svn commit: r289848 - in vendor-crypto/openssl/dist: . apps crypto crypto/aes crypto/aes/asm crypto/asn1 crypto/bio crypto/bn crypto/bn/asm crypto/buffer crypto/camellia crypto/camellia/asm crypto/...
Jung-uk Kim
jkim at FreeBSD.org
Fri Oct 23 19:46:04 UTC 2015
Author: jkim
Date: Fri Oct 23 19:46:02 2015
New Revision: 289848
URL: https://svnweb.freebsd.org/changeset/base/289848
Log:
Import OpenSSL 1.0.2d.
Added:
vendor-crypto/openssl/dist/crypto/aes/asm/aesni-mb-x86_64.pl (contents, props changed)
vendor-crypto/openssl/dist/crypto/aes/asm/aesni-sha256-x86_64.pl (contents, props changed)
vendor-crypto/openssl/dist/crypto/aes/asm/aesp8-ppc.pl (contents, props changed)
vendor-crypto/openssl/dist/crypto/aes/asm/aest4-sparcv9.pl (contents, props changed)
vendor-crypto/openssl/dist/crypto/aes/asm/aesv8-armx.pl (contents, props changed)
vendor-crypto/openssl/dist/crypto/aes/asm/bsaes-armv7.pl (contents, props changed)
vendor-crypto/openssl/dist/crypto/aes/asm/vpaes-ppc.pl (contents, props changed)
vendor-crypto/openssl/dist/crypto/arm64cpuid.S (contents, props changed)
vendor-crypto/openssl/dist/crypto/bn/asm/mips3.s (contents, props changed)
vendor-crypto/openssl/dist/crypto/bn/asm/rsaz-avx2.pl (contents, props changed)
vendor-crypto/openssl/dist/crypto/bn/asm/rsaz-x86_64.pl (contents, props changed)
vendor-crypto/openssl/dist/crypto/bn/asm/sparct4-mont.pl (contents, props changed)
vendor-crypto/openssl/dist/crypto/bn/asm/sparcv9-gf2m.pl (contents, props changed)
vendor-crypto/openssl/dist/crypto/bn/asm/vis3-mont.pl (contents, props changed)
vendor-crypto/openssl/dist/crypto/bn/rsaz_exp.c (contents, props changed)
vendor-crypto/openssl/dist/crypto/bn/rsaz_exp.h (contents, props changed)
vendor-crypto/openssl/dist/crypto/camellia/asm/cmllt4-sparcv9.pl (contents, props changed)
vendor-crypto/openssl/dist/crypto/cms/cms_kari.c (contents, props changed)
vendor-crypto/openssl/dist/crypto/des/asm/dest4-sparcv9.pl (contents, props changed)
vendor-crypto/openssl/dist/crypto/dh/dh_kdf.c (contents, props changed)
vendor-crypto/openssl/dist/crypto/dh/dh_rfc5114.c (contents, props changed)
vendor-crypto/openssl/dist/crypto/ec/asm/
vendor-crypto/openssl/dist/crypto/ec/asm/ecp_nistz256-avx2.pl (contents, props changed)
vendor-crypto/openssl/dist/crypto/ec/asm/ecp_nistz256-x86_64.pl (contents, props changed)
vendor-crypto/openssl/dist/crypto/ec/ecp_nistz256.c (contents, props changed)
vendor-crypto/openssl/dist/crypto/ec/ecp_nistz256_table.c (contents, props changed)
vendor-crypto/openssl/dist/crypto/ecdh/ech_kdf.c (contents, props changed)
vendor-crypto/openssl/dist/crypto/evp/e_aes_cbc_hmac_sha256.c (contents, props changed)
vendor-crypto/openssl/dist/crypto/md5/asm/md5-sparcv9.pl (contents, props changed)
vendor-crypto/openssl/dist/crypto/modes/asm/aesni-gcm-x86_64.pl (contents, props changed)
vendor-crypto/openssl/dist/crypto/modes/asm/ghashp8-ppc.pl (contents, props changed)
vendor-crypto/openssl/dist/crypto/modes/asm/ghashv8-armx.pl (contents, props changed)
vendor-crypto/openssl/dist/crypto/modes/wrap128.c (contents, props changed)
vendor-crypto/openssl/dist/crypto/perlasm/sparcv9_modes.pl (contents, props changed)
vendor-crypto/openssl/dist/crypto/ppc_arch.h (contents, props changed)
vendor-crypto/openssl/dist/crypto/sha/asm/sha1-armv8.pl (contents, props changed)
vendor-crypto/openssl/dist/crypto/sha/asm/sha1-mb-x86_64.pl (contents, props changed)
vendor-crypto/openssl/dist/crypto/sha/asm/sha256-mb-x86_64.pl (contents, props changed)
vendor-crypto/openssl/dist/crypto/sha/asm/sha512-armv8.pl (contents, props changed)
vendor-crypto/openssl/dist/crypto/sha/asm/sha512p8-ppc.pl (contents, props changed)
vendor-crypto/openssl/dist/crypto/sparc_arch.h (contents, props changed)
vendor-crypto/openssl/dist/crypto/x509/vpm_int.h (contents, props changed)
vendor-crypto/openssl/dist/crypto/x509v3/v3_scts.c (contents, props changed)
vendor-crypto/openssl/dist/crypto/x509v3/v3nametest.c (contents, props changed)
vendor-crypto/openssl/dist/doc/crypto/ASN1_TIME_set.pod
vendor-crypto/openssl/dist/doc/crypto/EC_GFp_simple_method.pod
vendor-crypto/openssl/dist/doc/crypto/EC_GROUP_copy.pod
vendor-crypto/openssl/dist/doc/crypto/EC_GROUP_new.pod
vendor-crypto/openssl/dist/doc/crypto/EC_KEY_new.pod
vendor-crypto/openssl/dist/doc/crypto/EC_POINT_add.pod
vendor-crypto/openssl/dist/doc/crypto/EC_POINT_new.pod
vendor-crypto/openssl/dist/doc/crypto/OPENSSL_instrument_bus.pod
vendor-crypto/openssl/dist/doc/crypto/SSLeay_version.pod
vendor-crypto/openssl/dist/doc/crypto/X509_check_host.pod
vendor-crypto/openssl/dist/doc/crypto/d2i_ECPKParameters.pod
vendor-crypto/openssl/dist/doc/crypto/ec.pod
vendor-crypto/openssl/dist/doc/ssl/SSL_CONF_CTX_new.pod
vendor-crypto/openssl/dist/doc/ssl/SSL_CONF_CTX_set1_prefix.pod
vendor-crypto/openssl/dist/doc/ssl/SSL_CONF_CTX_set_flags.pod
vendor-crypto/openssl/dist/doc/ssl/SSL_CONF_CTX_set_ssl_ctx.pod
vendor-crypto/openssl/dist/doc/ssl/SSL_CONF_cmd.pod
vendor-crypto/openssl/dist/doc/ssl/SSL_CONF_cmd_argv.pod
vendor-crypto/openssl/dist/doc/ssl/SSL_CTX_add1_chain_cert.pod
vendor-crypto/openssl/dist/doc/ssl/SSL_CTX_get0_param.pod
vendor-crypto/openssl/dist/doc/ssl/SSL_CTX_set1_curves.pod
vendor-crypto/openssl/dist/doc/ssl/SSL_CTX_set1_verify_cert_store.pod
vendor-crypto/openssl/dist/doc/ssl/SSL_CTX_set_cert_cb.pod
vendor-crypto/openssl/dist/doc/ssl/SSL_CTX_set_custom_cli_ext.pod
vendor-crypto/openssl/dist/doc/ssl/SSL_CTX_use_serverinfo.pod
vendor-crypto/openssl/dist/ssl/ssl_conf.c (contents, props changed)
vendor-crypto/openssl/dist/ssl/t1_ext.c (contents, props changed)
vendor-crypto/openssl/dist/ssl/t1_trce.c (contents, props changed)
vendor-crypto/openssl/dist/util/copy-if-different.pl (contents, props changed)
Deleted:
vendor-crypto/openssl/dist/crypto/bn/asm/modexp512-x86_64.pl
vendor-crypto/openssl/dist/crypto/engine/eng_rsax.c
vendor-crypto/openssl/dist/crypto/evp/evp_fips.c
vendor-crypto/openssl/dist/ssl/d1_enc.c
Modified:
vendor-crypto/openssl/dist/CHANGES
vendor-crypto/openssl/dist/Configure
vendor-crypto/openssl/dist/FAQ
vendor-crypto/openssl/dist/FREEBSD-Xlist
vendor-crypto/openssl/dist/FREEBSD-upgrade
vendor-crypto/openssl/dist/Makefile
vendor-crypto/openssl/dist/Makefile.org
vendor-crypto/openssl/dist/NEWS
vendor-crypto/openssl/dist/README
vendor-crypto/openssl/dist/apps/apps.c
vendor-crypto/openssl/dist/apps/apps.h
vendor-crypto/openssl/dist/apps/ca.c
vendor-crypto/openssl/dist/apps/ciphers.c
vendor-crypto/openssl/dist/apps/cms.c
vendor-crypto/openssl/dist/apps/crl.c
vendor-crypto/openssl/dist/apps/dgst.c
vendor-crypto/openssl/dist/apps/dhparam.c
vendor-crypto/openssl/dist/apps/ecparam.c
vendor-crypto/openssl/dist/apps/genrsa.c
vendor-crypto/openssl/dist/apps/ocsp.c
vendor-crypto/openssl/dist/apps/openssl.cnf
vendor-crypto/openssl/dist/apps/pkcs8.c
vendor-crypto/openssl/dist/apps/s_apps.h
vendor-crypto/openssl/dist/apps/s_cb.c
vendor-crypto/openssl/dist/apps/s_client.c
vendor-crypto/openssl/dist/apps/s_server.c
vendor-crypto/openssl/dist/apps/s_socket.c
vendor-crypto/openssl/dist/apps/smime.c
vendor-crypto/openssl/dist/apps/speed.c
vendor-crypto/openssl/dist/apps/verify.c
vendor-crypto/openssl/dist/apps/x509.c
vendor-crypto/openssl/dist/config
vendor-crypto/openssl/dist/crypto/Makefile
vendor-crypto/openssl/dist/crypto/aes/Makefile
vendor-crypto/openssl/dist/crypto/aes/aes_wrap.c
vendor-crypto/openssl/dist/crypto/aes/aes_x86core.c
vendor-crypto/openssl/dist/crypto/aes/asm/aes-586.pl
vendor-crypto/openssl/dist/crypto/aes/asm/aes-armv4.pl
vendor-crypto/openssl/dist/crypto/aes/asm/aes-mips.pl
vendor-crypto/openssl/dist/crypto/aes/asm/aes-ppc.pl
vendor-crypto/openssl/dist/crypto/aes/asm/aes-x86_64.pl
vendor-crypto/openssl/dist/crypto/aes/asm/aesni-sha1-x86_64.pl
vendor-crypto/openssl/dist/crypto/aes/asm/aesni-x86.pl
vendor-crypto/openssl/dist/crypto/aes/asm/aesni-x86_64.pl
vendor-crypto/openssl/dist/crypto/aes/asm/bsaes-x86_64.pl
vendor-crypto/openssl/dist/crypto/aes/asm/vpaes-x86.pl
vendor-crypto/openssl/dist/crypto/aes/asm/vpaes-x86_64.pl
vendor-crypto/openssl/dist/crypto/arm_arch.h
vendor-crypto/openssl/dist/crypto/armcap.c
vendor-crypto/openssl/dist/crypto/armv4cpuid.S
vendor-crypto/openssl/dist/crypto/asn1/Makefile
vendor-crypto/openssl/dist/crypto/asn1/a_gentm.c
vendor-crypto/openssl/dist/crypto/asn1/a_time.c
vendor-crypto/openssl/dist/crypto/asn1/a_utctm.c
vendor-crypto/openssl/dist/crypto/asn1/ameth_lib.c
vendor-crypto/openssl/dist/crypto/asn1/asn1.h
vendor-crypto/openssl/dist/crypto/asn1/asn1_locl.h
vendor-crypto/openssl/dist/crypto/asn1/t_x509.c
vendor-crypto/openssl/dist/crypto/asn1/x_crl.c
vendor-crypto/openssl/dist/crypto/asn1/x_x509.c
vendor-crypto/openssl/dist/crypto/bio/b_dump.c
vendor-crypto/openssl/dist/crypto/bio/b_sock.c
vendor-crypto/openssl/dist/crypto/bio/bio.h
vendor-crypto/openssl/dist/crypto/bio/bio_err.c
vendor-crypto/openssl/dist/crypto/bio/bss_acpt.c
vendor-crypto/openssl/dist/crypto/bio/bss_conn.c
vendor-crypto/openssl/dist/crypto/bio/bss_dgram.c
vendor-crypto/openssl/dist/crypto/bio/bss_fd.c
vendor-crypto/openssl/dist/crypto/bn/Makefile
vendor-crypto/openssl/dist/crypto/bn/asm/armv4-gf2m.pl
vendor-crypto/openssl/dist/crypto/bn/asm/armv4-mont.pl
vendor-crypto/openssl/dist/crypto/bn/asm/mips-mont.pl
vendor-crypto/openssl/dist/crypto/bn/asm/mips.pl
vendor-crypto/openssl/dist/crypto/bn/asm/ppc-mont.pl
vendor-crypto/openssl/dist/crypto/bn/asm/ppc.pl
vendor-crypto/openssl/dist/crypto/bn/asm/ppc64-mont.pl
vendor-crypto/openssl/dist/crypto/bn/asm/x86_64-gcc.c
vendor-crypto/openssl/dist/crypto/bn/asm/x86_64-mont.pl
vendor-crypto/openssl/dist/crypto/bn/asm/x86_64-mont5.pl
vendor-crypto/openssl/dist/crypto/bn/bn.h
vendor-crypto/openssl/dist/crypto/bn/bn_asm.c
vendor-crypto/openssl/dist/crypto/bn/bn_exp.c
vendor-crypto/openssl/dist/crypto/bn/bn_gf2m.c
vendor-crypto/openssl/dist/crypto/bn/bn_lcl.h
vendor-crypto/openssl/dist/crypto/bn/bntest.c
vendor-crypto/openssl/dist/crypto/buffer/buf_str.c
vendor-crypto/openssl/dist/crypto/buffer/buffer.h
vendor-crypto/openssl/dist/crypto/camellia/Makefile
vendor-crypto/openssl/dist/crypto/camellia/asm/cmll-x86_64.pl
vendor-crypto/openssl/dist/crypto/cast/cast_lcl.h
vendor-crypto/openssl/dist/crypto/cms/Makefile
vendor-crypto/openssl/dist/crypto/cms/cms.h
vendor-crypto/openssl/dist/crypto/cms/cms_asn1.c
vendor-crypto/openssl/dist/crypto/cms/cms_env.c
vendor-crypto/openssl/dist/crypto/cms/cms_err.c
vendor-crypto/openssl/dist/crypto/cms/cms_lcl.h
vendor-crypto/openssl/dist/crypto/cms/cms_lib.c
vendor-crypto/openssl/dist/crypto/cms/cms_sd.c
vendor-crypto/openssl/dist/crypto/cms/cms_smime.c
vendor-crypto/openssl/dist/crypto/cryptlib.c
vendor-crypto/openssl/dist/crypto/cversion.c
vendor-crypto/openssl/dist/crypto/des/Makefile
vendor-crypto/openssl/dist/crypto/des/asm/des-586.pl
vendor-crypto/openssl/dist/crypto/des/asm/des_enc.m4
vendor-crypto/openssl/dist/crypto/des/des_locl.h
vendor-crypto/openssl/dist/crypto/des/read_pwd.c
vendor-crypto/openssl/dist/crypto/dh/Makefile
vendor-crypto/openssl/dist/crypto/dh/dh.h
vendor-crypto/openssl/dist/crypto/dh/dh_ameth.c
vendor-crypto/openssl/dist/crypto/dh/dh_asn1.c
vendor-crypto/openssl/dist/crypto/dh/dh_check.c
vendor-crypto/openssl/dist/crypto/dh/dh_err.c
vendor-crypto/openssl/dist/crypto/dh/dh_key.c
vendor-crypto/openssl/dist/crypto/dh/dh_pmeth.c
vendor-crypto/openssl/dist/crypto/dh/dhtest.c
vendor-crypto/openssl/dist/crypto/dsa/dsa.h
vendor-crypto/openssl/dist/crypto/dsa/dsa_ameth.c
vendor-crypto/openssl/dist/crypto/dsa/dsa_err.c
vendor-crypto/openssl/dist/crypto/dsa/dsa_gen.c
vendor-crypto/openssl/dist/crypto/dsa/dsa_locl.h
vendor-crypto/openssl/dist/crypto/dsa/dsa_ossl.c
vendor-crypto/openssl/dist/crypto/dsa/dsa_pmeth.c
vendor-crypto/openssl/dist/crypto/ebcdic.c
vendor-crypto/openssl/dist/crypto/ec/Makefile
vendor-crypto/openssl/dist/crypto/ec/ec.h
vendor-crypto/openssl/dist/crypto/ec/ec_ameth.c
vendor-crypto/openssl/dist/crypto/ec/ec_curve.c
vendor-crypto/openssl/dist/crypto/ec/ec_cvt.c
vendor-crypto/openssl/dist/crypto/ec/ec_err.c
vendor-crypto/openssl/dist/crypto/ec/ec_lcl.h
vendor-crypto/openssl/dist/crypto/ec/ec_lib.c
vendor-crypto/openssl/dist/crypto/ec/ec_pmeth.c
vendor-crypto/openssl/dist/crypto/ec/eck_prn.c
vendor-crypto/openssl/dist/crypto/ec/ecp_nistp521.c
vendor-crypto/openssl/dist/crypto/ecdh/Makefile
vendor-crypto/openssl/dist/crypto/ecdh/ecdh.h
vendor-crypto/openssl/dist/crypto/ecdh/ecdhtest.c
vendor-crypto/openssl/dist/crypto/ecdh/ech_ossl.c
vendor-crypto/openssl/dist/crypto/ecdsa/ecdsa.h
vendor-crypto/openssl/dist/crypto/ecdsa/ecs_err.c
vendor-crypto/openssl/dist/crypto/ecdsa/ecs_lib.c
vendor-crypto/openssl/dist/crypto/ecdsa/ecs_locl.h
vendor-crypto/openssl/dist/crypto/ecdsa/ecs_ossl.c
vendor-crypto/openssl/dist/crypto/engine/Makefile
vendor-crypto/openssl/dist/crypto/engine/eng_all.c
vendor-crypto/openssl/dist/crypto/engine/eng_cryptodev.c
vendor-crypto/openssl/dist/crypto/engine/engine.h
vendor-crypto/openssl/dist/crypto/evp/Makefile
vendor-crypto/openssl/dist/crypto/evp/c_allc.c
vendor-crypto/openssl/dist/crypto/evp/digest.c
vendor-crypto/openssl/dist/crypto/evp/e_aes.c
vendor-crypto/openssl/dist/crypto/evp/e_aes_cbc_hmac_sha1.c
vendor-crypto/openssl/dist/crypto/evp/e_camellia.c
vendor-crypto/openssl/dist/crypto/evp/e_des.c
vendor-crypto/openssl/dist/crypto/evp/e_des3.c
vendor-crypto/openssl/dist/crypto/evp/e_null.c
vendor-crypto/openssl/dist/crypto/evp/encode.c
vendor-crypto/openssl/dist/crypto/evp/evp.h
vendor-crypto/openssl/dist/crypto/evp/evp_enc.c
vendor-crypto/openssl/dist/crypto/evp/evp_err.c
vendor-crypto/openssl/dist/crypto/evp/evp_extra_test.c
vendor-crypto/openssl/dist/crypto/evp/evp_lib.c
vendor-crypto/openssl/dist/crypto/evp/evp_locl.h
vendor-crypto/openssl/dist/crypto/evp/evp_test.c
vendor-crypto/openssl/dist/crypto/evp/evptests.txt
vendor-crypto/openssl/dist/crypto/evp/m_dss.c
vendor-crypto/openssl/dist/crypto/evp/m_dss1.c
vendor-crypto/openssl/dist/crypto/evp/m_ecdsa.c
vendor-crypto/openssl/dist/crypto/evp/m_sha1.c
vendor-crypto/openssl/dist/crypto/evp/m_sigver.c
vendor-crypto/openssl/dist/crypto/evp/p_lib.c
vendor-crypto/openssl/dist/crypto/evp/pmeth_lib.c
vendor-crypto/openssl/dist/crypto/hmac/hm_ameth.c
vendor-crypto/openssl/dist/crypto/hmac/hmac.c
vendor-crypto/openssl/dist/crypto/hmac/hmactest.c
vendor-crypto/openssl/dist/crypto/jpake/jpake.c
vendor-crypto/openssl/dist/crypto/md32_common.h
vendor-crypto/openssl/dist/crypto/md5/Makefile
vendor-crypto/openssl/dist/crypto/md5/md5_locl.h
vendor-crypto/openssl/dist/crypto/modes/Makefile
vendor-crypto/openssl/dist/crypto/modes/asm/ghash-armv4.pl
vendor-crypto/openssl/dist/crypto/modes/asm/ghash-s390x.pl
vendor-crypto/openssl/dist/crypto/modes/asm/ghash-sparcv9.pl
vendor-crypto/openssl/dist/crypto/modes/asm/ghash-x86.pl
vendor-crypto/openssl/dist/crypto/modes/asm/ghash-x86_64.pl
vendor-crypto/openssl/dist/crypto/modes/cbc128.c
vendor-crypto/openssl/dist/crypto/modes/gcm128.c
vendor-crypto/openssl/dist/crypto/modes/modes.h
vendor-crypto/openssl/dist/crypto/modes/modes_lcl.h
vendor-crypto/openssl/dist/crypto/o_str.c
vendor-crypto/openssl/dist/crypto/o_time.c
vendor-crypto/openssl/dist/crypto/o_time.h
vendor-crypto/openssl/dist/crypto/objects/obj_dat.h
vendor-crypto/openssl/dist/crypto/objects/obj_mac.h
vendor-crypto/openssl/dist/crypto/objects/obj_mac.num
vendor-crypto/openssl/dist/crypto/objects/obj_xref.h
vendor-crypto/openssl/dist/crypto/objects/obj_xref.txt
vendor-crypto/openssl/dist/crypto/objects/objects.txt
vendor-crypto/openssl/dist/crypto/objects/objxref.pl
vendor-crypto/openssl/dist/crypto/ocsp/ocsp.h
vendor-crypto/openssl/dist/crypto/ocsp/ocsp_ht.c
vendor-crypto/openssl/dist/crypto/ocsp/ocsp_lib.c
vendor-crypto/openssl/dist/crypto/opensslconf.h
vendor-crypto/openssl/dist/crypto/opensslv.h
vendor-crypto/openssl/dist/crypto/ossl_typ.h
vendor-crypto/openssl/dist/crypto/pem/Makefile
vendor-crypto/openssl/dist/crypto/pem/pem.h
vendor-crypto/openssl/dist/crypto/pem/pem_all.c
vendor-crypto/openssl/dist/crypto/pem/pem_err.c
vendor-crypto/openssl/dist/crypto/pem/pem_lib.c
vendor-crypto/openssl/dist/crypto/pem/pem_pkey.c
vendor-crypto/openssl/dist/crypto/perlasm/ppc-xlate.pl
vendor-crypto/openssl/dist/crypto/perlasm/x86_64-xlate.pl
vendor-crypto/openssl/dist/crypto/perlasm/x86asm.pl
vendor-crypto/openssl/dist/crypto/perlasm/x86gas.pl
vendor-crypto/openssl/dist/crypto/perlasm/x86masm.pl
vendor-crypto/openssl/dist/crypto/perlasm/x86nasm.pl
vendor-crypto/openssl/dist/crypto/pkcs12/p12_decr.c
vendor-crypto/openssl/dist/crypto/pkcs12/p12_p8e.c
vendor-crypto/openssl/dist/crypto/ppccap.c
vendor-crypto/openssl/dist/crypto/ppccpuid.pl
vendor-crypto/openssl/dist/crypto/rc4/Makefile
vendor-crypto/openssl/dist/crypto/rc4/asm/rc4-586.pl
vendor-crypto/openssl/dist/crypto/rc4/rc4_enc.c
vendor-crypto/openssl/dist/crypto/rc5/rc5_locl.h
vendor-crypto/openssl/dist/crypto/rsa/Makefile
vendor-crypto/openssl/dist/crypto/rsa/rsa.h
vendor-crypto/openssl/dist/crypto/rsa/rsa_ameth.c
vendor-crypto/openssl/dist/crypto/rsa/rsa_asn1.c
vendor-crypto/openssl/dist/crypto/rsa/rsa_err.c
vendor-crypto/openssl/dist/crypto/rsa/rsa_oaep.c
vendor-crypto/openssl/dist/crypto/rsa/rsa_pmeth.c
vendor-crypto/openssl/dist/crypto/rsa/rsa_sign.c
vendor-crypto/openssl/dist/crypto/sha/Makefile
vendor-crypto/openssl/dist/crypto/sha/asm/sha1-586.pl
vendor-crypto/openssl/dist/crypto/sha/asm/sha1-armv4-large.pl
vendor-crypto/openssl/dist/crypto/sha/asm/sha1-mips.pl
vendor-crypto/openssl/dist/crypto/sha/asm/sha1-ppc.pl
vendor-crypto/openssl/dist/crypto/sha/asm/sha1-sparcv9.pl
vendor-crypto/openssl/dist/crypto/sha/asm/sha1-x86_64.pl
vendor-crypto/openssl/dist/crypto/sha/asm/sha256-586.pl
vendor-crypto/openssl/dist/crypto/sha/asm/sha256-armv4.pl
vendor-crypto/openssl/dist/crypto/sha/asm/sha512-586.pl
vendor-crypto/openssl/dist/crypto/sha/asm/sha512-armv4.pl
vendor-crypto/openssl/dist/crypto/sha/asm/sha512-ia64.pl
vendor-crypto/openssl/dist/crypto/sha/asm/sha512-mips.pl
vendor-crypto/openssl/dist/crypto/sha/asm/sha512-ppc.pl
vendor-crypto/openssl/dist/crypto/sha/asm/sha512-sparcv9.pl
vendor-crypto/openssl/dist/crypto/sha/asm/sha512-x86_64.pl
vendor-crypto/openssl/dist/crypto/sha/sha512.c
vendor-crypto/openssl/dist/crypto/sparccpuid.S
vendor-crypto/openssl/dist/crypto/sparcv9cap.c
vendor-crypto/openssl/dist/crypto/srp/Makefile
vendor-crypto/openssl/dist/crypto/srp/srptest.c
vendor-crypto/openssl/dist/crypto/stack/safestack.h
vendor-crypto/openssl/dist/crypto/stack/stack.c
vendor-crypto/openssl/dist/crypto/stack/stack.h
vendor-crypto/openssl/dist/crypto/symhacks.h
vendor-crypto/openssl/dist/crypto/ts/ts_rsp_sign.c
vendor-crypto/openssl/dist/crypto/ts/ts_rsp_verify.c
vendor-crypto/openssl/dist/crypto/ui/ui_openssl.c
vendor-crypto/openssl/dist/crypto/whrlpool/asm/wp-mmx.pl
vendor-crypto/openssl/dist/crypto/whrlpool/asm/wp-x86_64.pl
vendor-crypto/openssl/dist/crypto/x509/Makefile
vendor-crypto/openssl/dist/crypto/x509/verify_extra_test.c
vendor-crypto/openssl/dist/crypto/x509/x509.h
vendor-crypto/openssl/dist/crypto/x509/x509_cmp.c
vendor-crypto/openssl/dist/crypto/x509/x509_err.c
vendor-crypto/openssl/dist/crypto/x509/x509_lu.c
vendor-crypto/openssl/dist/crypto/x509/x509_set.c
vendor-crypto/openssl/dist/crypto/x509/x509_trs.c
vendor-crypto/openssl/dist/crypto/x509/x509_txt.c
vendor-crypto/openssl/dist/crypto/x509/x509_vfy.c
vendor-crypto/openssl/dist/crypto/x509/x509_vfy.h
vendor-crypto/openssl/dist/crypto/x509/x509_vpm.c
vendor-crypto/openssl/dist/crypto/x509/x_all.c
vendor-crypto/openssl/dist/crypto/x509v3/Makefile
vendor-crypto/openssl/dist/crypto/x509v3/ext_dat.h
vendor-crypto/openssl/dist/crypto/x509v3/v3_lib.c
vendor-crypto/openssl/dist/crypto/x509v3/v3_purp.c
vendor-crypto/openssl/dist/crypto/x509v3/v3_utl.c
vendor-crypto/openssl/dist/crypto/x509v3/v3err.c
vendor-crypto/openssl/dist/crypto/x509v3/x509v3.h
vendor-crypto/openssl/dist/crypto/x86_64cpuid.pl
vendor-crypto/openssl/dist/crypto/x86cpuid.pl
vendor-crypto/openssl/dist/doc/apps/c_rehash.pod
vendor-crypto/openssl/dist/doc/apps/ciphers.pod
vendor-crypto/openssl/dist/doc/apps/cms.pod
vendor-crypto/openssl/dist/doc/apps/genpkey.pod
vendor-crypto/openssl/dist/doc/apps/ocsp.pod
vendor-crypto/openssl/dist/doc/apps/pkcs8.pod
vendor-crypto/openssl/dist/doc/apps/req.pod
vendor-crypto/openssl/dist/doc/apps/s_client.pod
vendor-crypto/openssl/dist/doc/apps/s_server.pod
vendor-crypto/openssl/dist/doc/apps/smime.pod
vendor-crypto/openssl/dist/doc/apps/verify.pod
vendor-crypto/openssl/dist/doc/apps/x509.pod
vendor-crypto/openssl/dist/doc/crypto/ASN1_STRING_length.pod
vendor-crypto/openssl/dist/doc/crypto/ASN1_STRING_print_ex.pod
vendor-crypto/openssl/dist/doc/crypto/BIO_f_ssl.pod
vendor-crypto/openssl/dist/doc/crypto/BIO_find_type.pod
vendor-crypto/openssl/dist/doc/crypto/BIO_s_accept.pod
vendor-crypto/openssl/dist/doc/crypto/BIO_s_connect.pod
vendor-crypto/openssl/dist/doc/crypto/BN_BLINDING_new.pod
vendor-crypto/openssl/dist/doc/crypto/BN_CTX_new.pod
vendor-crypto/openssl/dist/doc/crypto/BN_generate_prime.pod
vendor-crypto/openssl/dist/doc/crypto/BN_rand.pod
vendor-crypto/openssl/dist/doc/crypto/CMS_add0_cert.pod
vendor-crypto/openssl/dist/doc/crypto/CMS_get0_RecipientInfos.pod
vendor-crypto/openssl/dist/doc/crypto/CMS_get0_SignerInfos.pod
vendor-crypto/openssl/dist/doc/crypto/CMS_verify.pod
vendor-crypto/openssl/dist/doc/crypto/DH_generate_parameters.pod
vendor-crypto/openssl/dist/doc/crypto/DSA_generate_parameters.pod
vendor-crypto/openssl/dist/doc/crypto/ERR_remove_state.pod
vendor-crypto/openssl/dist/doc/crypto/EVP_BytesToKey.pod
vendor-crypto/openssl/dist/doc/crypto/EVP_DigestInit.pod
vendor-crypto/openssl/dist/doc/crypto/EVP_DigestVerifyInit.pod
vendor-crypto/openssl/dist/doc/crypto/EVP_EncryptInit.pod
vendor-crypto/openssl/dist/doc/crypto/EVP_PKEY_CTX_ctrl.pod
vendor-crypto/openssl/dist/doc/crypto/EVP_PKEY_cmp.pod
vendor-crypto/openssl/dist/doc/crypto/OPENSSL_VERSION_NUMBER.pod
vendor-crypto/openssl/dist/doc/crypto/OPENSSL_config.pod
vendor-crypto/openssl/dist/doc/crypto/OPENSSL_ia32cap.pod
vendor-crypto/openssl/dist/doc/crypto/OPENSSL_load_builtin_modules.pod
vendor-crypto/openssl/dist/doc/crypto/OpenSSL_add_all_algorithms.pod
vendor-crypto/openssl/dist/doc/crypto/PKCS7_verify.pod
vendor-crypto/openssl/dist/doc/crypto/RAND_egd.pod
vendor-crypto/openssl/dist/doc/crypto/RSA_generate_key.pod
vendor-crypto/openssl/dist/doc/crypto/X509_NAME_add_entry_by_txt.pod
vendor-crypto/openssl/dist/doc/crypto/X509_STORE_CTX_get_error.pod
vendor-crypto/openssl/dist/doc/crypto/X509_VERIFY_PARAM_set_flags.pod
vendor-crypto/openssl/dist/doc/crypto/crypto.pod
vendor-crypto/openssl/dist/doc/crypto/d2i_DSAPublicKey.pod
vendor-crypto/openssl/dist/doc/crypto/d2i_X509.pod
vendor-crypto/openssl/dist/doc/crypto/d2i_X509_CRL.pod
vendor-crypto/openssl/dist/doc/crypto/ecdsa.pod
vendor-crypto/openssl/dist/doc/crypto/evp.pod
vendor-crypto/openssl/dist/doc/crypto/hmac.pod
vendor-crypto/openssl/dist/doc/crypto/i2d_PKCS7_bio_stream.pod
vendor-crypto/openssl/dist/doc/crypto/rand.pod
vendor-crypto/openssl/dist/doc/crypto/sha.pod
vendor-crypto/openssl/dist/doc/ssl/SSL_CIPHER_get_name.pod
vendor-crypto/openssl/dist/doc/ssl/SSL_COMP_add_compression_method.pod
vendor-crypto/openssl/dist/doc/ssl/SSL_CTX_add_extra_chain_cert.pod
vendor-crypto/openssl/dist/doc/ssl/SSL_CTX_sess_set_cache_size.pod
vendor-crypto/openssl/dist/doc/ssl/SSL_CTX_set_cert_store.pod
vendor-crypto/openssl/dist/doc/ssl/SSL_CTX_set_cipher_list.pod
vendor-crypto/openssl/dist/doc/ssl/SSL_CTX_set_tmp_rsa_callback.pod
vendor-crypto/openssl/dist/doc/ssl/SSL_CTX_use_certificate.pod
vendor-crypto/openssl/dist/doc/ssl/SSL_CTX_use_psk_identity_hint.pod
vendor-crypto/openssl/dist/doc/ssl/SSL_accept.pod
vendor-crypto/openssl/dist/doc/ssl/SSL_do_handshake.pod
vendor-crypto/openssl/dist/doc/ssl/SSL_shutdown.pod
vendor-crypto/openssl/dist/doc/ssl/ssl.pod
vendor-crypto/openssl/dist/doc/ssleay.txt
vendor-crypto/openssl/dist/e_os.h
vendor-crypto/openssl/dist/e_os2.h
vendor-crypto/openssl/dist/engines/Makefile
vendor-crypto/openssl/dist/engines/ccgost/Makefile
vendor-crypto/openssl/dist/engines/ccgost/gost89.c
vendor-crypto/openssl/dist/engines/ccgost/gost_crypt.c
vendor-crypto/openssl/dist/engines/ccgost/gost_pmeth.c
vendor-crypto/openssl/dist/engines/e_capi.c
vendor-crypto/openssl/dist/engines/vendor_defns/hwcryptohook.h
vendor-crypto/openssl/dist/ssl/Makefile
vendor-crypto/openssl/dist/ssl/d1_both.c
vendor-crypto/openssl/dist/ssl/d1_clnt.c
vendor-crypto/openssl/dist/ssl/d1_lib.c
vendor-crypto/openssl/dist/ssl/d1_meth.c
vendor-crypto/openssl/dist/ssl/d1_pkt.c
vendor-crypto/openssl/dist/ssl/d1_srtp.c
vendor-crypto/openssl/dist/ssl/d1_srvr.c
vendor-crypto/openssl/dist/ssl/dtls1.h
vendor-crypto/openssl/dist/ssl/heartbeat_test.c
vendor-crypto/openssl/dist/ssl/s23_clnt.c
vendor-crypto/openssl/dist/ssl/s23_srvr.c
vendor-crypto/openssl/dist/ssl/s2_clnt.c
vendor-crypto/openssl/dist/ssl/s2_lib.c
vendor-crypto/openssl/dist/ssl/s3_both.c
vendor-crypto/openssl/dist/ssl/s3_cbc.c
vendor-crypto/openssl/dist/ssl/s3_clnt.c
vendor-crypto/openssl/dist/ssl/s3_enc.c
vendor-crypto/openssl/dist/ssl/s3_lib.c
vendor-crypto/openssl/dist/ssl/s3_pkt.c
vendor-crypto/openssl/dist/ssl/s3_srvr.c
vendor-crypto/openssl/dist/ssl/srtp.h
vendor-crypto/openssl/dist/ssl/ssl.h
vendor-crypto/openssl/dist/ssl/ssl3.h
vendor-crypto/openssl/dist/ssl/ssl_algs.c
vendor-crypto/openssl/dist/ssl/ssl_cert.c
vendor-crypto/openssl/dist/ssl/ssl_ciph.c
vendor-crypto/openssl/dist/ssl/ssl_err.c
vendor-crypto/openssl/dist/ssl/ssl_lib.c
vendor-crypto/openssl/dist/ssl/ssl_locl.h
vendor-crypto/openssl/dist/ssl/ssl_rsa.c
vendor-crypto/openssl/dist/ssl/ssl_sess.c
vendor-crypto/openssl/dist/ssl/ssl_txt.c
vendor-crypto/openssl/dist/ssl/ssltest.c
vendor-crypto/openssl/dist/ssl/t1_clnt.c
vendor-crypto/openssl/dist/ssl/t1_enc.c
vendor-crypto/openssl/dist/ssl/t1_lib.c
vendor-crypto/openssl/dist/ssl/t1_meth.c
vendor-crypto/openssl/dist/ssl/t1_srvr.c
vendor-crypto/openssl/dist/ssl/tls1.h
vendor-crypto/openssl/dist/util/files.pl
vendor-crypto/openssl/dist/util/libeay.num
vendor-crypto/openssl/dist/util/mk1mf.pl
vendor-crypto/openssl/dist/util/mkdef.pl
vendor-crypto/openssl/dist/util/mkerr.pl
vendor-crypto/openssl/dist/util/mkstack.pl
vendor-crypto/openssl/dist/util/pl/BC-32.pl
vendor-crypto/openssl/dist/util/pl/VC-32.pl
vendor-crypto/openssl/dist/util/pl/unix.pl
vendor-crypto/openssl/dist/util/ssleay.num
Modified: vendor-crypto/openssl/dist/CHANGES
==============================================================================
--- vendor-crypto/openssl/dist/CHANGES Fri Oct 23 19:45:22 2015 (r289847)
+++ vendor-crypto/openssl/dist/CHANGES Fri Oct 23 19:46:02 2015 (r289848)
@@ -2,7 +2,7 @@
OpenSSL CHANGES
_______________
- Changes between 1.0.1o and 1.0.1p [9 Jul 2015]
+ Changes between 1.0.2c and 1.0.2d [9 Jul 2015]
*) Alternate chains certificate forgery
@@ -17,13 +17,13 @@
(Google/BoringSSL).
[Matt Caswell]
- Changes between 1.0.1n and 1.0.1o [12 Jun 2015]
+ Changes between 1.0.2b and 1.0.2c [12 Jun 2015]
*) Fix HMAC ABI incompatibility. The previous version introduced an ABI
incompatibility in the handling of HMAC. The previous ABI has now been
restored.
- Changes between 1.0.1m and 1.0.1n [11 Jun 2015]
+ Changes between 1.0.2a and 1.0.2b [11 Jun 2015]
*) Malformed ECParameters causes infinite loop
@@ -91,10 +91,65 @@
(CVE-2015-1791)
[Matt Caswell]
+ *) Removed support for the two export grade static DH ciphersuites
+ EXP-DH-RSA-DES-CBC-SHA and EXP-DH-DSS-DES-CBC-SHA. These two ciphersuites
+ were newly added (along with a number of other static DH ciphersuites) to
+ 1.0.2. However the two export ones have *never* worked since they were
+ introduced. It seems strange in any case to be adding new export
+ ciphersuites, and given "logjam" it also does not seem correct to fix them.
+ [Matt Caswell]
+
+ *) Only support 256-bit or stronger elliptic curves with the
+ 'ecdh_auto' setting (server) or by default (client). Of supported
+ curves, prefer P-256 (both).
+ [Emilia Kasper]
+
*) Reject DH handshakes with parameters shorter than 768 bits.
[Kurt Roeckx and Emilia Kasper]
- Changes between 1.0.1l and 1.0.1m [19 Mar 2015]
+ Changes between 1.0.2 and 1.0.2a [19 Mar 2015]
+
+ *) ClientHello sigalgs DoS fix
+
+ If a client connects to an OpenSSL 1.0.2 server and renegotiates with an
+ invalid signature algorithms extension a NULL pointer dereference will
+ occur. This can be exploited in a DoS attack against the server.
+
+ This issue was was reported to OpenSSL by David Ramos of Stanford
+ University.
+ (CVE-2015-0291)
+ [Stephen Henson and Matt Caswell]
+
+ *) Multiblock corrupted pointer fix
+
+ OpenSSL 1.0.2 introduced the "multiblock" performance improvement. This
+ feature only applies on 64 bit x86 architecture platforms that support AES
+ NI instructions. A defect in the implementation of "multiblock" can cause
+ OpenSSL's internal write buffer to become incorrectly set to NULL when
+ using non-blocking IO. Typically, when the user application is using a
+ socket BIO for writing, this will only result in a failed connection.
+ However if some other BIO is used then it is likely that a segmentation
+ fault will be triggered, thus enabling a potential DoS attack.
+
+ This issue was reported to OpenSSL by Daniel Danner and Rainer Mueller.
+ (CVE-2015-0290)
+ [Matt Caswell]
+
+ *) Segmentation fault in DTLSv1_listen fix
+
+ The DTLSv1_listen function is intended to be stateless and processes the
+ initial ClientHello from many peers. It is common for user code to loop
+ over the call to DTLSv1_listen until a valid ClientHello is received with
+ an associated cookie. A defect in the implementation of DTLSv1_listen means
+ that state is preserved in the SSL object from one invocation to the next
+ that can lead to a segmentation fault. Errors processing the initial
+ ClientHello can trigger this scenario. An example of such an error could be
+ that a DTLS1.0 only client is attempting to connect to a DTLS1.2 only
+ server.
+
+ This issue was reported to OpenSSL by Per Allansson.
+ (CVE-2015-0207)
+ [Matt Caswell]
*) Segmentation fault in ASN1_TYPE_cmp fix
@@ -107,6 +162,20 @@
(CVE-2015-0286)
[Stephen Henson]
+ *) Segmentation fault for invalid PSS parameters fix
+
+ The signature verification routines will crash with a NULL pointer
+ dereference if presented with an ASN.1 signature using the RSA PSS
+ algorithm and invalid parameters. Since these routines are used to verify
+ certificate signature algorithms this can be used to crash any
+ certificate verification operation and exploited in a DoS attack. Any
+ application which performs certificate verification is vulnerable including
+ OpenSSL clients and servers which enable client authentication.
+
+ This issue was was reported to OpenSSL by Brian Carpenter.
+ (CVE-2015-0208)
+ [Stephen Henson]
+
*) ASN.1 structure reuse memory corruption fix
Reusing a structure in ASN.1 parsing may allow an attacker to cause
@@ -145,6 +214,36 @@
(CVE-2015-0293)
[Emilia Käsper]
+ *) Empty CKE with client auth and DHE fix
+
+ If client auth is used then a server can seg fault in the event of a DHE
+ ciphersuite being selected and a zero length ClientKeyExchange message
+ being sent by the client. This could be exploited in a DoS attack.
+ (CVE-2015-1787)
+ [Matt Caswell]
+
+ *) Handshake with unseeded PRNG fix
+
+ Under certain conditions an OpenSSL 1.0.2 client can complete a handshake
+ with an unseeded PRNG. The conditions are:
+ - The client is on a platform where the PRNG has not been seeded
+ automatically, and the user has not seeded manually
+ - A protocol specific client method version has been used (i.e. not
+ SSL_client_methodv23)
+ - A ciphersuite is used that does not require additional random data from
+ the PRNG beyond the initial ClientHello client random (e.g. PSK-RC4-SHA).
+
+ If the handshake succeeds then the client random that has been used will
+ have been generated from a PRNG with insufficient entropy and therefore the
+ output may be predictable.
+
+ For example using the following command with an unseeded openssl will
+ succeed on an unpatched platform:
+
+ openssl s_client -psk 1a2b3c4d -tls1_2 -cipher PSK-RC4-SHA
+ (CVE-2015-0285)
+ [Matt Caswell]
+
*) Use After Free following d2i_ECPrivatekey error fix
A malformed EC private key file consumed via the d2i_ECPrivateKey function
@@ -171,6 +270,336 @@
*) Removed the export ciphers from the DEFAULT ciphers
[Kurt Roeckx]
+ Changes between 1.0.1l and 1.0.2 [22 Jan 2015]
+
+ *) Facilitate "universal" ARM builds targeting range of ARM ISAs, e.g.
+ ARMv5 through ARMv8, as opposite to "locking" it to single one.
+ So far those who have to target multiple plaforms would compromise
+ and argue that binary targeting say ARMv5 would still execute on
+ ARMv8. "Universal" build resolves this compromise by providing
+ near-optimal performance even on newer platforms.
+ [Andy Polyakov]
+
+ *) Accelerated NIST P-256 elliptic curve implementation for x86_64
+ (other platforms pending).
+ [Shay Gueron & Vlad Krasnov (Intel Corp), Andy Polyakov]
+
+ *) Add support for the SignedCertificateTimestampList certificate and
+ OCSP response extensions from RFC6962.
+ [Rob Stradling]
+
+ *) Fix ec_GFp_simple_points_make_affine (thus, EC_POINTs_mul etc.)
+ for corner cases. (Certain input points at infinity could lead to
+ bogus results, with non-infinity inputs mapped to infinity too.)
+ [Bodo Moeller]
+
+ *) Initial support for PowerISA 2.0.7, first implemented in POWER8.
+ This covers AES, SHA256/512 and GHASH. "Initial" means that most
+ common cases are optimized and there still is room for further
+ improvements. Vector Permutation AES for Altivec is also added.
+ [Andy Polyakov]
+
+ *) Add support for little-endian ppc64 Linux target.
+ [Marcelo Cerri (IBM)]
+
+ *) Initial support for AMRv8 ISA crypto extensions. This covers AES,
+ SHA1, SHA256 and GHASH. "Initial" means that most common cases
+ are optimized and there still is room for further improvements.
+ Both 32- and 64-bit modes are supported.
+ [Andy Polyakov, Ard Biesheuvel (Linaro)]
+
+ *) Improved ARMv7 NEON support.
+ [Andy Polyakov]
+
+ *) Support for SPARC Architecture 2011 crypto extensions, first
+ implemented in SPARC T4. This covers AES, DES, Camellia, SHA1,
+ SHA256/512, MD5, GHASH and modular exponentiation.
+ [Andy Polyakov, David Miller]
+
+ *) Accelerated modular exponentiation for Intel processors, a.k.a.
+ RSAZ.
+ [Shay Gueron & Vlad Krasnov (Intel Corp)]
+
+ *) Support for new and upcoming Intel processors, including AVX2,
+ BMI and SHA ISA extensions. This includes additional "stitched"
+ implementations, AESNI-SHA256 and GCM, and multi-buffer support
+ for TLS encrypt.
+
+ This work was sponsored by Intel Corp.
+ [Andy Polyakov]
+
+ *) Support for DTLS 1.2. This adds two sets of DTLS methods: DTLS_*_method()
+ supports both DTLS 1.2 and 1.0 and should use whatever version the peer
+ supports and DTLSv1_2_*_method() which supports DTLS 1.2 only.
+ [Steve Henson]
+
+ *) Use algorithm specific chains in SSL_CTX_use_certificate_chain_file():
+ this fixes a limiation in previous versions of OpenSSL.
+ [Steve Henson]
+
+ *) Extended RSA OAEP support via EVP_PKEY API. Options to specify digest,
+ MGF1 digest and OAEP label.
+ [Steve Henson]
+
+ *) Add EVP support for key wrapping algorithms, to avoid problems with
+ existing code the flag EVP_CIPHER_CTX_WRAP_ALLOW has to be set in
+ the EVP_CIPHER_CTX or an error is returned. Add AES and DES3 wrap
+ algorithms and include tests cases.
+ [Steve Henson]
+
+ *) Add functions to allocate and set the fields of an ECDSA_METHOD
+ structure.
+ [Douglas E. Engert, Steve Henson]
+
+ *) New functions OPENSSL_gmtime_diff and ASN1_TIME_diff to find the
+ difference in days and seconds between two tm or ASN1_TIME structures.
+ [Steve Henson]
+
+ *) Add -rev test option to s_server to just reverse order of characters
+ received by client and send back to server. Also prints an abbreviated
+ summary of the connection parameters.
+ [Steve Henson]
+
+ *) New option -brief for s_client and s_server to print out a brief summary
+ of connection parameters.
+ [Steve Henson]
+
+ *) Add callbacks for arbitrary TLS extensions.
+ [Trevor Perrin <trevp at trevp.net> and Ben Laurie]
+
+ *) New option -crl_download in several openssl utilities to download CRLs
+ from CRLDP extension in certificates.
+ [Steve Henson]
+
+ *) New options -CRL and -CRLform for s_client and s_server for CRLs.
+ [Steve Henson]
+
+ *) New function X509_CRL_diff to generate a delta CRL from the difference
+ of two full CRLs. Add support to "crl" utility.
+ [Steve Henson]
+
+ *) New functions to set lookup_crls function and to retrieve
+ X509_STORE from X509_STORE_CTX.
+ [Steve Henson]
+
+ *) Print out deprecated issuer and subject unique ID fields in
+ certificates.
+ [Steve Henson]
+
+ *) Extend OCSP I/O functions so they can be used for simple general purpose
+ HTTP as well as OCSP. New wrapper function which can be used to download
+ CRLs using the OCSP API.
+ [Steve Henson]
+
+ *) Delegate command line handling in s_client/s_server to SSL_CONF APIs.
+ [Steve Henson]
+
+ *) SSL_CONF* functions. These provide a common framework for application
+ configuration using configuration files or command lines.
+ [Steve Henson]
+
+ *) SSL/TLS tracing code. This parses out SSL/TLS records using the
+ message callback and prints the results. Needs compile time option
+ "enable-ssl-trace". New options to s_client and s_server to enable
+ tracing.
+ [Steve Henson]
+
+ *) New ctrl and macro to retrieve supported points extensions.
+ Print out extension in s_server and s_client.
+ [Steve Henson]
+
+ *) New functions to retrieve certificate signature and signature
+ OID NID.
+ [Steve Henson]
+
+ *) Add functions to retrieve and manipulate the raw cipherlist sent by a
+ client to OpenSSL.
+ [Steve Henson]
+
+ *) New Suite B modes for TLS code. These use and enforce the requirements
+ of RFC6460: restrict ciphersuites, only permit Suite B algorithms and
+ only use Suite B curves. The Suite B modes can be set by using the
+ strings "SUITEB128", "SUITEB192" or "SUITEB128ONLY" for the cipherstring.
+ [Steve Henson]
+
+ *) New chain verification flags for Suite B levels of security. Check
+ algorithms are acceptable when flags are set in X509_verify_cert.
+ [Steve Henson]
+
+ *) Make tls1_check_chain return a set of flags indicating checks passed
+ by a certificate chain. Add additional tests to handle client
+ certificates: checks for matching certificate type and issuer name
+ comparison.
+ [Steve Henson]
+
+ *) If an attempt is made to use a signature algorithm not in the peer
+ preference list abort the handshake. If client has no suitable
+ signature algorithms in response to a certificate request do not
+ use the certificate.
+ [Steve Henson]
+
+ *) If server EC tmp key is not in client preference list abort handshake.
+ [Steve Henson]
+
+ *) Add support for certificate stores in CERT structure. This makes it
+ possible to have different stores per SSL structure or one store in
+ the parent SSL_CTX. Include distint stores for certificate chain
+ verification and chain building. New ctrl SSL_CTRL_BUILD_CERT_CHAIN
+ to build and store a certificate chain in CERT structure: returing
+ an error if the chain cannot be built: this will allow applications
+ to test if a chain is correctly configured.
+
+ Note: if the CERT based stores are not set then the parent SSL_CTX
+ store is used to retain compatibility with existing behaviour.
+
+ [Steve Henson]
+
+ *) New function ssl_set_client_disabled to set a ciphersuite disabled
+ mask based on the current session, check mask when sending client
+ hello and checking the requested ciphersuite.
+ [Steve Henson]
+
+ *) New ctrls to retrieve and set certificate types in a certificate
+ request message. Print out received values in s_client. If certificate
+ types is not set with custom values set sensible values based on
+ supported signature algorithms.
+ [Steve Henson]
+
+ *) Support for distinct client and server supported signature algorithms.
+ [Steve Henson]
+
+ *) Add certificate callback. If set this is called whenever a certificate
+ is required by client or server. An application can decide which
+ certificate chain to present based on arbitrary criteria: for example
+ supported signature algorithms. Add very simple example to s_server.
+ This fixes many of the problems and restrictions of the existing client
+ certificate callback: for example you can now clear an existing
+ certificate and specify the whole chain.
+ [Steve Henson]
+
+ *) Add new "valid_flags" field to CERT_PKEY structure which determines what
+ the certificate can be used for (if anything). Set valid_flags field
+ in new tls1_check_chain function. Simplify ssl_set_cert_masks which used
+ to have similar checks in it.
+
+ Add new "cert_flags" field to CERT structure and include a "strict mode".
+ This enforces some TLS certificate requirements (such as only permitting
+ certificate signature algorithms contained in the supported algorithms
+ extension) which some implementations ignore: this option should be used
+ with caution as it could cause interoperability issues.
+ [Steve Henson]
+
+ *) Update and tidy signature algorithm extension processing. Work out
+ shared signature algorithms based on preferences and peer algorithms
+ and print them out in s_client and s_server. Abort handshake if no
+ shared signature algorithms.
+ [Steve Henson]
+
+ *) Add new functions to allow customised supported signature algorithms
+ for SSL and SSL_CTX structures. Add options to s_client and s_server
+ to support them.
+ [Steve Henson]
+
+ *) New function SSL_certs_clear() to delete all references to certificates
+ from an SSL structure. Before this once a certificate had been added
+ it couldn't be removed.
+ [Steve Henson]
+
+ *) Integrate hostname, email address and IP address checking with certificate
+ verification. New verify options supporting checking in opensl utility.
+ [Steve Henson]
+
+ *) Fixes and wildcard matching support to hostname and email checking
+ functions. Add manual page.
+ [Florian Weimer (Red Hat Product Security Team)]
+
+ *) New functions to check a hostname email or IP address against a
+ certificate. Add options x509 utility to print results of checks against
+ a certificate.
+ [Steve Henson]
+
+ *) Fix OCSP checking.
+ [Rob Stradling <rob.stradling at comodo.com> and Ben Laurie]
+
+ *) Initial experimental support for explicitly trusted non-root CAs.
+ OpenSSL still tries to build a complete chain to a root but if an
+ intermediate CA has a trust setting included that is used. The first
+ setting is used: whether to trust (e.g., -addtrust option to the x509
+ utility) or reject.
+ [Steve Henson]
+
+ *) Add -trusted_first option which attempts to find certificates in the
+ trusted store even if an untrusted chain is also supplied.
+ [Steve Henson]
+
+ *) MIPS assembly pack updates: support for MIPS32r2 and SmartMIPS ASE,
+ platform support for Linux and Android.
+ [Andy Polyakov]
+
+ *) Support for linux-x32, ILP32 environment in x86_64 framework.
+ [Andy Polyakov]
+
+ *) Experimental multi-implementation support for FIPS capable OpenSSL.
+ When in FIPS mode the approved implementations are used as normal,
+ when not in FIPS mode the internal unapproved versions are used instead.
+ This means that the FIPS capable OpenSSL isn't forced to use the
+ (often lower perfomance) FIPS implementations outside FIPS mode.
+ [Steve Henson]
+
+ *) Transparently support X9.42 DH parameters when calling
+ PEM_read_bio_DHparameters. This means existing applications can handle
+ the new parameter format automatically.
+ [Steve Henson]
+
+ *) Initial experimental support for X9.42 DH parameter format: mainly
+ to support use of 'q' parameter for RFC5114 parameters.
+ [Steve Henson]
+
+ *) Add DH parameters from RFC5114 including test data to dhtest.
+ [Steve Henson]
+
+ *) Support for automatic EC temporary key parameter selection. If enabled
+ the most preferred EC parameters are automatically used instead of
+ hardcoded fixed parameters. Now a server just has to call:
+ SSL_CTX_set_ecdh_auto(ctx, 1) and the server will automatically
+ support ECDH and use the most appropriate parameters.
+ [Steve Henson]
+
+ *) Enhance and tidy EC curve and point format TLS extension code. Use
+ static structures instead of allocation if default values are used.
+ New ctrls to set curves we wish to support and to retrieve shared curves.
+ Print out shared curves in s_server. New options to s_server and s_client
+ to set list of supported curves.
+ [Steve Henson]
+
+ *) New ctrls to retrieve supported signature algorithms and
+ supported curve values as an array of NIDs. Extend openssl utility
+ to print out received values.
+ [Steve Henson]
+
+ *) Add new APIs EC_curve_nist2nid and EC_curve_nid2nist which convert
+ between NIDs and the more common NIST names such as "P-256". Enhance
+ ecparam utility and ECC method to recognise the NIST names for curves.
+ [Steve Henson]
+
+ *) Enhance SSL/TLS certificate chain handling to support different
+ chains for each certificate instead of one chain in the parent SSL_CTX.
+ [Steve Henson]
+
+ *) Support for fixed DH ciphersuite client authentication: where both
+ server and client use DH certificates with common parameters.
+ [Steve Henson]
+
+ *) Support for fixed DH ciphersuites: those requiring DH server
+ certificates.
+ [Steve Henson]
+
+ *) New function i2d_re_X509_tbs for re-encoding the TBS portion of
+ the certificate.
+ Note: Related 1.0.2-beta specific macros X509_get_cert_info,
+ X509_CINF_set_modified, X509_CINF_get_issuer, X509_CINF_get_extensions and
+ X509_CINF_get_signature were reverted post internal team review.
+
Changes between 1.0.1k and 1.0.1l [15 Jan 2015]
*) Build fixes for the Windows and OpenVMS platforms
Modified: vendor-crypto/openssl/dist/Configure
==============================================================================
--- vendor-crypto/openssl/dist/Configure Fri Oct 23 19:45:22 2015 (r289847)
+++ vendor-crypto/openssl/dist/Configure Fri Oct 23 19:46:02 2015 (r289848)
@@ -105,6 +105,25 @@ my $usage="Usage: Configure [no-<cipher>
my $gcc_devteam_warn = "-Wall -pedantic -DPEDANTIC -Wno-long-long -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Werror -DCRYPTO_MDEBUG_ALL -DCRYPTO_MDEBUG_ABORT -DREF_CHECK -DOPENSSL_NO_DEPRECATED";
+# TODO(openssl-team): fix problems and investigate if (at least) the following
+# warnings can also be enabled:
+# -Wconditional-uninitialized, -Wswitch-enum, -Wunused-macros,
+# -Wmissing-field-initializers, -Wmissing-variable-declarations,
+# -Wincompatible-pointer-types-discards-qualifiers, -Wcast-align,
+# -Wunreachable-code -Wunused-parameter -Wlanguage-extension-token
+# -Wextended-offsetof
+my $clang_disabled_warnings = "-Wno-unused-parameter -Wno-missing-field-initializers -Wno-language-extension-token -Wno-extended-offsetof";
+
+# These are used in addition to $gcc_devteam_warn when the compiler is clang.
+# TODO(openssl-team): fix problems and investigate if (at least) the
+# following warnings can also be enabled: -Wconditional-uninitialized,
+# -Wswitch-enum, -Wunused-macros, -Wmissing-field-initializers,
+# -Wmissing-variable-declarations,
+# -Wincompatible-pointer-types-discards-qualifiers, -Wcast-align,
+# -Wunreachable-code -Wunused-parameter -Wlanguage-extension-token
+# -Wextended-offsetof
+my $clang_devteam_warn = "-Wno-unused-parameter -Wno-missing-field-initializers -Wno-language-extension-token -Wno-extended-offsetof -Qunused-arguments";
+
my $strict_warnings = 0;
my $x86_gcc_des="DES_PTR DES_RISC1 DES_UNROLL";
@@ -124,24 +143,25 @@ my $tlib="-lnsl -lsocket";
my $bits1="THIRTY_TWO_BIT ";
my $bits2="SIXTY_FOUR_BIT ";
-my $x86_asm="x86cpuid.o:bn-586.o co-586.o x86-mont.o x86-gf2m.o:des-586.o crypt586.o:aes-586.o vpaes-x86.o aesni-x86.o:bf-586.o:md5-586.o:sha1-586.o sha256-586.o sha512-586.o:cast-586.o:rc4-586.o:rmd-586.o:rc5-586.o:wp_block.o wp-mmx.o:cmll-x86.o:ghash-x86.o:";
+my $x86_asm="x86cpuid.o:bn-586.o co-586.o x86-mont.o x86-gf2m.o::des-586.o crypt586.o:aes-586.o vpaes-x86.o aesni-x86.o:bf-586.o:md5-586.o:sha1-586.o sha256-586.o sha512-586.o:cast-586.o:rc4-586.o:rmd-586.o:rc5-586.o:wp_block.o wp-mmx.o:cmll-x86.o:ghash-x86.o:";
my $x86_elf_asm="$x86_asm:elf";
-my $x86_64_asm="x86_64cpuid.o:x86_64-gcc.o x86_64-mont.o x86_64-mont5.o x86_64-gf2m.o modexp512-x86_64.o::aes-x86_64.o vpaes-x86_64.o bsaes-x86_64.o aesni-x86_64.o aesni-sha1-x86_64.o::md5-x86_64.o:sha1-x86_64.o sha256-x86_64.o sha512-x86_64.o::rc4-x86_64.o rc4-md5-x86_64.o:::wp-x86_64.o:cmll-x86_64.o cmll_misc.o:ghash-x86_64.o:";
-my $ia64_asm="ia64cpuid.o:bn-ia64.o ia64-mont.o::aes_core.o aes_cbc.o aes-ia64.o::md5-ia64.o:sha1-ia64.o sha256-ia64.o sha512-ia64.o::rc4-ia64.o rc4_skey.o:::::ghash-ia64.o::void";
-my $sparcv9_asm="sparcv9cap.o sparccpuid.o:bn-sparcv9.o sparcv9-mont.o sparcv9a-mont.o:des_enc-sparc.o fcrypt_b.o:aes_core.o aes_cbc.o aes-sparcv9.o:::sha1-sparcv9.o sha256-sparcv9.o sha512-sparcv9.o:::::::ghash-sparcv9.o::void";
-my $sparcv8_asm=":sparcv8.o:des_enc-sparc.o fcrypt_b.o:::::::::::::void";
-my $alpha_asm="alphacpuid.o:bn_asm.o alpha-mont.o:::::sha1-alpha.o:::::::ghash-alpha.o::void";
-my $mips32_asm=":bn-mips.o::aes_cbc.o aes-mips.o:::sha1-mips.o sha256-mips.o::::::::";
-my $mips64_asm=":bn-mips.o mips-mont.o::aes_cbc.o aes-mips.o:::sha1-mips.o sha256-mips.o sha512-mips.o::::::::";
-my $s390x_asm="s390xcap.o s390xcpuid.o:bn-s390x.o s390x-mont.o s390x-gf2m.o::aes-s390x.o aes-ctr.o aes-xts.o:::sha1-s390x.o sha256-s390x.o sha512-s390x.o::rc4-s390x.o:::::ghash-s390x.o:";
-my $armv4_asm="armcap.o armv4cpuid.o:bn_asm.o armv4-mont.o armv4-gf2m.o::aes_cbc.o aes-armv4.o:::sha1-armv4-large.o sha256-armv4.o sha512-armv4.o:::::::ghash-armv4.o::void";
-my $parisc11_asm="pariscid.o:bn_asm.o parisc-mont.o::aes_core.o aes_cbc.o aes-parisc.o:::sha1-parisc.o sha256-parisc.o sha512-parisc.o::rc4-parisc.o:::::ghash-parisc.o::32";
-my $parisc20_asm="pariscid.o:pa-risc2W.o parisc-mont.o::aes_core.o aes_cbc.o aes-parisc.o:::sha1-parisc.o sha256-parisc.o sha512-parisc.o::rc4-parisc.o:::::ghash-parisc.o::64";
-my $ppc32_asm="ppccpuid.o ppccap.o:bn-ppc.o ppc-mont.o ppc64-mont.o::aes_core.o aes_cbc.o aes-ppc.o:::sha1-ppc.o sha256-ppc.o::::::::";
-my $ppc64_asm="ppccpuid.o ppccap.o:bn-ppc.o ppc-mont.o ppc64-mont.o::aes_core.o aes_cbc.o aes-ppc.o:::sha1-ppc.o sha256-ppc.o sha512-ppc.o::::::::";
-my $no_asm=":::::::::::::::void";
+my $x86_64_asm="x86_64cpuid.o:x86_64-gcc.o x86_64-mont.o x86_64-mont5.o x86_64-gf2m.o rsaz_exp.o rsaz-x86_64.o rsaz-avx2.o:ecp_nistz256.o ecp_nistz256-x86_64.o::aes-x86_64.o vpaes-x86_64.o bsaes-x86_64.o aesni-x86_64.o aesni-sha1-x86_64.o aesni-sha256-x86_64.o aesni-mb-x86_64.o::md5-x86_64.o:sha1-x86_64.o sha256-x86_64.o sha512-x86_64.o sha1-mb-x86_64.o sha256-mb-x86_64.o::rc4-x86_64.o rc4-md5-x86_64.o:::wp-x86_64.o:cmll-x86_64.o cmll_misc.o:ghash-x86_64.o aesni-gcm-x86_64.o:";
+my $ia64_asm="ia64cpuid.o:bn-ia64.o ia64-mont.o:::aes_core.o aes_cbc.o aes-ia64.o::md5-ia64.o:sha1-ia64.o sha256-ia64.o sha512-ia64.o::rc4-ia64.o rc4_skey.o:::::ghash-ia64.o::void";
+my $sparcv9_asm="sparcv9cap.o sparccpuid.o:bn-sparcv9.o sparcv9-mont.o sparcv9a-mont.o vis3-mont.o sparct4-mont.o sparcv9-gf2m.o::des_enc-sparc.o fcrypt_b.o dest4-sparcv9.o:aes_core.o aes_cbc.o aes-sparcv9.o aest4-sparcv9.o::md5-sparcv9.o:sha1-sparcv9.o sha256-sparcv9.o sha512-sparcv9.o::::::camellia.o cmll_misc.o cmll_cbc.o cmllt4-sparcv9.o:ghash-sparcv9.o::void";
+my $sparcv8_asm=":sparcv8.o::des_enc-sparc.o fcrypt_b.o:::::::::::::void";
+my $alpha_asm="alphacpuid.o:bn_asm.o alpha-mont.o::::::sha1-alpha.o:::::::ghash-alpha.o::void";
+my $mips64_asm=":bn-mips.o mips-mont.o:::aes_cbc.o aes-mips.o:::sha1-mips.o sha256-mips.o sha512-mips.o::::::::";
+my $mips32_asm=$mips64_asm; $mips32_asm =~ s/\s*sha512\-mips\.o//;
+my $s390x_asm="s390xcap.o s390xcpuid.o:bn-s390x.o s390x-mont.o s390x-gf2m.o:::aes-s390x.o aes-ctr.o aes-xts.o:::sha1-s390x.o sha256-s390x.o sha512-s390x.o::rc4-s390x.o:::::ghash-s390x.o:";
+my $armv4_asm="armcap.o armv4cpuid.o:bn_asm.o armv4-mont.o armv4-gf2m.o:::aes_cbc.o aes-armv4.o bsaes-armv7.o aesv8-armx.o:::sha1-armv4-large.o sha256-armv4.o sha512-armv4.o:::::::ghash-armv4.o ghashv8-armx.o::void";
+my $aarch64_asm="armcap.o arm64cpuid.o mem_clr.o::::aes_core.o aes_cbc.o aesv8-armx.o:::sha1-armv8.o sha256-armv8.o sha512-armv8.o:::::::ghashv8-armx.o:";
+my $parisc11_asm="pariscid.o:bn_asm.o parisc-mont.o:::aes_core.o aes_cbc.o aes-parisc.o:::sha1-parisc.o sha256-parisc.o sha512-parisc.o::rc4-parisc.o:::::ghash-parisc.o::32";
+my $parisc20_asm="pariscid.o:pa-risc2W.o parisc-mont.o:::aes_core.o aes_cbc.o aes-parisc.o:::sha1-parisc.o sha256-parisc.o sha512-parisc.o::rc4-parisc.o:::::ghash-parisc.o::64";
+my $ppc64_asm="ppccpuid.o ppccap.o:bn-ppc.o ppc-mont.o ppc64-mont.o:::aes_core.o aes_cbc.o aes-ppc.o vpaes-ppc.o aesp8-ppc.o:::sha1-ppc.o sha256-ppc.o sha512-ppc.o sha256p8-ppc.o sha512p8-ppc.o:::::::ghashp8-ppc.o:";
+my $ppc32_asm=$ppc64_asm;
+my $no_asm="::::::::::::::::void";
# As for $BSDthreads. Idea is to maintain "collective" set of flags,
# which would cover all BSD flavors. -pthread applies to them all,
@@ -152,7 +172,7 @@ my $no_asm=":::::::::::::::void";
# seems to be sufficient?
my $BSDthreads="-pthread -D_THREAD_SAFE -D_REENTRANT";
-#config-string $cc : $cflags : $unistd : $thread_cflag : $sys_id : $lflags : $bn_ops : $cpuid_obj : $bn_obj : $des_obj : $aes_obj : $bf_obj : $md5_obj : $sha1_obj : $cast_obj : $rc4_obj : $rmd160_obj : $rc5_obj : $wp_obj : $cmll_obj : $modes_obj : $engines_obj : $dso_scheme : $shared_target : $shared_cflag : $shared_ldflag : $shared_extension : $ranlib : $arflags : $multilib
+#config-string $cc : $cflags : $unistd : $thread_cflag : $sys_id : $lflags : $bn_ops : $cpuid_obj : $bn_obj : $ec_obj : $des_obj : $aes_obj : $bf_obj : $md5_obj : $sha1_obj : $cast_obj : $rc4_obj : $rmd160_obj : $rc5_obj : $wp_obj : $cmll_obj : $modes_obj : $engines_obj : $dso_scheme : $shared_target : $shared_cflag : $shared_ldflag : $shared_extension : $ranlib : $arflags : $multilib
my %table=(
# File 'TABLE' (created by 'make TABLE') contains the data from this list,
@@ -174,14 +194,14 @@ my %table=(
"debug-ben-debug-64", "gcc:$gcc_devteam_warn -Wno-error=overlength-strings -DBN_DEBUG -DCONF_DEBUG -DDEBUG_SAFESTACK -DDEBUG_UNUSED -g3 -O3 -pipe::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
"debug-ben-macos", "cc:$gcc_devteam_warn -arch i386 -DBN_DEBUG -DCONF_DEBUG -DDEBUG_SAFESTACK -DDEBUG_UNUSED -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -DL_ENDIAN -g3 -pipe::(unknown)::-Wl,-search_paths_first::::",
"debug-ben-macos-gcc46", "gcc-mp-4.6:$gcc_devteam_warn -Wconversion -DBN_DEBUG -DCONF_DEBUG -DDEBUG_SAFESTACK -DDEBUG_UNUSED -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -DL_ENDIAN -g3 -pipe::(unknown)::::::",
-"debug-ben-darwin64","cc:$gcc_devteam_warn -Wno-language-extension-token -Wno-extended-offsetof -arch x86_64 -O3 -DL_ENDIAN -Wall::-D_REENTRANT:MACOSX:-Wl,-search_paths_first%:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL:".eval{my $asm=$x86_64_asm;$asm=~s/rc4\-[^:]+//;$asm}.":macosx:dlfcn:darwin-shared:-fPIC -fno-common:-arch x86_64 -dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib",
+"debug-ben-darwin64","cc:$gcc_devteam_warn -g -Wno-language-extension-token -Wno-extended-offsetof -arch x86_64 -O3 -DL_ENDIAN -Wall::-D_REENTRANT:MACOSX:-Wl,-search_paths_first%:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL:".eval{my $asm=$x86_64_asm;$asm=~s/rc4\-[^:]+//;$asm}.":macosx:dlfcn:darwin-shared:-fPIC -fno-common:-arch x86_64 -dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib",
+"debug-ben-debug-64-clang", "clang:$gcc_devteam_warn -Wno-error=overlength-strings -Wno-error=extended-offsetof -Qunused-arguments -DBN_DEBUG -DCONF_DEBUG -DDEBUG_SAFESTACK -DDEBUG_UNUSED -g3 -O3 -pipe::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
"debug-ben-no-opt", "gcc: -Wall -Wmissing-prototypes -Wstrict-prototypes -Wmissing-declarations -DDEBUG_SAFESTACK -DCRYPTO_MDEBUG -Werror -DL_ENDIAN -DTERMIOS -Wall -g3::(unknown)::::::",
"debug-ben-strict", "gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DCONST_STRICT -O2 -Wall -Wshadow -Werror -Wpointer-arith -Wcast-qual -Wwrite-strings -pipe::(unknown)::::::",
"debug-rse","cc:-DTERMIOS -DL_ENDIAN -pipe -O -g -ggdb3 -Wall::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}",
"debug-bodo", "gcc:$gcc_devteam_warn -Wno-error=overlength-strings -DBN_DEBUG -DBN_DEBUG_RAND -DCONF_DEBUG -DBIO_PAIR_DEBUG -m64 -DL_ENDIAN -DTERMIO -g -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
-"debug-ulf", "gcc:-DTERMIOS -DL_ENDIAN -march=i486 -Wall -DBN_DEBUG -DBN_DEBUG_RAND -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -g -Wformat -Wshadow -Wmissing-prototypes -Wmissing-declarations:::CYGWIN32:::${no_asm}:win32:cygwin-shared:::.dll",
"debug-steve64", "gcc:$gcc_devteam_warn -m64 -DL_ENDIAN -DTERMIO -DCONF_DEBUG -DDEBUG_SAFESTACK -Wno-overlength-strings -g::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"debug-steve32", "gcc:$gcc_devteam_warn -m32 -DL_ENDIAN -DCONF_DEBUG -DDEBUG_SAFESTACK -g -pipe::-D_REENTRANT::-rdynamic -ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC:-m32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debug-steve32", "gcc:$gcc_devteam_warn -m32 -DL_ENDIAN -DCONF_DEBUG -DDEBUG_SAFESTACK -Wno-overlength-strings -g -pipe::-D_REENTRANT::-rdynamic -ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC:-m32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
"debug-steve-opt", "gcc:$gcc_devteam_warn -m64 -O3 -DL_ENDIAN -DTERMIO -DCONF_DEBUG -DDEBUG_SAFESTACK -g::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
"debug-levitte-linux-elf","gcc:-DLEVITTE_DEBUG -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -ggdb -g3 -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
"debug-levitte-linux-noasm","gcc:-DLEVITTE_DEBUG -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -DL_ENDIAN -ggdb -g3 -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
@@ -193,9 +213,9 @@ my %table=(
"debug-linux-ppro","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -g -mcpu=pentiumpro -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn",
"debug-linux-elf","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -g -march=i486 -Wall::-D_REENTRANT::-lefence -ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
"debug-linux-elf-noefence","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -g -march=i486 -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"debug-linux-ia32-aes", "gcc:-DAES_EXPERIMENTAL -DL_ENDIAN -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:x86cpuid.o:bn-586.o co-586.o x86-mont.o:des-586.o crypt586.o:aes_x86core.o aes_cbc.o aesni-x86.o:bf-586.o:md5-586.o:sha1-586.o sha256-586.o sha512-586.o:cast-586.o:rc4-586.o:rmd-586.o:rc5-586.o:wp_block.o wp-mmx.o::ghash-x86.o::elf:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debug-linux-ia32-aes", "gcc:-DAES_EXPERIMENTAL -DL_ENDIAN -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:x86cpuid.o:bn-586.o co-586.o x86-mont.o::des-586.o crypt586.o:aes_x86core.o aes_cbc.o aesni-x86.o:bf-586.o:md5-586.o:sha1-586.o sha256-586.o sha512-586.o:cast-586.o:rc4-586.o:rmd-586.o:rc5-586.o:wp_block.o wp-mmx.o::ghash-x86.o::elf:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
"debug-linux-generic32","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -g -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"debug-linux-generic64","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -g -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debug-linux-generic64","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -DTERMIO -g -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
"debug-linux-x86_64","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -m64 -DL_ENDIAN -g -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
"dist", "cc:-O::(unknown)::::::",
@@ -225,7 +245,7 @@ my %table=(
"solaris64-x86_64-gcc","gcc:-m64 -O3 -Wall -DL_ENDIAN::-D_REENTRANT::-lsocket -lnsl -ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:solaris-shared:-fPIC:-m64 -shared -static-libgcc:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::/64",
#### Solaris x86 with Sun C setups
-"solaris-x86-cc","cc:-fast -O -Xa::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_UNROLL BF_PTR:${no_asm}:dlfcn:solaris-shared:-KPIC:-G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"solaris-x86-cc","cc:-fast -xarch=generic -O -Xa::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_UNROLL BF_PTR:${no_asm}:dlfcn:solaris-shared:-KPIC:-G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
"solaris64-x86_64-cc","cc:-fast -xarch=amd64 -xstrconst -Xa -DL_ENDIAN::-D_REENTRANT::-lsocket -lnsl -ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:solaris-shared:-KPIC:-xarch=amd64 -G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::/64",
#### SPARC Solaris with GNU C setups
@@ -300,7 +320,7 @@ my %table=(
"hpux-parisc-gcc","gcc:-O3 -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-Wl,+s -ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1:${no_asm}:dl:hpux-shared:-fPIC:-shared:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
"hpux-parisc1_1-gcc","gcc:-O3 -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-Wl,+s -ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1:${parisc11_asm}:dl:hpux-shared:-fPIC:-shared:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::/pa1.1",
"hpux-parisc2-gcc","gcc:-march=2.0 -O3 -DB_ENDIAN -D_REENTRANT::::-Wl,+s -ldld:SIXTY_FOUR_BIT RC4_CHAR RC4_CHUNK DES_PTR DES_UNROLL DES_RISC1:".eval{my $asm=$parisc20_asm;$asm=~s/2W\./2\./;$asm=~s/:64/:32/;$asm}.":dl:hpux-shared:-fPIC:-shared:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::/pa20_32",
-"hpux64-parisc2-gcc","gcc:-O3 -DB_ENDIAN -D_REENTRANT::::-ldl:SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT::pa-risc2W.o::::::::::::::void:dlfcn:hpux-shared:-fpic:-shared:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::/pa20_64",
+"hpux64-parisc2-gcc","gcc:-O3 -DB_ENDIAN -D_REENTRANT::::-ldl:SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT::pa-risc2W.o:::::::::::::::void:dlfcn:hpux-shared:-fpic:-shared:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::/pa20_64",
# More attempts at unified 10.X and 11.X targets for HP C compiler.
#
@@ -347,20 +367,57 @@ my %table=(
# throw in -D[BL]_ENDIAN, whichever appropriate...
"linux-generic32","gcc:-O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
"linux-ppc", "gcc:-DB_ENDIAN -O3 -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc32_asm}:linux32:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-# It's believed that majority of ARM toolchains predefine appropriate -march.
-# If you compiler does not, do complement config command line with one!
-"linux-armv4", "gcc:-O3 -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${armv4_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+
+#######################################################################
+# Note that -march is not among compiler options in below linux-armv4
+# target line. Not specifying one is intentional to give you choice to:
+#
+# a) rely on your compiler default by not specifying one;
+# b) specify your target platform explicitly for optimal performance,
+# e.g. -march=armv6 or -march=armv7-a;
+# c) build "universal" binary that targets *range* of platforms by
+# specifying minimum and maximum supported architecture;
+#
+# As for c) option. It actually makes no sense to specify maximum to be
+# less than ARMv7, because it's the least requirement for run-time
+# switch between platform-specific code paths. And without run-time
+# switch performance would be equivalent to one for minimum. Secondly,
+# there are some natural limitations that you'd have to accept and
+# respect. Most notably you can *not* build "universal" binary for
+# big-endian platform. This is because ARMv7 processor always picks
+# instructions in little-endian order. Another similar limitation is
+# that -mthumb can't "cross" -march=armv6t2 boundary, because that's
+# where it became Thumb-2. Well, this limitation is a bit artificial,
+# because it's not really impossible, but it's deemed too tricky to
+# support. And of course you have to be sure that your binutils are
+# actually up to the task of handling maximum target platform. With all
+# this in mind here is an example of how to configure "universal" build:
+#
+# ./Configure linux-armv4 -march=armv6 -D__ARM_MAX_ARCH__=8
+#
+"linux-armv4", "gcc: -O3 -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${armv4_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-aarch64","gcc: -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${aarch64_asm}:linux64:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+# Configure script adds minimally required -march for assembly support,
+# if no -march was specified at command line. mips32 and mips64 below
+# refer to contemporary MIPS Architecture specifications, MIPS32 and
+# MIPS64, rather than to kernel bitness.
+"linux-mips32", "gcc:-mabi=32 -O3 -Wall -DBN_DIV3W::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${mips32_asm}:o32:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-mips64", "gcc:-mabi=n32 -O3 -Wall -DBN_DIV3W::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${mips64_asm}:n32:dlfcn:linux-shared:-fPIC:-mabi=n32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::32",
+"linux64-mips64", "gcc:-mabi=64 -O3 -Wall -DBN_DIV3W::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${mips64_asm}:64:dlfcn:linux-shared:-fPIC:-mabi=64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
#### IA-32 targets...
-"linux-ia32-icc", "icc:-DL_ENDIAN -O2 -no_cpprt::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-KPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-ia32-icc", "icc:-DL_ENDIAN -O2::-D_REENTRANT::-ldl -no_cpprt:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-KPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
"linux-elf", "gcc:-DL_ENDIAN -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
"linux-aout", "gcc:-DL_ENDIAN -O3 -fomit-frame-pointer -march=i486 -Wall::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_asm}:a.out",
####
"linux-generic64","gcc:-O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
"linux-ppc64", "gcc:-m64 -DB_ENDIAN -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc64_asm}:linux64:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
-"linux-ia64", "gcc:-DL_ENDIAN -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_UNROLL DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"linux-ia64-ecc","ecc:-DL_ENDIAN -O2 -Wall -no_cpprt::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"linux-ia64-icc","icc:-DL_ENDIAN -O2 -Wall -no_cpprt::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-ppc64le","gcc:-m64 -DL_ENDIAN -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:$ppc64_asm:linux64le:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::",
+"linux-ia64", "gcc:-DL_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_UNROLL DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-ia64-icc","icc:-DL_ENDIAN -O2 -Wall::-D_REENTRANT::-ldl -no_cpprt:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
"linux-x86_64", "gcc:-m64 -DL_ENDIAN -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
+"linux-x86_64-clang", "clang: -m64 -DL_ENDIAN -O3 -Wall -Wextra $clang_disabled_warnings -Qunused-arguments::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
+"linux-x86_64-icc", "icc:-DL_ENDIAN -O2::-D_REENTRANT::-ldl -no_cpprt:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
+"linux-x32", "gcc:-mx32 -DL_ENDIAN -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT RC4_CHUNK_LL DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-mx32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::x32",
"linux64-s390x", "gcc:-m64 -DB_ENDIAN -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL:${s390x_asm}:64:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
#### So called "highgprs" target for z/Architecture CPUs
# "Highgprs" is kernel feature first implemented in Linux 2.6.32, see
@@ -407,6 +464,7 @@ my %table=(
"android","gcc:-mandroid -I\$(ANDROID_DEV)/include -B\$(ANDROID_DEV)/lib -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
"android-x86","gcc:-mandroid -I\$(ANDROID_DEV)/include -B\$(ANDROID_DEV)/lib -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:".eval{my $asm=${x86_elf_asm};$asm=~s/:elf/:android/;$asm}.":dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
"android-armv7","gcc:-march=armv7-a -mandroid -I\$(ANDROID_DEV)/include -B\$(ANDROID_DEV)/lib -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${armv4_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"android-mips","gcc:-mandroid -I\$(ANDROID_DEV)/include -B\$(ANDROID_DEV)/lib -O3 -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${mips32_asm}:o32:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
#### *BSD [do see comment about ${BSDthreads} above!]
"BSD-generic32","gcc:-O3 -fomit-frame-pointer -Wall::${BSDthreads}:::BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
@@ -421,7 +479,7 @@ my %table=(
# triggered by RIPEMD160 code.
"BSD-sparc64", "gcc:-DB_ENDIAN -O3 -DMD32_REG_T=int -Wall::${BSDthreads}:::BN_LLONG RC2_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC2 BF_PTR:${sparcv9_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
"BSD-ia64", "gcc:-DL_ENDIAN -O3 -Wall::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_UNROLL DES_INT:${ia64_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"BSD-x86_64", "gcc:-DL_ENDIAN -O3 -Wall::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"BSD-x86_64", "cc:-DL_ENDIAN -O3 -Wall::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
"bsdi-elf-gcc", "gcc:-DPERL5 -DL_ENDIAN -fomit-frame-pointer -O3 -march=i486 -Wall::(unknown)::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
@@ -454,11 +512,11 @@ my %table=(
# UnixWare 2.0x fails destest with -O.
"unixware-2.0","cc:-DFILIO_H -DNO_STRINGS_H::-Kthread::-lsocket -lnsl -lresolv -lx:${x86_gcc_des} ${x86_gcc_opts}:::",
"unixware-2.1","cc:-O -DFILIO_H::-Kthread::-lsocket -lnsl -lresolv -lx:${x86_gcc_des} ${x86_gcc_opts}:::",
-"unixware-7","cc:-O -DFILIO_H -Kalloca::-Kthread::-lsocket -lnsl:BN_LLONG MD2_CHAR RC4_INDEX ${x86_gcc_des}:${x86_elf_asm}:dlfcn:svr5-shared:-Kpic::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"unixware-7-gcc","gcc:-DL_ENDIAN -DFILIO_H -O3 -fomit-frame-pointer -march=pentium -Wall::-D_REENTRANT::-lsocket -lnsl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:gnu-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"unixware-7","cc:-O -DFILIO_H -Kalloca::-Kthread::-lsocket -lnsl:BN_LLONG MD2_CHAR RC4_INDEX ${x86_gcc_des}:${x86_elf_asm}-1:dlfcn:svr5-shared:-Kpic::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"unixware-7-gcc","gcc:-DL_ENDIAN -DFILIO_H -O3 -fomit-frame-pointer -march=pentium -Wall::-D_REENTRANT::-lsocket -lnsl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}-1:dlfcn:gnu-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
# SCO 5 - Ben Laurie <ben at algroup.co.uk> says the -O breaks the SCO cc.
-"sco5-cc", "cc:-belf::(unknown)::-lsocket -lnsl:${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:svr3-shared:-Kpic::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"sco5-gcc", "gcc:-O3 -fomit-frame-pointer::(unknown)::-lsocket -lnsl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:svr3-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"sco5-cc", "cc:-belf::(unknown)::-lsocket -lnsl:${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}-1:dlfcn:svr3-shared:-Kpic::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"sco5-gcc", "gcc:-O3 -fomit-frame-pointer::(unknown)::-lsocket -lnsl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}-1:dlfcn:svr3-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
#### IBM's AIX.
"aix3-cc", "cc:-O -DB_ENDIAN -qmaxmem=16384::(unknown):AIX::BN_LLONG RC4_CHAR:::",
@@ -518,9 +576,9 @@ my %table=(
# Visual C targets
#
# Win64 targets, WIN64I denotes IA-64 and WIN64A - AMD64
-"VC-WIN64I","cl:-W3 -Gs0 -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DUNICODE -D_UNICODE -D_CRT_SECURE_NO_DEPRECATE:::WIN64I::SIXTY_FOUR_BIT RC4_CHUNK_LL DES_INT EXPORT_VAR_AS_FN:ia64cpuid.o:ia64.o ia64-mont.o::aes_core.o aes_cbc.o aes-ia64.o::md5-ia64.o:sha1-ia64.o sha256-ia64.o sha512-ia64.o:::::::ghash-ia64.o::ias:win32",
+"VC-WIN64I","cl:-W3 -Gs0 -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DUNICODE -D_UNICODE -D_CRT_SECURE_NO_DEPRECATE:::WIN64I::SIXTY_FOUR_BIT RC4_CHUNK_LL DES_INT EXPORT_VAR_AS_FN:ia64cpuid.o:ia64.o ia64-mont.o:::aes_core.o aes_cbc.o aes-ia64.o::md5-ia64.o:sha1-ia64.o sha256-ia64.o sha512-ia64.o:::::::ghash-ia64.o::ias:win32",
"VC-WIN64A","cl:-W3 -Gs0 -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DUNICODE -D_UNICODE -D_CRT_SECURE_NO_DEPRECATE:::WIN64A::SIXTY_FOUR_BIT RC4_CHUNK_LL DES_INT EXPORT_VAR_AS_FN:".eval{my $asm=$x86_64_asm;$asm=~s/x86_64-gcc\.o/bn_asm.o/;$asm}.":auto:win32",
-"debug-VC-WIN64I","cl:-W3 -Gs0 -Gy -Zi -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DUNICODE -D_UNICODE -D_CRT_SECURE_NO_DEPRECATE:::WIN64I::SIXTY_FOUR_BIT RC4_CHUNK_LL DES_INT EXPORT_VAR_AS_FN:ia64cpuid.o:ia64.o::aes_core.o aes_cbc.o aes-ia64.o::md5-ia64.o:sha1-ia64.o sha256-ia64.o sha512-ia64.o:::::::ghash-ia64.o::ias:win32",
+"debug-VC-WIN64I","cl:-W3 -Gs0 -Gy -Zi -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DUNICODE -D_UNICODE -D_CRT_SECURE_NO_DEPRECATE:::WIN64I::SIXTY_FOUR_BIT RC4_CHUNK_LL DES_INT EXPORT_VAR_AS_FN:ia64cpuid.o:ia64.o:::aes_core.o aes_cbc.o aes-ia64.o::md5-ia64.o:sha1-ia64.o sha256-ia64.o sha512-ia64.o:::::::ghash-ia64.o::ias:win32",
"debug-VC-WIN64A","cl:-W3 -Gs0 -Gy -Zi -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DUNICODE -D_UNICODE -D_CRT_SECURE_NO_DEPRECATE:::WIN64A::SIXTY_FOUR_BIT RC4_CHUNK_LL DES_INT EXPORT_VAR_AS_FN:".eval{my $asm=$x86_64_asm;$asm=~s/x86_64-gcc\.o/bn_asm.o/;$asm}.":auto:win32",
# x86 Win32 target defaults to ANSI API, if you want UNICODE, complement
# 'perl Configure VC-WIN32' with '-DUNICODE -D_UNICODE'
@@ -547,9 +605,8 @@ my %table=(
"UWIN", "cc:-DTERMIOS -DL_ENDIAN -O -Wall:::UWIN::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${no_asm}:win32",
# Cygwin
-"Cygwin-pre1.3", "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall::(unknown):CYGWIN32::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${no_asm}:win32",
-"Cygwin", "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -march=i486 -Wall:::CYGWIN32::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_asm}:coff:dlfcn:cygwin-shared:-D_WINDLL:-shared:.dll.a",
-"debug-Cygwin", "gcc:-DTERMIOS -DL_ENDIAN -march=i486 -Wall -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -g -Wformat -Wshadow -Wmissing-prototypes -Wmissing-declarations -Werror:::CYGWIN32:::${no_asm}:dlfcn:cygwin-shared:-D_WINDLL:-shared:.dll.a",
+"Cygwin", "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -march=i486 -Wall:::CYGWIN::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_asm}:coff:dlfcn:cygwin-shared:-D_WINDLL:-shared:.dll.a",
+"Cygwin-x86_64", "gcc:-DTERMIOS -DL_ENDIAN -O3 -Wall:::CYGWIN::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:mingw64:dlfcn:cygwin-shared:-D_WINDLL:-shared:.dll.a",
# NetWare from David Ward (dsward at novell.com)
# requires either MetroWerks NLM development tools, or gcc / nlmconv
@@ -581,7 +638,8 @@ my %table=(
"darwin64-ppc-cc","cc:-arch ppc64 -O3 -DB_ENDIAN::-D_REENTRANT:MACOSX:-Wl,-search_paths_first%:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${ppc64_asm}:osx64:dlfcn:darwin-shared:-fPIC -fno-common:-arch ppc64 -dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib",
"darwin-i386-cc","cc:-arch i386 -O3 -fomit-frame-pointer -DL_ENDIAN::-D_REENTRANT:MACOSX:-Wl,-search_paths_first%:BN_LLONG RC4_INT RC4_CHUNK DES_UNROLL BF_PTR:".eval{my $asm=$x86_asm;$asm=~s/cast\-586\.o//;$asm}.":macosx:dlfcn:darwin-shared:-fPIC -fno-common:-arch i386 -dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib",
"debug-darwin-i386-cc","cc:-arch i386 -g3 -DL_ENDIAN::-D_REENTRANT:MACOSX:-Wl,-search_paths_first%:BN_LLONG RC4_INT RC4_CHUNK DES_UNROLL BF_PTR:${x86_asm}:macosx:dlfcn:darwin-shared:-fPIC -fno-common:-arch i386 -dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib",
-"darwin64-x86_64-cc","cc:-arch x86_64 -O3 -DL_ENDIAN -Wall::-D_REENTRANT:MACOSX:-Wl,-search_paths_first%:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL:".eval{my $asm=$x86_64_asm;$asm=~s/rc4\-[^:]+//;$asm}.":macosx:dlfcn:darwin-shared:-fPIC -fno-common:-arch x86_64 -dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib",
+"darwin64-x86_64-cc","cc:-arch x86_64 -O3 -DL_ENDIAN -Wall::-D_REENTRANT:MACOSX:-Wl,-search_paths_first%:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:".eval{my $asm=$x86_64_asm;$asm=~s/rc4\-[^:]+//;$asm}.":macosx:dlfcn:darwin-shared:-fPIC -fno-common:-arch x86_64 -dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib",
+"debug-darwin64-x86_64-cc","cc:-arch x86_64 -ggdb -g2 -O0 -DL_ENDIAN -Wall::-D_REENTRANT:MACOSX:-Wl,-search_paths_first%:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:".eval{my $asm=$x86_64_asm;$asm=~s/rc4\-[^:]+//;$asm}.":macosx:dlfcn:darwin-shared:-fPIC -fno-common:-arch x86_64 -dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib",
"debug-darwin-ppc-cc","cc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -DB_ENDIAN -g -Wall -O::-D_REENTRANT:MACOSX::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${ppc32_asm}:osx32:dlfcn:darwin-shared:-fPIC:-dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib",
# iPhoneOS/iOS
"iphoneos-cross","llvm-gcc:-O3 -isysroot \$(CROSS_TOP)/SDKs/\$(CROSS_SDK) -fomit-frame-pointer -fno-common::-D_REENTRANT:iOS:-Wl,-search_paths_first%:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${no_asm}:dlfcn:darwin-shared:-fPIC -fno-common:-dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib",
@@ -634,6 +692,7 @@ my $idx_lflags = $idx++;
my $idx_bn_ops = $idx++;
my $idx_cpuid_obj = $idx++;
my $idx_bn_obj = $idx++;
+my $idx_ec_obj = $idx++;
my $idx_des_obj = $idx++;
my $idx_aes_obj = $idx++;
my $idx_bf_obj = $idx++;
@@ -714,11 +773,13 @@ my %disabled = ( # "what" => "co
"ec_nistp_64_gcc_128" => "default",
"gmp" => "default",
"jpake" => "experimental",
+ "libunbound" => "experimental",
"md2" => "default",
"rc5" => "default",
"rfc3779" => "default",
"sctp" => "default",
"shared" => "default",
+ "ssl-trace" => "default",
"store" => "experimental",
"unit-test" => "default",
"zlib" => "default",
@@ -728,7 +789,7 @@ my @experimental = ();
# This is what $depflags will look like with the above defaults
# (we need this to see if we should advise the user to run "make depend"):
-my $default_depflags = " -DOPENSSL_NO_EC_NISTP_64_GCC_128 -DOPENSSL_NO_GMP -DOPENSSL_NO_JPAKE -DOPENSSL_NO_MD2 -DOPENSSL_NO_RC5 -DOPENSSL_NO_RFC3779 -DOPENSSL_NO_SCTP -DOPENSSL_NO_STORE -DOPENSSL_NO_UNIT_TEST";
+my $default_depflags = " -DOPENSSL_NO_EC_NISTP_64_GCC_128 -DOPENSSL_NO_GMP -DOPENSSL_NO_JPAKE -DOPENSSL_NO_LIBUNBOUND -DOPENSSL_NO_MD2 -DOPENSSL_NO_RC5 -DOPENSSL_NO_RFC3779 -DOPENSSL_NO_SCTP -DOPENSSL_NO_SSL_TRACE -DOPENSSL_NO_STORE -DOPENSSL_NO_UNIT_TEST";
# Explicit "no-..." options will be collected in %disabled along with the defaults.
# To remove something from %disabled, use "enable-foo" (unless it's experimental).
@@ -873,16 +934,7 @@ PROCESS_ARGS:
}
elsif (/^[-+]/)
{
- if (/^-[lL](.*)$/ or /^-Wl,/)
- {
- $libs.=$_." ";
- }
- elsif (/^-[^-]/ or /^\+/)
- {
- $_ =~ s/%([0-9a-f]{1,2})/chr(hex($1))/gei;
- $flags.=$_." ";
- }
- elsif (/^--prefix=(.*)$/)
+ if (/^--prefix=(.*)$/)
{
$prefix=$1;
}
@@ -926,10 +978,14 @@ PROCESS_ARGS:
{
$cross_compile_prefix=$1;
}
- else
+ elsif (/^-[lL](.*)$/ or /^-Wl,/)
+ {
+ $libs.=$_." ";
+ }
+ else # common if (/^[-+]/), just pass down...
{
- print STDERR $usage;
- exit(1);
+ $_ =~ s/%([0-9a-f]{1,2})/chr(hex($1))/gei;
+ $flags.=$_." ";
}
}
elsif ($_ =~ /^([^:]+):(.+)$/)
@@ -1156,6 +1212,7 @@ my $cc = $fields[$idx_cc];
if($ENV{CC}) {
$cc = $ENV{CC};
}
+
my $cflags = $fields[$idx_cflags];
my $unistd = $fields[$idx_unistd];
my $thread_cflag = $fields[$idx_thread_cflag];
@@ -1164,6 +1221,7 @@ my $lflags = $fields[$idx_lflags];
my $bn_ops = $fields[$idx_bn_ops];
my $cpuid_obj = $fields[$idx_cpuid_obj];
my $bn_obj = $fields[$idx_bn_obj];
+my $ec_obj = $fields[$idx_ec_obj];
my $des_obj = $fields[$idx_des_obj];
my $aes_obj = $fields[$idx_aes_obj];
my $bf_obj = $fields[$idx_bf_obj];
@@ -1209,6 +1267,12 @@ if ($target =~ /^mingw/ && `$cc --target
$shared_ldflag =~ s/\-mno\-cygwin\s*//;
}
+if ($target =~ /linux.*\-mips/ && !$no_asm && $flags !~ /\-m(ips|arch=)/) {
+ # minimally required architecture flags for assembly modules
+ $cflags="-mips2 $cflags" if ($target =~ /mips32/);
+ $cflags="-mips3 $cflags" if ($target =~ /mips64/);
+}
+
my $no_shared_warn=0;
my $no_user_cflags=0;
@@ -1335,7 +1399,7 @@ $lflags="$libs$lflags" if ($libs ne "");
if ($no_asm)
{
- $cpuid_obj=$bn_obj=
+ $cpuid_obj=$bn_obj=$ec_obj=
$des_obj=$aes_obj=$bf_obj=$cast_obj=$rc4_obj=$rc5_obj=$cmll_obj=
$modes_obj=$sha1_obj=$md5_obj=$rmd160_obj=$wp_obj=$engines_obj="";
}
@@ -1416,6 +1480,7 @@ if ($target =~ /\-icc$/) # Intel C compi
}
if ($iccver>=8)
{
+ $cflags=~s/\-KPIC/-fPIC/;
# Eliminate unnecessary dependency from libirc.a. This is
# essential for shared library support, as otherwise
# apps/openssl can end up in endless loop upon startup...
@@ -1423,12 +1488,17 @@ if ($target =~ /\-icc$/) # Intel C compi
}
if ($iccver>=9)
{
- $cflags.=" -i-static";
- $cflags=~s/\-no_cpprt/-no-cpprt/;
+ $lflags.=" -i-static";
+ $lflags=~s/\-no_cpprt/-no-cpprt/;
}
if ($iccver>=10)
{
- $cflags=~s/\-i\-static/-static-intel/;
+ $lflags=~s/\-i\-static/-static-intel/;
+ }
+ if ($iccver>=11)
+ {
+ $cflags.=" -no-intel-extensions"; # disable Cilk
+ $lflags=~s/\-no\-cpprt/-no-cxxlib/;
}
}
@@ -1509,7 +1579,7 @@ if ($rmd160_obj =~ /\.o$/)
}
if ($aes_obj =~ /\.o$/)
{
- $cflags.=" -DAES_ASM";
+ $cflags.=" -DAES_ASM" if ($aes_obj =~ m/\baes\-/);;
# aes-ctr.o is not a real file, only indication that assembler
# module implements AES_ctr32_encrypt...
$cflags.=" -DAES_CTR_ASM" if ($aes_obj =~ s/\s*aes\-ctr\.o//);
@@ -1531,10 +1601,14 @@ else {
$wp_obj="wp_block.o";
}
$cmll_obj=$cmll_enc unless ($cmll_obj =~ /.o$/);
-if ($modes_obj =~ /ghash/)
+if ($modes_obj =~ /ghash\-/)
{
$cflags.=" -DGHASH_ASM";
}
+if ($ec_obj =~ /ecp_nistz256/)
+ {
+ $cflags.=" -DECP_NISTZ256_ASM";
+ }
# "Stringify" the C flags string. This permits it to be made part of a string
# and works as well on command lines.
@@ -1574,12 +1648,21 @@ if ($shlib_version_number =~ /(^[0-9]*)\
if ($strict_warnings)
{
+ my $ecc = $cc;
+ $ecc = "clang" if `$cc --version 2>&1` =~ /clang/;
my $wopt;
- die "ERROR --strict-warnings requires gcc" unless ($cc =~ /gcc$/);
+ die "ERROR --strict-warnings requires gcc or clang" unless ($ecc =~ /gcc$/ or $ecc =~ /clang$/);
foreach $wopt (split /\s+/, $gcc_devteam_warn)
{
$cflags .= " $wopt" unless ($cflags =~ /$wopt/)
}
+ if ($ecc eq "clang")
+ {
+ foreach $wopt (split /\s+/, $clang_devteam_warn)
+ {
+ $cflags .= " $wopt" unless ($cflags =~ /$wopt/)
+ }
+ }
}
open(IN,'<Makefile.org') || die "unable to read Makefile.org:$!\n";
@@ -1638,6 +1721,7 @@ while (<IN>)
s/^EXE_EXT=.*$/EXE_EXT= $exe_ext/;
s/^CPUID_OBJ=.*$/CPUID_OBJ= $cpuid_obj/;
s/^BN_ASM=.*$/BN_ASM= $bn_obj/;
+ s/^EC_ASM=.*$/EC_ASM= $ec_obj/;
s/^DES_ENC=.*$/DES_ENC= $des_obj/;
s/^AES_ENC=.*$/AES_ENC= $aes_obj/;
s/^BF_ENC=.*$/BF_ENC= $bf_obj/;
@@ -1699,6 +1783,7 @@ print "CFLAG =$cflags\n";
print "EX_LIBS =$lflags\n";
print "CPUID_OBJ =$cpuid_obj\n";
print "BN_ASM =$bn_obj\n";
+print "EC_ASM =$ec_obj\n";
print "DES_ENC =$des_obj\n";
print "AES_ENC =$aes_obj\n";
print "BF_ENC =$bf_obj\n";
@@ -1997,7 +2082,7 @@ BEGIN
VALUE "ProductVersion", "$version\\0"
// Optional:
//VALUE "Comments", "\\0"
- VALUE "LegalCopyright", "Copyright © 1998-2005 The OpenSSL Project. Copyright © 1995-1998 Eric A. Young, Tim J. Hudson. All rights reserved.\\0"
+ VALUE "LegalCopyright", "Copyright © 1998-2005 The OpenSSL Project. Copyright © 1995-1998 Eric A. Young, Tim J. Hudson. All rights reserved.\\0"
//VALUE "LegalTrademarks", "\\0"
//VALUE "PrivateBuild", "\\0"
//VALUE "SpecialBuild", "\\0"
@@ -2106,12 +2191,12 @@ sub print_table_entry
{
my $target = shift;
- (my $cc,my $cflags,my $unistd,my $thread_cflag,my $sys_id,my $lflags,
- my $bn_ops,my $cpuid_obj,my $bn_obj,my $des_obj,my $aes_obj, my $bf_obj,
- my $md5_obj,my $sha1_obj,my $cast_obj,my $rc4_obj,my $rmd160_obj,
- my $rc5_obj,my $wp_obj,my $cmll_obj,my $modes_obj, my $engines_obj,
- my $perlasm_scheme,my $dso_scheme,my $shared_target,my $shared_cflag,
- my $shared_ldflag,my $shared_extension,my $ranlib,my $arflags,my $multilib)=
+ my ($cc, $cflags, $unistd, $thread_cflag, $sys_id, $lflags,
+ $bn_ops, $cpuid_obj, $bn_obj, $ec_obj, $des_obj, $aes_obj, $bf_obj,
+ $md5_obj, $sha1_obj, $cast_obj, $rc4_obj, $rmd160_obj,
+ $rc5_obj, $wp_obj, $cmll_obj, $modes_obj, $engines_obj,
+ $perlasm_scheme, $dso_scheme, $shared_target, $shared_cflag,
+ $shared_ldflag, $shared_extension, $ranlib, $arflags, $multilib)=
split(/\s*:\s*/,$table{$target} . ":" x 30 , -1);
print <<EOF
@@ -2126,6 +2211,7 @@ sub print_table_entry
\$bn_ops = $bn_ops
\$cpuid_obj = $cpuid_obj
\$bn_obj = $bn_obj
+\$ec_obj = $ec_obj
\$des_obj = $des_obj
\$aes_obj = $aes_obj
\$bf_obj = $bf_obj
Modified: vendor-crypto/openssl/dist/FAQ
==============================================================================
--- vendor-crypto/openssl/dist/FAQ Fri Oct 23 19:45:22 2015 (r289847)
+++ vendor-crypto/openssl/dist/FAQ Fri Oct 23 19:46:02 2015 (r289848)
@@ -83,7 +83,7 @@ OpenSSL - Frequently Asked Questions
* Which is the current version of OpenSSL?
The current version is available from <URL: http://www.openssl.org>.
-OpenSSL 1.0.1e was released on Feb 11th, 2013.
+OpenSSL 1.0.1a was released on Apr 19th, 2012.
In addition to the current stable release, you can also access daily
snapshots of the OpenSSL development version at <URL:
@@ -184,14 +184,18 @@ Therefore the answer to the common quest
backported to OpenSSL 1.0.0/0.9.8?" is "never" but it could appear
in the next minor release.
+* What happens when the letter release reaches z?
+
+It was decided after the release of OpenSSL 0.9.8y the next version should
+be 0.9.8za then 0.9.8zb and so on.
*** DIFF OUTPUT TRUNCATED AT 1000 LINES ***
More information about the svn-src-all
mailing list