Date: Fri, 11 Mar 2016 16:30:29 +0000 (UTC) From: Gleb Smirnoff <glebius@FreeBSD.org> To: src-committers@freebsd.org, svn-src-user@freebsd.org Subject: svn commit: r296666 - in user/cperciva/freebsd-update-build/patches: 10.1-RELEASE 10.2-RELEASE 9.3-RELEASE Message-ID: <201603111630.u2BGUTHa076292@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: glebius Date: Fri Mar 11 16:30:29 2016 New Revision: 296666 URL: https://svnweb.freebsd.org/changeset/base/296666 Log: Store SA-16:12 and SA-16:13 patches. Added: user/cperciva/freebsd-update-build/patches/10.1-RELEASE/30-SA-16:12.openssl user/cperciva/freebsd-update-build/patches/10.2-RELEASE/13-SA-16:12.openssl user/cperciva/freebsd-update-build/patches/9.3-RELEASE/37-SA-16:12.openssl user/cperciva/freebsd-update-build/patches/9.3-RELEASE/38-SA-16:13.bind Added: user/cperciva/freebsd-update-build/patches/10.1-RELEASE/30-SA-16:12.openssl ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ user/cperciva/freebsd-update-build/patches/10.1-RELEASE/30-SA-16:12.openssl Fri Mar 11 16:30:29 2016 (r296666) @@ -0,0 +1,609609 @@ +--- crypto/openssl/CHANGES.orig ++++ crypto/openssl/CHANGES +@@ -2,6 +2,175 @@ + OpenSSL CHANGES + _______________ + ++ Changes between 1.0.1o and 1.0.1p [9 Jul 2015] ++ ++ *) Alternate chains certificate forgery ++ ++ During certificate verfification, OpenSSL will attempt to find an ++ alternative certificate chain if the first attempt to build such a chain ++ fails. An error in the implementation of this logic can mean that an ++ attacker could cause certain checks on untrusted certificates to be ++ bypassed, such as the CA flag, enabling them to use a valid leaf ++ certificate to act as a CA and "issue" an invalid certificate. ++ ++ This issue was reported to OpenSSL by Adam Langley/David Benjamin ++ (Google/BoringSSL). ++ [Matt Caswell] ++ ++ Changes between 1.0.1n and 1.0.1o [12 Jun 2015] ++ ++ *) Fix HMAC ABI incompatibility. The previous version introduced an ABI ++ incompatibility in the handling of HMAC. The previous ABI has now been ++ restored. ++ ++ Changes between 1.0.1m and 1.0.1n [11 Jun 2015] ++ ++ *) Malformed ECParameters causes infinite loop ++ ++ When processing an ECParameters structure OpenSSL enters an infinite loop ++ if the curve specified is over a specially malformed binary polynomial ++ field. ++ ++ This can be used to perform denial of service against any ++ system which processes public keys, certificate requests or ++ certificates. This includes TLS clients and TLS servers with ++ client authentication enabled. ++ ++ This issue was reported to OpenSSL by Joseph Barr-Pixton. ++ (CVE-2015-1788) ++ [Andy Polyakov] ++ ++ *) Exploitable out-of-bounds read in X509_cmp_time ++ ++ X509_cmp_time does not properly check the length of the ASN1_TIME ++ string and can read a few bytes out of bounds. In addition, ++ X509_cmp_time accepts an arbitrary number of fractional seconds in the ++ time string. ++ ++ An attacker can use this to craft malformed certificates and CRLs of ++ various sizes and potentially cause a segmentation fault, resulting in ++ a DoS on applications that verify certificates or CRLs. TLS clients ++ that verify CRLs are affected. TLS clients and servers with client ++ authentication enabled may be affected if they use custom verification ++ callbacks. ++ ++ This issue was reported to OpenSSL by Robert Swiecki (Google), and ++ independently by Hanno Böck. ++ (CVE-2015-1789) ++ [Emilia Käsper] ++ ++ *) PKCS7 crash with missing EnvelopedContent ++ ++ The PKCS#7 parsing code does not handle missing inner EncryptedContent ++ correctly. An attacker can craft malformed ASN.1-encoded PKCS#7 blobs ++ with missing content and trigger a NULL pointer dereference on parsing. ++ ++ Applications that decrypt PKCS#7 data or otherwise parse PKCS#7 ++ structures from untrusted sources are affected. OpenSSL clients and ++ servers are not affected. ++ ++ This issue was reported to OpenSSL by Michal Zalewski (Google). ++ (CVE-2015-1790) ++ [Emilia Käsper] ++ ++ *) CMS verify infinite loop with unknown hash function ++ ++ When verifying a signedData message the CMS code can enter an infinite loop ++ if presented with an unknown hash function OID. This can be used to perform ++ denial of service against any system which verifies signedData messages using ++ the CMS code. ++ This issue was reported to OpenSSL by Johannes Bauer. ++ (CVE-2015-1792) ++ [Stephen Henson] ++ ++ *) Race condition handling NewSessionTicket ++ ++ If a NewSessionTicket is received by a multi-threaded client when attempting to ++ reuse a previous ticket then a race condition can occur potentially leading to ++ a double free of the ticket data. ++ (CVE-2015-1791) ++ [Matt Caswell] ++ ++ *) Reject DH handshakes with parameters shorter than 768 bits. ++ [Kurt Roeckx and Emilia Kasper] ++ ++ Changes between 1.0.1l and 1.0.1m [19 Mar 2015] ++ ++ *) Segmentation fault in ASN1_TYPE_cmp fix ++ ++ The function ASN1_TYPE_cmp will crash with an invalid read if an attempt is ++ made to compare ASN.1 boolean types. Since ASN1_TYPE_cmp is used to check ++ certificate signature algorithm consistency this can be used to crash any ++ certificate verification operation and exploited in a DoS attack. Any ++ application which performs certificate verification is vulnerable including ++ OpenSSL clients and servers which enable client authentication. ++ (CVE-2015-0286) ++ [Stephen Henson] ++ ++ *) ASN.1 structure reuse memory corruption fix ++ ++ Reusing a structure in ASN.1 parsing may allow an attacker to cause ++ memory corruption via an invalid write. Such reuse is and has been ++ strongly discouraged and is believed to be rare. ++ ++ Applications that parse structures containing CHOICE or ANY DEFINED BY ++ components may be affected. Certificate parsing (d2i_X509 and related ++ functions) are however not affected. OpenSSL clients and servers are ++ not affected. ++ (CVE-2015-0287) ++ [Stephen Henson] ++ ++ *) PKCS7 NULL pointer dereferences fix ++ ++ The PKCS#7 parsing code does not handle missing outer ContentInfo ++ correctly. An attacker can craft malformed ASN.1-encoded PKCS#7 blobs with ++ missing content and trigger a NULL pointer dereference on parsing. ++ ++ Applications that verify PKCS#7 signatures, decrypt PKCS#7 data or ++ otherwise parse PKCS#7 structures from untrusted sources are ++ affected. OpenSSL clients and servers are not affected. ++ ++ This issue was reported to OpenSSL by Michal Zalewski (Google). ++ (CVE-2015-0289) ++ [Emilia Käsper] ++ ++ *) DoS via reachable assert in SSLv2 servers fix ++ ++ A malicious client can trigger an OPENSSL_assert (i.e., an abort) in ++ servers that both support SSLv2 and enable export cipher suites by sending ++ a specially crafted SSLv2 CLIENT-MASTER-KEY message. ++ ++ This issue was discovered by Sean Burford (Google) and Emilia Käsper ++ (OpenSSL development team). ++ (CVE-2015-0293) ++ [Emilia Käsper] ++ ++ *) Use After Free following d2i_ECPrivatekey error fix ++ ++ A malformed EC private key file consumed via the d2i_ECPrivateKey function ++ could cause a use after free condition. This, in turn, could cause a double ++ free in several private key parsing functions (such as d2i_PrivateKey ++ or EVP_PKCS82PKEY) and could lead to a DoS attack or memory corruption ++ for applications that receive EC private keys from untrusted ++ sources. This scenario is considered rare. ++ ++ This issue was discovered by the BoringSSL project and fixed in their ++ commit 517073cd4b. ++ (CVE-2015-0209) ++ [Matt Caswell] ++ ++ *) X509_to_X509_REQ NULL pointer deref fix ++ ++ The function X509_to_X509_REQ will crash with a NULL pointer dereference if ++ the certificate key is invalid. This function is rarely used in practice. ++ ++ This issue was discovered by Brian Carpenter. ++ (CVE-2015-0288) ++ [Stephen Henson] ++ ++ *) Removed the export ciphers from the DEFAULT ciphers ++ [Kurt Roeckx] ++ + Changes between 1.0.1k and 1.0.1l [15 Jan 2015] + + *) Build fixes for the Windows and OpenVMS platforms +@@ -771,63 +940,6 @@ + Add command line options to s_client/s_server. + [Steve Henson] + +- Changes between 1.0.0j and 1.0.0k [5 Feb 2013] +- +- *) Make the decoding of SSLv3, TLS and DTLS CBC records constant time. +- +- This addresses the flaw in CBC record processing discovered by +- Nadhem Alfardan and Kenny Paterson. Details of this attack can be found +- at: http://www.isg.rhul.ac.uk/tls/ +- +- Thanks go to Nadhem Alfardan and Kenny Paterson of the Information +- Security Group at Royal Holloway, University of London +- (www.isg.rhul.ac.uk) for discovering this flaw and Adam Langley and +- Emilia Käsper for the initial patch. +- (CVE-2013-0169) +- [Emilia Käsper, Adam Langley, Ben Laurie, Andy Polyakov, Steve Henson] +- +- *) Return an error when checking OCSP signatures when key is NULL. +- This fixes a DoS attack. (CVE-2013-0166) +- [Steve Henson] +- +- *) Call OCSP Stapling callback after ciphersuite has been chosen, so +- the right response is stapled. Also change SSL_get_certificate() +- so it returns the certificate actually sent. +- See http://rt.openssl.org/Ticket/Display.html?id=2836. +- (This is a backport) +- [Rob Stradling <rob.stradling@comodo.com>] +- +- *) Fix possible deadlock when decoding public keys. +- [Steve Henson] +- +- Changes between 1.0.0i and 1.0.0j [10 May 2012] +- +- [NB: OpenSSL 1.0.0i and later 1.0.0 patch levels were released after +- OpenSSL 1.0.1.] +- +- *) Sanity check record length before skipping explicit IV in DTLS +- to fix DoS attack. +- +- Thanks to Codenomicon for discovering this issue using Fuzz-o-Matic +- fuzzing as a service testing platform. +- (CVE-2012-2333) +- [Steve Henson] +- +- *) Initialise tkeylen properly when encrypting CMS messages. +- Thanks to Solar Designer of Openwall for reporting this issue. +- [Steve Henson] +- +- Changes between 1.0.0h and 1.0.0i [19 Apr 2012] +- +- *) Check for potentially exploitable overflows in asn1_d2i_read_bio +- BUF_mem_grow and BUF_mem_grow_clean. Refuse attempts to shrink buffer +- in CRYPTO_realloc_clean. +- +- Thanks to Tavis Ormandy, Google Security Team, for discovering this +- issue and to Adam Langley <agl@chromium.org> for fixing it. +- (CVE-2012-2110) +- [Adam Langley (Google), Tavis Ormandy, Google Security Team] +- + Changes between 1.0.0g and 1.0.0h [12 Mar 2012] + + *) Fix MMA (Bleichenbacher's attack on PKCS #1 v1.5 RSA padding) weakness +@@ -1818,228 +1930,6 @@ + *) Change 'Configure' script to enable Camellia by default. + [NTT] + +- Changes between 0.9.8x and 0.9.8y [5 Feb 2013] +- +- *) Make the decoding of SSLv3, TLS and DTLS CBC records constant time. +- +- This addresses the flaw in CBC record processing discovered by +- Nadhem Alfardan and Kenny Paterson. Details of this attack can be found +- at: http://www.isg.rhul.ac.uk/tls/ +- +- Thanks go to Nadhem Alfardan and Kenny Paterson of the Information +- Security Group at Royal Holloway, University of London +- (www.isg.rhul.ac.uk) for discovering this flaw and Adam Langley and +- Emilia Käsper for the initial patch. +- (CVE-2013-0169) +- [Emilia Käsper, Adam Langley, Ben Laurie, Andy Polyakov, Steve Henson] +- +- *) Return an error when checking OCSP signatures when key is NULL. +- This fixes a DoS attack. (CVE-2013-0166) +- [Steve Henson] +- +- *) Call OCSP Stapling callback after ciphersuite has been chosen, so +- the right response is stapled. Also change SSL_get_certificate() +- so it returns the certificate actually sent. +- See http://rt.openssl.org/Ticket/Display.html?id=2836. +- (This is a backport) +- [Rob Stradling <rob.stradling@comodo.com>] +- +- *) Fix possible deadlock when decoding public keys. +- [Steve Henson] +- +- Changes between 0.9.8w and 0.9.8x [10 May 2012] +- +- *) Sanity check record length before skipping explicit IV in DTLS +- to fix DoS attack. +- +- Thanks to Codenomicon for discovering this issue using Fuzz-o-Matic +- fuzzing as a service testing platform. +- (CVE-2012-2333) +- [Steve Henson] +- +- *) Initialise tkeylen properly when encrypting CMS messages. +- Thanks to Solar Designer of Openwall for reporting this issue. +- [Steve Henson] +- +- Changes between 0.9.8v and 0.9.8w [23 Apr 2012] +- +- *) The fix for CVE-2012-2110 did not take into account that the +- 'len' argument to BUF_MEM_grow and BUF_MEM_grow_clean is an +- int in OpenSSL 0.9.8, making it still vulnerable. Fix by +- rejecting negative len parameter. (CVE-2012-2131) +- [Tomas Hoger <thoger@redhat.com>] +- +- Changes between 0.9.8u and 0.9.8v [19 Apr 2012] +- +- *) Check for potentially exploitable overflows in asn1_d2i_read_bio +- BUF_mem_grow and BUF_mem_grow_clean. Refuse attempts to shrink buffer +- in CRYPTO_realloc_clean. +- +- Thanks to Tavis Ormandy, Google Security Team, for discovering this +- issue and to Adam Langley <agl@chromium.org> for fixing it. +- (CVE-2012-2110) +- [Adam Langley (Google), Tavis Ormandy, Google Security Team] +- +- Changes between 0.9.8t and 0.9.8u [12 Mar 2012] +- +- *) Fix MMA (Bleichenbacher's attack on PKCS #1 v1.5 RSA padding) weakness +- in CMS and PKCS7 code. When RSA decryption fails use a random key for +- content decryption and always return the same error. Note: this attack +- needs on average 2^20 messages so it only affects automated senders. The +- old behaviour can be reenabled in the CMS code by setting the +- CMS_DEBUG_DECRYPT flag: this is useful for debugging and testing where +- an MMA defence is not necessary. +- Thanks to Ivan Nestlerode <inestlerode@us.ibm.com> for discovering +- this issue. (CVE-2012-0884) +- [Steve Henson] +- +- *) Fix CVE-2011-4619: make sure we really are receiving a +- client hello before rejecting multiple SGC restarts. Thanks to +- Ivan Nestlerode <inestlerode@us.ibm.com> for discovering this bug. +- [Steve Henson] +- +- Changes between 0.9.8s and 0.9.8t [18 Jan 2012] +- +- *) Fix for DTLS DoS issue introduced by fix for CVE-2011-4109. +- Thanks to Antonio Martin, Enterprise Secure Access Research and +- Development, Cisco Systems, Inc. for discovering this bug and +- preparing a fix. (CVE-2012-0050) +- [Antonio Martin] +- +- Changes between 0.9.8r and 0.9.8s [4 Jan 2012] +- +- *) Nadhem Alfardan and Kenny Paterson have discovered an extension +- of the Vaudenay padding oracle attack on CBC mode encryption +- which enables an efficient plaintext recovery attack against +- the OpenSSL implementation of DTLS. Their attack exploits timing +- differences arising during decryption processing. A research +- paper describing this attack can be found at: +- http://www.isg.rhul.ac.uk/~kp/dtls.pdf +- Thanks go to Nadhem Alfardan and Kenny Paterson of the Information +- Security Group at Royal Holloway, University of London +- (www.isg.rhul.ac.uk) for discovering this flaw and to Robin Seggelmann +- <seggelmann@fh-muenster.de> and Michael Tuexen <tuexen@fh-muenster.de> +- for preparing the fix. (CVE-2011-4108) +- [Robin Seggelmann, Michael Tuexen] +- +- *) Stop policy check failure freeing same buffer twice. (CVE-2011-4109) +- [Ben Laurie, Kasper <ekasper@google.com>] +- +- *) Clear bytes used for block padding of SSL 3.0 records. +- (CVE-2011-4576) +- [Adam Langley (Google)] +- +- *) Only allow one SGC handshake restart for SSL/TLS. Thanks to George +- Kadianakis <desnacked@gmail.com> for discovering this issue and +- Adam Langley for preparing the fix. (CVE-2011-4619) +- [Adam Langley (Google)] +- +- *) Prevent malformed RFC3779 data triggering an assertion failure. +- Thanks to Andrew Chi, BBN Technologies, for discovering the flaw +- and Rob Austein <sra@hactrn.net> for fixing it. (CVE-2011-4577) +- [Rob Austein <sra@hactrn.net>] +- +- *) Fix ssl_ciph.c set-up race. +- [Adam Langley (Google)] +- +- *) Fix spurious failures in ecdsatest.c. +- [Emilia Käsper (Google)] +- +- *) Fix the BIO_f_buffer() implementation (which was mixing different +- interpretations of the '..._len' fields). +- [Adam Langley (Google)] +- +- *) Fix handling of BN_BLINDING: now BN_BLINDING_invert_ex (rather than +- BN_BLINDING_invert_ex) calls BN_BLINDING_update, ensuring that concurrent +- threads won't reuse the same blinding coefficients. +- +- This also avoids the need to obtain the CRYPTO_LOCK_RSA_BLINDING +- lock to call BN_BLINDING_invert_ex, and avoids one use of +- BN_BLINDING_update for each BN_BLINDING structure (previously, +- the last update always remained unused). +- [Emilia Käsper (Google)] +- +- *) Fix SSL memory handling for (EC)DH ciphersuites, in particular +- for multi-threaded use of ECDH. +- [Adam Langley (Google)] +- +- *) Fix x509_name_ex_d2i memory leak on bad inputs. +- [Bodo Moeller] +- +- *) Add protection against ECDSA timing attacks as mentioned in the paper +- by Billy Bob Brumley and Nicola Tuveri, see: +- +- http://eprint.iacr.org/2011/232.pdf +- +- [Billy Bob Brumley and Nicola Tuveri] +- +- Changes between 0.9.8q and 0.9.8r [8 Feb 2011] +- +- *) Fix parsing of OCSP stapling ClientHello extension. CVE-2011-0014 +- [Neel Mehta, Adam Langley, Bodo Moeller (Google)] +- +- *) Fix bug in string printing code: if *any* escaping is enabled we must +- escape the escape character (backslash) or the resulting string is +- ambiguous. +- [Steve Henson] +- +- Changes between 0.9.8p and 0.9.8q [2 Dec 2010] +- +- *) Disable code workaround for ancient and obsolete Netscape browsers +- and servers: an attacker can use it in a ciphersuite downgrade attack. +- Thanks to Martin Rex for discovering this bug. CVE-2010-4180 +- [Steve Henson] +- +- *) Fixed J-PAKE implementation error, originally discovered by +- Sebastien Martini, further info and confirmation from Stefan +- Arentz and Feng Hao. Note that this fix is a security fix. CVE-2010-4252 +- [Ben Laurie] +- +- Changes between 0.9.8o and 0.9.8p [16 Nov 2010] +- +- *) Fix extension code to avoid race conditions which can result in a buffer +- overrun vulnerability: resumed sessions must not be modified as they can +- be shared by multiple threads. CVE-2010-3864 +- [Steve Henson] +- +- *) Fix for double free bug in ssl/s3_clnt.c CVE-2010-2939 +- [Steve Henson] +- +- *) Don't reencode certificate when calculating signature: cache and use +- the original encoding instead. This makes signature verification of +- some broken encodings work correctly. +- [Steve Henson] +- +- *) ec2_GF2m_simple_mul bugfix: compute correct result if the output EC_POINT +- is also one of the inputs. +- [Emilia Käsper <emilia.kasper@esat.kuleuven.be> (Google)] +- +- *) Don't repeatedly append PBE algorithms to table if they already exist. +- Sort table on each new add. This effectively makes the table read only +- after all algorithms are added and subsequent calls to PKCS12_pbe_add +- etc are non-op. +- [Steve Henson] +- +- Changes between 0.9.8n and 0.9.8o [01 Jun 2010] +- +- [NB: OpenSSL 0.9.8o and later 0.9.8 patch levels were released after +- OpenSSL 1.0.0.] +- +- *) Correct a typo in the CMS ASN1 module which can result in invalid memory +- access or freeing data twice (CVE-2010-0742) +- [Steve Henson, Ronald Moesbergen <intercommit@gmail.com>] +- +- *) Add SHA2 algorithms to SSL_library_init(). SHA2 is becoming far more +- common in certificates and some applications which only call +- SSL_library_init and not OpenSSL_add_all_algorithms() will fail. +- [Steve Henson] +- +- *) VMS fixes: +- Reduce copying into .apps and .test in makevms.com +- Don't try to use blank CA certificate in CA.com +- Allow use of C files from original directories in maketests.com +- [Steven M. Schweda" <sms@antinode.info>] +- + Changes between 0.9.8m and 0.9.8n [24 Mar 2010] + + *) When rejecting SSL/TLS records due to an incorrect version number, never +--- crypto/openssl/Configure.orig ++++ crypto/openssl/Configure +@@ -185,18 +185,18 @@ + "debug-steve-opt", "gcc:$gcc_devteam_warn -m64 -O3 -DL_ENDIAN -DTERMIO -DCONF_DEBUG -DDEBUG_SAFESTACK -g::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + "debug-levitte-linux-elf","gcc:-DLEVITTE_DEBUG -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -ggdb -g3 -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + "debug-levitte-linux-noasm","gcc:-DLEVITTE_DEBUG -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -DL_ENDIAN -ggdb -g3 -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +-"debug-levitte-linux-elf-extreme","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_DEBUG -DBN_DEBUG_RAND -DCRYPTO_MDEBUG -DENGINE_CONF_DEBUG -DL_ENDIAN -DTERMIO -DPEDANTIC -ggdb -g3 -pedantic -ansi -Wall -W -Wundef -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -Wundef -Wconversion -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +-"debug-levitte-linux-noasm-extreme","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_DEBUG -DBN_DEBUG_RAND -DCRYPTO_MDEBUG -DENGINE_CONF_DEBUG -DOPENSSL_NO_ASM -DL_ENDIAN -DTERMIO -DPEDANTIC -ggdb -g3 -pedantic -ansi -Wall -W -Wundef -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -Wundef -Wconversion -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"debug-levitte-linux-elf-extreme","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_DEBUG -DBN_DEBUG_RAND -DCRYPTO_MDEBUG -DENGINE_CONF_DEBUG -DL_ENDIAN -DPEDANTIC -ggdb -g3 -pedantic -ansi -Wall -W -Wundef -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -Wundef -Wconversion -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"debug-levitte-linux-noasm-extreme","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_DEBUG -DBN_DEBUG_RAND -DCRYPTO_MDEBUG -DENGINE_CONF_DEBUG -DOPENSSL_NO_ASM -DL_ENDIAN -DPEDANTIC -ggdb -g3 -pedantic -ansi -Wall -W -Wundef -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -Wundef -Wconversion -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + "debug-geoff32","gcc:-DBN_DEBUG -DBN_DEBUG_RAND -DBN_STRICT -DPURIFY -DOPENSSL_NO_DEPRECATED -DOPENSSL_NO_ASM -DOPENSSL_NO_INLINE_ASM -DL_ENDIAN -DTERMIO -DPEDANTIC -O1 -ggdb2 -Wall -Werror -Wundef -pedantic -Wshadow -Wpointer-arith -Wbad-function-cast -Wcast-align -Wsign-compare -Wmissing-prototypes -Wmissing-declarations -Wno-long-long::-D_REENTRANT::-ldl:BN_LLONG:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + "debug-geoff64","gcc:-DBN_DEBUG -DBN_DEBUG_RAND -DBN_STRICT -DPURIFY -DOPENSSL_NO_DEPRECATED -DOPENSSL_NO_ASM -DOPENSSL_NO_INLINE_ASM -DL_ENDIAN -DTERMIO -DPEDANTIC -O1 -ggdb2 -Wall -Werror -Wundef -pedantic -Wshadow -Wpointer-arith -Wbad-function-cast -Wcast-align -Wsign-compare -Wmissing-prototypes -Wmissing-declarations -Wno-long-long::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +-"debug-linux-pentium","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -mcpu=pentium -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn", +-"debug-linux-ppro","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -mcpu=pentiumpro -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn", +-"debug-linux-elf","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -march=i486 -Wall::-D_REENTRANT::-lefence -ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +-"debug-linux-elf-noefence","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -march=i486 -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +-"debug-linux-ia32-aes", "gcc:-DAES_EXPERIMENTAL -DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:x86cpuid.o:bn-586.o co-586.o x86-mont.o:des-586.o crypt586.o:aes_x86core.o aes_cbc.o aesni-x86.o:bf-586.o:md5-586.o:sha1-586.o sha256-586.o sha512-586.o:cast-586.o:rc4-586.o:rmd-586.o:rc5-586.o:wp_block.o wp-mmx.o::ghash-x86.o::elf:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +-"debug-linux-generic32","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -DTERMIO -g -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +-"debug-linux-generic64","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -DTERMIO -g -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +-"debug-linux-x86_64","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -m64 -DL_ENDIAN -DTERMIO -g -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64", ++"debug-linux-pentium","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -g -mcpu=pentium -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn", ++"debug-linux-ppro","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -g -mcpu=pentiumpro -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn", ++"debug-linux-elf","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -g -march=i486 -Wall::-D_REENTRANT::-lefence -ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"debug-linux-elf-noefence","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -g -march=i486 -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"debug-linux-ia32-aes", "gcc:-DAES_EXPERIMENTAL -DL_ENDIAN -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:x86cpuid.o:bn-586.o co-586.o x86-mont.o:des-586.o crypt586.o:aes_x86core.o aes_cbc.o aesni-x86.o:bf-586.o:md5-586.o:sha1-586.o sha256-586.o sha512-586.o:cast-586.o:rc4-586.o:rmd-586.o:rc5-586.o:wp_block.o wp-mmx.o::ghash-x86.o::elf:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"debug-linux-generic32","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -g -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"debug-linux-generic64","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -g -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"debug-linux-x86_64","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -m64 -DL_ENDIAN -g -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64", + "dist", "cc:-O::(unknown)::::::", + + # Basic configs that should work on any (32 and less bit) box +@@ -230,12 +230,12 @@ + + #### SPARC Solaris with GNU C setups + "solaris-sparcv7-gcc","gcc:-O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${no_asm}:dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +-"solaris-sparcv8-gcc","gcc:-mv8 -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv8_asm}:dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"solaris-sparcv8-gcc","gcc:-mcpu=v8 -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv8_asm}:dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + # -m32 should be safe to add as long as driver recognizes -mcpu=ultrasparc + "solaris-sparcv9-gcc","gcc:-m32 -mcpu=ultrasparc -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + "solaris64-sparcv9-gcc","gcc:-m64 -mcpu=ultrasparc -O3 -Wall -DB_ENDIAN::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:solaris-shared:-fPIC:-m64 -shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::/64", + #### +-"debug-solaris-sparcv8-gcc","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -O -g -mv8 -Wall -DB_ENDIAN::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv8_asm}:dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"debug-solaris-sparcv8-gcc","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -O -g -mcpu=v8 -Wall -DB_ENDIAN::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv8_asm}:dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + "debug-solaris-sparcv9-gcc","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -DPEDANTIC -O -g -mcpu=ultrasparc -pedantic -ansi -Wall -Wshadow -Wno-long-long -D__EXTENSIONS__ -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + + #### SPARC Solaris with Sun C setups +@@ -252,20 +252,20 @@ + + #### SunOS configs, assuming sparc for the gcc one. + #"sunos-cc", "cc:-O4 -DNOPROTO -DNOCONST::(unknown):SUNOS::DES_UNROLL:${no_asm}::", +-"sunos-gcc","gcc:-O3 -mv8 -Dssize_t=int::(unknown):SUNOS::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL DES_PTR DES_RISC1:${no_asm}::", ++"sunos-gcc","gcc:-O3 -mcpu=v8 -Dssize_t=int::(unknown):SUNOS::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL DES_PTR DES_RISC1:${no_asm}::", + + #### IRIX 5.x configs + # -mips2 flag is added by ./config when appropriate. +-"irix-gcc","gcc:-O3 -DTERMIOS -DB_ENDIAN::(unknown):::BN_LLONG MD2_CHAR RC4_INDEX RC4_CHAR RC4_CHUNK DES_UNROLL DES_RISC2 DES_PTR BF_PTR:${mips32_asm}:o32:dlfcn:irix-shared:::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +-"irix-cc", "cc:-O2 -use_readonly_const -DTERMIOS -DB_ENDIAN::(unknown):::BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC2 DES_UNROLL BF_PTR:${mips32_asm}:o32:dlfcn:irix-shared:::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"irix-gcc","gcc:-O3 -DB_ENDIAN::(unknown):::BN_LLONG MD2_CHAR RC4_INDEX RC4_CHAR RC4_CHUNK DES_UNROLL DES_RISC2 DES_PTR BF_PTR:${mips32_asm}:o32:dlfcn:irix-shared:::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"irix-cc", "cc:-O2 -use_readonly_const -DB_ENDIAN::(unknown):::BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC2 DES_UNROLL BF_PTR:${mips32_asm}:o32:dlfcn:irix-shared:::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + #### IRIX 6.x configs + # Only N32 and N64 ABIs are supported. If you need O32 ABI build, invoke + # './Configure irix-cc -o32' manually. +-"irix-mips3-gcc","gcc:-mabi=n32 -O3 -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE:::MD2_CHAR RC4_INDEX RC4_CHAR RC4_CHUNK_LL DES_UNROLL DES_RISC2 DES_PTR BF_PTR SIXTY_FOUR_BIT:${mips64_asm}:n32:dlfcn:irix-shared::-mabi=n32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::32", +-"irix-mips3-cc", "cc:-n32 -mips3 -O2 -use_readonly_const -G0 -rdata_shared -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE:::DES_PTR RC4_CHAR RC4_CHUNK_LL DES_RISC2 DES_UNROLL BF_PTR SIXTY_FOUR_BIT:${mips64_asm}:n32:dlfcn:irix-shared::-n32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::32", ++"irix-mips3-gcc","gcc:-mabi=n32 -O3 -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE:::MD2_CHAR RC4_INDEX RC4_CHAR RC4_CHUNK_LL DES_UNROLL DES_RISC2 DES_PTR BF_PTR SIXTY_FOUR_BIT:${mips64_asm}:n32:dlfcn:irix-shared::-mabi=n32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::32", ++"irix-mips3-cc", "cc:-n32 -mips3 -O2 -use_readonly_const -G0 -rdata_shared -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE:::DES_PTR RC4_CHAR RC4_CHUNK_LL DES_RISC2 DES_UNROLL BF_PTR SIXTY_FOUR_BIT:${mips64_asm}:n32:dlfcn:irix-shared::-n32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::32", + # N64 ABI builds. +-"irix64-mips4-gcc","gcc:-mabi=64 -mips4 -O3 -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE:::RC4_CHAR RC4_CHUNK DES_RISC2 DES_UNROLL SIXTY_FOUR_BIT_LONG:${mips64_asm}:64:dlfcn:irix-shared::-mabi=64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64", +-"irix64-mips4-cc", "cc:-64 -mips4 -O2 -use_readonly_const -G0 -rdata_shared -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE:::RC4_CHAR RC4_CHUNK DES_RISC2 DES_UNROLL SIXTY_FOUR_BIT_LONG:${mips64_asm}:64:dlfcn:irix-shared::-64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64", ++"irix64-mips4-gcc","gcc:-mabi=64 -mips4 -O3 -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE:::RC4_CHAR RC4_CHUNK DES_RISC2 DES_UNROLL SIXTY_FOUR_BIT_LONG:${mips64_asm}:64:dlfcn:irix-shared::-mabi=64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64", ++"irix64-mips4-cc", "cc:-64 -mips4 -O2 -use_readonly_const -G0 -rdata_shared -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE:::RC4_CHAR RC4_CHUNK DES_RISC2 DES_UNROLL SIXTY_FOUR_BIT_LONG:${mips64_asm}:64:dlfcn:irix-shared::-64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64", + + #### Unified HP-UX ANSI C configs. + # Special notes: +@@ -345,23 +345,23 @@ + #### + # *-generic* is endian-neutral target, but ./config is free to + # throw in -D[BL]_ENDIAN, whichever appropriate... +-"linux-generic32","gcc:-DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +-"linux-ppc", "gcc:-DB_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc32_asm}:linux32:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"linux-generic32","gcc:-O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"linux-ppc", "gcc:-DB_ENDIAN -O3 -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc32_asm}:linux32:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + # It's believed that majority of ARM toolchains predefine appropriate -march. + # If you compiler does not, do complement config command line with one! +-"linux-armv4", "gcc:-DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${armv4_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"linux-armv4", "gcc:-O3 -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${armv4_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + #### IA-32 targets... +-"linux-ia32-icc", "icc:-DL_ENDIAN -DTERMIO -O2 -no_cpprt::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-KPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +-"linux-elf", "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +-"linux-aout", "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -march=i486 -Wall::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_asm}:a.out", ++"linux-ia32-icc", "icc:-DL_ENDIAN -O2 -no_cpprt::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-KPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"linux-elf", "gcc:-DL_ENDIAN -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"linux-aout", "gcc:-DL_ENDIAN -O3 -fomit-frame-pointer -march=i486 -Wall::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_asm}:a.out", + #### +-"linux-generic64","gcc:-DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +-"linux-ppc64", "gcc:-m64 -DB_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc64_asm}:linux64:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64", +-"linux-ia64", "gcc:-DL_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_UNROLL DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +-"linux-ia64-ecc","ecc:-DL_ENDIAN -DTERMIO -O2 -Wall -no_cpprt::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +-"linux-ia64-icc","icc:-DL_ENDIAN -DTERMIO -O2 -Wall -no_cpprt::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +-"linux-x86_64", "gcc:-m64 -DL_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64", +-"linux64-s390x", "gcc:-m64 -DB_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL:${s390x_asm}:64:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64", ++"linux-generic64","gcc:-O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"linux-ppc64", "gcc:-m64 -DB_ENDIAN -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc64_asm}:linux64:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64", ++"linux-ia64", "gcc:-DL_ENDIAN -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_UNROLL DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"linux-ia64-ecc","ecc:-DL_ENDIAN -O2 -Wall -no_cpprt::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"linux-ia64-icc","icc:-DL_ENDIAN -O2 -Wall -no_cpprt::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"linux-x86_64", "gcc:-m64 -DL_ENDIAN -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64", ++"linux64-s390x", "gcc:-m64 -DB_ENDIAN -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL:${s390x_asm}:64:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64", + #### So called "highgprs" target for z/Architecture CPUs + # "Highgprs" is kernel feature first implemented in Linux 2.6.32, see + # /proc/cpuinfo. The idea is to preserve most significant bits of +@@ -375,16 +375,16 @@ + # ldconfig and run-time linker to autodiscover. Unfortunately it + # doesn't work just yet, because of couple of bugs in glibc + # sysdeps/s390/dl-procinfo.c affecting ldconfig and ld.so.1... +-"linux32-s390x", "gcc:-m31 -Wa,-mzarch -DB_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL:".eval{my $asm=$s390x_asm;$asm=~s/bn\-s390x\.o/bn_asm.o/;$asm}.":31:dlfcn:linux-shared:-fPIC:-m31:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::/highgprs", ++"linux32-s390x", "gcc:-m31 -Wa,-mzarch -DB_ENDIAN -O3 -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL:".eval{my $asm=$s390x_asm;$asm=~s/bn\-s390x\.o/bn_asm.o/;$asm}.":31:dlfcn:linux-shared:-fPIC:-m31:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::/highgprs", + #### SPARC Linux setups + # Ray Miller <ray.miller@computing-services.oxford.ac.uk> has patiently + # assisted with debugging of following two configs. +-"linux-sparcv8","gcc:-mv8 -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall -DBN_DIV2W::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv8_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"linux-sparcv8","gcc:-mcpu=v8 -DB_ENDIAN -O3 -fomit-frame-pointer -Wall -DBN_DIV2W::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv8_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + # it's a real mess with -mcpu=ultrasparc option under Linux, but + # -Wa,-Av8plus should do the trick no matter what. +-"linux-sparcv9","gcc:-m32 -mcpu=ultrasparc -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall -Wa,-Av8plus -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:linux-shared:-fPIC:-m32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"linux-sparcv9","gcc:-m32 -mcpu=ultrasparc -DB_ENDIAN -O3 -fomit-frame-pointer -Wall -Wa,-Av8plus -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:linux-shared:-fPIC:-m32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + # GCC 3.1 is a requirement +-"linux64-sparcv9","gcc:-m64 -mcpu=ultrasparc -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT:ULTRASPARC:-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64", ++"linux64-sparcv9","gcc:-m64 -mcpu=ultrasparc -DB_ENDIAN -O3 -fomit-frame-pointer -Wall::-D_REENTRANT:ULTRASPARC:-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64", + #### Alpha Linux with GNU C and Compaq C setups + # Special notes: + # - linux-alpha+bwx-gcc is ment to be used from ./config only. If you +@@ -398,30 +398,30 @@ + # + # <appro@fy.chalmers.se> + # +-"linux-alpha-gcc","gcc:-O3 -DL_ENDIAN -DTERMIO::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_UNROLL:${alpha_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +-"linux-alpha+bwx-gcc","gcc:-O3 -DL_ENDIAN -DTERMIO::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${alpha_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +-"linux-alpha-ccc","ccc:-fast -readonly_strings -DL_ENDIAN -DTERMIO::-D_REENTRANT:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${alpha_asm}", +-"linux-alpha+bwx-ccc","ccc:-fast -readonly_strings -DL_ENDIAN -DTERMIO::-D_REENTRANT:::SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${alpha_asm}", ++"linux-alpha-gcc","gcc:-O3 -DL_ENDIAN::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_UNROLL:${alpha_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"linux-alpha+bwx-gcc","gcc:-O3 -DL_ENDIAN::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${alpha_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"linux-alpha-ccc","ccc:-fast -readonly_strings -DL_ENDIAN::-D_REENTRANT:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${alpha_asm}", ++"linux-alpha+bwx-ccc","ccc:-fast -readonly_strings -DL_ENDIAN::-D_REENTRANT:::SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${alpha_asm}", + +-# Android: linux-* but without -DTERMIO and pointers to headers and libs. ++# Android: linux-* but without pointers to headers and libs. + "android","gcc:-mandroid -I\$(ANDROID_DEV)/include -B\$(ANDROID_DEV)/lib -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + "android-x86","gcc:-mandroid -I\$(ANDROID_DEV)/include -B\$(ANDROID_DEV)/lib -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:".eval{my $asm=${x86_elf_asm};$asm=~s/:elf/:android/;$asm}.":dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + "android-armv7","gcc:-march=armv7-a -mandroid -I\$(ANDROID_DEV)/include -B\$(ANDROID_DEV)/lib -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${armv4_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + + #### *BSD [do see comment about ${BSDthreads} above!] +-"BSD-generic32","gcc:-DTERMIOS -O3 -fomit-frame-pointer -Wall::${BSDthreads}:::BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +-"BSD-x86", "gcc:-DL_ENDIAN -DTERMIOS -O3 -fomit-frame-pointer -Wall::${BSDthreads}:::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_asm}:a.out:dlfcn:bsd-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +-"BSD-x86-elf", "gcc:-DL_ENDIAN -DTERMIOS -O3 -fomit-frame-pointer -Wall::${BSDthreads}:::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +-"debug-BSD-x86-elf", "gcc:-DL_ENDIAN -DTERMIOS -O3 -Wall -g::${BSDthreads}:::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +-"BSD-sparcv8", "gcc:-DB_ENDIAN -DTERMIOS -O3 -mv8 -Wall::${BSDthreads}:::BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL:${sparcv8_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"BSD-generic32","gcc:-O3 -fomit-frame-pointer -Wall::${BSDthreads}:::BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"BSD-x86", "gcc:-DL_ENDIAN -O3 -fomit-frame-pointer -Wall::${BSDthreads}:::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_asm}:a.out:dlfcn:bsd-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"BSD-x86-elf", "gcc:-DL_ENDIAN -O3 -fomit-frame-pointer -Wall::${BSDthreads}:::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"debug-BSD-x86-elf", "gcc:-DL_ENDIAN -O3 -Wall -g::${BSDthreads}:::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"BSD-sparcv8", "gcc:-DB_ENDIAN -O3 -mcpu=v8 -Wall::${BSDthreads}:::BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL:${sparcv8_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + +-"BSD-generic64","gcc:-DTERMIOS -O3 -Wall::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"BSD-generic64","gcc:-O3 -Wall::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + # -DMD32_REG_T=int doesn't actually belong in sparc64 target, it + # simply *happens* to work around a compiler bug in gcc 3.3.3, + # triggered by RIPEMD160 code. +-"BSD-sparc64", "gcc:-DB_ENDIAN -DTERMIOS -O3 -DMD32_REG_T=int -Wall::${BSDthreads}:::BN_LLONG RC2_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC2 BF_PTR:${sparcv9_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +-"BSD-ia64", "gcc:-DL_ENDIAN -DTERMIOS -O3 -Wall::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_UNROLL DES_INT:${ia64_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +-"BSD-x86_64", "gcc:-DL_ENDIAN -DTERMIOS -O3 -Wall::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"BSD-sparc64", "gcc:-DB_ENDIAN -O3 -DMD32_REG_T=int -Wall::${BSDthreads}:::BN_LLONG RC2_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC2 BF_PTR:${sparcv9_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"BSD-ia64", "gcc:-DL_ENDIAN -O3 -Wall::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_UNROLL DES_INT:${ia64_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"BSD-x86_64", "gcc:-DL_ENDIAN -O3 -Wall::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + + "bsdi-elf-gcc", "gcc:-DPERL5 -DL_ENDIAN -fomit-frame-pointer -O3 -march=i486 -Wall::(unknown)::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + +@@ -433,8 +433,8 @@ + + # QNX + "qnx4", "cc:-DL_ENDIAN -DTERMIO::(unknown):::${x86_gcc_des} ${x86_gcc_opts}:", +-"QNX6", "gcc:-DTERMIOS::::-lsocket::${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +-"QNX6-i386", "gcc:-DL_ENDIAN -DTERMIOS -O2 -Wall::::-lsocket:${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"QNX6", "gcc:::::-lsocket::${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"QNX6-i386", "gcc:-DL_ENDIAN -O2 -Wall::::-lsocket:${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + + # BeOS + "beos-x86-r5", "gcc:-DL_ENDIAN -DTERMIOS -O3 -fomit-frame-pointer -mcpu=pentium -Wall::-D_REENTRANT:BEOS:-lbe -lnet:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:beos:beos-shared:-fPIC -DPIC:-shared:.so", +@@ -507,7 +507,7 @@ + "SINIX-N","/usr/ucb/cc:-O2 -misaligned::(unknown)::-lucb:RC4_INDEX RC4_CHAR:::", + + # SIEMENS BS2000/OSD: an EBCDIC-based mainframe +-"BS2000-OSD","c89:-O -XLLML -XLLMK -XL -DB_ENDIAN -DTERMIOS -DCHARSET_EBCDIC::(unknown)::-lsocket -lnsl:THIRTY_TWO_BIT DES_PTR DES_UNROLL MD2_CHAR RC4_INDEX RC4_CHAR BF_PTR:::", ++"BS2000-OSD","c89:-O -XLLML -XLLMK -XL -DB_ENDIAN -DCHARSET_EBCDIC::(unknown)::-lsocket -lnsl:THIRTY_TWO_BIT DES_PTR DES_UNROLL MD2_CHAR RC4_INDEX RC4_CHAR BF_PTR:::", + + # OS/390 Unix an EBCDIC-based Unix system on IBM mainframe + # You need to compile using the c89.sh wrapper in the tools directory, because the +@@ -567,7 +567,7 @@ + "netware-libc-bsdsock-gcc", "i586-netware-gcc:-nostdinc -I/ndk/libc/include -DNETWARE_BSDSOCK -DL_ENDIAN -DNETWARE_LIBC -DOPENSSL_SYSNAME_NETWARE -DTERMIO -O2 -Wall:::::BN_LLONG ${x86_gcc_opts}::", + + # DJGPP +-"DJGPP", "gcc:-I/dev/env/WATT_ROOT/inc -DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O2 -Wall:::MSDOS:-L/dev/env/WATT_ROOT/lib -lwatt:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_asm}:a.out:", ++"DJGPP", "gcc:-I/dev/env/WATT_ROOT/inc -DTERMIO -DL_ENDIAN -fomit-frame-pointer -O2 -Wall:::MSDOS:-L/dev/env/WATT_ROOT/lib -lwatt:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_asm}:a.out:", + + # Ultrix from Bernhard Simon <simon@zid.tuwien.ac.at> + "ultrix-cc","cc:-std1 -O -Olimit 2500 -DL_ENDIAN::(unknown):::::::", +@@ -593,7 +593,7 @@ + "newsos4-gcc","gcc:-O -DB_ENDIAN::(unknown):NEWS4:-lmld -liberty:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR::::", + + ##### GNU Hurd +-"hurd-x86", "gcc:-DL_ENDIAN -DTERMIOS -O3 -fomit-frame-pointer -march=i486 -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC", ++"hurd-x86", "gcc:-DL_ENDIAN -O3 -fomit-frame-pointer -march=i486 -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC", + + ##### OS/2 EMX + "OS2-EMX", "gcc::::::::", +--- crypto/openssl/Makefile.orig ++++ crypto/openssl/Makefile +@@ -4,7 +4,7 @@ + ## Makefile for OpenSSL + ## + +-VERSION=1.0.1l ++VERSION=1.0.1p + MAJOR=1 + MINOR=0.1 + SHLIB_VERSION_NUMBER=1.0.0 +@@ -186,7 +186,7 @@ + EXHEADER= e_os2.h + HEADER= e_os.h + +-all: Makefile build_all openssl.pc libssl.pc libcrypto.pc ++all: Makefile build_all + + # as we stick to -e, CLEARENV ensures that local variables in lower + # Makefiles remain local and variable. $${VAR+VAR} is tribute to Korn +@@ -270,21 +270,25 @@ + @[ -n "$(THIS)" ] && $(CLEARENV) && $(MAKE) $(THIS) -e $(BUILDENV) + + sub_all: build_all ++ + build_all: build_libs build_apps build_tests build_tools + +-build_libs: build_crypto build_ssl build_engines ++build_libs: build_libcrypto build_libssl openssl.pc + ++build_libcrypto: build_crypto build_engines libcrypto.pc ++build_libssl: build_ssl libssl.pc ++ + build_crypto: + @dir=crypto; target=all; $(BUILD_ONE_CMD) +-build_ssl: ++build_ssl: build_crypto + @dir=ssl; target=all; $(BUILD_ONE_CMD) +-build_engines: ++build_engines: build_crypto + @dir=engines; target=all; $(BUILD_ONE_CMD) +-build_apps: ++build_apps: build_libs + @dir=apps; target=all; $(BUILD_ONE_CMD) +-build_tests: ++build_tests: build_libs + @dir=test; target=all; $(BUILD_ONE_CMD) +-build_tools: ++build_tools: build_libs + @dir=tools; target=all; $(BUILD_ONE_CMD) + + all_testapps: build_libs build_testapps +@@ -461,6 +465,9 @@ + report: + @$(PERL) util/selftest.pl + ++update: errors stacks util/libeay.num util/ssleay.num TABLE ++ @set -e; target=update; $(RECURSIVE_BUILD_CMD) ++ + depend: + @set -e; target=depend; $(RECURSIVE_BUILD_CMD) + +@@ -485,26 +492,10 @@ + util/ssleay.num:: + $(PERL) util/mkdef.pl ssl update + +-crypto/objects/obj_dat.h: crypto/objects/obj_dat.pl crypto/objects/obj_mac.h +- $(PERL) crypto/objects/obj_dat.pl crypto/objects/obj_mac.h crypto/objects/obj_dat.h +-crypto/objects/obj_mac.h: crypto/objects/objects.pl crypto/objects/objects.txt crypto/objects/obj_mac.num +- $(PERL) crypto/objects/objects.pl crypto/objects/objects.txt crypto/objects/obj_mac.num crypto/objects/obj_mac.h +-crypto/objects/obj_xref.h: crypto/objects/objxref.pl crypto/objects/obj_xref.txt crypto/objects/obj_mac.num +- $(PERL) crypto/objects/objxref.pl crypto/objects/obj_mac.num crypto/objects/obj_xref.txt >crypto/objects/obj_xref.h +- +-apps/openssl-vms.cnf: apps/openssl.cnf +- $(PERL) VMS/VMSify-conf.pl < apps/openssl.cnf > apps/openssl-vms.cnf +- +-crypto/bn/bn_prime.h: crypto/bn/bn_prime.pl +- $(PERL) crypto/bn/bn_prime.pl >crypto/bn/bn_prime.h +- +- + TABLE: Configure + (echo 'Output of `Configure TABLE'"':"; \ + $(PERL) Configure TABLE) > TABLE + +-update: errors stacks util/libeay.num util/ssleay.num crypto/objects/obj_dat.h crypto/objects/obj_xref.h apps/openssl-vms.cnf crypto/bn/bn_prime.h TABLE depend +- + # Build distribution tar-file. As the list of files returned by "find" is + # pretty long, on several platforms a "too many arguments" error or similar + # would occur. Therefore the list of files is temporarily stored into a file +--- crypto/openssl/Makefile.org.orig ++++ crypto/openssl/Makefile.org +@@ -184,7 +184,7 @@ + EXHEADER= e_os2.h + HEADER= e_os.h + +-all: Makefile build_all openssl.pc libssl.pc libcrypto.pc ++all: Makefile build_all + + # as we stick to -e, CLEARENV ensures that local variables in lower + # Makefiles remain local and variable. $${VAR+VAR} is tribute to Korn +@@ -268,21 +268,25 @@ + @[ -n "$(THIS)" ] && $(CLEARENV) && $(MAKE) $(THIS) -e $(BUILDENV) + + sub_all: build_all ++ + build_all: build_libs build_apps build_tests build_tools + +-build_libs: build_crypto build_ssl build_engines ++build_libs: build_libcrypto build_libssl openssl.pc + ++build_libcrypto: build_crypto build_engines libcrypto.pc ++build_libssl: build_ssl libssl.pc ++ + build_crypto: + @dir=crypto; target=all; $(BUILD_ONE_CMD) +-build_ssl: ++build_ssl: build_crypto + @dir=ssl; target=all; $(BUILD_ONE_CMD) +-build_engines: ++build_engines: build_crypto + @dir=engines; target=all; $(BUILD_ONE_CMD) +-build_apps: ++build_apps: build_libs + @dir=apps; target=all; $(BUILD_ONE_CMD) +-build_tests: ++build_tests: build_libs + @dir=test; target=all; $(BUILD_ONE_CMD) +-build_tools: ++build_tools: build_libs + @dir=tools; target=all; $(BUILD_ONE_CMD) + + all_testapps: build_libs build_testapps +@@ -459,6 +463,9 @@ + report: + @$(PERL) util/selftest.pl + ++update: errors stacks util/libeay.num util/ssleay.num TABLE ++ @set -e; target=update; $(RECURSIVE_BUILD_CMD) ++ + depend: + @set -e; target=depend; $(RECURSIVE_BUILD_CMD) + +@@ -483,26 +490,10 @@ + util/ssleay.num:: + $(PERL) util/mkdef.pl ssl update + +-crypto/objects/obj_dat.h: crypto/objects/obj_dat.pl crypto/objects/obj_mac.h +- $(PERL) crypto/objects/obj_dat.pl crypto/objects/obj_mac.h crypto/objects/obj_dat.h +-crypto/objects/obj_mac.h: crypto/objects/objects.pl crypto/objects/objects.txt crypto/objects/obj_mac.num +- $(PERL) crypto/objects/objects.pl crypto/objects/objects.txt crypto/objects/obj_mac.num crypto/objects/obj_mac.h +-crypto/objects/obj_xref.h: crypto/objects/objxref.pl crypto/objects/obj_xref.txt crypto/objects/obj_mac.num +- $(PERL) crypto/objects/objxref.pl crypto/objects/obj_mac.num crypto/objects/obj_xref.txt >crypto/objects/obj_xref.h +- +-apps/openssl-vms.cnf: apps/openssl.cnf +- $(PERL) VMS/VMSify-conf.pl < apps/openssl.cnf > apps/openssl-vms.cnf +- +-crypto/bn/bn_prime.h: crypto/bn/bn_prime.pl +- $(PERL) crypto/bn/bn_prime.pl >crypto/bn/bn_prime.h +- +- + TABLE: Configure + (echo 'Output of `Configure TABLE'"':"; \ + $(PERL) Configure TABLE) > TABLE + +-update: errors stacks util/libeay.num util/ssleay.num crypto/objects/obj_dat.h crypto/objects/obj_xref.h apps/openssl-vms.cnf crypto/bn/bn_prime.h TABLE depend +- + # Build distribution tar-file. As the list of files returned by "find" is + # pretty long, on several platforms a "too many arguments" error or similar + # would occur. Therefore the list of files is temporarily stored into a file +--- crypto/openssl/NEWS.orig ++++ crypto/openssl/NEWS +@@ -5,6 +5,32 @@ + This file gives a brief overview of the major changes between each OpenSSL + release. For more details please read the CHANGES file. + ++ Major changes between OpenSSL 1.0.1o and OpenSSL 1.0.1p [9 Jul 2015] ++ ++ o Alternate chains certificate forgery (CVE-2015-1793) ++ ++ Major changes between OpenSSL 1.0.1n and OpenSSL 1.0.1o [12 Jun 2015] ++ ++ o Fix HMAC ABI incompatibility ++ ++ Major changes between OpenSSL 1.0.1m and OpenSSL 1.0.1n [11 Jun 2015] ++ ++ o Malformed ECParameters causes infinite loop (CVE-2015-1788) ++ o Exploitable out-of-bounds read in X509_cmp_time (CVE-2015-1789) ++ o PKCS7 crash with missing EnvelopedContent (CVE-2015-1790) ++ o CMS verify infinite loop with unknown hash function (CVE-2015-1792) ++ o Race condition handling NewSessionTicket (CVE-2015-1791) ++ ++ Major changes between OpenSSL 1.0.1l and OpenSSL 1.0.1m [19 Mar 2015] ++ ++ o Segmentation fault in ASN1_TYPE_cmp fix (CVE-2015-0286) ++ o ASN.1 structure reuse memory corruption fix (CVE-2015-0287) ++ o PKCS7 NULL pointer dereferences fix (CVE-2015-0289) ++ o DoS via reachable assert in SSLv2 servers fix (CVE-2015-0293) ++ o Use After Free following d2i_ECPrivatekey error fix (CVE-2015-0209) ++ o X509_to_X509_REQ NULL pointer deref fix (CVE-2015-0288) ++ o Removed the export ciphers from the DEFAULT ciphers ++ + Major changes between OpenSSL 1.0.1k and OpenSSL 1.0.1l [15 Jan 2015] + + o Build fixes for the Windows and OpenVMS platforms +@@ -103,19 +129,6 @@ + o Preliminary FIPS capability for unvalidated 2.0 FIPS module. + o SRP support. + +- Major changes between OpenSSL 1.0.0j and OpenSSL 1.0.0k [5 Feb 2013]: +- +- o Fix for SSL/TLS/DTLS CBC plaintext recovery attack CVE-2013-0169 +- o Fix OCSP bad key DoS attack CVE-2013-0166 +- +- Major changes between OpenSSL 1.0.0i and OpenSSL 1.0.0j [10 May 2012]: +- +- o Fix DTLS record length checking bug CVE-2012-2333 +- +- Major changes between OpenSSL 1.0.0h and OpenSSL 1.0.0i [19 Apr 2012]: +- +- o Fix for ASN1 overflow bug CVE-2012-2110 +- + Major changes between OpenSSL 1.0.0g and OpenSSL 1.0.0h [12 Mar 2012]: + + o Fix for CMS/PKCS#7 MMA CVE-2012-0884 +@@ -188,62 +201,6 @@ + o Opaque PRF Input TLS extension support. + o Updated time routines to avoid OS limitations. + +- Major changes between OpenSSL 0.9.8x and OpenSSL 0.9.8y [5 Feb 2013]: +- +- o Fix for SSL/TLS/DTLS CBC plaintext recovery attack CVE-2013-0169 +- o Fix OCSP bad key DoS attack CVE-2013-0166 +- +- Major changes between OpenSSL 0.9.8w and OpenSSL 0.9.8x [10 May 2012]: +- +- o Fix DTLS record length checking bug CVE-2012-2333 +- +- Major changes between OpenSSL 0.9.8v and OpenSSL 0.9.8w [23 Apr 2012]: +- +- o Fix for CVE-2012-2131 (corrected fix for 0.9.8 and CVE-2012-2110) +- +- Major changes between OpenSSL 0.9.8u and OpenSSL 0.9.8v [19 Apr 2012]: +- +- o Fix for ASN1 overflow bug CVE-2012-2110 +- +- Major changes between OpenSSL 0.9.8t and OpenSSL 0.9.8u [12 Mar 2012]: +- +- o Fix for CMS/PKCS#7 MMA CVE-2012-0884 +- o Corrected fix for CVE-2011-4619 +- o Various DTLS fixes. +- +- Major changes between OpenSSL 0.9.8s and OpenSSL 0.9.8t [18 Jan 2012]: +- +- o Fix for DTLS DoS issue CVE-2012-0050 +- +- Major changes between OpenSSL 0.9.8r and OpenSSL 0.9.8s [4 Jan 2012]: +- +- o Fix for DTLS plaintext recovery attack CVE-2011-4108 +- o Fix policy check double free error CVE-2011-4109 +- o Clear block padding bytes of SSL 3.0 records CVE-2011-4576 +- o Only allow one SGC handshake restart for SSL/TLS CVE-2011-4619 +- o Check for malformed RFC3779 data CVE-2011-4577 +- +- Major changes between OpenSSL 0.9.8q and OpenSSL 0.9.8r [8 Feb 2011]: +- +- o Fix for security issue CVE-2011-0014 +- +- Major changes between OpenSSL 0.9.8p and OpenSSL 0.9.8q [2 Dec 2010]: +- +- o Fix for security issue CVE-2010-4180 +- o Fix for CVE-2010-4252 +- +- Major changes between OpenSSL 0.9.8o and OpenSSL 0.9.8p [16 Nov 2010]: +- +- o Fix for security issue CVE-2010-3864. +- +- Major changes between OpenSSL 0.9.8n and OpenSSL 0.9.8o [1 Jun 2010]: +- +- o Fix for security issue CVE-2010-0742. +- o Various DTLS fixes. +- o Recognise SHA2 certificates if only SSL algorithms added. +- o Fix for no-rc4 compilation. +- o Chil ENGINE unload workaround. +- + Major changes between OpenSSL 0.9.8m and OpenSSL 0.9.8n [24 Mar 2010]: + + o CFB cipher definition fixes. +--- crypto/openssl/README.orig ++++ crypto/openssl/README +@@ -1,5 +1,5 @@ + +- OpenSSL 1.0.1l 15 Jan 2015 ++ OpenSSL 1.0.1p 9 Jul 2015 + + Copyright (c) 1998-2011 The OpenSSL Project + Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson +--- crypto/openssl/apps/Makefile.orig ++++ crypto/openssl/apps/Makefile +@@ -94,6 +94,9 @@ + sreq.o: req.c + $(CC) -c $(INCLUDES) $(CFLAG) -o sreq.o req.c + ++openssl-vms.cnf: openssl.cnf ++ $(PERL) $(TOP)/VMS/VMSify-conf.pl < openssl.cnf > openssl-vms.cnf ++ + files: + $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO + +@@ -127,13 +130,13 @@ + lint: + lint -DLINT $(INCLUDES) $(SRC)>fluff *** DIFF OUTPUT TRUNCATED AT 1000 LINES ***
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201603111630.u2BGUTHa076292>