpc_des.h rpc_enc.c
set_key.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
-set_key.o: ../../include/openssl/des_old.h ../../include/openssl/e_os2.h
+set_key.o: ../../include/openssl/e_os2.h
set_key.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
set_key.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
set_key.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
set_key.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
set_key.o: des_locl.h set_key.c
str2key.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
-str2key.o: ../../include/openssl/des_old.h ../../include/openssl/e_os2.h
+str2key.o: ../../include/openssl/e_os2.h
str2key.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
str2key.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
str2key.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
str2key.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
str2key.o: des_locl.h str2key.c
-xcbc_enc.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+xcbc_enc.o: ../../include/openssl/des.h
xcbc_enc.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
xcbc_enc.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
xcbc_enc.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
diff --git a/crypto/des/VERSION b/crypto/des/VERSION
deleted file mode 100644
index a18712e..0000000
--- a/crypto/des/VERSION
+++ /dev/null
@@ -1,412 +0,0 @@
- Fixed the weak key values which were wrong :-(
- Defining SIGACTION causes sigaction() to be used instead of signal().
- SIGUSR1/SIGUSR2 are no longer mapped in the read tty stuff because it
- can cause problems. This should hopefully not affect normal
- applications.
-
-Version 4.04
- Fixed a few tests in destest. Also added x86 assember for
- des_ncbc_encrypt() which is the standard cbc mode function.
- This makes a very very large performace difference.
- Ariel Glenn ar...@columbia.edu reports that the terminal
- 'turn echo off' can return (errno == EINVAL) under solaris
- when redirection is used. So I now catch that as well as ENOTTY.
-
-
-Version 4.03
- Left a static out of enc_write.c, which caused to buffer to be
- continiously malloc()ed. Does anyone use these functions? I keep
- on feeling like removing them since I only had these in there
- for a version of kerberised login. Anyway, this was pointed out
- by Theo de Raadt <der...@cvs.openbsd.org>
- The 'n' bit ofb code was wrong, it was not shifting the shift
- register. It worked correctly for n == 64. Thanks to
- Gigi Ankeny <Gigi....@Eng.Sun.COM> for pointing this one out.
-
-Version 4.02
- I was doing 'if (memcmp(weak_keys[i],key,sizeof(key)) == 0)'
- when checking for weak keys which is wrong :-(, pointed out by
- Markus F.X.J. Oberhumer <markus.o...@jk.uni-linz.ac.at>.
-
-Version 4.01
- Even faster inner loop in the DES assembler for x86 and a modification
- for IP/FP which is faster on x86. Both of these changes are
- from Svend Olaf Mikkelsen <svo...@inet.uni-c.dk>. His
- changes make the assembler run %40 faster on a pentium. This is just
- a case of getting the instruction sequence 'just right'.
- All credit to 'Svend' :-)
- Quite a few special x86 'make' targets.
- A libdes-l (lite) distribution.
-
-Version 4.00
- After a bit of a pause, I'll up the major version number since this
- is mostly a performace release. I've added x86 assembler and
- added more options for performance. A %28 speedup for gcc
- on a pentium and the assembler is a %50 speedup.
- MIPS CPU's, sparc and Alpha are the main CPU's with speedups.
- Run des_opts to work out which options should be used.
- DES_RISC1/DES_RISC2 use alternative inner loops which use
- more registers but should give speedups on any CPU that does
- dual issue (pentium). DES_UNROLL unrolls the inner loop,
- which costs in code size.
-
-Version 3.26
- I've finally removed one of the shifts in D_ENCRYPT. This
- meant I've changed the des_SPtrans table (spr.h), the set_key()
- function and some things in des_enc.c. This has definitly
- made things faster :-). I've known about this one for some
- time but I've been too lazy to follow it up :-).
- Noticed that in the D_ENCRYPT() macro, we can just do L^=(..)^(..)^..
- instead of L^=((..)|(..)|(..).. This should save a register at
- least.
- Assember for x86. The file to replace is des_enc.c, which is replaced
- by one of the assembler files found in asm. Look at des/asm/readme
- for more info.
-
- /* Modification to fcrypt so it can be compiled to support
- HPUX 10.x's long password format, define -DLONGCRYPT to use this.
- Thanks to Jens Kupferschmidt <bt...@hpboot.rz.uni-leipzig.de>. */
-
- SIGWINCH case put in des_read_passwd() so the function does not
- 'exit' if this function is received.
-
-Version 3.25 17/07/96
- Modified read_pwd.c so that stdin can be read if not a tty.
- Thanks to Jeff Barber <je...@issl.atl.hp.com> for the patches.
- des_init_random_number_generator() shortened due to VMS linker
- limits.
- Added RSA's DESX cbc mode. It is a form of cbc encryption, with 2
- 8 byte quantites xored before and after encryption.
- des_xcbc_encryption() - the name is funny to preserve the des_
- prefix on all functions.
-
-Version 3.24 20/04/96
- The DES_PTR macro option checked and used by SSLeay configuration
-
-Version 3.23 11/04/96
- Added DES_LONG. If defined to 'unsigned int' on the DEC Alpha,
- it gives a %20 speedup :-)
- Fixed the problem with des.pl under perl5. The patches were
- sent by Ed Kubaitis (e...@uiuc.edu).
- if fcrypt.c, changed values to handle illegal salt values the way
- normal crypt() implementations do. Some programs apparently use
- them :-(. The patch was sent by Bjorn Gronvall <b...@sics.se>
-
-Version 3.22 29/11/95
- Bug in des(1), an error with the uuencoding stuff when the
- 'data' is small, thanks to Geoff Keating <keag...@mehta.anu.edu.au>
- for the patch.
-
-Version 3.21 22/11/95
- After some emailing back and forth with
- Colin Plumb <co...@nyx10.cs.du.edu>, I've tweaked a few things
- and in a future version I will probably put in some of the
- optimisation he suggested for use with the DES_USE_PTR option.
- Extra routines from Mark Murray <ma...@grondar.za> for use in
- freeBSD. They mostly involve random number generation for use
- with kerberos. They involve evil machine specific system calls
- etc so I would normally suggest pushing this stuff into the
- application and/or using RAND_seed()/RAND_bytes() if you are
- using this DES library as part of SSLeay.
- Redone the read_pw() function so that it is cleaner and
- supports termios, thanks to Sameer Parekh <sam...@c2.org>
- for the initial patches for this.
- Renamed 3ecb_encrypt() to ecb3_encrypt(). This has been
- done just to make things more consistent.
- I have also now added triple DES versions of cfb and ofb.
-
-Version 3.20
- Damn, Damn, Damn, as pointed out by Mike_Spre...@xerox.com,
- my des_random_seed() function was only copying 4 bytes of the
- passed seed into the init structure. It is now fixed to copy 8.
- My own suggestion is to used something like MD5 :-)
-
-Version 3.19
- While looking at my code one day, I though, why do I keep on
- calling des_encrypt(in,out,ks,enc) when every function that
- calls it has in and out the same. So I dropped the 'out'
- parameter, people should not be using this function.
-
-Version 3.18 30/08/95
- Fixed a few bit with the distribution and the filenames.
- 3.17 had been munged via a move to DOS and back again.
- NO CODE CHANGES
-
-Version 3.17 14/07/95
- Fixed ede3 cbc which I had broken in 3.16. I have also
- removed some unneeded variables in 7-8 of the routines.
-
-Version 3.16 26/06/95
- Added des_encrypt2() which does not use IP/FP, used by triple
- des routines. Tweaked things a bit elsewhere. %13 speedup on
- sparc and %6 on a R4400 for ede3 cbc mode.
-
-Version 3.15 06/06/95
- Added des_ncbc_encrypt(), it is des_cbc mode except that it is
- 'normal' and copies the new iv value back over the top of the
- passed parameter.
- CHANGED des_ede3_cbc_encrypt() so that it too now overwrites
- the iv. THIS WILL BREAK EXISTING CODE, but since this function
- only new, I feel I can change it, not so with des_cbc_encrypt :-(.
- I need to update the documentation.
-
-Version 3.14 31/05/95
- New release upon the world, as part of my SSL implementation.
- New copyright and usage stuff. Basically free for all to use
- as long as you say it came from me :-)
-
-Version 3.13 31/05/95
- A fix in speed.c, if HZ is not defined, I set it to 100.0
- which is reasonable for most unixes except SunOS 4.x.
- I now have a #ifdef sun but timing for SunOS 4.x looked very
- good :-(. At my last job where I used SunOS 4.x, it was
- defined to be 60.0 (look at the old INSTALL documentation), at
- the last release had it changed to 100.0 since I now work with
- Solaris2 and SVR4 boxes.
- Thanks to Rory Chisholm <rchi...@math.ethz.ch> for pointing this
- one out.
-
-Version 3.12 08/05/95
- As pointed out by The Crypt Keeper <t...@bend.UCSD.EDU>,
- my D_ENCRYPT macro in crypt() had an un-necessary variable.
- It has been removed.
-
-Version 3.11 03/05/95
- Added des_ede3_cbc_encrypt() which is cbc mode des with 3 keys
- and one iv. It is a standard and I needed it for my SSL code.
- It makes more sense to use this for triple DES than
- 3cbc_encrypt(). I have also added (or should I say tested :-)
- cfb64_encrypt() which is cfb64 but it will encrypt a partial
- number of bytes - 3 bytes in 3 bytes out. Again this is for
- my SSL library, as a form of encryption to use with SSL
- telnet.
-
-Version 3.10 22/03/95
- Fixed a bug in 3cbc_encrypt() :-(. When making repeated calls
- to cbc3_encrypt, the 2 iv values that were being returned to
- be used in the next call were reversed :-(.
- Many thanks to Bill Wade <wa...@Stoner.COM> for pointing out
- this error.
-
-Version 3.09 01/02/95
- Fixed des_random_key to far more random, it was rather feeble
- with regards to picking the initial seed. The problem was
- pointed out by Olaf Kirch <ok...@monad.swb.de>.
-
-Version 3.08 14/12/94
- Added Makefile.PL so libdes can be built into perl5.
- Changed des_locl.h so RAND is always defined.
-
-Version 3.07 05/12/94
- Added GNUmake and stuff so the library can be build with
- glibc.
-
-Version 3.06 30/08/94
- Added rpc_enc.c which contains _des_crypt. This is for use in
- secure_rpc v 4.0
- Finally fixed the cfb_enc problems.
- Fixed a few parameter parsing bugs in des (-3 and -b), thanks
- to Rob McMillan <R.McM...@its.gu.edu.au>
-
-Version 3.05 21/04/94
- for unsigned long l; gcc does not produce ((l>>34) == 0)
- This causes bugs in cfb_enc.
- Thanks to Hadmut Danisch <dan...@ira.uka.de>
-
-Version 3.04 20/04/94
- Added a version number to des.c and libdes.a
-
-Version 3.03 12/01/94
- Fixed a bug in non zero iv in 3cbc_enc.
-
-Version 3.02 29/10/93
- I now work in a place where there are 6+ architectures and 14+
- OS versions :-).
- Fixed TERMIO definition so the most sys V boxes will work :-)
-
-Release upon comp.sources.misc
-Version 3.01 08/10/93
- Added des_3cbc_encrypt()
-
-Version 3.00 07/10/93
- Fixed up documentation.
- quad_cksum definitely compatible with MIT's now.
-
-Version 2.30 24/08/93
- Triple DES now defaults to triple cbc but can do triple ecb
- with the -b flag.
- Fixed some MSDOS uuen/uudecoding problems, thanks to
- Added prototypes.
-
-Version 2.22 29/06/93
- Fixed a bug in des_is_weak_key() which stopped it working :-(
- thanks to engin...@MorningStar.Com.
-
-Version 2.21 03/06/93
- des(1) with no arguments gives quite a bit of help.
- Added -c (generate ckecksum) flag to des(1).
- Added -3 (triple DES) flag to des(1).
- Added cfb and ofb routines to the library.
-
-Version 2.20 11/03/93
- Added -u (uuencode) flag to des(1).
- I have been playing with byte order in quad_cksum to make it
- compatible with MIT's version. All I can say is avid this
- function if possible since MIT's output is endian dependent.
-
-Version 2.12 14/10/92
- Added MSDOS specific macro in ecb_encrypt which gives a %70
- speed up when the code is compiled with turbo C.
-
-Version 2.11 12/10/92
- Speedup in set_key (recoding of PC-1)
- I now do it in 47 simple operations, down from 60.
- Thanks to John Fletcher (john_f...@lccmail.ocf.llnl.gov)
- for motivating me to look for a faster system :-)
- The speedup is probably less that 1% but it is still 13
- instructions less :-).
-
-Version 2.10 06/10/92
- The code now works on the 64bit ETA10 and CRAY without modifications or
- #defines. I believe the code should work on any machine that
- defines long, int or short to be 8 bytes long.
- Thanks to Shabbir J. Safdar (sha...@mentor.cc.purdue.edu)
- for helping me fix the code to run on 64bit machines (he had
- access to an ETA10).
- Thanks also to John Fletcher <john_f...@lccmail.ocf.llnl.gov>
- for testing the routines on a CRAY.
- read_password.c has been renamed to read_passwd.c
- string_to_key.c has been renamed to string2key.c
-
-Version 2.00 14/09/92
- Made mods so that the library should work on 64bit CPU's.
- Removed all my uchar and ulong defs. To many different
- versions of unix define them in their header files in too many
- different combinations :-)
- IRIX - Sillicon Graphics mods (mostly in read_password.c).
- Thanks to Andrew Daviel (ad...@erich.triumf.ca)
-
-Version 1.99 26/08/92
- Fixed a bug or 2 in enc_read.c
- Fixed a bug in enc_write.c
- Fixed a pseudo bug in fcrypt.c (very obscure).
-
-Version 1.98 31/07/92
- Support for the ETA10. This is a strange machine that defines
- longs and ints as 8 bytes and shorts as 4 bytes.
- Since I do evil things with long * that assume that they are 4
- bytes. Look in the Makefile for the option to compile for
- this machine. quad_cksum appears to have problems but I
- will don't have the time to fix it right now, and this is not
- a function that uses DES and so will not effect the main uses
- of the library.
-
-Version 1.97 20/05/92 eay
- Fixed the Imakefile and made some changes to des.h to fix some
- problems when building this package with Kerberos v 4.
-
-Version 1.96 18/05/92 eay
- Fixed a small bug in string_to_key() where problems could
- occur if des_check_key was set to true and the string
- generated a weak key.
-
-Patch2 posted to comp.sources.misc
-Version 1.95 13/05/92 eay
- Added an alternative version of the D_ENCRYPT macro in
- ecb_encrypt and fcrypt. Depending on the compiler, one version or the
- other will be faster. This was inspired by
- Dana How <h...@isl.stanford.edu>, and her pointers about doing the
- *(ulong *)((uchar *)ptr+(value&0xfc))
- vs
- ptr[value&0x3f]
- to stop the C compiler doing a <<2 to convert the long array index.
-
-Version 1.94 05/05/92 eay
- Fixed an incompatibility between my string_to_key and the MIT
- version. When the key is longer than 8 chars, I was wrapping
- with a different method. To use the old version, define
- OLD_STR_TO_KEY in the makefile. Thanks to
- vik...@newsu.shearson.com (Viktor Dukhovni).
-
-Version 1.93 28/04/92 eay
- Fixed the VMS mods so that echo is now turned off in
- read_password. Thanks again to bre...@coco.cchs.su.oz.AU.
- MSDOS support added. The routines can be compiled with
- Turbo C (v2.0) and MSC (v5.1). Make sure MSDOS is defined.
-
-Patch1 posted to comp.sources.misc
-Version 1.92 13/04/92 eay
- Changed D_ENCRYPT so that the rotation of R occurs outside of
- the loop. This required rotating all the longs in sp.h (now
- called spr.h). Thanks to Richard Outerbridge <7175...@CompuServe.COM>
- speed.c has been changed so it will work without SIGALRM. If
- times(3) is not present it will try to use ftime() instead.
-
-Version 1.91 08/04/92 eay
- Added -E/-D options to des(1) so it can use string_to_key.
- Added SVR4 mods suggested by wi...@rwwa.COM
- Added VMS mods suggested by bre...@coco.cchs.su.oz.AU. If
- anyone knows how to turn of tty echo in VMS please tell me or
- implement it yourself :-).
- Changed FILE *IN/*OUT to *DES_IN/*DES_OUT since it appears VMS
- does not like IN/OUT being used.
-
-Libdes posted to comp.sources.misc
-Version 1.9 24/03/92 eay
- Now contains a fast small crypt replacement.
- Added des(1) command.
- Added des_rw_mode so people can use cbc encryption with
- enc_read and enc_write.
-
-Version 1.8 15/10/91 eay
- Bug in cbc_cksum.
- Many thanks to Keith Reynolds (kei...@sco.COM) for pointing this
- one out.
-
-Version 1.7 24/09/91 eay
- Fixed set_key :-)
- set_key is 4 times faster and takes less space.
- There are a few minor changes that could be made.
-
-Version 1.6 19/09/1991 eay
- Finally go IP and FP finished.
- Now I need to fix set_key.
- This version is quite a bit faster that 1.51
-
-Version 1.52 15/06/1991 eay
- 20% speedup in ecb_encrypt by changing the E bit selection
- to use 2 32bit words. This also required modification of the
- sp table. There is still a way to speedup the IP and IP-1
- (hints from ou...@sq.com) still working on this one :-(.
-
-Version 1.51 07/06/1991 eay
- Faster des_encrypt by loop unrolling
- Fixed bug in quad_cksum.c (thanks to hug...@logos.ucs.indiana.edu)
-
-Version 1.50 28/05/1991 eay
- Optimised the code a bit more for the sparc. I have improved the
- speed of the inner des_encrypt by speeding up the initial and
- final permutations.
-
-Version 1.40 23/10/1990 eay
- Fixed des_random_key, it did not produce a random key :-(
-
-Version 1.30 2/10/1990 eay
- Have made des_quad_cksum the same as MIT's, the full package
- should be compatible with MIT's
- Have tested on a DECstation 3100
- Still need to fix des_set_key (make it faster).
- Does des_cbc_encrypts at 70.5k/sec on a 3100.
-
-Version 1.20 18/09/1990 eay
- Fixed byte order dependencies.
- Fixed (I hope) all the word alignment problems.
- Speedup in des_ecb_encrypt.
-
-Version 1.10 11/09/1990 eay
- Added des_enc_read and des_enc_write.
- Still need to fix des_quad_cksum.
- Still need to document des_enc_read and des_enc_write.
-
-Version 1.00 27/08/1990 eay
-
diff --git a/crypto/des/cbc3_enc.c b/crypto/des/cbc3_enc.c
deleted file mode 100644
index 249518a..0000000
--- a/crypto/des/cbc3_enc.c
+++ /dev/null
@@ -1,95 +0,0 @@
-/* crypto/des/cbc3_enc.c */
-/* Copyright (C) 1995-1998 Eric Young (e...@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (e...@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (t...@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.

- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:

- * 1. Redistributions of source code must retain the copyright

- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright

- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (e...@cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (t...@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include "des_locl.h"
-
-/* HAS BUGS! DON'T USE - this is only present for use in des.c */
-void DES_3cbc_encrypt(DES_cblock *input, DES_cblock *output, long length,
- DES_key_schedule ks1, DES_key_schedule ks2,
- DES_cblock *iv1, DES_cblock *iv2, int enc)
-{
- int off = ((int)length - 1) / 8;
- long l8 = ((length + 7) / 8) * 8;
- DES_cblock niv1, niv2;
-
- if (enc == DES_ENCRYPT) {
- DES_cbc_encrypt((unsigned char *)input,
- (unsigned char *)output, length, &ks1, iv1, enc);
- if (length >= sizeof(DES_cblock))
- memcpy(niv1, output[off], sizeof(DES_cblock));
- DES_cbc_encrypt((unsigned char *)output,
- (unsigned char *)output, l8, &ks2, iv1, !enc);
- DES_cbc_encrypt((unsigned char *)output,
- (unsigned char *)output, l8, &ks1, iv2, enc);
- if (length >= sizeof(DES_cblock))
- memcpy(niv2, output[off], sizeof(DES_cblock));
- } else {
- if (length >= sizeof(DES_cblock))
- memcpy(niv2, input[off], sizeof(DES_cblock));
- DES_cbc_encrypt((unsigned char *)input,
- (unsigned char *)output, l8, &ks1, iv2, enc);
- DES_cbc_encrypt((unsigned char *)output,
- (unsigned char *)output, l8, &ks2, iv1, !enc);
- if (length >= sizeof(DES_cblock))
- memcpy(niv1, output[off], sizeof(DES_cblock));
- DES_cbc_encrypt((unsigned char *)output,
- (unsigned char *)output, length, &ks1, iv1, enc);
- }
- memcpy(*iv1, niv1, sizeof(DES_cblock));
- memcpy(*iv2, niv2, sizeof(DES_cblock));
-}
diff --git a/crypto/des/des-lib.com b/crypto/des/des-lib.com
deleted file mode 100644
index 348f1c0..0000000
--- a/crypto/des/des-lib.com
+++ /dev/null
@@ -1,1005 +0,0 @@
-$!
-$! DES-LIB.COM
-$! Written By: Robert Byer
-$! Vice-President
-$! A-Com Computing, Inc.
-$! by...@mail.all-net.net
-$!
-$! Changes by Richard Levitte <ric...@levitte.org>
-$!
-$! This command files compiles and creates the
-$! "[.xxx.EXE.CRYPTO.DES]LIBDES.OLB" library. The "xxx" denotes the machine
-$! architecture of ALPHA, IA64 or VAX.
-$!
-$! It was re-written to try to determine which "C" compiler to try to use
-$! or the user can specify a compiler in P3.
-$!
-$! Specify one of the following to build just that part, specify "ALL" to
-$! just build everything.
-$!
-$! ALL To Just Build "Everything".
-$! LIBRARY To Just Build The [.xxx.EXE.CRYPTO.DES]LIBDES.OLB Library.
-$! DESTEST To Just Build The [.xxx.EXE.CRYPTO.DES]DESTEST.EXE Program.
-$! SPEED To Just Build The [.xxx.EXE.CRYPTO.DES]SPEED.EXE Program.
-$! RPW To Just Build The [.xxx.EXE.CRYPTO.DES]RPW.EXE Program.
-$! DES To Just Build The [.xxx.EXE.CRYPTO.DES]DES.EXE Program.
-$! DES_OPTS To Just Build The [.xxx.EXE.CRYPTO.DES]DES_OPTS.EXE Program.
-$!
-$! Specify either DEBUG or NODEBUG as P2 to compile with or without
-$! debugging information.
-$!
-$! Specify which compiler at P3 to try to compile under.
-$!
-$! VAXC For VAX C.
-$! DECC For DEC C.
-$! GNUC For GNU C.
-$!
-$! If you don't speficy a compiler, it will try to determine which
-$! "C" compiler to try to use.
-$!
-$! P4, if defined, sets a compiler thread NOT needed on OpenVMS 7.1 (and up)
-$!
-$!
-$! Make sure we know what architecture we run on.
-$!
-$!
-$! Check Which Architecture We Are Using.
-$!
-$ IF (F$GETSYI("CPU").LT.128)
-$ THEN
-$!
-$! The Architecture Is VAX
-$!
-$ ARCH := VAX
-$!
-$! Else...
-$!
-$ ELSE
-$!
-$! The Architecture Is Alpha, IA64 or whatever comes in the future.
-$!
-$ ARCH = F$EDIT( F$GETSYI( "ARCH_NAME"), "UPCASE")
-$ IF (ARCH .EQS. "") THEN ARCH = "UNK"
-$!
-$! End The Architecture Check.
-$!
-$ ENDIF
-$!
-$! Define The OBJ Directory Name.
-$!
-$ OBJ_DIR := SYS$DISK:[--.'ARCH'.OBJ.CRYPTO.DES]
-$!
-$! Define The EXE Directory Name.
-$!
-$ EXE_DIR :== SYS$DISK:[--.'ARCH'.EXE.CRYPTO.DES]
-$!
-$! Check To Make Sure We Have Valid Command Line Parameters.
-$!
-$ GOSUB CHECK_OPTIONS
-$!
-$! Tell The User What Kind of Machine We Run On.
-$!
-$ WRITE SYS$OUTPUT "Compiling On A ",ARCH," Machine."
-$!
-$! Check To See If The Architecture Specific OBJ Directory Exists.
-$!
-$ IF (F$PARSE(OBJ_DIR).EQS."")
-$ THEN
-$!
-$! It Dosen't Exist, So Create It.
-$!
-$ CREATE/DIR 'OBJ_DIR'
-$!
-$! End The Architecture Specific OBJ Directory Check.
-$!
-$ ENDIF
-$!
-$! Check To See If The Architecture Specific Directory Exists.
-$!
-$ IF (F$PARSE(EXE_DIR).EQS."")
-$ THEN
-$!
-$! It Dosen't Exist, So Create It.
-$!
-$ CREATE/DIR 'EXE_DIR'
-$!
-$! End The Architecture Specific Directory Check.
-$!
-$ ENDIF
-$!
-$! Define The Library Name.
-$!
-$ LIB_NAME := 'EXE_DIR'LIBDES.OLB
-$!
-$! Check To See What We Are To Do.
-$!
-$ IF (BUILDALL.EQS."TRUE")
-$ THEN
-$!
-$! Since Nothing Special Was Specified, Do Everything.
-$!
-$ GOSUB LIBRARY
-$ GOSUB DESTEST
-$ GOSUB SPEED
-$ GOSUB RPW
-$ GOSUB DES
-$ GOSUB DES_OPTS
-$!
-$! Else...
-$!
-$ ELSE
-$!
-$! Build Just What The User Wants Us To Build.
-$!
-$ GOSUB 'BUILDALL'
-$!
-$! End The BUILDALL Check.
-$!
-$ ENDIF
-$!
-$! Time To EXIT.
-$!
-$ EXIT
-$ LIBRARY:
-$!
-$! Tell The User That We Are Compiling.
-$!
-$ WRITE SYS$OUTPUT "Compiling The ",LIB_NAME," Files."
-$!
-$! Check To See If We Already Have A "[.xxx.EXE.CRYPTO.DES]LIBDES.OLB" Library...
-$!
-$ IF (F$SEARCH(LIB_NAME).EQS."")
-$ THEN
-$!
-$! Guess Not, Create The Library.
-$!
-$ LIBRARY/CREATE/OBJECT 'LIB_NAME'
-$!
-$! End The Library Exist Check.
-$!
-$ ENDIF
-$!
-$! Define The DES Library Files.
-$!
-$ LIB_DES = "set_key,ecb_enc,cbc_enc,"+ -
- "ecb3_enc,cfb64enc,cfb64ede,cfb_enc,ofb64ede,"+ -
- "enc_read,enc_writ,ofb64enc,"+ -
- "ofb_enc,str2key,pcbc_enc,qud_cksm,rand_key,"+ -
- "des_enc,fcrypt_b,read2pwd,"+ -
- "fcrypt,xcbc_enc,read_pwd,rpc_enc,cbc_cksm,supp"
-$!
-$! Define A File Counter And Set It To "0".
-$!
-$ FILE_COUNTER = 0
-$!
-$! Top Of The File Loop.
-$!
-$ NEXT_FILE:

-$!
-$! O.K, Extract The File Name From The File List.
-$!

-$ FILE_NAME = F$ELEMENT(FILE_COUNTER,",",LIB_DES)
-$!
-$! Check To See If We Are At The End Of The File List.
-$!
-$ IF (FILE_NAME.EQS.",") THEN GOTO FILE_DONE
-$!
-$! Increment The Counter.
-$!
-$ FILE_COUNTER = FILE_COUNTER + 1
-$!
-$! Create The Source File Name.
-$!
-$ SOURCE_FILE = "SYS$DISK:[]" + FILE_NAME + ".C"
-$!
-$! Tell The User We Are Compiling The Source File.
-$!
-$ WRITE SYS$OUTPUT " ",FILE_NAME,".C"
-$!
-$! Create The Object File Name.
-$!
-$ OBJECT_FILE = OBJ_DIR + FILE_NAME + "." + ARCH + "OBJ"
-$ ON WARNING THEN GOTO NEXT_FILE
-$!
-$! Check To See If The File We Want To Compile Actually Exists.
-$!
-$ IF (F$SEARCH(SOURCE_FILE).EQS."")
-$ THEN
-$!
-$! Tell The User That The File Dosen't Exist.
-$!
-$ WRITE SYS$OUTPUT ""
-$ WRITE SYS$OUTPUT "The File ",SOURCE_FILE," Dosen't Exist."
-$ WRITE SYS$OUTPUT ""
-$!
-$! Exit The Build.
-$!
-$ EXIT
-$!
-$! End The File Exists Check.
-$!
-$ ENDIF
-$!
-$! Compile The File.
-$!
-$ ON ERROR THEN GOTO NEXT_FILE
-$ CC/OBJECT='OBJECT_FILE' 'SOURCE_FILE'
-$!

-$! Add It To The Library.

-$!
-$ LIBRARY/REPLACE/OBJECT 'LIB_NAME' 'OBJECT_FILE'
-$!

-$! Time To Clean Up The Object File.

-$!
-$ DELETE 'OBJECT_FILE';*
-$!
-$! Go Back And Do It Again.
-$!
-$ GOTO NEXT_FILE
-$!
-$! All Done With This Library Part.
-$!
-$ FILE_DONE:
-$!
-$! Tell The User That We Are All Done.
-$!
-$ WRITE SYS$OUTPUT "Library ",LIB_NAME," Built."
-$!
-$! All Done, Time To Return.
-$!
-$ RETURN
-$!
-$! Compile The DESTEST Program.
-$!
-$ DESTEST:
-$!
-$! Check To See If We Have The Proper Libraries.
-$!
-$ GOSUB LIB_CHECK
-$!
-$! Check To See If We Have A Linker Option File.
-$!
-$ GOSUB CHECK_OPT_FILE
-$!
-$! Check To See If The File We Want To Compile Actually Exists.
-$!
-$ IF (F$SEARCH("SYS$DISK:[]DESTEST.C").EQS."")
-$ THEN
-$!
-$! Tell The User That The File Dosen't Exist.
-$!
-$ WRITE SYS$OUTPUT ""
-$ WRITE SYS$OUTPUT "The File DESTEST.C Dosen't Exist."
-$ WRITE SYS$OUTPUT ""
-$!
-$! Exit The Build.
-$!
-$ EXIT
-$!
-$! End The DESTEST.C File Check.
-$!
-$ ENDIF
-$!
-$! Tell The User What We Are Building.
-$!
-$ WRITE SYS$OUTPUT "Building ",EXE_DIR,"DESTEST.EXE"
-$!
-$! Compile The DESTEST Program.
-$!
-$ CC/OBJECT='OBJ_DIR'DESTEST.OBJ SYS$DISK:[]DESTEST.C
-$!
-$! Link The DESTEST Program.
-$!
-$ LINK/'DEBUGGER'/'TRACEBACK'/CONTIGUOUS/EXE='EXE_DIR'DESTEST.EXE -
- 'OBJ_DIR'DESTEST.OBJ,'LIB_NAME'/LIBRARY,'OPT_FILE'/OPTION
-$!
-$! All Done, Time To Return.
-$!
-$ RETURN
-$!
-$! Compile The SPEED Program.
-$!
-$ SPEED:
-$!
-$! Check To See If We Have The Proper Libraries.
-$!
-$ GOSUB LIB_CHECK
-$!
-$! Check To See If We Have A Linker Option File.
-$!
-$ GOSUB CHECK_OPT_FILE
-$!
-$! Check To See If The File We Want To Compile Actually Exists.
-$!
-$ IF (F$SEARCH("SYS$DISK:[]SPEED.C").EQS."")
-$ THEN
-$!
-$! Tell The User That The File Dosen't Exist.
-$!
-$ WRITE SYS$OUTPUT ""
-$ WRITE SYS$OUTPUT "The File SPEED.C Dosen't Exist."
-$ WRITE SYS$OUTPUT ""
-$!
-$! Exit The Build.
-$!
-$ EXIT
-$!
-$! End The SPEED.C File Check.
-$!
-$ ENDIF
-$!
-$! Tell The User What We Are Building.
-$!
-$ WRITE SYS$OUTPUT "Building ",EXE_DIR,"SPEED.EXE"
-$!
-$! Compile The SPEED Program.
-$!
-$ CC/OBJECT='OBJ_DIR'SPEED.OBJ SYS$DISK:[]SPEED.C
-$!
-$! Link The SPEED Program.
-$!
-$ LINK/'DEBUGGER'/'TRACEBACK'/CONTIGUOUS/EXE='EXE_DIR'SPEED.EXE -
- 'OBJ_DIR'SPEED.OBJ,'LIB_NAME'/LIBRARY,'OPT_FILE'/OPTION
-$!
-$! All Done, Time To Return.
-$!
-$ RETURN
-$!
-$! Compile The RPW Program.
-$!
-$ RPW:
-$!
-$! Check To See If We Have The Proper Libraries.
-$!
-$ GOSUB LIB_CHECK
-$!
-$! Check To See If We Have A Linker Option File.
-$!
-$ GOSUB CHECK_OPT_FILE
-$!
-$! Check To See If The File We Want To Compile Actually Exists.
-$!
-$ IF (F$SEARCH("SYS$DISK:[]RPW.C").EQS."")
-$ THEN
-$!
-$! Tell The User That The File Dosen't Exist.
-$!
-$ WRITE SYS$OUTPUT ""
-$ WRITE SYS$OUTPUT "The File RPW.C Dosen't Exist."
-$ WRITE SYS$OUTPUT ""
-$!
-$! Exit The Build.
-$!
-$ EXIT
-$!
-$! End The RPW.C File Check.
-$!
-$ ENDIF
-$!
-$! Tell The User What We Are Building.
-$!
-$ WRITE SYS$OUTPUT "Building ",EXE_DIR,"RPW.EXE"
-$!
-$! Compile The RPW Program.
-$!
-$ CC/OBJECT='OBJ_DIR'RPW.OBJ SYS$DISK:[]RPW.C
-$!
-$! Link The RPW Program.
-$!
-$ LINK/'DEBUGGER'/'TRACEBACK'/CONTIGUOUS/EXE='EXE_DIR'RPW.EXE -
- 'OBJ_DIR'RPW.OBJ,'LIB_NAME'/LIBRARY,'OPT_FILE'/OPTION
-$!
-$! All Done, Time To Return.
-$!
-$ RETURN
-$!
-$! Compile The DES Program.
-$!
-$ DES:
-$!
-$! Check To See If We Have The Proper Libraries.
-$!
-$ GOSUB LIB_CHECK
-$!
-$! Check To See If We Have A Linker Option File.
-$!
-$ GOSUB CHECK_OPT_FILE
-$!
-$! Check To See If The File We Want To Compile Actually Exists.
-$!
-$ IF (F$SEARCH("SYS$DISK:[]DES.C").EQS."")
-$ THEN
-$!
-$! Tell The User That The File Dosen't Exist.
-$!
-$ WRITE SYS$OUTPUT ""
-$ WRITE SYS$OUTPUT "The File DES.C Dosen't Exist."
-$ WRITE SYS$OUTPUT ""
-$!
-$! Exit The Build.
-$!
-$ EXIT
-$!
-$! End The DES.C File Check.
-$!
-$ ENDIF
-$!
-$! Tell The User What We Are Building.
-$!
-$ WRITE SYS$OUTPUT "Building ",EXE_DIR,"DES.EXE"
-$!
-$! Compile The DES Program.
-$!
-$ CC/OBJECT='OBJ_DIR'DES.OBJ SYS$DISK:[]DES.C
-$ CC/OBJECT='OBJ_DIR'DES.OBJ SYS$DISK:[]CBC3_ENC.C
-$!
-$! Link The DES Program.
-$!
-$ LINK/'DEBUGGER'/'TRACEBACK'/CONTIGUOUS/EXE='EXE_DIR'DES.EXE -
- 'OBJ_DIR'DES.OBJ,'OBJ_DIR'CBC3_ENC.OBJ,-
- 'LIB_NAME'/LIBRARY,'OPT_FILE'/OPTION
-$!
-$! All Done, Time To Return.
-$!
-$ RETURN
-$!
-$! Compile The DES_OPTS Program.
-$!
-$ DES_OPTS:
-$!
-$! Check To See If We Have The Proper Libraries.
-$!
-$ GOSUB LIB_CHECK
-$!
-$! Check To See If We Have A Linker Option File.
-$!
-$ GOSUB CHECK_OPT_FILE
-$!
-$! Check To See If The File We Want To Compile Actually Exists.
-$!
-$ IF (F$SEARCH("SYS$DISK:[]DES_OPTS.C").EQS."")
-$ THEN
-$!
-$! Tell The User That The File Dosen't Exist.
-$!
-$ WRITE SYS$OUTPUT ""
-$ WRITE SYS$OUTPUT "The File DES_OPTS.C Dosen't Exist."
-$ WRITE SYS$OUTPUT ""
-$!
-$! Exit The Build.
-$!
-$ EXIT
-$!
-$! End The DES_OPTS.C File Check.
-$!
-$ ENDIF
-$!
-$! Tell The User What We Are Building.
-$!
-$ WRITE SYS$OUTPUT "Building ",EXE_DIR,"DES_OPTS.EXE"
-$!
-$! Compile The DES_OPTS Program.
-$!
-$ CC/OBJECT='OBJ_DIR'DES_OPTS.OBJ SYS$DISK:[]DES_OPTS.C
-$!
-$! Link The DES_OPTS Program.
-$!
-$ LINK/'DEBUGGER'/'TRACEBACK'/CONTIGUOUS/EXE='EXE_DIR'DES_OPTS.EXE -
- 'OBJ_DIR'DES_OPTS.OBJ,'LIB_NAME'/LIBRARY,'OPT_FILE'/OPTION
-$!
-$! All Done, Time To Return.
-$!
-$ RETURN
-$ EXIT
-$!
-$! Check For The Link Option FIle.
-$!
-$ CHECK_OPT_FILE:
-$!
-$! Check To See If We Need To Make A VAX C Option File.
-$!
-$ IF (COMPILER.EQS."VAXC")
-$ THEN
-$!
-$! Check To See If We Already Have A VAX C Linker Option File.
-$!
-$ IF (F$SEARCH(OPT_FILE).EQS."")
-$ THEN
-$!
-$! We Need A VAX C Linker Option File.
-$!
-$ CREATE 'OPT_FILE'
-$DECK
-!
-! Default System Options File To Link Agianst
-! The Sharable VAX C Runtime Library.
-!
-SYS$SHARE:VAXCRTL.EXE/SHARE
-$EOD
-$!
-$! End The Option File Check.
-$!
-$ ENDIF
-$!
-$! End The VAXC Check.
-$!
-$ ENDIF
-$!
-$! Check To See If We Need A GNU C Option File.
-$!
-$ IF (COMPILER.EQS."GNUC")
-$ THEN
-$!
-$! Check To See If We Already Have A GNU C Linker Option File.
-$!
-$ IF (F$SEARCH(OPT_FILE).EQS."")
-$ THEN
-$!
-$! We Need A GNU C Linker Option File.
-$!
-$ CREATE 'OPT_FILE'
-$DECK
-!
-! Default System Options File To Link Agianst
-! The Sharable C Runtime Library.
-!
-GNU_CC:[000000]GCCLIB/LIBRARY
-SYS$SHARE:VAXCRTL/SHARE
-$EOD
-$!
-$! End The Option File Check.
-$!
-$ ENDIF
-$!
-$! End The GNU C Check.
-$!
-$ ENDIF
-$!
-$! Check To See If We Need A DEC C Option File.
-$!
-$ IF (COMPILER.EQS."DECC")
-$ THEN
-$!
-$! Check To See If We Already Have A DEC C Linker Option File.
-$!
-$ IF (F$SEARCH(OPT_FILE).EQS."")
-$ THEN
-$!
-$! Figure Out If We Need An non-VAX Or A VAX Linker Option File.
-$!
-$ IF (F$GETSYI("CPU").LT.128)
-$ THEN
-$!
-$! We Need A DEC C Linker Option File For VAX.
-$!
-$ CREATE 'OPT_FILE'
-$DECK
-!
-! Default System Options File To Link Agianst
-! The Sharable DEC C Runtime Library.
-!
-SYS$SHARE:DECC$SHR.EXE/SHARE
-$EOD
-$!
-$! Else...
-$!
-$ ELSE
-$!
-$! Create The non-VAX Linker Option File.
-$!
-$ CREATE 'OPT_FILE'
-$DECK
-!
-! Default System Options File For non-VAX To Link Agianst
-! The Sharable C Runtime Library.
-!
-SYS$SHARE:CMA$OPEN_LIB_SHR/SHARE
-SYS$SHARE:CMA$OPEN_RTL/SHARE
-$EOD
-$!
-$! End The DEC C Option File Check.
-$!
-$ ENDIF
-$!
-$! End The Option File Search.
-$!
-$ ENDIF
-$!
-$! End The DEC C Check.
-$!
-$ ENDIF
-$!
-$! Tell The User What Linker Option File We Are Using.
-$!
-$ WRITE SYS$OUTPUT "Using Linker Option File ",OPT_FILE,"."
-$!
-$! Time To RETURN.
-$!
-$ RETURN
-$!
-$! Library Check.
-$!
-$ LIB_CHECK:
-$!
-$! Look For The Library LIBDES.OLB.
-$!
-$ IF (F$SEARCH(LIB_NAME).EQS."")
-$ THEN
-$!
-$! Tell The User We Can't Find The [.xxx.CRYPTO.DES]LIBDES.OLB Library.
-$!
-$ WRITE SYS$OUTPUT ""
-$ WRITE SYS$OUTPUT "Can't Find The Library ",LIB_NAME,"."
-$ WRITE SYS$OUTPUT "We Can't Link Without It."
-$ WRITE SYS$OUTPUT ""
-$!
-$! Since We Can't Link Without It, Exit.
-$!
-$ EXIT
-$ ENDIF
-$!
-$! Time To Return.
-$!
-$ RETURN
-$!
-$! Check The User's Options.
-$!
-$ CHECK_OPTIONS:
-$!
-$! Check To See If We Are To "Just Build Everything".
-$!
-$ IF (P1.EQS."ALL")
-$ THEN
-$!
-$! P1 Is "ALL", So Build Everything.
-$!
-$ BUILDALL = "TRUE"
-$!
-$! Else...
-$!
-$ ELSE
-$!
-$! Else, Check To See If P1 Has A Valid Argument.
-$!
-$ IF (P1.EQS."LIBRARY").OR.(P1.EQS."DESTEST").OR.(P1.EQS."SPEED") -
- .OR.(P1.EQS."RPW").OR.(P1.EQS."DES").OR.(P1.EQS."DES_OPTS")
-$ THEN
-$!
-$! A Valid Argument.
-$!
-$ BUILDALL = P1
-$!
-$! Else...
-$!
-$ ELSE
-$!
-$! Tell The User We Don't Know What They Want.
-$!
-$ WRITE SYS$OUTPUT ""
-$ WRITE SYS$OUTPUT "The Option ",P1," Is Invalid. The Valid Options Are:"
-$ WRITE SYS$OUTPUT ""
-$ WRITE SYS$OUTPUT " ALL : Just Build Everything."
-$ WRITE SYS$OUTPUT " LIBRARY : To Compile Just The [.xxx.EXE.CRYPTO.DES]LIBDES.OLB Library."
-$ WRITE SYS$OUTPUT " DESTEST : To Compile Just The [.xxx.EXE.CRYPTO.DES]DESTEST.EXE Program."
-$ WRITE SYS$OUTPUT " SPEED : To Compile Just The [.xxx.EXE.CRYPTO.DES]SPEED.EXE Program."
-$ WRITE SYS$OUTPUT " RPW : To Compile Just The [.xxx.EXE.CRYPTO.DES]RPW.EXE Program."
-$ WRITE SYS$OUTPUT " DES : To Compile Just The [.xxx.EXE.CRYPTO.DES]DES.EXE Program."
-$ WRITE SYS$OUTPUT " DES_OPTS : To Compile Just The [.xxx.EXE.CRYTPO.DES]DES_OPTS.EXE Program."
-$ WRITE SYS$OUTPUT ""
-$ WRITE SYS$OUTPUT " Where 'xxx' Stands For: "
-$ WRITE SYS$OUTPUT ""
-$ WRITE SYS$OUTPUT " ALPHA : Alpha Architecture."
-$ WRITE SYS$OUTPUT " IA64 : IA64 Architecture."
-$ WRITE SYS$OUTPUT " VAX : VAX Architecture."
-$ WRITE SYS$OUTPUT ""
-$!
-$! Time To EXIT.
-$!
-$ EXIT
-$!
-$! End The Valid Argument Check.
-$!
-$ ENDIF
-$!
-$! End The P1 Check.
-$!
-$ ENDIF
-$!
-$! Check To See If We Are To Compile Without Debugger Information.
-$!
-$ IF (P2.EQS."NODEBUG")
-$ THEN
-$!
-$! P2 Is Blank, So Compile Without Debugger Information.
-$!
-$ DEBUGGER = "NODEBUG"
-$ TRACEBACK = "NOTRACEBACK"
-$ GCC_OPTIMIZE = "OPTIMIZE"
-$ CC_OPTIMIZE = "OPTIMIZE"
-$ WRITE SYS$OUTPUT "No Debugger Information Will Be Produced During Compile."
-$ WRITE SYS$OUTPUT "Compiling With Compiler Optimization."
-$!
-$! Else...
-$!
-$ ELSE
-$!
-$! Check To See If We Are To Compile With Debugger Information.
-$!
-$ IF (P2.EQS."DEBUG")
-$ THEN
-$!
-$! Compile With Debugger Information.
-$!
-$ DEBUGGER = "DEBUG"
-$ TRACEBACK = "TRACEBACK"
-$ GCC_OPTIMIZE = "NOOPTIMIZE"
-$ CC_OPTIMIZE = "NOOPTIMIZE"
-$ WRITE SYS$OUTPUT "Debugger Information Will Be Produced During Compile."
-$ WRITE SYS$OUTPUT "Compiling Without Compiler Optimization."
-$!
-$! Else...
-$!
-$ ELSE
-$!
-$! Tell The User Entered An Invalid Option..
-$!
-$ WRITE SYS$OUTPUT ""
-$ WRITE SYS$OUTPUT "The Option ",P2," Is Invalid. The Valid Options Are:"
-$ WRITE SYS$OUTPUT ""
-$ WRITE SYS$OUTPUT " DEBUG : Compile With The Debugger Information."
-$ WRITE SYS$OUTPUT " NODEBUG : Compile Without The Debugger Information."
-$ WRITE SYS$OUTPUT ""
-$!
-$! Time To EXIT.
-$!
-$ EXIT
-$!
-$! End The Valid Argument Check.
-$!
-$ ENDIF
-$!
-$! End The P2 Check.
-$!
-$ ENDIF
-$!
-$! Special Threads For OpenVMS v7.1 Or Later.
-$!
-$! Written By: Richard Levitte
-$! ric...@levitte.org
-$!
-$!
-$! Check To See If We Have A Option For P4.
-$!
-$ IF (P4.EQS."")
-$ THEN
-$!
-$! Get The Version Of VMS We Are Using.
-$!
-$ ISSEVEN := ""
-$ TMP = F$ELEMENT(0,"-",F$EXTRACT(1,4,F$GETSYI("VERSION")))
-$ TMP = F$INTEGER(F$ELEMENT(0,".",TMP)+F$ELEMENT(1,".",TMP))
-$!
-$! Check To See If The VMS Version Is v7.1 Or Later.
-$!
-$ IF (TMP.GE.71)
-$ THEN
-$!
-$! We Have OpenVMS v7.1 Or Later, So Use The Special Threads.
-$!
-$ ISSEVEN := ,PTHREAD_USE_D4
-$!
-$! End The VMS Version Check.
-$!
-$ ENDIF
-$!
-$! End The P4 Check.
-$!
-$ ENDIF
-$!
-$! Check To See If P3 Is Blank.
-$!
-$ IF (P3.EQS."")
-$ THEN
-$!
-$! O.K., The User Didn't Specify A Compiler, Let's Try To
-$! Find Out Which One To Use.
-$!
-$! Check To See If We Have GNU C.
-$!
-$ IF (F$TRNLNM("GNU_CC").NES."")
-$ THEN
-$!
-$! Looks Like GNUC, Set To Use GNUC.
-$!
-$ P3 = "GNUC"
-$!
-$! Else...
-$!
-$ ELSE
-$!
-$! Check To See If We Have VAXC Or DECC.
-$!
-$ IF (ARCH.NES."VAX").OR.(F$TRNLNM("DECC$CC_DEFAULT").NES."")
-$ THEN
-$!
-$! Looks Like DECC, Set To Use DECC.
-$!
-$ P3 = "DECC"
-$!
-$! Else...
-$!
-$ ELSE
-$!
-$! Looks Like VAXC, Set To Use VAXC.
-$!
-$ P3 = "VAXC"
-$!
-$! End The VAXC Compiler Check.
-$!
-$ ENDIF
-$!
-$! End The DECC & VAXC Compiler Check.
-$!
-$ ENDIF
-$!
-$! End The Compiler Check.
-$!
-$ ENDIF
-$!
-$! Set Up Initial CC Definitions, Possibly With User Ones
-$!
-$ CCDEFS = ""
-$ IF F$TYPE(USER_CCDEFS) .NES. "" THEN CCDEFS = USER_CCDEFS
-$ CCEXTRAFLAGS = ""
-$ IF F$TYPE(USER_CCFLAGS) .NES. "" THEN CCEXTRAFLAGS = USER_CCFLAGS
-$ CCDISABLEWARNINGS = ""
-$ IF F$TYPE(USER_CCDISABLEWARNINGS) .NES. "" THEN -
- CCDISABLEWARNINGS = USER_CCDISABLEWARNINGS
-$!
-$! Check To See If The User Entered A Valid Paramter.
-$!
-$ IF (P3.EQS."VAXC").OR.(P3.EQS."DECC").OR.(P3.EQS."GNUC")
-$ THEN
-$!
-$! Check To See If The User Wanted DECC.
-$!
-$ IF (P3.EQS."DECC")
-$ THEN
-$!
-$! Looks Like DECC, Set To Use DECC.
-$!
-$ COMPILER = "DECC"
-$!
-$! Tell The User We Are Using DECC.
-$!
-$ WRITE SYS$OUTPUT "Using DECC 'C' Compiler."
-$!
-$! Use DECC...
-$!
-$ CC = "CC"
-$ IF ARCH.EQS."VAX" .AND. F$TRNLNM("DECC$CC_DEFAULT").NES."/DECC" -
- THEN CC = "CC/DECC"
-$ CC = CC + "/''CC_OPTIMIZE'/''DEBUGGER'/STANDARD=ANSI89" + -
- "/NOLIST/PREFIX=ALL" + CCEXTRAFLAGS
-$!
-$! Define The Linker Options File Name.
-$!
-$ OPT_FILE = "''EXE_DIR'VAX_DECC_OPTIONS.OPT"
-$!
-$! End DECC Check.
-$!
-$ ENDIF
-$!
-$! Check To See If We Are To Use VAXC.
-$!
-$ IF (P3.EQS."VAXC")
-$ THEN
-$!
-$! Looks Like VAXC, Set To Use VAXC.
-$!
-$ COMPILER = "VAXC"
-$!
-$! Tell The User We Are Using VAX C.
-$!
-$ WRITE SYS$OUTPUT "Using VAXC 'C' Compiler."
-$!
-$! Compile Using VAXC.
-$!
-$ CC = "CC"
-$ IF ARCH.NES."VAX"
-$ THEN
-$ WRITE SYS$OUTPUT "There is no VAX C on ''ARCH'!"
-$ EXIT
-$ ENDIF
-$ IF F$TRNLNM("DECC$CC_DEFAULT").EQS."/DECC" THEN CC = "CC/VAXC"
-$ CC = CC + "/''CC_OPTIMIZE'/''DEBUGGER'/NOLIST" + CCEXTRAFLAGS
-$ CCDEFS = """VAXC""," + CCDEFS
-$!
-$! Define <sys> As SYS$COMMON:[SYSLIB]
-$!
-$ DEFINE/NOLOG SYS SYS$COMMON:[SYSLIB]
-$!
-$! Define The Linker Options File Name.
-$!
-$ OPT_FILE = "''EXE_DIR'VAX_VAXC_OPTIONS.OPT"
-$!
-$! End VAXC Check
-$!
-$ ENDIF
-$!
-$! Check To See If We Are To Use GNU C.
-$!
-$ IF (P3.EQS."GNUC")
-$ THEN
-$!
-$! Looks Like GNUC, Set To Use GNUC.
-$!
-$ COMPILER = "GNUC"
-$!
-$! Tell The User We Are Using GNUC.
-$!
-$ WRITE SYS$OUTPUT "Using GNU 'C' Compiler."
-$!
-$! Use GNU C...
-$!
-$ CC = "GCC/NOCASE_HACK/''GCC_OPTIMIZE'/''DEBUGGER'/NOLIST" + CCEXTRAFLAGS
-$!
-$! Define The Linker Options File Name.
-$!
-$ OPT_FILE = "''EXE_DIR'VAX_GNUC_OPTIONS.OPT"
-$!
-$! End The GNU C Check.
-$!
-$ ENDIF
-$!
-$! Set up default defines
-$!
-$ CCDEFS = """FLAT_INC=1""," + CCDEFS
-$!
-$! Finish up the definition of CC.
-$!
-$ IF COMPILER .EQS. "DECC"
-$ THEN
-$ IF CCDISABLEWARNINGS .EQS. ""
-$ THEN
-$ CC4DISABLEWARNINGS = "DOLLARID"
-$ ELSE
-$ CC4DISABLEWARNINGS = CCDISABLEWARNINGS + ",DOLLARID"
-$ CCDISABLEWARNINGS = "/WARNING=(DISABLE=(" + CCDISABLEWARNINGS + "))"
-$ ENDIF
-$ CC4DISABLEWARNINGS = "/WARNING=(DISABLE=(" + CC4DISABLEWARNINGS + "))"
-$ ELSE
-$ CCDISABLEWARNINGS = ""
-$ CC4DISABLEWARNINGS = ""
-$ ENDIF
-$ CC = CC + "/DEFINE=(" + CCDEFS + ")" + CCDISABLEWARNINGS
-$!
-$! Show user the result
-$!
-$ WRITE SYS$OUTPUT "Main Compiling Command: ",CC
-$!
-$! Else The User Entered An Invalid Argument.
-$!
-$ ELSE
-$!
-$! Tell The User We Don't Know What They Want.
-$!
-$ WRITE SYS$OUTPUT ""
-$ WRITE SYS$OUTPUT "The Option ",P3," Is Invalid. The Valid Options Are:"
-$ WRITE SYS$OUTPUT ""
-$ WRITE SYS$OUTPUT " VAXC : To Compile With VAX C."
-$ WRITE SYS$OUTPUT " DECC : To Compile With DEC C."
-$ WRITE SYS$OUTPUT " GNUC : To Compile With GNU C."
-$ WRITE SYS$OUTPUT ""
-$!
-$! Time To EXIT.
-$!
-$ EXIT
-$!
-$! End The P3 Check.
-$!
-$ ENDIF
-$!
-$! Time To RETURN...
-$!
-$ RETURN
diff --git a/crypto/des/des.h b/crypto/des/des.h
index 589b73b..6bb037d 100644
--- a/crypto/des/des.h
+++ b/crypto/des/des.h
@@ -92,16 +92,6 @@ typedef struct DES_ks {
} ks[16];
} DES_key_schedule;

-# ifndef OPENSSL_DISABLE_OLD_DES_SUPPORT
-# ifndef OPENSSL_ENABLE_OLD_DES_SUPPORT
-# define OPENSSL_ENABLE_OLD_DES_SUPPORT
-# endif
-# endif
-
-# ifdef OPENSSL_ENABLE_OLD_DES_SUPPORT
-# include <openssl/des_old.h>
-# endif
-
# define DES_KEY_SZ (sizeof(DES_cblock))
# define DES_SCHEDULE_SZ (sizeof(DES_key_schedule))

diff --git a/crypto/des/des.pod b/crypto/des/des.pod
deleted file mode 100644
index b8daf61..0000000
--- a/crypto/des/des.pod
+++ /dev/null
@@ -1,219 +0,0 @@
-=pod
-
-=head1 NAME
-
-des - encrypt or decrypt data using Data Encryption Standard
-
-=head1 SYNOPSIS
-
-B<des>
-(
-B<-e>
-|
-B<-E>
-) | (
-B<-d>
-|
-B<-D>
-) | (
-B<->[B<cC>][B<ckname>]
-) |
-[
-B<-b3hfs>
-] [
-B<-k>
-I<key>
-]
-] [
-B<-u>[I<uuname>]
-[
-I<input-file>
-[
-I<output-file>
-] ]
-
-=head1 NOTE
-
-This page describes the B<des> stand-alone program, not the B<openssl des>
-command.
-
-=head1 DESCRIPTION
-
-B<des>
-encrypts and decrypts data using the
-Data Encryption Standard algorithm.
-One of
-B<-e>, B<-E>
-(for encrypt) or
-B<-d>, B<-D>
-(for decrypt) must be specified.
-It is also possible to use
-B<-c>
-or
-B<-C>
-in conjunction or instead of the a encrypt/decrypt option to generate
-a 16 character hexadecimal checksum, generated via the
-I<des_cbc_cksum>.
-
-Two standard encryption modes are supported by the
-B<des>
-program, Cipher Block Chaining (the default) and Electronic Code Book
-(specified with
-B<-b>).
-
-The key used for the DES
-algorithm is obtained by prompting the user unless the
-B<-k>
-I<key>
-option is given.
-If the key is an argument to the
-B<des>
-command, it is potentially visible to users executing
-ps(1)
-or a derivative. To minimise this possibility,
-B<des>
-takes care to destroy the key argument immediately upon entry.
-If your shell keeps a history file be careful to make sure it is not
-world readable.
-
-Since this program attempts to maintain compatibility with sunOS's
-des(1) command, there are 2 different methods used to convert the user
-supplied key to a des key.
-Whenever and one or more of
-B<-E>, B<-D>, B<-C>
-or
-B<-3>
-options are used, the key conversion procedure will not be compatible
-with the sunOS des(1) version but will use all the user supplied
-character to generate the des key.
-B<des>
-command reads from standard input unless
-I<input-file>
-is specified and writes to standard output unless
-I<output-file>
-is given.
-
-=head1 OPTIONS
-
-=over 4
-
-=item B<-b>
-
-Select ECB
-(eight bytes at a time) encryption mode.
-
-=item B<-3>
-
-Encrypt using triple encryption.
-By default triple cbc encryption is used but if the
-B<-b>
-option is used then triple ECB encryption is performed.
-If the key is less than 8 characters long, the flag has no effect.
-
-=item B<-e>
-
-Encrypt data using an 8 byte key in a manner compatible with sunOS
-des(1).
-
-=item B<-E>
-
-Encrypt data using a key of nearly unlimited length (1024 bytes).
-This will product a more secure encryption.
-
-=item B<-d>
-
-Decrypt data that was encrypted with the B<-e> option.
-
-=item B<-D>
-
-Decrypt data that was encrypted with the B<-E> option.
-
-=item B<-c>
-
-Generate a 16 character hexadecimal cbc checksum and output this to
-stderr.
-If a filename was specified after the
-B<-c>
-option, the checksum is output to that file.
-The checksum is generated using a key generated in a sunOS compatible
-manner.
-
-=item B<-C>
-
-A cbc checksum is generated in the same manner as described for the
-B<-c>
-option but the DES key is generated in the same manner as used for the
-B<-E>
-and
-B<-D>
-options
-
-=item B<-f>
-
-Does nothing - allowed for compatibility with sunOS des(1) command.
-
-=item B<-s>
-
-Does nothing - allowed for compatibility with sunOS des(1) command.
-
-=item B<-k> I<key>
-
-Use the encryption
-I<key>
-specified.
-
-=item B<-h>
-
-The
-I<key>
-is assumed to be a 16 character hexadecimal number.
-If the
-B<-3>
-option is used the key is assumed to be a 32 character hexadecimal
-number.
-
-=item B<-u>
-
-This flag is used to read and write uuencoded files. If decrypting,
-the input file is assumed to contain uuencoded, DES encrypted data.
-If encrypting, the characters following the B<-u> are used as the name of
-the uuencoded file to embed in the begin line of the uuencoded
-output. If there is no name specified after the B<-u>, the name text.des
-will be embedded in the header.
-
-=back
-
-=head1 SEE ALSO
-
-ps(1),
-L<des_crypt(3)|des_crypt(3)>
-
-=head1 BUGS
-
-The problem with using the
-B<-e>
-option is the short key length.
-It would be better to use a real 56-bit key rather than an
-ASCII-based 56-bit pattern. Knowing that the key was derived from ASCII
-radically reduces the time necessary for a brute-force cryptographic attack.
-My attempt to remove this problem is to add an alternative text-key to
-DES-key function. This alternative function (accessed via
-B<-E>, B<-D>, B<-S>
-and
-B<-3>)
-uses DES to help generate the key.
-
-Be carefully when using the B<-u> option. Doing B<des -ud> I<filename> will
-not decrypt filename (the B<-u> option will gobble the B<-d> option).
-
-The VMS operating system operates in a world where files are always a
-multiple of 512 bytes. This causes problems when encrypted data is
-send from Unix to VMS since a 88 byte file will suddenly be padded
-with 424 null bytes. To get around this problem, use the B<-u> option
-to uuencode the data before it is send to the VMS system.
-
-=head1 AUTHOR
-
-Eric Young (e...@cryptsoft.com)
-
-=cut
diff --git a/crypto/des/des3s.cpp b/crypto/des/des3s.cpp
deleted file mode 100644
index 02d527c..0000000
--- a/crypto/des/des3s.cpp
+++ /dev/null
@@ -1,67 +0,0 @@
-//
-// gettsc.inl
-//
-// gives access to the Pentium's (secret) cycle counter
-//
-// This software was written by Leonard Janke (ja...@unixg.ubc.ca)
-// in 1996-7 and is entered, by him, into the public domain.
-
-#if defined(__WATCOMC__)
-void GetTSC(unsigned long&);
-#pragma aux GetTSC = 0x0f 0x31 "mov [edi], eax" parm [edi] modify [edx eax];
-#elif defined(__GNUC__)
-inline
-void GetTSC(unsigned long& tsc)
-{
- asm volatile(".byte 15, 49\n\t"
- : "=eax" (tsc)
- :
- : "%edx", "%eax");
-}
-#elif defined(_MSC_VER)
-inline
-void GetTSC(unsigned long& tsc)
-{
- unsigned long a;
- __asm _emit 0fh
- __asm _emit 31h
- __asm mov a, eax;
- tsc=a;
-}
-#endif
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <openssl/des.h>
-
-void main(int argc,char *argv[])
- {
- des_key_schedule key1,key2,key3;
- unsigned long s1,s2,e1,e2;
- unsigned long data[2];
- int i,j;
-
- for (j=0; j<6; j++)
- {
- for (i=0; i<1000; i++) /**/
- {
- des_encrypt3(&data[0],key1,key2,key3);
- GetTSC(s1);
- des_encrypt3(&data[0],key1,key2,key3);
- des_encrypt3(&data[0],key1,key2,key3);
- des_encrypt3(&data[0],key1,key2,key3);
- GetTSC(e1);
- GetTSC(s2);
- des_encrypt3(&data[0],key1,key2,key3);
- des_encrypt3(&data[0],key1,key2,key3);
- des_encrypt3(&data[0],key1,key2,key3);
- des_encrypt3(&data[0],key1,key2,key3);
- GetTSC(e2);
- des_encrypt3(&data[0],key1,key2,key3);
- }
-
- printf("des %d %d (%d)\n",
- e1-s1,e2-s2,((e2-s2)-(e1-s1)));
- }
- }
-
diff --git a/crypto/des/des_old.c b/crypto/des/des_old.c
deleted file mode 100644
index 6bd88db..0000000
--- a/crypto/des/des_old.c
+++ /dev/null
@@ -1,335 +0,0 @@
-/* crypto/des/des_old.c -*- mode:C; c-file-style: "eay" -*- */
-
-/*-
- * WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
- *
- * The function names in here are deprecated and are only present to
- * provide an interface compatible with libdes. OpenSSL now provides
- * functions where "des_" has been replaced with "DES_" in the names,
- * to make it possible to make incompatible changes that are needed
- * for C type security and other stuff.
- *
- * Please consider starting to use the DES_ functions rather than the
- * des_ ones. The des_ functions will dissapear completely before
- * OpenSSL 1.0!
- *
- * WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
- */
-
-/*
- * Written by Richard Levitte (ric...@levitte.org) for the OpenSSL project
- * 2001.
- */
-/* ====================================================================
- * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved.

- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (e...@cryptsoft.com). This product includes software written by Tim
- * Hudson (t...@cryptsoft.com).
- *
- */
-
-#define OPENSSL_DES_LIBDES_COMPATIBILITY
-#include <openssl/des.h>
-#include <openssl/rand.h>
-
-const char *_ossl_old_des_options(void)
-{
- return DES_options();
-}
-
-void _ossl_old_des_ecb3_encrypt(_ossl_old_des_cblock *input,
- _ossl_old_des_cblock *output,
- des_key_schedule ks1, des_key_schedule ks2,
- des_key_schedule ks3, int enc)
-{
- DES_ecb3_encrypt((const_DES_cblock *)input, output,
- (DES_key_schedule *)ks1, (DES_key_schedule *)ks2,
- (DES_key_schedule *)ks3, enc);
-}
-
-DES_LONG _ossl_old_des_cbc_cksum(_ossl_old_des_cblock *input,
- _ossl_old_des_cblock *output, long length,
- des_key_schedule schedule,
- _ossl_old_des_cblock *ivec)
-{
- return DES_cbc_cksum((unsigned char *)input, output, length,
- (DES_key_schedule *)schedule, ivec);
-}
-
-void _ossl_old_des_cbc_encrypt(_ossl_old_des_cblock *input,
- _ossl_old_des_cblock *output, long length,
- des_key_schedule schedule,
- _ossl_old_des_cblock *ivec, int enc)
-{
- DES_cbc_encrypt((unsigned char *)input, (unsigned char *)output,
- length, (DES_key_schedule *)schedule, ivec, enc);
-}
-
-void _ossl_old_des_ncbc_encrypt(_ossl_old_des_cblock *input,
- _ossl_old_des_cblock *output, long length,
- des_key_schedule schedule,
- _ossl_old_des_cblock *ivec, int enc)
-{
- DES_ncbc_encrypt((unsigned char *)input, (unsigned char *)output,
- length, (DES_key_schedule *)schedule, ivec, enc);
-}
-
-void _ossl_old_des_xcbc_encrypt(_ossl_old_des_cblock *input,
- _ossl_old_des_cblock *output, long length,
- des_key_schedule schedule,
- _ossl_old_des_cblock *ivec,
- _ossl_old_des_cblock *inw,
- _ossl_old_des_cblock *outw, int enc)
-{
- DES_xcbc_encrypt((unsigned char *)input, (unsigned char *)output,
- length, (DES_key_schedule *)schedule, ivec, inw, outw,
- enc);
-}
-
-void _ossl_old_des_cfb_encrypt(unsigned char *in, unsigned char *out,
- int numbits, long length,
- des_key_schedule schedule,
- _ossl_old_des_cblock *ivec, int enc)
-{
- DES_cfb_encrypt(in, out, numbits, length,
- (DES_key_schedule *)schedule, ivec, enc);
-}
-
-void _ossl_old_des_ecb_encrypt(_ossl_old_des_cblock *input,
- _ossl_old_des_cblock *output,
- des_key_schedule ks, int enc)
-{
- DES_ecb_encrypt(input, output, (DES_key_schedule *)ks, enc);
-}
-
-void _ossl_old_des_encrypt(DES_LONG *data, des_key_schedule ks, int enc)
-{
- DES_encrypt1(data, (DES_key_schedule *)ks, enc);
-}
-
-void _ossl_old_des_encrypt2(DES_LONG *data, des_key_schedule ks, int enc)
-{
- DES_encrypt2(data, (DES_key_schedule *)ks, enc);
-}
-
-void _ossl_old_des_encrypt3(DES_LONG *data, des_key_schedule ks1,
- des_key_schedule ks2, des_key_schedule ks3)
-{
- DES_encrypt3(data, (DES_key_schedule *)ks1, (DES_key_schedule *)ks2,
- (DES_key_schedule *)ks3);
-}
-
-void _ossl_old_des_decrypt3(DES_LONG *data, des_key_schedule ks1,
- des_key_schedule ks2, des_key_schedule ks3)
-{
- DES_decrypt3(data, (DES_key_schedule *)ks1, (DES_key_schedule *)ks2,
- (DES_key_schedule *)ks3);
-}
-
-void _ossl_old_des_ede3_cbc_encrypt(_ossl_old_des_cblock *input,
- _ossl_old_des_cblock *output, long length,
- des_key_schedule ks1,
- des_key_schedule ks2,
- des_key_schedule ks3,
- _ossl_old_des_cblock *ivec, int enc)
-{
- DES_ede3_cbc_encrypt((unsigned char *)input, (unsigned char *)output,
- length, (DES_key_schedule *)ks1,
- (DES_key_schedule *)ks2, (DES_key_schedule *)ks3,
- ivec, enc);
-}
-
-void _ossl_old_des_ede3_cfb64_encrypt(unsigned char *in, unsigned char *out,
- long length, des_key_schedule ks1,
- des_key_schedule ks2,
- des_key_schedule ks3,
- _ossl_old_des_cblock *ivec, int *num,
- int enc)
-{
- DES_ede3_cfb64_encrypt(in, out, length,
- (DES_key_schedule *)ks1, (DES_key_schedule *)ks2,
- (DES_key_schedule *)ks3, ivec, num, enc);
-}
-
-void _ossl_old_des_ede3_ofb64_encrypt(unsigned char *in, unsigned char *out,
- long length, des_key_schedule ks1,
- des_key_schedule ks2,
- des_key_schedule ks3,
- _ossl_old_des_cblock *ivec, int *num)
-{
- DES_ede3_ofb64_encrypt(in, out, length,
- (DES_key_schedule *)ks1, (DES_key_schedule *)ks2,
- (DES_key_schedule *)ks3, ivec, num);
-}
-
-int _ossl_old_des_enc_read(int fd, char *buf, int len, des_key_schedule sched,
- _ossl_old_des_cblock *iv)
-{
- return DES_enc_read(fd, buf, len, (DES_key_schedule *)sched, iv);
-}
-
-int _ossl_old_des_enc_write(int fd, char *buf, int len,
- des_key_schedule sched, _ossl_old_des_cblock *iv)
-{
- return DES_enc_write(fd, buf, len, (DES_key_schedule *)sched, iv);
-}
-
-char *_ossl_old_des_fcrypt(const char *buf, const char *salt, char *ret)
-{
- return DES_fcrypt(buf, salt, ret);
-}
-
-char *_ossl_old_des_crypt(const char *buf, const char *salt)
-{
- return DES_crypt(buf, salt);
-}
-
-char *_ossl_old_crypt(const char *buf, const char *salt)
-{
- return DES_crypt(buf, salt);
-}
-
-void _ossl_old_des_ofb_encrypt(unsigned char *in, unsigned char *out,
- int numbits, long length,
- des_key_schedule schedule,
- _ossl_old_des_cblock *ivec)
-{
- DES_ofb_encrypt(in, out, numbits, length, (DES_key_schedule *)schedule,
- ivec);
-}
-
-void _ossl_old_des_pcbc_encrypt(_ossl_old_des_cblock *input,
- _ossl_old_des_cblock *output, long length,
- des_key_schedule schedule,
- _ossl_old_des_cblock *ivec, int enc)
-{
- DES_pcbc_encrypt((unsigned char *)input, (unsigned char *)output,
- length, (DES_key_schedule *)schedule, ivec, enc);
-}
-
-DES_LONG _ossl_old_des_quad_cksum(_ossl_old_des_cblock *input,
- _ossl_old_des_cblock *output, long length,
- int out_count, _ossl_old_des_cblock *seed)
-{
- return DES_quad_cksum((unsigned char *)input, output, length,
- out_count, seed);
-}
-
-void _ossl_old_des_random_seed(_ossl_old_des_cblock key)
-{
- RAND_seed(key, sizeof(_ossl_old_des_cblock));
-}
-
-void _ossl_old_des_random_key(_ossl_old_des_cblock ret)
-{
- DES_random_key((DES_cblock *)ret);
-}
-
-int _ossl_old_des_read_password(_ossl_old_des_cblock *key, const char *prompt,
- int verify)
-{
- return DES_read_password(key, prompt, verify);
-}
-
-int _ossl_old_des_read_2passwords(_ossl_old_des_cblock *key1,
- _ossl_old_des_cblock *key2,
- const char *prompt, int verify)
-{
- return DES_read_2passwords(key1, key2, prompt, verify);
-}
-
-void _ossl_old_des_set_odd_parity(_ossl_old_des_cblock *key)
-{
- DES_set_odd_parity(key);
-}
-
-int _ossl_old_des_is_weak_key(_ossl_old_des_cblock *key)
-{
- return DES_is_weak_key(key);
-}
-
-int _ossl_old_des_set_key(_ossl_old_des_cblock *key,
- des_key_schedule schedule)
-{
- return DES_set_key(key, (DES_key_schedule *)schedule);
-}
-
-int _ossl_old_des_key_sched(_ossl_old_des_cblock *key,
- des_key_schedule schedule)
-{
- return DES_key_sched(key, (DES_key_schedule *)schedule);
-}
-
-void _ossl_old_des_string_to_key(char *str, _ossl_old_des_cblock *key)
-{
- DES_string_to_key(str, key);
-}
-
-void _ossl_old_des_string_to_2keys(char *str, _ossl_old_des_cblock *key1,
- _ossl_old_des_cblock *key2)
-{
- DES_string_to_2keys(str, key1, key2);
-}
-
-void _ossl_old_des_cfb64_encrypt(unsigned char *in, unsigned char *out,
- long length, des_key_schedule schedule,
- _ossl_old_des_cblock *ivec, int *num,
- int enc)
-{
- DES_cfb64_encrypt(in, out, length, (DES_key_schedule *)schedule,
- ivec, num, enc);
-}
-
-void _ossl_old_des_ofb64_encrypt(unsigned char *in, unsigned char *out,
- long length, des_key_schedule schedule,
- _ossl_old_des_cblock *ivec, int *num)
-{
- DES_ofb64_encrypt(in, out, length, (DES_key_schedule *)schedule,
- ivec, num);
-}
diff --git a/crypto/des/des_old.h b/crypto/des/des_old.h
deleted file mode 100644
index 998ac09..0000000
--- a/crypto/des/des_old.h
+++ /dev/null
@@ -1,477 +0,0 @@
-/* crypto/des/des_old.h -*- mode:C; c-file-style: "eay" -*- */
-
-/*-
- * WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
- *
- * The function names in here are deprecated and are only present to
- * provide an interface compatible with openssl 0.9.6 and older as
- * well as libdes. OpenSSL now provides functions where "des_" has
- * been replaced with "DES_" in the names, to make it possible to
- * make incompatible changes that are needed for C type security and
- * other stuff.
- *
- * This include files has two compatibility modes:
- *
- * - If OPENSSL_DES_LIBDES_COMPATIBILITY is defined, you get an API
- * that is compatible with libdes and SSLeay.
- * - If OPENSSL_DES_LIBDES_COMPATIBILITY isn't defined, you get an
- * API that is compatible with OpenSSL 0.9.5x to 0.9.6x.
- *
- * Note that these modes break earlier snapshots of OpenSSL, where
- * libdes compatibility was the only available mode or (later on) the
- * prefered compatibility mode. However, after much consideration
- * (and more or less violent discussions with external parties), it
- * was concluded that OpenSSL should be compatible with earlier versions
- * of itself before anything else. Also, in all honesty, libdes is
- * an old beast that shouldn't really be used any more.
- *
- * Please consider starting to use the DES_ functions rather than the
- * des_ ones. The des_ functions will disappear completely before
- * OpenSSL 1.0!
- *
- * WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
- */
-
-/*
- * Written by Richard Levitte (ric...@levitte.org) for the OpenSSL project
- * 2001.
- */
-/* ====================================================================
- * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.

- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (e...@cryptsoft.com). This product includes software written by Tim
- * Hudson (t...@cryptsoft.com).
- *
- */
-
-#ifndef HEADER_DES_H
-# define HEADER_DES_H
-
-# include <openssl/e_os2.h> /* OPENSSL_EXTERN, OPENSSL_NO_DES, DES_LONG */
-
-# ifdef OPENSSL_NO_DES
-# error DES is disabled.
-# endif
-
-# ifndef HEADER_NEW_DES_H
-# error You must include des.h, not des_old.h directly.
-# endif
-
-# ifdef _KERBEROS_DES_H
-# error <openssl/des_old.h> replaces <kerberos/des.h>.
-# endif
-
-# include <openssl/symhacks.h>
-
-# ifdef OPENSSL_BUILD_SHLIBCRYPTO
-# undef OPENSSL_EXTERN
-# define OPENSSL_EXTERN OPENSSL_EXPORT
-# endif
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-# ifdef _
-# undef _
-# endif
-
-typedef unsigned char _ossl_old_des_cblock[8];
-typedef struct _ossl_old_des_ks_struct {
- union {
- _ossl_old_des_cblock _;
- /*
- * make sure things are correct size on machines with 8 byte longs
- */
- DES_LONG pad[2];
- } ks;
-} _ossl_old_des_key_schedule[16];
-
-# ifndef OPENSSL_DES_LIBDES_COMPATIBILITY
-# define des_cblock DES_cblock
-# define const_des_cblock const_DES_cblock
-# define des_key_schedule DES_key_schedule
-# define des_ecb3_encrypt(i,o,k1,k2,k3,e)\
- DES_ecb3_encrypt((i),(o),&(k1),&(k2),&(k3),(e))
-# define des_ede3_cbc_encrypt(i,o,l,k1,k2,k3,iv,e)\
- DES_ede3_cbc_encrypt((i),(o),(l),&(k1),&(k2),&(k3),(iv),(e))
-# define des_ede3_cfb64_encrypt(i,o,l,k1,k2,k3,iv,n,e)\
- DES_ede3_cfb64_encrypt((i),(o),(l),&(k1),&(k2),&(k3),(iv),(n),(e))
-# define des_ede3_ofb64_encrypt(i,o,l,k1,k2,k3,iv,n)\
- DES_ede3_ofb64_encrypt((i),(o),(l),&(k1),&(k2),&(k3),(iv),(n))
-# define des_options()\
- DES_options()
-# define des_cbc_cksum(i,o,l,k,iv)\
- DES_cbc_cksum((i),(o),(l),&(k),(iv))
-# define des_cbc_encrypt(i,o,l,k,iv,e)\
- DES_cbc_encrypt((i),(o),(l),&(k),(iv),(e))
-# define des_ncbc_encrypt(i,o,l,k,iv,e)\
- DES_ncbc_encrypt((i),(o),(l),&(k),(iv),(e))
-# define des_xcbc_encrypt(i,o,l,k,iv,inw,outw,e)\
- DES_xcbc_encrypt((i),(o),(l),&(k),(iv),(inw),(outw),(e))
-# define des_cfb_encrypt(i,o,n,l,k,iv,e)\
- DES_cfb_encrypt((i),(o),(n),(l),&(k),(iv),(e))
-# define des_ecb_encrypt(i,o,k,e)\
- DES_ecb_encrypt((i),(o),&(k),(e))
-# define des_encrypt1(d,k,e)\
- DES_encrypt1((d),&(k),(e))
-# define des_encrypt2(d,k,e)\
- DES_encrypt2((d),&(k),(e))
-# define des_encrypt3(d,k1,k2,k3)\
- DES_encrypt3((d),&(k1),&(k2),&(k3))
-# define des_decrypt3(d,k1,k2,k3)\
- DES_decrypt3((d),&(k1),&(k2),&(k3))
-# define des_xwhite_in2out(k,i,o)\
- DES_xwhite_in2out((k),(i),(o))
-# define des_enc_read(f,b,l,k,iv)\
- DES_enc_read((f),(b),(l),&(k),(iv))
-# define des_enc_write(f,b,l,k,iv)\
- DES_enc_write((f),(b),(l),&(k),(iv))
-# define des_fcrypt(b,s,r)\
- DES_fcrypt((b),(s),(r))
-# define des_ofb_encrypt(i,o,n,l,k,iv)\
- DES_ofb_encrypt((i),(o),(n),(l),&(k),(iv))
-# define des_pcbc_encrypt(i,o,l,k,iv,e)\
- DES_pcbc_encrypt((i),(o),(l),&(k),(iv),(e))
-# define des_quad_cksum(i,o,l,c,s)\
- DES_quad_cksum((i),(o),(l),(c),(s))
-# define des_random_seed(k)\
- _ossl_096_des_random_seed((k))
-# define des_random_key(r)\
- DES_random_key((r))
-# define des_read_password(k,p,v) \
- DES_read_password((k),(p),(v))
-# define des_read_2passwords(k1,k2,p,v) \
- DES_read_2passwords((k1),(k2),(p),(v))
-# define des_set_odd_parity(k)\
- DES_set_odd_parity((k))
-# define des_check_key_parity(k)\
- DES_check_key_parity((k))
-# define des_is_weak_key(k)\
- DES_is_weak_key((k))
-# define des_set_key(k,ks)\
- DES_set_key((k),&(ks))
-# define des_key_sched(k,ks)\
- DES_key_sched((k),&(ks))
-# define des_set_key_checked(k,ks)\
- DES_set_key_checked((k),&(ks))
-# define des_set_key_unchecked(k,ks)\
- DES_set_key_unchecked((k),&(ks))
-# define des_string_to_key(s,k)\
- DES_string_to_key((s),(k))
-# define des_string_to_2keys(s,k1,k2)\
- DES_string_to_2keys((s),(k1),(k2))
-# define des_cfb64_encrypt(i,o,l,ks,iv,n,e)\
- DES_cfb64_encrypt((i),(o),(l),&(ks),(iv),(n),(e))
-# define des_ofb64_encrypt(i,o,l,ks,iv,n)\
- DES_ofb64_encrypt((i),(o),(l),&(ks),(iv),(n))
-
-# define des_ecb2_encrypt(i,o,k1,k2,e) \
- des_ecb3_encrypt((i),(o),(k1),(k2),(k1),(e))
-
-# define des_ede2_cbc_encrypt(i,o,l,k1,k2,iv,e) \
- des_ede3_cbc_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(e))
-
-# define des_ede2_cfb64_encrypt(i,o,l,k1,k2,iv,n,e) \
- des_ede3_cfb64_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(n),(e))
-
-# define des_ede2_ofb64_encrypt(i,o,l,k1,k2,iv,n) \
- des_ede3_ofb64_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(n))
-
-# define des_check_key DES_check_key
-# define des_rw_mode DES_rw_mode
-# else /* libdes compatibility */
-/*
- * Map all symbol names to _ossl_old_des_* form, so we avoid all clashes with
- * libdes
- */
-# define des_cblock _ossl_old_des_cblock
-# define des_key_schedule _ossl_old_des_key_schedule
-# define des_ecb3_encrypt(i,o,k1,k2,k3,e)\
- _ossl_old_des_ecb3_encrypt((i),(o),(k1),(k2),(k3),(e))
-# define des_ede3_cbc_encrypt(i,o,l,k1,k2,k3,iv,e)\
- _ossl_old_des_ede3_cbc_encrypt((i),(o),(l),(k1),(k2),(k3),(iv),(e))
-# define des_ede3_cfb64_encrypt(i,o,l,k1,k2,k3,iv,n,e)\
- _ossl_old_des_ede3_cfb64_encrypt((i),(o),(l),(k1),(k2),(k3),(iv),(n),(e))
-# define des_ede3_ofb64_encrypt(i,o,l,k1,k2,k3,iv,n)\
- _ossl_old_des_ede3_ofb64_encrypt((i),(o),(l),(k1),(k2),(k3),(iv),(n))
-# define des_options()\
- _ossl_old_des_options()
-# define des_cbc_cksum(i,o,l,k,iv)\
- _ossl_old_des_cbc_cksum((i),(o),(l),(k),(iv))
-# define des_cbc_encrypt(i,o,l,k,iv,e)\
- _ossl_old_des_cbc_encrypt((i),(o),(l),(k),(iv),(e))
-# define des_ncbc_encrypt(i,o,l,k,iv,e)\
- _ossl_old_des_ncbc_encrypt((i),(o),(l),(k),(iv),(e))
-# define des_xcbc_encrypt(i,o,l,k,iv,inw,outw,e)\
- _ossl_old_des_xcbc_encrypt((i),(o),(l),(k),(iv),(inw),(outw),(e))
-# define des_cfb_encrypt(i,o,n,l,k,iv,e)\
- _ossl_old_des_cfb_encrypt((i),(o),(n),(l),(k),(iv),(e))
-# define des_ecb_encrypt(i,o,k,e)\
- _ossl_old_des_ecb_encrypt((i),(o),(k),(e))
-# define des_encrypt(d,k,e)\
- _ossl_old_des_encrypt((d),(k),(e))
-# define des_encrypt2(d,k,e)\
- _ossl_old_des_encrypt2((d),(k),(e))
-# define des_encrypt3(d,k1,k2,k3)\
- _ossl_old_des_encrypt3((d),(k1),(k2),(k3))
-# define des_decrypt3(d,k1,k2,k3)\
- _ossl_old_des_decrypt3((d),(k1),(k2),(k3))
-# define des_xwhite_in2out(k,i,o)\
- _ossl_old_des_xwhite_in2out((k),(i),(o))
-# define des_enc_read(f,b,l,k,iv)\
- _ossl_old_des_enc_read((f),(b),(l),(k),(iv))
-# define des_enc_write(f,b,l,k,iv)\
- _ossl_old_des_enc_write((f),(b),(l),(k),(iv))
-# define des_fcrypt(b,s,r)\
- _ossl_old_des_fcrypt((b),(s),(r))
-# define des_crypt(b,s)\
- _ossl_old_des_crypt((b),(s))
-# define des_ofb_encrypt(i,o,n,l,k,iv)\
- _ossl_old_des_ofb_encrypt((i),(o),(n),(l),(k),(iv))
-# define des_pcbc_encrypt(i,o,l,k,iv,e)\
- _ossl_old_des_pcbc_encrypt((i),(o),(l),(k),(iv),(e))
-# define des_quad_cksum(i,o,l,c,s)\
- _ossl_old_des_quad_cksum((i),(o),(l),(c),(s))
-# define des_random_seed(k)\
- _ossl_old_des_random_seed((k))
-# define des_random_key(r)\
- _ossl_old_des_random_key((r))
-# define des_read_password(k,p,v) \
- _ossl_old_des_read_password((k),(p),(v))
-# define des_read_2passwords(k1,k2,p,v) \
- _ossl_old_des_read_2passwords((k1),(k2),(p),(v))
-# define des_set_odd_parity(k)\
- _ossl_old_des_set_odd_parity((k))
-# define des_is_weak_key(k)\
- _ossl_old_des_is_weak_key((k))
-# define des_set_key(k,ks)\
- _ossl_old_des_set_key((k),(ks))
-# define des_key_sched(k,ks)\
- _ossl_old_des_key_sched((k),(ks))
-# define des_string_to_key(s,k)\
- _ossl_old_des_string_to_key((s),(k))
-# define des_string_to_2keys(s,k1,k2)\
- _ossl_old_des_string_to_2keys((s),(k1),(k2))
-# define des_cfb64_encrypt(i,o,l,ks,iv,n,e)\
- _ossl_old_des_cfb64_encrypt((i),(o),(l),(ks),(iv),(n),(e))
-# define des_ofb64_encrypt(i,o,l,ks,iv,n)\
- _ossl_old_des_ofb64_encrypt((i),(o),(l),(ks),(iv),(n))
-
-# define des_ecb2_encrypt(i,o,k1,k2,e) \
- des_ecb3_encrypt((i),(o),(k1),(k2),(k1),(e))
-
-# define des_ede2_cbc_encrypt(i,o,l,k1,k2,iv,e) \
- des_ede3_cbc_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(e))
-
-# define des_ede2_cfb64_encrypt(i,o,l,k1,k2,iv,n,e) \
- des_ede3_cfb64_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(n),(e))
-
-# define des_ede2_ofb64_encrypt(i,o,l,k1,k2,iv,n) \
- des_ede3_ofb64_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(n))
-
-# define des_check_key DES_check_key
-# define des_rw_mode DES_rw_mode
-# endif
-
-const char *_ossl_old_des_options(void);
-void _ossl_old_des_ecb3_encrypt(_ossl_old_des_cblock *input,
- _ossl_old_des_cblock *output,
- _ossl_old_des_key_schedule ks1,
- _ossl_old_des_key_schedule ks2,
- _ossl_old_des_key_schedule ks3, int enc);
-DES_LONG _ossl_old_des_cbc_cksum(_ossl_old_des_cblock *input,
- _ossl_old_des_cblock *output, long length,
- _ossl_old_des_key_schedule schedule,
- _ossl_old_des_cblock *ivec);
-void _ossl_old_des_cbc_encrypt(_ossl_old_des_cblock *input,
- _ossl_old_des_cblock *output, long length,
- _ossl_old_des_key_schedule schedule,
- _ossl_old_des_cblock *ivec, int enc);
-void _ossl_old_des_ncbc_encrypt(_ossl_old_des_cblock *input,
- _ossl_old_des_cblock *output, long length,
- _ossl_old_des_key_schedule schedule,
- _ossl_old_des_cblock *ivec, int enc);
-void _ossl_old_des_xcbc_encrypt(_ossl_old_des_cblock *input,
- _ossl_old_des_cblock *output, long length,
- _ossl_old_des_key_schedule schedule,
- _ossl_old_des_cblock *ivec,
- _ossl_old_des_cblock *inw,
- _ossl_old_des_cblock *outw, int enc);
-void _ossl_old_des_cfb_encrypt(unsigned char *in, unsigned char *out,
- int numbits, long length,
- _ossl_old_des_key_schedule schedule,
- _ossl_old_des_cblock *ivec, int enc);
-void _ossl_old_des_ecb_encrypt(_ossl_old_des_cblock *input,
- _ossl_old_des_cblock *output,
- _ossl_old_des_key_schedule ks, int enc);
-void _ossl_old_des_encrypt(DES_LONG *data, _ossl_old_des_key_schedule ks,
- int enc);
-void _ossl_old_des_encrypt2(DES_LONG *data, _ossl_old_des_key_schedule ks,
- int enc);
-void _ossl_old_des_encrypt3(DES_LONG *data, _ossl_old_des_key_schedule ks1,
- _ossl_old_des_key_schedule ks2,
- _ossl_old_des_key_schedule ks3);
-void _ossl_old_des_decrypt3(DES_LONG *data, _ossl_old_des_key_schedule ks1,
- _ossl_old_des_key_schedule ks2,
- _ossl_old_des_key_schedule ks3);
-void _ossl_old_des_ede3_cbc_encrypt(_ossl_old_des_cblock *input,
- _ossl_old_des_cblock *output, long length,
- _ossl_old_des_key_schedule ks1,
- _ossl_old_des_key_schedule ks2,
- _ossl_old_des_key_schedule ks3,
- _ossl_old_des_cblock *ivec, int enc);
-void _ossl_old_des_ede3_cfb64_encrypt(unsigned char *in, unsigned char *out,
- long length,
- _ossl_old_des_key_schedule ks1,
- _ossl_old_des_key_schedule ks2,
- _ossl_old_des_key_schedule ks3,
- _ossl_old_des_cblock *ivec, int *num,
- int enc);
-void _ossl_old_des_ede3_ofb64_encrypt(unsigned char *in, unsigned char *out,
- long length,
- _ossl_old_des_key_schedule ks1,
- _ossl_old_des_key_schedule ks2,
- _ossl_old_des_key_schedule ks3,
- _ossl_old_des_cblock *ivec, int *num);
-int _ossl_old_des_enc_read(int fd, char *buf, int len,
- _ossl_old_des_key_schedule sched,
- _ossl_old_des_cblock *iv);
-int _ossl_old_des_enc_write(int fd, char *buf, int len,
- _ossl_old_des_key_schedule sched,
- _ossl_old_des_cblock *iv);
-char *_ossl_old_des_fcrypt(const char *buf, const char *salt, char *ret);
-char *_ossl_old_des_crypt(const char *buf, const char *salt);
-# if !defined(PERL5)
-char *_ossl_old_crypt(const char *buf, const char *salt);
-# endif
-void _ossl_old_des_ofb_encrypt(unsigned char *in, unsigned char *out,
- int numbits, long length,
- _ossl_old_des_key_schedule schedule,
- _ossl_old_des_cblock *ivec);
-void _ossl_old_des_pcbc_encrypt(_ossl_old_des_cblock *input,
- _ossl_old_des_cblock *output, long length,
- _ossl_old_des_key_schedule schedule,
- _ossl_old_des_cblock *ivec, int enc);
-DES_LONG _ossl_old_des_quad_cksum(_ossl_old_des_cblock *input,
- _ossl_old_des_cblock *output, long length,
- int out_count, _ossl_old_des_cblock *seed);
-void _ossl_old_des_random_seed(_ossl_old_des_cblock key);
-void _ossl_old_des_random_key(_ossl_old_des_cblock ret);
-int _ossl_old_des_read_password(_ossl_old_des_cblock *key, const char *prompt,
- int verify);
-int _ossl_old_des_read_2passwords(_ossl_old_des_cblock *key1,
- _ossl_old_des_cblock *key2,
- const char *prompt, int verify);
-void _ossl_old_des_set_odd_parity(_ossl_old_des_cblock *key);
-int _ossl_old_des_is_weak_key(_ossl_old_des_cblock *key);
-int _ossl_old_des_set_key(_ossl_old_des_cblock *key,
- _ossl_old_des_key_schedule schedule);
-int _ossl_old_des_key_sched(_ossl_old_des_cblock *key,
- _ossl_old_des_key_schedule schedule);
-void _ossl_old_des_string_to_key(char *str, _ossl_old_des_cblock *key);
-void _ossl_old_des_string_to_2keys(char *str, _ossl_old_des_cblock *key1,
- _ossl_old_des_cblock *key2);
-void _ossl_old_des_cfb64_encrypt(unsigned char *in, unsigned char *out,
- long length,
- _ossl_old_des_key_schedule schedule,
- _ossl_old_des_cblock *ivec, int *num,
- int enc);
-void _ossl_old_des_ofb64_encrypt(unsigned char *in, unsigned char *out,
- long length,
- _ossl_old_des_key_schedule schedule,
- _ossl_old_des_cblock *ivec, int *num);
-
-void _ossl_096_des_random_seed(des_cblock *key);
-
-/*
- * The following definitions provide compatibility with the MIT Kerberos
- * library. The _ossl_old_des_key_schedule structure is not binary
- * compatible.
- */
-
-# define _KERBEROS_DES_H
-
-# define KRBDES_ENCRYPT DES_ENCRYPT
-# define KRBDES_DECRYPT DES_DECRYPT
-
-# ifdef KERBEROS
-# define ENCRYPT DES_ENCRYPT
-# define DECRYPT DES_DECRYPT
-# endif
-
-# ifndef NCOMPAT
-# define C_Block des_cblock
-# define Key_schedule des_key_schedule
-# define KEY_SZ DES_KEY_SZ
-# define string_to_key des_string_to_key
-# define read_pw_string des_read_pw_string
-# define random_key des_random_key
-# define pcbc_encrypt des_pcbc_encrypt
-# define set_key des_set_key
-# define key_sched des_key_sched
-# define ecb_encrypt des_ecb_encrypt
-# define cbc_encrypt des_cbc_encrypt
-# define ncbc_encrypt des_ncbc_encrypt
-# define xcbc_encrypt des_xcbc_encrypt
-# define cbc_cksum des_cbc_cksum
-# define quad_cksum des_quad_cksum
-# define check_parity des_check_key_parity
-# endif
-
-# define des_fixup_key_parity DES_fixup_key_parity
-
-#ifdef __cplusplus
-}
-#endif
-
-/* for DES_read_pw_string et al */
-# include <openssl/ui_compat.h>
-
-#endif
diff --git a/crypto/des/des_old2.c b/crypto/des/des_old2.c
deleted file mode 100644
index f7d28a6..0000000
--- a/crypto/des/des_old2.c
+++ /dev/null
@@ -1,80 +0,0 @@
-/* crypto/des/des_old.c -*- mode:C; c-file-style: "eay" -*- */
-
-/*
- * WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING The
- * function names in here are deprecated and are only present to provide an
- * interface compatible with OpenSSL 0.9.6c. OpenSSL now provides functions
- * where "des_" has been replaced with "DES_" in the names, to make it
- * possible to make incompatible changes that are needed for C type security
- * and other stuff. Please consider starting to use the DES_ functions
- * rather than the des_ ones. The des_ functions will dissapear completely
- * before OpenSSL 1.0! WARNING WARNING WARNING WARNING WARNING WARNING
- * WARNING WARNING
- */
-
-/*
- * Written by Richard Levitte (ric...@levitte.org) for the OpenSSL project
- * 2001.
- */
-/* ====================================================================
- * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved.

- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (e...@cryptsoft.com). This product includes software written by Tim
- * Hudson (t...@cryptsoft.com).
- *
- */
-
-#undef OPENSSL_DES_LIBDES_COMPATIBILITY
-#include <openssl/des.h>
-#include <openssl/rand.h>
-
-void _ossl_096_des_random_seed(DES_cblock *key)
-{
- RAND_seed(key, sizeof(DES_cblock));
-}
diff --git a/crypto/des/dess.cpp b/crypto/des/dess.cpp
deleted file mode 100644
index 5549bab..0000000
--- a/crypto/des/dess.cpp
+++ /dev/null
@@ -1,67 +0,0 @@
-//
-// gettsc.inl
-//
-// gives access to the Pentium's (secret) cycle counter
-//
-// This software was written by Leonard Janke (ja...@unixg.ubc.ca)
-// in 1996-7 and is entered, by him, into the public domain.
-
-#if defined(__WATCOMC__)
-void GetTSC(unsigned long&);
-#pragma aux GetTSC = 0x0f 0x31 "mov [edi], eax" parm [edi] modify [edx eax];
-#elif defined(__GNUC__)
-inline
-void GetTSC(unsigned long& tsc)
-{
- asm volatile(".byte 15, 49\n\t"
- : "=eax" (tsc)
- :
- : "%edx", "%eax");
-}
-#elif defined(_MSC_VER)
-inline
-void GetTSC(unsigned long& tsc)
-{
- unsigned long a;
- __asm _emit 0fh
- __asm _emit 31h
- __asm mov a, eax;
- tsc=a;
-}
-#endif
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <openssl/des.h>
-
-void main(int argc,char *argv[])
- {
- des_key_schedule key;
- unsigned long s1,s2,e1,e2;
- unsigned long data[2];
- int i,j;
-
- for (j=0; j<6; j++)
- {
- for (i=0; i<1000; i++) /**/
- {
- des_encrypt1(&data[0],key,1);
- GetTSC(s1);
- des_encrypt1(&data[0],key,1);
- des_encrypt1(&data[0],key,1);
- des_encrypt1(&data[0],key,1);
- GetTSC(e1);
- GetTSC(s2);
- des_encrypt1(&data[0],key,1);
- des_encrypt1(&data[0],key,1);
- des_encrypt1(&data[0],key,1);
- des_encrypt1(&data[0],key,1);
- GetTSC(e2);
- des_encrypt1(&data[0],key,1);
- }
-
- printf("des %d %d (%d)\n",
- e1-s1,e2-s2,((e2-s2)-(e1-s1)));
- }
- }
-
diff --git a/crypto/des/destest.c b/crypto/des/destest.c
index 14f4dfe..406e6de 100644
--- a/crypto/des/destest.c
+++ b/crypto/des/destest.c
@@ -357,8 +357,8 @@ int main(int argc, char *argv[])
{
int j, err = 0;
unsigned int i;
- des_cblock in, out, outin, iv3;
- des_key_schedule ks, ks2, ks3;
+ DES_cblock in, out, outin, iv3;
+ DES_key_schedule ks, ks2, ks3;
unsigned char cbc_in[40];
unsigned char cbc_out[40];
DES_LONG cs;
@@ -373,8 +373,8 @@ int main(int argc, char *argv[])
memcpy(in, plain_data[i], 8);
memset(out, 0, 8);
memset(outin, 0, 8);
- des_ecb_encrypt(&in, &out, ks, DES_ENCRYPT);
- des_ecb_encrypt(&out, &outin, ks, DES_DECRYPT);
+ DES_ecb_encrypt(&in, &out, &ks, DES_ENCRYPT);
+ DES_ecb_encrypt(&out, &outin, &ks, DES_DECRYPT);

if (memcmp(out, cipher_data[i], 8) != 0) {
printf("Encryption error %2d\nk=%s p=%s o=%s act=%s\n",
@@ -398,8 +398,8 @@ int main(int argc, char *argv[])
memcpy(in, plain_data[i], 8);
memset(out, 0, 8);
memset(outin, 0, 8);
- des_ecb2_encrypt(&in, &out, ks, ks2, DES_ENCRYPT);
- des_ecb2_encrypt(&out, &outin, ks, ks2, DES_DECRYPT);
+ DES_ecb3_encrypt(&in,&out,&ks,&ks2,&ks,DES_ENCRYPT);
+ DES_ecb3_encrypt(&out,&outin,&ks,&ks2,&ks,DES_DECRYPT);

if (memcmp(out, cipher_ecb2[i], 8) != 0) {
printf("Encryption error %2d\nk=%s p=%s o=%s act=%s\n",
@@ -423,7 +423,7 @@ int main(int argc, char *argv[])
memset(cbc_out, 0, 40);
memset(cbc_in, 0, 40);
memcpy(iv3, cbc_iv, sizeof(cbc_iv));
- des_ncbc_encrypt(cbc_data, cbc_out, strlen((char *)cbc_data) + 1, ks,
+ DES_ncbc_encrypt(cbc_data, cbc_out, strlen((char *)cbc_data) + 1, &ks,
&iv3, DES_ENCRYPT);
if (memcmp(cbc_out, cbc_ok, 32) != 0) {
printf("cbc_encrypt encrypt error\n");
@@ -431,7 +431,7 @@ int main(int argc, char *argv[])
}

memcpy(iv3, cbc_iv, sizeof(cbc_iv));
- des_ncbc_encrypt(cbc_out, cbc_in, strlen((char *)cbc_data) + 1, ks,
+ DES_ncbc_encrypt(cbc_out, cbc_in, strlen((char *)cbc_data) + 1, &ks,
&iv3, DES_DECRYPT);
if (memcmp(cbc_in, cbc_data, strlen((char *)cbc_data)) != 0) {
printf("cbc_encrypt decrypt error\n");
@@ -446,14 +446,14 @@ int main(int argc, char *argv[])
memset(cbc_out, 0, 40);
memset(cbc_in, 0, 40);
memcpy(iv3, cbc_iv, sizeof(cbc_iv));
- des_xcbc_encrypt(cbc_data, cbc_out, strlen((char *)cbc_data) + 1, ks,
+ DES_xcbc_encrypt(cbc_data, cbc_out, strlen((char *)cbc_data) + 1, &ks,
&iv3, &cbc2_key, &cbc3_key, DES_ENCRYPT);
if (memcmp(cbc_out, xcbc_ok, 32) != 0) {
printf("des_xcbc_encrypt encrypt error\n");
err = 1;
}
memcpy(iv3, cbc_iv, sizeof(cbc_iv));
- des_xcbc_encrypt(cbc_out, cbc_in, strlen((char *)cbc_data) + 1, ks,
+ DES_xcbc_encrypt(cbc_out, cbc_in, strlen((char *)cbc_data) + 1, &ks,
&iv3, &cbc2_key, &cbc3_key, DES_DECRYPT);
if (memcmp(cbc_in, cbc_data, strlen((char *)cbc_data) + 1) != 0) {
printf("des_xcbc_encrypt decrypt error\n");
@@ -480,10 +480,10 @@ int main(int argc, char *argv[])
/* i=((i+7)/8)*8; */
memcpy(iv3, cbc_iv, sizeof(cbc_iv));

- des_ede3_cbc_encrypt(cbc_data, cbc_out, 16L, ks, ks2, ks3, &iv3,
+ DES_ede3_cbc_encrypt(cbc_data, cbc_out, 16L, &ks, &ks2, &ks3, &iv3,
DES_ENCRYPT);
- des_ede3_cbc_encrypt(&(cbc_data[16]), &(cbc_out[16]), i - 16, ks, ks2,
- ks3, &iv3, DES_ENCRYPT);
+ DES_ede3_cbc_encrypt(&(cbc_data[16]), &(cbc_out[16]), i - 16, &ks, &ks2,
+ &ks3, &iv3, DES_ENCRYPT);
if (memcmp
(cbc_out, cbc3_ok,
(unsigned int)(strlen((char *)cbc_data) + 1 + 7) / 8 * 8) != 0) {
@@ -500,11 +500,11 @@ int main(int argc, char *argv[])
}

memcpy(iv3, cbc_iv, sizeof(cbc_iv));
- des_ede3_cbc_encrypt(cbc_out, cbc_in, i, ks, ks2, ks3, &iv3, DES_DECRYPT);
+ DES_ede3_cbc_encrypt(cbc_out, cbc_in, i, &ks, &ks2, &ks3, &iv3, DES_DECRYPT);
if (memcmp(cbc_in, cbc_data, strlen((char *)cbc_data) + 1) != 0) {
unsigned int n;

- printf("des_ede3_cbc_encrypt decrypt error\n");
+ printf("DES_ede3_cbc_encrypt decrypt error\n");
for (n = 0; n < i; ++n)
printf(" %02x", cbc_data[n]);
printf("\n");
@@ -521,13 +521,13 @@ int main(int argc, char *argv[])
}
memset(cbc_out, 0, 40);
memset(cbc_in, 0, 40);
- des_pcbc_encrypt(cbc_data, cbc_out, strlen((char *)cbc_data) + 1, ks,
+ DES_pcbc_encrypt(cbc_data, cbc_out, strlen((char *)cbc_data) + 1, &ks,
&cbc_iv, DES_ENCRYPT);
if (memcmp(cbc_out, pcbc_ok, 32) != 0) {
printf("pcbc_encrypt encrypt error\n");
err = 1;
}
- des_pcbc_encrypt(cbc_out, cbc_in, strlen((char *)cbc_data) + 1, ks,
+ DES_pcbc_encrypt(cbc_out, cbc_in, strlen((char *)cbc_data) + 1, &ks,
&cbc_iv, DES_DECRYPT);
if (memcmp(cbc_in, cbc_data, strlen((char *)cbc_data) + 1) != 0) {
printf("pcbc_encrypt decrypt error\n");
@@ -551,8 +551,8 @@ int main(int argc, char *argv[])

memcpy(cfb_tmp, cfb_iv, sizeof(cfb_iv));
for (i = 0; i < sizeof(plain); i++)
- des_cfb_encrypt(&(plain[i]), &(cfb_buf1[i]),
- 8, 1, ks, &cfb_tmp, DES_ENCRYPT);
+ DES_cfb_encrypt(&(plain[i]), &(cfb_buf1[i]),
+ 8, 1, &ks, &cfb_tmp, DES_ENCRYPT);
if (memcmp(cfb_cipher8, cfb_buf1, sizeof(plain)) != 0) {
printf("cfb_encrypt small encrypt error\n");
err = 1;
@@ -560,8 +560,8 @@ int main(int argc, char *argv[])

memcpy(cfb_tmp, cfb_iv, sizeof(cfb_iv));
for (i = 0; i < sizeof(plain); i++)
- des_cfb_encrypt(&(cfb_buf1[i]), &(cfb_buf2[i]),
- 8, 1, ks, &cfb_tmp, DES_DECRYPT);
+ DES_cfb_encrypt(&(cfb_buf1[i]), &(cfb_buf2[i]),
+ 8, 1, &ks, &cfb_tmp, DES_DECRYPT);
if (memcmp(plain, cfb_buf2, sizeof(plain)) != 0) {
printf("cfb_encrypt small decrypt error\n");
err = 1;
@@ -575,7 +575,7 @@ int main(int argc, char *argv[])
printf("Doing ofb\n");
DES_set_key_checked(&ofb_key, &ks);
memcpy(ofb_tmp, ofb_iv, sizeof(ofb_iv));
- des_ofb_encrypt(plain, ofb_buf1, 64, sizeof(plain) / 8, ks, &ofb_tmp);
+ DES_ofb_encrypt(plain, ofb_buf1, 64, sizeof(plain) / 8, &ks, &ofb_tmp);
if (memcmp(ofb_cipher, ofb_buf1, sizeof(ofb_buf1)) != 0) {
printf("ofb_encrypt encrypt error\n");
printf("%02X %02X %02X %02X %02X %02X %02X %02X\n",
@@ -589,7 +589,7 @@ int main(int argc, char *argv[])
err = 1;
}
memcpy(ofb_tmp, ofb_iv, sizeof(ofb_iv));
- des_ofb_encrypt(ofb_buf1, ofb_buf2, 64, sizeof(ofb_buf1) / 8, ks,
+ DES_ofb_encrypt(ofb_buf1, ofb_buf2, 64, sizeof(ofb_buf1) / 8, &ks,
&ofb_tmp);
if (memcmp(plain, ofb_buf2, sizeof(ofb_buf2)) != 0) {
printf("ofb_encrypt decrypt error\n");
@@ -610,7 +610,7 @@ int main(int argc, char *argv[])
memset(ofb_buf2, 0, sizeof(ofb_buf1));
num = 0;
for (i = 0; i < sizeof(plain); i++) {
- des_ofb64_encrypt(&(plain[i]), &(ofb_buf1[i]), 1, ks, &ofb_tmp, &num);
+ DES_ofb64_encrypt(&(plain[i]), &(ofb_buf1[i]), 1, &ks, &ofb_tmp, &num);
}
if (memcmp(ofb_cipher, ofb_buf1, sizeof(ofb_buf1)) != 0) {
printf("ofb64_encrypt encrypt error\n");
@@ -618,7 +618,7 @@ int main(int argc, char *argv[])
}
memcpy(ofb_tmp, ofb_iv, sizeof(ofb_iv));
num = 0;
- des_ofb64_encrypt(ofb_buf1, ofb_buf2, sizeof(ofb_buf1), ks, &ofb_tmp,
+ DES_ofb64_encrypt(ofb_buf1, ofb_buf2, sizeof(ofb_buf1), &ks, &ofb_tmp,
&num);
if (memcmp(plain, ofb_buf2, sizeof(ofb_buf2)) != 0) {
printf("ofb64_encrypt decrypt error\n");
@@ -632,8 +632,8 @@ int main(int argc, char *argv[])
memset(ofb_buf2, 0, sizeof(ofb_buf1));
num = 0;
for (i = 0; i < sizeof(plain); i++) {
- des_ede3_ofb64_encrypt(&(plain[i]), &(ofb_buf1[i]), 1, ks, ks,
- ks, &ofb_tmp, &num);
+ DES_ede3_ofb64_encrypt(&(plain[i]), &(ofb_buf1[i]), 1, &ks, &ks,
+ &ks, &ofb_tmp, &num);
}
if (memcmp(ofb_cipher, ofb_buf1, sizeof(ofb_buf1)) != 0) {
printf("ede_ofb64_encrypt encrypt error\n");
@@ -641,7 +641,7 @@ int main(int argc, char *argv[])
}
memcpy(ofb_tmp, ofb_iv, sizeof(ofb_iv));
num = 0;
- des_ede3_ofb64_encrypt(ofb_buf1, ofb_buf2, sizeof(ofb_buf1), ks, ks, ks,
+ DES_ede3_ofb64_encrypt(ofb_buf1, ofb_buf2, sizeof(ofb_buf1), &ks, &ks, &ks,
&ofb_tmp, &num);
if (memcmp(plain, ofb_buf2, sizeof(ofb_buf2)) != 0) {
printf("ede_ofb64_encrypt decrypt error\n");
@@ -650,7 +650,7 @@ int main(int argc, char *argv[])

printf("Doing cbc_cksum\n");
DES_set_key_checked(&cbc_key, &ks);
- cs = des_cbc_cksum(cbc_data, &cret, strlen((char *)cbc_data), ks,
+ cs = DES_cbc_cksum(cbc_data, &cret, strlen((char *)cbc_data), &ks,
&cbc_iv);
if (cs != cbc_cksum_ret) {
printf("bad return value (%08lX), should be %08lX\n",
@@ -663,9 +663,9 @@ int main(int argc, char *argv[])
}

printf("Doing quad_cksum\n");
- cs = des_quad_cksum(cbc_data, (des_cblock *)lqret,
+ cs = DES_quad_cksum(cbc_data, (DES_cblock *)lqret,
(long)strlen((char *)cbc_data), 2,
- (des_cblock *)cbc_iv);
+ (DES_cblock *)cbc_iv);
if (cs != 0x70d7a63aL) {
printf("quad_cksum error, ret %08lx should be 70d7a63a\n",
(unsigned long)cs);
@@ -696,15 +696,15 @@ int main(int argc, char *argv[])
printf("input word alignment test");
for (i = 0; i < 4; i++) {
printf(" %d", i);
- des_ncbc_encrypt(&(cbc_out[i]), cbc_in,
- strlen((char *)cbc_data) + 1, ks,
+ DES_ncbc_encrypt(&(cbc_out[i]), cbc_in,
+ strlen((char *)cbc_data) + 1, &ks,
&cbc_iv, DES_ENCRYPT);
}
printf("\noutput word alignment test");
for (i = 0; i < 4; i++) {
printf(" %d", i);
- des_ncbc_encrypt(cbc_out, &(cbc_in[i]),
- strlen((char *)cbc_data) + 1, ks,
+ DES_ncbc_encrypt(cbc_out, &(cbc_in[i]),
+ strlen((char *)cbc_data) + 1, &ks,
&cbc_iv, DES_ENCRYPT);
}
printf("\n");
@@ -749,12 +749,12 @@ static char *pt(unsigned char *p)

static int cfb_test(int bits, unsigned char *cfb_cipher)
{
- des_key_schedule ks;
+ DES_key_schedule ks;
int i, err = 0;

DES_set_key_checked(&cfb_key, &ks);
memcpy(cfb_tmp, cfb_iv, sizeof(cfb_iv));
- des_cfb_encrypt(plain, cfb_buf1, bits, sizeof(plain), ks, &cfb_tmp,
+ DES_cfb_encrypt(plain, cfb_buf1, bits, sizeof(plain), &ks, &cfb_tmp,
DES_ENCRYPT);
if (memcmp(cfb_cipher, cfb_buf1, sizeof(plain)) != 0) {
err = 1;
@@ -763,7 +763,7 @@ static int cfb_test(int bits, unsigned char *cfb_cipher)
printf("%s\n", pt(&(cfb_buf1[i])));
}
memcpy(cfb_tmp, cfb_iv, sizeof(cfb_iv));
- des_cfb_encrypt(cfb_buf1, cfb_buf2, bits, sizeof(plain), ks, &cfb_tmp,
+ DES_cfb_encrypt(cfb_buf1, cfb_buf2, bits, sizeof(plain), &ks, &cfb_tmp,
DES_DECRYPT);
if (memcmp(plain, cfb_buf2, sizeof(plain)) != 0) {
err = 1;
@@ -776,14 +776,14 @@ static int cfb_test(int bits, unsigned char *cfb_cipher)

static int cfb64_test(unsigned char *cfb_cipher)

{
- des_key_schedule ks;
+ DES_key_schedule ks;
int err = 0, i, n;

DES_set_key_checked(&cfb_key, &ks);
memcpy(cfb_tmp, cfb_iv, sizeof(cfb_iv));
n = 0;
- des_cfb64_encrypt(plain, cfb_buf1, 12, ks, &cfb_tmp, &n, DES_ENCRYPT);
- des_cfb64_encrypt(&(plain[12]), &(cfb_buf1[12]), sizeof(plain) - 12, ks,
+ DES_cfb64_encrypt(plain, cfb_buf1, 12, &ks, &cfb_tmp, &n, DES_ENCRYPT);
+ DES_cfb64_encrypt(&(plain[12]), &(cfb_buf1[12]), sizeof(plain) - 12, &ks,
&cfb_tmp, &n, DES_ENCRYPT);
if (memcmp(cfb_cipher, cfb_buf1, sizeof(plain)) != 0) {
err = 1;
@@ -793,9 +793,9 @@ static int cfb64_test(unsigned char *cfb_cipher)
}
memcpy(cfb_tmp, cfb_iv, sizeof(cfb_iv));
n = 0;
- des_cfb64_encrypt(cfb_buf1, cfb_buf2, 17, ks, &cfb_tmp, &n, DES_DECRYPT);
- des_cfb64_encrypt(&(cfb_buf1[17]), &(cfb_buf2[17]),
- sizeof(plain) - 17, ks, &cfb_tmp, &n, DES_DECRYPT);
+ DES_cfb64_encrypt(cfb_buf1, cfb_buf2, 17, &ks, &cfb_tmp, &n, DES_DECRYPT);
+ DES_cfb64_encrypt(&(cfb_buf1[17]), &(cfb_buf2[17]),
+ sizeof(plain) - 17, &ks, &cfb_tmp, &n, DES_DECRYPT);
if (memcmp(plain, cfb_buf2, sizeof(plain)) != 0) {
err = 1;
printf("cfb_encrypt decrypt error\n");
@@ -807,16 +807,16 @@ static int cfb64_test(unsigned char *cfb_cipher)

static int ede_cfb64_test(unsigned char *cfb_cipher)
{
- des_key_schedule ks;
+ DES_key_schedule ks;
int err = 0, i, n;

DES_set_key_checked(&cfb_key, &ks);
memcpy(cfb_tmp, cfb_iv, sizeof(cfb_iv));
n = 0;
- des_ede3_cfb64_encrypt(plain, cfb_buf1, 12, ks, ks, ks, &cfb_tmp, &n,
+ DES_ede3_cfb64_encrypt(plain, cfb_buf1, 12, &ks, &ks, &ks, &cfb_tmp, &n,
DES_ENCRYPT);
- des_ede3_cfb64_encrypt(&(plain[12]), &(cfb_buf1[12]),
- sizeof(plain) - 12, ks, ks, ks,
+ DES_ede3_cfb64_encrypt(&(plain[12]), &(cfb_buf1[12]),
+ sizeof(plain) - 12, &ks, &ks, &ks,
&cfb_tmp, &n, DES_ENCRYPT);
if (memcmp(cfb_cipher, cfb_buf1, sizeof(plain)) != 0) {
err = 1;
@@ -826,10 +826,10 @@ static int ede_cfb64_test(unsigned char *cfb_cipher)
}
memcpy(cfb_tmp, cfb_iv, sizeof(cfb_iv));
n = 0;
- des_ede3_cfb64_encrypt(cfb_buf1, cfb_buf2, (long)17, ks, ks, ks,
+ DES_ede3_cfb64_encrypt(cfb_buf1, cfb_buf2, (long)17, &ks, &ks, &ks,
&cfb_tmp, &n, DES_DECRYPT);
- des_ede3_cfb64_encrypt(&(cfb_buf1[17]), &(cfb_buf2[17]),
- sizeof(plain) - 17, ks, ks, ks,
+ DES_ede3_cfb64_encrypt(&(cfb_buf1[17]), &(cfb_buf2[17]),
+ sizeof(plain) - 17, &ks, &ks, &ks,
&cfb_tmp, &n, DES_DECRYPT);
if (memcmp(plain, cfb_buf2, sizeof(plain)) != 0) {
err = 1;
diff --git a/crypto/des/makefile.bc b/crypto/des/makefile.bc
deleted file mode 100644
index c121f7c..0000000
--- a/crypto/des/makefile.bc
+++ /dev/null
@@ -1,50 +0,0 @@
-#
-# Original BC Makefile from Teun <Teun.N...@kub.nl>
-#
-#
-CC = bcc
-TLIB = tlib /0 /C
-# note: the -3 flag produces code for 386, 486, Pentium etc; omit it for 286s
-OPTIMIZE= -3 -O2
-#WINDOWS= -W
-CFLAGS = -c -ml -d $(OPTIMIZE) $(WINDOWS) -DMSDOS
-LFLAGS = -ml $(WINDOWS)
-
-.c.obj:
- $(CC) $(CFLAGS) $*.c
-
-.obj.exe:
- $(CC) $(LFLAGS) -e$*.exe $*.obj libdes.lib
-
-all: $(LIB) destest.exe rpw.exe des.exe speed.exe
-
-# "make clean": use a directory containing only libdes .exe and .obj files...
-clean:
- del *.exe
- del *.obj
- del libdes.lib
- del libdes.rsp
-
-OBJS= cbc_cksm.obj cbc_enc.obj ecb_enc.obj pcbc_enc.obj \
- qud_cksm.obj rand_key.obj set_key.obj str2key.obj \
- enc_read.obj enc_writ.obj fcrypt.obj cfb_enc.obj \
- ecb3_enc.obj ofb_enc.obj cbc3_enc.obj read_pwd.obj\
- cfb64enc.obj ofb64enc.obj ede_enc.obj cfb64ede.obj\
- ofb64ede.obj supp.obj
-
-LIB= libdes.lib
-
-$(LIB): $(OBJS)
- del $(LIB)
- makersp "+%s &\n" &&|
- $(OBJS)
-| >libdes.rsp
- $(TLIB) libdes.lib @libdes.rsp,nul
- del libdes.rsp
-
-destest.exe: destest.obj libdes.lib
-rpw.exe: rpw.obj libdes.lib
-speed.exe: speed.obj libdes.lib
-des.exe: des.obj libdes.lib
-
-
diff --git a/crypto/des/options.txt b/crypto/des/options.txt
deleted file mode 100644
index 6e2b50f..0000000
--- a/crypto/des/options.txt
+++ /dev/null
@@ -1,39 +0,0 @@
-Note that the UNROLL option makes the 'inner' des loop unroll all 16 rounds
-instead of the default 4.
-RISC1 and RISC2 are 2 alternatives for the inner loop and
-PTR means to use pointers arithmatic instead of arrays.
-
-FreeBSD - Pentium Pro 200mhz - gcc 2.7.2.2 - assembler 577,000 4620k/s
-IRIX 6.2 - R10000 195mhz - cc (-O3 -n32) - UNROLL RISC2 PTR 496,000 3968k/s
-solaris 2.5.1 usparc 167mhz?? - SC4.0 - UNROLL RISC1 PTR [1] 459,400 3672k/s
-FreeBSD - Pentium Pro 200mhz - gcc 2.7.2.2 - UNROLL RISC1 433,000 3468k/s
-solaris 2.5.1 usparc 167mhz?? - gcc 2.7.2 - UNROLL 380,000 3041k/s
-linux - pentium 100mhz - gcc 2.7.0 - assembler 281,000 2250k/s
-NT 4.0 - pentium 100mhz - VC 4.2 - assembler 281,000 2250k/s
-AIX 4.1? - PPC604 100mhz - cc - UNROLL 275,000 2200k/s
-IRIX 5.3 - R4400 200mhz - gcc 2.6.3 - UNROLL RISC2 PTR 235,300 1882k/s
-IRIX 5.3 - R4400 200mhz - cc - UNROLL RISC2 PTR 233,700 1869k/s
-NT 4.0 - pentium 100mhz - VC 4.2 - UNROLL RISC1 PTR 191,000 1528k/s
-DEC Alpha 165mhz?? - cc - RISC2 PTR [2] 181,000 1448k/s
-linux - pentium 100mhz - gcc 2.7.0 - UNROLL RISC1 PTR 158,500 1268k/s
-HPUX 10 - 9000/887 - cc - UNROLL [3] 148,000 1190k/s
-solaris 2.5.1 - sparc 10 50mhz - gcc 2.7.2 - UNROLL 123,600 989k/s
-IRIX 5.3 - R4000 100mhz - cc - UNROLL RISC2 PTR 101,000 808k/s
-DGUX - 88100 50mhz(?) - gcc 2.6.3 - UNROLL 81,000 648k/s
-solaris 2.4 486 50mhz - gcc 2.6.3 - assembler 65,000 522k/s
-HPUX 10 - 9000/887 - k&r cc (default compiler) - UNROLL PTR 76,000 608k/s
-solaris 2.4 486 50mhz - gcc 2.6.3 - UNROLL RISC2 43,500 344k/s
-AIX - old slow one :-) - cc - 39,000 312k/s
-
-Notes.
-[1] For the ultra sparc, SunC 4.0
- cc -xtarget=ultra -xarch=v8plus -Xa -xO5, running 'des_opts'
- gives a speed of 344,000 des/s while 'speed' gives 459,000 des/s.
- I'll record the higher since it is coming from the library but it
- is all rather weird.
-[2] Similar to the ultra sparc ([1]), 181,000 for 'des_opts' vs 175,000.
-[3] I was unable to get access to this machine when it was not heavily loaded.
- As such, my timing program was never able to get more that %30 of the CPU.
- This would cause the program to give much lower speed numbers because
- it would be 'fighting' to stay in the cache with the other CPU burning
- processes.
diff --git a/crypto/des/read_pwd.c b/crypto/des/read_pwd.c
deleted file mode 100644
index 42903d6..0000000
--- a/crypto/des/read_pwd.c
+++ /dev/null
@@ -1,493 +0,0 @@
-/* crypto/des/read_pwd.c */
-/* Copyright (C) 1995-1998 Eric Young (e...@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (e...@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (t...@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.

- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:

- * 1. Redistributions of source code must retain the copyright

- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright

- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (e...@cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (t...@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <openssl/e_os2.h>
-#if !defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_VMS) && !defined(OPENSSL_SYS_WIN32)
-# ifdef OPENSSL_UNISTD
-# include OPENSSL_UNISTD
-# else
-# include <unistd.h>
-# endif
-/*
- * If unistd.h defines _POSIX_VERSION, we conclude that we are on a POSIX
- * system and have sigaction and termios.
- */
-# if defined(_POSIX_VERSION)
-
-# define SIGACTION
-# if !defined(TERMIOS) && !defined(TERMIO) && !defined(SGTTY)
-# define TERMIOS
-# endif
-
-# endif
-#endif
-
-/* Define this if you have sigaction() */
-/* #define SIGACTION */
-
-/* 06-Apr-92 Luke Brennan Support for VMS */
-#include "des_locl.h"
-#include "cryptlib.h"
-#include <signal.h>
-#include <stdio.h>
-#include <string.h>
-#include <setjmp.h>
-#include <errno.h>
-
-#ifdef OPENSSL_SYS_VMS /* prototypes for sys$whatever */
-# include <starlet.h>
-# ifdef __DECC
-# pragma message disable DOLLARID
-# endif
-#endif
-
-#ifdef WIN_CONSOLE_BUG
-# include <windows.h>
-# ifndef OPENSSL_SYS_WINCE
-# include <wincon.h>
-# endif
-#endif
-
-/*
- * There are 5 types of terminal interface supported, TERMIO, TERMIOS, VMS,
- * MSDOS and SGTTY
- */
-
-#if defined(__sgi) && !defined(TERMIOS)
-# define TERMIOS
-# undef TERMIO
-# undef SGTTY
-#endif
-
-#if defined(linux) && !defined(TERMIO)
-# undef TERMIOS
-# define TERMIO
-# undef SGTTY
-#endif
-
-#ifdef _LIBC
-# undef TERMIOS
-# define TERMIO
-# undef SGTTY
-#endif
-
-#if !defined(TERMIO) && !defined(TERMIOS) && !defined(OPENSSL_SYS_VMS) && !defined(OPENSSL_SYS_MSDOS)
-# undef TERMIOS
-# undef TERMIO
-# define SGTTY
-#endif
-
-#if defined(OPENSSL_SYS_VXWORKS)
-# undef TERMIOS
-# undef TERMIO
-# undef SGTTY
-#endif
-
-#ifdef TERMIOS
-# include <termios.h>
-# define TTY_STRUCT struct termios
-# define TTY_FLAGS c_lflag
-# define TTY_get(tty,data) tcgetattr(tty,data)
-# define TTY_set(tty,data) tcsetattr(tty,TCSANOW,data)
-#endif
-
-#ifdef TERMIO
-# include <termio.h>
-# define TTY_STRUCT struct termio
-# define TTY_FLAGS c_lflag
-# define TTY_get(tty,data) ioctl(tty,TCGETA,data)
-# define TTY_set(tty,data) ioctl(tty,TCSETA,data)
-#endif
-
-#ifdef SGTTY
-# include <sgtty.h>
-# define TTY_STRUCT struct sgttyb
-# define TTY_FLAGS sg_flags
-# define TTY_get(tty,data) ioctl(tty,TIOCGETP,data)
-# define TTY_set(tty,data) ioctl(tty,TIOCSETP,data)
-#endif
-
-#if !defined(_LIBC) && !defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_VMS)
-# include <sys/ioctl.h>
-#endif
-
-#if defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_WINCE)
-# include <conio.h>
-# define fgets(a,b,c) noecho_fgets(a,b,c)
-#endif
-
-#ifdef OPENSSL_SYS_VMS
-# include <ssdef.h>
-# include <iodef.h>
-# include <ttdef.h>
-# include <descrip.h>
-struct IOSB {
- short iosb$w_value;
- short iosb$w_count;
- long iosb$l_info;
-};
-#endif
-
-#ifndef NX509_SIG
-# define NX509_SIG 32
-#endif
-
-static void read_till_nl(FILE *);
-static void recsig(int);
-static void pushsig(void);
-static void popsig(void);
-#if defined(OPENSSL_SYS_MSDOS)
-static int noecho_fgets(char *buf, int size, FILE *tty);
-#endif
-#ifdef SIGACTION
-static struct sigaction savsig[NX509_SIG];
-#else
-static void (*savsig[NX509_SIG]) (int);
-#endif
-static jmp_buf save;
-
-int des_read_pw_string(char *buf, int length, const char *prompt, int verify)
-{
- char buff[BUFSIZ];
- int ret;
-
- ret =
- des_read_pw(buf, buff, (length > BUFSIZ) ? BUFSIZ : length, prompt,
- verify);
- OPENSSL_cleanse(buff, BUFSIZ);

- return (ret);
-}
-

-#ifdef OPENSSL_SYS_WINCE
-
-int des_read_pw(char *buf, char *buff, int size, const char *prompt,
- int verify)
-{
- memset(buf, 0, size);
- memset(buff, 0, size);

- return (0);
-}
-

-#else /* !OPENSSL_SYS_WINCE */
-
-static void read_till_nl(FILE *in)
-{
-# define SIZE 4
- char buf[SIZE + 1];
-
- do {
- fgets(buf, SIZE, in);
- } while (strchr(buf, '\n') == NULL);
-}
-
-/* return 0 if ok, 1 (or -1) otherwise */
-int des_read_pw(char *buf, char *buff, int size, const char *prompt,
- int verify)
-{
-# ifdef OPENSSL_SYS_VMS
- struct IOSB iosb;
- $DESCRIPTOR(terminal, "TT");
- long tty_orig[3], tty_new[3];
- long status;
- unsigned short channel = 0;
-# else
-# if !defined(OPENSSL_SYS_MSDOS) || defined(__DJGPP__)
- TTY_STRUCT tty_orig, tty_new;
-# endif
-# endif
- int number;
- int ok;
- /*
- * statics are simply to avoid warnings about longjmp clobbering things
- */
- static int ps;
- int is_a_tty;
- static FILE *tty;
- char *p;
-
- if (setjmp(save)) {
- ok = 0;
- goto error;
- }
-
- number = 5;
- ok = 0;
- ps = 0;
- is_a_tty = 1;
- tty = NULL;
-
-# ifdef OPENSSL_SYS_MSDOS
- if ((tty = fopen("con", "r")) == NULL)
- tty = stdin;
-# elif defined(OPENSSL_SYS_VXWORKS)
- tty = stdin;
-# else
- if ((tty = fopen("/dev/tty", "r")) == NULL)
- tty = stdin;
-# endif
-
-# if defined(TTY_get) && !defined(OPENSSL_SYS_VMS)
- if (TTY_get(fileno(tty), &tty_orig) == -1) {
-# ifdef ENOTTY
- if (errno == ENOTTY)
- is_a_tty = 0;
- else
-# endif
-# ifdef EINVAL
- /*
- * Ariel Glenn ar...@columbia.edu reports that solaris can return
- * EINVAL instead. This should be ok
- */

- if (errno == EINVAL)

- is_a_tty = 0;
- else
-# endif
- return (-1);
- }
- memcpy(&(tty_new), &(tty_orig), sizeof(tty_orig));
-# endif
-# ifdef OPENSSL_SYS_VMS
- status = sys$assign(&terminal, &channel, 0, 0);
- if (status != SS$_NORMAL)
- return (-1);
- status =
- sys$qiow(0, channel, IO$_SENSEMODE, &iosb, 0, 0, tty_orig, 12, 0, 0,
- 0, 0);
- if ((status != SS$_NORMAL) || (iosb.iosb$w_value != SS$_NORMAL))

- return (-1);
-# endif
-

- pushsig();
- ps = 1;
-
-# ifdef TTY_FLAGS
- tty_new.TTY_FLAGS &= ~ECHO;
-# endif
-
-# if defined(TTY_set) && !defined(OPENSSL_SYS_VMS)
- if (is_a_tty && (TTY_set(fileno(tty), &tty_new) == -1))
- return (-1);
-# endif
-# ifdef OPENSSL_SYS_VMS
- tty_new[0] = tty_orig[0];
- tty_new[1] = tty_orig[1] | TT$M_NOECHO;
- tty_new[2] = tty_orig[2];
- status =
- sys$qiow(0, channel, IO$_SETMODE, &iosb, 0, 0, tty_new, 12, 0, 0, 0,
- 0);
- if ((status != SS$_NORMAL) || (iosb.iosb$w_value != SS$_NORMAL))

- return (-1);
-# endif

- ps = 2;
-
- while ((!ok) && (number--)) {
- fputs(prompt, stderr);
- fflush(stderr);
-
- buf[0] = '\0';
- fgets(buf, size, tty);
- if (feof(tty))
- goto error;
- if (ferror(tty))
- goto error;
- if ((p = (char *)strchr(buf, '\n')) != NULL)
- *p = '\0';
- else
- read_till_nl(tty);
- if (verify) {
- fprintf(stderr, "\nVerifying password - %s", prompt);
- fflush(stderr);
- buff[0] = '\0';
- fgets(buff, size, tty);
- if (feof(tty))
- goto error;
- if ((p = (char *)strchr(buff, '\n')) != NULL)
- *p = '\0';
- else
- read_till_nl(tty);
-
- if (strcmp(buf, buff) != 0) {
- fprintf(stderr, "\nVerify failure");
- fflush(stderr);
- break;
- /* continue; */
- }
- }
- ok = 1;
- }
-
- error:
- fprintf(stderr, "\n");
- /* What can we do if there is an error? */
-# if defined(TTY_set) && !defined(OPENSSL_SYS_VMS)
- if (ps >= 2)
- TTY_set(fileno(tty), &tty_orig);
-# endif
-# ifdef OPENSSL_SYS_VMS
- if (ps >= 2)
- status =
- sys$qiow(0, channel, IO$_SETMODE, &iosb, 0, 0, tty_orig, 12, 0, 0,
- 0, 0);
-# endif
-
- if (ps >= 1)
- popsig();
- if (stdin != tty)
- fclose(tty);
-# ifdef OPENSSL_SYS_VMS
- status = sys$dassgn(channel);
-# endif
- return (!ok);
-}
-
-static void pushsig(void)
-{
- int i;
-# ifdef SIGACTION
- struct sigaction sa;
-
- memset(&sa, 0, sizeof sa);
- sa.sa_handler = recsig;
-# endif
-
- for (i = 1; i < NX509_SIG; i++) {
-# ifdef SIGUSR1
- if (i == SIGUSR1)
- continue;
-# endif
-# ifdef SIGUSR2
- if (i == SIGUSR2)
- continue;
-# endif
-# ifdef SIGACTION
- sigaction(i, &sa, &savsig[i]);
-# else
- savsig[i] = signal(i, recsig);
-# endif
- }
-
-# ifdef SIGWINCH
- signal(SIGWINCH, SIG_DFL);
-# endif
-}
-
-static void popsig(void)
-{
- int i;
-
- for (i = 1; i < NX509_SIG; i++) {
-# ifdef SIGUSR1
- if (i == SIGUSR1)
- continue;
-# endif
-# ifdef SIGUSR2
- if (i == SIGUSR2)
- continue;
-# endif
-# ifdef SIGACTION
- sigaction(i, &savsig[i], NULL);
-# else
- signal(i, savsig[i]);
-# endif
- }
-}
-
-static void recsig(int i)
-{
- longjmp(save, 1);
-}
-
-# ifdef OPENSSL_SYS_MSDOS
-static int noecho_fgets(char *buf, int size, FILE *tty)
-{
- int i;
- char *p;
-
- p = buf;
- for (;;) {
- if (size == 0) {
- *p = '\0';
- break;
- }
- size--;
- i = getch();
- if (i == '\r')
- i = '\n';
- *(p++) = i;
- if (i == '\n') {
- *p = '\0';
- break;
- }
- }
-# ifdef WIN_CONSOLE_BUG
- /*
- * Win95 has several evil console bugs: one of these is that the last
- * character read using getch() is passed to the next read: this is
- * usually a CR so this can be trouble. No STDIO fix seems to work but
- * flushing the console appears to do the trick.
- */
- {
- HANDLE inh;
- inh = GetStdHandle(STD_INPUT_HANDLE);
- FlushConsoleInputBuffer(inh);
- }
-# endif
- return (strlen(buf));
-}
-# endif
-#endif /* !OPENSSL_SYS_WINCE */
diff --git a/crypto/des/rpw.c b/crypto/des/rpw.c
deleted file mode 100644
index a382d1c..0000000
--- a/crypto/des/rpw.c
+++ /dev/null
@@ -1,90 +0,0 @@
-/* crypto/des/rpw.c */
-/* Copyright (C) 1995-1998 Eric Young (e...@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (e...@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (t...@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.

- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:

- * 1. Redistributions of source code must retain the copyright

- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright

- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (e...@cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (t...@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <openssl/des.h>
-
-int main(int argc, char *argv[])
-{
- DES_cblock k, k1;
- int i;
-
- printf("read passwd\n");
- if ((i = des_read_password(&k, "Enter password:", 0)) == 0) {
- printf("password = ");

- for (i = 0; i < 8; i++)

- printf("%02x ", k[i]);
- } else
- printf("error %d\n", i);
- printf("\n");
- printf("read 2passwds and verify\n");
- if ((i = des_read_2passwords(&k, &k1,
- "Enter verified password:", 1)) == 0) {
- printf("password1 = ");

- for (i = 0; i < 8; i++)

- printf("%02x ", k[i]);
- printf("\n");
- printf("password2 = ");

- for (i = 0; i < 8; i++)

- printf("%02x ", k1[i]);
- printf("\n");
- return (1);
- }
- printf("error %d\n", i);
- return (0);
-}
diff --git a/crypto/des/t/test b/crypto/des/t/test
deleted file mode 100644
index 97acd05..0000000
--- a/crypto/des/t/test
+++ /dev/null
@@ -1,27 +0,0 @@
-#!./perl
-
-BEGIN { push(@INC, qw(../../../lib ../../lib ../lib lib)); }
-
-use DES;
-
-$key='00000000';
-$ks=DES::set_key($key);
-@a=split(//,$ks);
-foreach (@a) { printf "%02x-",ord($_); }
-print "\n";
-
-
-$key=DES::random_key();
-print "($_)\n";
-@a=split(//,$key);
-foreach (@a) { printf "%02x-",ord($_); }
-print "\n";
-$str="this is and again into the breach";
-($k1,$k2)=DES::string_to_2keys($str);
-@a=split(//,$k1);
-foreach (@a) { printf "%02x-",ord($_); }
-print "\n";
-@a=split(//,$k2);
-foreach (@a) { printf "%02x-",ord($_); }
-print "\n";
-
diff --git a/crypto/des/times/486-50.sol b/crypto/des/times/486-50.sol
deleted file mode 100644
index 0de62d6..0000000
--- a/crypto/des/times/486-50.sol
+++ /dev/null
@@ -1,16 +0,0 @@
-Solaris 2.4, 486 50mhz, gcc 2.6.3
-options des ecb/s
-16 r2 i 43552.51 100.0%
-16 r1 i 43487.45 99.9%
-16 c p 43003.23 98.7%
-16 r2 p 42339.00 97.2%
-16 c i 41900.91 96.2%
-16 r1 p 41360.64 95.0%
- 4 c i 38728.48 88.9%
- 4 c p 38225.63 87.8%
- 4 r1 i 38085.79 87.4%
- 4 r2 i 37825.64 86.9%
- 4 r2 p 34611.00 79.5%
- 4 r1 p 31802.00 73.0%
--DDES_UNROLL -DDES_RISC2
-
diff --git a/crypto/des/times/586-100.lnx b/crypto/des/times/586-100.lnx
deleted file mode 100644
index 4323914..0000000
--- a/crypto/des/times/586-100.lnx
+++ /dev/null
@@ -1,20 +0,0 @@
-Pentium 100
-Linux 2 kernel
-gcc 2.7.0 -O3 -fomit-frame-pointer
-No X server running, just a console, it makes the top speed jump from 151,000
-to 158,000 :-).
-options des ecb/s
-assember 281000.00 177.1%
-16 r1 p 158667.40 100.0%
-16 r1 i 148471.70 93.6%
-16 r2 p 143961.80 90.7%
-16 r2 i 141689.20 89.3%
- 4 r1 i 140100.00 88.3%
- 4 r2 i 134049.40 84.5%
-16 c i 124145.20 78.2%
-16 c p 121584.20 76.6%
- 4 c i 118116.00 74.4%
- 4 r2 p 117977.90 74.4%
- 4 c p 114971.40 72.5%
- 4 r1 p 114578.40 72.2%
--DDES_UNROLL -DDES_RISC1 -DDES_PTR
diff --git a/crypto/des/times/686-200.fre b/crypto/des/times/686-200.fre
deleted file mode 100644
index 7d83f6a..0000000
--- a/crypto/des/times/686-200.fre
+++ /dev/null
@@ -1,18 +0,0 @@
-Pentium 100
-Free BSD 2.1.5 kernel
-gcc 2.7.2.2 -O3 -fomit-frame-pointer
-options des ecb/s
-assember 578000.00 133.1%
-16 r2 i 434454.80 100.0%
-16 r1 i 433621.43 99.8%
-16 r2 p 431375.69 99.3%
- 4 r1 i 423722.30 97.5%
- 4 r2 i 422399.40 97.2%
-16 r1 p 421739.40 97.1%
-16 c i 399027.94 91.8%
-16 c p 372251.70 85.7%
- 4 c i 365118.35 84.0%
- 4 c p 352880.51 81.2%
- 4 r2 p 255104.90 58.7%
- 4 r1 p 251289.18 57.8%
--DDES_UNROLL -DDES_RISC2
diff --git a/crypto/des/times/aix.cc b/crypto/des/times/aix.cc
deleted file mode 100644
index d96b74e..0000000
--- a/crypto/des/times/aix.cc
+++ /dev/null
@@ -1,26 +0,0 @@
-From: Paco Garcia <pga...@cam.es>
-
-This machine is a Bull Estrella Minitower Model MT604-100
-Processor : PPC604
-P.Speed : 100Mhz
-Data/Instr Cache : 16 K
-L2 Cache : 256 K
-PCI BUS Speed : 33 Mhz
-TransfRate PCI : 132 MB/s
-Memory : 96 MB
-
-options des ecb/s
- 4 c p 275118.61 100.0%
- 4 c i 273545.07 99.4%
- 4 r2 p 270441.02 98.3%
- 4 r1 p 253052.15 92.0%
- 4 r2 i 240842.97 87.5%
- 4 r1 i 240556.66 87.4%
-16 c i 224603.99 81.6%
-16 c p 224483.98 81.6%
-16 r2 p 215691.19 78.4%
-16 r1 p 208332.83 75.7%
-16 r1 i 199206.50 72.4%
-16 r2 i 198963.70 72.3%
--DDES_PTR
-
diff --git a/crypto/des/times/alpha.cc b/crypto/des/times/alpha.cc
deleted file mode 100644
index 95c17ef..0000000
--- a/crypto/des/times/alpha.cc
+++ /dev/null
@@ -1,18 +0,0 @@
-cc -O2
-DES_LONG is 'unsigned int'
-
-options des ecb/s
- 4 r2 p 181146.14 100.0%
-16 r2 p 172102.94 95.0%
- 4 r2 i 165424.11 91.3%
-16 c p 160468.64 88.6%
- 4 c p 156653.59 86.5%
- 4 c i 155245.18 85.7%
- 4 r1 p 154729.68 85.4%
-16 r2 i 154137.69 85.1%
-16 r1 p 152357.96 84.1%
-16 c i 148743.91 82.1%
- 4 r1 i 146695.59 81.0%
-16 r1 i 144961.00 80.0%
--DDES_RISC2 -DDES_PTR
-
diff --git a/crypto/des/times/hpux.cc b/crypto/des/times/hpux.cc
deleted file mode 100644
index 3de856d..0000000
--- a/crypto/des/times/hpux.cc
+++ /dev/null
@@ -1,17 +0,0 @@
-HPUX 10 - 9000/887 - cc -D_HPUX_SOURCE -Aa +ESlit +O2 -Wl,-a,archive
-
-options des ecb/s
-16 c i 149448.90 100.0%
- 4 c i 145861.79 97.6%
-16 r2 i 141710.96 94.8%
-16 r1 i 139455.33 93.3%
- 4 r2 i 138800.00 92.9%
- 4 r1 i 136692.65 91.5%
-16 r2 p 110228.17 73.8%
-16 r1 p 109397.07 73.2%
-16 c p 109209.89 73.1%
- 4 c p 108014.71 72.3%
- 4 r2 p 107873.88 72.2%
- 4 r1 p 107685.83 72.1%
--DDES_UNROLL
-
diff --git a/crypto/des/times/sparc.gcc b/crypto/des/times/sparc.gcc
deleted file mode 100644
index 8eaa042..0000000
--- a/crypto/des/times/sparc.gcc
+++ /dev/null
@@ -1,17 +0,0 @@
-solaris 2.5.1 - sparc 10 50mhz - gcc 2.7.2
-
-options des ecb/s
-16 c i 124382.70 100.0%
- 4 c i 118884.68 95.6%
-16 c p 112261.20 90.3%
-16 r2 i 111777.10 89.9%
-16 r2 p 108896.30 87.5%
-16 r1 p 108791.59 87.5%
- 4 c p 107290.10 86.3%
- 4 r1 p 104583.80 84.1%
-16 r1 i 104206.20 83.8%
- 4 r2 p 103709.80 83.4%
- 4 r2 i 98306.43 79.0%
- 4 r1 i 91525.80 73.6%
--DDES_UNROLL
-
diff --git a/crypto/des/times/usparc.cc b/crypto/des/times/usparc.cc
deleted file mode 100644
index 0864285..0000000
--- a/crypto/des/times/usparc.cc
+++ /dev/null
@@ -1,31 +0,0 @@
-solaris 2.5.1 usparc 167mhz?? - SC4.0 cc -fast -Xa -xO5
-
-For the ultra sparc, SunC 4.0 cc -fast -Xa -xO5, running 'des_opts'
-gives a speed of 475,000 des/s while 'speed' gives 417,000 des/s.
-I believe the difference is tied up in optimisation that the compiler
-is able to perform when the code is 'inlined'. For 'speed', the DES
-routines are being linked from a library. I'll record the higher
-speed since if performance is everything, you can always inline
-'des_enc.c'.
-
-[ 16-Jan-06 - I've been playing with the
- '-xtarget=ultra -xarch=v8plus -Xa -xO5 -Xa'
- and while it makes the des_opts numbers much slower, it makes the
- actual 'speed' numbers look better which is a realistic version of
- using the libraries. ]
-
-options des ecb/s
-16 r1 p 475516.90 100.0%
-16 r2 p 439388.10 92.4%
-16 c i 427001.40 89.8%
-16 c p 419516.50 88.2%
- 4 r2 p 409491.70 86.1%
- 4 r1 p 404266.90 85.0%
- 4 c p 398121.00 83.7%
- 4 c i 370588.40 77.9%
- 4 r1 i 362742.20 76.3%
-16 r2 i 331275.50 69.7%
-16 r1 i 324730.60 68.3%
- 4 r2 i 63535.10 13.4% <-- very very weird, must be cache problems.
--DDES_UNROLL -DDES_RISC1 -DDES_PTR
-
diff --git a/crypto/des/typemap b/crypto/des/typemap
deleted file mode 100644
index a524f53..0000000
--- a/crypto/des/typemap
+++ /dev/null
@@ -1,34 +0,0 @@
-#
-# DES SECTION
-#
-deschar * T_DESCHARP
-des_cblock * T_CBLOCK
-des_cblock T_CBLOCK
-des_key_schedule T_SCHEDULE
-des_key_schedule * T_SCHEDULE
-
-INPUT
-T_CBLOCK
- $var=(des_cblock *)SvPV($arg,len);
- if (len < DES_KEY_SZ)
- {
- croak(\"$var needs to be at least %u bytes long\",DES_KEY_SZ);
- }
-
-T_SCHEDULE
- $var=(des_key_schedule *)SvPV($arg,len);
- if (len < DES_SCHEDULE_SZ)
- {
- croak(\"$var needs to be at least %u bytes long\",
- DES_SCHEDULE_SZ);
- }
-
-OUTPUT
-T_CBLOCK
- sv_setpvn($arg,(char *)$var,DES_KEY_SZ);
-
-T_SCHEDULE
- sv_setpvn($arg,(char *)$var,DES_SCHEDULE_SZ);
-
-T_DESCHARP
- sv_setpvn($arg,(char *)$var,len);
diff --git a/crypto/evp/Makefile b/crypto/evp/Makefile
index 51730c1..925b094 100644
--- a/crypto/evp/Makefile
+++ b/crypto/evp/Makefile
@@ -263,7 +263,7 @@ e_cast.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
e_cast.o: ../../include/openssl/symhacks.h ../cryptlib.h e_cast.c evp_locl.h
e_des.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
e_des.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-e_des.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+e_des.o: ../../include/openssl/des.h
e_des.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
e_des.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
e_des.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
@@ -274,7 +274,7 @@ e_des.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
e_des.o: ../../include/openssl/ui_compat.h ../cryptlib.h e_des.c evp_locl.h
e_des3.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
e_des3.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-e_des3.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+e_des3.o: ../../include/openssl/des.h
e_des3.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
e_des3.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
e_des3.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
@@ -351,7 +351,7 @@ e_seed.o: e_seed.c evp_locl.h
e_xcbc_d.o: ../../e_os.h ../../include/openssl/asn1.h
e_xcbc_d.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
e_xcbc_d.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
-e_xcbc_d.o: ../../include/openssl/des_old.h ../../include/openssl/e_os2.h
+e_xcbc_d.o: ../../include/openssl/e_os2.h
e_xcbc_d.o: ../../include/openssl/err.h ../../include/openssl/evp.h
e_xcbc_d.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
e_xcbc_d.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
@@ -519,7 +519,7 @@ m_md5.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
m_md5.o: ../../include/openssl/x509_vfy.h ../cryptlib.h m_md5.c
m_mdc2.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
m_mdc2.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-m_mdc2.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+m_mdc2.o: ../../include/openssl/des.h
m_mdc2.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
m_mdc2.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
m_mdc2.o: ../../include/openssl/err.h ../../include/openssl/evp.h
diff --git a/crypto/install-crypto.com b/crypto/install-crypto.com
index e57b2ee..a43f433 100755
--- a/crypto/install-crypto.com
+++ b/crypto/install-crypto.com
@@ -94,7 +94,7 @@ $ exheader_mdc2 := mdc2.h
$ exheader_hmac := hmac.h
$ exheader_ripemd := ripemd.h
$ exheader_whrlpool := whrlpool.h
-$ exheader_des := des.h, des_old.h
+$ exheader_des := des.h
$ exheader_aes := aes.h
$ exheader_rc2 := rc2.h
$ exheader_rc4 := rc4.h
diff --git a/crypto/mdc2/Makefile b/crypto/mdc2/Makefile
index 1415531..0e66978 100644
--- a/crypto/mdc2/Makefile
+++ b/crypto/mdc2/Makefile
@@ -76,7 +76,7 @@ clean:

mdc2_one.o: ../../e_os.h ../../include/openssl/bio.h
mdc2_one.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-mdc2_one.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+mdc2_one.o: ../../include/openssl/des.h
mdc2_one.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
mdc2_one.o: ../../include/openssl/lhash.h ../../include/openssl/mdc2.h
mdc2_one.o: ../../include/openssl/opensslconf.h
@@ -85,7 +85,7 @@ mdc2_one.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
mdc2_one.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
mdc2_one.o: ../../include/openssl/ui_compat.h ../cryptlib.h mdc2_one.c
mdc2dgst.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
-mdc2dgst.o: ../../include/openssl/des_old.h ../../include/openssl/e_os2.h
+mdc2dgst.o: ../../include/openssl/e_os2.h
mdc2dgst.o: ../../include/openssl/mdc2.h ../../include/openssl/opensslconf.h
mdc2dgst.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
mdc2dgst.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
diff --git a/crypto/pem/Makefile b/crypto/pem/Makefile
index 7691f83..9ac00b9 100644
--- a/crypto/pem/Makefile
+++ b/crypto/pem/Makefile
@@ -123,7 +123,7 @@ pem_info.o: ../cryptlib.h pem_info.c
pem_lib.o: ../../e_os.h ../../include/openssl/asn1.h
pem_lib.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
pem_lib.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
-pem_lib.o: ../../include/openssl/des_old.h ../../include/openssl/e_os2.h
+pem_lib.o: ../../include/openssl/e_os2.h
pem_lib.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
pem_lib.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h
pem_lib.o: ../../include/openssl/err.h ../../include/openssl/evp.h
diff --git a/makevms.com b/makevms.com
index ac1ccc9..6a73441 100755
--- a/makevms.com
+++ b/makevms.com
@@ -793,7 +793,7 @@ $ EXHEADER_MDC2 := mdc2.h
$ EXHEADER_HMAC := hmac.h
$ EXHEADER_RIPEMD := ripemd.h
$ EXHEADER_WHRLPOOL := whrlpool.h
-$ EXHEADER_DES := des.h, des_old.h
+$ EXHEADER_DES := des.h
$ EXHEADER_AES := aes.h
$ EXHEADER_RC2 := rc2.h
$ EXHEADER_RC4 := rc4.h
diff --git a/test/Makefile b/test/Makefile
index fda5d76..f0eb183 100644
--- a/test/Makefile
+++ b/test/Makefile
@@ -570,7 +570,7 @@ casttest.o: ../include/openssl/opensslconf.h casttest.c
constant_time_test.o: ../crypto/constant_time_locl.h ../e_os.h
constant_time_test.o: ../include/openssl/e_os2.h
constant_time_test.o: ../include/openssl/opensslconf.h constant_time_test.c
-destest.o: ../include/openssl/des.h ../include/openssl/des_old.h
+destest.o: ../include/openssl/des.h
destest.o: ../include/openssl/e_os2.h ../include/openssl/opensslconf.h
destest.o: ../include/openssl/ossl_typ.h ../include/openssl/safestack.h
destest.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
@@ -736,7 +736,7 @@ md5test.o: ../include/openssl/ossl_typ.h ../include/openssl/safestack.h
md5test.o: ../include/openssl/stack.h ../include/openssl/symhacks.h md5test.c
mdc2test.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
mdc2test.o: ../include/openssl/crypto.h ../include/openssl/des.h
-mdc2test.o: ../include/openssl/des_old.h ../include/openssl/e_os2.h
+mdc2test.o: ../include/openssl/e_os2.h
mdc2test.o: ../include/openssl/evp.h ../include/openssl/mdc2.h
mdc2test.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
mdc2test.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h

Rich Salz

unread,

Feb 2, 2015, 10:41:48 PM2/2/15

to

The branch master has been updated

via c303d4d8686b9b46b5d85acdd94ec896433b813f (commit)
from 24956ca00f014a917fb181a8abc39b349f3f316f (commit)

- Log -----------------------------------------------------------------
commit c303d4d8686b9b46b5d85acdd94ec896433b813f
Author: Rich Salz <rs...@openssl.org>
Date: Mon Feb 2 22:40:36 2015 -0500

old_des fix windows build, remove docs

Remove outdated doc files.
Fix windows build after old_des was removed.

Reviewed-by: Tim Hudson <t...@openssl.org>

-----------------------------------------------------------------------

Summary of changes:

doc/crypto/des.pod | 31 -------------------------
doc/crypto/ui_compat.pod | 57 ----------------------------------------------
util/mkdef.pl | 2 +-
3 files changed, 1 insertion(+), 89 deletions(-)
delete mode 100644 doc/crypto/ui_compat.pod

diff --git a/doc/crypto/des.pod b/doc/crypto/des.pod
index 2afe572..6742a4c 100644
--- a/doc/crypto/des.pod
+++ b/doc/crypto/des.pod
@@ -312,37 +312,6 @@ functions directly.
Single-key DES is insecure due to its short key size. ECB mode is
not suitable for most applications; see L<des_modes(7)|des_modes(7)>.

-=head1 HISTORY
-
-In OpenSSL 0.9.7, all des_ functions were renamed to DES_ to avoid
-clashes with older versions of libdes. Compatibility des_ functions
-are provided for a short while, as well as crypt().
-Declarations for these are in <openssl/des_old.h>. There is no DES_
-variant for des_random_seed().
-This will happen to other functions
-as well if they are deemed redundant (des_random_seed() just calls
-RAND_seed() and is present for backward compatibility only), buggy or
-already scheduled for removal.
-
-des_cbc_cksum(), des_cbc_encrypt(), des_ecb_encrypt(),
-des_is_weak_key(), des_key_sched(), des_pcbc_encrypt(),
-des_quad_cksum(), des_random_key() and des_string_to_key()
-are available in the MIT Kerberos library;
-des_check_key_parity(), des_fixup_key_parity() and des_is_weak_key()
-are available in newer versions of that library.
-
-des_set_key_checked() and des_set_key_unchecked() were added in
-OpenSSL 0.9.5.
-
-des_generate_random_block(), des_init_random_number_generator(),
-des_new_random_key(), des_set_random_generator_seed() and
-des_set_sequence_number() and des_rand_data() are used in newer
-versions of Kerberos but are not implemented here.
-
-des_random_key() generated cryptographically weak random data in
-SSLeay and in OpenSSL prior version 0.9.5, as well as in the original
-MIT library.
-
=head1 AUTHOR

Eric Young (e...@cryptsoft.com). Modified for the OpenSSL project
diff --git a/doc/crypto/ui_compat.pod b/doc/crypto/ui_compat.pod
deleted file mode 100644
index adf2ae5..0000000
--- a/doc/crypto/ui_compat.pod
+++ /dev/null
@@ -1,57 +0,0 @@

-=pod
-
-=head1 NAME
-

-des_read_password, des_read_2passwords, des_read_pw_string, des_read_pw -
-Compatibility user interface functions
-
-=head1 SYNOPSIS
-
- #include <openssl/des_old.h>
-
- int des_read_password(DES_cblock *key,const char *prompt,int verify);
- int des_read_2passwords(DES_cblock *key1,DES_cblock *key2,
- const char *prompt,int verify);
-
- int des_read_pw_string(char *buf,int length,const char *prompt,int verify);
- int des_read_pw(char *buf,char *buff,int size,const char *prompt,int verify);
-
-=head1 DESCRIPTION
-
-The DES library contained a few routines to prompt for passwords. These
-aren't necessarely dependent on DES, and have therefore become part of the
-UI compatibility library.
-
-des_read_pw() writes the string specified by I<prompt> to standard output
-turns echo off and reads an input string from the terminal. The string is
-returned in I<buf>, which must have spac for at least I<size> bytes.
-If I<verify> is set, the user is asked for the password twice and unless
-the two copies match, an error is returned. The second password is stored
-in I<buff>, which must therefore also be at least I<size> bytes. A return
-code of -1 indicates a system error, 1 failure due to use interaction, and
-0 is success. All other functions described here use des_read_pw() to do
-the work.
-
-des_read_pw_string() is a variant of des_read_pw() that provides a buffer
-for you if I<verify> is set.
-
-des_read_password() calls des_read_pw() and converts the password to a
-DES key by calling DES_string_to_key(); des_read_2password() operates in
-the same way as des_read_password() except that it generates two keys
-by using the DES_string_to_2key() function.
-
-=head1 NOTES
-
-des_read_pw_string() is available in the MIT Kerberos library as well, and
-is also available under the name EVP_read_pw_string().

-
-=head1 SEE ALSO
-

-L<ui(3)|ui(3)>, L<ui_create(3)|ui_create(3)>
-
-=head1 AUTHOR
-
-Richard Levitte (ric...@levitte.org) for the OpenSSL project
-(http://www.openssl.org).
-
-=cut
diff --git a/util/mkdef.pl b/util/mkdef.pl
index 03fbf20..be7dd42 100755
--- a/util/mkdef.pl
+++ b/util/mkdef.pl
@@ -281,7 +281,7 @@ my $crypto ="crypto/crypto.h";
$crypto.=" crypto/cryptlib.h";
$crypto.=" crypto/o_dir.h";
$crypto.=" crypto/o_str.h";
-$crypto.=" crypto/des/des.h crypto/des/des_old.h" ; # unless $no_des;
+$crypto.=" crypto/des/des.h" ; # unless $no_des;
$crypto.=" crypto/idea/idea.h" ; # unless $no_idea;
$crypto.=" crypto/rc4/rc4.h" ; # unless $no_rc4;
$crypto.=" crypto/rc5/rc5.h" ; # unless $no_rc5;

Dr. Stephen Henson

unread,

Feb 3, 2015, 9:02:45 AM2/3/15

to

The branch master has been updated

via 52e028b9de371da62c1e51b46592517b1068d770 (commit)
from c303d4d8686b9b46b5d85acdd94ec896433b813f (commit)

- Log -----------------------------------------------------------------
commit 52e028b9de371da62c1e51b46592517b1068d770
Author: Dr. Stephen Henson <st...@openssl.org>
Date: Sun Feb 1 13:06:32 2015 +0000

Check PKCS#8 pkey field is valid before cleansing.

PR:3683

Reviewed-by: Tim Hudson <t...@openssl.org>

-----------------------------------------------------------------------

Summary of changes:

crypto/asn1/p8_pkey.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/crypto/asn1/p8_pkey.c b/crypto/asn1/p8_pkey.c
index 9075483..0a425cd 100644
--- a/crypto/asn1/p8_pkey.c
+++ b/crypto/asn1/p8_pkey.c
@@ -69,7 +69,8 @@ static int pkey_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
/* Since the structure must still be valid use ASN1_OP_FREE_PRE */
if (operation == ASN1_OP_FREE_PRE) {
PKCS8_PRIV_KEY_INFO *key = (PKCS8_PRIV_KEY_INFO *)*pval;
- if (key->pkey->value.octet_string)
+ if (key->pkey && key->pkey->type == V_ASN1_OCTET_STRING
+ && key->pkey->value.octet_string != NULL)
OPENSSL_cleanse(key->pkey->value.octet_string->data,
key->pkey->value.octet_string->length);

Dr. Stephen Henson

unread,

Feb 3, 2015, 9:56:52 AM2/3/15

to

The branch master has been updated

via 156a872233b56558c72561789b8f33ff71a88fa7 (commit)
via 6668b6b8b0c1bcb6c6168ab22159a12cac41ae79 (commit)
via c536461499a3e93166921181847b3ed9b2d85c7d (commit)
via 0cfb0e75b9dbf1a605c47e1b79c76d43a1f8344d (commit)
via ddc06b35565d9f2888e8d946ee7ae292bc902afd (commit)
via c660ec63a83090051f3e110b00bd5753f21bce51 (commit)
via 48fbcbacd2b22ab8d1bd9203a8fdc316eaab62f1 (commit)
via 6f152a15d433c249b4b73d0a7968d4ea63925a24 (commit)
from 52e028b9de371da62c1e51b46592517b1068d770 (commit)

- Log -----------------------------------------------------------------
commit 156a872233b56558c72561789b8f33ff71a88fa7

Author: Dr. Stephen Henson <st...@openssl.org>

Date: Sat Jan 24 17:09:55 2015 +0000

Add SSL_get_extms_support documentation.

Document SSL_get_extms_support().

Modify behaviour of SSL_get_extms_support() so it returns -1 if the
master secret support of the peer is not known (e.g. handshake in progress).
Reviewed-by: Tim Hudson <t...@openssl.org>
Reviewed-by: Matt Caswell <ma...@openssl.org>

commit 6668b6b8b0c1bcb6c6168ab22159a12cac41ae79

Author: Dr. Stephen Henson <st...@openssl.org>

Date: Fri Jan 23 14:03:48 2015 +0000

Add CHANGES entry.

Reviewed-by: Tim Hudson <t...@openssl.org>
Reviewed-by: Matt Caswell <ma...@openssl.org>

commit c536461499a3e93166921181847b3ed9b2d85c7d

Author: Dr. Stephen Henson <st...@openssl.org>

Date: Fri Jan 23 02:52:20 2015 +0000

Ctrl to retrieve extms support.

Reviewed-by: Tim Hudson <t...@openssl.org>
Reviewed-by: Matt Caswell <ma...@openssl.org>

commit 0cfb0e75b9dbf1a605c47e1b79c76d43a1f8344d

Author: Dr. Stephen Henson <st...@openssl.org>

Date: Fri Jan 23 02:49:16 2015 +0000

Add extms support to master key generation.

Update master secret calculation to support extended master secret.
TLS 1.2 client authentication adds a complication because we need to
cache the handshake messages. This is simpllified however because
the point at which the handshake hashes are calculated for extended
master secret is identical to that required for TLS 1.2 client
authentication (immediately after client key exchange which is also
immediately before certificate verify).
Reviewed-by: Tim Hudson <t...@openssl.org>
Reviewed-by: Matt Caswell <ma...@openssl.org>

commit ddc06b35565d9f2888e8d946ee7ae292bc902afd

Author: Dr. Stephen Henson <st...@openssl.org>

Date: Fri Jan 23 02:45:13 2015 +0000

Extended master secret extension support.

Add and retrieve extended master secret extension, setting the flag
SSL_SESS_FLAG_EXTMS appropriately.

Note: this just sets the flag and doesn't include the changes to
master secret generation.
Reviewed-by: Tim Hudson <t...@openssl.org>
Reviewed-by: Matt Caswell <ma...@openssl.org>

commit c660ec63a83090051f3e110b00bd5753f21bce51

Author: Dr. Stephen Henson <st...@openssl.org>

Date: Fri Jan 23 02:41:09 2015 +0000

Rewrite ssl3_send_client_key_exchange to support extms.

Rewrite ssl3_send_client_key_exchange to retain the premaster secret
instead of using it immediately.

This is needed because the premaster secret is used after the client key
exchange message has been sent to compute the extended master secret.
Reviewed-by: Tim Hudson <t...@openssl.org>
Reviewed-by: Matt Caswell <ma...@openssl.org>

commit 48fbcbacd2b22ab8d1bd9203a8fdc316eaab62f1

Author: Dr. Stephen Henson <st...@openssl.org>

Date: Fri Jan 23 02:37:27 2015 +0000

Utility function to retrieve handshake hashes.

Retrieve handshake hashes in a separate function. This tidies the existing
code and will be used for extended master secret generation.
Reviewed-by: Tim Hudson <t...@openssl.org>
Reviewed-by: Matt Caswell <ma...@openssl.org>

commit 6f152a15d433c249b4b73d0a7968d4ea63925a24

Author: Dr. Stephen Henson <st...@openssl.org>

Date: Fri Jan 23 02:29:50 2015 +0000

Add flags field to SSL_SESSION.

Add a "flags" field to SSL_SESSION. This will contain various flags
such as encrypt-then-mac and extended master secret support.
Reviewed-by: Tim Hudson <t...@openssl.org>
Reviewed-by: Matt Caswell <ma...@openssl.org>

-----------------------------------------------------------------------

Summary of changes:
CHANGES | 6 ++
doc/ssl/SSL_get_extms_support.pod | 33 ++++++
ssl/d1_srvr.c | 16 +--
ssl/s3_clnt.c | 200 +++++++++++++++++++++----------------
ssl/s3_srvr.c | 16 +--
ssl/ssl.h | 4 +
ssl/ssl_asn1.c | 23 +++++
ssl/ssl_cert.c | 5 +
ssl/ssl_lib.c | 36 +++++++
ssl/ssl_locl.h | 10 ++
ssl/ssl_txt.c | 4 +
ssl/t1_enc.c | 94 ++++++++---------
ssl/t1_lib.c | 14 +++
ssl/t1_trce.c | 3 +-
ssl/tls1.h | 15 ++-
15 files changed, 330 insertions(+), 149 deletions(-)
create mode 100644 doc/ssl/SSL_get_extms_support.pod

diff --git a/CHANGES b/CHANGES
index 11176ce..8fcfcce 100644
--- a/CHANGES
+++ b/CHANGES
@@ -3,6 +3,12 @@

_______________

Changes between 1.0.2 and 1.1.0 [xx XXX xxxx]
+

+ *) Added support for TLS extended master secret from
+ draft-ietf-tls-session-hash-03.txt. Thanks for Alfredo Pironti for an
+ initial patch which was a great help during development.
+ [Steve Henson]

+
*) All libssl internal structures have been removed from the public header

files, and the OPENSSL_NO_SSL_INTERN option has been removed (since it is

now redundant). Users should not attempt to access internal structures

diff --git a/doc/ssl/SSL_get_extms_support.pod b/doc/ssl/SSL_get_extms_support.pod
new file mode 100644
index 0000000..427819a
--- /dev/null
+++ b/doc/ssl/SSL_get_extms_support.pod
@@ -0,0 +1,33 @@
+=pod
+
+=head1 NAME
+
+SSL_get_extms_support - extended master secret support
+
+=head1 SYNOPSIS
+
+ #include <openssl/ssl.h>
+
+ int SSL_get_extms_support(SSL *ssl);
+
+=head1 DESCRIPTION
+
+SSL_get_extms_support() indicates whether the current session used extended
+master secret.
+
+This function is implemented as a macro.
+
+=head1 RETURN VALUES
+
+SSL_get_extms_support() returns 1 if the current session used extended
+master secret, 0 if it did not and -1 if a handshake is currently in
+progress i.e. it is not possible to determine if extended master secret
+was used.
+
+=back
+
+=head1 SEE ALSO
+
+L<ssl(3)|ssl(3)>
+
+=cut
diff --git a/ssl/d1_srvr.c b/ssl/d1_srvr.c
index 1ccdc35..55d37e7 100644
--- a/ssl/d1_srvr.c
+++ b/ssl/d1_srvr.c
@@ -655,17 +655,19 @@ int dtls1_accept(SSL *s)
s->init_num = 0;
if (!s->session->peer)
break;
- /*
- * For sigalgs freeze the handshake buffer at this point and
- * digest cached records.
- */
if (!s->s3->handshake_buffer) {
SSLerr(SSL_F_DTLS1_ACCEPT, ERR_R_INTERNAL_ERROR);
return -1;
}
- s->s3->flags |= TLS1_FLAGS_KEEP_HANDSHAKE;
- if (!ssl3_digest_cached_records(s))
- return -1;
+ /*
+ * For sigalgs freeze the handshake buffer. If we support
+ * extms we've done this already.
+ */
+ if (!(s->s3->flags & SSL_SESS_FLAG_EXTMS)) {
+ s->s3->flags |= TLS1_FLAGS_KEEP_HANDSHAKE;
+ if (!ssl3_digest_cached_records(s))
+ return -1;
+ }
} else {
s->state = SSL3_ST_SR_CERT_VRFY_A;
s->init_num = 0;
diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c
index a383eee..5e2b543 100644
--- a/ssl/s3_clnt.c
+++ b/ssl/s3_clnt.c
@@ -2338,6 +2338,8 @@ int ssl3_send_client_key_exchange(SSL *s)
int encoded_pt_len = 0;
BN_CTX *bn_ctx = NULL;
#endif
+ unsigned char *pms = NULL;
+ size_t pmslen = 0;

if (s->state == SSL3_ST_CW_KEY_EXCH_A) {
p = ssl_handshake_start(s);
@@ -2350,7 +2352,10 @@ int ssl3_send_client_key_exchange(SSL *s)
#ifndef OPENSSL_NO_RSA
else if (alg_k & SSL_kRSA) {
RSA *rsa;
- unsigned char tmp_buf[SSL_MAX_MASTER_KEY_LENGTH];
+ pmslen = SSL_MAX_MASTER_KEY_LENGTH;
+ pms = OPENSSL_malloc(pmslen);
+ if (!pms)
+ goto memerr;

if (s->session->sess_cert == NULL) {
/*
@@ -2378,19 +2383,16 @@ int ssl3_send_client_key_exchange(SSL *s)
EVP_PKEY_free(pkey);
}

- tmp_buf[0] = s->client_version >> 8;
- tmp_buf[1] = s->client_version & 0xff;
- if (RAND_bytes(&(tmp_buf[2]), sizeof tmp_buf - 2) <= 0)
+ pms[0] = s->client_version >> 8;
+ pms[1] = s->client_version & 0xff;
+ if (RAND_bytes(pms + 2, pmslen - 2) <= 0)
goto err;

- s->session->master_key_length = sizeof tmp_buf;
-
q = p;
/* Fix buf for TLS and beyond */
if (s->version > SSL3_VERSION)
p += 2;
- n = RSA_public_encrypt(sizeof tmp_buf,
- tmp_buf, p, rsa, RSA_PKCS1_PADDING);
+ n = RSA_public_encrypt(pmslen, pms, p, rsa, RSA_PKCS1_PADDING);
# ifdef PKCS1_CHECK
if (s->options & SSL_OP_PKCS1_CHECK_1)
p[1]++;
@@ -2408,14 +2410,6 @@ int ssl3_send_client_key_exchange(SSL *s)
s2n(n, q);
n += 2;
}
-
- s->session->master_key_length =
- s->method->ssl3_enc->generate_master_secret(s,
- s->
- session->master_key,
- tmp_buf,
- sizeof tmp_buf);
- OPENSSL_cleanse(tmp_buf, sizeof tmp_buf);
}
#endif
#ifndef OPENSSL_NO_KRB5
@@ -2505,9 +2499,14 @@ int ssl3_send_client_key_exchange(SSL *s)
n += 2;
}

- tmp_buf[0] = s->client_version >> 8;
- tmp_buf[1] = s->client_version & 0xff;
- if (RAND_bytes(&(tmp_buf[2]), sizeof tmp_buf - 2) <= 0)
+ pmslen = SSL_MAX_MASTER_KEY_LENGTH;
+ pms = OPENSSL_malloc(pmslen);
+ if (!pms)
+ goto memerr;
+
+ pms[0] = s->client_version >> 8;
+ pms[1] = s->client_version & 0xff;
+ if (RAND_bytes(pms + 2, pmslen - 2) <= 0)
goto err;

/*-
@@ -2520,8 +2519,7 @@ int ssl3_send_client_key_exchange(SSL *s)

memset(iv, 0, sizeof iv); /* per RFC 1510 */
EVP_EncryptInit_ex(&ciph_ctx, enc, NULL, kssl_ctx->key, iv);
- EVP_EncryptUpdate(&ciph_ctx, epms, &outl, tmp_buf,
- sizeof tmp_buf);
+ EVP_EncryptUpdate(&ciph_ctx, epms, &outl, pms, pmslen);
EVP_EncryptFinal_ex(&ciph_ctx, &(epms[outl]), &padl);
outl += padl;
if (outl > (int)sizeof epms) {
@@ -2536,15 +2534,6 @@ int ssl3_send_client_key_exchange(SSL *s)
memcpy(p, epms, outl);
p += outl;
n += outl + 2;
-
- s->session->master_key_length =
- s->method->ssl3_enc->generate_master_secret(s,
- s->
- session->master_key,
- tmp_buf,
- sizeof tmp_buf);
-
- OPENSSL_cleanse(tmp_buf, sizeof tmp_buf);
OPENSSL_cleanse(epms, outl);
}
#endif
@@ -2603,12 +2592,17 @@ int ssl3_send_client_key_exchange(SSL *s)
}
}

+ pmslen = DH_size(dh_clnt);
+ pms = OPENSSL_malloc(pmslen);
+ if (!pms)
+ goto memerr;
+
/*
* use the 'p' output buffer for the DH key, but make sure to
* clear it out afterwards
*/

- n = DH_compute_key(p, dh_srvr->pub_key, dh_clnt);
+ n = DH_compute_key(pms, dh_srvr->pub_key, dh_clnt);
if (scert->peer_dh_tmp == NULL)
DH_free(dh_srvr);

@@ -2618,15 +2612,6 @@ int ssl3_send_client_key_exchange(SSL *s)
goto err;
}

- /* generate master key from the result */
- s->session->master_key_length =
- s->method->ssl3_enc->generate_master_secret(s,
- s->
- session->master_key,
- p, n);
- /* clean up */
- memset(p, 0, n);
-
if (s->s3->flags & TLS1_FLAGS_SKIP_CERT_VERIFY)
n = 0;
else {
@@ -2758,22 +2743,16 @@ int ssl3_send_client_key_exchange(SSL *s)
SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, ERR_R_ECDH_LIB);
goto err;
}
- n = ECDH_compute_key(p, (field_size + 7) / 8, srvr_ecpoint,
- clnt_ecdh, NULL);
- if (n <= 0) {
+ pmslen = (field_size + 7) / 8;
+ pms = OPENSSL_malloc(pmslen);
+ if (!pms)
+ goto memerr;
+ n = ECDH_compute_key(pms, pmslen, srvr_ecpoint, clnt_ecdh, NULL);
+ if (n <= 0 || pmslen != (size_t)n) {
SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, ERR_R_ECDH_LIB);
goto err;
}

- /* generate master key from the result */
- s->session->master_key_length =
- s->method->ssl3_enc->generate_master_secret(s,
- s->
- session->master_key,
- p, n);
-
- memset(p, 0, n); /* clean up */
-
if (ecdh_clnt_cert) {
/* Send empty client key exch message */
n = 0;
@@ -2828,10 +2807,15 @@ int ssl3_send_client_key_exchange(SSL *s)
size_t msglen;
unsigned int md_len;
int keytype;
- unsigned char premaster_secret[32], shared_ukm[32], tmp[256];
+ unsigned char shared_ukm[32], tmp[256];
EVP_MD_CTX *ukm_hash;
EVP_PKEY *pub_key;

+ pmslen = 32;
+ pms = OPENSSL_malloc(pmslen);
+ if (!pms)
+ goto memerr;
+
/*
* Get server sertificate PKEY and create ctx from it
*/
@@ -2861,7 +2845,7 @@ int ssl3_send_client_key_exchange(SSL *s)

EVP_PKEY_encrypt_init(pkey_ctx);
/* Generate session key */
- RAND_bytes(premaster_secret, 32);
+ RAND_bytes(pms, pmslen);
/*
* If we have client certificate, use its secret as peer key
*/
@@ -2901,8 +2885,7 @@ int ssl3_send_client_key_exchange(SSL *s)
*/
*(p++) = V_ASN1_SEQUENCE | V_ASN1_CONSTRUCTED;
msglen = 255;
- if (EVP_PKEY_encrypt(pkey_ctx, tmp, &msglen, premaster_secret, 32)
- < 0) {
+ if (EVP_PKEY_encrypt(pkey_ctx, tmp, &msglen, pms, pmslen) < 0) {
SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
SSL_R_LIBRARY_BUG);
goto err;
@@ -2923,12 +2906,6 @@ int ssl3_send_client_key_exchange(SSL *s)
s->s3->flags |= TLS1_FLAGS_SKIP_CERT_VERIFY;
}
EVP_PKEY_CTX_free(pkey_ctx);
- s->session->master_key_length =
- s->method->ssl3_enc->generate_master_secret(s,
- s->
- session->master_key,
- premaster_secret,
- 32);
EVP_PKEY_free(pub_key);

}
@@ -2953,15 +2930,6 @@ int ssl3_send_client_key_exchange(SSL *s)
ERR_R_MALLOC_FAILURE);
goto err;
}
-
- if ((s->session->master_key_length =
- SRP_generate_client_master_secret(s,
- s->session->master_key)) <
- 0) {
- SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
- ERR_R_INTERNAL_ERROR);
- goto err;
- }
}
#endif
#ifndef OPENSSL_NO_PSK
@@ -2974,8 +2942,7 @@ int ssl3_send_client_key_exchange(SSL *s)
char identity[PSK_MAX_IDENTITY_LEN + 2];
size_t identity_len;
unsigned char *t = NULL;
- unsigned char psk_or_pre_ms[PSK_MAX_PSK_LEN * 2 + 4];
- unsigned int pre_ms_len = 0, psk_len = 0;
+ unsigned int psk_len = 0;
int psk_err = 1;

n = 0;
@@ -2986,10 +2953,15 @@ int ssl3_send_client_key_exchange(SSL *s)
}

memset(identity, 0, sizeof(identity));
+ /* Allocate maximum size buffer */
+ pmslen = PSK_MAX_PSK_LEN * 2 + 4;
+ pms = OPENSSL_malloc(pmslen);
+ if (!pms)
+ goto memerr;
+
psk_len = s->psk_client_callback(s, s->ctx->psk_identity_hint,
identity, sizeof(identity) - 1,
- psk_or_pre_ms,
- sizeof(psk_or_pre_ms));
+ pms, pmslen);
if (psk_len > PSK_MAX_PSK_LEN) {
SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
ERR_R_INTERNAL_ERROR);
@@ -2999,6 +2971,8 @@ int ssl3_send_client_key_exchange(SSL *s)
SSL_R_PSK_IDENTITY_NOT_FOUND);
goto psk_err;
}
+ /* Change pmslen to real length */
+ pmslen = 2 + psk_len + 2 + psk_len;
identity[PSK_MAX_IDENTITY_LEN + 1] = '\0';
identity_len = strlen(identity);
if (identity_len > PSK_MAX_IDENTITY_LEN) {
@@ -3007,9 +2981,8 @@ int ssl3_send_client_key_exchange(SSL *s)
goto psk_err;
}
/* create PSK pre_master_secret */
- pre_ms_len = 2 + psk_len + 2 + psk_len;
- t = psk_or_pre_ms;
- memmove(psk_or_pre_ms + psk_len + 4, psk_or_pre_ms, psk_len);
+ t = pms;
+ memmove(pms + psk_len + 4, pms, psk_len);
s2n(psk_len, t);
memset(t, 0, psk_len);
t += psk_len;
@@ -3035,19 +3008,12 @@ int ssl3_send_client_key_exchange(SSL *s)
goto psk_err;
}

- s->session->master_key_length =
- s->method->ssl3_enc->generate_master_secret(s,
- s->
- session->master_key,
- psk_or_pre_ms,
- pre_ms_len);
s2n(identity_len, p);
memcpy(p, identity, identity_len);
n = 2 + identity_len;
psk_err = 0;
psk_err:
OPENSSL_cleanse(identity, sizeof(identity));
- OPENSSL_cleanse(psk_or_pre_ms, sizeof(psk_or_pre_ms));
if (psk_err != 0) {
ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE);
goto err;
@@ -3065,8 +3031,60 @@ int ssl3_send_client_key_exchange(SSL *s)
}

/* SSL3_ST_CW_KEY_EXCH_B */
- return ssl_do_write(s);
+ n = ssl_do_write(s);
+#ifndef OPENSSL_NO_SRP
+ /* Check for SRP */
+ if (s->s3->tmp.new_cipher->algorithm_mkey & SSL_kSRP) {
+ /*
+ * If everything written generate master key: no need to save PMS as
+ * SRP_generate_client_master_secret generates it internally.
+ */
+ if (n > 0) {
+ if ((s->session->master_key_length =
+ SRP_generate_client_master_secret(s,
+ s->session->master_key)) <
+ 0) {
+ SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
+ ERR_R_INTERNAL_ERROR);
+ goto err;
+ }
+ }
+ } else
+#endif
+ /* If we haven't written everything save PMS */
+ if (n <= 0) {
+ s->cert->pms = pms;
+ s->cert->pmslen = pmslen;
+ } else {
+ /* If we don't have a PMS restore */
+ if (pms == NULL) {
+ pms = s->cert->pms;
+ pmslen = s->cert->pmslen;
+ }
+ if (pms == NULL) {
+ ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
+ SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+ s->session->master_key_length =
+ s->method->ssl3_enc->generate_master_secret(s,
+ s->
+ session->master_key,
+ pms, pmslen);
+ OPENSSL_cleanse(pms, pmslen);
+ OPENSSL_free(pms);
+ s->cert->pms = NULL;
+ }
+ return n;
+ memerr:
+ ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
+ SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, ERR_R_MALLOC_FAILURE);
err:
+ if (pms) {
+ OPENSSL_cleanse(pms, pmslen);
+ OPENSSL_free(pms);
+ s->cert->pms = NULL;
+ }
#ifndef OPENSSL_NO_ECDH
BN_CTX_free(bn_ctx);
if (encodedPoint != NULL)
@@ -3132,7 +3150,15 @@ int ssl3_send_client_verify(SSL *s)
}
s2n(u, p);
n = u + 4;
- if (!ssl3_digest_cached_records(s))
+ /*
+ * For extended master secret we've already digested cached
+ * records.
+ */
+ if (s->session->flags & SSL_SESS_FLAG_EXTMS) {
+ BIO_free(s->s3->handshake_buffer);
+ s->s3->handshake_buffer = NULL;
+ s->s3->flags &= ~TLS1_FLAGS_KEEP_HANDSHAKE;
+ } else if (!ssl3_digest_cached_records(s))
goto err;
} else
#ifndef OPENSSL_NO_RSA
diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c
index e929658..f31b76a 100644
--- a/ssl/s3_srvr.c
+++ b/ssl/s3_srvr.c
@@ -620,17 +620,19 @@ int ssl3_accept(SSL *s)
s->init_num = 0;
if (!s->session->peer)
break;
- /*
- * For sigalgs freeze the handshake buffer at this point and
- * digest cached records.
- */
if (!s->s3->handshake_buffer) {
SSLerr(SSL_F_SSL3_ACCEPT, ERR_R_INTERNAL_ERROR);
return -1;
}
- s->s3->flags |= TLS1_FLAGS_KEEP_HANDSHAKE;
- if (!ssl3_digest_cached_records(s))
- return -1;
+ /*
+ * For sigalgs freeze the handshake buffer. If we support
+ * extms we've done this already.
+ */
+ if (!(s->s3->flags & SSL_SESS_FLAG_EXTMS)) {
+ s->s3->flags |= TLS1_FLAGS_KEEP_HANDSHAKE;
+ if (!ssl3_digest_cached_records(s))
+ return -1;
+ }
} else {
int offset = 0;
int dgst_num;
diff --git a/ssl/ssl.h b/ssl/ssl.h
index df91c18..a3b8a81 100644
--- a/ssl/ssl.h
+++ b/ssl/ssl.h
@@ -656,6 +656,9 @@ void SSL_set_msg_callback(SSL *ssl,
# define SSL_CTX_set_msg_callback_arg(ctx, arg) SSL_CTX_ctrl((ctx), SSL_CTRL_SET_MSG_CALLBACK_ARG, 0, (arg))
# define SSL_set_msg_callback_arg(ssl, arg) SSL_ctrl((ssl), SSL_CTRL_SET_MSG_CALLBACK_ARG, 0, (arg))

+# define SSL_get_extms_support(s) \
+ SSL_ctrl((s),SSL_CTRL_GET_EXTMS_SUPPORT,0,NULL)
+
# ifndef OPENSSL_NO_SRP

/* see tls_srp.c */
@@ -1212,6 +1215,7 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)
# define SSL_CTRL_CHECK_PROTO_VERSION 119
# define DTLS_CTRL_SET_LINK_MTU 120
# define DTLS_CTRL_GET_LINK_MIN_MTU 121
+# define SSL_CTRL_GET_EXTMS_SUPPORT 122
# define SSL_CERT_SET_FIRST 1
# define SSL_CERT_SET_NEXT 2
# define SSL_CERT_SET_SERVER 3
diff --git a/ssl/ssl_asn1.c b/ssl/ssl_asn1.c
index 3eaee1d..b27e058 100644
--- a/ssl/ssl_asn1.c
+++ b/ssl/ssl_asn1.c
@@ -115,6 +115,7 @@ typedef struct ssl_session_asn1_st {
#ifndef OPENSSL_NO_SRP
ASN1_OCTET_STRING srp_username;
#endif /* OPENSSL_NO_SRP */
+ ASN1_INTEGER flags;
} SSL_SESSION_ASN1;

int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp)
@@ -134,6 +135,8 @@ int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp)
#ifndef OPENSSL_NO_SRP
int v12 = 0;
#endif
+ unsigned char fbuf[LSIZE2];
+ int v13 = 0;
long l;
SSL_SESSION_ASN1 a;
M_ASN1_I2D_vars(in);
@@ -256,6 +259,13 @@ int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp)
}
#endif /* OPENSSL_NO_SRP */

+ if (in->flags) {
+ a.flags.length = LSIZE2;
+ a.flags.type = V_ASN1_INTEGER;
+ a.flags.data = fbuf;
+ ASN1_INTEGER_set(&a.flags, in->flags);
+ }
+
M_ASN1_I2D_len(&(a.version), i2d_ASN1_INTEGER);
M_ASN1_I2D_len(&(a.ssl_version), i2d_ASN1_INTEGER);
M_ASN1_I2D_len(&(a.cipher), i2d_ASN1_OCTET_STRING);
@@ -304,6 +314,8 @@ int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp)
M_ASN1_I2D_len_EXP_opt(&(a.srp_username), i2d_ASN1_OCTET_STRING, 12,
v12);
#endif /* OPENSSL_NO_SRP */
+ if (in->flags)
+ M_ASN1_I2D_len_EXP_opt(&(a.flags), i2d_ASN1_INTEGER, 13, v13);

M_ASN1_I2D_seq_total();

@@ -356,6 +368,8 @@ int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp)
M_ASN1_I2D_put_EXP_opt(&(a.srp_username), i2d_ASN1_OCTET_STRING, 12,
v12);
#endif /* OPENSSL_NO_SRP */
+ if (in->flags)
+ M_ASN1_I2D_put_EXP_opt(&a.flags, i2d_ASN1_INTEGER, 13, v13);
M_ASN1_I2D_finish();
}

@@ -593,6 +607,15 @@ SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp,
} else
ret->srp_username = NULL;
#endif /* OPENSSL_NO_SRP */
+ ai.length = 0;
+ M_ASN1_D2I_get_EXP_opt(aip, d2i_ASN1_INTEGER, 13);
+ if (ai.data != NULL) {
+ ret->flags = ASN1_INTEGER_get(aip);
+ OPENSSL_free(ai.data);
+ ai.data = NULL;
+ ai.length = 0;
+ } else
+ ret->flags = 0;

M_ASN1_D2I_Finish(a, SSL_SESSION_free, SSL_F_D2I_SSL_SESSION);
}
diff --git a/ssl/ssl_cert.c b/ssl/ssl_cert.c
index f2de54b..1178d43 100644
--- a/ssl/ssl_cert.c
+++ b/ssl/ssl_cert.c
@@ -476,6 +476,11 @@ void ssl_cert_free(CERT *c)
custom_exts_free(&c->cli_ext);
custom_exts_free(&c->srv_ext);
#endif
+ if (c->pms) {
+ OPENSSL_cleanse(c->pms, c->pmslen);
+ OPENSSL_free(c->pms);
+ c->pms = NULL;
+ }
OPENSSL_free(c);
}

diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index 2a84ff2..bcb6be1 100644
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -1134,6 +1134,13 @@ long SSL_ctrl(SSL *s, int cmd, long larg, void *parg)
return (int)s->cert->ciphers_rawlen;
} else
return ssl_put_cipher_by_char(s, NULL, NULL);
+ case SSL_CTRL_GET_EXTMS_SUPPORT:
+ if (!s->session || SSL_in_init(s) || s->in_handshake)
+ return -1;
+ if (s->session->flags & SSL_SESS_FLAG_EXTMS)
+ return 1;
+ else
+ return 0;
default:
return (s->method->ssl_ctrl(s, cmd, larg, parg));
}
@@ -3479,6 +3486,35 @@ void ssl_clear_hash_ctx(EVP_MD_CTX **hash)
*hash = NULL;
}

+/* Retrieve handshake hashes */
+int ssl_handshake_hash(SSL *s, unsigned char *out, int outlen)
+{
+ unsigned char *p = out;
+ int idx, ret = 0;
+ long mask;
+ EVP_MD_CTX ctx;
+ const EVP_MD *md;
+ EVP_MD_CTX_init(&ctx);
+ for (idx = 0; ssl_get_handshake_digest(idx, &mask, &md); idx++) {
+ if (mask & ssl_get_algorithm2(s)) {
+ int hashsize = EVP_MD_size(md);
+ EVP_MD_CTX *hdgst = s->s3->handshake_dgst[idx];
+ if (!hdgst || hashsize < 0 || hashsize > outlen)
+ goto err;
+ if (!EVP_MD_CTX_copy_ex(&ctx, hdgst))
+ goto err;
+ if (!EVP_DigestFinal_ex(&ctx, p, NULL))
+ goto err;
+ p += hashsize;
+ outlen -= hashsize;
+ }
+ }
+ ret = p - out;
+ err:
+ EVP_MD_CTX_cleanup(&ctx);
+ return ret;
+}
+
void SSL_set_debug(SSL *s, int debug)
{
s->debug = debug;
diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h
index 56d6108..49425d8 100644
--- a/ssl/ssl_locl.h
+++ b/ssl/ssl_locl.h
@@ -597,6 +597,7 @@ struct ssl_method_st {

* Ticket [10] EXPLICIT OCTET STRING, -- session ticket (clients only)

* Compression_meth [11] EXPLICIT OCTET STRING, -- optional compression method

* SRP_username [ 12 ] EXPLICIT OCTET STRING -- optional SRP username

+ * flags [ 13 ] EXPLICIT INTEGER -- optional flags
* }

* Look in ssl/ssl_asn1.c for more details

* I'm using EXPLICIT tags so I can read the damn things using asn1parse :-).

@@ -674,8 +675,12 @@ struct ssl_session_st {
# ifndef OPENSSL_NO_SRP
char *srp_username;
# endif
+ long flags;
};

+/* Extended master secret support */
+# define SSL_SESS_FLAG_EXTMS 0x1
+

# ifndef OPENSSL_NO_SRP

@@ -1674,6 +1679,9 @@ typedef struct cert_st {
*/
unsigned char *ctypes;
size_t ctype_num;
+ /* Temporary storage for premaster secret */
+ unsigned char *pms;
+ size_t pmslen;
/*
* signature algorithms peer reports: e.g. supported signature algorithms
* extension for server or as part of a certificate request for client.
@@ -2406,6 +2414,8 @@ int ssl_add_serverhello_use_srtp_ext(SSL *s, unsigned char *p, int *len,
int ssl_parse_serverhello_use_srtp_ext(SSL *s, unsigned char *d, int len,
int *al);

+int ssl_handshake_hash(SSL *s, unsigned char *out, int outlen);
+
/* s3_cbc.c */
void ssl3_cbc_copy_mac(unsigned char *out,
const SSL3_RECORD *rec, unsigned md_size);
diff --git a/ssl/ssl_txt.c b/ssl/ssl_txt.c
index 76a7cce..e5774d2 100644
--- a/ssl/ssl_txt.c
+++ b/ssl/ssl_txt.c
@@ -244,6 +244,10 @@ int SSL_SESSION_print(BIO *bp, const SSL_SESSION *x)
X509_verify_cert_error_string(x->verify_result)) <= 0)
goto err;

+ if (BIO_printf(bp, " Extended master secret: %s\n",
+ x->flags & SSL_SESS_FLAG_EXTMS ? "yes" : "no") <= 0)
+ goto err;
+
return (1);
err:
return (0);
diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c
index 3f4973e..ff6273f 100644
--- a/ssl/t1_enc.c
+++ b/ssl/t1_enc.c
@@ -919,57 +919,28 @@ int tls1_cert_verify_mac(SSL *s, int md_nid, unsigned char *out)
return ((int)ret);
}

-int tls1_final_finish_mac(SSL *s,
- const char *str, int slen, unsigned char *out)
+int tls1_final_finish_mac(SSL *s, const char *str, int slen,
+ unsigned char *out)
{
- unsigned int i;
- EVP_MD_CTX ctx;
- unsigned char buf[2 * EVP_MAX_MD_SIZE];
- unsigned char *q, buf2[12];
- int idx;
- long mask;
- int err = 0;
- const EVP_MD *md;
-
- q = buf;
+ int hashlen;
+ unsigned char hash[2 * EVP_MAX_MD_SIZE];
+ unsigned char buf2[12];

if (s->s3->handshake_buffer)
if (!ssl3_digest_cached_records(s))
return 0;

- EVP_MD_CTX_init(&ctx);
+ hashlen = ssl_handshake_hash(s, hash, sizeof(hash));

- for (idx = 0; ssl_get_handshake_digest(idx, &mask, &md); idx++) {
- if (mask & ssl_get_algorithm2(s)) {
- int hashsize = EVP_MD_size(md);
- EVP_MD_CTX *hdgst = s->s3->handshake_dgst[idx];
- if (!hdgst || hashsize < 0
- || hashsize > (int)(sizeof buf - (size_t)(q - buf))) {
- /*
- * internal error: 'buf' is too small for this cipersuite!
- */
- err = 1;
- } else {
- if (!EVP_MD_CTX_copy_ex(&ctx, hdgst) ||
- !EVP_DigestFinal_ex(&ctx, q, &i) ||
- (i != (unsigned int)hashsize))
- err = 1;
- q += hashsize;
- }
- }
- }
+ if (hashlen == 0)
+ return 0;

if (!tls1_PRF(ssl_get_algorithm2(s),
- str, slen, buf, (int)(q - buf), NULL, 0, NULL, 0, NULL, 0,
+ str, slen, hash, hashlen, NULL, 0, NULL, 0, NULL, 0,
s->session->master_key, s->session->master_key_length,
out, buf2, sizeof buf2))
- err = 1;
- EVP_MD_CTX_cleanup(&ctx);
-
- if (err)
return 0;
- else
- return sizeof buf2;
+ return sizeof buf2;
}

int tls1_mac(SSL *ssl, unsigned char *md, int send)
@@ -1099,13 +1070,41 @@ int tls1_generate_master_secret(SSL *s, unsigned char *out, unsigned char *p,
len);
#endif /* KSSL_DEBUG */

-
- tls1_PRF(ssl_get_algorithm2(s),
- TLS_MD_MASTER_SECRET_CONST, TLS_MD_MASTER_SECRET_CONST_SIZE,
- s->s3->client_random, SSL3_RANDOM_SIZE,
- co, col,
- s->s3->server_random, SSL3_RANDOM_SIZE,
- so, sol, p, len, s->session->master_key, buff, sizeof buff);
+ if (s->session->flags & SSL_SESS_FLAG_EXTMS) {
+ unsigned char hash[EVP_MAX_MD_SIZE * 2];
+ int hashlen;
+ /* If we don't have any digests cache records */
+ if (s->s3->handshake_buffer) {
+ /*
+ * keep record buffer: this wont affect client auth because we're
+ * freezing the buffer at the same point (after client key
+ * exchange and before certificate verify)
+ */
+ s->s3->flags |= TLS1_FLAGS_KEEP_HANDSHAKE;
+ ssl3_digest_cached_records(s);
+ }
+ hashlen = ssl_handshake_hash(s, hash, sizeof(hash));
+#ifdef SSL_DEBUG
+ fprintf(stderr, "Handshake hashes:\n");
+ BIO_dump_fp(stderr, (char *)hash, hashlen);
+#endif
+ tls1_PRF(ssl_get_algorithm2(s),
+ TLS_MD_EXTENDED_MASTER_SECRET_CONST,
+ TLS_MD_EXTENDED_MASTER_SECRET_CONST_SIZE,
+ hash, hashlen,
+ co, col,
+ NULL, 0,
+ so, sol, p, len, s->session->master_key, buff, sizeof buff);
+ OPENSSL_cleanse(hash, hashlen);
+ } else {
+ tls1_PRF(ssl_get_algorithm2(s),
+ TLS_MD_MASTER_SECRET_CONST,
+ TLS_MD_MASTER_SECRET_CONST_SIZE,
+ s->s3->client_random, SSL3_RANDOM_SIZE,
+ co, col,
+ s->s3->server_random, SSL3_RANDOM_SIZE,
+ so, sol, p, len, s->session->master_key, buff, sizeof buff);
+ }
#ifdef SSL_DEBUG
fprintf(stderr, "Premaster Secret:\n");
BIO_dump_fp(stderr, (char *)p, len);
@@ -1204,6 +1203,9 @@ int tls1_export_keying_material(SSL *s, unsigned char *out, size_t olen,
if (memcmp(val, TLS_MD_MASTER_SECRET_CONST,
TLS_MD_MASTER_SECRET_CONST_SIZE) == 0)
goto err1;
+ if (memcmp(val, TLS_MD_EXTENDED_MASTER_SECRET_CONST,
+ TLS_MD_EXTENDED_MASTER_SECRET_CONST_SIZE) == 0)
+ goto err1;
if (memcmp(val, TLS_MD_KEY_EXPANSION_CONST,
TLS_MD_KEY_EXPANSION_CONST_SIZE) == 0)
goto err1;
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index 9be7347..22f7047 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -1445,6 +1445,8 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *buf,
s2n(TLSEXT_TYPE_encrypt_then_mac, ret);
s2n(0, ret);
# endif
+ s2n(TLSEXT_TYPE_extended_master_secret, ret);
+ s2n(0, ret);

/*
* Add padding to workaround bugs in F5 terminators. See
@@ -1682,6 +1684,10 @@ unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *buf,
}
}
# endif
+ if (!s->hit && s->session->flags & SSL_SESS_FLAG_EXTMS) {
+ s2n(TLSEXT_TYPE_extended_master_secret, ret);
+ s2n(0, ret);
+ }

if (s->s3->alpn_selected) {
const unsigned char *selected = s->s3->alpn_selected;
@@ -2300,6 +2306,10 @@ static int ssl_scan_clienthello_tlsext(SSL *s, unsigned char **p,
else if (type == TLSEXT_TYPE_encrypt_then_mac)
s->s3->flags |= TLS1_FLAGS_ENCRYPT_THEN_MAC;
# endif
+ else if (type == TLSEXT_TYPE_extended_master_secret) {
+ if (!s->hit)
+ s->session->flags |= SSL_SESS_FLAG_EXTMS;
+ }
/*
* If this ClientHello extension was unhandled and this is a
* nonresumed connection, check whether the extension is a custom
@@ -2594,6 +2604,10 @@ static int ssl_scan_serverhello_tlsext(SSL *s, unsigned char **p,
s->s3->flags |= TLS1_FLAGS_ENCRYPT_THEN_MAC;
}
# endif
+ else if (type == TLSEXT_TYPE_extended_master_secret) {
+ if (!s->hit)
+ s->session->flags |= SSL_SESS_FLAG_EXTMS;
+ }
/*
* If this extension type was not otherwise handled, but matches a
* custom_cli_ext_record, then send it to the c callback
diff --git a/ssl/t1_trce.c b/ssl/t1_trce.c
index 26160ed..4161750 100644
--- a/ssl/t1_trce.c
+++ b/ssl/t1_trce.c
@@ -363,7 +363,8 @@ static ssl_trace_tbl ssl_exts_tbl[] = {
{TLSEXT_TYPE_session_ticket, "session_ticket"},
{TLSEXT_TYPE_renegotiate, "renegotiate"},
{TLSEXT_TYPE_next_proto_neg, "next_proto_neg"},
- {TLSEXT_TYPE_padding, "padding"}
+ {TLSEXT_TYPE_padding, "padding"},
+ {TLSEXT_TYPE_extended_master_secret, "extended_master_secret"}
};

static ssl_trace_tbl ssl_curve_tbl[] = {
diff --git a/ssl/tls1.h b/ssl/tls1.h
index 1f756a4..af03f13 100644
--- a/ssl/tls1.h
+++ b/ssl/tls1.h
@@ -250,6 +250,12 @@ extern "C" {
* http://www.ietf.org/id/draft-ietf-tls-encrypt-then-mac-02.txt
*/
# define TLSEXT_TYPE_encrypt_then_mac 22
+/*
+ * Extended master secret extension.
+ * http://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xhtml
+ * https://tools.ietf.org/id/draft-ietf-tls-session-hash-03.txt
+ */
+# define TLSEXT_TYPE_extended_master_secret 23

/* ExtensionType value from RFC4507 */
# define TLSEXT_TYPE_session_ticket 35
@@ -776,7 +782,7 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb)

# define TLS1_FINISH_MAC_LENGTH 12

-# define TLS_MD_MAX_CONST_SIZE 20
+# define TLS_MD_MAX_CONST_SIZE 22
# define TLS_MD_CLIENT_FINISH_CONST "client finished"
# define TLS_MD_CLIENT_FINISH_CONST_SIZE 15
# define TLS_MD_SERVER_FINISH_CONST "server finished"
@@ -791,6 +797,8 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb)
# define TLS_MD_IV_BLOCK_CONST_SIZE 8
# define TLS_MD_MASTER_SECRET_CONST "master secret"
# define TLS_MD_MASTER_SECRET_CONST_SIZE 13
+# define TLS_MD_EXTENDED_MASTER_SECRET_CONST "extended master secret"
+# define TLS_MD_EXTENDED_MASTER_SECRET_CONST_SIZE 22

# ifdef CHARSET_EBCDIC
# undef TLS_MD_CLIENT_FINISH_CONST
@@ -840,6 +848,11 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb)
* master secret
*/
# define TLS_MD_MASTER_SECRET_CONST "\x6d\x61\x73\x74\x65\x72\x20\x73\x65\x63\x72\x65\x74"
+# undef TLS_MD_EXTENDED_MASTER_SECRET_CONST
+/*
+ * extended master secret
+ */
+# define TLS_MD_EXTENDED_MASTER_SECRET_CONST "\x65\x78\x74\x65\x63\x64\x65\x64\x20\x6d\x61\x73\x74\x65\x72\x20\x73\x65\x63\x72\x65\x74"
# endif

/* TLS Session Ticket extension struct */

Rich Salz

unread,

Feb 3, 2015, 11:23:01 AM2/3/15

to

The branch master has been updated

via dfb56425b68314b2b57e17c82c1df42e7a015132 (commit)
from 156a872233b56558c72561789b8f33ff71a88fa7 (commit)

- Log -----------------------------------------------------------------
commit dfb56425b68314b2b57e17c82c1df42e7a015132
Author: Rich Salz <rs...@openssl.org>
Date: Tue Feb 3 11:20:56 2015 -0500

Dead code: crypto/dh,modes,pkcs12,ripemd,rsa,srp

And an uncompiled C++ test file.
Also remove srp_lcl.h, with help from Richard.

Reviewed-by: Richard Levitte <lev...@openssl.org>

-----------------------------------------------------------------------

Summary of changes:

crypto/dh/dh_check.c | 10 +-----
crypto/dh/dh_gen.c | 12 +------
crypto/modes/gcm128.c | 3 --
crypto/pkcs12/p12_key.c | 7 ----
crypto/ripemd/asm/rips.cpp | 82 ------------------------------------------
crypto/ripemd/rmd_locl.h | 18 +++-------
crypto/rsa/rsa_null.c | 11 ------
crypto/srp/Makefile | 4 +--
crypto/srp/srp_lcl.h | 84 --------------------------------------------
crypto/srp/srp_lib.c | 5 +--
crypto/srp/srp_vfy.c | 7 +---
11 files changed, 11 insertions(+), 232 deletions(-)
delete mode 100644 crypto/ripemd/asm/rips.cpp
delete mode 100644 crypto/srp/srp_lcl.h

diff --git a/crypto/dh/dh_check.c b/crypto/dh/dh_check.c
index 347467c..7a8e063 100644
--- a/crypto/dh/dh_check.c
+++ b/crypto/dh/dh_check.c
@@ -116,15 +116,7 @@ int DH_check(const DH *dh, int *ret)
l = BN_mod_word(dh->p, 24);
if (l != 11)
*ret |= DH_NOT_SUITABLE_GENERATOR;
- }
-#if 0
- else if (BN_is_word(dh->g, DH_GENERATOR_3)) {
- l = BN_mod_word(dh->p, 12);
- if (l != 5)
- *ret |= DH_NOT_SUITABLE_GENERATOR;
- }
-#endif
- else if (BN_is_word(dh->g, DH_GENERATOR_5)) {
+ } else if (BN_is_word(dh->g, DH_GENERATOR_5)) {
l = BN_mod_word(dh->p, 10);
if ((l != 3) && (l != 7))
*ret |= DH_NOT_SUITABLE_GENERATOR;
diff --git a/crypto/dh/dh_gen.c b/crypto/dh/dh_gen.c
index 9b9db64..99ccae3 100644
--- a/crypto/dh/dh_gen.c
+++ b/crypto/dh/dh_gen.c
@@ -136,17 +136,7 @@ static int dh_builtin_genparams(DH *ret, int prime_len, int generator,
if (!BN_set_word(t2, 11))
goto err;
g = 2;
- }
-#if 0 /* does not work for safe primes */
- else if (generator == DH_GENERATOR_3) {
- if (!BN_set_word(t1, 12))
- goto err;
- if (!BN_set_word(t2, 5))
- goto err;
- g = 3;
- }
-#endif
- else if (generator == DH_GENERATOR_5) {
+ } else if (generator == DH_GENERATOR_5) {
if (!BN_set_word(t1, 10))
goto err;
if (!BN_set_word(t2, 3))
diff --git a/crypto/modes/gcm128.c b/crypto/modes/gcm128.c
index 5c75c91..1d1b0d9 100644
--- a/crypto/modes/gcm128.c
+++ b/crypto/modes/gcm128.c
@@ -1036,9 +1036,6 @@ int CRYPTO_gcm128_encrypt(GCM128_CONTEXT *ctx,
# endif
#endif

-#if 0
- n = (unsigned int)mlen % 16; /* alternative to ctx->mres */

-#endif
mlen += len;
if (mlen > ((U64(1) << 36) - 32) || (sizeof(len) == 8 && mlen < len))

return -1;
diff --git a/crypto/pkcs12/p12_key.c b/crypto/pkcs12/p12_key.c
index 99b8260..5a06208 100644
--- a/crypto/pkcs12/p12_key.c
+++ b/crypto/pkcs12/p12_key.c
@@ -118,13 +118,6 @@ int PKCS12_key_gen_uni(unsigned char *pass, int passlen, unsigned char *salt,
int tmpn = n;
#endif

-#if 0
- if (!pass) {
- PKCS12err(PKCS12_F_PKCS12_KEY_GEN_UNI, ERR_R_PASSED_NULL_PARAMETER);

- return 0;
- }
-#endif
-

EVP_MD_CTX_init(&ctx);
#ifdef DEBUG_KEYGEN
fprintf(stderr, "KEYGEN DEBUG\n");
diff --git a/crypto/ripemd/asm/rips.cpp b/crypto/ripemd/asm/rips.cpp
deleted file mode 100644
index f7a1367..0000000
--- a/crypto/ripemd/asm/rips.cpp
+++ /dev/null
@@ -1,82 +0,0 @@

-#include <openssl/ripemd.h>
-
-#define ripemd160_block_x86 ripemd160_block_asm_host_order
-
-extern "C" {
-void ripemd160_block_x86(RIPEMD160_CTX *ctx, unsigned char *buffer,int num);
-}

-
-void main(int argc,char *argv[])
- {

- unsigned char buffer[64*256];
- RIPEMD160_CTX ctx;
- unsigned long s1,s2,e1,e2;
- unsigned char k[16];

- unsigned long data[2];

- unsigned char iv[8];
- int i,num=0,numm;
- int j=0;
-
- if (argc >= 2)
- num=atoi(argv[1]);
-
- if (num == 0) num=16;
- if (num > 250) num=16;
- numm=num+2;
-#if 0
- num*=64;
- numm*=64;
-#endif

-
- for (j=0; j<6; j++)
- {

- for (i=0; i<10; i++) /**/
- {
- ripemd160_block_x86(&ctx,buffer,numm);
- GetTSC(s1);
- ripemd160_block_x86(&ctx,buffer,numm);
- GetTSC(e1);
- GetTSC(s2);
- ripemd160_block_x86(&ctx,buffer,num);
- GetTSC(e2);
- ripemd160_block_x86(&ctx,buffer,num);
- }
- printf("ripemd160 (%d bytes) %d %d (%.2f)\n",num*64,
- e1-s1,e2-s2,(double)((e1-s1)-(e2-s2))/2);
- }
- }
-
diff --git a/crypto/ripemd/rmd_locl.h b/crypto/ripemd/rmd_locl.h
index 497a1a1..5a2eed3 100644
--- a/crypto/ripemd/rmd_locl.h
+++ b/crypto/ripemd/rmd_locl.h
@@ -94,22 +94,14 @@ void ripemd160_block_data_order(RIPEMD160_CTX *c, const void *p, size_t num);

#include "md32_common.h"

-#if 0
-# define F1(x,y,z) ((x)^(y)^(z))
-# define F2(x,y,z) (((x)&(y))|((~x)&z))
-# define F3(x,y,z) (((x)|(~y))^(z))
-# define F4(x,y,z) (((x)&(z))|((y)&(~(z))))
-# define F5(x,y,z) ((x)^((y)|(~(z))))
-#else
/*
* Transformed F2 and F4 are courtesy of Wei Dai <wei...@eskimo.com>
*/
-# define F1(x,y,z) ((x) ^ (y) ^ (z))
-# define F2(x,y,z) ((((y) ^ (z)) & (x)) ^ (z))
-# define F3(x,y,z) (((~(y)) | (x)) ^ (z))
-# define F4(x,y,z) ((((x) ^ (y)) & (z)) ^ (y))
-# define F5(x,y,z) (((~(z)) | (y)) ^ (x))
-#endif
+#define F1(x,y,z) ((x) ^ (y) ^ (z))
+#define F2(x,y,z) ((((y) ^ (z)) & (x)) ^ (z))
+#define F3(x,y,z) (((~(y)) | (x)) ^ (z))
+#define F4(x,y,z) ((((x) ^ (y)) & (z)) ^ (y))
+#define F5(x,y,z) (((~(z)) | (y)) ^ (x))

#define RIPEMD160_A 0x67452301L
#define RIPEMD160_B 0xEFCDAB89L
diff --git a/crypto/rsa/rsa_null.c b/crypto/rsa/rsa_null.c
index 241b431..535660a 100644
--- a/crypto/rsa/rsa_null.c
+++ b/crypto/rsa/rsa_null.c
@@ -79,9 +79,6 @@ static int RSA_null_public_decrypt(int flen, const unsigned char *from,
unsigned char *to, RSA *rsa, int padding);
static int RSA_null_private_decrypt(int flen, const unsigned char *from,
unsigned char *to, RSA *rsa, int padding);
-#if 0 /* not currently used */
-static int RSA_null_mod_exp(const BIGNUM *r0, const BIGNUM *i, RSA *rsa);
-#endif
static int RSA_null_init(RSA *rsa);
static int RSA_null_finish(RSA *rsa);
static RSA_METHOD rsa_null_meth = {
@@ -136,14 +133,6 @@ static int RSA_null_public_decrypt(int flen, const unsigned char *from,
return -1;
}

-#if 0 /* not currently used */
-static int RSA_null_mod_exp(BIGNUM *r0, BIGNUM *I, RSA *rsa)
-{
- ... err(RSA_F_RSA_NULL_MOD_EXP, RSA_R_RSA_OPERATIONS_NOT_SUPPORTED);

- return -1;
-}
-#endif
-

static int RSA_null_init(RSA *rsa)
{
return (1);
diff --git a/crypto/srp/Makefile b/crypto/srp/Makefile
index 0c37ec7..3674dd6 100644
--- a/crypto/srp/Makefile
+++ b/crypto/srp/Makefile
@@ -82,7 +82,7 @@ srp_lib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
srp_lib.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
srp_lib.o: ../../include/openssl/sha.h ../../include/openssl/srp.h
srp_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-srp_lib.o: ../cryptlib.h ../include/internal/bn_srp.h srp_lcl.h srp_lib.c
+srp_lib.o: ../cryptlib.h ../include/internal/bn_srp.h srp_lib.c
srp_vfy.o: ../../e_os.h ../../include/openssl/asn1.h
srp_vfy.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
srp_vfy.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
@@ -94,4 +94,4 @@ srp_vfy.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h
srp_vfy.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
srp_vfy.o: ../../include/openssl/srp.h ../../include/openssl/stack.h
srp_vfy.o: ../../include/openssl/symhacks.h ../../include/openssl/txt_db.h
-srp_vfy.o: ../cryptlib.h srp_lcl.h srp_vfy.c
+srp_vfy.o: ../cryptlib.h srp_vfy.c
diff --git a/crypto/srp/srp_lcl.h b/crypto/srp/srp_lcl.h
deleted file mode 100644
index 9a7fce1..0000000
--- a/crypto/srp/srp_lcl.h
+++ /dev/null
@@ -1,84 +0,0 @@
-/* crypto/srp/srp_lcl.h */
-/*
- * Written by Peter Sylvester (peter.s...@edelweb.fr) for the EdelKey
- * project and contributed to the OpenSSL project 2004.
- */
-/* ====================================================================
- * Copyright (c) 2004 The OpenSSL Project. All rights reserved.

- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project

- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"

- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact

- * lice...@OpenSSL.org.

- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project

- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"

- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (e...@cryptsoft.com). This product includes software written by Tim
- * Hudson (t...@cryptsoft.com).
- *
- */

-#ifndef HEADER_SRP_LCL_H
-# define HEADER_SRP_LCL_H
-
-# include <openssl/srp.h>
-# include <openssl/sha.h>
-
-# if 0
-# define srp_bn_print(a) {fprintf(stderr, #a "="); BN_print_fp(stderr,a); \
- fprintf(stderr,"\n");}
-# else
-# define srp_bn_print(a)

-# endif
-
-
-

-#ifdef __cplusplus
-extern "C" {
-#endif
-
-

-
-#ifdef __cplusplus
-}
-#endif
-

-#endif
diff --git a/crypto/srp/srp_lib.c b/crypto/srp/srp_lib.c
index 6997a28..9e1de74 100644
--- a/crypto/srp/srp_lib.c
+++ b/crypto/srp/srp_lib.c
@@ -59,7 +59,7 @@
*/
#ifndef OPENSSL_NO_SRP
# include "cryptlib.h"
-# include "srp_lcl.h"
+# include <openssl/sha.h>
# include <openssl/srp.h>
# include <openssl/evp.h>
# include "internal/bn_srp.h"
@@ -317,9 +317,6 @@ char *SRP_check_known_gN_param(BIGNUM *g, BIGNUM *N)
if ((g == NULL) || (N == NULL))
return 0;

- srp_bn_print(g);
- srp_bn_print(N);
-
for (i = 0; i < KNOWN_GN_NUMBER; i++) {
if (BN_cmp(knowngN[i].g, g) == 0 && BN_cmp(knowngN[i].N, N) == 0)
return knowngN[i].id;
diff --git a/crypto/srp/srp_vfy.c b/crypto/srp/srp_vfy.c
index df82ca3..4aed5b4 100644
--- a/crypto/srp/srp_vfy.c
+++ b/crypto/srp/srp_vfy.c
@@ -59,7 +59,7 @@
*/
#ifndef OPENSSL_NO_SRP
# include "cryptlib.h"
-# include "srp_lcl.h"
+# include <openssl/sha.h>
# include <openssl/srp.h>
# include <openssl/evp.h>
# include <openssl/buffer.h>
@@ -607,9 +607,6 @@ int SRP_create_verifier_BN(const char *user, const char *pass, BIGNUM **salt,
(verifier == NULL) || (N == NULL) || (g == NULL) || (bn_ctx == NULL))
goto err;

- srp_bn_print(N);
- srp_bn_print(g);
-
if (*salt == NULL) {
RAND_pseudo_bytes(tmp2, SRP_RANDOM_SALT_LEN);

@@ -627,8 +624,6 @@ int SRP_create_verifier_BN(const char *user, const char *pass, BIGNUM **salt,
goto err;
}

- srp_bn_print(*verifier);
-
result = 1;

err:

Dr. Stephen Henson

unread,

Feb 3, 2015, 11:51:15 AM2/3/15

to

The branch master has been updated

via a724e79ed761ea535a6c7457c90da5ff4b1cea69 (commit)
via 3d47c1d331fdc7574d2275cda1a630ccdb624b08 (commit)
from dfb56425b68314b2b57e17c82c1df42e7a015132 (commit)

- Log -----------------------------------------------------------------
commit a724e79ed761ea535a6c7457c90da5ff4b1cea69

Author: Dr. Stephen Henson <st...@openssl.org>

Date: Tue Feb 3 01:31:33 2015 +0000

Preliminary ASN1_TIME documentation.

Reviewed-by: Rich Salz <rs...@openssl.org>

commit 3d47c1d331fdc7574d2275cda1a630ccdb624b08

Author: Dr. Stephen Henson <st...@openssl.org>

Date: Tue Feb 3 14:53:15 2015 +0000

Remove unused variables.

Reviewed-by: Rich Salz <rs...@openssl.org>

-----------------------------------------------------------------------

Summary of changes:

doc/crypto/ASN1_TIME_set.pod | 129 ++++++++++++++++++++++++++++++++++++++++++
ssl/t1_enc.c | 10 ++--
2 files changed, 133 insertions(+), 6 deletions(-)
create mode 100644 doc/crypto/ASN1_TIME_set.pod

diff --git a/doc/crypto/ASN1_TIME_set.pod b/doc/crypto/ASN1_TIME_set.pod
new file mode 100644
index 0000000..ae2b53d
--- /dev/null
+++ b/doc/crypto/ASN1_TIME_set.pod
@@ -0,0 +1,129 @@

+=pod
+
+=head1 NAME
+

+ASN1_TIME_set, ASN1_TIME_adj, ASN1_TIME_check, ASN1_TIME_set_string,
+ASN1_TIME_print, ASN1_TIME_diff - ASN.1 Time functions.
+
+=head1 SYNOPSIS
+
+ ASN1_TIME *ASN1_TIME_set(ASN1_TIME *s, time_t t);
+ ASN1_TIME *ASN1_TIME_adj(ASN1_TIME *s, time_t t,
+ int offset_day, long offset_sec);
+ int ASN1_TIME_set_string(ASN1_TIME *s, const char *str);
+ int ASN1_TIME_check(const ASN1_TIME *t);
+ int ASN1_TIME_print(BIO *b, const ASN1_TIME *s);
+
+ int ASN1_TIME_diff(int *pday, int *psec,
+ const ASN1_TIME *from, const ASN1_TIME *to);
+
+=head1 DESCRIPTION
+
+The function ASN1_TIME_set() sets the ASN1_TIME structure B<s> to the
+time represented by the time_t value B<t>. If B<s> is NULL a new ASN1_TIME
+structure is allocated and returned.
+
+ASN1_TIME_adj() sets the ASN1_TIME structure B<s> to the time represented
+by the time B<offset_day> and B<offset_sec> after the time_t value B<t>.
+The values of B<offset_day> or B<offset_sec> can be negative to set a
+time before B<t>. The B<offset_sec> value can also exceed the number of
+seconds in a day. If B<s> is NULL a new ASN1_TIME structure is allocated
+and returned.
+
+ASN1_TIME_set_string() sets ASN1_TIME structure B<s> to the time
+represented by string B<str> which must be in appropriate ASN.1 time
+format (for example YYMMDDHHMMSSZ or YYYYMMDDHHMMSSZ).
+
+ASN1_TIME_check() checks the syntax of ASN1_TIME structure B<s>.
+
+ASN1_TIME_print() prints out the time B<s> to BIO B<b> in human readable
+format. It will be of the format MMM DD HH:MM:SS YYYY [GMT], for example
+"Feb 3 00:55:52 2015 GMT" it does not include a newline. If the time
+structure has invalid format it prints out "Bad time value" and returns
+an error.
+
+ASN1_TIME_diff() sets B<*pday> and B<*psec> to the time difference between
+B<from> and B<to>. If B<to> represents a time later than B<from> then
+one or both (depending on the time difference) of B<*pday> and B<*psec>
+will be positive. If B<to> represents a time earlier than B<from> then
+one or both of B<*pday> and B<*psec> will be negative. If B<to> and B<from>
+represent the same time then B<*pday> and B<*psec> will both be zero.
+If both B<*pday> and B<*psec> are non-zero they will always have the same
+sign. The value of B<*psec> will always be less than the number of seconds
+in a day. If B<from> or B<to> is NULL the current time is used.
+
+=head1 NOTES
+
+The ASN1_TIME structure corresponds to the ASN.1 structure B<Time>
+defined in RFC5280 et al. The time setting functions obey the rules outlined
+in RFC5280: if the date can be represented by UTCTime it is used, else
+GeneralizedTime is used.
+
+The ASN1_TIME structure is represented as an ASN1_STRING internally and can
+be freed up using ASN1_STRING_free().
+
+The ASN1_TIME structure can represent years from 0000 to 9999 but no attempt
+is made to correct ancient calendar changes (for example from Julian to
+Gregorian calendars).
+
+Some applications add offset times directly to a time_t value and pass the
+results to ASN1_TIME_set() (or equivalent). This can cause problems as the
+time_t value can overflow on some systems resulting in unexpected results.
+New applications should use ASN1_TIME_adj() instead and pass the offset value
+in the B<offset_sec> and B<offset_day> parameters instead of directly
+manipulating a time_t value.
+
+=head1 BUGS
+
+ASN1_TIME_print() currently does not print out the time zone: it either prints
+out "GMT" or nothing. But all certificates complying with RFC5280 et al use GMT
+anyway.
+
+=head1 EXAMPLES
+
+Set a time structure to one hour after the current time and print it out:
+
+ #include <time.h>
+ #include <openssl/asn1.h>
+ ASN1_TIME *tm;
+ time_t t;
+ BIO *b;
+ t = time(NULL);
+ tm = ASN1_TIME_adj(NULL, t, 0, 60 * 60);
+ b = BIO_new_fp(stdout, BIO_NOCLOSE);
+ ASN1_TIME_print(b, tm);
+ ASN1_STRING_free(tm);
+ BIO_free(b);
+
+Determine if one time is later or sooner than the current time:
+
+ int day, sec;
+
+ if (!ASN1_TIME_diff(&day, &sec, NULL, to))
+ /* Invalid time format */
+
+ if (day > 0 || sec > 0)
+ printf("Later\n");
+ else if (day < 0 || sec < 0)
+ printf("Sooner\n");
+ else
+ printf("Same\n");

+
+=head1 RETURN VALUES
+

+ASN1_TIME_set() and ASN1_TIME_adj() return a pointer to an ASN1_TIME structure
+or NULL if an error occurred.
+
+ASN1_TIME_set_string() returns 1 if the time value is successfully set and
+0 otherwise.
+
+ASN1_TIME_check() returns 1 if the structure is syntactically correct and 0
+otherwise.
+
+ASN1_TIME_print() returns 1 if the time is successfully printed out and 0 if
+an error occurred (I/O error or invalid time format).
+
+ASN1_TIME_diff() returns 1 for sucess and 0 for failure. It can fail if the
+pass ASN1_TIME structure has invalid syntax for example.
+
+=cut
diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c
index ff6273f..a432dca 100644
--- a/ssl/t1_enc.c
+++ b/ssl/t1_enc.c
@@ -1062,8 +1062,6 @@ int tls1_generate_master_secret(SSL *s, unsigned char *out, unsigned char *p,
int len)
{
unsigned char buff[SSL_MAX_MASTER_KEY_LENGTH];
- const void *co = NULL, *so = NULL;
- int col = 0, sol = 0;

#ifdef KSSL_DEBUG
fprintf(stderr, "tls1_generate_master_secret(%p,%p, %p, %d)\n", s, out, p,
@@ -1092,18 +1090,18 @@ int tls1_generate_master_secret(SSL *s, unsigned char *out, unsigned char *p,
TLS_MD_EXTENDED_MASTER_SECRET_CONST,
TLS_MD_EXTENDED_MASTER_SECRET_CONST_SIZE,
hash, hashlen,
- co, col,
NULL, 0,

- so, sol, p, len, s->session->master_key, buff, sizeof buff);

+ NULL, 0,
+ NULL, 0, p, len, s->session->master_key, buff, sizeof buff);
OPENSSL_cleanse(hash, hashlen);
} else {
tls1_PRF(ssl_get_algorithm2(s),
TLS_MD_MASTER_SECRET_CONST,
TLS_MD_MASTER_SECRET_CONST_SIZE,

s->s3->client_random, SSL3_RANDOM_SIZE,
- co, col,

+ NULL, 0,

s->s3->server_random, SSL3_RANDOM_SIZE,
- so, sol, p, len, s->session->master_key, buff, sizeof buff);

+ NULL, 0, p, len, s->session->master_key, buff, sizeof buff);

}
#ifdef SSL_DEBUG
fprintf(stderr, "Premaster Secret:\n");

Dr. Stephen Henson

unread,

Feb 4, 2015, 8:34:59 AM2/4/15

to

The branch master has been updated

via 6922ddee1b7b1bddbe0d59a5bbdcf8ff39343434 (commit)
from a724e79ed761ea535a6c7457c90da5ff4b1cea69 (commit)

- Log -----------------------------------------------------------------
commit 6922ddee1b7b1bddbe0d59a5bbdcf8ff39343434

Author: Dr. Stephen Henson <st...@openssl.org>

Date: Wed Feb 4 03:31:34 2015 +0000

Make objxref.pl output in correct format

Reviewed-by: Tim Hudson <t...@openssl.org>

-----------------------------------------------------------------------

Summary of changes:

crypto/objects/objxref.pl | 37 +++++++++++++++++++++----------------
1 file changed, 21 insertions(+), 16 deletions(-)

diff --git a/crypto/objects/objxref.pl b/crypto/objects/objxref.pl
index 833f4ab..1913b9d 100644
--- a/crypto/objects/objxref.pl
+++ b/crypto/objects/objxref.pl
@@ -63,30 +63,36 @@ $pname =~ s|^.[^/]/||;
print <<EOF;
/* AUTOGENERATED BY $pname, DO NOT EDIT */

-typedef struct
- {
- int sign_id;
- int hash_id;
- int pkey_id;
- } nid_triple;
+typedef struct {
+ int sign_id;
+ int hash_id;
+ int pkey_id;
+} nid_triple;

-static const nid_triple sigoid_srt[] =
- {
+static const nid_triple sigoid_srt[] = {
EOF

foreach (@srt1)
{
my $xr = $_;
my ($p1, $p2) = @{$xref_tbl{$_}};
- print "\t{NID_$xr, NID_$p1, NID_$p2},\n";
- }
+ my $o1 = " {NID_$xr, NID_$p1,";
+ my $o2 = "NID_$p2},";
+ if (length("$o1 $o2") < 78)
+ {
+ print "$o1 $o2\n";
+ }
+ else
+ {
+ print "$o1\n $o2\n";
+ }
+ }

-print "\t};";
+print "};";
print <<EOF;

-static const nid_triple * const sigoid_srt_xref[] =
- {
+static const nid_triple *const sigoid_srt_xref[] = {
EOF

foreach (@srt2)
@@ -95,10 +101,10 @@ foreach (@srt2)
# If digest or signature algorithm is "undef" then the algorithm
# needs special handling and is excluded from the cross reference table.
next if $p1 eq "undef" || $p2 eq "undef";
- print "\t\&sigoid_srt\[$x\],\n";
+ print " \&sigoid_srt\[$x\],\n";
}

-print "\t};\n\n";
+print "};\n";

sub check_oid
{
@@ -108,4 +114,3 @@ sub check_oid
die "Not Found \"$chk\"\n";
}
}
-

Dr. Stephen Henson

unread,

Feb 4, 2015, 2:17:05 PM2/4/15

to

The branch master has been updated

via f0983d3953fdc3e162e97ae4d35086e687aa4c89 (commit)
via 5496cd3e5d9a0ab4c1235bdda9872eeb5ec130bb (commit)
from 6922ddee1b7b1bddbe0d59a5bbdcf8ff39343434 (commit)

- Log -----------------------------------------------------------------
commit f0983d3953fdc3e162e97ae4d35086e687aa4c89

Author: Dr. Stephen Henson <st...@openssl.org>

Date: Sun Feb 1 14:51:46 2015 +0000

Updates to reformat script.

Don't change files if they're unmodified.

Indicate which files have changed and a summary.
Reviewed-by: Rich Salz <rs...@openssl.org>

commit 5496cd3e5d9a0ab4c1235bdda9872eeb5ec130bb

Author: Dr. Stephen Henson <st...@openssl.org>

Date: Tue Feb 3 22:53:15 2015 +0000

More unused FIPS module code.

Remove fips_algvs.c

Remove unused fips module build code from Configure and Makefile.org

Reviewed-by: Tim Hudson <t...@openssl.org>

-----------------------------------------------------------------------

Summary of changes:

Configure | 34 +----
Makefile.org | 84 ------------
test/Makefile | 2 +-
test/fips_algvs.c | 312 --------------------------------------------
util/openssl-format-source | 26 +++-
5 files changed, 23 insertions(+), 435 deletions(-)
delete mode 100644 test/fips_algvs.c

diff --git a/Configure b/Configure
index d56c3d9..c9d3aeb 100755
--- a/Configure
+++ b/Configure
@@ -1124,24 +1124,7 @@ my $IsMK1MF=scalar grep /^$target$/,@MK1MF_Builds;
$exe_ext=".exe" if ($target eq "Cygwin" || $target eq "DJGPP" || $target =~ /^mingw/);
$exe_ext=".nlm" if ($target =~ /netware/);
$exe_ext=".pm" if ($target =~ /vos/);
-if ($openssldir eq "" and $prefix eq "")
- {
- if ($fips)
- {
- if (exists $ENV{FIPSDIR})
- {
- $openssldir="$ENV{FIPSDIR}";
- }
- else
- {
- $openssldir="/usr/local/ssl/fips-2.0";
- }
- }
- else
- {
- $openssldir="/usr/local/ssl";
- }
- }
+$openssldir="/usr/local/ssl" if ($openssldir eq "" and $prefix eq "");
$prefix=$openssldir if $prefix eq "";

$default_ranlib= &which("ranlib") or $default_ranlib="true";
@@ -1149,10 +1132,6 @@ $perl=$ENV{'PERL'} or $perl=&which("perl5") or $perl=&which("perl")
or $perl="perl";
my $make = $ENV{'MAKE'} || "make";

-my $fips_auth_key = $ENV{'FIPS_AUTH_KEY'};
-my $fips_auth_officer = $ENV{'FIPS_AUTH_OFFICER'};
-my $fips_auth_user = $ENV{'FIPS_AUTH_USER'};
-
$cross_compile_prefix=$ENV{'CROSS_COMPILE'} if $cross_compile_prefix eq "";

chop $openssldir if $openssldir =~ /\/$/;
@@ -2027,16 +2006,9 @@ BEGIN
BEGIN
BLOCK "040904b0"
BEGIN
-#if defined(FIPS)
- VALUE "Comments", "WARNING: TEST VERSION ONLY ***NOT*** FIPS 140-2 VALIDATED.\\0"
-#endif
// Required:
VALUE "CompanyName", "The OpenSSL Project, http://www.openssl.org/\\0"
-#if defined(FIPS)
- VALUE "FileDescription", "TEST UNVALIDATED FIPS140-2 DLL\\0"
-#else
VALUE "FileDescription", "OpenSSL Shared Library\\0"
-#endif
VALUE "FileVersion", "$version\\0"
#if defined(CRYPTO)
VALUE "InternalName", "libeay32\\0"
@@ -2044,10 +2016,6 @@ BEGIN
#elif defined(SSL)
VALUE "InternalName", "ssleay32\\0"
VALUE "OriginalFilename", "ssleay32.dll\\0"
-#elif defined(FIPS)
- VALUE "InternalName", "libosslfips\\0"
- VALUE "OriginalFilename", "libosslfips.dll\\0"
-#endif
VALUE "ProductName", "The OpenSSL Toolkit\\0"
VALUE "ProductVersion", "$version\\0"
// Optional:
diff --git a/Makefile.org b/Makefile.org
index 2e4c76e..3fa129c 100644
--- a/Makefile.org
+++ b/Makefile.org
@@ -245,7 +245,6 @@ BUILDENV= PLATFORM='$(PLATFORM)' PROCESSOR='$(PROCESSOR)' \
PERLASM_SCHEME='$(PERLASM_SCHEME)' \
FIPSLIBDIR='${FIPSLIBDIR}' \
FIPSCANLIB="$${FIPSCANLIB:-$(FIPSCANLIB)}" \
- FIPS_EX_OBJ='${FIPS_EX_OBJ}' \
THIS=$${THIS:-$@} MAKEFILE=Makefile MAKEOVERRIDES=
# MAKEOVERRIDES= effectively "equalizes" GNU-ish and SysV-ish make flavors,
# which in turn eliminates ambiguities in variable treatment with -e.
@@ -277,89 +276,6 @@ BUILD_ONE_CMD=\
reflect:
@[ -n "$(THIS)" ] && $(CLEARENV) && $(MAKE) $(THIS) -e $(BUILDENV)

-FIPS_EX_OBJ= ../crypto/aes/aes_cfb.o \
- ../crypto/aes/aes_ecb.o \
- ../crypto/aes/aes_ofb.o \
- ../crypto/bn/bn_add.o \
- ../crypto/bn/bn_blind.o \
- ../crypto/bn/bn_ctx.o \
- ../crypto/bn/bn_div.o \
- ../crypto/bn/bn_exp2.o \
- ../crypto/bn/bn_exp.o \
- ../crypto/bn/bn_gcd.o \
- ../crypto/bn/bn_gf2m.o \
- ../crypto/bn/bn_lib.o \
- ../crypto/bn/bn_mod.o \
- ../crypto/bn/bn_mont.o \
- ../crypto/bn/bn_mul.o \
- ../crypto/bn/bn_nist.o \
- ../crypto/bn/bn_prime.o \
- ../crypto/bn/bn_rand.o \
- ../crypto/bn/bn_recp.o \
- ../crypto/bn/bn_shift.o \
- ../crypto/bn/bn_sqr.o \
- ../crypto/bn/bn_word.o \
- ../crypto/bn/bn_x931p.o \
- ../crypto/buffer/buf_str.o \
- ../crypto/cmac/cmac.o \
- ../crypto/cryptlib.o \
- ../crypto/des/cfb64ede.o \
- ../crypto/des/cfb64enc.o \
- ../crypto/des/cfb_enc.o \
- ../crypto/des/ecb3_enc.o \
- ../crypto/des/ofb64ede.o \
- ../crypto/des/fcrypt.o \
- ../crypto/des/set_key.o \
- ../crypto/dh/dh_check.o \
- ../crypto/dh/dh_gen.o \
- ../crypto/dh/dh_key.o \
- ../crypto/dsa/dsa_gen.o \
- ../crypto/dsa/dsa_key.o \
- ../crypto/dsa/dsa_ossl.o \
- ../crypto/ec/ec_curve.o \
- ../crypto/ec/ec_cvt.o \
- ../crypto/ec/ec_key.o \
- ../crypto/ec/ec_lib.o \
- ../crypto/ec/ecp_mont.o \
- ../crypto/ec/ec_mult.o \
- ../crypto/ec/ecp_nist.o \
- ../crypto/ec/ecp_smpl.o \
- ../crypto/ec/ec2_mult.o \
- ../crypto/ec/ec2_smpl.o \
- ../crypto/ecdh/ech_key.o \
- ../crypto/ecdh/ech_ossl.o \
- ../crypto/ecdsa/ecs_ossl.o \
- ../crypto/evp/e_aes.o \
- ../crypto/evp/e_des3.o \
- ../crypto/evp/e_null.o \
- ../crypto/evp/m_sha1.o \
- ../crypto/evp/m_dss1.o \
- ../crypto/evp/m_dss.o \
- ../crypto/evp/m_ecdsa.o \
- ../crypto/hmac/hmac.o \
- ../crypto/modes/cbc128.o \
- ../crypto/modes/ccm128.o \
- ../crypto/modes/cfb128.o \
- ../crypto/modes/ctr128.o \
- ../crypto/modes/gcm128.o \
- ../crypto/modes/ofb128.o \
- ../crypto/modes/xts128.o \
- ../crypto/rsa/rsa_eay.o \
- ../crypto/rsa/rsa_gen.o \
- ../crypto/rsa/rsa_crpt.o \
- ../crypto/rsa/rsa_none.o \
- ../crypto/rsa/rsa_oaep.o \
- ../crypto/rsa/rsa_pk1.o \
- ../crypto/rsa/rsa_pss.o \
- ../crypto/rsa/rsa_ssl.o \
- ../crypto/rsa/rsa_x931.o \
- ../crypto/rsa/rsa_x931g.o \
- ../crypto/sha/sha1dgst.o \
- ../crypto/sha/sha256.o \
- ../crypto/sha/sha512.o \
- ../crypto/thr_id.o \
- ../crypto/uid.o
-
sub_all: build_all

build_all: build_libs build_apps build_tests build_tools
diff --git a/test/Makefile b/test/Makefile
index f0eb183..fa5bd9f 100644
--- a/test/Makefile
+++ b/test/Makefile
@@ -12,7 +12,7 @@ PERL= perl
# KRB5 stuff
KRB5_INCLUDES=
LIBKRB5=
-TEST= fips_algvs.c igetest.c
+TEST= igetest.c

PEX_LIBS=
EX_LIBS= #-lnsl -lsocket
diff --git a/test/fips_algvs.c b/test/fips_algvs.c
deleted file mode 100644
index 18a5bab..0000000
--- a/test/fips_algvs.c
+++ /dev/null
@@ -1,312 +0,0 @@
-/* test/fips_algvs.c */
-/*
- * Written by Dr Stephen N Henson (st...@openssl.org) for the OpenSSL project
- * 2011
- */
-/* ====================================================================
- * Copyright (c) 2011 The OpenSSL Project. All rights reserved.

-#include <stdio.h>
-#include <openssl/crypto.h>
-#include <openssl/opensslconf.h>
-
-#ifndef OPENSSL_FIPS
-# include <stdio.h>
-
-int main(int argc, char **argv)
-{
- printf("No FIPS ALGVS support\n");
- return 0;
-}
-#else
-
-# define FIPS_ALGVS
-
-extern int fips_aesavs_main(int argc, char **argv);
-extern int fips_cmactest_main(int argc, char **argv);
-extern int fips_desmovs_main(int argc, char **argv);
-extern int fips_dhvs_main(int argc, char **argv);
-extern int fips_drbgvs_main(int argc, char **argv);
-extern int fips_dssvs_main(int argc, char **argv);
-extern int fips_ecdhvs_main(int argc, char **argv);
-extern int fips_ecdsavs_main(int argc, char **argv);
-extern int fips_gcmtest_main(int argc, char **argv);
-extern int fips_hmactest_main(int argc, char **argv);
-extern int fips_rngvs_main(int argc, char **argv);
-extern int fips_rsagtest_main(int argc, char **argv);
-extern int fips_rsastest_main(int argc, char **argv);
-extern int fips_rsavtest_main(int argc, char **argv);
-extern int fips_shatest_main(int argc, char **argv);
-extern int fips_test_suite_main(int argc, char **argv);
-
-# include "fips_aesavs.c"
-# include "fips_cmactest.c"
-# include "fips_desmovs.c"
-# include "fips_dhvs.c"
-# include "fips_drbgvs.c"
-# include "fips_dssvs.c"
-# include "fips_ecdhvs.c"
-# include "fips_ecdsavs.c"
-# include "fips_gcmtest.c"
-# include "fips_hmactest.c"
-# include "fips_rngvs.c"
-# include "fips_rsagtest.c"
-# include "fips_rsastest.c"
-# include "fips_rsavtest.c"
-# include "fips_shatest.c"
-# include "fips_test_suite.c"
-
-typedef struct {
- const char *name;
- int (*func) (int argc, char **argv);
-} ALGVS_FUNCTION;
-
-static ALGVS_FUNCTION algvs[] = {
- {"fips_aesavs", fips_aesavs_main},
- {"fips_cmactest", fips_cmactest_main},
- {"fips_desmovs", fips_desmovs_main},
- {"fips_dhvs", fips_dhvs_main},
- {"fips_drbgvs", fips_drbgvs_main},
- {"fips_dssvs", fips_dssvs_main},
- {"fips_ecdhvs", fips_ecdhvs_main},
- {"fips_ecdsavs", fips_ecdsavs_main},
- {"fips_gcmtest", fips_gcmtest_main},
- {"fips_hmactest", fips_hmactest_main},
- {"fips_rngvs", fips_rngvs_main},
- {"fips_rsagtest", fips_rsagtest_main},
- {"fips_rsastest", fips_rsastest_main},
- {"fips_rsavtest", fips_rsavtest_main},
- {"fips_shatest", fips_shatest_main},
- {"fips_test_suite", fips_test_suite_main},
- {NULL, 0}
-};
-
-/* Argument parsing taken from apps/apps.c */
-
-typedef struct args_st {
- char **data;
- int count;
-} ARGS;
-
-static int chopup_args(ARGS *arg, char *buf, int *argc, char **argv[])
-{
- int num, i;
- char *p;
-
- *argc = 0;
- *argv = NULL;
-
- i = 0;
- if (arg->count == 0) {
- arg->count = 20;
- arg->data = (char **)OPENSSL_malloc(sizeof(char *) * arg->count);
- }
- for (i = 0; i < arg->count; i++)
- arg->data[i] = NULL;
-
- num = 0;

- p = buf;
- for (;;) {

- /* first scan over white space */
- if (!*p)
- break;
- while (*p && ((*p == ' ') || (*p == '\t') || (*p == '\n')))
- p++;
- if (!*p)
- break;
-
- /* The start of something good :-) */
- if (num >= arg->count) {
- fprintf(stderr, "Too many arguments!!\n");
- return 0;
- }
- arg->data[num++] = p;
-
- /* now look for the end of this */
- if ((*p == '\'') || (*p == '\"')) { /* scan for closing quote */
- i = *(p++);
- arg->data[num - 1]++; /* jump over quote */
- while (*p && (*p != i))
- p++;

- *p = '\0';
- } else {

- while (*p && ((*p != ' ') && (*p != '\t') && (*p != '\n')))
- p++;
-
- if (*p == '\0')
- p--;
- else

- *p = '\0';
- }

- p++;
- }
- *argc = num;
- *argv = arg->data;

- return (1);
-}
-

-static int run_prg(int argc, char **argv)
-{
- ALGVS_FUNCTION *t;
- const char *prg_name;
- prg_name = strrchr(argv[0], '/');
- if (prg_name)
- prg_name++;
- else
- prg_name = argv[0];
- for (t = algvs; t->name; t++) {
- if (!strcmp(prg_name, t->name))
- return t->func(argc, argv);
- }
- return -100;
-}
-
-int main(int argc, char **argv)
-{
- char buf[1024];
- char **args = argv + 1;
- const char *sname = "fipstests.sh";
- ARGS arg;
- int xargc;
- char **xargv;
- int lineno = 0, badarg = 0;
- int nerr = 0, quiet = 0, verbose = 0;
- int rv;
- FILE *in = NULL;
-# ifdef FIPS_ALGVS_MEMCHECK
- CRYPTO_malloc_debug_init();
- OPENSSL_init();
- CRYPTO_set_mem_debug_options(V_CRYPTO_MDEBUG_ALL);
- CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
-# endif
-
- if (*args && *args[0] != '-') {
- rv = run_prg(argc - 1, args);
-# ifdef FIPS_ALGVS_MEMCHECK
- CRYPTO_mem_leaks_fp(stderr);
-# endif
- return rv;
- }
- while (!badarg && *args && *args[0] == '-') {
- if (!strcmp(*args, "-script")) {
- if (args[1]) {
- args++;
- sname = *args;
- } else
- badarg = 1;
- } else if (!strcmp(*args, "-quiet"))
- quiet = 1;
- else if (!strcmp(*args, "-verbose"))
- verbose = 1;
- else
- badarg = 1;
- args++;
- }
-
- if (badarg) {
- fprintf(stderr, "Error processing arguments\n");

- return 1;
- }
-

- in = fopen(sname, "r");
- if (!in) {
- fprintf(stderr, "Error opening script file \"%s\"\n", sname);

- return 1;
- }
-

- arg.data = NULL;
- arg.count = 0;
-
- while (fgets(buf, sizeof(buf), in)) {
- lineno++;
- if (!chopup_args(&arg, buf, &xargc, &xargv))
- fprintf(stderr, "Error processing line %d\n", lineno);
- else {
- if (!quiet) {
- int i;
- int narg = verbose ? xargc : xargc - 2;
- printf("Running command line:");
- for (i = 0; i < narg; i++)
- printf(" %s", xargv[i]);

- printf("\n");
- }

- rv = run_prg(xargc, xargv);
- if (FIPS_module_mode())
- FIPS_module_mode_set(0, NULL);
- if (rv != 0)
- nerr++;
- if (rv == -100)
- fprintf(stderr, "ERROR: Command not found\n");
- else if (rv != 0)
- fprintf(stderr, "ERROR: returned %d\n", rv);
- else if (verbose)
- printf("\tCommand run successfully\n");
- }
- }
-
- if (!quiet)
- printf("Completed with %d errors\n", nerr);
-
- if (arg.data)
- OPENSSL_free(arg.data);
-
- fclose(in);
-# ifdef FIPS_ALGVS_MEMCHECK
- CRYPTO_mem_leaks_fp(stderr);
-# endif
- if (nerr == 0)
- return 0;

- return 1;
-}
-#endif

diff --git a/util/openssl-format-source b/util/openssl-format-source
index 4e90147..6380a10 100755
--- a/util/openssl-format-source
+++ b/util/openssl-format-source
@@ -30,6 +30,7 @@ VERBOSE=false
DONT=false
STOPARGS=false
COMMENTS=false
+CHANGED=false
DEBUG=""

# for this exercise, we want to force the openssl style, so we roll
@@ -82,10 +83,6 @@ do
fi
fi

- if [ "$VERBOSE" = "true" ]; then
- echo "$j"
- fi
-
if [ "$DONT" = "false" ]; then
tmp=$(mktemp /tmp/indent.XXXXXX)
trap 'rm -f "$tmp"' HUP INT TERM EXIT
@@ -138,7 +135,18 @@ do
else
expand "$j" | indent $INDENT_ARGS > "$tmp"
fi;
- mv "$tmp" "$j"
+ if cmp -s "$tmp" "$j"; then
+ if [ "$VERBOSE" = "true" ]; then
+ echo "$j unchanged"
+ fi
+ rm "$tmp"
+ else
+ if [ "$VERBOSE" = "true" ]; then
+ echo "$j changed"
+ fi
+ CHANGED=true
+ mv "$tmp" "$j"
+ fi
;;
esac
fi
@@ -146,3 +154,11 @@ do
done

+if [ "$VERBOSE" = "true" ]; then
+ echo
+ if [ "$CHANGED" = "true" ]; then
+ echo "SOURCE WAS MODIFIED"
+ else
+ echo "SOURCE WAS NOT MODIFIED"
+ fi
+fi

Dr. Stephen Henson

unread,

Feb 4, 2015, 6:01:05 PM2/4/15

to

The branch master has been updated

via a479d72dba4afc17f46db5429a5271f1202e2d55 (commit)
from f0983d3953fdc3e162e97ae4d35086e687aa4c89 (commit)

- Log -----------------------------------------------------------------
commit a479d72dba4afc17f46db5429a5271f1202e2d55

Author: Dr. Stephen Henson <st...@openssl.org>

Date: Wed Feb 4 22:51:01 2015 +0000

fix windows build

Reviewed-by: Richard Levitte <lev...@openssl.org>

-----------------------------------------------------------------------

Summary of changes:
Configure | 1 +
1 file changed, 1 insertion(+)

diff --git a/Configure b/Configure
index c9d3aeb..5fb5f13 100755
--- a/Configure
+++ b/Configure
@@ -2016,6 +2016,7 @@ BEGIN

#elif defined(SSL)
VALUE "InternalName", "ssleay32\\0"
VALUE "OriginalFilename", "ssleay32.dll\\0"

+#endif

VALUE "ProductName", "The OpenSSL Toolkit\\0"
VALUE "ProductVersion", "$version\\0"
// Optional:

Rich Salz

unread,

Feb 4, 2015, 6:58:02 PM2/4/15

to

The branch master has been updated

via 1f7103b6ebd1579e4ead17405f89d44330386949 (commit)
from a479d72dba4afc17f46db5429a5271f1202e2d55 (commit)

- Log -----------------------------------------------------------------
commit 1f7103b6ebd1579e4ead17405f89d44330386949
Author: Rich Salz <rs...@openssl.org>
Date: Wed Feb 4 18:50:00 2015 -0500

Fix various build breaks

TABLE wasn't updated from a previous Configure change
Missed an RMD160/RIPE/RIPEMD unification in mkdef.pl
Makefile install_sw referenced file doc/openssl-shared.txt (RT3686)
Needed to run 'make update' because
- Various old code has been removed
- Varous old #ifdef tests were removed

Reviewed-by: Richard Levitte <lev...@openssl.org>

-----------------------------------------------------------------------

Summary of changes:

Makefile.org | 2 -
TABLE | 2 +-
util/libeay.num | 799 ++++++++++++++++++++++++++++---------------------------
util/mkdef.pl | 6 +-
util/ssleay.num | 34 +--
5 files changed, 422 insertions(+), 421 deletions(-)

diff --git a/Makefile.org b/Makefile.org
index 3fa129c..f60ecf3 100644
--- a/Makefile.org
+++ b/Makefile.org
@@ -600,8 +600,6 @@ install_sw:
if [ "$(INSTALLTOP)" != "/usr" ]; then \
echo 'OpenSSL shared libraries have been installed in:'; \
echo ' $(INSTALLTOP)'; \
- echo ''; \
- sed -e '1,/^$$/d' doc/openssl-shared.txt; \
fi; \
fi
cp libcrypto.pc $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig
diff --git a/TABLE b/TABLE
index 886fa62..6235666 100644
--- a/TABLE
+++ b/TABLE
@@ -1668,7 +1668,7 @@ $multilib =

*** debug-ben-debug-64-clang
$cc = clang
-$cflags = -Wall -pedantic -DPEDANTIC -Wno-long-long -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Werror -DCRYPTO_MDEBUG_ALL -DCRYPTO_MDEBUG_ABORT -DREF_CHECK -DOPENSSL_NO_DEPRECATED -fsanitize=undefined -Wno-error=overlength-strings -Wno-error=extended-offsetof -Wno-error=language-extension-token -Wstrict-overflow -Qunused-arguments -DBN_DEBUG -DCONF_DEBUG -DDEBUG_SAFESTACK -DDEBUG_UNUSED -g3 -O3 -pipe
+$cflags = -Wall -pedantic -DPEDANTIC -Wno-long-long -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Werror -DCRYPTO_MDEBUG_ALL -DCRYPTO_MDEBUG_ABORT -DREF_CHECK -DOPENSSL_NO_DEPRECATED -Wno-error=overlength-strings -Wno-error=extended-offsetof -Wno-error=language-extension-token -Wstrict-overflow -Qunused-arguments -DBN_DEBUG -DCONF_DEBUG -DDEBUG_SAFESTACK -DDEBUG_UNUSED -g3 -O3 -pipe
$unistd =
$thread_cflag = -pthread -D_THREAD_SAFE -D_REENTRANT
$sys_id =
diff --git a/util/libeay.num b/util/libeay.num
index 03f0d39..9920db1 100755
--- a/util/libeay.num
+++ b/util/libeay.num
@@ -15,28 +15,28 @@ ASN1_STRING_cmp 14 EXIST::FUNCTION:
ASN1_STRING_dup 15 EXIST::FUNCTION:
ASN1_STRING_free 16 EXIST::FUNCTION:
ASN1_STRING_new 17 EXIST::FUNCTION:
-ASN1_STRING_print 18 EXIST::FUNCTION:BIO
+ASN1_STRING_print 18 EXIST::FUNCTION:
ASN1_STRING_set 19 EXIST::FUNCTION:
ASN1_STRING_type_new 20 EXIST::FUNCTION:
ASN1_TYPE_free 21 EXIST::FUNCTION:
ASN1_TYPE_new 22 EXIST::FUNCTION:
ASN1_UNIVERSALSTRING_to_string 23 EXIST::FUNCTION:
ASN1_UTCTIME_check 24 EXIST::FUNCTION:
-ASN1_UTCTIME_print 25 EXIST::FUNCTION:BIO
+ASN1_UTCTIME_print 25 EXIST::FUNCTION:
ASN1_UTCTIME_set 26 EXIST::FUNCTION:
ASN1_check_infinite_end 27 EXIST::FUNCTION:
-ASN1_d2i_bio 28 EXIST::FUNCTION:BIO
-ASN1_d2i_fp 29 EXIST::FUNCTION:FP_API
-ASN1_digest 30 EXIST::FUNCTION:EVP
+ASN1_d2i_bio 28 EXIST::FUNCTION:
+ASN1_d2i_fp 29 EXIST::FUNCTION:STDIO
+ASN1_digest 30 EXIST::FUNCTION:
ASN1_dup 31 EXIST::FUNCTION:
ASN1_get_object 32 EXIST::FUNCTION:
-ASN1_i2d_bio 33 EXIST::FUNCTION:BIO
-ASN1_i2d_fp 34 EXIST::FUNCTION:FP_API
+ASN1_i2d_bio 33 EXIST::FUNCTION:
+ASN1_i2d_fp 34 EXIST::FUNCTION:STDIO
ASN1_object_size 35 EXIST::FUNCTION:
-ASN1_parse 36 EXIST::FUNCTION:BIO
+ASN1_parse 36 EXIST::FUNCTION:
ASN1_put_object 37 EXIST::FUNCTION:
-ASN1_sign 38 EXIST::FUNCTION:EVP
-ASN1_verify 39 EXIST::FUNCTION:EVP
+ASN1_sign 38 EXIST::FUNCTION:
+ASN1_verify 39 EXIST::FUNCTION:
BF_cbc_encrypt 40 EXIST::FUNCTION:BF
BF_cfb64_encrypt 41 EXIST::FUNCTION:BF
BF_ecb_encrypt 42 EXIST::FUNCTION:BF
@@ -52,10 +52,10 @@ BIO_int_ctrl 53 EXIST::FUNCTION:
BIO_debug_callback 54 EXIST::FUNCTION:
BIO_dump 55 EXIST::FUNCTION:
BIO_dup_chain 56 EXIST::FUNCTION:
-BIO_f_base64 57 EXIST::FUNCTION:BIO
+BIO_f_base64 57 EXIST::FUNCTION:
BIO_f_buffer 58 EXIST::FUNCTION:
-BIO_f_cipher 59 EXIST::FUNCTION:BIO
-BIO_f_md 60 EXIST::FUNCTION:BIO
+BIO_f_cipher 59 EXIST::FUNCTION:
+BIO_f_md 60 EXIST::FUNCTION:
BIO_f_null 61 EXIST::FUNCTION:
BIO_f_proxy_server 62 NOEXIST::FUNCTION:
BIO_fd_non_fatal_error 63 EXIST::FUNCTION:
@@ -75,8 +75,8 @@ BIO_new 78 EXIST::FUNCTION:
BIO_new_accept 79 EXIST::FUNCTION:
BIO_new_connect 80 EXIST::FUNCTION:
BIO_new_fd 81 EXIST::FUNCTION:
-BIO_new_file 82 EXIST::FUNCTION:FP_API
-BIO_new_fp 83 EXIST::FUNCTION:FP_API
+BIO_new_file 82 EXIST::FUNCTION:STDIO
+BIO_new_fp 83 EXIST::FUNCTION:STDIO
BIO_new_socket 84 EXIST::FUNCTION:
BIO_pop 85 EXIST::FUNCTION:
BIO_printf 86 EXIST::FUNCTION:
@@ -86,13 +86,13 @@ BIO_read 89 EXIST::FUNCTION:
BIO_s_accept 90 EXIST::FUNCTION:
BIO_s_connect 91 EXIST::FUNCTION:
BIO_s_fd 92 EXIST::FUNCTION:
-BIO_s_file 93 EXIST::FUNCTION:FP_API
+BIO_s_file 93 EXIST::FUNCTION:STDIO
BIO_s_mem 95 EXIST::FUNCTION:
BIO_s_null 96 EXIST::FUNCTION:
BIO_s_proxy_client 97 NOEXIST::FUNCTION:
BIO_s_socket 98 EXIST::FUNCTION:
BIO_set 100 EXIST::FUNCTION:
-BIO_set_cipher 101 EXIST::FUNCTION:BIO
+BIO_set_cipher 101 EXIST::FUNCTION:
BIO_set_tcp_ndelay 102 EXIST::FUNCTION:
BIO_sock_cleanup 103 EXIST::FUNCTION:
BIO_sock_error 104 EXIST::FUNCTION:
@@ -126,7 +126,7 @@ BN_gcd 131 EXIST::FUNCTION:
BN_generate_prime 132 EXIST::FUNCTION:DEPRECATED
BN_get_word 133 EXIST::FUNCTION:
BN_is_bit_set 134 EXIST::FUNCTION:
-BN_is_prime 135 EXIST::FUNCTION:DEPRECATED
+BN_is_prime 135 NOEXIST::FUNCTION:
BN_lshift 136 EXIST::FUNCTION:
BN_lshift1 137 EXIST::FUNCTION:
BN_mask_bits 138 EXIST::FUNCTION:
@@ -144,7 +144,7 @@ BN_num_bits 151 EXIST::FUNCTION:
BN_num_bits_word 152 EXIST::FUNCTION:
BN_options 153 EXIST::FUNCTION:
BN_print 154 EXIST::FUNCTION:
-BN_print_fp 155 EXIST::FUNCTION:FP_API
+BN_print_fp 155 EXIST::FUNCTION:STDIO
BN_rand 156 EXIST::FUNCTION:
BN_reciprocal 157 EXIST::FUNCTION:
BN_rshift 158 EXIST::FUNCTION:
@@ -181,7 +181,7 @@ CRYPTO_malloc 188 EXIST::FUNCTION:
CRYPTO_mem_ctrl 189 EXIST::FUNCTION:
CRYPTO_mem_leaks 190 EXIST::FUNCTION:
CRYPTO_mem_leaks_cb 191 EXIST::FUNCTION:
-CRYPTO_mem_leaks_fp 192 EXIST::FUNCTION:FP_API
+CRYPTO_mem_leaks_fp 192 EXIST::FUNCTION:STDIO
CRYPTO_realloc 193 EXIST::FUNCTION:
CRYPTO_remalloc 194 EXIST::FUNCTION:
CRYPTO_set_add_lock_callback 195 EXIST::FUNCTION:
@@ -196,30 +196,30 @@ DH_generate_key 203 EXIST::FUNCTION:DH
DH_generate_parameters 204 EXIST::FUNCTION:DEPRECATED,DH
DH_new 205 EXIST::FUNCTION:DH
DH_size 206 EXIST::FUNCTION:DH
-DHparams_print 207 EXIST::FUNCTION:BIO,DH
-DHparams_print_fp 208 EXIST::FUNCTION:DH,FP_API
+DHparams_print 207 EXIST::FUNCTION:DH
+DHparams_print_fp 208 EXIST::FUNCTION:DH,STDIO
DSA_free 209 EXIST::FUNCTION:DSA
DSA_generate_key 210 EXIST::FUNCTION:DSA
DSA_generate_parameters 211 EXIST::FUNCTION:DEPRECATED,DSA
DSA_is_prime 212 NOEXIST::FUNCTION:
DSA_new 213 EXIST::FUNCTION:DSA
-DSA_print 214 EXIST::FUNCTION:BIO,DSA
-DSA_print_fp 215 EXIST::FUNCTION:DSA,FP_API
+DSA_print 214 EXIST::FUNCTION:DSA
+DSA_print_fp 215 EXIST::FUNCTION:DSA,STDIO
DSA_sign 216 EXIST::FUNCTION:DSA
DSA_sign_setup 217 EXIST::FUNCTION:DSA
DSA_size 218 EXIST::FUNCTION:DSA
DSA_verify 219 EXIST::FUNCTION:DSA
-DSAparams_print 220 EXIST::FUNCTION:BIO,DSA
-DSAparams_print_fp 221 EXIST::FUNCTION:DSA,FP_API
+DSAparams_print 220 EXIST::FUNCTION:DSA
+DSAparams_print_fp 221 EXIST::FUNCTION:DSA,STDIO
ERR_clear_error 222 EXIST::FUNCTION:
ERR_error_string 223 EXIST::FUNCTION:
ERR_free_strings 224 EXIST::FUNCTION:
ERR_func_error_string 225 EXIST::FUNCTION:
-ERR_get_err_state_table 226 EXIST::FUNCTION:LHASH
+ERR_get_err_state_table 226 EXIST::FUNCTION:
ERR_get_error 227 EXIST::FUNCTION:
ERR_get_error_line 228 EXIST::FUNCTION:
ERR_get_state 229 EXIST::FUNCTION:
-ERR_get_string_table 230 EXIST::FUNCTION:LHASH
+ERR_get_string_table 230 EXIST::FUNCTION:
ERR_lib_error_string 231 EXIST::FUNCTION:
ERR_load_ASN1_strings 232 EXIST::FUNCTION:
ERR_load_BIO_strings 233 EXIST::FUNCTION:
@@ -239,8 +239,8 @@ ERR_load_crypto_strings 246 EXIST::FUNCTION:
ERR_load_strings 247 EXIST::FUNCTION:
ERR_peek_error 248 EXIST::FUNCTION:
ERR_peek_error_line 249 EXIST::FUNCTION:
-ERR_print_errors 250 EXIST::FUNCTION:BIO
-ERR_print_errors_fp 251 EXIST::FUNCTION:FP_API
+ERR_print_errors 250 EXIST::FUNCTION:
+ERR_print_errors_fp 251 EXIST::FUNCTION:STDIO
ERR_put_error 252 EXIST::FUNCTION:
ERR_reason_error_string 253 EXIST::FUNCTION:
ERR_remove_state 254 EXIST::FUNCTION:DEPRECATED
@@ -301,8 +301,8 @@ EVP_des_ede_cfb64 308 EXIST::FUNCTION:DES
EVP_des_ede_ofb 309 EXIST::FUNCTION:DES
EVP_des_ofb 310 EXIST::FUNCTION:DES
EVP_desx_cbc 311 EXIST::FUNCTION:DES
-EVP_dss 312 EXIST::FUNCTION:DSA,SHA
-EVP_dss1 313 EXIST::FUNCTION:DSA,SHA
+EVP_dss 312 NOEXIST::FUNCTION:
+EVP_dss1 313 EXIST::FUNCTION:DSA
EVP_enc_null 314 EXIST::FUNCTION:
EVP_get_cipherbyname 315 EXIST::FUNCTION:
EVP_get_digestbyname 316 EXIST::FUNCTION:
@@ -321,8 +321,8 @@ EVP_rc2_ofb 328 EXIST::FUNCTION:RC2
EVP_rc4 329 EXIST::FUNCTION:RC4
EVP_read_pw_string 330 EXIST::FUNCTION:
EVP_set_pw_prompt 331 EXIST::FUNCTION:
-EVP_sha 332 EXIST::FUNCTION:SHA
-EVP_sha1 333 EXIST::FUNCTION:SHA
+EVP_sha 332 NOEXIST::FUNCTION:
+EVP_sha1 333 EXIST::FUNCTION:
MD2 334 EXIST::FUNCTION:MD2
MD2_Final 335 EXIST::FUNCTION:MD2
MD2_Init 336 EXIST::FUNCTION:MD2
@@ -340,8 +340,8 @@ NETSCAPE_SPKAC_free 347 EXIST::FUNCTION:
NETSCAPE_SPKAC_new 348 EXIST::FUNCTION:
NETSCAPE_SPKI_free 349 EXIST::FUNCTION:
NETSCAPE_SPKI_new 350 EXIST::FUNCTION:
-NETSCAPE_SPKI_sign 351 EXIST::FUNCTION:EVP
-NETSCAPE_SPKI_verify 352 EXIST::FUNCTION:EVP
+NETSCAPE_SPKI_sign 351 EXIST::FUNCTION:
+NETSCAPE_SPKI_verify 352 EXIST::FUNCTION:
OBJ_add_object 353 EXIST::FUNCTION:
OBJ_bsearch 354 NOEXIST::FUNCTION:
OBJ_cleanup 355 EXIST::FUNCTION:
@@ -357,9 +357,9 @@ OBJ_obj2nid 364 EXIST::FUNCTION:
OBJ_sn2nid 365 EXIST::FUNCTION:
OBJ_txt2nid 366 EXIST::FUNCTION:
PEM_ASN1_read 367 EXIST::FUNCTION:
-PEM_ASN1_read_bio 368 EXIST::FUNCTION:BIO
+PEM_ASN1_read_bio 368 EXIST::FUNCTION:
PEM_ASN1_write 369 EXIST::FUNCTION:
-PEM_ASN1_write_bio 370 EXIST::FUNCTION:BIO
+PEM_ASN1_write_bio 370 EXIST::FUNCTION:
PEM_SealFinal 371 EXIST::FUNCTION:RSA
PEM_SealInit 372 EXIST::FUNCTION:RSA
PEM_SealUpdate 373 EXIST::FUNCTION:RSA
@@ -367,23 +367,23 @@ PEM_SignFinal 374 EXIST::FUNCTION:
PEM_SignInit 375 EXIST::FUNCTION:
PEM_SignUpdate 376 EXIST::FUNCTION:
PEM_X509_INFO_read 377 EXIST::FUNCTION:
-PEM_X509_INFO_read_bio 378 EXIST::FUNCTION:BIO
-PEM_X509_INFO_write_bio 379 EXIST::FUNCTION:BIO
+PEM_X509_INFO_read_bio 378 EXIST::FUNCTION:
+PEM_X509_INFO_write_bio 379 EXIST::FUNCTION:
PEM_dek_info 380 EXIST::FUNCTION:
PEM_do_header 381 EXIST::FUNCTION:
PEM_get_EVP_CIPHER_INFO 382 EXIST::FUNCTION:
PEM_proc_type 383 EXIST::FUNCTION:
PEM_read 384 EXIST::FUNCTION:
-PEM_read_DHparams 385 EXIST:!WIN16:FUNCTION:DH
-PEM_read_DSAPrivateKey 386 EXIST:!WIN16:FUNCTION:DSA
-PEM_read_DSAparams 387 EXIST:!WIN16:FUNCTION:DSA
-PEM_read_PKCS7 388 EXIST:!WIN16:FUNCTION:
-PEM_read_PrivateKey 389 EXIST:!WIN16:FUNCTION:
-PEM_read_RSAPrivateKey 390 EXIST:!WIN16:FUNCTION:RSA
-PEM_read_X509 391 EXIST:!WIN16:FUNCTION:
-PEM_read_X509_CRL 392 EXIST:!WIN16:FUNCTION:
-PEM_read_X509_REQ 393 EXIST:!WIN16:FUNCTION:
-PEM_read_bio 394 EXIST::FUNCTION:BIO
+PEM_read_DHparams 385 EXIST::FUNCTION:DH
+PEM_read_DSAPrivateKey 386 EXIST::FUNCTION:DSA
+PEM_read_DSAparams 387 EXIST::FUNCTION:DSA
+PEM_read_PKCS7 388 EXIST::FUNCTION:
+PEM_read_PrivateKey 389 EXIST::FUNCTION:
+PEM_read_RSAPrivateKey 390 EXIST::FUNCTION:RSA
+PEM_read_X509 391 EXIST::FUNCTION:
+PEM_read_X509_CRL 392 EXIST::FUNCTION:
+PEM_read_X509_REQ 393 EXIST::FUNCTION:
+PEM_read_bio 394 EXIST::FUNCTION:
PEM_read_bio_DHparams 395 EXIST::FUNCTION:DH
PEM_read_bio_DSAPrivateKey 396 EXIST::FUNCTION:DSA
PEM_read_bio_DSAparams 397 EXIST::FUNCTION:DSA
@@ -394,16 +394,16 @@ PEM_read_bio_X509 401 EXIST::FUNCTION:
PEM_read_bio_X509_CRL 402 EXIST::FUNCTION:
PEM_read_bio_X509_REQ 403 EXIST::FUNCTION:
PEM_write 404 EXIST::FUNCTION:
-PEM_write_DHparams 405 EXIST:!WIN16:FUNCTION:DH
-PEM_write_DSAPrivateKey 406 EXIST:!WIN16:FUNCTION:DSA
-PEM_write_DSAparams 407 EXIST:!WIN16:FUNCTION:DSA
-PEM_write_PKCS7 408 EXIST:!WIN16:FUNCTION:
-PEM_write_PrivateKey 409 EXIST:!WIN16:FUNCTION:
-PEM_write_RSAPrivateKey 410 EXIST:!WIN16:FUNCTION:RSA
-PEM_write_X509 411 EXIST:!WIN16:FUNCTION:
-PEM_write_X509_CRL 412 EXIST:!WIN16:FUNCTION:
-PEM_write_X509_REQ 413 EXIST:!WIN16:FUNCTION:
-PEM_write_bio 414 EXIST::FUNCTION:BIO
+PEM_write_DHparams 405 EXIST::FUNCTION:DH
+PEM_write_DSAPrivateKey 406 EXIST::FUNCTION:DSA
+PEM_write_DSAparams 407 EXIST::FUNCTION:DSA
+PEM_write_PKCS7 408 EXIST::FUNCTION:
+PEM_write_PrivateKey 409 EXIST::FUNCTION:
+PEM_write_RSAPrivateKey 410 EXIST::FUNCTION:RSA
+PEM_write_X509 411 EXIST::FUNCTION:
+PEM_write_X509_CRL 412 EXIST::FUNCTION:
+PEM_write_X509_REQ 413 EXIST::FUNCTION:
+PEM_write_bio 414 EXIST::FUNCTION:
PEM_write_bio_DHparams 415 EXIST::FUNCTION:DH
PEM_write_bio_DSAPrivateKey 416 EXIST::FUNCTION:DSA
PEM_write_bio_DSAparams 417 EXIST::FUNCTION:DSA
@@ -477,8 +477,8 @@ RSA_free 484 EXIST::FUNCTION:RSA
RSA_generate_key 485 EXIST::FUNCTION:DEPRECATED,RSA
RSA_new 486 EXIST::FUNCTION:RSA
RSA_new_method 487 EXIST::FUNCTION:RSA
-RSA_print 488 EXIST::FUNCTION:BIO,RSA
-RSA_print_fp 489 EXIST::FUNCTION:FP_API,RSA
+RSA_print 488 EXIST::FUNCTION:RSA
+RSA_print_fp 489 EXIST::FUNCTION:RSA,STDIO
RSA_private_decrypt 490 EXIST::FUNCTION:RSA
RSA_private_encrypt 491 EXIST::FUNCTION:RSA
RSA_public_decrypt 492 EXIST::FUNCTION:RSA
@@ -489,14 +489,14 @@ RSA_sign_ASN1_OCTET_STRING 496 EXIST::FUNCTION:RSA
RSA_size 497 EXIST::FUNCTION:RSA
RSA_verify 498 EXIST::FUNCTION:RSA
RSA_verify_ASN1_OCTET_STRING 499 EXIST::FUNCTION:RSA
-SHA 500 EXIST::FUNCTION:SHA,SHA0
-SHA1 501 EXIST::FUNCTION:SHA,SHA1
-SHA1_Final 502 EXIST::FUNCTION:SHA,SHA1
-SHA1_Init 503 EXIST::FUNCTION:SHA,SHA1
-SHA1_Update 504 EXIST::FUNCTION:SHA,SHA1
-SHA_Final 505 EXIST::FUNCTION:SHA,SHA0
-SHA_Init 506 EXIST::FUNCTION:SHA,SHA0
-SHA_Update 507 EXIST::FUNCTION:SHA,SHA0
+SHA 500 NOEXIST::FUNCTION:
+SHA1 501 EXIST::FUNCTION:
+SHA1_Final 502 EXIST::FUNCTION:
+SHA1_Init 503 EXIST::FUNCTION:
+SHA1_Update 504 EXIST::FUNCTION:
+SHA_Final 505 NOEXIST::FUNCTION:
+SHA_Init 506 NOEXIST::FUNCTION:
+SHA_Update 507 NOEXIST::FUNCTION:
OpenSSL_add_all_algorithms 508 NOEXIST::FUNCTION:
OpenSSL_add_all_ciphers 509 EXIST::FUNCTION:
OpenSSL_add_all_digests 510 EXIST::FUNCTION:
@@ -504,8 +504,8 @@ TXT_DB_create_index 511 EXIST::FUNCTION:
TXT_DB_free 512 EXIST::FUNCTION:
TXT_DB_get_by_index 513 EXIST::FUNCTION:
TXT_DB_insert 514 EXIST::FUNCTION:
-TXT_DB_read 515 EXIST::FUNCTION:BIO
-TXT_DB_write 516 EXIST::FUNCTION:BIO
+TXT_DB_read 515 EXIST::FUNCTION:
+TXT_DB_write 516 EXIST::FUNCTION:
X509_ALGOR_free 517 EXIST::FUNCTION:
X509_ALGOR_new 518 EXIST::FUNCTION:
X509_ATTRIBUTE_free 519 EXIST::FUNCTION:
@@ -525,8 +525,8 @@ X509_CRL_get_ext_by_OBJ 532 EXIST::FUNCTION:
X509_CRL_get_ext_by_critical 533 EXIST::FUNCTION:
X509_CRL_get_ext_count 534 EXIST::FUNCTION:
X509_CRL_new 535 EXIST::FUNCTION:
-X509_CRL_sign 536 EXIST::FUNCTION:EVP
-X509_CRL_verify 537 EXIST::FUNCTION:EVP
+X509_CRL_sign 536 EXIST::FUNCTION:
+X509_CRL_verify 537 EXIST::FUNCTION:
X509_EXTENSION_create_by_NID 538 EXIST::FUNCTION:
X509_EXTENSION_create_by_OBJ 539 EXIST::FUNCTION:
X509_EXTENSION_dup 540 EXIST::FUNCTION:
@@ -538,8 +538,8 @@ X509_EXTENSION_new 545 EXIST::FUNCTION:
X509_EXTENSION_set_critical 546 EXIST::FUNCTION:
X509_EXTENSION_set_data 547 EXIST::FUNCTION:
X509_EXTENSION_set_object 548 EXIST::FUNCTION:
-X509_INFO_free 549 EXIST::FUNCTION:EVP
-X509_INFO_new 550 EXIST::FUNCTION:EVP
+X509_INFO_free 549 EXIST::FUNCTION:
+X509_INFO_new 550 EXIST::FUNCTION:
X509_LOOKUP_by_alias 551 EXIST::FUNCTION:
X509_LOOKUP_by_fingerprint 552 EXIST::FUNCTION:
X509_LOOKUP_by_issuer_serial 553 EXIST::FUNCTION:
@@ -563,7 +563,7 @@ X509_NAME_ENTRY_set_object 570 EXIST::FUNCTION:
X509_NAME_add_entry 571 EXIST::FUNCTION:
X509_NAME_cmp 572 EXIST::FUNCTION:
X509_NAME_delete_entry 573 EXIST::FUNCTION:
-X509_NAME_digest 574 EXIST::FUNCTION:EVP
+X509_NAME_digest 574 EXIST::FUNCTION:
X509_NAME_dup 575 EXIST::FUNCTION:
X509_NAME_entry_count 576 EXIST::FUNCTION:
X509_NAME_free 577 EXIST::FUNCTION:
@@ -574,8 +574,8 @@ X509_NAME_get_text_by_NID 581 EXIST::FUNCTION:
X509_NAME_get_text_by_OBJ 582 EXIST::FUNCTION:
X509_NAME_hash 583 EXIST::FUNCTION:
X509_NAME_new 584 EXIST::FUNCTION:
-X509_NAME_oneline 585 EXIST::FUNCTION:EVP
-X509_NAME_print 586 EXIST::FUNCTION:BIO
+X509_NAME_oneline 585 EXIST::FUNCTION:
+X509_NAME_print 586 EXIST::FUNCTION:
X509_NAME_set 587 EXIST::FUNCTION:
X509_OBJECT_free_contents 588 EXIST::FUNCTION:
X509_OBJECT_retrieve_by_subject 589 EXIST::FUNCTION:
@@ -592,14 +592,14 @@ X509_REQ_dup 599 EXIST::FUNCTION:
X509_REQ_free 600 EXIST::FUNCTION:
X509_REQ_get_pubkey 601 EXIST::FUNCTION:
X509_REQ_new 602 EXIST::FUNCTION:
-X509_REQ_print 603 EXIST::FUNCTION:BIO
-X509_REQ_print_fp 604 EXIST::FUNCTION:FP_API
+X509_REQ_print 603 EXIST::FUNCTION:
+X509_REQ_print_fp 604 EXIST::FUNCTION:STDIO
X509_REQ_set_pubkey 605 EXIST::FUNCTION:
X509_REQ_set_subject_name 606 EXIST::FUNCTION:
X509_REQ_set_version 607 EXIST::FUNCTION:
-X509_REQ_sign 608 EXIST::FUNCTION:EVP
+X509_REQ_sign 608 EXIST::FUNCTION:
X509_REQ_to_X509 609 EXIST::FUNCTION:
-X509_REQ_verify 610 EXIST::FUNCTION:EVP
+X509_REQ_verify 610 EXIST::FUNCTION:
X509_REVOKED_add_ext 611 EXIST::FUNCTION:
X509_REVOKED_delete_ext 612 EXIST::FUNCTION:
X509_REVOKED_free 613 EXIST::FUNCTION:
@@ -629,7 +629,7 @@ X509_certificate_type 635 EXIST::FUNCTION:
X509_check_private_key 636 EXIST::FUNCTION:
X509_cmp_current_time 637 EXIST::FUNCTION:
X509_delete_ext 638 EXIST::FUNCTION:
-X509_digest 639 EXIST::FUNCTION:EVP
+X509_digest 639 EXIST::FUNCTION:
X509_dup 640 EXIST::FUNCTION:
X509_free 641 EXIST::FUNCTION:
X509_get_default_cert_area 642 EXIST::FUNCTION:
@@ -655,8 +655,8 @@ X509_issuer_name_cmp 661 EXIST::FUNCTION:
X509_issuer_name_hash 662 EXIST::FUNCTION:
X509_load_cert_file 663 EXIST::FUNCTION:STDIO
X509_new 664 EXIST::FUNCTION:
-X509_print 665 EXIST::FUNCTION:BIO
-X509_print_fp 666 EXIST::FUNCTION:FP_API
+X509_print 665 EXIST::FUNCTION:
+X509_print_fp 666 EXIST::FUNCTION:STDIO
X509_set_issuer_name 667 EXIST::FUNCTION:
X509_set_notAfter 668 EXIST::FUNCTION:
X509_set_notBefore 669 EXIST::FUNCTION:
@@ -664,11 +664,11 @@ X509_set_pubkey 670 EXIST::FUNCTION:
X509_set_serialNumber 671 EXIST::FUNCTION:
X509_set_subject_name 672 EXIST::FUNCTION:
X509_set_version 673 EXIST::FUNCTION:
-X509_sign 674 EXIST::FUNCTION:EVP
+X509_sign 674 EXIST::FUNCTION:
X509_subject_name_cmp 675 EXIST::FUNCTION:
X509_subject_name_hash 676 EXIST::FUNCTION:
X509_to_X509_REQ 677 EXIST::FUNCTION:
-X509_verify 678 EXIST::FUNCTION:EVP
+X509_verify 678 EXIST::FUNCTION:
X509_verify_cert 679 EXIST::FUNCTION:
X509_verify_cert_error_string 680 EXIST::FUNCTION:
X509v3_add_ext 681 EXIST::FUNCTION:
@@ -690,8 +690,8 @@ X509v3_pack_type_by_OBJ 696 NOEXIST::FUNCTION:
X509v3_unpack_string 697 NOEXIST::FUNCTION:
_des_crypt 698 NOEXIST::FUNCTION:
a2d_ASN1_OBJECT 699 EXIST::FUNCTION:
-a2i_ASN1_INTEGER 700 EXIST::FUNCTION:BIO
-a2i_ASN1_STRING 701 EXIST::FUNCTION:BIO
+a2i_ASN1_INTEGER 700 EXIST::FUNCTION:
+a2i_ASN1_STRING 701 EXIST::FUNCTION:
asn1_Finish 702 EXIST::FUNCTION:
asn1_GetSequence 703 EXIST::FUNCTION:
bn_div_words 704 NOEXIST::FUNCTION:
@@ -701,7 +701,7 @@ bn_mul_words 707 NOEXIST::FUNCTION:
BN_uadd 708 EXIST::FUNCTION:
BN_usub 709 EXIST::FUNCTION:
bn_sqr_words 710 NOEXIST::FUNCTION:
-_ossl_old_crypt 711 EXIST:!PERL5:FUNCTION:DES
+_ossl_old_crypt 711 NOEXIST::FUNCTION:
d2i_ASN1_BIT_STRING 712 EXIST::FUNCTION:
d2i_ASN1_BOOLEAN 713 EXIST::FUNCTION:
d2i_ASN1_HEADER 714 NOEXIST::FUNCTION:
@@ -719,8 +719,8 @@ d2i_ASN1_bytes 725 EXIST::FUNCTION:
d2i_ASN1_type_bytes 726 EXIST::FUNCTION:
d2i_DHparams 727 EXIST::FUNCTION:DH
d2i_DSAPrivateKey 728 EXIST::FUNCTION:DSA
-d2i_DSAPrivateKey_bio 729 EXIST::FUNCTION:BIO,DSA
-d2i_DSAPrivateKey_fp 730 EXIST::FUNCTION:DSA,FP_API
+d2i_DSAPrivateKey_bio 729 EXIST::FUNCTION:DSA
+d2i_DSAPrivateKey_fp 730 EXIST::FUNCTION:DSA,STDIO
d2i_DSAPublicKey 731 EXIST::FUNCTION:DSA
d2i_DSAparams 732 EXIST::FUNCTION:DSA
d2i_NETSCAPE_SPKAC 733 EXIST::FUNCTION:
@@ -737,12 +737,12 @@ d2i_PKCS7_SIGNED 743 EXIST::FUNCTION:
d2i_PKCS7_SIGNER_INFO 744 EXIST::FUNCTION:
d2i_PKCS7_SIGN_ENVELOPE 745 EXIST::FUNCTION:
d2i_PKCS7_bio 746 EXIST::FUNCTION:
-d2i_PKCS7_fp 747 EXIST::FUNCTION:FP_API
+d2i_PKCS7_fp 747 EXIST::FUNCTION:STDIO
d2i_PrivateKey 748 EXIST::FUNCTION:
d2i_PublicKey 749 EXIST::FUNCTION:
d2i_RSAPrivateKey 750 EXIST::FUNCTION:RSA
-d2i_RSAPrivateKey_bio 751 EXIST::FUNCTION:BIO,RSA
-d2i_RSAPrivateKey_fp 752 EXIST::FUNCTION:FP_API,RSA
+d2i_RSAPrivateKey_bio 751 EXIST::FUNCTION:RSA
+d2i_RSAPrivateKey_fp 752 EXIST::FUNCTION:RSA,STDIO
d2i_RSAPublicKey 753 EXIST::FUNCTION:RSA
d2i_X509 754 EXIST::FUNCTION:
d2i_X509_ALGOR 755 EXIST::FUNCTION:
@@ -750,8 +750,8 @@ d2i_X509_ATTRIBUTE 756 EXIST::FUNCTION:
d2i_X509_CINF 757 EXIST::FUNCTION:
d2i_X509_CRL 758 EXIST::FUNCTION:
d2i_X509_CRL_INFO 759 EXIST::FUNCTION:
-d2i_X509_CRL_bio 760 EXIST::FUNCTION:BIO
-d2i_X509_CRL_fp 761 EXIST::FUNCTION:FP_API
+d2i_X509_CRL_bio 760 EXIST::FUNCTION:
+d2i_X509_CRL_fp 761 EXIST::FUNCTION:STDIO
d2i_X509_EXTENSION 762 EXIST::FUNCTION:
d2i_X509_NAME 763 EXIST::FUNCTION:
d2i_X509_NAME_ENTRY 764 EXIST::FUNCTION:
@@ -759,13 +759,13 @@ d2i_X509_PKEY 765 EXIST::FUNCTION:
d2i_X509_PUBKEY 766 EXIST::FUNCTION:
d2i_X509_REQ 767 EXIST::FUNCTION:
d2i_X509_REQ_INFO 768 EXIST::FUNCTION:
-d2i_X509_REQ_bio 769 EXIST::FUNCTION:BIO
-d2i_X509_REQ_fp 770 EXIST::FUNCTION:FP_API
+d2i_X509_REQ_bio 769 EXIST::FUNCTION:
+d2i_X509_REQ_fp 770 EXIST::FUNCTION:STDIO
d2i_X509_REVOKED 771 EXIST::FUNCTION:
d2i_X509_SIG 772 EXIST::FUNCTION:
d2i_X509_VAL 773 EXIST::FUNCTION:
-d2i_X509_bio 774 EXIST::FUNCTION:BIO
-d2i_X509_fp 775 EXIST::FUNCTION:FP_API
+d2i_X509_bio 774 EXIST::FUNCTION:
+d2i_X509_fp 775 EXIST::FUNCTION:STDIO
DES_cbc_cksum 777 EXIST::FUNCTION:DES
DES_cbc_encrypt 778 EXIST::FUNCTION:DES
DES_cblock_print_file 779 NOEXIST::FUNCTION:
@@ -792,9 +792,9 @@ DES_options 799 EXIST::FUNCTION:DES
DES_pcbc_encrypt 800 EXIST::FUNCTION:DES
DES_quad_cksum 801 EXIST::FUNCTION:DES
DES_random_key 802 EXIST::FUNCTION:DES
-_ossl_old_des_random_seed 803 EXIST::FUNCTION:DES
-_ossl_old_des_read_2passwords 804 EXIST::FUNCTION:DES
-_ossl_old_des_read_password 805 EXIST::FUNCTION:DES
+_ossl_old_des_random_seed 803 NOEXIST::FUNCTION:
+_ossl_old_des_read_2passwords 804 NOEXIST::FUNCTION:
+_ossl_old_des_read_password 805 NOEXIST::FUNCTION:
_ossl_old_des_read_pw 806 EXIST::FUNCTION:
_ossl_old_des_read_pw_string 807 EXIST::FUNCTION:
DES_set_key 808 EXIST::FUNCTION:DES
@@ -804,9 +804,9 @@ DES_string_to_key 811 EXIST::FUNCTION:DES
DES_xcbc_encrypt 812 EXIST::FUNCTION:DES
DES_xwhite_in2out 813 NOEXIST::FUNCTION:
fcrypt_body 814 NOEXIST::FUNCTION:
-i2a_ASN1_INTEGER 815 EXIST::FUNCTION:BIO
-i2a_ASN1_OBJECT 816 EXIST::FUNCTION:BIO
-i2a_ASN1_STRING 817 EXIST::FUNCTION:BIO
+i2a_ASN1_INTEGER 815 EXIST::FUNCTION:
+i2a_ASN1_OBJECT 816 EXIST::FUNCTION:
+i2a_ASN1_STRING 817 EXIST::FUNCTION:
i2d_ASN1_BIT_STRING 818 EXIST::FUNCTION:
i2d_ASN1_BOOLEAN 819 EXIST::FUNCTION:
i2d_ASN1_HEADER 820 NOEXIST::FUNCTION:
@@ -821,8 +821,8 @@ i2d_ASN1_UTCTIME 828 EXIST::FUNCTION:
i2d_ASN1_bytes 829 EXIST::FUNCTION:
i2d_DHparams 830 EXIST::FUNCTION:DH
i2d_DSAPrivateKey 831 EXIST::FUNCTION:DSA
-i2d_DSAPrivateKey_bio 832 EXIST::FUNCTION:BIO,DSA
-i2d_DSAPrivateKey_fp 833 EXIST::FUNCTION:DSA,FP_API
+i2d_DSAPrivateKey_bio 832 EXIST::FUNCTION:DSA
+i2d_DSAPrivateKey_fp 833 EXIST::FUNCTION:DSA,STDIO
i2d_DSAPublicKey 834 EXIST::FUNCTION:DSA
i2d_DSAparams 835 EXIST::FUNCTION:DSA
i2d_NETSCAPE_SPKAC 836 EXIST::FUNCTION:
@@ -839,12 +839,12 @@ i2d_PKCS7_SIGNED 846 EXIST::FUNCTION:
i2d_PKCS7_SIGNER_INFO 847 EXIST::FUNCTION:
i2d_PKCS7_SIGN_ENVELOPE 848 EXIST::FUNCTION:
i2d_PKCS7_bio 849 EXIST::FUNCTION:
-i2d_PKCS7_fp 850 EXIST::FUNCTION:FP_API
+i2d_PKCS7_fp 850 EXIST::FUNCTION:STDIO
i2d_PrivateKey 851 EXIST::FUNCTION:
i2d_PublicKey 852 EXIST::FUNCTION:
i2d_RSAPrivateKey 853 EXIST::FUNCTION:RSA
-i2d_RSAPrivateKey_bio 854 EXIST::FUNCTION:BIO,RSA
-i2d_RSAPrivateKey_fp 855 EXIST::FUNCTION:FP_API,RSA
+i2d_RSAPrivateKey_bio 854 EXIST::FUNCTION:RSA
+i2d_RSAPrivateKey_fp 855 EXIST::FUNCTION:RSA,STDIO
i2d_RSAPublicKey 856 EXIST::FUNCTION:RSA
i2d_X509 857 EXIST::FUNCTION:
i2d_X509_ALGOR 858 EXIST::FUNCTION:
@@ -852,8 +852,8 @@ i2d_X509_ATTRIBUTE 859 EXIST::FUNCTION:
i2d_X509_CINF 860 EXIST::FUNCTION:
i2d_X509_CRL 861 EXIST::FUNCTION:
i2d_X509_CRL_INFO 862 EXIST::FUNCTION:
-i2d_X509_CRL_bio 863 EXIST::FUNCTION:BIO
-i2d_X509_CRL_fp 864 EXIST::FUNCTION:FP_API
+i2d_X509_CRL_bio 863 EXIST::FUNCTION:
+i2d_X509_CRL_fp 864 EXIST::FUNCTION:STDIO
i2d_X509_EXTENSION 865 EXIST::FUNCTION:
i2d_X509_NAME 866 EXIST::FUNCTION:
i2d_X509_NAME_ENTRY 867 EXIST::FUNCTION:
@@ -861,13 +861,13 @@ i2d_X509_PKEY 868 EXIST::FUNCTION:
i2d_X509_PUBKEY 869 EXIST::FUNCTION:
i2d_X509_REQ 870 EXIST::FUNCTION:
i2d_X509_REQ_INFO 871 EXIST::FUNCTION:
-i2d_X509_REQ_bio 872 EXIST::FUNCTION:BIO
-i2d_X509_REQ_fp 873 EXIST::FUNCTION:FP_API
+i2d_X509_REQ_bio 872 EXIST::FUNCTION:
+i2d_X509_REQ_fp 873 EXIST::FUNCTION:STDIO
i2d_X509_REVOKED 874 EXIST::FUNCTION:
i2d_X509_SIG 875 EXIST::FUNCTION:
i2d_X509_VAL 876 EXIST::FUNCTION:
-i2d_X509_bio 877 EXIST::FUNCTION:BIO
-i2d_X509_fp 878 EXIST::FUNCTION:FP_API
+i2d_X509_bio 877 EXIST::FUNCTION:
+i2d_X509_fp 878 EXIST::FUNCTION:STDIO
idea_cbc_encrypt 879 EXIST::FUNCTION:IDEA
idea_cfb64_encrypt 880 EXIST::FUNCTION:IDEA
idea_ecb_encrypt 881 EXIST::FUNCTION:IDEA
@@ -882,13 +882,13 @@ lh_doall_arg 889 EXIST::FUNCTION:
lh_free 890 EXIST::FUNCTION:
lh_insert 891 EXIST::FUNCTION:
lh_new 892 EXIST::FUNCTION:
-lh_node_stats 893 EXIST::FUNCTION:FP_API
-lh_node_stats_bio 894 EXIST::FUNCTION:BIO
-lh_node_usage_stats 895 EXIST::FUNCTION:FP_API
-lh_node_usage_stats_bio 896 EXIST::FUNCTION:BIO
+lh_node_stats 893 EXIST::FUNCTION:STDIO
+lh_node_stats_bio 894 EXIST::FUNCTION:
+lh_node_usage_stats 895 EXIST::FUNCTION:STDIO
+lh_node_usage_stats_bio 896 EXIST::FUNCTION:
lh_retrieve 897 EXIST::FUNCTION:
-lh_stats 898 EXIST::FUNCTION:FP_API
-lh_stats_bio 899 EXIST::FUNCTION:BIO
+lh_stats 898 EXIST::FUNCTION:STDIO
+lh_stats_bio 899 EXIST::FUNCTION:
lh_strhash 900 EXIST::FUNCTION:
sk_delete 901 EXIST::FUNCTION:
sk_delete_ptr 902 EXIST::FUNCTION:
@@ -929,12 +929,12 @@ EVP_delete_alias 941 NOEXIST::FUNCTION:
EVP_mdc2 942 EXIST::FUNCTION:MDC2
PEM_read_bio_RSAPublicKey 943 EXIST::FUNCTION:RSA
PEM_write_bio_RSAPublicKey 944 EXIST::FUNCTION:RSA
-d2i_RSAPublicKey_bio 945 EXIST::FUNCTION:BIO,RSA
-i2d_RSAPublicKey_bio 946 EXIST::FUNCTION:BIO,RSA
-PEM_read_RSAPublicKey 947 EXIST:!WIN16:FUNCTION:RSA
-PEM_write_RSAPublicKey 949 EXIST:!WIN16:FUNCTION:RSA
-d2i_RSAPublicKey_fp 952 EXIST::FUNCTION:FP_API,RSA
-i2d_RSAPublicKey_fp 954 EXIST::FUNCTION:FP_API,RSA
+d2i_RSAPublicKey_bio 945 EXIST::FUNCTION:RSA
+i2d_RSAPublicKey_bio 946 EXIST::FUNCTION:RSA
+PEM_read_RSAPublicKey 947 EXIST::FUNCTION:RSA
+PEM_write_RSAPublicKey 949 EXIST::FUNCTION:RSA
+d2i_RSAPublicKey_fp 952 EXIST::FUNCTION:RSA,STDIO
+i2d_RSAPublicKey_fp 954 EXIST::FUNCTION:RSA,STDIO
BIO_copy_next_retry 955 EXIST::FUNCTION:
RSA_flags 956 EXIST::FUNCTION:RSA
X509_STORE_add_crl 957 EXIST::FUNCTION:
@@ -988,8 +988,8 @@ ERR_load_CRYPTO_strings 1009 EXIST:!OS2,!VMS:FUNCTION:
ERR_load_CRYPTOlib_strings 1009 EXIST:OS2,VMS:FUNCTION:
EVP_PKEY_bits 1010 EXIST::FUNCTION:
MD5_Transform 1011 EXIST::FUNCTION:MD5
-SHA1_Transform 1012 EXIST::FUNCTION:SHA,SHA1
-SHA_Transform 1013 EXIST::FUNCTION:SHA,SHA0
+SHA1_Transform 1012 EXIST::FUNCTION:
+SHA_Transform 1013 NOEXIST::FUNCTION:
X509_STORE_CTX_get_chain 1014 EXIST::FUNCTION:
X509_STORE_CTX_get_current_cert 1015 EXIST::FUNCTION:
X509_STORE_CTX_get_error 1016 EXIST::FUNCTION:
@@ -1016,11 +1016,11 @@ RSA_padding_check_none 1038 EXIST::FUNCTION:RSA
bn_add_words 1039 NOEXIST::FUNCTION:
d2i_Netscape_RSA_2 1040 NOEXIST::FUNCTION:
CRYPTO_get_ex_new_index 1041 EXIST::FUNCTION:
-RIPEMD160_Init 1042 EXIST::FUNCTION:RIPEMD
-RIPEMD160_Update 1043 EXIST::FUNCTION:RIPEMD
-RIPEMD160_Final 1044 EXIST::FUNCTION:RIPEMD
-RIPEMD160 1045 EXIST::FUNCTION:RIPEMD
-RIPEMD160_Transform 1046 EXIST::FUNCTION:RIPEMD
+RIPEMD160_Init 1042 EXIST::FUNCTION:
+RIPEMD160_Update 1043 EXIST::FUNCTION:
+RIPEMD160_Final 1044 EXIST::FUNCTION:
+RIPEMD160 1045 EXIST::FUNCTION:
+RIPEMD160_Transform 1046 EXIST::FUNCTION:
RC5_32_set_key 1047 EXIST::FUNCTION:RC5
RC5_32_ecb_encrypt 1048 EXIST::FUNCTION:RC5
RC5_32_encrypt 1049 EXIST::FUNCTION:RC5
@@ -1127,21 +1127,21 @@ PKCS7_set_signed_attributes 1154 EXIST::FUNCTION:
X509_ATTRIBUTE_create 1155 EXIST::FUNCTION:
X509_ATTRIBUTE_dup 1156 EXIST::FUNCTION:
ASN1_GENERALIZEDTIME_check 1157 EXIST::FUNCTION:
-ASN1_GENERALIZEDTIME_print 1158 EXIST::FUNCTION:BIO
+ASN1_GENERALIZEDTIME_print 1158 EXIST::FUNCTION:
ASN1_GENERALIZEDTIME_set 1159 EXIST::FUNCTION:
ASN1_GENERALIZEDTIME_set_string 1160 EXIST::FUNCTION:
-ASN1_TIME_print 1161 EXIST::FUNCTION:BIO
+ASN1_TIME_print 1161 EXIST::FUNCTION:
BASIC_CONSTRAINTS_free 1162 EXIST::FUNCTION:
BASIC_CONSTRAINTS_new 1163 EXIST::FUNCTION:
ERR_load_X509V3_strings 1164 EXIST::FUNCTION:
NETSCAPE_CERT_SEQUENCE_free 1165 EXIST::FUNCTION:
NETSCAPE_CERT_SEQUENCE_new 1166 EXIST::FUNCTION:
OBJ_txt2obj 1167 EXIST::FUNCTION:
-PEM_read_NETSCAPE_CERT_SEQUENCE 1168 EXIST:!VMS,!WIN16:FUNCTION:
+PEM_read_NETSCAPE_CERT_SEQUENCE 1168 EXIST:!VMS:FUNCTION:
PEM_read_NS_CERT_SEQ 1168 EXIST:VMS:FUNCTION:
PEM_read_bio_NETSCAPE_CERT_SEQUENCE 1169 EXIST:!VMS:FUNCTION:
PEM_read_bio_NS_CERT_SEQ 1169 EXIST:VMS:FUNCTION:
-PEM_write_NETSCAPE_CERT_SEQUENCE 1170 EXIST:!VMS,!WIN16:FUNCTION:
+PEM_write_NETSCAPE_CERT_SEQUENCE 1170 EXIST:!VMS:FUNCTION:
PEM_write_NS_CERT_SEQ 1170 EXIST:VMS:FUNCTION:
PEM_write_bio_NETSCAPE_CERT_SEQUENCE 1171 EXIST:!VMS:FUNCTION:
PEM_write_bio_NS_CERT_SEQ 1171 EXIST:VMS:FUNCTION:
@@ -1182,8 +1182,8 @@ ASN1_ENUMERATED_set 1205 EXIST::FUNCTION:
ASN1_ENUMERATED_get 1206 EXIST::FUNCTION:
BN_to_ASN1_ENUMERATED 1207 EXIST::FUNCTION:
ASN1_ENUMERATED_to_BN 1208 EXIST::FUNCTION:
-i2a_ASN1_ENUMERATED 1209 EXIST::FUNCTION:BIO
-a2i_ASN1_ENUMERATED 1210 EXIST::FUNCTION:BIO
+i2a_ASN1_ENUMERATED 1209 EXIST::FUNCTION:
+a2i_ASN1_ENUMERATED 1210 EXIST::FUNCTION:
i2d_GENERAL_NAME 1211 EXIST::FUNCTION:
d2i_GENERAL_NAME 1212 EXIST::FUNCTION:
GENERAL_NAME_new 1213 EXIST::FUNCTION:
@@ -1198,11 +1198,11 @@ s2i_ASN1_OCTET_STRING 1221 EXIST::FUNCTION:
X509V3_EXT_check_conf 1222 NOEXIST::FUNCTION:
hex_to_string 1223 EXIST::FUNCTION:
string_to_hex 1224 EXIST::FUNCTION:
-DES_ede3_cbcm_encrypt 1225 EXIST::FUNCTION:DES
+DES_ede3_cbcm_encrypt 1225 NOEXIST::FUNCTION:
RSA_padding_add_PKCS1_OAEP 1226 EXIST::FUNCTION:RSA
RSA_padding_check_PKCS1_OAEP 1227 EXIST::FUNCTION:RSA
-X509_CRL_print_fp 1228 EXIST::FUNCTION:FP_API
-X509_CRL_print 1229 EXIST::FUNCTION:BIO
+X509_CRL_print_fp 1228 EXIST::FUNCTION:STDIO
+X509_CRL_print 1229 EXIST::FUNCTION:
i2v_GENERAL_NAME 1230 EXIST::FUNCTION:
v2i_GENERAL_NAME 1231 EXIST::FUNCTION:
i2d_PKEY_USAGE_PERIOD 1232 EXIST::FUNCTION:
@@ -1216,8 +1216,8 @@ name_cmp 1239 EXIST::FUNCTION:
str_dup 1240 NOEXIST::FUNCTION:
i2s_ASN1_ENUMERATED 1241 EXIST::FUNCTION:
i2s_ASN1_ENUMERATED_TABLE 1242 EXIST::FUNCTION:
-BIO_s_log 1243 EXIST:!OS2,!WIN16,!WIN32,!macintosh:FUNCTION:
-BIO_f_reliable 1244 EXIST::FUNCTION:BIO
+BIO_s_log 1243 EXIST:!OS2,!WIN32,!macintosh:FUNCTION:
+BIO_f_reliable 1244 EXIST::FUNCTION:
PKCS7_dataFinal 1245 EXIST::FUNCTION:
PKCS7_dataDecode 1246 EXIST::FUNCTION:
X509V3_EXT_CRL_add_conf 1247 EXIST::FUNCTION:
@@ -1225,7 +1225,7 @@ BN_set_params 1248 EXIST::FUNCTION:DEPRECATED
BN_get_params 1249 EXIST::FUNCTION:DEPRECATED
BIO_get_ex_num 1250 NOEXIST::FUNCTION:
BIO_set_ex_free_func 1251 NOEXIST::FUNCTION:
-EVP_ripemd160 1252 EXIST::FUNCTION:RIPEMD
+EVP_ripemd160 1252 EXIST::FUNCTION:RMD160
ASN1_TIME_set 1253 EXIST::FUNCTION:
i2d_AUTHORITY_KEYID 1254 EXIST::FUNCTION:
d2i_AUTHORITY_KEYID 1255 EXIST::FUNCTION:
@@ -1426,26 +1426,26 @@ d2i_ASN1_SET_OF_PKCS7_SIGNER_INFO 1748 NOEXIST::FUNCTION:
d2i_ASN1_SET_OF_PKCS7_RECIP_INFO 1753 NOEXIST::FUNCTION:
PKCS5_PBE_add 1775 EXIST::FUNCTION:
PEM_write_bio_PKCS8 1776 EXIST::FUNCTION:
-i2d_PKCS8_fp 1777 EXIST::FUNCTION:FP_API
+i2d_PKCS8_fp 1777 EXIST::FUNCTION:STDIO
PEM_read_bio_PKCS8_PRIV_KEY_INFO 1778 EXIST:!VMS:FUNCTION:
PEM_read_bio_P8_PRIV_KEY_INFO 1778 EXIST:VMS:FUNCTION:
-d2i_PKCS8_bio 1779 EXIST::FUNCTION:BIO
-d2i_PKCS8_PRIV_KEY_INFO_fp 1780 EXIST::FUNCTION:FP_API
+d2i_PKCS8_bio 1779 EXIST::FUNCTION:
+d2i_PKCS8_PRIV_KEY_INFO_fp 1780 EXIST::FUNCTION:STDIO
PEM_write_bio_PKCS8_PRIV_KEY_INFO 1781 EXIST:!VMS:FUNCTION:
PEM_write_bio_P8_PRIV_KEY_INFO 1781 EXIST:VMS:FUNCTION:
-PEM_read_PKCS8 1782 EXIST:!WIN16:FUNCTION:
-d2i_PKCS8_PRIV_KEY_INFO_bio 1783 EXIST::FUNCTION:BIO
-d2i_PKCS8_fp 1784 EXIST::FUNCTION:FP_API
-PEM_write_PKCS8 1785 EXIST:!WIN16:FUNCTION:
-PEM_read_PKCS8_PRIV_KEY_INFO 1786 EXIST:!VMS,!WIN16:FUNCTION:
+PEM_read_PKCS8 1782 EXIST::FUNCTION:
+d2i_PKCS8_PRIV_KEY_INFO_bio 1783 EXIST::FUNCTION:
+d2i_PKCS8_fp 1784 EXIST::FUNCTION:STDIO
+PEM_write_PKCS8 1785 EXIST::FUNCTION:
+PEM_read_PKCS8_PRIV_KEY_INFO 1786 EXIST:!VMS:FUNCTION:
PEM_read_P8_PRIV_KEY_INFO 1786 EXIST:VMS:FUNCTION:
PEM_read_bio_PKCS8 1787 EXIST::FUNCTION:
-PEM_write_PKCS8_PRIV_KEY_INFO 1788 EXIST:!VMS,!WIN16:FUNCTION:
+PEM_write_PKCS8_PRIV_KEY_INFO 1788 EXIST:!VMS:FUNCTION:
PEM_write_P8_PRIV_KEY_INFO 1788 EXIST:VMS:FUNCTION:
PKCS5_PBE_keyivgen 1789 EXIST::FUNCTION:
-i2d_PKCS8_bio 1790 EXIST::FUNCTION:BIO
-i2d_PKCS8_PRIV_KEY_INFO_fp 1791 EXIST::FUNCTION:FP_API
-i2d_PKCS8_PRIV_KEY_INFO_bio 1792 EXIST::FUNCTION:BIO
+i2d_PKCS8_bio 1790 EXIST::FUNCTION:
+i2d_PKCS8_PRIV_KEY_INFO_fp 1791 EXIST::FUNCTION:STDIO
+i2d_PKCS8_PRIV_KEY_INFO_bio 1792 EXIST::FUNCTION:
BIO_s_bio 1793 EXIST::FUNCTION:
PKCS5_pbe2_set 1794 EXIST::FUNCTION:
PKCS5_PBKDF2_HMAC_SHA1 1795 EXIST::FUNCTION:
@@ -1459,7 +1459,7 @@ BIO_new_bio_pair 1802 EXIST::FUNCTION:
BIO_ctrl_get_write_guarantee 1803 EXIST::FUNCTION:
CRYPTO_num_locks 1804 EXIST::FUNCTION:
CONF_load_bio 1805 EXIST::FUNCTION:
-CONF_load_fp 1806 EXIST::FUNCTION:FP_API
+CONF_load_fp 1806 EXIST::FUNCTION:STDIO
i2d_ASN1_SET_OF_ASN1_OBJECT 1837 NOEXIST::FUNCTION:
d2i_ASN1_SET_OF_ASN1_OBJECT 1844 NOEXIST::FUNCTION:
PKCS7_signatureVerify 1845 EXIST::FUNCTION:
@@ -1494,11 +1494,11 @@ DSA_set_ex_data 1893 EXIST::FUNCTION:DSA
DH_set_default_method 1894 EXIST::FUNCTION:DH
DSA_get_ex_data 1895 EXIST::FUNCTION:DSA
X509V3_EXT_REQ_add_conf 1896 EXIST::FUNCTION:
-NETSCAPE_SPKI_print 1897 EXIST::FUNCTION:EVP
-NETSCAPE_SPKI_set_pubkey 1898 EXIST::FUNCTION:EVP
-NETSCAPE_SPKI_b64_encode 1899 EXIST::FUNCTION:EVP
-NETSCAPE_SPKI_get_pubkey 1900 EXIST::FUNCTION:EVP
-NETSCAPE_SPKI_b64_decode 1901 EXIST::FUNCTION:EVP
+NETSCAPE_SPKI_print 1897 EXIST::FUNCTION:
+NETSCAPE_SPKI_set_pubkey 1898 EXIST::FUNCTION:
+NETSCAPE_SPKI_b64_encode 1899 EXIST::FUNCTION:
+NETSCAPE_SPKI_get_pubkey 1900 EXIST::FUNCTION:
+NETSCAPE_SPKI_b64_decode 1901 EXIST::FUNCTION:
UTF8_putc 1902 EXIST::FUNCTION:
UTF8_getc 1903 EXIST::FUNCTION:
RSA_null_method 1904 EXIST::FUNCTION:RSA
@@ -1512,9 +1512,9 @@ X509_reject_set_bit_asc 1911 NOEXIST::FUNCTION:
X509_NAME_add_entry_by_txt 1912 EXIST::FUNCTION:
X509_NAME_add_entry_by_NID 1914 EXIST::FUNCTION:
X509_PURPOSE_get0 1915 EXIST::FUNCTION:
-PEM_read_X509_AUX 1917 EXIST:!WIN16:FUNCTION:
+PEM_read_X509_AUX 1917 EXIST::FUNCTION:
d2i_AUTHORITY_INFO_ACCESS 1918 EXIST::FUNCTION:
-PEM_write_PUBKEY 1921 EXIST:!WIN16:FUNCTION:
+PEM_write_PUBKEY 1921 EXIST::FUNCTION:
ACCESS_DESCRIPTION_new 1925 EXIST::FUNCTION:
X509_CERT_AUX_free 1926 EXIST::FUNCTION:
d2i_ACCESS_DESCRIPTION 1927 EXIST::FUNCTION:
@@ -1543,22 +1543,22 @@ ASN1_STRING_set_default_mask_asc 1960 EXIST:!VMS:FUNCTION:
ASN1_STRING_set_def_mask_asc 1960 EXIST:VMS:FUNCTION:
PEM_write_bio_RSA_PUBKEY 1961 EXIST::FUNCTION:RSA
ASN1_INTEGER_cmp 1963 EXIST::FUNCTION:
-d2i_RSA_PUBKEY_fp 1964 EXIST::FUNCTION:FP_API,RSA
+d2i_RSA_PUBKEY_fp 1964 EXIST::FUNCTION:RSA,STDIO
X509_trust_set_bit_asc 1967 NOEXIST::FUNCTION:
PEM_write_bio_DSA_PUBKEY 1968 EXIST::FUNCTION:DSA
X509_STORE_CTX_free 1969 EXIST::FUNCTION:
EVP_PKEY_set1_DSA 1970 EXIST::FUNCTION:DSA
-i2d_DSA_PUBKEY_fp 1971 EXIST::FUNCTION:DSA,FP_API
+i2d_DSA_PUBKEY_fp 1971 EXIST::FUNCTION:DSA,STDIO
X509_load_cert_crl_file 1972 EXIST::FUNCTION:STDIO
ASN1_TIME_new 1973 EXIST::FUNCTION:
i2d_RSA_PUBKEY 1974 EXIST::FUNCTION:RSA
X509_STORE_CTX_purpose_inherit 1976 EXIST::FUNCTION:
-PEM_read_RSA_PUBKEY 1977 EXIST:!WIN16:FUNCTION:RSA
+PEM_read_RSA_PUBKEY 1977 EXIST::FUNCTION:RSA
d2i_X509_AUX 1980 EXIST::FUNCTION:
i2d_DSA_PUBKEY 1981 EXIST::FUNCTION:DSA
-X509_CERT_AUX_print 1982 EXIST::FUNCTION:BIO
-PEM_read_DSA_PUBKEY 1984 EXIST:!WIN16:FUNCTION:DSA
-i2d_RSA_PUBKEY_bio 1985 EXIST::FUNCTION:BIO,RSA
+X509_CERT_AUX_print 1982 EXIST::FUNCTION:
+PEM_read_DSA_PUBKEY 1984 EXIST::FUNCTION:DSA
+i2d_RSA_PUBKEY_bio 1985 EXIST::FUNCTION:RSA
ASN1_BIT_STRING_num_asc 1986 EXIST::FUNCTION:
i2d_PUBKEY 1987 EXIST::FUNCTION:
ASN1_UTCTIME_free 1988 EXIST::FUNCTION:
@@ -1575,8 +1575,8 @@ X509_TRUST_cleanup 2007 EXIST::FUNCTION:
X509_NAME_add_entry_by_OBJ 2008 EXIST::FUNCTION:
X509_CRL_get_ext_d2i 2009 EXIST::FUNCTION:
X509_PURPOSE_get0_name 2011 EXIST::FUNCTION:
-PEM_read_PUBKEY 2012 EXIST:!WIN16:FUNCTION:
-i2d_DSA_PUBKEY_bio 2014 EXIST::FUNCTION:BIO,DSA
+PEM_read_PUBKEY 2012 EXIST::FUNCTION:
+i2d_DSA_PUBKEY_bio 2014 EXIST::FUNCTION:DSA
i2d_OTHERNAME 2015 EXIST::FUNCTION:
ASN1_OCTET_STRING_free 2016 EXIST::FUNCTION:
ASN1_BIT_STRING_set_asc 2017 EXIST::FUNCTION:
@@ -1595,9 +1595,9 @@ ASN1_STRING_set_default_mask 2032 EXIST::FUNCTION:
X509_STORE_CTX_new 2033 EXIST::FUNCTION:
EVP_PKEY_get1_RSA 2034 EXIST::FUNCTION:RSA
DIRECTORYSTRING_free 2038 EXIST::FUNCTION:
-PEM_write_X509_AUX 2039 EXIST:!WIN16:FUNCTION:
+PEM_write_X509_AUX 2039 EXIST::FUNCTION:
ASN1_OCTET_STRING_set 2040 EXIST::FUNCTION:
-d2i_DSA_PUBKEY_fp 2041 EXIST::FUNCTION:DSA,FP_API
+d2i_DSA_PUBKEY_fp 2041 EXIST::FUNCTION:DSA,STDIO
d2i_RSA_PUBKEY 2044 EXIST::FUNCTION:RSA
X509_TRUST_get0_name 2046 EXIST::FUNCTION:
X509_TRUST_get0 2047 EXIST::FUNCTION:
@@ -1606,7 +1606,7 @@ ASN1_IA5STRING_new 2049 EXIST::FUNCTION:
d2i_DSA_PUBKEY 2050 EXIST::FUNCTION:DSA
X509_check_purpose 2051 EXIST::FUNCTION:
ASN1_ENUMERATED_new 2052 EXIST::FUNCTION:
-d2i_RSA_PUBKEY_bio 2053 EXIST::FUNCTION:BIO,RSA
+d2i_RSA_PUBKEY_bio 2053 EXIST::FUNCTION:RSA
d2i_PUBKEY 2054 EXIST::FUNCTION:
X509_TRUST_get_trust 2055 EXIST::FUNCTION:
X509_TRUST_get_flags 2056 EXIST::FUNCTION:
@@ -1634,11 +1634,11 @@ PEM_read_bio_DSA_PUBKEY 2088 EXIST::FUNCTION:DSA
X509_PURPOSE_add 2090 EXIST::FUNCTION:
ASN1_STRING_TABLE_get 2091 EXIST::FUNCTION:
ASN1_UTF8STRING_free 2092 EXIST::FUNCTION:
-d2i_DSA_PUBKEY_bio 2093 EXIST::FUNCTION:BIO,DSA
-PEM_write_RSA_PUBKEY 2095 EXIST:!WIN16:FUNCTION:RSA
+d2i_DSA_PUBKEY_bio 2093 EXIST::FUNCTION:DSA
+PEM_write_RSA_PUBKEY 2095 EXIST::FUNCTION:RSA
d2i_OTHERNAME 2096 EXIST::FUNCTION:
X509_reject_set_bit 2098 NOEXIST::FUNCTION:
-PEM_write_DSA_PUBKEY 2101 EXIST:!WIN16:FUNCTION:DSA
+PEM_write_DSA_PUBKEY 2101 EXIST::FUNCTION:DSA
X509_PURPOSE_get0_sname 2105 EXIST::FUNCTION:
EVP_PKEY_set1_DH 2107 EXIST::FUNCTION:DH
ASN1_OCTET_STRING_dup 2108 EXIST::FUNCTION:
@@ -1646,7 +1646,7 @@ ASN1_BIT_STRING_set 2109 EXIST::FUNCTION:
X509_TRUST_get_count 2110 EXIST::FUNCTION:
ASN1_INTEGER_free 2111 EXIST::FUNCTION:
OTHERNAME_free 2112 EXIST::FUNCTION:
-i2d_RSA_PUBKEY_fp 2113 EXIST::FUNCTION:FP_API,RSA
+i2d_RSA_PUBKEY_fp 2113 EXIST::FUNCTION:RSA,STDIO
ASN1_INTEGER_dup 2114 EXIST::FUNCTION:
d2i_X509_CERT_AUX 2115 EXIST::FUNCTION:
PEM_write_bio_PUBKEY 2117 EXIST::FUNCTION:
@@ -1658,7 +1658,7 @@ EVP_PKEY_get1_DH 2128 EXIST::FUNCTION:DH
ASN1_OCTET_STRING_new 2130 EXIST::FUNCTION:
ASN1_INTEGER_new 2131 EXIST::FUNCTION:
i2d_X509_AUX 2132 EXIST::FUNCTION:
-ASN1_BIT_STRING_name_print 2134 EXIST::FUNCTION:BIO
+ASN1_BIT_STRING_name_print 2134 EXIST::FUNCTION:
X509_cmp 2135 EXIST::FUNCTION:
ASN1_STRING_length_set 2136 EXIST::FUNCTION:
DIRECTORYSTRING_new 2137 EXIST::FUNCTION:
@@ -1700,13 +1700,13 @@ i2d_ASN1_NULL 2173 EXIST::FUNCTION:
i2d_PKCS8PrivateKey_nid_fp 2174 EXIST::FUNCTION:
d2i_PKCS8PrivateKey_fp 2175 EXIST::FUNCTION:
i2d_PKCS8PrivateKey_nid_bio 2176 EXIST::FUNCTION:
-i2d_PKCS8PrivateKeyInfo_fp 2177 EXIST::FUNCTION:FP_API
-i2d_PKCS8PrivateKeyInfo_bio 2178 EXIST::FUNCTION:BIO
+i2d_PKCS8PrivateKeyInfo_fp 2177 EXIST::FUNCTION:STDIO
+i2d_PKCS8PrivateKeyInfo_bio 2178 EXIST::FUNCTION:
PEM_cb 2179 NOEXIST::FUNCTION:
-i2d_PrivateKey_fp 2180 EXIST::FUNCTION:FP_API
-d2i_PrivateKey_bio 2181 EXIST::FUNCTION:BIO
-d2i_PrivateKey_fp 2182 EXIST::FUNCTION:FP_API
-i2d_PrivateKey_bio 2183 EXIST::FUNCTION:BIO
+i2d_PrivateKey_fp 2180 EXIST::FUNCTION:STDIO
+d2i_PrivateKey_bio 2181 EXIST::FUNCTION:
+d2i_PrivateKey_fp 2182 EXIST::FUNCTION:STDIO
+i2d_PrivateKey_bio 2183 EXIST::FUNCTION:
X509_reject_clear 2184 EXIST::FUNCTION:
X509_TRUST_set_default 2185 EXIST::FUNCTION:
d2i_AutoPrivateKey 2186 EXIST::FUNCTION:
@@ -1744,7 +1744,7 @@ X509_REQ_add1_attr_by_txt 2217 EXIST::FUNCTION:
X509_ATTRIBUTE_create_by_txt 2218 EXIST::FUNCTION:
X509at_add1_attr_by_txt 2219 EXIST::FUNCTION:
BN_pseudo_rand 2239 EXIST::FUNCTION:
-BN_is_prime_fasttest 2240 EXIST::FUNCTION:DEPRECATED
+BN_is_prime_fasttest 2240 NOEXIST::FUNCTION:
BN_CTX_end 2241 EXIST::FUNCTION:
BN_CTX_start 2242 EXIST::FUNCTION:
BN_CTX_get 2243 EXIST::FUNCTION:
@@ -1755,7 +1755,7 @@ AUTHORITY_INFO_ACCESS_new 2247 EXIST::FUNCTION:
CRYPTO_get_mem_debug_options 2248 EXIST::FUNCTION:
DES_crypt 2249 EXIST::FUNCTION:DES
PEM_write_bio_X509_REQ_NEW 2250 EXIST::FUNCTION:
-PEM_write_X509_REQ_NEW 2251 EXIST:!WIN16:FUNCTION:
+PEM_write_X509_REQ_NEW 2251 EXIST::FUNCTION:
BIO_callback_ctrl 2252 EXIST::FUNCTION:
RAND_egd 2253 EXIST::FUNCTION:
RAND_status 2254 EXIST::FUNCTION:
@@ -1781,7 +1781,7 @@ DSO_METHOD_win32 2273 EXIST::FUNCTION:
ERR_load_DSO_strings 2274 EXIST::FUNCTION:
DSO_METHOD_dl 2275 EXIST::FUNCTION:
NCONF_load 2276 EXIST::FUNCTION:
-NCONF_load_fp 2278 EXIST::FUNCTION:FP_API
+NCONF_load_fp 2278 EXIST::FUNCTION:STDIO
NCONF_new 2279 EXIST::FUNCTION:
NCONF_get_string 2280 EXIST::FUNCTION:
NCONF_free 2281 EXIST::FUNCTION:
@@ -1804,8 +1804,8 @@ BIO_vfree 2334 EXIST::FUNCTION:
d2i_ASN1_SET_OF_ASN1_INTEGER 2339 NOEXIST::FUNCTION:
d2i_ASN1_SET_OF_PKCS12_SAFEBAG 2341 NOEXIST::FUNCTION:
ASN1_UTCTIME_get 2350 NOEXIST::FUNCTION:
-X509_REQ_digest 2362 EXIST::FUNCTION:EVP
-X509_CRL_digest 2391 EXIST::FUNCTION:EVP
+X509_REQ_digest 2362 EXIST::FUNCTION:
+X509_CRL_digest 2391 EXIST::FUNCTION:
d2i_ASN1_SET_OF_PKCS7 2397 NOEXIST::FUNCTION:
X509_ALGOR_cmp 2398 EXIST::FUNCTION:
EVP_CIPHER_CTX_set_key_length 2399 EXIST::FUNCTION:
@@ -1842,25 +1842,25 @@ RAND_poll 2423 EXIST::FUNCTION:
c2i_ASN1_INTEGER 2424 EXIST::FUNCTION:
i2c_ASN1_INTEGER 2425 EXIST::FUNCTION:
BIO_dump_indent 2426 EXIST::FUNCTION:
-ASN1_parse_dump 2427 EXIST::FUNCTION:BIO
+ASN1_parse_dump 2427 EXIST::FUNCTION:
c2i_ASN1_OBJECT 2428 EXIST::FUNCTION:
-X509_NAME_print_ex_fp 2429 EXIST::FUNCTION:FP_API
-ASN1_STRING_print_ex_fp 2430 EXIST::FUNCTION:FP_API
-X509_NAME_print_ex 2431 EXIST::FUNCTION:BIO
-ASN1_STRING_print_ex 2432 EXIST::FUNCTION:BIO
+X509_NAME_print_ex_fp 2429 EXIST::FUNCTION:STDIO
+ASN1_STRING_print_ex_fp 2430 EXIST::FUNCTION:STDIO
+X509_NAME_print_ex 2431 EXIST::FUNCTION:
+ASN1_STRING_print_ex 2432 EXIST::FUNCTION:
MD4 2433 EXIST::FUNCTION:MD4
MD4_Transform 2434 EXIST::FUNCTION:MD4
MD4_Final 2435 EXIST::FUNCTION:MD4
MD4_Update 2436 EXIST::FUNCTION:MD4
MD4_Init 2437 EXIST::FUNCTION:MD4
EVP_md4 2438 EXIST::FUNCTION:MD4
-i2d_PUBKEY_bio 2439 EXIST::FUNCTION:BIO
-i2d_PUBKEY_fp 2440 EXIST::FUNCTION:FP_API
-d2i_PUBKEY_bio 2441 EXIST::FUNCTION:BIO
+i2d_PUBKEY_bio 2439 EXIST::FUNCTION:
+i2d_PUBKEY_fp 2440 EXIST::FUNCTION:STDIO
+d2i_PUBKEY_bio 2441 EXIST::FUNCTION:
ASN1_STRING_to_UTF8 2442 EXIST::FUNCTION:
BIO_vprintf 2443 EXIST::FUNCTION:
BIO_vsnprintf 2444 EXIST::FUNCTION:
-d2i_PUBKEY_fp 2445 EXIST::FUNCTION:FP_API
+d2i_PUBKEY_fp 2445 EXIST::FUNCTION:STDIO
X509_cmp_time 2446 EXIST::FUNCTION:
X509_STORE_CTX_set_time 2447 EXIST::FUNCTION:
X509_STORE_CTX_get1_issuer 2448 EXIST::FUNCTION:
@@ -1965,7 +1965,7 @@ X509V3_EXT_nconf 2540 EXIST::FUNCTION:
ASN1_GENERALSTRING_free 2541 EXIST::FUNCTION:
d2i_OCSP_CERTSTATUS 2542 EXIST::FUNCTION:
X509_REVOKED_set_serialNumber 2543 EXIST::FUNCTION:
-X509_print_ex 2544 EXIST::FUNCTION:BIO
+X509_print_ex 2544 EXIST::FUNCTION:
OCSP_ONEREQ_get1_ext_d2i 2545 EXIST::FUNCTION:
ENGINE_register_all_RAND 2546 EXIST::FUNCTION:ENGINE
ENGINE_load_dynamic 2547 EXIST::FUNCTION:ENGINE
@@ -1974,7 +1974,7 @@ PBKDF2PARAM_it 2548 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTI
EXTENDED_KEY_USAGE_new 2549 EXIST::FUNCTION:
EC_GROUP_clear_free 2550 EXIST::FUNCTION:EC
OCSP_sendreq_bio 2551 EXIST::FUNCTION:
-ASN1_item_digest 2552 EXIST::FUNCTION:EVP
+ASN1_item_digest 2552 EXIST::FUNCTION:
OCSP_BASICRESP_delete_ext 2553 EXIST::FUNCTION:
OCSP_SIGNATURE_it 2554 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
OCSP_SIGNATURE_it 2554 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
@@ -1991,19 +1991,19 @@ i2d_OCSP_SERVICELOC 2562 EXIST::FUNCTION:
ENGINE_get_digest_engine 2563 EXIST::FUNCTION:ENGINE
EC_GROUP_set_curve_GFp 2564 EXIST::FUNCTION:EC
OCSP_REQUEST_get_ext_by_OBJ 2565 EXIST::FUNCTION:
-_ossl_old_des_random_key 2566 EXIST::FUNCTION:DES
+_ossl_old_des_random_key 2566 NOEXIST::FUNCTION:
ASN1_T61STRING_it 2567 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
ASN1_T61STRING_it 2567 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
EC_GROUP_method_of 2568 EXIST::FUNCTION:EC
i2d_KRB5_APREQ 2569 EXIST::FUNCTION:
-_ossl_old_des_encrypt 2570 EXIST::FUNCTION:DES
+_ossl_old_des_encrypt 2570 NOEXIST::FUNCTION:
ASN1_PRINTABLE_new 2571 EXIST::FUNCTION:
HMAC_Init_ex 2572 EXIST::FUNCTION:HMAC
d2i_KRB5_AUTHENT 2573 EXIST::FUNCTION:
OCSP_archive_cutoff_new 2574 EXIST::FUNCTION:
EC_POINT_set_Jprojective_coordinates_GFp 2575 EXIST:!VMS:FUNCTION:EC
EC_POINT_set_Jproj_coords_GFp 2575 EXIST:VMS:FUNCTION:EC
-_ossl_old_des_is_weak_key 2576 EXIST::FUNCTION:DES
+_ossl_old_des_is_weak_key 2576 NOEXIST::FUNCTION:
OCSP_BASICRESP_get_ext_by_OBJ 2577 EXIST::FUNCTION:
EC_POINT_oct2point 2578 EXIST::FUNCTION:EC
OCSP_SINGLERESP_get_ext_count 2579 EXIST::FUNCTION:
@@ -2044,7 +2044,7 @@ ENGINE_register_RAND 2609 EXIST::FUNCTION:ENGINE
OCSP_SERVICELOC_new 2610 EXIST::FUNCTION:
EC_POINT_set_affine_coordinates_GFp 2611 EXIST:!VMS:FUNCTION:EC
EC_POINT_set_affine_coords_GFp 2611 EXIST:VMS:FUNCTION:EC
-_ossl_old_des_options 2612 EXIST::FUNCTION:DES
+_ossl_old_des_options 2612 NOEXIST::FUNCTION:
SXNET_it 2613 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
SXNET_it 2613 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
UI_dup_input_boolean 2614 EXIST::FUNCTION:
@@ -2096,7 +2096,7 @@ PKCS12_it 2651 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTI
OCSP_SINGLERESP_get_ext_by_critical 2652 EXIST:!VMS:FUNCTION:
OCSP_SINGLERESP_get_ext_by_crit 2652 EXIST:VMS:FUNCTION:
OCSP_CERTSTATUS_free 2653 EXIST::FUNCTION:
-_ossl_old_des_crypt 2654 EXIST::FUNCTION:DES
+_ossl_old_des_crypt 2654 NOEXIST::FUNCTION:
ASN1_item_i2d 2655 EXIST::FUNCTION:
EVP_DecryptFinal_ex 2656 EXIST::FUNCTION:
ENGINE_load_openssl 2657 EXIST::FUNCTION:ENGINE
@@ -2109,7 +2109,7 @@ X509_get0_pubkey_bitstr 2662 EXIST::FUNCTION:
asn1_ex_i2c 2663 EXIST::FUNCTION:
ENGINE_register_RSA 2664 EXIST::FUNCTION:ENGINE
ENGINE_unregister_DSA 2665 EXIST::FUNCTION:ENGINE
-_ossl_old_des_key_sched 2666 EXIST::FUNCTION:DES
+_ossl_old_des_key_sched 2666 NOEXIST::FUNCTION:
X509_EXTENSION_it 2667 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
X509_EXTENSION_it 2667 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
i2d_KRB5_AUTHENT 2668 EXIST::FUNCTION:
@@ -2118,7 +2118,7 @@ SXNETID_it 2669 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTI
d2i_OCSP_SINGLERESP 2670 EXIST::FUNCTION:
EDIPARTYNAME_new 2671 EXIST::FUNCTION:
PKCS12_certbag2x509 2672 EXIST::FUNCTION:
-_ossl_old_des_ofb64_encrypt 2673 EXIST::FUNCTION:DES
+_ossl_old_des_ofb64_encrypt 2673 NOEXIST::FUNCTION:
d2i_EXTENDED_KEY_USAGE 2674 EXIST::FUNCTION:
ERR_print_errors_cb 2675 EXIST::FUNCTION:
ENGINE_set_ciphers 2676 EXIST::FUNCTION:ENGINE
@@ -2126,7 +2126,7 @@ d2i_KRB5_APREQBODY 2677 EXIST::FUNCTION:
UI_method_get_flusher 2678 EXIST::FUNCTION:
X509_PUBKEY_it 2679 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
X509_PUBKEY_it 2679 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-_ossl_old_des_enc_read 2680 EXIST::FUNCTION:DES
+_ossl_old_des_enc_read 2680 NOEXIST::FUNCTION:
PKCS7_ENCRYPT_it 2681 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
PKCS7_ENCRYPT_it 2681 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
i2d_OCSP_RESPONSE 2682 EXIST::FUNCTION:
@@ -2154,8 +2154,8 @@ EC_GROUP_get_order 2701 EXIST::FUNCTION:EC
d2i_OCSP_RESPID 2702 EXIST::FUNCTION:
OCSP_request_verify 2703 EXIST::FUNCTION:
NCONF_get_number_e 2704 EXIST::FUNCTION:
-_ossl_old_des_decrypt3 2705 EXIST::FUNCTION:DES
-X509_signature_print 2706 EXIST::FUNCTION:EVP
+_ossl_old_des_decrypt3 2705 NOEXIST::FUNCTION:
+X509_signature_print 2706 EXIST::FUNCTION:
OCSP_SINGLERESP_free 2707 EXIST::FUNCTION:
ENGINE_load_builtin_engines 2708 EXIST::FUNCTION:ENGINE
i2d_OCSP_ONEREQ 2709 EXIST::FUNCTION:
@@ -2178,13 +2178,13 @@ ASN1_IA5STRING_it 2722 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIA
ASN1_IA5STRING_it 2722 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
UI_get_input_flags 2723 EXIST::FUNCTION:
EC_GROUP_set_generator 2724 EXIST::FUNCTION:EC
-_ossl_old_des_string_to_2keys 2725 EXIST::FUNCTION:DES
+_ossl_old_des_string_to_2keys 2725 NOEXIST::FUNCTION:
OCSP_CERTID_free 2726 EXIST::FUNCTION:
X509_CERT_AUX_it 2727 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
X509_CERT_AUX_it 2727 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
CERTIFICATEPOLICIES_it 2728 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
CERTIFICATEPOLICIES_it 2728 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-_ossl_old_des_ede3_cbc_encrypt 2729 EXIST::FUNCTION:DES
+_ossl_old_des_ede3_cbc_encrypt 2729 NOEXIST::FUNCTION:
RAND_set_rand_engine 2730 EXIST::FUNCTION:ENGINE
DSO_get_loaded_filename 2731 EXIST::FUNCTION:
X509_ATTRIBUTE_it 2732 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
@@ -2200,7 +2200,7 @@ i2d_OCSP_REQUEST 2738 EXIST::FUNCTION:
PKCS12_x509crl2certbag 2739 EXIST::FUNCTION:
OCSP_SERVICELOC_it 2740 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
OCSP_SERVICELOC_it 2740 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-ASN1_item_sign 2741 EXIST::FUNCTION:EVP
+ASN1_item_sign 2741 EXIST::FUNCTION:
X509_CRL_set_issuer_name 2742 EXIST::FUNCTION:
OBJ_NAME_do_all_sorted 2743 EXIST::FUNCTION:
i2d_OCSP_BASICRESP 2744 EXIST::FUNCTION:
@@ -2231,7 +2231,7 @@ ENGINE_register_DSA 2762 EXIST::FUNCTION:ENGINE
X509V3_EXT_add_nconf_sk 2763 EXIST::FUNCTION:
ENGINE_set_load_pubkey_function 2764 EXIST::FUNCTION:ENGINE
PKCS8_decrypt 2765 EXIST::FUNCTION:
-PEM_bytes_read_bio 2766 EXIST::FUNCTION:BIO
+PEM_bytes_read_bio 2766 EXIST::FUNCTION:
DIRECTORYSTRING_it 2767 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
DIRECTORYSTRING_it 2767 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
d2i_OCSP_CRLID 2768 EXIST::FUNCTION:
@@ -2244,8 +2244,8 @@ X509_it 2773 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIA
X509_it 2773 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
BN_mod_add 2774 EXIST::FUNCTION:
KRB5_AUTHDATA_free 2775 EXIST::FUNCTION:
-_ossl_old_des_cbc_cksum 2776 EXIST::FUNCTION:DES
-ASN1_item_verify 2777 EXIST::FUNCTION:EVP
+_ossl_old_des_cbc_cksum 2776 NOEXIST::FUNCTION:
+ASN1_item_verify 2777 EXIST::FUNCTION:
CRYPTO_set_mem_ex_functions 2778 EXIST::FUNCTION:
EC_POINT_get_Jprojective_coordinates_GFp 2779 EXIST:!VMS:FUNCTION:EC
EC_POINT_get_Jproj_coords_GFp 2779 EXIST:VMS:FUNCTION:EC
@@ -2257,13 +2257,13 @@ ASN1_TIME_check 2782 EXIST::FUNCTION:
UI_get0_user_data 2783 EXIST::FUNCTION:
HMAC_CTX_cleanup 2784 EXIST::FUNCTION:HMAC
DSA_up_ref 2785 EXIST::FUNCTION:DSA
-_ossl_old_des_ede3_cfb64_encrypt 2786 EXIST:!VMS:FUNCTION:DES
-_ossl_odes_ede3_cfb64_encrypt 2786 EXIST:VMS:FUNCTION:DES
+_ossl_odes_ede3_cfb64_encrypt 2786 NOEXIST::FUNCTION:
+_ossl_old_des_ede3_cfb64_encrypt 2786 NOEXIST::FUNCTION:
ASN1_BMPSTRING_it 2787 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
ASN1_BMPSTRING_it 2787 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
ASN1_tag2bit 2788 EXIST::FUNCTION:
UI_method_set_flusher 2789 EXIST::FUNCTION:
-X509_ocspid_print 2790 EXIST::FUNCTION:BIO
+X509_ocspid_print 2790 EXIST::FUNCTION:
KRB5_ENCDATA_it 2791 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
KRB5_ENCDATA_it 2791 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
ENGINE_get_load_pubkey_function 2792 EXIST::FUNCTION:ENGINE
@@ -2289,7 +2289,7 @@ AUTHORITY_INFO_ACCESS_it 2805 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTI
ASN1_FBOOLEAN_it 2806 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
ASN1_FBOOLEAN_it 2806 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
UI_set_ex_data 2807 EXIST::FUNCTION:
-_ossl_old_des_string_to_key 2808 EXIST::FUNCTION:DES
+_ossl_old_des_string_to_key 2808 NOEXIST::FUNCTION:
ENGINE_register_all_RSA 2809 EXIST::FUNCTION:ENGINE
d2i_KRB5_PRINCNAME 2810 EXIST::FUNCTION:
OCSP_RESPBYTES_it 2811 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
@@ -2300,7 +2300,7 @@ ENGINE_unregister_digests 2813 EXIST::FUNCTION:ENGINE
d2i_EDIPARTYNAME 2814 EXIST::FUNCTION:
d2i_OCSP_SERVICELOC 2815 EXIST::FUNCTION:
ENGINE_get_digests 2816 EXIST::FUNCTION:ENGINE
-_ossl_old_des_set_odd_parity 2817 EXIST::FUNCTION:DES
+_ossl_old_des_set_odd_parity 2817 NOEXIST::FUNCTION:
OCSP_RESPDATA_free 2818 EXIST::FUNCTION:
d2i_KRB5_TICKET 2819 EXIST::FUNCTION:
OTHERNAME_it 2820 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
@@ -2320,7 +2320,7 @@ EC_POINT_mul 2831 EXIST::FUNCTION:EC
X509V3_EXT_add_nconf 2832 EXIST::FUNCTION:
X509_TRUST_set 2833 EXIST::FUNCTION:
X509_CRL_add1_ext_i2d 2834 EXIST::FUNCTION:
-_ossl_old_des_fcrypt 2835 EXIST::FUNCTION:DES
+_ossl_old_des_fcrypt 2835 NOEXIST::FUNCTION:
DISPLAYTEXT_it 2836 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
DISPLAYTEXT_it 2836 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
X509_CRL_set_lastUpdate 2837 EXIST::FUNCTION:
@@ -2342,11 +2342,11 @@ UI_get0_action_string 2850 EXIST::FUNCTION:
OCSP_ONEREQ_get_ext 2851 EXIST::FUNCTION:
EC_POINT_method_of 2852 EXIST::FUNCTION:EC
i2d_KRB5_APREQBODY 2853 EXIST::FUNCTION:
-_ossl_old_des_ecb3_encrypt 2854 EXIST::FUNCTION:DES
+_ossl_old_des_ecb3_encrypt 2854 NOEXIST::FUNCTION:
CRYPTO_get_mem_ex_functions 2855 EXIST::FUNCTION:
ENGINE_get_ex_data 2856 EXIST::FUNCTION:ENGINE
UI_destroy_method 2857 EXIST::FUNCTION:
-ASN1_item_i2d_bio 2858 EXIST::FUNCTION:BIO
+ASN1_item_i2d_bio 2858 EXIST::FUNCTION:
OCSP_ONEREQ_get_ext_by_OBJ 2859 EXIST::FUNCTION:
ASN1_primitive_new 2860 EXIST::FUNCTION:
ASN1_PRINTABLE_it 2861 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
@@ -2359,7 +2359,7 @@ ASN1_VISIBLESTRING_it 2865 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIA
ASN1_VISIBLESTRING_it 2865 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
OCSP_SINGLERESP_add1_ext_i2d 2866 EXIST::FUNCTION:
d2i_OCSP_CERTID 2867 EXIST::FUNCTION:
-ASN1_item_d2i_fp 2868 EXIST::FUNCTION:FP_API
+ASN1_item_d2i_fp 2868 EXIST::FUNCTION:STDIO
CRL_DIST_POINTS_it 2869 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
CRL_DIST_POINTS_it 2869 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
GENERAL_NAME_print 2870 EXIST::FUNCTION:
@@ -2375,7 +2375,7 @@ ASN1_BIT_STRING_it 2878 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIA
ASN1_BIT_STRING_it 2878 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
X509_REQ_it 2879 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
X509_REQ_it 2879 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-_ossl_old_des_cbc_encrypt 2880 EXIST::FUNCTION:DES
+_ossl_old_des_cbc_encrypt 2880 NOEXIST::FUNCTION:
ERR_unload_strings 2881 EXIST::FUNCTION:
PKCS7_SIGN_ENVELOPE_it 2882 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
PKCS7_SIGN_ENVELOPE_it 2882 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
@@ -2391,7 +2391,7 @@ asn1_enc_restore 2891 EXIST::FUNCTION:
UI_free 2892 EXIST::FUNCTION:
UI_new_method 2893 EXIST::FUNCTION:
EVP_EncryptInit_ex 2894 EXIST::FUNCTION:
-X509_pubkey_digest 2895 EXIST::FUNCTION:EVP
+X509_pubkey_digest 2895 EXIST::FUNCTION:
EC_POINT_invert 2896 EXIST::FUNCTION:EC
OCSP_basic_sign 2897 EXIST::FUNCTION:
i2d_OCSP_RESPID 2898 EXIST::FUNCTION:
@@ -2469,7 +2469,7 @@ OCSP_id_get0_info 2960 EXIST::FUNCTION:
BN_mod_sqrt 2961 EXIST::FUNCTION:
EC_GROUP_copy 2962 EXIST::FUNCTION:EC
KRB5_ENCDATA_free 2963 EXIST::FUNCTION:
-_ossl_old_des_cfb_encrypt 2964 EXIST::FUNCTION:DES
+_ossl_old_des_cfb_encrypt 2964 NOEXIST::FUNCTION:
OCSP_SINGLERESP_get_ext_by_OBJ 2965 EXIST::FUNCTION:
OCSP_cert_to_id 2966 EXIST::FUNCTION:
OCSP_RESPID_new 2967 EXIST::FUNCTION:
@@ -2497,7 +2497,7 @@ KRB5_APREQ_new 2984 EXIST::FUNCTION:
EC_GROUP_get_curve_GFp 2985 EXIST::FUNCTION:EC
KRB5_ENCKEY_new 2986 EXIST::FUNCTION:
ASN1_template_d2i 2987 EXIST::FUNCTION:
-_ossl_old_des_quad_cksum 2988 EXIST::FUNCTION:DES
+_ossl_old_des_quad_cksum 2988 NOEXIST::FUNCTION:
OCSP_single_get0_status 2989 EXIST::FUNCTION:
BN_swap 2990 EXIST::FUNCTION:
POLICYINFO_it 2991 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
@@ -2509,8 +2509,8 @@ OCSP_RESPID_it 2994 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTI
EC_GROUP_new 2995 EXIST::FUNCTION:EC
EVP_aes_256_cbc 2996 EXIST::FUNCTION:AES
i2d_KRB5_PRINCNAME 2997 EXIST::FUNCTION:
-_ossl_old_des_encrypt2 2998 EXIST::FUNCTION:DES
-_ossl_old_des_encrypt3 2999 EXIST::FUNCTION:DES
+_ossl_old_des_encrypt2 2998 NOEXIST::FUNCTION:
+_ossl_old_des_encrypt3 2999 NOEXIST::FUNCTION:
PKCS8_PRIV_KEY_INFO_it 3000 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
PKCS8_PRIV_KEY_INFO_it 3000 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
OCSP_REQINFO_it 3001 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
@@ -2528,20 +2528,20 @@ ENGINE_get_cipher_engine 3008 EXIST::FUNCTION:ENGINE
ENGINE_register_all_ciphers 3009 EXIST::FUNCTION:ENGINE
EC_POINT_copy 3010 EXIST::FUNCTION:EC
BN_kronecker 3011 EXIST::FUNCTION:
-_ossl_old_des_ede3_ofb64_encrypt 3012 EXIST:!VMS:FUNCTION:DES
-_ossl_odes_ede3_ofb64_encrypt 3012 EXIST:VMS:FUNCTION:DES
+_ossl_odes_ede3_ofb64_encrypt 3012 NOEXIST::FUNCTION:
+_ossl_old_des_ede3_ofb64_encrypt 3012 NOEXIST::FUNCTION:
UI_method_get_reader 3013 EXIST::FUNCTION:
OCSP_BASICRESP_get_ext_count 3014 EXIST::FUNCTION:
ASN1_ENUMERATED_it 3015 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
ASN1_ENUMERATED_it 3015 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
UI_set_result 3016 EXIST::FUNCTION:
i2d_KRB5_TICKET 3017 EXIST::FUNCTION:
-X509_print_ex_fp 3018 EXIST::FUNCTION:FP_API
+X509_print_ex_fp 3018 EXIST::FUNCTION:STDIO
EVP_CIPHER_CTX_set_padding 3019 EXIST::FUNCTION:
d2i_OCSP_RESPONSE 3020 EXIST::FUNCTION:
ASN1_UTCTIME_it 3021 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
ASN1_UTCTIME_it 3021 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-_ossl_old_des_enc_write 3022 EXIST::FUNCTION:DES
+_ossl_old_des_enc_write 3022 NOEXIST::FUNCTION:
OCSP_RESPONSE_new 3023 EXIST::FUNCTION:
AES_set_encrypt_key 3024 EXIST::FUNCTION:AES
OCSP_resp_count 3025 EXIST::FUNCTION:
@@ -2559,7 +2559,7 @@ OCSP_REQUEST_new 3034 EXIST::FUNCTION:
ASN1_ANY_it 3035 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
ASN1_ANY_it 3035 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
CRYPTO_ex_data_new_class 3036 EXIST::FUNCTION:
-_ossl_old_des_ncbc_encrypt 3037 EXIST::FUNCTION:DES
+_ossl_old_des_ncbc_encrypt 3037 NOEXIST::FUNCTION:
i2d_KRB5_TKTBODY 3038 EXIST::FUNCTION:
EC_POINT_clear_free 3039 EXIST::FUNCTION:EC
AES_decrypt 3040 EXIST::FUNCTION:AES
@@ -2578,7 +2578,7 @@ i2d_EXTENDED_KEY_USAGE 3052 EXIST::FUNCTION:
i2d_OCSP_SIGNATURE 3053 EXIST::FUNCTION:
asn1_enc_save 3054 EXIST::FUNCTION:
ENGINE_load_nuron 3055 EXIST::FUNCTION:ENGINE,STATIC_ENGINE
-_ossl_old_des_pcbc_encrypt 3056 EXIST::FUNCTION:DES
+_ossl_old_des_pcbc_encrypt 3056 NOEXIST::FUNCTION:
PKCS12_MAC_DATA_it 3057 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
PKCS12_MAC_DATA_it 3057 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
OCSP_accept_responses_new 3058 EXIST::FUNCTION:
@@ -2590,12 +2590,12 @@ KRB5_APREQBODY_it 3061 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTI
i2d_OCSP_SINGLERESP 3062 EXIST::FUNCTION:
ASN1_item_ex_new 3063 EXIST::FUNCTION:
UI_add_verify_string 3064 EXIST::FUNCTION:
-_ossl_old_des_set_key 3065 EXIST::FUNCTION:DES
+_ossl_old_des_set_key 3065 NOEXIST::FUNCTION:
KRB5_PRINCNAME_it 3066 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
KRB5_PRINCNAME_it 3066 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
EVP_DecryptInit_ex 3067 EXIST::FUNCTION:
i2d_OCSP_CERTID 3068 EXIST::FUNCTION:
-ASN1_item_d2i_bio 3069 EXIST::FUNCTION:BIO
+ASN1_item_d2i_bio 3069 EXIST::FUNCTION:
EC_POINT_dbl 3070 EXIST::FUNCTION:EC
asn1_get_choice_selector 3071 EXIST::FUNCTION:
i2d_KRB5_CHECKSUM 3072 EXIST::FUNCTION:
@@ -2614,9 +2614,9 @@ OCSP_BASICRESP_get_ext_by_NID 3083 EXIST::FUNCTION:
DIST_POINT_NAME_it 3084 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
DIST_POINT_NAME_it 3084 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
X509V3_extensions_print 3085 EXIST::FUNCTION:
-_ossl_old_des_cfb64_encrypt 3086 EXIST::FUNCTION:DES
+_ossl_old_des_cfb64_encrypt 3086 NOEXIST::FUNCTION:
X509_REVOKED_add1_ext_i2d 3087 EXIST::FUNCTION:
-_ossl_old_des_ofb_encrypt 3088 EXIST::FUNCTION:DES
+_ossl_old_des_ofb_encrypt 3088 NOEXIST::FUNCTION:
KRB5_TKTBODY_new 3089 EXIST::FUNCTION:
ASN1_OCTET_STRING_it 3090 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
ASN1_OCTET_STRING_it 3090 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
@@ -2624,7 +2624,7 @@ ERR_load_UI_strings 3091 EXIST::FUNCTION:
i2d_KRB5_ENCKEY 3092 EXIST::FUNCTION:
ASN1_template_new 3093 EXIST::FUNCTION:
OCSP_SIGNATURE_free 3094 EXIST::FUNCTION:
-ASN1_item_i2d_fp 3095 EXIST::FUNCTION:FP_API
+ASN1_item_i2d_fp 3095 EXIST::FUNCTION:STDIO
KRB5_PRINCNAME_free 3096 EXIST::FUNCTION:
PKCS7_RECIP_INFO_it 3097 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
PKCS7_RECIP_INFO_it 3097 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
@@ -2705,13 +2705,13 @@ EVP_aes_192_cbc 3155 EXIST::FUNCTION:AES
KRB5_TICKET_free 3156 EXIST::FUNCTION:
UI_new 3157 EXIST::FUNCTION:
OCSP_response_create 3158 EXIST::FUNCTION:
-_ossl_old_des_xcbc_encrypt 3159 EXIST::FUNCTION:DES
+_ossl_old_des_xcbc_encrypt 3159 NOEXIST::FUNCTION:
PKCS7_it 3160 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
PKCS7_it 3160 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
OCSP_REQUEST_get_ext_by_critical 3161 EXIST:!VMS:FUNCTION:
OCSP_REQUEST_get_ext_by_crit 3161 EXIST:VMS:FUNCTION:
ENGINE_set_flags 3162 EXIST::FUNCTION:ENGINE
-_ossl_old_des_ecb_encrypt 3163 EXIST::FUNCTION:DES
+_ossl_old_des_ecb_encrypt 3163 NOEXIST::FUNCTION:
OCSP_response_get1_basic 3164 EXIST::FUNCTION:
EVP_Digest 3165 EXIST::FUNCTION:
OCSP_ONEREQ_delete_ext 3166 EXIST::FUNCTION:
@@ -2774,7 +2774,7 @@ AES_ofb128_encrypt 3215 EXIST::FUNCTION:AES
AES_ctr128_encrypt 3216 NOEXIST::FUNCTION:
AES_cfb128_encrypt 3217 EXIST::FUNCTION:AES
ENGINE_load_4758cca 3218 EXIST::FUNCTION:ENGINE,STATIC_ENGINE
-_ossl_096_des_random_seed 3219 EXIST::FUNCTION:DES
+_ossl_096_des_random_seed 3219 NOEXIST::FUNCTION:
EVP_aes_256_ofb 3220 EXIST::FUNCTION:AES
EVP_aes_192_ofb 3221 EXIST::FUNCTION:AES
EVP_aes_128_cfb128 3222 EXIST::FUNCTION:AES
@@ -2793,7 +2793,7 @@ ASN1_UNIVERSALSTRING_it 3234 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIA
ASN1_UNIVERSALSTRING_it 3234 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
d2i_ASN1_UNIVERSALSTRING 3235 EXIST::FUNCTION:
EVP_des_ede3_ecb 3236 EXIST::FUNCTION:DES
-X509_REQ_print_ex 3237 EXIST::FUNCTION:BIO
+X509_REQ_print_ex 3237 EXIST::FUNCTION:
ENGINE_up_ref 3238 EXIST::FUNCTION:ENGINE
BUF_MEM_grow_clean 3239 EXIST::FUNCTION:
CRYPTO_realloc_clean 3240 EXIST::FUNCTION:
@@ -2803,7 +2803,7 @@ BUF_strlcpy 3243 EXIST::FUNCTION:
OpenSSLDie 3244 EXIST::FUNCTION:
OPENSSL_cleanse 3245 EXIST::FUNCTION:
ENGINE_setup_bsd_cryptodev 3246 EXIST:__FreeBSD__:FUNCTION:ENGINE
-ERR_release_err_state_table 3247 EXIST::FUNCTION:LHASH
+ERR_release_err_state_table 3247 EXIST::FUNCTION:
EVP_aes_128_cfb8 3248 EXIST::FUNCTION:AES
FIPS_corrupt_rsa 3249 NOEXIST::FUNCTION:
FIPS_selftest_des 3250 NOEXIST::FUNCTION:
@@ -2870,10 +2870,10 @@ PROXY_POLICY_free 3308 EXIST::FUNCTION:
PROXY_POLICY_new 3309 EXIST::FUNCTION:
BN_MONT_CTX_set_locked 3310 EXIST::FUNCTION:
FIPS_selftest_rng 3311 NOEXIST::FUNCTION:
-EVP_sha384 3312 EXIST:!VMSVAX:FUNCTION:SHA,SHA512
-EVP_sha512 3313 EXIST:!VMSVAX:FUNCTION:SHA,SHA512
-EVP_sha224 3314 EXIST::FUNCTION:SHA,SHA256
-EVP_sha256 3315 EXIST::FUNCTION:SHA,SHA256
+EVP_sha384 3312 EXIST:!VMSVAX:FUNCTION:
+EVP_sha512 3313 EXIST:!VMSVAX:FUNCTION:
+EVP_sha224 3314 EXIST::FUNCTION:
+EVP_sha256 3315 EXIST::FUNCTION:
FIPS_selftest_hmac 3316 NOEXIST::FUNCTION:
FIPS_corrupt_rng 3317 NOEXIST::FUNCTION:
BN_mod_exp_mont_consttime 3318 EXIST::FUNCTION:
@@ -2899,7 +2899,7 @@ STORE_method_set_list_start_function 3336 NOEXIST::FUNCTION:
BN_BLINDING_invert_ex 3337 EXIST::FUNCTION:
NAME_CONSTRAINTS_free 3338 EXIST::FUNCTION:
STORE_ATTR_INFO_set_number 3339 NOEXIST::FUNCTION:
-BN_BLINDING_get_thread_id 3340 EXIST::FUNCTION:DEPRECATED
+BN_BLINDING_get_thread_id 3340 NOEXIST::FUNCTION:
X509_STORE_CTX_set0_param 3341 EXIST::FUNCTION:
POLICY_MAPPING_it 3342 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
POLICY_MAPPING_it 3342 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
@@ -2918,7 +2918,7 @@ EC_KEY_new_by_curve_name 3353 EXIST::FUNCTION:EC
STORE_meth_get_update_store_fn 3354 NOEXIST::FUNCTION:
STORE_method_get_update_store_function 3354 NOEXIST::FUNCTION:
ENGINE_register_ECDH 3355 EXIST::FUNCTION:ENGINE
-SHA512_Update 3356 EXIST:!VMSVAX:FUNCTION:SHA,SHA512
+SHA512_Update 3356 EXIST:!VMSVAX:FUNCTION:
i2d_ECPrivateKey 3357 EXIST::FUNCTION:EC
BN_get0_nist_prime_192 3358 EXIST::FUNCTION:
STORE_modify_certificate 3359 NOEXIST::FUNCTION:
@@ -2933,7 +2933,7 @@ BN_GF2m_mod_mul_arr 3366 EXIST::FUNCTION:EC2M
STORE_list_public_key_endp 3367 NOEXIST::FUNCTION:
o2i_ECPublicKey 3368 EXIST::FUNCTION:EC
EC_KEY_copy 3369 EXIST::FUNCTION:EC
-BIO_dump_fp 3370 EXIST::FUNCTION:FP_API
+BIO_dump_fp 3370 EXIST::FUNCTION:STDIO
X509_policy_node_get0_parent 3371 EXIST::FUNCTION:
EC_GROUP_check_discriminant 3372 EXIST::FUNCTION:EC
i2o_ECPublicKey 3373 EXIST::FUNCTION:EC
@@ -2999,7 +2999,7 @@ STORE_meth_set_list_end_fn 3427 NOEXIST::FUNCTION:
STORE_method_set_list_end_function 3427 NOEXIST::FUNCTION:
pqueue_print 3428 EXIST::FUNCTION:
EC_GROUP_have_precompute_mult 3429 EXIST::FUNCTION:EC
-EC_KEY_print_fp 3430 EXIST::FUNCTION:EC,FP_API
+EC_KEY_print_fp 3430 EXIST::FUNCTION:EC,STDIO
BN_GF2m_mod_arr 3431 EXIST::FUNCTION:EC2M
PEM_write_bio_X509_CERT_PAIR 3432 EXIST::FUNCTION:
EVP_PKEY_cmp 3433 EXIST::FUNCTION:
@@ -3022,8 +3022,8 @@ X509_pcy_node_get0_qualifiers 3448 EXIST:VMS:FUNCTION:
STORE_list_crl_end 3449 NOEXIST::FUNCTION:
EVP_PKEY_set1_EC_KEY 3450 EXIST::FUNCTION:EC
BN_GF2m_mod_sqrt_arr 3451 EXIST::FUNCTION:EC2M
-i2d_ECPrivateKey_bio 3452 EXIST::FUNCTION:BIO,EC
-ECPKParameters_print_fp 3453 EXIST::FUNCTION:EC,FP_API
+i2d_ECPrivateKey_bio 3452 EXIST::FUNCTION:EC
+ECPKParameters_print_fp 3453 EXIST::FUNCTION:EC,STDIO
pqueue_find 3454 EXIST::FUNCTION:
ECDSA_SIG_free 3455 EXIST::FUNCTION:ECDSA
PEM_write_bio_ECPKParameters 3456 EXIST::FUNCTION:EC
@@ -3050,13 +3050,13 @@ STORE_meth_set_generate_fn 3476 NOEXIST::FUNCTION:
STORE_method_set_generate_function 3476 NOEXIST::FUNCTION:
ENGINE_set_ECDH 3477 EXIST::FUNCTION:ENGINE
NAME_CONSTRAINTS_new 3478 EXIST::FUNCTION:
-SHA256_Init 3479 EXIST::FUNCTION:SHA,SHA256
+SHA256_Init 3479 EXIST::FUNCTION:
EC_KEY_get0_public_key 3480 EXIST::FUNCTION:EC
PEM_write_bio_EC_PUBKEY 3481 EXIST::FUNCTION:EC
STORE_ATTR_INFO_set_cstr 3482 NOEXIST::FUNCTION:
STORE_list_crl_next 3483 NOEXIST::FUNCTION:
STORE_ATTR_INFO_in_range 3484 NOEXIST::FUNCTION:
-ECParameters_print 3485 EXIST::FUNCTION:BIO,EC
+ECParameters_print 3485 EXIST::FUNCTION:EC
STORE_meth_set_delete_fn 3486 NOEXIST::FUNCTION:
STORE_method_set_delete_function 3486 NOEXIST::FUNCTION:
STORE_list_certificate_next 3487 NOEXIST::FUNCTION:
@@ -3081,11 +3081,11 @@ BN_is_prime_ex 3503 EXIST::FUNCTION:
STORE_revoke_public_key 3504 NOEXIST::FUNCTION:
X509_STORE_CTX_get0_param 3505 EXIST::FUNCTION:
STORE_delete_arbitrary 3506 NOEXIST::FUNCTION:
-PEM_read_X509_CERT_PAIR 3507 EXIST:!WIN16:FUNCTION:
+PEM_read_X509_CERT_PAIR 3507 EXIST::FUNCTION:
X509_STORE_set_depth 3508 EXIST::FUNCTION:
ECDSA_get_ex_data 3509 EXIST::FUNCTION:ECDSA
-SHA224 3510 EXIST::FUNCTION:SHA,SHA256
-BIO_dump_indent_fp 3511 EXIST::FUNCTION:FP_API
+SHA224 3510 EXIST::FUNCTION:
+BIO_dump_indent_fp 3511 EXIST::FUNCTION:STDIO
EC_KEY_set_group 3512 EXIST::FUNCTION:EC
BUF_strndup 3513 EXIST::FUNCTION:
STORE_list_certificate_start 3514 NOEXIST::FUNCTION:
@@ -3129,21 +3129,21 @@ POLICY_CONSTRAINTS_new 3547 EXIST::FUNCTION:
BN_GF2m_mod_sqrt 3548 EXIST::FUNCTION:EC2M
ECDH_set_default_method 3549 EXIST::FUNCTION:ECDH
EC_KEY_generate_key 3550 EXIST::FUNCTION:EC
-SHA384_Update 3551 EXIST:!VMSVAX:FUNCTION:SHA,SHA512
+SHA384_Update 3551 EXIST:!VMSVAX:FUNCTION:
BN_GF2m_arr2poly 3552 EXIST::FUNCTION:EC2M
STORE_method_get_get_function 3553 NOEXIST::FUNCTION:
STORE_meth_set_cleanup_fn 3554 NOEXIST::FUNCTION:
STORE_method_set_cleanup_function 3554 NOEXIST::FUNCTION:
EC_GROUP_check 3555 EXIST::FUNCTION:EC
-d2i_ECPrivateKey_bio 3556 EXIST::FUNCTION:BIO,EC
+d2i_ECPrivateKey_bio 3556 EXIST::FUNCTION:EC
EC_KEY_insert_key_method_data 3557 EXIST::FUNCTION:EC
STORE_meth_get_lock_store_fn 3558 NOEXIST::FUNCTION:
STORE_method_get_lock_store_function 3558 NOEXIST::FUNCTION:
X509_VERIFY_PARAM_get_depth 3559 EXIST::FUNCTION:
-SHA224_Final 3560 EXIST::FUNCTION:SHA,SHA256
+SHA224_Final 3560 EXIST::FUNCTION:
STORE_meth_set_update_store_fn 3561 NOEXIST::FUNCTION:
STORE_method_set_update_store_function 3561 NOEXIST::FUNCTION:
-SHA224_Update 3562 EXIST::FUNCTION:SHA,SHA256
+SHA224_Update 3562 EXIST::FUNCTION:
d2i_ECPrivateKey 3563 EXIST::FUNCTION:EC
ASN1_item_ndef_i2d 3564 EXIST::FUNCTION:
STORE_delete_private_key 3565 NOEXIST::FUNCTION:
@@ -3162,12 +3162,12 @@ STORE_store_public_key 3577 NOEXIST::FUNCTION:
X509_CERT_PAIR_free 3578 EXIST::FUNCTION:
STORE_revoke_private_key 3579 NOEXIST::FUNCTION:
BN_nist_mod_224 3580 EXIST::FUNCTION:
-SHA512_Final 3581 EXIST:!VMSVAX:FUNCTION:SHA,SHA512
+SHA512_Final 3581 EXIST:!VMSVAX:FUNCTION:
STORE_ATTR_INFO_modify_dn 3582 NOEXIST::FUNCTION:
STORE_meth_get_initialise_fn 3583 NOEXIST::FUNCTION:
STORE_method_get_initialise_function 3583 NOEXIST::FUNCTION:
STORE_delete_number 3584 NOEXIST::FUNCTION:
-i2d_EC_PUBKEY_bio 3585 EXIST::FUNCTION:BIO,EC
+i2d_EC_PUBKEY_bio 3585 EXIST::FUNCTION:EC
BIO_dgram_non_fatal_error 3586 EXIST::FUNCTION:
EC_GROUP_get_asn1_flag 3587 EXIST::FUNCTION:EC
STORE_ATTR_INFO_in_ex 3588 NOEXIST::FUNCTION:
@@ -3192,9 +3192,9 @@ STORE_method_set_unlock_store_function 3603 NOEXIST::FUNCTION:
BN_GF2m_mod_div_arr 3604 EXIST::FUNCTION:EC2M
ENGINE_set_ECDSA 3605 EXIST::FUNCTION:ENGINE
STORE_create_method 3606 NOEXIST::FUNCTION:
-ECPKParameters_print 3607 EXIST::FUNCTION:BIO,EC
+ECPKParameters_print 3607 EXIST::FUNCTION:EC
EC_KEY_get0_private_key 3608 EXIST::FUNCTION:EC
-PEM_write_EC_PUBKEY 3609 EXIST:!WIN16:FUNCTION:EC
+PEM_write_EC_PUBKEY 3609 EXIST::FUNCTION:EC
X509_VERIFY_PARAM_set1 3610 EXIST::FUNCTION:
ECDH_set_method 3611 EXIST::FUNCTION:ECDH
v2i_GENERAL_NAME_ex 3612 EXIST::FUNCTION:
@@ -3204,7 +3204,7 @@ BN_nist_mod_521 3615 EXIST::FUNCTION:
X509_policy_tree_get0_level 3616 EXIST::FUNCTION:
EC_GROUP_set_point_conversion_form 3617 EXIST:!VMS:FUNCTION:EC
EC_GROUP_set_point_conv_form 3617 EXIST:VMS:FUNCTION:EC
-PEM_read_EC_PUBKEY 3618 EXIST:!WIN16:FUNCTION:EC
+PEM_read_EC_PUBKEY 3618 EXIST::FUNCTION:EC
i2d_ECDSA_SIG 3619 EXIST::FUNCTION:ECDSA
ECDSA_OpenSSL 3620 EXIST::FUNCTION:ECDSA
STORE_delete_crl 3621 NOEXIST::FUNCTION:
@@ -3219,9 +3219,9 @@ STORE_revoke_certificate 3628 NOEXIST::FUNCTION:
BN_get0_nist_prime_256 3629 EXIST::FUNCTION:
STORE_meth_get_delete_fn 3630 NOEXIST::FUNCTION:
STORE_method_get_delete_function 3630 NOEXIST::FUNCTION:
-SHA224_Init 3631 EXIST::FUNCTION:SHA,SHA256
-PEM_read_ECPrivateKey 3632 EXIST:!WIN16:FUNCTION:EC
-SHA512_Init 3633 EXIST:!VMSVAX:FUNCTION:SHA,SHA512
+SHA224_Init 3631 EXIST::FUNCTION:
+PEM_read_ECPrivateKey 3632 EXIST::FUNCTION:EC
+SHA512_Init 3633 EXIST:!VMSVAX:FUNCTION:
STORE_parse_attrs_endp 3634 NOEXIST::FUNCTION:
BN_set_negative 3635 EXIST::FUNCTION:
ERR_load_ECDSA_strings 3636 EXIST::FUNCTION:ECDSA
@@ -3231,7 +3231,7 @@ i2v_ASN1_BIT_STRING 3639 EXIST::FUNCTION:
STORE_OBJECT_free 3640 NOEXIST::FUNCTION:
BN_nist_mod_384 3641 EXIST::FUNCTION:
i2d_X509_CERT_PAIR 3642 EXIST::FUNCTION:
-PEM_write_ECPKParameters 3643 EXIST:!WIN16:FUNCTION:EC
+PEM_write_ECPKParameters 3643 EXIST::FUNCTION:EC
ECDH_compute_key 3644 EXIST::FUNCTION:ECDH
STORE_ATTR_INFO_get0_sha1str 3645 NOEXIST::FUNCTION:
ENGINE_register_all_ECDH 3646 EXIST::FUNCTION:ENGINE
@@ -3243,8 +3243,8 @@ STORE_get_ex_new_index 3650 NOEXIST::FUNCTION:
EVP_PKEY_get_attr_by_OBJ 3651 EXIST::FUNCTION:
X509_VERIFY_PARAM_add0_policy 3652 EXIST::FUNCTION:
BN_GF2m_mod_solve_quad 3653 EXIST::FUNCTION:EC2M
-SHA256 3654 EXIST::FUNCTION:SHA,SHA256
-i2d_ECPrivateKey_fp 3655 EXIST::FUNCTION:EC,FP_API
+SHA256 3654 EXIST::FUNCTION:
+i2d_ECPrivateKey_fp 3655 EXIST::FUNCTION:EC,STDIO
X509_policy_tree_get0_user_policies 3656 EXIST:!VMS:FUNCTION:
X509_pcy_tree_get0_usr_policies 3656 EXIST:VMS:FUNCTION:
OPENSSL_DIR_read 3657 EXIST::FUNCTION:
@@ -3255,32 +3255,32 @@ EC_POINT_get_affine_coords_GF2m 3660 EXIST:VMS:FUNCTION:EC,EC2M
EC_GROUP_dup 3661 EXIST::FUNCTION:EC
ENGINE_get_default_ECDSA 3662 EXIST::FUNCTION:ENGINE
EC_KEY_new 3663 EXIST::FUNCTION:EC
-SHA256_Transform 3664 EXIST::FUNCTION:SHA,SHA256
+SHA256_Transform 3664 EXIST::FUNCTION:
EC_KEY_set_enc_flags 3665 EXIST::FUNCTION:EC
ECDSA_verify 3666 EXIST::FUNCTION:ECDSA
EC_POINT_point2hex 3667 EXIST::FUNCTION:EC
ENGINE_get_STORE 3668 EXIST::FUNCTION:ENGINE
-SHA512 3669 EXIST:!VMSVAX:FUNCTION:SHA,SHA512
+SHA512 3669 EXIST:!VMSVAX:FUNCTION:
STORE_get_certificate 3670 NOEXIST::FUNCTION:
ECDSA_do_sign_ex 3671 EXIST::FUNCTION:ECDSA
ECDSA_do_verify 3672 EXIST::FUNCTION:ECDSA
-d2i_ECPrivateKey_fp 3673 EXIST::FUNCTION:EC,FP_API
+d2i_ECPrivateKey_fp 3673 EXIST::FUNCTION:EC,STDIO
STORE_delete_certificate 3674 NOEXIST::FUNCTION:
-SHA512_Transform 3675 EXIST:!VMSVAX:FUNCTION:SHA,SHA512
+SHA512_Transform 3675 EXIST:!VMSVAX:FUNCTION:
X509_STORE_set1_param 3676 EXIST::FUNCTION:
STORE_method_get_ctrl_function 3677 NOEXIST::FUNCTION:
STORE_free 3678 NOEXIST::FUNCTION:
-PEM_write_ECPrivateKey 3679 EXIST:!WIN16:FUNCTION:EC
+PEM_write_ECPrivateKey 3679 EXIST::FUNCTION:EC
STORE_meth_get_unlock_store_fn 3680 NOEXIST::FUNCTION:
STORE_method_get_unlock_store_function 3680 NOEXIST::FUNCTION:
STORE_get_ex_data 3681 NOEXIST::FUNCTION:
EC_KEY_set_public_key 3682 EXIST::FUNCTION:EC
-PEM_read_ECPKParameters 3683 EXIST:!WIN16:FUNCTION:EC
+PEM_read_ECPKParameters 3683 EXIST::FUNCTION:EC
X509_CERT_PAIR_new 3684 EXIST::FUNCTION:
ENGINE_register_STORE 3685 EXIST::FUNCTION:ENGINE
RSA_generate_key_ex 3686 EXIST::FUNCTION:RSA
DSA_generate_parameters_ex 3687 EXIST::FUNCTION:DSA
-ECParameters_print_fp 3688 EXIST::FUNCTION:EC,FP_API
+ECParameters_print_fp 3688 EXIST::FUNCTION:EC,STDIO
X509V3_NAME_from_section 3689 EXIST::FUNCTION:
EVP_PKEY_add1_attr 3690 EXIST::FUNCTION:
STORE_modify_crl 3691 NOEXIST::FUNCTION:
@@ -3290,23 +3290,23 @@ POLICY_MAPPINGS_it 3693 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTI
GENERAL_SUBTREE_it 3694 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
GENERAL_SUBTREE_it 3694 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
EC_GROUP_get_curve_name 3695 EXIST::FUNCTION:EC
-PEM_write_X509_CERT_PAIR 3696 EXIST:!WIN16:FUNCTION:
+PEM_write_X509_CERT_PAIR 3696 EXIST::FUNCTION:
BIO_dump_indent_cb 3697 EXIST::FUNCTION:
d2i_X509_CERT_PAIR 3698 EXIST::FUNCTION:
STORE_list_private_key_endp 3699 NOEXIST::FUNCTION:
asn1_const_Finish 3700 EXIST::FUNCTION:
-i2d_EC_PUBKEY_fp 3701 EXIST::FUNCTION:EC,FP_API
+i2d_EC_PUBKEY_fp 3701 EXIST::FUNCTION:EC,STDIO
BN_nist_mod_256 3702 EXIST::FUNCTION:
X509_VERIFY_PARAM_add0_table 3703 EXIST::FUNCTION:
pqueue_free 3704 EXIST::FUNCTION:
BN_BLINDING_create_param 3705 EXIST::FUNCTION:
ECDSA_size 3706 EXIST::FUNCTION:ECDSA
-d2i_EC_PUBKEY_bio 3707 EXIST::FUNCTION:BIO,EC
+d2i_EC_PUBKEY_bio 3707 EXIST::FUNCTION:EC
BN_get0_nist_prime_521 3708 EXIST::FUNCTION:
STORE_ATTR_INFO_modify_sha1str 3709 NOEXIST::FUNCTION:
BN_generate_prime_ex 3710 EXIST::FUNCTION:
EC_GROUP_new_by_curve_name 3711 EXIST::FUNCTION:EC
-SHA256_Final 3712 EXIST::FUNCTION:SHA,SHA256
+SHA256_Final 3712 EXIST::FUNCTION:
DH_generate_parameters_ex 3713 EXIST::FUNCTION:DH
PEM_read_bio_ECPrivateKey 3714 EXIST::FUNCTION:EC
STORE_meth_get_cleanup_fn 3715 NOEXIST::FUNCTION:
@@ -3319,7 +3319,7 @@ X509_policy_check 3720 EXIST::FUNCTION:
EVP_PKEY_get_attr_by_NID 3721 EXIST::FUNCTION:
STORE_set_ex_data 3722 NOEXIST::FUNCTION:
ENGINE_get_ECDSA 3723 EXIST::FUNCTION:ENGINE
-EVP_ecdsa 3724 EXIST::FUNCTION:SHA
+EVP_ecdsa 3724 EXIST::FUNCTION:
BN_BLINDING_get_flags 3725 EXIST::FUNCTION:
PKCS12_add_cert 3726 EXIST::FUNCTION:
STORE_OBJECT_new 3727 NOEXIST::FUNCTION:
@@ -3332,22 +3332,22 @@ d2i_ECParameters 3733 EXIST::FUNCTION:EC
STORE_list_certificate_end 3734 NOEXIST::FUNCTION:
STORE_get_crl 3735 NOEXIST::FUNCTION:
X509_POLICY_NODE_print 3736 EXIST::FUNCTION:
-SHA384_Init 3737 EXIST:!VMSVAX:FUNCTION:SHA,SHA512
+SHA384_Init 3737 EXIST:!VMSVAX:FUNCTION:
EC_GF2m_simple_method 3738 EXIST::FUNCTION:EC,EC2M
ECDSA_set_ex_data 3739 EXIST::FUNCTION:ECDSA
-SHA384_Final 3740 EXIST:!VMSVAX:FUNCTION:SHA,SHA512
+SHA384_Final 3740 EXIST:!VMSVAX:FUNCTION:
PKCS7_set_digest 3741 EXIST::FUNCTION:
-EC_KEY_print 3742 EXIST::FUNCTION:BIO,EC
+EC_KEY_print 3742 EXIST::FUNCTION:EC
STORE_meth_set_lock_store_fn 3743 NOEXIST::FUNCTION:
STORE_method_set_lock_store_function 3743 NOEXIST::FUNCTION:
ECDSA_get_ex_new_index 3744 EXIST::FUNCTION:ECDSA
-SHA384 3745 EXIST:!VMSVAX:FUNCTION:SHA,SHA512
+SHA384 3745 EXIST:!VMSVAX:FUNCTION:
POLICY_MAPPING_new 3746 EXIST::FUNCTION:
STORE_list_certificate_endp 3747 NOEXIST::FUNCTION:
X509_STORE_CTX_get0_policy_tree 3748 EXIST::FUNCTION:
EC_GROUP_set_asn1_flag 3749 EXIST::FUNCTION:EC
EC_KEY_check_key 3750 EXIST::FUNCTION:EC
-d2i_EC_PUBKEY_fp 3751 EXIST::FUNCTION:EC,FP_API
+d2i_EC_PUBKEY_fp 3751 EXIST::FUNCTION:EC,STDIO
PKCS7_set0_type_other 3752 EXIST::FUNCTION:
PEM_read_bio_X509_CERT_PAIR 3753 EXIST::FUNCTION:
pqueue_next 3754 EXIST::FUNCTION:
@@ -3362,12 +3362,12 @@ PKCS12_add_key 3761 EXIST::FUNCTION:
DSO_merge 3762 EXIST::FUNCTION:
EC_POINT_hex2point 3763 EXIST::FUNCTION:EC
BIO_dump_cb 3764 EXIST::FUNCTION:
-SHA256_Update 3765 EXIST::FUNCTION:SHA,SHA256
+SHA256_Update 3765 EXIST::FUNCTION:
pqueue_insert 3766 EXIST::FUNCTION:
pitem_free 3767 EXIST::FUNCTION:
BN_GF2m_mod_inv_arr 3768 EXIST::FUNCTION:EC2M
ENGINE_unregister_ECDSA 3769 EXIST::FUNCTION:ENGINE
-BN_BLINDING_set_thread_id 3770 EXIST::FUNCTION:DEPRECATED
+BN_BLINDING_set_thread_id 3770 NOEXIST::FUNCTION:
get_rfc3526_prime_8192 3771 EXIST::FUNCTION:
X509_VERIFY_PARAM_clear_flags 3772 EXIST::FUNCTION:
get_rfc2409_prime_1024 3773 EXIST::FUNCTION:
@@ -3411,106 +3411,106 @@ EVP_camellia_256_cfb8 3810 EXIST::FUNCTION:CAMELLIA
EVP_camellia_256_ecb 3811 EXIST::FUNCTION:CAMELLIA
EVP_camellia_256_ofb 3812 EXIST::FUNCTION:CAMELLIA
a2i_ipadd 3813 EXIST::FUNCTION:
-ASIdentifiers_free 3814 EXIST::FUNCTION:RFC3779
-i2d_ASIdOrRange 3815 EXIST::FUNCTION:RFC3779
+ASIdentifiers_free 3814 EXIST::FUNCTION:
+i2d_ASIdOrRange 3815 EXIST::FUNCTION:
EVP_CIPHER_block_size 3816 EXIST::FUNCTION:
-v3_asid_is_canonical 3817 EXIST::FUNCTION:RFC3779
-IPAddressChoice_free 3818 EXIST::FUNCTION:RFC3779
+v3_asid_is_canonical 3817 EXIST::FUNCTION:
+IPAddressChoice_free 3818 EXIST::FUNCTION:
EVP_CIPHER_CTX_set_app_data 3819 EXIST::FUNCTION:
BIO_set_callback_arg 3820 EXIST::FUNCTION:
-v3_addr_add_prefix 3821 EXIST::FUNCTION:RFC3779
-IPAddressOrRange_it 3822 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:RFC3779
-IPAddressOrRange_it 3822 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:RFC3779
+v3_addr_add_prefix 3821 EXIST::FUNCTION:
+IPAddressOrRange_it 3822 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+IPAddressOrRange_it 3822 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
BIO_set_flags 3823 EXIST::FUNCTION:
-ASIdentifiers_it 3824 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:RFC3779
-ASIdentifiers_it 3824 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:RFC3779
-v3_addr_get_range 3825 EXIST::FUNCTION:RFC3779
+ASIdentifiers_it 3824 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+ASIdentifiers_it 3824 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+v3_addr_get_range 3825 EXIST::FUNCTION:
BIO_method_type 3826 EXIST::FUNCTION:
-v3_addr_inherits 3827 EXIST::FUNCTION:RFC3779
-IPAddressChoice_it 3828 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:RFC3779
-IPAddressChoice_it 3828 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:RFC3779
+v3_addr_inherits 3827 EXIST::FUNCTION:
+IPAddressChoice_it 3828 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+IPAddressChoice_it 3828 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
AES_ige_encrypt 3829 EXIST::FUNCTION:AES
-v3_addr_add_range 3830 EXIST::FUNCTION:RFC3779
+v3_addr_add_range 3830 EXIST::FUNCTION:
EVP_CIPHER_CTX_nid 3831 EXIST::FUNCTION:
-d2i_ASRange 3832 EXIST::FUNCTION:RFC3779
-v3_addr_add_inherit 3833 EXIST::FUNCTION:RFC3779
-v3_asid_add_id_or_range 3834 EXIST::FUNCTION:RFC3779
-v3_addr_validate_resource_set 3835 EXIST::FUNCTION:RFC3779
+d2i_ASRange 3832 EXIST::FUNCTION:
+v3_addr_add_inherit 3833 EXIST::FUNCTION:
+v3_asid_add_id_or_range 3834 EXIST::FUNCTION:
+v3_addr_validate_resource_set 3835 EXIST::FUNCTION:
EVP_CIPHER_iv_length 3836 EXIST::FUNCTION:
EVP_MD_type 3837 EXIST::FUNCTION:
-v3_asid_canonize 3838 EXIST::FUNCTION:RFC3779
-IPAddressRange_free 3839 EXIST::FUNCTION:RFC3779
-v3_asid_add_inherit 3840 EXIST::FUNCTION:RFC3779
+v3_asid_canonize 3838 EXIST::FUNCTION:
+IPAddressRange_free 3839 EXIST::FUNCTION:
+v3_asid_add_inherit 3840 EXIST::FUNCTION:
EVP_CIPHER_CTX_key_length 3841 EXIST::FUNCTION:
-IPAddressRange_new 3842 EXIST::FUNCTION:RFC3779
-ASIdOrRange_new 3843 EXIST::FUNCTION:RFC3779
+IPAddressRange_new 3842 EXIST::FUNCTION:
+ASIdOrRange_new 3843 EXIST::FUNCTION:
EVP_MD_size 3844 EXIST::FUNCTION:
EVP_MD_CTX_test_flags 3845 EXIST::FUNCTION:
BIO_clear_flags 3846 EXIST::FUNCTION:
-i2d_ASRange 3847 EXIST::FUNCTION:RFC3779
-IPAddressRange_it 3848 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:RFC3779
-IPAddressRange_it 3848 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:RFC3779
-IPAddressChoice_new 3849 EXIST::FUNCTION:RFC3779
-ASIdentifierChoice_new 3850 EXIST::FUNCTION:RFC3779
-ASRange_free 3851 EXIST::FUNCTION:RFC3779
+i2d_ASRange 3847 EXIST::FUNCTION:
+IPAddressRange_it 3848 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+IPAddressRange_it 3848 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+IPAddressChoice_new 3849 EXIST::FUNCTION:
+ASIdentifierChoice_new 3850 EXIST::FUNCTION:
+ASRange_free 3851 EXIST::FUNCTION:
EVP_MD_pkey_type 3852 EXIST::FUNCTION:
EVP_MD_CTX_clear_flags 3853 EXIST::FUNCTION:
-IPAddressFamily_free 3854 EXIST::FUNCTION:RFC3779
-i2d_IPAddressFamily 3855 EXIST::FUNCTION:RFC3779
-IPAddressOrRange_new 3856 EXIST::FUNCTION:RFC3779
+IPAddressFamily_free 3854 EXIST::FUNCTION:
+i2d_IPAddressFamily 3855 EXIST::FUNCTION:
+IPAddressOrRange_new 3856 EXIST::FUNCTION:
EVP_CIPHER_flags 3857 EXIST::FUNCTION:
-v3_asid_validate_resource_set 3858 EXIST::FUNCTION:RFC3779
-d2i_IPAddressRange 3859 EXIST::FUNCTION:RFC3779
+v3_asid_validate_resource_set 3858 EXIST::FUNCTION:
+d2i_IPAddressRange 3859 EXIST::FUNCTION:
AES_bi_ige_encrypt 3860 EXIST::FUNCTION:AES
BIO_get_callback 3861 EXIST::FUNCTION:
-IPAddressOrRange_free 3862 EXIST::FUNCTION:RFC3779
-v3_addr_subset 3863 EXIST::FUNCTION:RFC3779
-d2i_IPAddressFamily 3864 EXIST::FUNCTION:RFC3779
-v3_asid_subset 3865 EXIST::FUNCTION:RFC3779
+IPAddressOrRange_free 3862 EXIST::FUNCTION:
+v3_addr_subset 3863 EXIST::FUNCTION:
+d2i_IPAddressFamily 3864 EXIST::FUNCTION:
+v3_asid_subset 3865 EXIST::FUNCTION:
BIO_test_flags 3866 EXIST::FUNCTION:
-i2d_ASIdentifierChoice 3867 EXIST::FUNCTION:RFC3779
-ASRange_it 3868 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:RFC3779
-ASRange_it 3868 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:RFC3779
-d2i_ASIdentifiers 3869 EXIST::FUNCTION:RFC3779
-ASRange_new 3870 EXIST::FUNCTION:RFC3779
-d2i_IPAddressChoice 3871 EXIST::FUNCTION:RFC3779
-v3_addr_get_afi 3872 EXIST::FUNCTION:RFC3779
+i2d_ASIdentifierChoice 3867 EXIST::FUNCTION:
+ASRange_it 3868 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+ASRange_it 3868 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+d2i_ASIdentifiers 3869 EXIST::FUNCTION:
+ASRange_new 3870 EXIST::FUNCTION:
+d2i_IPAddressChoice 3871 EXIST::FUNCTION:
+v3_addr_get_afi 3872 EXIST::FUNCTION:
EVP_CIPHER_key_length 3873 EXIST::FUNCTION:
EVP_Cipher 3874 EXIST::FUNCTION:
-i2d_IPAddressOrRange 3875 EXIST::FUNCTION:RFC3779
-ASIdOrRange_it 3876 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:RFC3779
-ASIdOrRange_it 3876 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:RFC3779
+i2d_IPAddressOrRange 3875 EXIST::FUNCTION:
+ASIdOrRange_it 3876 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+ASIdOrRange_it 3876 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
EVP_CIPHER_nid 3877 EXIST::FUNCTION:
-i2d_IPAddressChoice 3878 EXIST::FUNCTION:RFC3779
+i2d_IPAddressChoice 3878 EXIST::FUNCTION:
EVP_CIPHER_CTX_block_size 3879 EXIST::FUNCTION:
-ASIdentifiers_new 3880 EXIST::FUNCTION:RFC3779
-v3_addr_validate_path 3881 EXIST::FUNCTION:RFC3779
-IPAddressFamily_new 3882 EXIST::FUNCTION:RFC3779
+ASIdentifiers_new 3880 EXIST::FUNCTION:
+v3_addr_validate_path 3881 EXIST::FUNCTION:
+IPAddressFamily_new 3882 EXIST::FUNCTION:
EVP_MD_CTX_set_flags 3883 EXIST::FUNCTION:
-v3_addr_is_canonical 3884 EXIST::FUNCTION:RFC3779
-i2d_IPAddressRange 3885 EXIST::FUNCTION:RFC3779
-IPAddressFamily_it 3886 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:RFC3779
-IPAddressFamily_it 3886 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:RFC3779
-v3_asid_inherits 3887 EXIST::FUNCTION:RFC3779
+v3_addr_is_canonical 3884 EXIST::FUNCTION:
+i2d_IPAddressRange 3885 EXIST::FUNCTION:
+IPAddressFamily_it 3886 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+IPAddressFamily_it 3886 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+v3_asid_inherits 3887 EXIST::FUNCTION:
EVP_CIPHER_CTX_cipher 3888 EXIST::FUNCTION:
EVP_CIPHER_CTX_get_app_data 3889 EXIST::FUNCTION:
EVP_MD_block_size 3890 EXIST::FUNCTION:
EVP_CIPHER_CTX_flags 3891 EXIST::FUNCTION:
-v3_asid_validate_path 3892 EXIST::FUNCTION:RFC3779
-d2i_IPAddressOrRange 3893 EXIST::FUNCTION:RFC3779
-v3_addr_canonize 3894 EXIST::FUNCTION:RFC3779
-ASIdentifierChoice_it 3895 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:RFC3779
-ASIdentifierChoice_it 3895 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:RFC3779
+v3_asid_validate_path 3892 EXIST::FUNCTION:
+d2i_IPAddressOrRange 3893 EXIST::FUNCTION:
+v3_addr_canonize 3894 EXIST::FUNCTION:
+ASIdentifierChoice_it 3895 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+ASIdentifierChoice_it 3895 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
EVP_MD_CTX_md 3896 EXIST::FUNCTION:
-d2i_ASIdentifierChoice 3897 EXIST::FUNCTION:RFC3779
+d2i_ASIdentifierChoice 3897 EXIST::FUNCTION:
BIO_method_name 3898 EXIST::FUNCTION:
EVP_CIPHER_CTX_iv_length 3899 EXIST::FUNCTION:
-ASIdOrRange_free 3900 EXIST::FUNCTION:RFC3779
-ASIdentifierChoice_free 3901 EXIST::FUNCTION:RFC3779
+ASIdOrRange_free 3900 EXIST::FUNCTION:
+ASIdentifierChoice_free 3901 EXIST::FUNCTION:
BIO_get_callback_arg 3902 EXIST::FUNCTION:
BIO_set_callback 3903 EXIST::FUNCTION:
-d2i_ASIdOrRange 3904 EXIST::FUNCTION:RFC3779
-i2d_ASIdentifiers 3905 EXIST::FUNCTION:RFC3779
+d2i_ASIdOrRange 3904 EXIST::FUNCTION:
+i2d_ASIdentifiers 3905 EXIST::FUNCTION:
CRYPTO_memcmp 3906 EXIST::FUNCTION:
BN_consttime_swap 3907 EXIST::FUNCTION:
SEED_decrypt 3908 EXIST::FUNCTION:SEED
@@ -3546,7 +3546,7 @@ BIO_f_zlib 3935 EXIST:ZLIB:FUNCTION:
COMP_zlib_cleanup 3936 EXIST::FUNCTION:
d2i_X509_ALGORS 3937 EXIST::FUNCTION:
CMS_ReceiptRequest_free 3938 EXIST::FUNCTION:CMS
-PEM_write_CMS 3939 EXIST:!WIN16:FUNCTION:CMS
+PEM_write_CMS 3939 EXIST::FUNCTION:CMS
CMS_add0_CertificateChoices 3940 EXIST::FUNCTION:CMS
CMS_unsigned_add1_attr_by_OBJ 3941 EXIST::FUNCTION:CMS
ERR_load_CMS_strings 3942 EXIST::FUNCTION:CMS
@@ -3592,7 +3592,7 @@ int_smime_write_ASN1 3979 NOEXIST::FUNCTION:
CMS_unsigned_delete_attr 3980 EXIST::FUNCTION:CMS
CMS_unsigned_get_attr_count 3981 EXIST::FUNCTION:CMS
CMS_add_smimecap 3982 EXIST::FUNCTION:CMS
-PEM_read_CMS 3983 EXIST:!WIN16:FUNCTION:CMS
+PEM_read_CMS 3983 EXIST::FUNCTION:CMS
CMS_signed_get_attr_by_OBJ 3984 EXIST::FUNCTION:CMS
d2i_CMS_ContentInfo 3985 EXIST::FUNCTION:CMS
CMS_add_standard_smimecap 3986 EXIST::FUNCTION:CMS
@@ -3913,7 +3913,7 @@ TS_VERIFY_CTX_cleanup 4291 EXIST::FUNCTION:
TS_STATUS_INFO_free 4292 EXIST::FUNCTION:
TS_RESP_verify_token 4293 EXIST::FUNCTION:
OBJ_bsearch_ex_ 4294 EXIST::FUNCTION:
-ASN1_bn_print 4295 EXIST::FUNCTION:BIO
+ASN1_bn_print 4295 EXIST::FUNCTION:
EVP_PKEY_asn1_get_count 4296 EXIST::FUNCTION:
ENGINE_register_pkey_asn1_meths 4297 EXIST::FUNCTION:ENGINE
ASN1_PCTX_set_nm_flags 4298 EXIST::FUNCTION:
@@ -4266,7 +4266,7 @@ EVP_rc4_hmac_md5 4633 EXIST::FUNCTION:MD5,RC4
CRYPTO_nistcts128_decrypt_block 4634 EXIST::FUNCTION:
CRYPTO_gcm128_setiv 4635 EXIST::FUNCTION:
CRYPTO_nistcts128_encrypt 4636 EXIST::FUNCTION:
-EVP_aes_128_cbc_hmac_sha1 4637 EXIST::FUNCTION:AES,SHA,SHA1
+EVP_aes_128_cbc_hmac_sha1 4637 EXIST::FUNCTION:AES
CRYPTO_gcm128_tag 4638 EXIST::FUNCTION:
CRYPTO_ccm128_encrypt_ccm64 4639 EXIST::FUNCTION:
ENGINE_load_rdrand 4640 EXIST::FUNCTION:ENGINE
@@ -4285,23 +4285,23 @@ ENGINE_load_rsax 4652 NOEXIST::FUNCTION:
CRYPTO_gcm128_decrypt_ctr32 4653 EXIST::FUNCTION:
CRYPTO_gcm128_encrypt_ctr32 4654 EXIST::FUNCTION:
CRYPTO_gcm128_finish 4655 EXIST::FUNCTION:
-EVP_aes_256_cbc_hmac_sha1 4656 EXIST::FUNCTION:AES,SHA,SHA1
+EVP_aes_256_cbc_hmac_sha1 4656 EXIST::FUNCTION:AES
PKCS5_pbkdf2_set 4657 EXIST::FUNCTION:
CMS_add0_recipient_password 4658 EXIST::FUNCTION:CMS
CMS_decrypt_set1_password 4659 EXIST::FUNCTION:CMS
CMS_RecipientInfo_set0_password 4660 EXIST::FUNCTION:CMS
RAND_set_fips_drbg_type 4661 NOEXIST::FUNCTION:
-X509_REQ_sign_ctx 4662 EXIST::FUNCTION:EVP
+X509_REQ_sign_ctx 4662 EXIST::FUNCTION:
RSA_PSS_PARAMS_new 4663 EXIST::FUNCTION:RSA
-X509_CRL_sign_ctx 4664 EXIST::FUNCTION:EVP
-X509_signature_dump 4665 EXIST::FUNCTION:EVP
+X509_CRL_sign_ctx 4664 EXIST::FUNCTION:
+X509_signature_dump 4665 EXIST::FUNCTION:
d2i_RSA_PSS_PARAMS 4666 EXIST::FUNCTION:RSA
RSA_PSS_PARAMS_it 4667 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:RSA
RSA_PSS_PARAMS_it 4667 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:RSA
RSA_PSS_PARAMS_free 4668 EXIST::FUNCTION:RSA
-X509_sign_ctx 4669 EXIST::FUNCTION:EVP
+X509_sign_ctx 4669 EXIST::FUNCTION:
i2d_RSA_PSS_PARAMS 4670 EXIST::FUNCTION:RSA
-ASN1_item_sign_ctx 4671 EXIST::FUNCTION:EVP
+ASN1_item_sign_ctx 4671 EXIST::FUNCTION:
EC_GFp_nistp521_method 4672 EXIST:!WIN32:FUNCTION:EC,EC_NISTP_64_GCC_128
EC_GFp_nistp256_method 4673 EXIST:!WIN32:FUNCTION:EC,EC_NISTP_64_GCC_128
OPENSSL_stderr 4674 EXIST::FUNCTION:
@@ -4316,7 +4316,7 @@ BIO_dgram_sctp_notification_cb 4682 EXIST::FUNCTION:SCTP
i2d_DHxparams 4683 EXIST::FUNCTION:DH
EC_curve_nist2nid 4684 EXIST::FUNCTION:EC
DH_get_1024_160 4685 EXIST::FUNCTION:DH
-PEM_write_DHxparams 4686 EXIST:!WIN16:FUNCTION:DH
+PEM_write_DHxparams 4686 EXIST::FUNCTION:DH
d2i_DHxparams 4687 EXIST::FUNCTION:DH
EC_curve_nid2nist 4688 EXIST::FUNCTION:EC
DH_get_2048_256 4689 EXIST::FUNCTION:DH
@@ -4337,7 +4337,7 @@ X509_VERIFY_PARAM_set1_ip 4703 EXIST::FUNCTION:
X509_check_ip 4704 EXIST::FUNCTION:
X509_STORE_set_lookup_crls_cb 4705 EXIST::FUNCTION:
X509_CRL_diff 4706 EXIST::FUNCTION:
-X509_CRL_http_nbio 4707 EXIST::FUNCTION:EVP
+X509_CRL_http_nbio 4707 EXIST::FUNCTION:
OCSP_REQ_CTX_i2d 4708 EXIST::FUNCTION:
OCSP_REQ_CTX_get0_mem_bio 4709 EXIST::FUNCTION:
X509_STORE_CTX_get0_store 4710 EXIST::FUNCTION:
@@ -4345,7 +4345,7 @@ X509_REVOKED_dup 4711 EXIST::FUNCTION:
CMS_RecipientInfo_encrypt 4712 EXIST::FUNCTION:CMS
OCSP_REQ_CTX_http 4713 EXIST::FUNCTION:
OCSP_REQ_CTX_nbio 4714 EXIST::FUNCTION:
-X509_http_nbio 4715 EXIST::FUNCTION:EVP
+X509_http_nbio 4715 EXIST::FUNCTION:
OCSP_set_max_response_length 4716 EXIST::FUNCTION:
OCSP_REQ_CTX_new 4717 EXIST::FUNCTION:
OCSP_REQ_CTX_nbio_d2i 4718 EXIST::FUNCTION:
@@ -4358,45 +4358,46 @@ CMS_RecipientInfo_kari_decrypt 4724 EXIST::FUNCTION:CMS
CMS_SignerInfo_get0_pkey_ctx 4725 EXIST::FUNCTION:CMS
ECDSA_METHOD_set_flags 4726 EXIST::FUNCTION:ECDSA
ECDSA_METHOD_set_sign_setup 4727 EXIST::FUNCTION:ECDSA
-CMS_RecipInfo_kari_orig_id_cmp 4728 NOEXIST::FUNCTION:
-CMS_RecipientInfo_kari_orig_id_cmp 4728 EXIST::FUNCTION:CMS
+CMS_RecipientInfo_kari_orig_id_cmp 4728 EXIST:!VMS:FUNCTION:CMS
+CMS_RecipInfo_kari_orig_id_cmp 4728 EXIST:VMS:FUNCTION:CMS
CMS_RecipientInfo_kari_get0_alg 4729 EXIST::FUNCTION:CMS
EVP_aes_192_wrap 4730 EXIST::FUNCTION:AES
-EVP_aes_128_cbc_hmac_sha256 4731 EXIST::FUNCTION:AES,SHA256
+EVP_aes_128_cbc_hmac_sha256 4731 EXIST::FUNCTION:AES
DH_compute_key_padded 4732 EXIST::FUNCTION:DH
ECDSA_METHOD_set_sign 4733 EXIST::FUNCTION:ECDSA
-CMS_RecipEncryptedKey_cert_cmp 4734 NOEXIST::FUNCTION:
-CMS_RecipientEncryptedKey_cert_cmp 4734 EXIST::FUNCTION:CMS
+CMS_RecipientEncryptedKey_cert_cmp 4734 EXIST:!VMS:FUNCTION:CMS
+CMS_RecipEncryptedKey_cert_cmp 4734 EXIST:VMS:FUNCTION:CMS
DH_KDF_X9_42 4735 EXIST::FUNCTION:DH
RSA_OAEP_PARAMS_free 4736 EXIST::FUNCTION:RSA
EVP_des_ede3_wrap 4737 EXIST::FUNCTION:DES
RSA_OAEP_PARAMS_it 4738 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:RSA
RSA_OAEP_PARAMS_it 4738 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:RSA
ASN1_TIME_diff 4739 EXIST::FUNCTION:
-EVP_aes_256_cbc_hmac_sha256 4740 EXIST::FUNCTION:AES,SHA256
+EVP_aes_256_cbc_hmac_sha256 4740 EXIST::FUNCTION:AES
CMS_SignerInfo_get0_signature 4741 EXIST::FUNCTION:CMS
-CMS_RecipInfo_kari_get0_reks 4742 NOEXIST::FUNCTION:
-CMS_RecipientInfo_kari_get0_reks 4742 EXIST::FUNCTION:CMS
+CMS_RecipientInfo_kari_get0_reks 4742 EXIST:!VMS:FUNCTION:CMS
+CMS_RecipInfo_kari_get0_reks 4742 EXIST:VMS:FUNCTION:CMS
EVP_aes_128_wrap 4743 EXIST::FUNCTION:AES
CMS_SignerInfo_get0_md_ctx 4744 EXIST::FUNCTION:CMS
OPENSSL_gmtime_diff 4745 EXIST::FUNCTION:
-CMS_RecipInfo_kari_set0_pkey 4746 NOEXIST::FUNCTION:
-CMS_RecipientInfo_kari_set0_pkey 4746 EXIST::FUNCTION:CMS
+CMS_RecipientInfo_kari_set0_pkey 4746 EXIST:!VMS:FUNCTION:CMS
+CMS_RecipInfo_kari_set0_pkey 4746 EXIST:VMS:FUNCTION:CMS
i2d_RSA_OAEP_PARAMS 4747 EXIST::FUNCTION:RSA
d2i_RSA_OAEP_PARAMS 4748 EXIST::FUNCTION:RSA
ECDH_KDF_X9_62 4749 EXIST::FUNCTION:ECDH
CMS_RecipientInfo_kari_get0_ctx 4750 EXIST::FUNCTION:CMS
ECDSA_METHOD_new 4751 EXIST::FUNCTION:ECDSA
CMS_RecipientInfo_get0_pkey_ctx 4752 EXIST::FUNCTION:CMS
-CMS_RecipEncryptedKey_get0_id 4753 NOEXIST::FUNCTION:
-CMS_RecipientEncryptedKey_get0_id 4753 EXIST::FUNCTION:CMS
+CMS_RecipientEncryptedKey_get0_id 4753 EXIST:!VMS:FUNCTION:CMS
+CMS_RecipEncryptedKey_get0_id 4753 EXIST:VMS:FUNCTION:CMS
RSA_pad_check_PKCS1_OAEP_mgf1 4754 NOEXIST::FUNCTION:
-RSA_padding_check_PKCS1_OAEP_mgf1 4754 EXIST::FUNCTION:RSA
+RSA_padding_check_PKCS1_OAEP_mgf1 4754 EXIST:!VMS:FUNCTION:RSA
+RSA_padding_chk_PKCS1_OAEP_mgf1 4754 EXIST:VMS:FUNCTION:RSA
ECDSA_METHOD_set_verify 4755 EXIST::FUNCTION:ECDSA
CMS_SharedInfo_encode 4756 EXIST::FUNCTION:CMS
RSA_padding_add_PKCS1_OAEP_mgf1 4757 EXIST::FUNCTION:RSA
-CMS_RecipInfo_kari_get0_orig_id 4758 NOEXIST::FUNCTION:
-CMS_RecipientInfo_kari_get0_orig_id 4758 EXIST::FUNCTION:CMS
+CMS_RecipientInfo_kari_get0_orig_id 4758 EXIST:!VMS:FUNCTION:CMS
+CMS_RecipInfo_kari_get0_orig_id 4758 EXIST:VMS:FUNCTION:CMS
ECDSA_METHOD_free 4759 EXIST::FUNCTION:ECDSA
X509_VERIFY_PARAM_get_count 4760 EXIST::FUNCTION:
X509_VERIFY_PARAM_get0_name 4761 EXIST::FUNCTION:
diff --git a/util/mkdef.pl b/util/mkdef.pl
index be7dd42..ed10da2 100755
--- a/util/mkdef.pl
+++ b/util/mkdef.pl
@@ -83,7 +83,7 @@ my @known_platforms = ( "__FreeBSD__", "PERL5",
my @known_ossl_platforms = ( "VMS", "WIN32", "WINNT", "OS2" );

my @known_algorithms = ( "RC2", "RC4", "RC5", "IDEA", "DES", "BF",

"CAST", "MD2", "MD4", "MD5", "SHA", "SHA0", "SHA1",
- "SHA256", "SHA512", "RIPEMD",
+ "SHA256", "SHA512", "RMD160",
"MDC2", "WHIRLPOOL", "RSA", "DSA", "DH", "EC", "ECDH", "ECDSA", "EC2M",
"HMAC", "AES", "CAMELLIA", "SEED", "GOST",
# EC_NISTP_64_GCC_128
@@ -972,7 +972,7 @@ sub do_defs
$a .= ",RC2" if($s =~ /EVP_rc2/);
$a .= ",RC4" if($s =~ /EVP_rc4/);
$a .= ",RC5" if($s =~ /EVP_rc5/);
- $a .= ",RIPEMD" if($s =~ /EVP_ripemd/);
+ $a .= ",RMD160" if($s =~ /EVP_ripemd/);
$a .= ",RSA" if($s =~ /EVP_(Open|Seal)(Final|Init)/);
$a .= ",RSA" if($s =~ /PEM_Seal(Final|Init|Update)/);
$a .= ",RSA" if($s =~ /RSAPrivateKey/);
@@ -1179,7 +1179,7 @@ sub is_valid
if ($keyword eq "MD4" && $no_md4) { return 0; }
if ($keyword eq "MD5" && $no_md5) { return 0; }
if ($keyword eq "SHA" && $no_sha) { return 0; }
- if ($keyword eq "RIPEMD" && $no_ripemd) { return 0; }
+ if ($keyword eq "RMD160" && $no_ripemd) { return 0; }
if ($keyword eq "MDC2" && $no_mdc2) { return 0; }
if ($keyword eq "WHIRLPOOL" && $no_whirlpool) { return 0; }
if ($keyword eq "RSA" && $no_rsa) { return 0; }
diff --git a/util/ssleay.num b/util/ssleay.num
index 53dbe6d..916318a 100755
--- a/util/ssleay.num
+++ b/util/ssleay.num
@@ -27,8 +27,8 @@ SSL_CTX_use_certificate_ASN1 29 EXIST::FUNCTION:
SSL_CTX_use_certificate_file 30 EXIST::FUNCTION:STDIO
SSL_SESSION_free 31 EXIST::FUNCTION:
SSL_SESSION_new 32 EXIST::FUNCTION:
-SSL_SESSION_print 33 EXIST::FUNCTION:BIO
-SSL_SESSION_print_fp 34 EXIST::FUNCTION:FP_API
+SSL_SESSION_print 33 EXIST::FUNCTION:
+SSL_SESSION_print_fp 34 EXIST::FUNCTION:STDIO
SSL_accept 35 EXIST::FUNCTION:
SSL_add_client_CA 36 EXIST::FUNCTION:
SSL_alert_desc_string 37 EXIST::FUNCTION:
@@ -52,14 +52,14 @@ SSL_get_error 58 EXIST::FUNCTION:
SSL_get_fd 59 EXIST::FUNCTION:
SSL_get_peer_cert_chain 60 EXIST::FUNCTION:
SSL_get_peer_certificate 61 EXIST::FUNCTION:
-SSL_get_rbio 63 EXIST::FUNCTION:BIO
+SSL_get_rbio 63 EXIST::FUNCTION:
SSL_get_read_ahead 64 EXIST::FUNCTION:
SSL_get_shared_ciphers 65 EXIST::FUNCTION:
SSL_get_ssl_method 66 EXIST::FUNCTION:
SSL_get_verify_callback 69 EXIST::FUNCTION:
SSL_get_verify_mode 70 EXIST::FUNCTION:
SSL_get_version 71 EXIST::FUNCTION:
-SSL_get_wbio 72 EXIST::FUNCTION:BIO
+SSL_get_wbio 72 EXIST::FUNCTION:
SSL_load_client_CA_file 73 EXIST::FUNCTION:STDIO
SSL_load_error_strings 74 EXIST::FUNCTION:
SSL_new 75 EXIST::FUNCTION:
@@ -70,7 +70,7 @@ SSL_renegotiate 79 EXIST::FUNCTION:
SSL_rstate_string 80 EXIST::FUNCTION:
SSL_rstate_string_long 81 EXIST::FUNCTION:
SSL_set_accept_state 82 EXIST::FUNCTION:
-SSL_set_bio 83 EXIST::FUNCTION:BIO
+SSL_set_bio 83 EXIST::FUNCTION:
SSL_set_cipher_list 84 EXIST::FUNCTION:
SSL_set_client_CA_list 85 EXIST::FUNCTION:
SSL_set_connect_state 86 EXIST::FUNCTION:
@@ -106,17 +106,17 @@ SSLv3_method 117 EXIST::FUNCTION:SSL3_METHOD
SSLv3_server_method 118 EXIST::FUNCTION:SSL3_METHOD
d2i_SSL_SESSION 119 EXIST::FUNCTION:
i2d_SSL_SESSION 120 EXIST::FUNCTION:
-BIO_f_ssl 121 EXIST::FUNCTION:BIO
-BIO_new_ssl 122 EXIST::FUNCTION:BIO
+BIO_f_ssl 121 EXIST::FUNCTION:
+BIO_new_ssl 122 EXIST::FUNCTION:
BIO_proxy_ssl_copy_session_id 123 NOEXIST::FUNCTION:
-BIO_ssl_copy_session_id 124 EXIST::FUNCTION:BIO
+BIO_ssl_copy_session_id 124 EXIST::FUNCTION:
SSL_do_handshake 125 EXIST::FUNCTION:
SSL_get_privatekey 126 EXIST::FUNCTION:
SSL_get_current_cipher 127 EXIST::FUNCTION:
SSL_CIPHER_get_bits 128 EXIST::FUNCTION:
SSL_CIPHER_get_version 129 EXIST::FUNCTION:
SSL_CIPHER_get_name 130 EXIST::FUNCTION:
-BIO_ssl_shutdown 131 EXIST::FUNCTION:BIO
+BIO_ssl_shutdown 131 EXIST::FUNCTION:
SSL_SESSION_cmp 132 NOEXIST::FUNCTION:
SSL_SESSION_hash 133 NOEXIST::FUNCTION:
SSL_SESSION_get_time 134 EXIST::FUNCTION:
@@ -152,8 +152,8 @@ SSL_get_ex_new_index 169 EXIST::FUNCTION:
TLSv1_method 170 EXIST::FUNCTION:
TLSv1_server_method 171 EXIST::FUNCTION:
TLSv1_client_method 172 EXIST::FUNCTION:
-BIO_new_buffer_ssl_connect 173 EXIST::FUNCTION:BIO
-BIO_new_ssl_connect 174 EXIST::FUNCTION:BIO
+BIO_new_buffer_ssl_connect 173 EXIST::FUNCTION:
+BIO_new_ssl_connect 174 EXIST::FUNCTION:
SSL_get_ex_data_X509_STORE_CTX_idx 175 EXIST:!VMS:FUNCTION:
SSL_get_ex_d_X509_STORE_CTX_idx 175 EXIST:VMS:FUNCTION:
SSL_CTX_set_tmp_dh_callback 176 EXIST::FUNCTION:DH
@@ -250,11 +250,11 @@ SSL_get_psk_identity_hint 297 EXIST::FUNCTION:PSK
SSL_set_psk_server_callback 298 EXIST::FUNCTION:PSK
SSL_use_psk_identity_hint 299 EXIST::FUNCTION:PSK
SSL_set_psk_client_callback 300 EXIST::FUNCTION:PSK
-PEM_read_SSL_SESSION 301 EXIST:!WIN16:FUNCTION:
+PEM_read_SSL_SESSION 301 EXIST::FUNCTION:
PEM_read_bio_SSL_SESSION 302 EXIST::FUNCTION:
SSL_CTX_set_psk_server_callback 303 EXIST::FUNCTION:PSK
SSL_get_psk_identity 304 EXIST::FUNCTION:PSK
-PEM_write_SSL_SESSION 305 EXIST:!WIN16:FUNCTION:
+PEM_write_SSL_SESSION 305 EXIST::FUNCTION:
SSL_set_session_ticket_ext 306 EXIST::FUNCTION:
SSL_set_session_secret_cb 307 EXIST::FUNCTION:
SSL_set_session_ticket_ext_cb 308 EXIST::FUNCTION:
@@ -333,7 +333,8 @@ SSL_CTX_set_srv_supp_data 371 NOEXIST::FUNCTION:
SSL_CONF_cmd_argv 372 EXIST::FUNCTION:
DTLSv1_2_server_method 373 EXIST::FUNCTION:
SSL_COMP_set0_compress_methods 374 NOEXIST::FUNCTION:
-SSL_COMP_set0_compression_methods 374 EXIST::FUNCTION:COMP
+SSL_COMP_set0_compression_methods 374 EXIST:!VMS:FUNCTION:COMP
+SSL_COMP_set0_compr_methods 374 EXIST:VMS:FUNCTION:COMP
SSL_CTX_set_cert_cb 375 EXIST::FUNCTION:
SSL_CTX_add_client_custom_ext 376 EXIST::FUNCTION:TLSEXT
SSL_is_server 377 EXIST::FUNCTION:
@@ -366,10 +367,11 @@ DTLSv1_2_method 404 EXIST::FUNCTION:
DTLS_server_method 405 EXIST::FUNCTION:
SSL_CTX_use_serverinfo_file 406 EXIST::FUNCTION:STDIO,TLSEXT
SSL_COMP_free_compress_methods 407 NOEXIST::FUNCTION:
-SSL_COMP_free_compression_methods 407 EXIST::FUNCTION:COMP
+SSL_COMP_free_compression_methods 407 EXIST:!VMS:FUNCTION:COMP
+SSL_COMP_free_compr_methods 407 EXIST:VMS:FUNCTION:COMP
SSL_extension_supported 409 EXIST::FUNCTION:TLSEXT
SSL_CTX_get_security_callback 410 EXIST::FUNCTION:
-SSL_SESSION_print_keylog 411 EXIST::FUNCTION:BIO
+SSL_SESSION_print_keylog 411 EXIST::FUNCTION:
SSL_CTX_set_not_resumable_session_callback 412 EXIST:!VMS:FUNCTION:
SSL_CTX_set_not_resumbl_sess_cb 412 EXIST:VMS:FUNCTION:
SSL_get0_security_ex_data 413 EXIST::FUNCTION:

Rich Salz

unread,

Feb 5, 2015, 9:46:32 AM2/5/15

to

The branch master has been updated

via 7e35f06ea908e47f87b723b5e951ffc55463eb8b (commit)
from 1f7103b6ebd1579e4ead17405f89d44330386949 (commit)

- Log -----------------------------------------------------------------
commit 7e35f06ea908e47f87b723b5e951ffc55463eb8b
Author: Rich Salz <rs...@openssl.org>
Date: Thu Feb 5 09:44:30 2015 -0500

Fixed bad formatting in crypto/des/spr.h

Reviewed-by: Andy Polyakov <ap...@openssl.org>

-----------------------------------------------------------------------

Summary of changes:

crypto/des/spr.h | 327 +++++++++++++++++++++++++-----------------------------
1 file changed, 151 insertions(+), 176 deletions(-)

diff --git a/crypto/des/spr.h b/crypto/des/spr.h
index 4d94639..e85d310 100644
--- a/crypto/des/spr.h
+++ b/crypto/des/spr.h
@@ -58,180 +58,155 @@

OPENSSL_GLOBAL const DES_LONG DES_SPtrans[8][64] = {
{
-/* nibble 0 */
- 0x02080800L, 0x00080000L, 0x02000002L, 0x02080802L,
- 0x02000000L, 0x00080802L, 0x00080002L, 0x02000002L,
- 0x00080802L, 0x02080800L, 0x02080000L, 0x00000802L,
- 0x02000802L, 0x02000000L, 0x00000000L, 0x00080002L,
- 0x00080000L, 0x00000002L, 0x02000800L, 0x00080800L,
- 0x02080802L, 0x02080000L, 0x00000802L, 0x02000800L,
- 0x00000002L, 0x00000800L, 0x00080800L, 0x02080002L,
- 0x00000800L, 0x02000802L, 0x02080002L, 0x00000000L,
- 0x00000000L, 0x02080802L, 0x02000800L, 0x00080002L,
- 0x02080800L, 0x00080000L, 0x00000802L, 0x02000800L,
- 0x02080002L, 0x00000800L, 0x00080800L, 0x02000002L,
- 0x00080802L, 0x00000002L, 0x02000002L, 0x02080000L,
- 0x02080802L, 0x00080800L, 0x02080000L, 0x02000802L,
- 0x02000000L, 0x00000802L, 0x00080002L, 0x00000000L,
- 0x00080000L, 0x02000000L, 0x02000802L, 0x02080800L,
- 0x00000002L, 0x02080002L, 0x00000800L, 0x00080802L,
- }, {
-/* nibble 1 */
- 0x40108010L, 0x00000000L, 0x00108000L, 0x40100000L,
- 0x40000010L, 0x00008010L, 0x40008000L, 0x00108000L,
- 0x00008000L, 0x40100010L, 0x00000010L, 0x40008000L,
- 0x00100010L, 0x40108000L, 0x40100000L, 0x00000010L,
- 0x00100000L, 0x40008010L, 0x40100010L, 0x00008000L,
- 0x00108010L, 0x40000000L, 0x00000000L, 0x00100010L,
- 0x40008010L, 0x00108010L, 0x40108000L, 0x40000010L,
- 0x40000000L, 0x00100000L, 0x00008010L, 0x40108010L,
- 0x00100010L, 0x40108000L, 0x40008000L, 0x00108010L,
- 0x40108010L, 0x00100010L, 0x40000010L, 0x00000000L,
- 0x40000000L, 0x00008010L, 0x00100000L, 0x40100010L,
- 0x00008000L, 0x40000000L, 0x00108010L, 0x40008010L,
- 0x40108000L, 0x00008000L, 0x00000000L, 0x40000010L,
- 0x00000010L, 0x40108010L, 0x00108000L, 0x40100000L,
- 0x40100010L, 0x00100000L, 0x00008010L, 0x40008000L,
- 0x40008010L, 0x00000010L, 0x40100000L, 0x00108000L,
- }, {
-/* nibble 2 */
- 0x04000001L, 0x04040100L, 0x00000100L, 0x04000101L,
- 0x00040001L, 0x04000000L, 0x04000101L, 0x00040100L,
- 0x04000100L, 0x00040000L, 0x04040000L, 0x00000001L,
- 0x04040101L, 0x00000101L, 0x00000001L, 0x04040001L,
- 0x00000000L, 0x00040001L, 0x04040100L, 0x00000100L,
- 0x00000101L, 0x04040101L, 0x00040000L, 0x04000001L,
- 0x04040001L, 0x04000100L, 0x00040101L, 0x04040000L,
- 0x00040100L, 0x00000000L, 0x04000000L, 0x00040101L,
- 0x04040100L, 0x00000100L, 0x00000001L, 0x00040000L,
- 0x00000101L, 0x00040001L, 0x04040000L, 0x04000101L,
- 0x00000000L, 0x04040100L, 0x00040100L, 0x04040001L,
- 0x00040001L, 0x04000000L, 0x04040101L, 0x00000001L,
- 0x00040101L, 0x04000001L, 0x04000000L, 0x04040101L,
- 0x00040000L, 0x04000100L, 0x04000101L, 0x00040100L,
- 0x04000100L, 0x00000000L, 0x04040001L, 0x00000101L,
- 0x04000001L, 0x00040101L, 0x00000100L, 0x04040000L,
- }, {
-/* nibble 3 */
- 0x00401008L, 0x10001000L, 0x00000008L, 0x10401008L,
- 0x00000000L, 0x10400000L, 0x10001008L, 0x00400008L,
- 0x10401000L, 0x10000008L, 0x10000000L, 0x00001008L,
- 0x10000008L, 0x00401008L, 0x00400000L, 0x10000000L,
- 0x10400008L, 0x00401000L, 0x00001000L, 0x00000008L,
- 0x00401000L, 0x10001008L, 0x10400000L, 0x00001000L,
- 0x00001008L, 0x00000000L, 0x00400008L, 0x10401000L,
- 0x10001000L, 0x10400008L, 0x10401008L, 0x00400000L,
- 0x10400008L, 0x00001008L, 0x00400000L, 0x10000008L,
- 0x00401000L, 0x10001000L, 0x00000008L, 0x10400000L,
- 0x10001008L, 0x00000000L, 0x00001000L, 0x00400008L,
- 0x00000000L, 0x10400008L, 0x10401000L, 0x00001000L,
- 0x10000000L, 0x10401008L, 0x00401008L, 0x00400000L,
- 0x10401008L, 0x00000008L, 0x10001000L, 0x00401008L,
- 0x00400008L, 0x00401000L, 0x10400000L, 0x10001008L,
- 0x00001008L, 0x10000000L, 0x10000008L, 0x10401000L,
- }, {
-/* nibble 4 */
- 0x08000000L, 0x00010000L, 0x00000400L, 0x08010420L,
- 0x08010020L, 0x08000400L, 0x00010420L, 0x08010000L,
- 0x00010000L, 0x00000020L, 0x08000020L, 0x00010400L,
- 0x08000420L, 0x08010020L, 0x08010400L, 0x00000000L,
- 0x00010400L, 0x08000000L, 0x00010020L, 0x00000420L,
- 0x08000400L, 0x00010420L, 0x00000000L, 0x08000020L,
- 0x00000020L, 0x08000420L, 0x08010420L, 0x00010020L,
- 0x08010000L, 0x00000400L, 0x00000420L, 0x08010400L,
- 0x08010400L, 0x08000420L, 0x00010020L, 0x08010000L,
- 0x00010000L, 0x00000020L, 0x08000020L, 0x08000400L,
- 0x08000000L, 0x00010400L, 0x08010420L, 0x00000000L,
- 0x00010420L, 0x08000000L, 0x00000400L, 0x00010020L,
- 0x08000420L, 0x00000400L, 0x00000000L, 0x08010420L,
- 0x08010020L, 0x08010400L, 0x00000420L, 0x00010000L,
- 0x00010400L, 0x08010020L, 0x08000400L, 0x00000420L,
- 0x00000020L, 0x00010420L, 0x08010000L, 0x08000020L,
- }, {
-/* nibble 5 */
- 0x80000040L, 0x00200040L, 0x00000000L, 0x80202000L,
- 0x00200040L, 0x00002000L, 0x80002040L, 0x00200000L,
- 0x00002040L, 0x80202040L, 0x00202000L, 0x80000000L,
- 0x80002000L, 0x80000040L, 0x80200000L, 0x00202040L,
- 0x00200000L, 0x80002040L, 0x80200040L, 0x00000000L,
- 0x00002000L, 0x00000040L, 0x80202000L, 0x80200040L,
- 0x80202040L, 0x80200000L, 0x80000000L, 0x00002040L,
- 0x00000040L, 0x00202000L, 0x00202040L, 0x80002000L,
- 0x00002040L, 0x80000000L, 0x80002000L, 0x00202040L,
- 0x80202000L, 0x00200040L, 0x00000000L, 0x80002000L,
- 0x80000000L, 0x00002000L, 0x80200040L, 0x00200000L,
- 0x00200040L, 0x80202040L, 0x00202000L, 0x00000040L,
- 0x80202040L, 0x00202000L, 0x00200000L, 0x80002040L,
- 0x80000040L, 0x80200000L, 0x00202040L, 0x00000000L,
- 0x00002000L, 0x80000040L, 0x80002040L, 0x80202000L,
- 0x80200000L, 0x00002040L, 0x00000040L, 0x80200040L,
- }, {
-/* nibble 6 */
- 0x00004000L, 0x00000200L, 0x01000200L,
- 0x01000004L,
- 0x01004204L, 0x00004004L, 0x00004200L,
- 0x00000000L,
- 0x01000000L, 0x01000204L, 0x00000204L,
- 0x01004000L,
- 0x00000004L, 0x01004200L, 0x01004000L,
- 0x00000204L,
- 0x01000204L, 0x00004000L, 0x00004004L,
- 0x01004204L,
- 0x00000000L, 0x01000200L, 0x01000004L,
- 0x00004200L,
- 0x01004004L, 0x00004204L, 0x01004200L,
- 0x00000004L,
- 0x00004204L, 0x01004004L, 0x00000200L,
- 0x01000000L,
- 0x00004204L, 0x01004000L, 0x01004004L,
- 0x00000204L,
- 0x00004000L, 0x00000200L, 0x01000000L,
- 0x01004004L,
- 0x01000204L, 0x00004204L, 0x00004200L,
- 0x00000000L,
- 0x00000200L, 0x01000004L, 0x00000004L,
- 0x01000200L,
- 0x00000000L, 0x01000204L, 0x01000200L,
- 0x00004200L,
- 0x00000204L, 0x00004000L, 0x01004204L,
- 0x01000000L,
- 0x01004200L, 0x00000004L, 0x00004004L,
- 0x01004204L,
- 0x01000004L, 0x01004200L, 0x01004000L,
- 0x00004004L,
- }, {
-/* nibble 7 */
- 0x20800080L, 0x20820000L, 0x00020080L,
- 0x00000000L,
- 0x20020000L, 0x00800080L, 0x20800000L,
- 0x20820080L,
- 0x00000080L, 0x20000000L, 0x00820000L,
- 0x00020080L,
- 0x00820080L, 0x20020080L, 0x20000080L,
- 0x20800000L,
- 0x00020000L, 0x00820080L, 0x00800080L,
- 0x20020000L,
- 0x20820080L, 0x20000080L, 0x00000000L,
- 0x00820000L,
- 0x20000000L, 0x00800000L, 0x20020080L,
- 0x20800080L,
- 0x00800000L, 0x00020000L, 0x20820000L,
- 0x00000080L,
- 0x00800000L, 0x00020000L, 0x20000080L,
- 0x20820080L,
- 0x00020080L, 0x20000000L, 0x00000000L,
- 0x00820000L,
- 0x20800080L, 0x20020080L, 0x20020000L,
- 0x00800080L,
- 0x20820000L, 0x00000080L, 0x00800080L,
- 0x20020000L,
- 0x20820080L, 0x00800000L, 0x20800000L,
- 0x20000080L,
- 0x00820000L, 0x00020080L, 0x20020080L,
- 0x20800000L,
- 0x00000080L, 0x20820000L, 0x00820080L,
- 0x00000000L,
- 0x20000000L, 0x20800080L, 0x00020000L,
- 0x00820080L,
- }
+ /* nibble 0 */
+ 0x02080800L, 0x00080000L, 0x02000002L, 0x02080802L,
+ 0x02000000L, 0x00080802L, 0x00080002L, 0x02000002L,
+ 0x00080802L, 0x02080800L, 0x02080000L, 0x00000802L,
+ 0x02000802L, 0x02000000L, 0x00000000L, 0x00080002L,
+ 0x00080000L, 0x00000002L, 0x02000800L, 0x00080800L,
+ 0x02080802L, 0x02080000L, 0x00000802L, 0x02000800L,
+ 0x00000002L, 0x00000800L, 0x00080800L, 0x02080002L,
+ 0x00000800L, 0x02000802L, 0x02080002L, 0x00000000L,
+ 0x00000000L, 0x02080802L, 0x02000800L, 0x00080002L,
+ 0x02080800L, 0x00080000L, 0x00000802L, 0x02000800L,
+ 0x02080002L, 0x00000800L, 0x00080800L, 0x02000002L,
+ 0x00080802L, 0x00000002L, 0x02000002L, 0x02080000L,
+ 0x02080802L, 0x00080800L, 0x02080000L, 0x02000802L,
+ 0x02000000L, 0x00000802L, 0x00080002L, 0x00000000L,
+ 0x00080000L, 0x02000000L, 0x02000802L, 0x02080800L,
+ 0x00000002L, 0x02080002L, 0x00000800L, 0x00080802L,
+ },
+ {
+ /* nibble 1 */
+ 0x40108010L, 0x00000000L, 0x00108000L, 0x40100000L,
+ 0x40000010L, 0x00008010L, 0x40008000L, 0x00108000L,
+ 0x00008000L, 0x40100010L, 0x00000010L, 0x40008000L,
+ 0x00100010L, 0x40108000L, 0x40100000L, 0x00000010L,
+ 0x00100000L, 0x40008010L, 0x40100010L, 0x00008000L,
+ 0x00108010L, 0x40000000L, 0x00000000L, 0x00100010L,
+ 0x40008010L, 0x00108010L, 0x40108000L, 0x40000010L,
+ 0x40000000L, 0x00100000L, 0x00008010L, 0x40108010L,
+ 0x00100010L, 0x40108000L, 0x40008000L, 0x00108010L,
+ 0x40108010L, 0x00100010L, 0x40000010L, 0x00000000L,
+ 0x40000000L, 0x00008010L, 0x00100000L, 0x40100010L,
+ 0x00008000L, 0x40000000L, 0x00108010L, 0x40008010L,
+ 0x40108000L, 0x00008000L, 0x00000000L, 0x40000010L,
+ 0x00000010L, 0x40108010L, 0x00108000L, 0x40100000L,
+ 0x40100010L, 0x00100000L, 0x00008010L, 0x40008000L,
+ 0x40008010L, 0x00000010L, 0x40100000L, 0x00108000L,
+ },
+ {
+ /* nibble 2 */
+ 0x04000001L, 0x04040100L, 0x00000100L, 0x04000101L,
+ 0x00040001L, 0x04000000L, 0x04000101L, 0x00040100L,
+ 0x04000100L, 0x00040000L, 0x04040000L, 0x00000001L,
+ 0x04040101L, 0x00000101L, 0x00000001L, 0x04040001L,
+ 0x00000000L, 0x00040001L, 0x04040100L, 0x00000100L,
+ 0x00000101L, 0x04040101L, 0x00040000L, 0x04000001L,
+ 0x04040001L, 0x04000100L, 0x00040101L, 0x04040000L,
+ 0x00040100L, 0x00000000L, 0x04000000L, 0x00040101L,
+ 0x04040100L, 0x00000100L, 0x00000001L, 0x00040000L,
+ 0x00000101L, 0x00040001L, 0x04040000L, 0x04000101L,
+ 0x00000000L, 0x04040100L, 0x00040100L, 0x04040001L,
+ 0x00040001L, 0x04000000L, 0x04040101L, 0x00000001L,
+ 0x00040101L, 0x04000001L, 0x04000000L, 0x04040101L,
+ 0x00040000L, 0x04000100L, 0x04000101L, 0x00040100L,
+ 0x04000100L, 0x00000000L, 0x04040001L, 0x00000101L,
+ 0x04000001L, 0x00040101L, 0x00000100L, 0x04040000L,
+ },
+ {
+ /* nibble 3 */
+ 0x00401008L, 0x10001000L, 0x00000008L, 0x10401008L,
+ 0x00000000L, 0x10400000L, 0x10001008L, 0x00400008L,
+ 0x10401000L, 0x10000008L, 0x10000000L, 0x00001008L,
+ 0x10000008L, 0x00401008L, 0x00400000L, 0x10000000L,
+ 0x10400008L, 0x00401000L, 0x00001000L, 0x00000008L,
+ 0x00401000L, 0x10001008L, 0x10400000L, 0x00001000L,
+ 0x00001008L, 0x00000000L, 0x00400008L, 0x10401000L,
+ 0x10001000L, 0x10400008L, 0x10401008L, 0x00400000L,
+ 0x10400008L, 0x00001008L, 0x00400000L, 0x10000008L,
+ 0x00401000L, 0x10001000L, 0x00000008L, 0x10400000L,
+ 0x10001008L, 0x00000000L, 0x00001000L, 0x00400008L,
+ 0x00000000L, 0x10400008L, 0x10401000L, 0x00001000L,
+ 0x10000000L, 0x10401008L, 0x00401008L, 0x00400000L,
+ 0x10401008L, 0x00000008L, 0x10001000L, 0x00401008L,
+ 0x00400008L, 0x00401000L, 0x10400000L, 0x10001008L,
+ 0x00001008L, 0x10000000L, 0x10000008L, 0x10401000L,
+ },
+ {
+ /* nibble 4 */
+ 0x08000000L, 0x00010000L, 0x00000400L, 0x08010420L,
+ 0x08010020L, 0x08000400L, 0x00010420L, 0x08010000L,
+ 0x00010000L, 0x00000020L, 0x08000020L, 0x00010400L,
+ 0x08000420L, 0x08010020L, 0x08010400L, 0x00000000L,
+ 0x00010400L, 0x08000000L, 0x00010020L, 0x00000420L,
+ 0x08000400L, 0x00010420L, 0x00000000L, 0x08000020L,
+ 0x00000020L, 0x08000420L, 0x08010420L, 0x00010020L,
+ 0x08010000L, 0x00000400L, 0x00000420L, 0x08010400L,
+ 0x08010400L, 0x08000420L, 0x00010020L, 0x08010000L,
+ 0x00010000L, 0x00000020L, 0x08000020L, 0x08000400L,
+ 0x08000000L, 0x00010400L, 0x08010420L, 0x00000000L,
+ 0x00010420L, 0x08000000L, 0x00000400L, 0x00010020L,
+ 0x08000420L, 0x00000400L, 0x00000000L, 0x08010420L,
+ 0x08010020L, 0x08010400L, 0x00000420L, 0x00010000L,
+ 0x00010400L, 0x08010020L, 0x08000400L, 0x00000420L,
+ 0x00000020L, 0x00010420L, 0x08010000L, 0x08000020L,
+ },
+ {
+ /* nibble 5 */
+ 0x80000040L, 0x00200040L, 0x00000000L, 0x80202000L,
+ 0x00200040L, 0x00002000L, 0x80002040L, 0x00200000L,
+ 0x00002040L, 0x80202040L, 0x00202000L, 0x80000000L,
+ 0x80002000L, 0x80000040L, 0x80200000L, 0x00202040L,
+ 0x00200000L, 0x80002040L, 0x80200040L, 0x00000000L,
+ 0x00002000L, 0x00000040L, 0x80202000L, 0x80200040L,
+ 0x80202040L, 0x80200000L, 0x80000000L, 0x00002040L,
+ 0x00000040L, 0x00202000L, 0x00202040L, 0x80002000L,
+ 0x00002040L, 0x80000000L, 0x80002000L, 0x00202040L,
+ 0x80202000L, 0x00200040L, 0x00000000L, 0x80002000L,
+ 0x80000000L, 0x00002000L, 0x80200040L, 0x00200000L,
+ 0x00200040L, 0x80202040L, 0x00202000L, 0x00000040L,
+ 0x80202040L, 0x00202000L, 0x00200000L, 0x80002040L,
+ 0x80000040L, 0x80200000L, 0x00202040L, 0x00000000L,
+ 0x00002000L, 0x80000040L, 0x80002040L, 0x80202000L,
+ 0x80200000L, 0x00002040L, 0x00000040L, 0x80200040L,
+ },
+ {
+ /* nibble 6 */
+ 0x00004000L, 0x00000200L, 0x01000200L, 0x01000004L,
+ 0x01004204L, 0x00004004L, 0x00004200L, 0x00000000L,
+ 0x01000000L, 0x01000204L, 0x00000204L, 0x01004000L,
+ 0x00000004L, 0x01004200L, 0x01004000L, 0x00000204L,
+ 0x01000204L, 0x00004000L, 0x00004004L, 0x01004204L,
+ 0x00000000L, 0x01000200L, 0x01000004L, 0x00004200L,
+ 0x01004004L, 0x00004204L, 0x01004200L, 0x00000004L,
+ 0x00004204L, 0x01004004L, 0x00000200L, 0x01000000L,
+ 0x00004204L, 0x01004000L, 0x01004004L, 0x00000204L,
+ 0x00004000L, 0x00000200L, 0x01000000L, 0x01004004L,
+ 0x01000204L, 0x00004204L, 0x00004200L, 0x00000000L,
+ 0x00000200L, 0x01000004L, 0x00000004L, 0x01000200L,
+ 0x00000000L, 0x01000204L, 0x01000200L, 0x00004200L,
+ 0x00000204L, 0x00004000L, 0x01004204L, 0x01000000L,
+ 0x01004200L, 0x00000004L, 0x00004004L, 0x01004204L,
+ 0x01000004L, 0x01004200L, 0x01004000L, 0x00004004L,
+ },
+ {
+ /* nibble 7 */
+ 0x20800080L, 0x20820000L, 0x00020080L, 0x00000000L,
+ 0x20020000L, 0x00800080L, 0x20800000L, 0x20820080L,
+ 0x00000080L, 0x20000000L, 0x00820000L, 0x00020080L,
+ 0x00820080L, 0x20020080L, 0x20000080L, 0x20800000L,
+ 0x00020000L, 0x00820080L, 0x00800080L, 0x20020000L,
+ 0x20820080L, 0x20000080L, 0x00000000L, 0x00820000L,
+ 0x20000000L, 0x00800000L, 0x20020080L, 0x20800080L,
+ 0x00800000L, 0x00020000L, 0x20820000L, 0x00000080L,
+ 0x00800000L, 0x00020000L, 0x20000080L, 0x20820080L,
+ 0x00020080L, 0x20000000L, 0x00000000L, 0x00820000L,
+ 0x20800080L, 0x20020080L, 0x20020000L, 0x00800080L,
+ 0x20820000L, 0x00000080L, 0x00800080L, 0x20020000L,
+ 0x20820080L, 0x00800000L, 0x20800000L, 0x20000080L,
+ 0x00820000L, 0x00020080L, 0x20020080L, 0x20800000L,
+ 0x00000080L, 0x20820000L, 0x00820080L, 0x00000000L,
+ 0x20000000L, 0x20800080L, 0x00020000L, 0x00820080L,
+ }
};

Rich Salz

unread,

Feb 5, 2015, 11:48:17 AM2/5/15

to

The branch master has been updated

via 8dd94afb18b27edd987b471914a616f9800a5e58 (commit)
from 7e35f06ea908e47f87b723b5e951ffc55463eb8b (commit)

- Log -----------------------------------------------------------------
commit 8dd94afb18b27edd987b471914a616f9800a5e58
Author: Rich Salz <rs...@openssl.org>
Date: Thu Feb 5 11:47:02 2015 -0500

Live code cleanup; #if 1 removal

A few minor cleanups to remove pre-processor "#if 1" stuff.

Reviewed-by: Richard Levitte <lev...@openssl.org>

-----------------------------------------------------------------------

Summary of changes:

ssl/s3_lib.c | 4 ----
ssl/s3_pkt.c | 4 ----
ssl/ssl_cert.c | 4 ----
ssl/ssl_lib.c | 2 --
4 files changed, 14 deletions(-)

diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
index 7a07a24..320d4a5 100644
--- a/ssl/s3_lib.c
+++ b/ssl/s3_lib.c
@@ -4518,9 +4518,7 @@ int ssl3_shutdown(SSL *s)

if (!(s->shutdown & SSL_SENT_SHUTDOWN)) {
s->shutdown |= SSL_SENT_SHUTDOWN;
-#if 1
ssl3_send_alert(s, SSL3_AL_WARNING, SSL_AD_CLOSE_NOTIFY);
-#endif
/*
* our shutdown alert has been sent now, and if it still needs to be
* written, s->s3->alert_dispatch will be true
@@ -4529,7 +4527,6 @@ int ssl3_shutdown(SSL *s)
return (-1); /* return WANT_WRITE */
} else if (s->s3->alert_dispatch) {
/* resend it if not sent */
-#if 1
ret = s->method->ssl_dispatch_alert(s);
if (ret == -1) {
/*
@@ -4539,7 +4536,6 @@ int ssl3_shutdown(SSL *s)
*/
return (ret);
}
-#endif
} else if (!(s->shutdown & SSL_RECEIVED_SHUTDOWN)) {
/*
* If we are waiting for a close from our peer, we are closed
diff --git a/ssl/s3_pkt.c b/ssl/s3_pkt.c
index a8fd16c..5b8fe5c 100644
--- a/ssl/s3_pkt.c
+++ b/ssl/s3_pkt.c
@@ -906,11 +906,7 @@ static int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
if ((sess == NULL) ||
(s->enc_write_ctx == NULL) ||
(EVP_MD_CTX_md(s->write_hash) == NULL)) {
-#if 1
clear = s->enc_write_ctx ? 0 : 1; /* must be AEAD cipher */
-#else
- clear = 1;
-#endif
mac_size = 0;
} else {
mac_size = EVP_MD_CTX_size(s->write_hash);
diff --git a/ssl/ssl_cert.c b/ssl/ssl_cert.c
index 1178d43..d81e06b 100644
--- a/ssl/ssl_cert.c
+++ b/ssl/ssl_cert.c
@@ -739,11 +739,7 @@ int ssl_verify_cert_chain(SSL *s, STACK_OF(X509) *sk)
X509_STORE_CTX_set_verify_cb(&ctx, s->verify_callback);

if (s->ctx->app_verify_callback != NULL)
-#if 1 /* new with OpenSSL 0.9.7 */
i = s->ctx->app_verify_callback(&ctx, s->ctx->app_verify_arg);
-#else
- i = s->ctx->app_verify_callback(&ctx); /* should pass app_verify_arg */
-#endif
else {
i = X509_verify_cert(&ctx);
# if 0
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index bcb6be1..4289fb9 100644
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -245,7 +245,6 @@ int SSL_clear(SSL *s)

s->first_packet = 0;

-#if 1
/*
* Check to see if we were changed into a different method, if so, revert
* back if we are not doing session-id reuse.
@@ -257,7 +256,6 @@ int SSL_clear(SSL *s)
if (!s->method->ssl_new(s))
return (0);
} else
-#endif
s->method->ssl_clear(s);
return (1);

Rich Salz

unread,

Feb 5, 2015, 3:08:48 PM2/5/15

to

The branch master has been updated

via fe6d2a339b1ef3650de1b12e26189e532cb7d8bc (commit)
from 8dd94afb18b27edd987b471914a616f9800a5e58 (commit)

- Log -----------------------------------------------------------------
commit fe6d2a339b1ef3650de1b12e26189e532cb7d8bc
Author: Rich Salz <rs...@openssl.org>
Date: Thu Feb 5 15:07:40 2015 -0500

Use memset in bn_mont

Use memset() not inline code. Compilers are smarter now.

Reviewed-by: Richard Levitte <lev...@openssl.org>

-----------------------------------------------------------------------

Summary of changes:

crypto/bn/bn_mont.c | 5 -----
1 file changed, 5 deletions(-)

diff --git a/crypto/bn/bn_mont.c b/crypto/bn/bn_mont.c
index 175145e..45deed7 100644
--- a/crypto/bn/bn_mont.c
+++ b/crypto/bn/bn_mont.c
@@ -196,12 +196,7 @@ static int BN_from_montgomery_word(BIGNUM *ret, BIGNUM *r, BN_MONT_CTX *mont)
rp = r->d;

/* clear the top words of T */
-# if 1
- for (i = r->top; i < max; i++) /* memset? XXX */
- rp[i] = 0;
-# else
memset(&(rp[r->top]), 0, (max - r->top) * sizeof(BN_ULONG));
-# endif

r->top = max;
n0 = mont->n0[0];